 So welcome students and panelists to another in our series of panel discussions at the Science Circle. Today our topic is the Internet. With allegations of hacking, disinformation, troll farms and the like, being implicated in Brexit, and the Mueller investigation of Trump and Russia, I think everyone is recently more alarmed at the potential for evil global Internet. So let's take a hard look at it. We have a great panel of experts to enlighten us. Dark Eagle Darkstone. I believe sitting here in the middle. Myron Curtis has taught cybersecurity at Dubuque College in Northern California. Third on the California Cybersecurity Task Force to make recommendations to the governor's office. He has managed and repaired computer networks certified in a number of programming languages. And Dark Eagle is interested in cyber hygiene, since we are all connected to the same Internet. So if one person has a compromised system, we are at greater risk. We also have R. Sam G., who goes by Sam. He teaches computer science and cybersecurity at St. Mary's University, and has performed cyber security assessments and application testing for the Center for Medicare Services. And also has a background in sort of industrial or corporate cybersecurity. And finally, we have Bill Youngblood, who is a Vic over there for this from me. And Vic is just an all-around smart person who knows a lot of things, and he's kind of helped us keep things real. And maybe kind of be our color commentator to help us kind of digest. With that introduction, I would like to... Oops. Did I lose Dark Eagle? Did someone crash? Let's see. Okay. Well, thank you. Oh, here he is. He's come back. So that was pretty quick. Bear with us. Technical problems. Oh, thank you very much for letting me know. Is this better? I think my microphone might have been too far from my mouth. Okay. All right. So just to kind of restart a little bit, our panelists are Dark Eagle Darkstone, Sam and Vic, each of which brings a unique perspective on the issue of the Internet and cybersecurity. If Dark Eagle is ready, I would like to let him make the opening panel remarks. So let's hope that that's going to work. It should. Success. Yeah, you can hear me. Okay. Good. Okay. So the reality of today is that we are all connected to the same Internet. It doesn't matter if you're a school. It doesn't matter if you're a governor. Oops. We lost voice, I think. Did you lose my voice? There. Now it's back. So the quick recap is that with all the matter going on and the hacks, the question is becoming more and more important. Who's actually viable for any losses that occur? You know, it's entirely possible that someone might actually get sued because somebody using the computer system, even a friend or even on their own network, managed to test and making up for it. Okay. Just continue, Myron, that's fine. Okay. Anyway, it's entirely possible that you could get sued if something to do with your computer system has contributed in some way to causing somebody else a loss of some kind. It could be financial. It could be emotional, you know, and it could also be the case of businesses if they lose a lot of money and the attack occurred from a coffee shop somewhere. The coffee shop chain could also be held viable because they did not practice due diligence. So the California Cybersecurity Task Force, trying to find a way to make people aware of this without actually threatening them, came up with the term called cyber hygiene. You know, and just as you would never want somebody to make you a salad if they had never washed their hands, why would you want somebody hooked up to your network who's never run a virus scam? So it's still in the works and they're introducing it through the community colleges first, but it is something that's going to go nationwide, possibly worldwide that we start teaching people what the basic elements of security are so they can be practicing some due diligence. You know, for example, they really need to have some kind of antivirus. They really should stay away from certain parts of the internet and the dark web, just as we should probably stay away from dark alleys in big cities. There's also the possibility that they need to have a good firewall. They need to understand how to configure their routers or at least there needs to be a pre-setting on the routers that's kind of like a secure profile and people who are more advanced. For example, people hosting virtual worlds and have to have a lot of ports open on the routers can create a custom profile perhaps, but it's really becoming a very important question. You know, how much liability an individual shares with the amount of malware and hacks that are going on? So, yeah, that's pretty interesting. Well, actually, before I sort of get into my questions, let me continue with our panel commentary and then I'll have a chance to chime in. Okay, thanks. So, Sam, would you like to make some opening remarks? Yeah, I totally agree with that. One thing I found, I consider user awareness. You get that kind of training to everybody is important. So, they understand the risks out there and how to protect themselves from it and what not to do out there. I think that's the most important thing. I consider the Internet the Wild West. There's so many actors out there trying to collect data on you with fake news that it's kind of important to get the people up to speed and understand the Internet and what's good and what's bad and where it's dangerous. Yes, that completely makes sense. And, Vic, what's your perspective? Sure, okay, first real quick question. Is this just an introduction or would it be a good time for me to talk about the note card? You are welcome to get into the note card. I think I'm ready to kind of get into the weeds here. So, let's go for it. Okay, to my left, my avatar's left, you'll see kind of a little spiral thing that's taller than the chair. If you click on it, there's a note card that I'm essentially