 Think tech away, civil engagement lives here. Welcome back to Cyber Underground. I'm your host, Dave Stevens. Welcome back to All Things Cyber. Let's get right into it. We have with us today, Andrew, the security guy. Welcome back, brother. Hello, everybody. Good to be here. Thanks for having me. Good to have you back. It's always great show when you're here, everything goes right. Thank you. I'll try. You're gonna be working on the road next month except for the 30th. I got five shows across the nation. So you're a popular man. I try to share, you know? Everybody loves you. Security about sharing, right? No, we need transparency. We need to share. We need to help each other. That's how I know about it. That's why cyber and security is not a career. It's a crusade. That's right. And you're at the vanguard of the assault. Thank you, brother. Leading Hawaii to a safer place, baby. That's what I'm working on every day. One step at a time. Let's talk about safety and security. Let's talk about safety. The sadness in Florida. We have another school shooting. And I believe you were MP for a while, Navy? Yeah, I was out on the House of Ships Protection Force. Out of Barbers? A lot of different things I could do. And of course I was Marine MP. And so, you know, we had to handle guns. And so, I don't know about you, but in my family, we grew up with guns. We always had a scatter gun and a lever action over the mantle piece. And we always had handguns all over the place. But we were trained and responsible. And we knew when not to use them. And when to use them and how to use them and secure them. And I guess there's people out there that don't know all these things. And the arguments for and against gun control. And I just, I want to touch on a couple topics today because I've heard some really stupid comments. And this is what I'm hearing now. First of all, I support the Second Amendment fully. I love the Second Amendment. Let's own weapons. Great. What I don't support is stupid people owning guns. Unfortunately, there's no test. I wish there was a scientific test. Like driving a car. Right, like a stupid test. I don't like stupid people owning cars either. So, I got a kind of problem. It's just as deadly in a lot of cases, right? More dead. Let's take care of that problem. Our administration has rolled back Obama-era gun control to limit mentally unstable people from owning weapons. So now there's more people on the roster that can own weapons. Everybody can get one. Almost everyone can get one. Gun control is just to make buying a gun a little bit more difficult than going to 7-Eleven and buying some Doritos. We just don't want your name, your address, the serial number on the gun. Do you have a criminal background? It's kind of simple. And states sometimes don't even share with each other. And here's the biggest problem. This young man apparently bought a gun legally. He was a legal gun owner. 19 years old, had an AR-15, and decided to go back to his school where he was kicked out of and start shooting the place up. Now here's the comments I got on social media. People telling me if there'd been more gun owners that had guns with them in the school, there'd be less death in the high school. They wanted, say, teachers and security guards to be armed. So there's arguments to go back and forth, but my stance on this is, and this is why I brought up UNI being law enforcement in the past, is because when you draw your weapon, the first thing you think is, can I fire this weapon without harming somebody? I don't want to harm. I got to have a clean backdrop. And if you're, say, they said the same thing about the Pulse nightclub, had everybody had a weapon, there wouldn't have been so many deaths. But I think in a nightclub, you've got 150 people in a 10 square foot space. Everybody's shooting. Everybody's shooting. It's a lot of life going on. Everybody gets hit. And the same thing with the school. I understand the argument that you want people to be able to defend themselves. But on the other hand, if those people aren't trained law enforcement people. And persistent training, like we trained constantly. We were at the range, I don't know if it was monthly, but we also shot non-officially, right? So we shot a lot. And it isn't even that you practice engagement. You practice the rules of escalation, right? So that you, cause I had a PR 24 and you have a weapon, right? So you have a few things. Yeah, non-lethal and lethal means. You have a few things on your belt, right? And you have to understand what the situation is in front of you. And do I think that teachers could be trained? I think anyone could be trained. As a matter of fact, but I do think that training needs to be licensed. It needs to be official. My wife always talks about she believes people should have liability insurance. You know, if you're gonna own a weapon that you should be insured for. Now that's a great idea. For using it so that. You gotta have insurance. And so the level that you train to, maybe your insurance is lower because you're a level five or a level two or whatever it may be. You know, I'm a fan of I guess the