 Go back to the Cyber Underground, I'm Dave the Cyber Guy. My name's Dave Stevens. I'm an instructor at the University of Hawaii, Kepiulani Community College. I teach ethical hacking and network security. This is my show, the Cyber Underground. Welcome back today. On the show, we have some announcements to make at the state level and some really great stuff to go over in cybersecurity as well. Today with me are Tim Ames from Hawaii Tech Support and Randall Hioki, the state cybersecurity coordinator. Wow, I got through that whole thing without stuttering. That's it first. Good job. I'm not Stephen Colbert, you know, I try. He gets multiple takes though. He gets better suits. Yeah, he gets the dress a lot better. He shaved the beard. He's still got a beard. I'm just thinking about growing it back. That's all great. How are you guys doing? Doing good, Dave. Just to review, Randall, tell us a little bit about your history. Very little because you've got a long history in the state. Thank you for pointing that out. So basically, you want where I came, all of that. So born and raised in Hawaii. Good for you, Matt, and you stayed. Thank you. I did not stay. I left a little bit, but I came back. You're back. That's what's important. Went out, went to college on the mainland, joined the Air Force, and then transferred back to the Hawaii Air National Guard, which was probably the best thing I could have done. And you retired there. And I just retired a couple of years ago. And then they've been trying to plug you back into multiple positions ever since you left, yeah? Ever since I left, I actually, I was in a lot of positions, eventually I shed them all down to just one position, the kind of state cybersecurity coordinator. Tell me a little bit about that position real quick. So that position really is kind of a community outreach position. So it really doesn't have anything to do with all the things you kind of think on the dark side. I work with K-12 college students with their clubs, the community, the non-profit, cyber professional associations, really anyone in the community, seniors, we try to get basically, and the message we're trying to do is get the cyber safety awareness message out to everybody. For a good example, as I was talking earlier, I was talking to Girl Scouts today. Girl Scouts. Who's having a cyber... We didn't have them on the show now. We're going to try to bring them on the show, and they're starting a cybersecurity badge program right now. That's wonderful. I mean, we're starting to educate kids earlier, and I love that because everyone's got the ubiquitous smartphone at age four or whatever. And it's like this magical device, and no one really understands what's going on. And we've been preaching this for years. It's a hive mentality. Everybody's got to be playing the game. Everybody's got to have the knowledge of what's secure and what's not. Otherwise, one-week link, and you go down, right? I mean, in this case, especially in an organization, one-week link is the weak link. So, you know, I played a little in sports, and the coaches say the weakest link is the best. That's actually not completely true if the weakest link never plays, right? But in this case, in a network in an organization, everyone plays on the net. So one guy does one click, and it brings everything down. Right. Cutest video ever of kids. The kiddie click. Oh, my gosh. How many times have we done that one in a phishing email scam? Okay. Tim, tell us a little bit about yourself. You've been on the show before, but for the people in the Cheap Seats that never watch, and this is the first time tuning in, tell us who you are, where you came from, what you do. Well, first of all, I know that everybody who watches your show has been watching it from the beginning, and your audience keeps growing. So I don't buy that. Well, that's just my mom's data. I don't buy it. Yeah. So my name's Tim. I'm with Hawaii Tech Support. I'm the CTO for Hawaii Tech Support. We're a managed service provider. Okay. Cheap Seats. Yeah. Managed service provider. So we are outsourced IT for small, medium-sized businesses that either don't have their own internal IT team, or they have an IT team, but they don't have maybe a good deep bench strength in things like cybersecurity, networking, maybe voice over IP, or cloud technologies. Good money saver for businesses. Absolutely. This is a big time and needed service in the state. And how'd you get here? I got here. So I got out of the Marine Corps and took a job here with the Department of Defense as a contractor. I moved on. I actually, after a couple of years being here, missing the Marine Corps, I decided to join the Hawaii Army National Guard. You missed the Marine Corps? Yeah. Yeah. So, yeah. And then I ended up retiring from the Army National Guard as well. That's great. Actually, no rental from the guard. Yeah. He was a... You had to work with Reynolds? I did. He had the pleasure to work with him. Yeah, the pleasure. I had the pleasure to work with him. Well, what's going on in the