going to be talking about that. Background wise, I don't have the credentials in this particular field. I do in computer technology in general, but I did start our cybersecurity program at a university, so I'm versed in what kinds of things go into it as well as taught a course in personal security. It's interesting you mentioned liability. Let me bring that up in a second. But most of us have spaces that we think of as home or office or a vehicle where we kind of go to feel safe and comfortable and so we can let our guard down against potential hazards that we face on the outside. And the steps we take to secure those spaces depends on one, our view of the worth of what we have or ourselves, our view of other people, and how we understand our environment. So, let's take one side. Let's pretend you're a college student in a dormitory, a worker in a cubicle or a resident in a small town. You may feel that maybe you don't have enough or I mean, excuse me, that you may not have anything somebody wants or that the people around you are mostly honest, that your surroundings are safe enough. I've been to small towns where they leave their doors open or their doors unlocked. Same thing with your cubicle if you're working there or an office. You may feel safe enough to talk openly about yourself and your life and to walk and act fairly carefree without looking around you. But now let's take the other side is that pretend that you have either an inflated view of your own worth, we were talking about politicians earlier, or the worth of your things or you really do have valuable things that are easily taken and not easily replaced and maybe you believe that everyone out there would harm you or take advantage of you given the chance or that you're all just waiting out to jump you the moment you let your guard down and so in this case you might lock your doors, you might have dead bolts, you might install a security system, put blinds on your window, buy a dog that barks or growls buy a gun that you keep close with you. So which of these scenarios describe cyberspace? Well, both and neither. So how is that? Let's take a look at some realities. So far I've just been talking about physical security because that's what we are familiar with. And even in a perfect world you still need some sort of physical security. I mean, besides the social norms, is you wear clothes to keep yourself warm, you wear shoes so you don't hurt your feet. And you also think about safeguarding, you should also think about safeguarding your smartphone and your laptop in the same way. I mean, if it drops, it's the same as if somebody took it, if it breaks and doesn't work. Or temperature is extreme, leaving it in a car would be the same result except people wouldn't have the data but you'd lose it yourself. And so you take care of, the same thing with you is you take care of your physical and mental health that you work properly. And since the data on your smartphone or laptops are more valuable probably to you than the device itself, I'd recommend that you copy the important information to another device and store it in a safe place other than on your device. In other words, if the device gets stolen, well then your backups get stolen too. Although I do both myself. Now that place can be physical, like a storage device, someplace that you have in another area or it can be virtual like an online service you trust. So now let's, that we've talked about physical security, let's talk about a data security, let's talk about cyberspace, because that's something that we don't, aren't as familiar with. The weather you're lying in bed, being a friend on your smartphone or you're at your laptop online at work, it's very easy to think of yourself because of the physical groundings that's just you and your computer, but that's not really the reality. The moment you go online, because of the nature of the internet, because of the nature of the internet, it's as if you just walked outside a hotel on a busy street and stepped out of your car into a shopping mall, is that there are places that are familiar to you, but you cannot know who's around, you're what they want, and that doesn't mean you have to be paranoid, just aware of what we used to call street smart about your surroundings. It's the same thing as if you were a tourist and you're traveling in Rome or in other parts of the world. So let's look at some examples of what I mean. Well, the first thing is that people divulge a lot of information about themselves on social media because it seems like well, that's a safe place and I've got just my friends and it's just me and my computer and their computers, but every social media site, every website, every search engine is a business. But what do businesses want? They want to know about their customers. They'd love to know as much about you as possible so they can target you for things and services to buy. And the more you know about you, the closer they can get to discovering what they want. Well, probably here also. So it makes good business sense for them to ask you as much information as you'll give them. So they ask you for your name. Okay, you think? Well, that sounds reasonable since a lot of people know your name. Yeah, but do you really need to give them your real name? You know, in Second Life, we used to, except for the people that are actually presenting, most people go around as avatar students. Business really need to know your full name. That's often why I just use fill because then I know whether people are selling my date if they come up with fill or fill up or middle name or other things like that. What if they ask for your middle name? As I mentioned, do you have to give them that? Now, what about your address? Well, okay. I guess they need that for billing or something. Of course, this is all what you say to yourself. But really, could you give them a post office box? Like I often have a post office box because that's where I send