second amendment. I mean, I believe I should have the right to own a weapon. I think anyone should have the right to own a weapon if they haven't given that right away by doing something stupid, or harming someone, perhaps committing a felony of some type. There's some times when you sort of, you've given up your rights because of things you've done. And I can't help that for others. But normal law abiding citizens, do I believe that if someone walked into place and I was armed, I would have the capacity to, and I don't train like I used to. So I say this kind of with past experience, but do I believe I would have the capacity to perhaps mitigate that situation with that individual? Perhaps. I just don't know. If you stand in a crowd, I can't make that shot, but I can advance towards him as a guy did in this case who took bullets for students. Now that was a hero. One of the teachers was a hero. In my advancement, which I would probably do armed or unarmed just cause I'm like that. If I'm armed, I got a chance of stopping him. Maybe he stops me, but I stop him also. But sometimes you gotta close that distance in order to get a clean shot and not harm someone else. And we were trained about all that, right? So I mean, it's hard to say it's situationally, you know, I work in the technology field that does a lot of active shooter where we wanna isolate the shooter in a place and know where he is, where did the last shot occur when the response is coming to hopefully speed that response? Does it, I hate when they say it saves people cause it doesn't, hopefully it does. But the technology by itself is only gonna help us respond quickly, right? Because we can isolate where that person is. I'm not, I don't have to cover the whole building. He's in the left wing third floor because I have a device there that detects gunshots and sees the infrared muzzle flash and things like that. So when we can use technology to respond quicker, I think that can be helpful. And also it aids in the evacuation process for unaffected areas you can take to get away from harm. Sure, if you've got people who are gonna remain and try to implement some command and control over an act, during an active shooter incident and be able to communicate to people, take shelter here, this group move out, move out the west wing, go down the flight stairs, leave, you know, if you can direct people that way, that's great, but you can't really automate that. So someone has to stay there and do, come extra or do it remotely or whatever it may be. So, you know, it takes a lot of planning and a lot of work that, unfortunately the school systems haven't gotten that done. You know, they've got a lot of video surveillance and I'm sure there's tons of post incident video of this kid and what he did. And I read one report from one of his fellow students who said, you know, he had gone to that school. So he was there when they did active shooter training. So he knew every place that everyone was gonna go shelter and hide and all that kind of stuff because he'd been through it as a student himself. So he sort of knew what to expect. And that's sort of that insider threat knowledge that we talk about. That made him particularly lethal. So he pulled the firearm and walked in with the crowd. Sure. So he knew all that. Yeah, pulled the firearm and walked in. That should alert people immediately when someone's going into a building with a firearm. And they pulled the firearm. Yeah, warning. The teacher who stepped in the line of fire, that kind of person isn't as exceptionally rare as we might think. That teacher is, in my opinion, that's the American spirit. That's his heroic as he is. That's the hero doing what heroes do. And I wanna just tell our audience out there that all your law enforcement officials out there and all your uniformed armed services members, those are the kind of people that do the same thing. All the everyday. They're sworn to protect you. All enemies, foreign and domestic, it's in the oath. They'll jump in the way. They'll take the bullet. Because you're paying for it. It's your tax dollars and they swore the oath. They signed that blank check up until death, unfortunately. And here we had a teacher. I believe he was a PE teacher or he was a, I think he was a coach who obviously took that same level of responsibility for those students and stepped up to the door. As an educator, you do the same thing. You're there to protect the students as well as educate them. And he took it seriously and God bless them. Yeah, and I don't know if he was prior military or not. I don't know where he got that or just raised well, but that sort of thing is commendable. I think it all started when that group jumped on the guys that were trying to crash that pain into the Pentagon and they took that flight down. Remember that? They were able to crash one. They crashed in Indiana somewhere and they knew that. They knew that the plane was gonna crash but they stopped the shooter and they stopped the plane from doing further damage hitting a big city or whatever it was. And they gave their life for it. And they gave their life for it. They're heroes