state? We're doing... What are we doing? So, just wanted to share with everybody that October is National Cyber Security Awareness Month, and there's a whole bunch of things going on that many of us are working. So a lot of cyber safety events and activities going throughout the state that we want the community to kind of join us and share and help us celebrate National Cyber Security Awareness Month. Well, let's go through some of those events really quick. Okay. We have some graphics to put up on the screen, right? Yeah. So, probably the biggest event that I want to talk about is we're having cyber safety presentations that are being presented at 19 of our public libraries. So we're partnering with the Hawaii State Public Library System, our state librarian, Stacey Aldrich, who's providing the facilities at the library for this, as well as ISC Squared Hawaii Chapter, who's standing up the Speakers Bureau. And so that's where all the presenters are coming from is from ISC Squared. And these are the four main islands right here. And we're going all four islands. Yep. Hawaii, Maui. So we tried our best. Oahu was really easy because there's a lot of professionals here on Oahu, but we did have a challenge getting to the other islands because not as many people. Yeah. I was surprised. Maui has the high tech, what not high tech, the high speed, oh, the high capacity data center. Sorry. High performance data. There you go. There you go. High performance, competing data center. There you go. There we go. We're run by the DOD and Hawaii University, or University of Hawaii. And I'm surprised you couldn't get more high tech people out there. Yeah. Part of it really is because I live here, right? So we have reached out to Debashish. I think you know who that is. Debashish Bhattacharya is the IT program coordinator for the ICS programs at University of Hawaii, Maui College. And there's other people, but even then it's not like here. I mean, here we probably have literally hundreds of cyber security professionals all certified beyond the... Other islands is a handful. Yeah, a handful. So beyond even the certified, there's a whole bunch that played this, but just never got certified. Maybe I should move to Kauai. Well, if we're busy here, imagine how busy they are there with less people and just the same problems. It's always work, huh? Yeah, always work. Maybe you guys should open an office out there. You know, we actually have some clients over there. Do you really? You're on Maui. All right. I'm going to check it out. It's good to know. You guys going to expand to the other islands? Yeah. Yeah. So we have a lot of residents over on Big Island now. Oh, that's good. We have a partner... Kona side, Hilo side? Kona side. Kona side. Good. Okay. And then we have... I mean, we can get anywhere though. You know, once you're on the island. We also have partners that we work with. Maui, Kauai. So... And we're actually making a move into Maui. Your business is going like gangbusters. Yeah, it is. That really is inspiring to me. Yeah. Good job. I appreciate it. Yeah. No, it's been hard work, but it's been paying off. And we love our client base. You know, we love our customer base. Energy is what brings it. Oh, thanks. That's what makes the business work. Yeah. Hey, let's talk about some of the other things. We've got some more graphics going on. Okay. We just passed the library number two here. So let's go down to the next slide. So we'll talk... Oh, I'm sorry. Slide before this. Okay. There we go. Well, you have open mics for community forums? Yeah. This is like Stand Up Con. This is great. For cybersecurity. I'll open the mic. So I'll talk real quick about the open mics. So what we're doing is we're having a basic webinar kind of Skype sessions where people can call in Tuesday, 7 p.m. or Saturday, 3 p.m. throughout October. So we'll get a couple of several cybersecurity professionals and they'll just really open the mic for the community to come in and ask any questions. Again, it's all about awareness, trying to understand some of these concepts so that people can be a little safer and more secure when they're connected. I know more transparency too and technology takes away anxiety. Yes. We all read the articles every day and we're going to discuss them after the break. Some of these articles saying, you know, you can be hacked by E911 or Apple's putting these chips in your phone and Chinese are spying on you or the Russians are interfering in the elections. And it's nice to get real cybersecurity professionals to say, this is real. This is not. Right. I have transparency really in the long run. What do you need to be concerned about? Yeah, what is the... And when do you need to be concerned? What can you do? Or is it just something that's happening to you and you have no control? You have to accept it. You have to accept it. So in the end, I think awareness and understanding really goes a long way. But let's talk about another one. If you can throw on the next slide after that. So I'll turn it over to Tim for