stuff rather than a real address perhaps or a business address instead. What about your birth date? Why? What do they really need it for? And do you have to give them your birth date? Is it just so that they can make sure that the decisions you make are legal? In other words, if you buy something, if you contract something, well, fine. But do they really need the correct day, month, year? I mean, everybody? Oh, yeah. It's online because of two things. One, you've given it to people. But the other thing is because sometimes people divulge it to other people, even legitimate places or they, that sort of thing. But why should you have to do that in Facebook? Why should you have to do that in everybody given their all year information that's correct? So what about a personally identifying number like a Social Security number? I had a student the other day that filled out a form and it said, Social Security number. Well, we haven't actually, it was a very, very old form from the 90s and we haven't asked for Social Security numbers a long time, but there they had Social Security number just like, you know, whatever. What is a business or a person really need to know with that number? I mean, there are some people that need to know that, but you need to be smart enough to know who needs to know a number like that, which represents you. Okay, so now think about it. Think about, in other words, every little piece of information if you've watched movies and stuff every little piece of information that you give out online is one step closer to someone guessing the rest like what we were talking about jokingly earlier about what kind of security questions you might have. But what do you really need to know to take money out of your bank or use your credit card or assume your identity or to use your computer without you knowing? So I'm not saying that there's not any perfectly good reason for some businesses to know this information. There are some that do, but would you tell that information to a stranger just because they walked up and asked you? No. So why would you click on a link on an email from a stranger no matter what the message said, no matter what the message said. Maybe the message looks like it's coming from a friend, but if it sounds suspicious, it only takes a minute to contact your friend and see if they actually sent it. Would you stand in the middle of the store and shout that information out? Well, probably not and yet there are many people who are willing to give that information out to any business, any person who asks it online. Where do you work? Sure. Where did you go to school? Why not? Where are you right now? Which also means by the way that you're not home for anyone that knows. Absolutely. Your favorite color. What do you like to watch? What did you do last night? Who are your friends? If I want to find out somebody like my students, I can go to any website and I can find out way more about them than they would be willing to tell me under torture. And so can employers, by the way. And that's one of the things they do. So now let's go back to you and your computer. Being online is a bit like sitting at an airport with people all around you. It's not just you comfortably in bed with your phone. You may be perfectly safe. I mean after all, most people I go by the thing that most people are honest. Most people are just out there to do what they're doing and frankly they don't care. They've got their own business going on. They don't care if you're there. You're not really that important seriously. But if you're talking to your friends sitting next to you or online a world away and you give out some important information about you or what you're doing or most people won't pay attention. They'll forget. But if you drop your wallet or you leave your purse or your phone sitting there most people will point it out to you and help. But not everybody. There are a handful of people who are not so honest or respectful of you or your things. So security really you have to take it important because of the small number of bad actors out there. And also because like we were saying about liability is this is the one place. This is the one place. You may not be able to contribute to the next discoveries on Mars or the common DNA as we're talking about. But you do hold the keys to the safety of yourself to your friends to other people online all of that. And that's very interesting. So you have just as much power in many cases as those people just as much responsibility. And that is cyber space. That's cyber security. Now I'm not saying that cyber space is a paranoid world where you should never leave your room or vehicle. But it is a crowded city where you should safeguard your values, be aware of your surroundings who might be around you at all times. That's just common sense. The common sense is not so common. And it's very easy to delude yourself that it's just you and your computer. Most people are honest, even if they're not all nice and only a handful of people are dangerous. But it's for those type of people that you want to make it as difficult as possible for them to get the information from you. But like burglars, what's a burglar going to do? A common burglar will just try open doors and windows and they'll move on to the next house and they don't find one and don't know what your valuables you have inside. But if you already told them and they're determined it's going to be hard for you to protect them anyway. So you should copy them or safeguard them in some way. But the same thing applies online. So in conclusion for my remarks here, and I'm going to hand it over to the other others, is there's an old joke that I first heard in Africa in 1994 when I was in Somalia. And it goes like this. It's the one about the group of friends trying to outrun a lion. Well, one of them turns to the other and says I don't have to outrun the lion, I just have to outrun you. And that's reality. And that's just