and so I think to me that's sort of been the rise of that stuff. I'm always proud of Americans, anyone who takes that on because you give up your own, that's a little altruism there when you're giving up your own safety for the safety of others. And it's a commendable human trait. That's right. You're not there for the praise afterwards. This is a permanent deal. You don't get the ribbons. No, but you're right. That's in my opinion as the American spirit and that's the way we should be. And those kind of people can be trusted on firearms. It's the people that are malicious and mean. Yeah and I don't know the answer. There's always gonna be this. And if it's, we've seen in Europe where there's not a lot of guns, they use knives and other, there's cars, vans across the bridge, killing people. So weapons, the type of weapon use, it's that mentality that makes someone want to act out in that way that we need to work on detecting. Now we could scale back. One of the arguments is let's take away all weapons. You could scale back the amount of damage done. How are you gonna take them away? In America. From the criminals. I mean, you already own them. Really hard in America to take away. I think it's ridiculous. I mean, I think it's just a ridiculous proposal. I would gladly give mine up if I knew no one else had any. I would have no problem with that. You know me too. We pay taxes for law enforcement to carry weapons, so. Yeah, they don't bother me. But I mean, if I know that none of the crooks have them. You know what I'm saying? If I know everybody else, all the normal people that aren't, like the police are armed, military's armed, no one else has any and that's for sure. I don't need any. I'm not worried about those guys. I'd be comfortable with that. I would miss my target shooting. Wow, use a pellet gun. I'd pick up a bow and arrow. I mean, there's all kinds of stuff, you know. We can go back to the police shots. We're talking about the fence of our nation and military now. Let's move on to like the cyber field, our area. Okay. Now, we, Robert Mueller today announced, and the FBI announced, Rob Rosenstein gave a press conference on this. 13 indictments of Russian people and entities for actually meddling in our election process. Awesome. They're the ones that do this. So he's getting to the ground. He's getting to ground zero, good. I think he's getting to the actual crimes now and he's got indictments on four people, plus he's 13 Russians. And we're getting down to where we've proven that Russia did interfere with our election process. Whether they swung it one way or the other, we can't prove yet. But I think he's going one way rather than the other. But for right now, we know what happened and it's mostly through social media. And they, Rob Rosenstein gave this one example. There was two demonstrations in 2016 scheduled a post-election for New York. One for Trump and one against Trump. On the same day, both scheduled by these trolls from Russia. Oh, I see, okay. And they were doing this to create dissent. Okay, sure. Divide. Divide and conquer, yeah. Divide and conquer. So we're all the victims of this and it's good to know that these Russians are being indicted. However, it's not all of them. Right after this tragedy in Florida, right after that, another Russian trolling, I guess I'll call it a service company, posted to Facebook numerous times for pro-gun legislation. Oh, I see. And some anti-gun legislation. Yeah, trying to divide and conquer. Here we go again. I split a nation and the nation is weaker. It's that simple. I think it goes to that and it's gonna go deeper. So I was trying to tell my students so I teach network defense. We were talking about networking and they said, well, really, what could we do? We're just, you know, I'm a network administrator. So who cares? I said, it depends on who you are and what the criminal's going after. Keep up with current affairs. So current affairs right now, North Korea needs money, lots of sanctions. They need money. So what are they gonna do? Go steal it. They were into the SWIFT system, the banking money transfer system and they got $80 million. They're into Bitcoin. They took a whole bunch of that. No, that's another cryptocurrency, not Bitcoin. Ethereum? Not that either. I'm sorry. I need to save Bitcoin. There's two minis nowadays. I don't even know. There's so many. But they're involved in stealing money. So if you're a network administrator and you work at a place that does coin exchange or Bitcoin or you work at a bank, you're actually helping to defend this country. Oh yeah. Just by securing your network. Sure. And the people that work in the election committees, and we're gonna talk about election hacking here now too, those people that do security at the election committees for the Democratic Republican parties, they're defending their nation because that's our electoral process. If somebody else outside our country chooses our leaders, then we have lost our voice. And then what is this? Is no longer a republic with representative government, we no longer have a democratic process. We don't have a choice. So if our