the hands-on workshops. Yeah. So Whole Foods has volunteered some spaces and the one here in town. We've got the comma. Yeah. And basically just time for us to give a presentation on, you know, keeping... We're doing a presentation on mobility security. So, you know, keeping your mobile data secure, how to keep your phone, you know, everybody's carrying computers nowadays. Tremendously important. Yeah. Tremendously important. And nobody knows how to do it. Banking on the phone. You do everything on the phone. So how do you keep that phone secure, you know? And we'll go over that some software as a service. A lot of people are using cloud email, you know, Office 365, Google, all the... How do you use those? And how do you do it securely, right? So it's great to have the tools, but if you're not using the tools correctly in a safe and secure fashion, which great... ISC Squared is doing their public library piece on... What is it? The Safe and Secure Online. They teach that to kids in schools too. And, you know, it's really applies to all ages. But keeping the kids safe and secure online is a different strategy than keeping adults safe and secure online, you know. It's strange that keeping kids secure online is now becoming quite similar to keeping the elderly safe and secure online. And there's a difference that kids grew up with this technology. And the elderly did not. You know, I'm constantly having to go wipe certain members of my family, their computer, over and over again, because it looks so real when they get hit. Not just a kiddie video, but, hey, your bank account has been hacked. You need to change your credentials. Click here. And they go and enter their credentials. I know we talked about this before, the dark web credentials scouring. So there's a lot on the dark web. Everybody hears about dark web. There's a lot of repositories where credentials get stored. So from the Facebook hack or from Ashley Madison, you know, all those big time hacks, your credentials, your email password, your email and your password is stored somewhere on the dark web. Hopefully you're not using that password anymore. There's a new scam going around where people are getting emails. Our clients have been getting some of these emails. So we started blocking them. But they get an email saying, hey, this is your user. This is your email address. And this is your password. Does it look familiar? We got it because you went to an adult website and signed up for a service. I've seen that. Don't worry. We'll go ahead and delete all this information as soon as you send $500 to this Bitcoin address. Really cool. They give you a link on how to set up Bitcoin. Great customer service. Instaltor. We'll get you through there. Yeah, we'll help you out. Very service oriented. And same thing with that pop up. There's a pop up ad saying, call Microsoft. Here's the phone number. Call them up because you have malicious software. It's not coming from Microsoft. You call that number. They get access into your, you give them access. They talk people into giving them access into their computer. Install this little control. It's amazing. Browser plug-in. They have people going into command line. They have your 68, 75 year old grandmother or whatever going into command line and doing some pretty good in advance. I want to hire these guys. You know, if we can only turn them to good. It's hilarious. And I don't think people realize that home networks when granddad falls for the scam and installs that controller. He's on your network at home. That computer is now a pivot point for hackers. Absolutely. To scan and access and exploit the rest of the computers on the network. I like they say that word pivot point. You know, it's a good, good tells you exactly what it is. It's a lateral attack. You're using that computer to branch out to all the other computers. What's even worse in the business community. If I'm letting my employees take a computer home and they're doing stuff. They shouldn't be at home. And then they bring that back into the office. You know, and that computer is now the. It's a danger. It's dangerous. So the hackers now established a beach head. And they can pivot on that and attack you for multiple vectors, including mobile devices at that time. Because you have wireless and you have wired. And Bluetooth is now a danger. They won't even let you wear your Apple watch in some meetings at certain locations up here that shall be nameless. The DoD. Hopefully not Apple. Yeah. No, no, it's not Apple. Yeah, I would imagine they're secure. Right. Let's talk about more of these events that are coming up. You have more stuff to put up on the screen here. Let's throw that back on. So there is a one thing I did want to talk about. This is actually a relatively new thing. And we're not really promoting some of these because I think we have too many people already. So and I'll just mention it. So at Windward Mall, we're going to be having a specifically because everyone's a target today. Everybody. And not only do we hear things. I