a part of living safely in the world and cyberspace. But I'd add one more thing though. It's not and everyone out for themselves competition like the so-called friends trying to outrun the lion. Yeah, that's the other one. It's the bear in the woods sort of thing. It's an old joke. When I was in Africa they were talking about lions because I was more real. So if the lion wants it can, now remember this is not everyone out for themselves. If the lion wants it can get everyone individually. So cyber security is more like all of us turning to face the lion together. Every one of us has to be aware, know how to secure ourselves, and by doing so we can all work together to make cyberspace a safer place for all of us. And that's kind of my remarks and I'd love to hear from the experts. Thank you. That was a fantastic overview, Vic. Dark Eagle what is your reaction to that? I'm in complete agreement with Vic. It's really difficult these days to preserve your privacy. I tend to joke around and say that you really don't have any way and probably haven't had for a long time but just as he mentioned with social media there are a lot of games and a lot of postings out there where they want to ask questions about you and if you think about the answers they're asking for those are the same answers that you would give say as your security questions to your bank or some other financial institution. So you really do have to be a little bit paranoid. Granted security professionals are supposed to be paranoid for everybody but that's only in certain situations. Everybody needs to basically wash their hands before they get on the net. Practice good cyber hygiene. Know where you're going on the internet. Careful what pages you open up. You know a lot of the browsers now have a nice little color change at the top of the browser if it's a secure site or if it's an insecure site. Pay attention to that. There's still a lot of websites that have a little padlock icon that show that it's supposed to be a secure site. But also be aware that just about anybody can put one of those up there. So it may still be a phishing website where they're trying to look like say your bank's web page. They usually do a poor job of that but you do have to take the time to consider where you're going. My common practice if I get a link in the email saying say that my PayPal has been compromised. I don't open that link out of the email I go to the web and go directly to my PayPal account to see what's going on and usually it's a scam. In fact I think there was only one time that it was actually something from PayPal. So be careful of that and also be practical. Know very well that there's no oil minister in Nigeria or anywhere else or their widow who's going to put a million dollars to let you keep the interest. Ain't going to happen. So don't even click on that. I actually did a trace on one of those emails which you can do. It's difficult but it's doable. I actually traced it back to Belgrad in Ireland where some of the Al Qaeda terrorists were being held at the time. So it makes you wonder it's one of the ways you were trying to raise funds. I actually sent an email to them. Go ahead. No just saying that's amazing. Yeah and there's a lot of things like that that are going on. But really it's a matter of practicality. It's a matter of being aware like Vic said where you are and what you're doing. And you know I tell my students this or used to that if you're going to go someplace dangerous be protected there are people out there who would gladly burn your systems to the ground if you let them. If you're dumb enough not to have your shields up when you go. So the reality is you just stay out of sites that are dangerous but sometimes if you want to go there. At least make sure you're ready to accept the consequences. Well so how what I kind of want to talk a little bit about viruses. It seems to me that in the early days of the internet viruses were the thing that everyone was freaked out about. I kind of feel like nowadays you hear less about viruses. But you do hear more about malicious programs in email attachments. I mean that's how the John Podesta emails were hacked. Russia was an attack mail that had a malicious program that could access all the emails. Now is that considered a virus or is that kind of like weird sort of solicitations by Nigerian princes or this all seems kind of this sort of getting gaining entry by email seems actually kind of low tech to me are there malicious program tools that don't require that that are like really malicious that can just somehow get into the network can be loaded into the network by the originator without someone clicking on something. Sam could you speak to that do you mind kind of what technically what kind of threats are out there that what kind of tools are out there that malicious people use. Okay yeah glad to again you mentioned much about the email again if you go back 10-20 years ago the main attack vector was trying to go through your firewall. That the biggest threat to the internet and computers today is basically the people people not being aware or a cognitive of what can so emails become the bad guy to infiltrate your network use that as a method to actually load into malware to attack your computer and possibly use that as a jumping off in fact rest of your network I've seen so many times that the way that they actually got into a network was they sent an email with an attachment person clicked on that and it loaded a virus after that virus is low I'll try now speak up a bit so I've gotten all the controls down good the main thing that they can do after they get one computer compromised they moved through the network to find the jewels the gold in the network I've seen before where I had one person they clicked on something and they compromised their account they used that compromised account to go through the network find a in this case is banking one server they handled all the what