All right, all right, here we go. Episode number 15 of the global Show Globalbob Show. We are the crossroads of technology, and politics. This week's episode is titled, improving your digital hygiene. Yeah, we've talked a lot about hackers and exploitation. But what I want to talk to you about today is is how all that starts. And most of the time that starts by a person not having good digital hygiene. I appreciate everybody that tunes in. Can we even say that these days tunes in? I know that whenever I was a kid, I'd ride around with my dad and his truck. And he would always listen to news talk radio, on the am dial. And there was a DJ on their news talk anchor that would say, tune in, in tuning in and tear off the knob. Do you think that kids these days would even understand what that means that tune it in. Now, I know each week, I thank everybody for tuning in. But maybe I should say for jacking in or something to that, to that effect, because you don't really tune me in you more like click me. And I guess. However, I'd like to thank everybody that does tune in, because we're still going to say that, and those that share the podcast. And I really appreciate all of those that continued to give me ideas for these podcast. And this one here is no exception. So if you'd like to hear me talk about something of interest, and you can reach out to me at Gmail Globalbob show@gmail.com. You can find me out on Twitter at global Bob Show. Or you can go to Facebook and go to the global Bob Show. And contact me there. I'm usually pretty quick on Messenger if you got a question and we'll go over it. Alright, so let's just dive right on in. So whenever I talk to you about digital hygiene, this is the same thing like your mom or your dad taught you, when you were growing up, you kind of gotta wash behind the ears, wash your armpits, make sure that your hair squeaky clean. I know if you put shampoo in your hair, my mom would come in and make me rub it. And if it was squeaky on my hair, then it was squeaky clean. So what we got to do is get everybody squeaky clean when it comes to their digital hygiene. Now it's no secret, we know that there's a cyber war that's currently raging. I mean, it's happening every day, and the stuff that you hear about in the news. And on other sources that you get your information from. I mean, that's just a little tip of what's really going on. There's a shadow war that's being fought constantly. And we've already talked a lot about that in depth. But what people don't realize is, is that they say, Oh, well, why would I be a target? What value would I have? Why would anybody want to hack me? Well, I'm going to give you a couple professions here and tell why I would want to hack them if I was an operative working for a foreign government. So let's start right off the top. My family's in the electrical business, and why would someone want to hack their their business? Well, they got sensitive information. They do various jobs for some major chains, which I don't want to talk about, you know, their clients, but many of you shop at those places. And they do schools, and they do hospitals, some medical facilities more like and so I could see where foreign adversaries would want to have access to the plans that they have. They get copies of these plans, and it has lots of details in there. What kind of switch gears in there and all kinds of stuff. So just like with Stuxnet, where they were looking desperately for plans inside the Natanz nuclear facility, then, you know, hacking the electrical company or electrical contractors or my other family members that are in the general contracting business, they would become a target Believe it or not, your air conditioning repairman? Now this was out in the news one time that major retail little chain by the name of target had a target on them. And they actually compromised Target's network by hacking through the HVAC or the air conditioning system. So that's played out in the news. What about your city workers, those city workers, they have access to the SCADA control systems that control water, and sewer. And we've seen that in the news where someone actually hacked into a sewer plant and cause the sewage to overflow. So your city workers are targets. And the line that I meant, you know, I do a lot of code development. And that code gets ran on various companies, networks. And so someone could slip something into the code. And we saw just last week, where there was some code that was compromised, that a lot of developers use that allowed to have a backdoor into it. Now, this is one that I always am very worried about, is my brothers and sisters that are in the real estate business. I mentioned this a little bit in one of the podcasts that it's amazing how much information your real estate agents or your mortgage brokers have. I know that when I was closing on my house, back in the day, I mean, I was sending copies of my driver's license and send in all kinds of stuff through the email, and you just email the mortgage broker or you email the real estate agent. Now, I will say fast forward to today's times, I would not be doing that. Because there's many, many ways that have been implemented. But when I was buying my house, a lot of that wasn't implemented. But now, you know, they're using things like DocuSign and other platforms. But to me, it's like, man, your real estate agents, they have all the information. I mean, you got to send them financials and copy a bank records and even a voided check all of that. I'm going to talk about little later about what you don't want to do. Now, this is one profession. And I do say it is a profession, because it is a lot of work. And I'm talking about your stay at home house husbands and your stay at home housewives. Now, this is one that I think doesn't get a lot of attention when it comes to saying, Well, why would someone want to target my wife or my husband, they don't work for a company per se, they, you know, they're the Commander in Chief of the house. Well, we have seen in the past where this significant other was targeted. And