actually hear stories when I go out there. But we're going to be having a cyber safety presentation for the seniors out there at Windward Mall as well as Kahala Mall. Not too many people. They've got to take a little break here. Not too many people realize that everybody's a target because so many people think, oh, I'm nothing. I'm nobody, right? But everybody knows somebody. So if an elderly person gets attacked, they could be someone's father, whose father an important person. And they have access to that person's computer. And like I said, if they're living in the same home or in the same network, now they have access to somebody else. So even though you might think you're innocuous in the world, you might not be, you know, you could know somebody that has access to something that's kind of dangerous. We got to take one little break here. We're going to come back after we pay some bills until then everybody stay safe. Aloha. I'm Wendy Lo and I'm coming to you every other Tuesday at two o'clock live from Think Tech Hawaii. And on our show, we talk about taking your health back. And what does that mean? It means mind, body and soul. Everything you can do that makes your body healthier and happier is what we're going to be talking about. Whether it's spiritual health, mental health, fascia health, beautiful smile health, whatever it means. Let's take healthy back. Aloha. And Aloha. My name is Calvin Griffin, the host of Hawaii in Uniform. And every Friday at 11 o'clock here on Think Tech Hawaii, we bring in the latest in what's happening within the military community. And we also invite all your response to things that's happening here. For those of you who haven't seen the program before, again, we invite your participation. We're here to give information, not disinformation. And we always enjoy response from the public. But join us here, Hawaii in Uniform, Fridays, 11 a.m. here on Think Tech Hawaii. Aloha. Welcome back to Cyber Underground. Yeah, you made it through the break. And we're back. I'm Dave the Cyber Guy. Again here, I'm with Reynolds Hioki. And Tim Ames. Tim Ames is from Hawaii Tech Support. Reynolds Hioki is a state cybersecurity coordinator. And I did it again twice. Got you. Stuttering. I got through it. Wow. Right on. So fine. I'll do that too. Okay. So let's go back into the Hawaii. What do we call it, the Hawaii? This month is Hawaii. Oh, National Cybersecurity Awareness Month? National. Oh, it's National Cybersecurity. I should know that. And I don't. And I'm so embarrassed. I'm glad you're on the show, though. Let's go back to some of the images we had up and just go over the last thing. We talked about the hands-on workshops. Yeah, so we actually did this last week because Pearl Ridge had an event. And it wasn't part of National Cybersecurity. But basically, we're kind of cyber-central. And basically, just having several tables at the different shopping centers and inviting the community to come and just come talk to us. So we'll be handing some things out. So we'll have people that are talking about cyber-patriot, which is our high school, middle school, cyber-security sport, college clubs, as well as things at the federal and state level, so different programs, so DHS, those type of things. But really, the purpose of that is for the community to come in and just ask us questions. We'll have cyber-security professionals ask a question, start a conversation, and hopefully, you get your questions answered. That's great. So that's what we have. There's actually, I won't mention that there is a third shopping center that's almost there. They just haven't fully confirmed us. Well, you guys, the two sides of the island already, windward on. There's a third side of the island. Yeah, I'm hoping it's all in Moana. No? You can hold, but Nameless? Nameless, yeah. All right. Okay. I really recommend the Whole Foods Queen. That's the one we're going to be at. And that's where we're going to be going through the device. You know, teaching people how to do secure mobility. Yeah. Who's doing that? Fantastic. It's going to be, are you trying to put me on the line? You're on the slide. I'll be there. I'll be there. But yeah, we have John Stranberg's going to be there, too. Once again, back to the bus. Good job. I just threw him on the bus. Okay, right on. Right on. Hopefully, he's not watching. He's like, what? I'm doing that? No, no. Okay. What's next? We have more graphics. Yeah. One last graphic coming up. And this is basically a bunch of events that are happening that you might want to tune in, read about, or watch. So you're actually, we're actually in there, right there. So we had some discussion. I mean, we're on NPR and others. So probably the big thing is Midweek had a special on National Cybersecurity Awareness Month right at the end of September. So I'm not sure if that is out. Yeah. So we have one last site, page 32, and page. Takea is the one that did that for us. So we have three more graphics. Yeah. I think there's actually one last site is information. This is really the