leaders know that they can't be voted out of office, they're not beholded to our wishes anymore. Because of outside influences, from outside the country, gotcha. Well, it isn't like we haven't been guilty of some of that ourselves, installing governments into places. But- You don't mean I ran. When it's happened to us, when it's happened to us, all of a sudden maybe we start to see some of the downsides. What's good for the goose now. Of what can actually happen in our country. And I mean the divisiveness is an interesting tactic. They don't care, they just wanna divide. That's what it seems like to me. Well, I think they're destroying our faith in the electoral process. So we're gonna take a break, we're gonna come right back, we're gonna pay some bills, and then we'll continue this discussion. This is important. Come on back, stay safe. Hey, that's you. I want to know, will you watch my show? I hope you do. It's on Tuesdays at one o'clock and it's out of the comfort zone and I'll be your host, R.E.B. Kelly. See you there. I'm going to the game and it's gonna be great. I'll be early arriving for a little tailgate. I usually drink but won't be drinking today because I'm the designated driver and that's okay. It's nice to be the guy that keeps his friends in line, keeps them from drinking too much so we can have a great time. A little responsibility can go a long way because it's all about having fun on game day. I'm the guy you wanna be. I'm the guy saving money. I'm how that says, let's go. Welcome back to Cyber Underground. We're talking about protecting our democratic process here by keeping up our network infrastructure and security measures. Things like the Democratic National Convention, is that what the DNC stand for? And Republican National Convention, the other big party. And they have, of course, networks, infrastructure, email. They gotta keep private and keep it away from the other guys and not be fooled into doing something silly. So let's talk about March 10th of 2016, the DNC hacked. So they did a phishing scam. Yeah, it was a phishing scam. It was broadly targeted. Email phishing, right? And they threw out, so apparently the first 29 that went out were sent out to people that had worked on the previous election campaign for Clinton. So they didn't respond, of course. But the last one. Those emails weren't even active anymore. Right, so the number 30 hit home. I see. And someone responded. And from then on, man of control from inside and they could get anything they wanted. And that's when things went downhill for the Democrats. And then let's talk about... So and then they were able to mine all this information and spin it and do it. They still don't know how well they got out. The forensics investigation. State secrets. She was Secretary of State. Party secrets? Party secrets for sure. But then let's talk about the election machines. We have computerized election and election machines in almost all states now. Debold makes them. Debold, okay. I did not know that. Debold. No, they're not. Right there know how. They're not on the internet. They make all of it. I'm not trying to throw a hook into Debold or anything. Yeah, we don't just plug these things into the ethernet all the time. They're not Wi-Fi devices. They're standalone kiosks all the time. They record information. But the way you get information onto them and update them and get information back from them, you need a connection of some kind. And it could be a USB flash drive. It could be your computer with a cable. But every time that happens, there's a chance malware can shift over to the machine itself. And the machine can be altered to do what you want it to do. We had 21 states attacked. Oh. And nobody wants to admit that their machines actually were altered in their behavior. So as we know, once you're identified as somebody who's been hacked, the PR spin begins. Because you want to out. You got to pay on if you won or lost in that state. You got to spin it positive. And Equifax tried that in 17 different ways and just lost their shirt on that. And I'm thinking we're going to find out some of our electoral process was hacked. Well, can we just use paper and a pencil? Or is it just slow? Well, then we have hanging chads. Remember that? Oh, that was that. Yeah, the whole Florida thing. Well, we can. Can we? I mean, just, if I could just send me your votes, I'll just, how about that? I trust you. In fact, I'll email you my vote. I mean, we'll vote like hundreds of million, right? Like, I'll be busy. That's going to be a lot. Yeah, I don't, I don't. You know, if we rely on technology, people are going to learn to manipulate technology. We already know that the vulnerabilities tend to lead the production, right? We just, because there's, let's just say there's 50 engineers working to build something, there's 500 working to hack it. And so the fact of the matter is that we're probably going to continue to be reactive unless we can somehow build the perfect machine. And that doesn't seem to really be affordable. We can't build perfect because we're not perfect. Yeah, and it's just not affordable, right? So, you