do you call them money transfers and they were actually getting ready to transfer over a million dollars to a account somewhere in Hong Kong luckily we were able to stop them but again the bad guy is going to use whatever method works the best and the best target out there today are the people those people if they're not aware of what can happen they make the whole internet vulnerable so if you were to go to a malicious website how can a website infect your computer do you still have to click on a link or download something from the website simply opening the URL infect your computer how does that work what is the risk of going to an insecure website with a website the main thing is what they call it drive by in other words you just click on that link you open up that web page you didn't actually wind up using one of the scripting links download malware add additional grabbers or anything like that so again about different just have to open up that web page and actually start infecting your computer or also if you click on some link on a web page you can actually also download malware onto your system so again there's several different ways that guy is going to make use of whatever method is um yeah so so one thing I'm also curious about is it seems to me that some of the types of websites that one might think would be dangerous might actually be among the safest I'm thinking of like prominent porn websites or prominent gaming websites where you think there would be a lot of malicious actors there but I imagine that those types of websites implement very strong security and are actually maybe among the safer ones and it's the real dangerous ones are probably sort of obscure or sort of customize websites or something that you find on a on a 4chan thread or something like that would be more malicious am I off base about that well some of the porn sites again I'm not in favor of porn or anything like that but they are put together hacked together by internet so they're targeting individuals to actually so again even commercial sites have been compromised um when you talk to your news sites you know you always have those ads that pop up when news site didn't bother checking pop up ads to come up they allowed the advertiser to actually post the stuff themselves with no checks well they wound up providing a path for infecting customer computers so whether it's a legitimate site or not some legitimate site out there you need to be careful something looks malicious sounds too good to be true it probably is again being aware of what's out there and what can happen is very important to everybody um darkstone let me direct this to you what sort of um you what kind of a antivirus um products are good um you know do are they really effective at keeping up to date with virus threats um and um are are they is it really necessary for example to set up some kind of private personal VPN to really be safe or um I don't really actually completely understand how um personal VPNs work to access the main internet there's got to be some connection there that would still leave you exposed it seems to me could you talk about that a little bit sure um first of all as I mentioned in chat a lot of these sites are actually trying to not infect your system but blackmail you into buying stuff that you don't need by making it sound like you're exposed to viruses and then trying to sell you a fake antivirus which then downloads a lot of stuff to your computer and actually may cause you to buy stuff that you don't want but um the three best antiviruses that I have found so far is Norton's um and um McAfee and uh Microsoft security essentials and I've used all three I prefer an antivirus that doesn't take over the whole system and log things down but then I'm pretty savvy so I can control most of my own um activities I do believe that Norton's and McAfee do more for somebody than they need they tend to uh take over the system but some people would probably be happy with that and feel more secure they do come with a firewall they come with a few extra security issues or systems that you can use um and they're pretty good um stay away from Kaporsky unfortunately they used to be a really good company but uh it was discovered a few years back that they were actually uh an agent for the Russian KGB and so none of the government agencies are allowed to use them anymore and uh another one that I tend to avoid now is Avast used to be really good, lightweight and effective but they've gotten I don't know if somebody took them over or what but they've gotten really greedy and I actually suspect in some cases they may have downloaded malware to your computer but that's my personal opinion um the next stage is uh you know having a good firewall a firewall pretty much just traffic from going into your computer and certain traffic from going out of your computer uh it takes a little more effort to set it up properly you know you can combine some good YouTube videos on what to do but it takes a lot of thought too you really need to think about what you're running what you need to run and uh what kind of resources you need to access um and finally the the whole idea of VPNs were a great idea a few years back but um the the hacking community I guess you could say has found so many ways to circumvent them that nowadays most VPNs are actually considered to be a liability and people tend to you know avoid them which is a real problem for telecommuters because one of the big things that we need to do um worldwide is expand our ability to telecommute into work but that's a whole another topic um virtual worlds they really help with that yeah I agree with that I think virtual worlds are underutilized for that for sure um and very disappointed to hear about a vast I always thought it was good um I'm a little surprised that Microsoft and um ER are good now I'm a little enough to remember that uh you know Microsoft products because of their ubiquity um were