catch-all. A bunch of different things happening. If you want to get involved with cybersecurity in the state and so forth. So on the very top, there is a... What is ISAC, right? ISAC is a state local government organization that does cybersecurity. And they actually have a national cybersecurity poster contest. And you have to turn your submission in by January. But they take the top 13 posters in the nation and they make a calendar. Oh, cool. And then they distribute it nationally to... Unfortunately, it's just state and local government because that's how they're funded. But yeah, you can be, if your poster wins, you will be distributed nationally. Wait, that might be out of the loop. 13 posters get selected, but there's only 12 months. Yeah, so there's a front and back and on it. Got it, got it. I'm glad you got that. We're like, yeah, yeah, 13, yeah, right on. It's me making sure. It's me here. At least decade or whatever it is. October cybersecurity month gets its own, you know, two posters. Yeah, there's an extra month, yeah. So tell me, Tim, what's going on in your... Universe. Yeah, so we've been really busy. But this year and next year are going to be our pushes to really get people up to speed on cybersecurity tools, all right? So the endpoint protection and the security monitoring of the network is huge. We mentioned, you know, it's important for folks at home to have safe computing environments. It's even more important, in my opinion, for businesses to do that. Because that's your economy, right? It's mission critical. People don't... Businesses don't survive attacks. Let's describe endpoint. Yeah, endpoint. So an endpoint is a workstation or a server that sits in your environment. And things like, you know, those phishing emails where you click on the cool kitten, you know, the cutest kitten in the world, you know, you get those phishing emails, you click on it. Stopping those attacks, you know, when you click on it and it starts to download a file. Stopping those processes from running, from launching the attack, from giving the attackers and into your network. That's the critical part. And in typical antiviruses now, just don't cut it. You know, they're very signature-based, which means they're only looking for a file. Is this file known bad? People know ways around that. And it's the ones that have already been executed, documented, and are now known in the wild. Right. So no zero days. A zero day is an attack that, you know, hackers know about, a hacker knows about, but even the companies that wrote the software may not know that exists. So there's no patches available. The scariest ones. Zero days, yeah. Now, mobile devices, end points? Yeah, same thing. So mobile device management, that is huge. And if you are a business and you're letting people look at their email, you know, their company email on a private, you know, personal phone or even laptops. Laptops have mobile device management. Computers have mobile device management. But the phones are pretty critical because nobody thinks about it. And then it's not even just a cyber security thing. It's a business thing. If you have somebody with access to their email and all your customer information, and they leave the organization, how do I get that back? Right. You know, how do I keep them from taking their account list to the next place they go? Yeah. That's huge. I think this is the most popular computing platform now is mobile. I think so. Absolutely. It is. It's moved way to the top. So I think this is like mission critical that you get this in front of everybody. And it's, again, high mentality. Let's talk about a couple things really quick before the end of the show that have to do with mobile security. Okay. And just popping up on the radar. First of all, McAfee, the man, put out a tweet saying that the new presidential alert has access to the quote unquote E911 chip on your phone and therefore transmits mobile data and all that other stuff. And the president now has access to all this stuff. Not true. Not exactly. Yeah. It's actually a system like the Amber Alerts in California where they can push out messages to your phone. And it's very area specific. So it's not just everybody in the nation unless it really involves the entire nation. And the president pushes out a message. He's actually got to do it through FEMA. Right. And from FEMA. Not Twitter. Hold on. I'm really hoping FEMA is listening right now because the president wants to do some kind of marketing or campaign message. I'm depending on you to say no. If we do that, that means we won't have credibility when a real emergency arrives. So FEMA, do your job. Trump, go away. So he really doesn't have access to that information. What the E911 system is set up to do is to give emergency responders access to your data, your GPS data, access to your mobile camera so they can take pictures. And the reason is, if they can't pinpoint your location from cell towers, say Honolulu, you can get a cell tower to pinpoint your location within six feet because of the