they were targeted, because they knew that they probably didn't have as much security on their laptop, and that the adversary targeted the significant other to use that laptop inside the home network to then compromise the corporate laptop of the husband or wife that was on that network. And the same thing goes for kids. So your kids can be targeted, because that gives them a foothold at your house to then try to target devices that come on and off your network. So this isn't a joke. This isn't just me. Trying to tell folks that oh, you know, you got to get rid of all your electronic equipment. No, I'm just telling you that everybody is a target when it comes to this new cyber war. Now, one of the questions I get quite a bit is I've been hacked on Facebook, what can I do? So I want to use Facebook as an example of walking through the process of improving your digital hygiene. So everything that I tell you here, the other platforms have it. You just got to dig through the various settings on there and find the setting that is comparable. But I get this all the time. I get friends that send me a Facebook messenger that says I've been hacked, don't accept any friend requests from me. And I see them posted on Facebook on their channel saying I've been hacked and things and it's the same conversation that I have all the time. You have not been hacked, you've been cloned. And there's some ways that we're going to talk about of how to see if you've been hacked or if you've been cloned. Now the difference is is that when someone clones, you what they do is try to find a public picture of you whether it's on your Facebook profile, or out on the internet or somewhere and they take an To create a username, and they try to make it close to your user name. But you know, really, when you get a friend request, you don't see the actual user name, what you're seeing is, is the name of the person which is different. And what I can do, or you can do, or anybody can do, and this is what they do, they take and create a username, like Brian v 123. And you don't really look at that, unless you're looking at that URL fill but then of the name, they'll put Brian Varner in there. And what they're trying to do is get your friends to accept their friend request. And the next thing that once I explained this, folks say, Well, why would anybody want to clone me and become one of my friends? Well, there's a couple of reasons why this happens. One very real reason this happens is is that they are trying to find out information about your friends. So if someone clones, my Facebook, they're not really too interested in me, they're interested in one of my friends. And the reason why is is because just because they clone my information, then they don't get my information, they're looking for the information of one of my friends. Now, if one of my friends accept their friend requests, then they can get some of my information. But a lot of times, when these people clone you, it could be private investigators. Now, when you think a private investigator, you think of the pie that's run around with a rubber nose and some, you know, dark trench coat here and the 150 degree weather it feels like in Florida. And that's not it. There's private investigators that use Facebook to try to go after workman's comp fraud. And there could be some spouses that are looking to get information on their significant other but a lot of times this is or not a lot of times, but most of the time, it could be related to someone with a workman's comp case. And so what they'll do is they'll lock down their profile, because they know that they've filed some workman's comp claim and they want to keep, you know, people from seeing their pictures because it could contradict their workman's comp claim. And so they'll lock down their profile, but they'll let friends of friends see their profile information. So if this private investigator can start looking around and finding out who your friends are, and then friend, one of them, then they can start seeing your pictures. So let's say you were out dancing one night, and you twisted your leg and you go to work on Monday, and you follow workman's comp claim? Well, depending on the price, they may hire a private investigator. And so when you're out in public, you're limping with your crutches and all of that. And then on your Facebook profile, you start uploading pictures of you out snowboarding, well, I mean, that's a perfect example. The other people that clone, what they're trying to do is find as much information as possible about the other people. And I'm going to tell you how to look and see what information your friends can see and what information is public. But what the scammers are trying to do is look through your friends as profiles that may be open way too much that has your birthdate, and it has your phone number, and all kinds of information that you may not exactly want your friends to know. And so these scammers, they'll get your phone number, they'll start looking for your pets. And they'll say, look through and find a picture of you holding your dog, your dog's names fluffy, well, now they know your dog's names, fluffy, they know your birthdate. They have your phone number. And then they'll look at your relationships. And some people put this is my mom, this is my dad, and side their profile or other information and what happens when you log into your bank account, you forget your phone number, I mean, you forget your password. And you got to tell them your mom's maiden name, your date of birth. Well, though it could have that information. So that's usually why people get cloned is is that there's someone that's interested either in your friends information or they are trying to get information to scam someone. So what have you been hacked? Now that's completely different. When you're hacked, that means that No one has your username and password, or without getting into all the technical details, that they are able to clone a session. So that's completely different. And the way the best and easiest way to figure this out