just horribly prone to viruses so I guess it's kind of good to hear that they've really tracked down on that and beefed up their security so that it really is reliable that's pretty impressive when you think about it um you know Apple products were always considered to be pretty safe I think because they were less ubiquitous um and um so they were not as interesting a target as a target um is Apple still considered relatively safe compared to um uh machines that run Microsoft products um in my humble opinion there is no operating system or product line out there that is any less vulnerable to any other ones but um as you pointed out some product line some companies have a bigger target painted on them for example Microsoft simply because more people use them more financial institutions use them so the uh the gold at the end of the rainbow um is at least perceived to be bigger so there's more probability that they will be hacked hmm okay so um let's see let's see if we have any questions from the audience um uh let's see um lovely Cass asks about Linux um how does Linux stack up in terms of did one of the other panelists want to answer that one um definitely not an expert on the thing but I was just looking online uh one of them basically says you don't and the other ones say well um maybe you do so I'm not quite sure I'm looking for a little more information myself right now okay um I'll speak that on um again just like Apple uh the windows is the biggest target out there because you got the biggest user base but now you look at the different flavors of uh Linux or Linux getting more and more users becoming more there are malware again there's no one operating system out there but it does mean using uh uh Apple or uh Linux can be uh safer okay um now one thing I'm kind of curious about like I've always been a little bit suspicious about like buying an antivirus product um because I don't know I mean how do you know I mean sure you you launched the antivirus and and you a screen pops up and it you know it has all of these sort of progress bars that uh that start running so it looks like something's happening on your computer but how do you know that that's just not you know just some kind of animated screen and nothing is happening um um uh are there I guess maybe is there a resource you can go to that uh that sort of verifies that antivirus programs are you know what they say they're doing yeah they're actually a couple the sans institute does a good job of uh evaluating the different antivirus programs anti malware programs as well as giving you alerts of what security issues are out there right now and the national institute of security I forget what the T stands for it's a NIST also does that um okay cool maybe um uh offline you can provide us with um some links to those sites um that we can put on the science circle website or something good idea um alright let's see oh yeah linus torvalds um open computing um let's see comments uh let's see okay and uh vik linked to a um tech advisor article uh linux does linux need antivirus so um maybe we can also include that on our um science circle website these are great resources here being posted in ads um alright uh so maybe um why don't we maybe shift our focus a little bit here to um social media um troll farms um disinformation um it does seem to me that in addition to sort of the sort of technical security that we've been talking about really now um it does seem that the internet is providing um uh is just creating a lot of chaos around the world um in the way um uh it's really confusing people about how they can know what is really true or what's really going on um um you know uh the facebook has gotten a lot of um criticism for example for facilitating disinformation that led to a genocide I think and uh or was it barundi or mayanmar um so I'd be very curious to um uh just kind of open it up a little bit to talk about some of the some of the social threats about the interview um maybe vik why don't you um uh sort of address that a little bit if you don't mind well the big one of course in the news is ransomware and I'd like to learn a little bit more about that too because uh one of the I've been following the chat and one of the people we're talking about I think we should tell about being threatened um over online and uh she maybe that didn't mention ransomware but just essentially or maybe did but the idea was uh I'd like to learn a little bit more about that about ransomware about what you can do what you should do anybody be able to speak on that um I would be horrified to have to pay a ransom in bitcoin let me tell you that much yeah um essentially what ransomware does and you probably encountered this already is it loads a malware on your system that encrypts your drive or drives and um then pops up with a message saying you have to pay this so much money to get your data back and we'll send you the uh key to unencrypt your drives and then uh they tell you how to pay them uh a lot of companies and a lot of people have actually gone through and paid them because unfortunately they weren't doing remote backups or any other types of ways of protecting their systems nowadays the uh antivirus programs and several firewalls actually are able to detect ransomware and stop it before it can do anything um some of the drives are already encrypted and they uh been updated to prevent somebody from re-encrypting them but it's kind of a um how do you put this it's uh it's kind of a race where the good guys keep getting ahead of the bad guys but then the bad guys outrun the good guys and you know it's ongoing there hasn't been a a real good solution to stopping them the best thing you can do is have a remote backup so take the the data that you're most concerned about and put it uh geographically somewhere else on a different computer that you can recover it should your system be damaged um I actually learned this first hand because my house burned down and