city. But if I go hiking on Diamond Head, they can only get within half a mile on me from GPS. It's not that accurate all the time. So if they take a picture with your camera, you might be pointing at something that's the landmark and they can home in on you. So that's important. That kind of data is only consumed by emergency responders. Right. Not by the president, Sonny and Alan. And by the way, there's no such thing as an E911 chip. Right. That's good. Thank you for clarifying that. And you know, honestly, McCarthy's had his, you know, he's... He's a little... Yes, he is. Absolutely. I hear everything with a grain of salt. But with the E911, it is important. So it's an important tool for first responders to have. So when we set a voice over IP phones, for example, or we use like any kind of soft phone, like Microsoft office phones or whatever. This is an important service. Yeah, we have to put an address on there before we can assign the phone. We have to say whether it's their work address or when somebody calls 911 from that line, where are police fire rescue going to show up? Right. You don't want them showing up to their home when they're at work. You know what I mean? Or a GPS location that's down the block. Right. Because they can't home in. Absolutely. It's an important service. We need this in this country. There are some privacy issues. Law enforcement's been using a little willy nilly in a little place, you know, in a place or two without real solid warrants. So it's a concern. However, with every technology comes another concern. And this is just one of them. More concerns coming up. There is a rumor Bloomberg News came out with another article two years after the first article saying that China has been putting innocuous-licking chips of different sizes and shapes and colors on our circuit boards for our computers and mobile devices that will allow them to hack our devices. And this has not yet been disproven. However, as we were talking about before the show, neither one of us are surprised. Are you surprised? No. I'm not surprised. They're a competitor. Of course they're going to do something like that. We make all their stuff where they are. So if they had an opportunity to do this, why not? I think it's a completely real possibility. We've got to remember Stuxnet. Stuxnet, right? It was engineered to take down, you know, a government facility or, you know, the Iranian government facility for their nuclear energy. It was engineered for that. There's no common sense that tells us that a nation state wouldn't do that if they had the opportunity to at least, you know, stage something like that. Now with Lenovo, I'm not really too surprised. They brought IBM back in, I think, 2015. Right. All the Thinkpads are now. Thinkpads are now. Yeah. So they brought that Thinkpad. And even in 2016, they had a firmware issue. You mentioned two years ago. Right. They had a firmware. They had a little piece of code. That when you logged in, it would report back to Lenovo's headquarters saying, you know, the location and all that kind of stuff. Here I am. Details that you could not get. You couldn't turn it off. They had to release a new firmware patch to turn it off. Right. Because even after you completely wiped your computer, did a fresh install, it was still there. So firmware, let's just, for the cheap seats again. Yeah. Firmware is code that runs on computer chips that are called EE prompts, electronically erasable, programmable, read-only memory. And that code stays on that chip, no matter what Windows operating system or whatever you're running it. Right. It just stays there until you erase it and put a new set of code on there and it controls things like access to memory into the circuit board and computer bus and USB. It tells the computer how to be a computer. There you go. Yeah. It's the first step in launching your computer. We only have about a minute left, maybe a little bit less. Let's do another shout out to the Hawaii Cyber Security Awareness Month. Okay. So if we can put that last slide up. So a lot of the things that I discussed, all of us discussed this afternoon, you can find all of that information, specifically that infographic that we talked about at ohhs.hawaii.gov for cyber. So that's not only do you find that, but really it's the Hawaii website that has all of our community cyber, safety, cybersecurity, community side stories, events, and activities. That's wonderful. And this is for people living here or for people visiting. Come on by and get some information. You can do both. But it's made, it is a Hawaii centric site. So all the things happening in Hawaii relative to cyber safety, it's on there. Wow. Thanks guys. Thanks for being here. And we'll be seeing you both very soon. Thank you very much. We'll have the Girl Scouts on either next week or the week after. We'll see how soon we can do that. And thanks for playing. All right. Aloha everybody. Thanks for joining me on the Cyber Underground. Join us next week for another exciting episode. Until then, stay safe.