know, you can't, from a production perspective, spend that much time in development. So there's going to be holes, there's going to be vulnerabilities. And so our reliance on the type of technology we've been using, maybe this incident is the thing that's going to say, you know what? We need better technology. Maybe we need, maybe somehow blockchain can be deployed to track these votes so that they can at least be recounted properly. That's a brilliant idea. Yeah, I don't, I don't know. Brilliant. You know, some way. But they don't have to be connected on the internet at the same time to do that. Yeah, and something that's auditable, right? So that we can at least go back and get the accurate count. I'm not even confident that once it's, once they say, oh, because what if we get all the states say, oh, we don't trust our election? Which is what you were talking about, right? And these guys, because they're dividing us, we're no one's trusting things that we've trusted in this nation for the last, well, since technology rising in the last 30, 40 years, we've started to build our processes around trusting in technology. Now we're finding, wow, it can be used against us for divisive purposes. Not necessarily for this guy to win or this guy to win, but just to divide us. Just so we fight, just so there's no trust. If we don't trust our process, as what you said earlier, the process is not gonna give any value to us. Right, then what do we do? And then if we can have an election, that's all we want. If nobody believes in them, it'll be like all these other countries that are rioting all the time about that we don't want this guy, he was illegally elected, it's all fake, nobody really voted for him. And then the tanks roll through the streets and we have a revolution. Tanks roll through the streets and then they're gonna do this, point their tank at your house like Castro did and say, bring out your guns, you got these seven, I've reproduced them now, or we're gonna take care of your house for you. So I love your idea about blockchain actually. Well, I mean, it's auditable, you know. We have to connect them all, but our audience should know blockchain is what supports cryptocurrency, like Bitcoin. Yeah, it's a transaction record, that's agreed upon by everyone that actually occurred. Well, everyone has a copy of it, or most people do. Yeah, so it's hard to really, at least you ought to be auditable. To fake it. I don't know how hard it is or expensive. Real challenge to fake that stuff. Yeah. But blockchain would be good. The only problem is all the devices would have to be on the internet all the time. And if they're on the internet at all times, I mean, it's only a matter of time. And we got to talk about too, when somebody wants to hack you, now let's go back to something small like Arc Cybersecurity Club at Capitol County Community College, very small. There's maybe 20 people at any given penetration test that we do. And they do open source intelligence and then the email phishing. And it's a lot of hard, slogging work. You got to really dig deep on the deep web and the dark web, fishing information out and then crafting these emails and then carefully sending them just the right way. And it takes a long time. Sometimes we work several months on this stuff to get that one person to respond so we can get in there and get command and control of the network. And that's just 20 kids over a couple of months and just one little non-profit or something that we're working with. It's a charitable thing. But think about our electoral system is a huge target and a country like Russia has virtually unlimited time and resources to throw at this. If they want a budget of $500 million, they snap their fingers and they get $500 million and 800 people working on this 24 seven. And if we've got our election machines online, guarantee you they're going to be hacked. They're beating on them. Yeah, they'll be beating them to death. They're knocking on the doors all day long and twice on Sunday. And I'm sure they've already got the code and they just reverse engineer it. I mean, you know how he's got it. You got to think what's more valuable though, undermining the whole process or switching the election for the candidate they want. You know, it's like if they wanted to do that, it's one thing, but the social media effort, right, seemed to, it must have had some effect. It seems to have gotten a lot of people's attention. And that maybe a lot of people actually believe all the stuff that they read without actually verifying it. I don't know that that was, is that from years of sitting around watching, like we had Walter Cronkite used to trust him back in the day, right? Sure, yeah. And then today, I guess, do you not trust TV? So why do they trust their social media, but not TV? I don't know. Well, we have something that I consider state sponsored and that's Fox News. That's state sponsored? I consider that state sponsored. Every time I turn on, whatever twist they're putting on a story, it's always favoring the current administration. There's nothing against the current administration ever. In fact, the indictments