all my servers with it and uh I did not do a recent backup to the cloud so I lost a lot of data ouch um can a backup be stored in a USB or some sort of a detached device sure but uh I would recommend that the backup be kept away from the uh the house and make sure that it isn't actually plugged into the computer uh when you you know get ransomware actually I would probably make a couple copies have one locally so you can get it and then have another one off site somewhere if your computer is encrypted by a ransomware program uh do you just have to trash the computer I mean you can't reload your backup onto that same computer can you uh you could format the drive possibly um you may have to do a low level format which actually rebuilds the entire uh firmware or the drive itself that's hard to do it might be easier just to put new drives in reinstall an operating system and then um reinstall everything you have the machine itself shouldn't be damaged hopefully it seems to me that preventing um um a viral uh encrypting of your hardware would be easy for microsoft to defend against though I mean couldn't you just um include in the basic window software um a a prevention of encryption without some sort of password protected authorization or something and that would just block all ransomware that seems like a good idea and they may actually be working on that but um I don't know if that's happening okay one thing that uh you can do uh I recommend to all my students in that is you create two accounts uh when you initially get your machine you create that account that's an administrator account which allows you to do any recommend that you uh you're breaking up a bit okay uh see is that better keep talking better okay uh what you can do by using a um simply user account you don't longer have the admin privileges which makes it harder to install some this malware again you can use all your applications in that it's just you cannot install new applications as a user so when you need to go ahead and install applications you go ahead and log in as admin again it reduces the amount of uh uh getting infected by either ransomware or any other virus uh again there's no one why of um well there's no silver bullet out there's always going to be some way that the bad guys can just being aware and cautious it seems that um a lot of this um sort of um malicious um internet activity is being generated by you know hostile governments um I think you know North Korea and Russia for example are really um and have been for decades been you know really developing um uh very powerful malicious tools um and um and also being able to exploit uh the all of the personal information that social media companies are are gathering that combination of just vast vast amounts of personal user data combined with malicious intent and um and a dedication of resources to this problem um you know it just feels like some of these uh kleptocratic regimes have really weaponized the internet um and that seems like a a really uh scary and new kind of threat I mean it's almost like we are um at the beginning of a sort of cyber warfare that used to be the province of science fiction um I'd love to hear you all's um sort of uh what you all think is kind of going on um uh um uh uh uh dark eagle would you like to maybe um do you have any thoughts about kind of what you know what is kind of um what is the engine for all of these sort of new uh this new sort of weaponization of the internet that we're seeing well it's it's kind of gone through stages originally it was uh more of a status thing I hacked into this and I did that and then it's uh kind of evolved to more um financially motivated people trying to get money, social security cards, credit cards, things like that but you're right it has become more weaponized where um different agencies I won't say different governments necessarily have been trying to do things like um attack power crates and um their motivations are often like you said political um there may be other organizations out there besides different governments who are also involved in these kinds of attacks um and they are becoming more and more prevalent what we can do to protect ourselves is really kind of uh back to the race analogy where we walk down and try to you know protect what we have find different ways to do that while at the same time the bad guys are you know investigating and finding new vulnerabilities the whole problem with security in general is the fact that the good guy has to watch everything, every port on their router, every packet that comes into their system and try to protect against everything the bad guy only has to find one vulnerability and focus on that and find a way to get in through there so we're at a disadvantage to begin with right yeah it looks like Vic is typing Vic would you like to maybe comment in voice? yeah um did I have my typing? your cursor may have just been stuck in the chat window for all I know okay, in case yeah unfortunately see we're talking about these sorts of things but certainly the best learning tool is when somebody really does lose their data get hacked into that kind of stuff and then it's all of a sudden like yeah this is real okay but there's a lot easier ways to learn than school of hard knocks and so I'm hoping that some of the things we've talked about today will be taken seriously because even experts get have problems and it's not hard to do some of these rudimentary things yeah we have if you look at the world okay thank you you have different types of hackers you've got your nation states that are out there for the political or advantage or to take copyrighted information a good example if you look at North Korea and Sony they're upset with the movie interview which actually is a very funny movie by the way I recommend it oh yeah, yeah just because of that I had to go watch it but again it costs Sony tremendous amounts of money and you look at the Chinese who act as old tremendous amount of records on security clearance and you go to the terrorist organization they have their they want to put out there the other hackers like out there to make money then of course you've got your what we call script kiddies they're just going to download some simple program this to cause trouble so like I said before out west out there and you're going to have all kinds of different out too is there agenda that's interesting you're mentioning terrorism you know I remember a year or two ago after ISIS had been pushed out of Iraq into Syria and they were really on the run and I remember that they issued some statements to the effect that you know they sort of walked back their of becoming a new caliphate and now they were calling themselves the cyber and that they were basically relocating their revolution to the internet yeah and again that's a powerful tool to use for recruitment and brainwashing and so forth and the internet has been their main way of recruiting people especially here in the United States they've been using that extensively and they've been very effective at turning people that way so again internet can be used a lot of different ways for influencing theft there's a way of using the internet to gain their goals yeah I'm sorry to step on you there I think a tagline mentions Mr. Robot with Rami Malik of course who plays Freddie Mercury in the Queen movie but Mr. Robot maybe we should touch on that a little bit because sort of the premise at least of the first season you know where he launches a virus that clears everyone's credit to no one has any more credit card debt hope I'm getting this right which I think would be a fantastic idea frankly but but this is kind of an interesting premise of you know sort of a use of this kind of technology to foment sort of a social and financial solution maybe it might be fun to kind of speculate about what types of large scale attacks might be feasible with tools Sam or Dark Eagle do you guys have any thoughts about that maybe or even a Vic have you kind of considered what might be on the horizon there that would be feasible actually I was actually I was engaged with Syzygy there and a little talk about what we were talking about is that it doesn't is one of the things that we have not talked about in voice here and that's the idea of people intentionally disinformation we were thinking about that but the idea of people just kind of like like I think of it as a fly and you just tweak the fly and it buzzes all over the place and the idea is that people intentionally trying to tweak different sides or extremes of an issue can easily get people tied up in arguments and thinking one way or another because it's such a contentious world today and that's just as at least to just as many problems as some of the other stuff because you can convince people of anything because they want to believe it and so I think that's an important thing we need to talk about one of the tricky things with disinformation is that it's weaponized by both sides that is disinformation is real especially as mastered by the Russians who have been mastering this for decades to kind of keep their client states in a state of sort of information confusion they've been doing that for decades on the other hand knowledge of the fact that disinformation exists and is effective is being weaponized by the Trump administration to claim that any critical news is fake news and is disinformation and it cuts both ways and it's just super exasperating to sort of be able to be able on the one hand to be worried about disinformation and be super frustrated when people particularly cry disinformation for things that they don't like I'd like to make two points on this the first one is that these are all various forms of social engineering and social engineering is really the root of almost all malware and disinformation too and back during World War II there was a I believe it was one of the generals for the army that pretty much stated that whoever defines the truths for the nation controls the nation and that's what I think we're kind of seeing here in the United States and worldwide is that people are actively trying to control what the public is allowed to believe speaking of that if you look back again to World War II they've always been using what they call PSYOP psychological operations the internet is just a new path for people to do the same thing either through disinformation everything from elections on Sam talk closer to your microphone oh okay again you know PSYOP is a big thing out there and it's been for decades just the internet is just a new tool for performing it so we should carry this on in an upcoming event because we are kind of running past our time but it's fascinating yeah thank you Dark Eagle I was just realizing that we're a little past the hour here and we are straying a little bit out of our agenda but yeah maybe we can reconstitute this panel in a few months and maybe revisit some of these sort of somebody was saying what the origin of propaganda actually originally came in 1622 or whatever part of the it was a committee in the church called propaganda oh really fascinating yeah great content here from my chat well okay I think I'm going to seize this opportunity to exercise my executive authority as moderator and have our session here today to a close thanks everyone for attending let's have some applause for our panel members and thanks to all the audience and students here who contributed in nearby chat and maybe we can revisit these topics again in the near future with that I bring this to a close goodbye everyone and I look forward to next time thank you really enjoyed it have a good day yeah this was fun thank you take care and hopefully you will pass this along to others absolutely and feel free to linger and chat with our audience members and so forth again thanks to everyone thanks to our panel members for participating and for our students