against... So that's not very good news. Well, I like to take multiple sources and then fish out the facts. And then I can make my own choices. But I don't think we're training our kids how to do that anymore. I guarantee you this 33% of the population right now that doesn't do this, and I know exactly who they are. I don't even have, I don't watch any of those. I don't watch CNN or I don't watch the news. How do you get your news? I read the paper and I follow like slash dot and I have some sources, but they're techie sources, not necessarily... And they publish political sub-battists don't read. I guess I don't, I'm not that engaged in the politics. Maybe as I should be, I don't know. Well, I don't like it when they... It's up to you? Well, I don't like it when they... But you get your sources from not just national, but international. I go outside of the country. Yeah, the register. I go to, yeah, the UK has some very good sources, but also I used to read the publications in Al Jazeera to get a completely different viewpoint on the same topic at the same time. And I'd actually get literally a different photo from a different angle in the same arena because they're on the other side shooting in and America's on the other side of the conflict is shooting on the other side. So you get both angles, you get both viewpoints and that's, I think that's valid. Informative. But it takes time and it takes effort. Yeah, and back to the hacking of our systems themselves, if these guys are willing to spend the money, they could absolutely probably break our country's will. It may take a few cycles, but eventually, I mean, this has been, I don't remember as a kid, I remember when when Nixon got impeached, I remember that, and it's, maybe it all started to degrade after that, but until there was the thing in Florida, maybe that was the hanging chads, and all of a sudden there started to be these things about elections and people challenging the election results. And it seems like now that's a constant, like every year, or every four years, this is happening. And I don't remember that when I was young. And maybe I didn't vote then, so did people do it by hand and fill out a little, how do you take those little tests with them, you fill in the little squares? Some states did, other states had the stampers, the things that caused the hanging chads in Florida. Oh, so you picked them and then it punched them. It punched it out. So you know, I mean, I don't know, but if it has to go back to by hand to restore faith, then that's probably what we should do. I think a lot of people don't trust this electoral college process because those people can be influenced. And we had a, we had- By social media. We've had several different, yeah, by social media. We've had several different elections in just in my lifetime. The electoral college was the deciding factor, not the popular vote. They did not match. Yeah, I don't agree with that. I don't either, and electoral college was developed in the 1780s, and it was a system because most people couldn't come into vote so they'd trust their electoral college. Because it was rural. It was very rural, that was America back then. Now not so much. We proved it this time with our popular vote. So I think maybe that's a big problem too. Facebook posting news stories, huge issue. Because no one who reads through Facebook or at least very few people are clicking on those links and saying, well, can I find that information on another source? Or is that solo? Yeah, because it's a solo source. Is it fake, yeah. Yeah, if it's fake, you don't want to read it. Yeah, there's definitely people investing time and money into creating news that isn't unreal, utterly unreal, utterly fabricated. So we've got one more thing. We got two things. Let's put up the iOS crash symbol real quick. We're gonna do this. This is Telugu symbol from- If someone texts you that, you're in trouble. Yeah, this is an Indian symbol. You can do this in Unicode in text, and it produces this symbol and it will crash your iOS device. So if you actually find this, don't text it. Upon receipt, it will do that. It'll crash your phone. It consumes too many resources trying to display. So they say to send the thread to someone else so that it can be deleted. Don't just delete it yourself from your phone because then you got no way to get rid of it. Oh, so keep the thread alive, call somebody, say I'm gonna send you this thing, keep the thread alive so you can delete the thread. Oh, that's a good idea. That was from somebody I was reading. I forget it. Somebody smarter than me. Okay, well, that's it. That's all the show we got today. And that was, wow, that goes fast. We'll see you next Friday. We're gonna have a special episode next Friday. I will not be here, but the president of the Hawaii Advanced Technology Society. Hats. Hats. Rochelle. Rochelle Ms. Lugin will be here and she's gonna do some stuff with the Hats Club. She'll have some members here, do a couple of the demos and give us some real good information. I like it. All right. Sign on and give the Hats kids some love. All right, until then, stay safe.