is people will start calling you maybe on your phone saying, Hey, what is why are you posting this advertisement? Or why are you sending me information from messenger. So the main difference to tell if you're cloned or hacked cloning, they use a picture, they start friend requesting because they've hacked your account, they don't need to send a friend request to somebody, they're already friends with you. And so that's the easy way to look at that a lot of this spreads through messenger, they'll hack an account by guessing your password. And then they'll start sending all these messages from you. And if they're really good, they would have looked at some of your communications that you've had in the past and try to kind of send the message. And when they do this via text messaging, we actually call it smishing, right SMS phishing, but this is through Facebook. And it's basically the same concept. Now whenever I talk about, you've been hacked, and being used as part of a cyber war campaign. Now, these actors, if they hack you, they want to kind of lay dormant, they really don't want to cause any ruckus, because what they're more interested in, is say, if they're trying to target you, and you work in one of these industries that they're interested in, what they do is kind of lay in wait and see if there's a pattern of life. Like if you're out of town, maybe then they want to try to run into you while you're out of town. Maybe you've had a couple too many beers. And maybe you talk a little too much about what's going on. Now, this all varies depending on how bad they want the information. So the way to detect to see if your Facebook has been compromised by one of these adversaries, it's not sending any messages, they're not talking, they're just basically bruisin your Facebook information to try to create a target package. Now, not just foreign adversaries do this. If it's a private investigator, this is illegal for them to do and they're not supposed to do this. And I would say that most of your private investigators are aboveboard, and they're not going to go so far as to actually hack your Facebook account, they may clone your Facebook picture, which is not illegal. It's against the Terms of Services of Facebook, but not illegal, but the people that are land and waiting and trying to collect information. And like I said before, this also applies for your Gmail, this applies for your Instagram, you can go in and dig in. But what you want to do with regards to Facebook, to see if you've been hacked, you want to log into Facebook, so www facebook.com and actually log in with a browser. And once you get into there, you want to click and check your activity. So you're gonna log into Facebook via the web, and then click on the settings and privacy. And from there, you're going to click on activity log. And from the activity log, you're going to click on Log actions and other activity. And then you're gonna have to click one more time because it's Facebook, you got to do a lot of clicking. And you're going to click on logins and log out. Now, if anybody can't find this, give me a shout on Messenger. And I'll send you the you know, the quick, that's funny. Here, we are talking about hacking and people doing stuff through Messenger, and I'm saying send me a messenger. But anyways, it's pretty simple, you basically want to dig down to where you find logins and log outs. Now, some of the information you see listed there, it'll tell you where you are logged in at. So some of the information may be a few days old or a few weeks old. So if you haven't entered in your username and password, it's going to basically show the last time you entered in that username and password. So some of it may be a little bit old. But what you want to look at is that IP address where you last logged in with your password, and I think it also shows it to with your face ID. And if you look at it, you can't say well, I'm sitting here in central Florida and there's a login from Tampa and I've never been to Tampa. The way that the IP address geolocation happens is is that it may show you know a city that's kind of far away but really what you're looking for Isn't, say, a city in Florida saying, Whoa, I had a login from Miami, that's totally normal, especially if you're logging in on cellular, or you're logging in on these big ISP, some of them will show, you know, major cities, but you're looking for that login IP address from overseas, right? I mean, that would be a dead giveaway, unless you're using some kind of VPN technology. But anyway, so that's what you're looking for. And if you see logins there, you really want to take note, and probably just go ahead and change your username and password, which we'll talk about here in a second about what the best practices is. But while you're there, let's go ahead and click on active sessions. Now active sessions will tell you the computers that are current or devices that are currently logged in that if that device was unlocked, so if you got like a screensaver, password lock on your computer, if someone was to get through that, then they would have access to your Facebook, because these are the active sessions. Now, once you're in this particular screen, what's really nice is, is that you can log out any of your devices. So you haven't necessarily done anything that would harm you know, you haven't changed your password or anything. But you can simply log those sessions out. Now, this is where this becomes important. And I know that people have done this in the past. So you have a significant other that wants to monitor your Facebook activity. And they may know your password because you share your password with each other. And that's a no no, and, or you're using a password and don't know that they know that password. And you'll be able to log that device out because what they do is they'll get another iOS device. And they'll log in that iOS device or Android device into your Facebook account. And that way, they can just keep tabs on you. So you can actually log those sessions out. And anytime you log out of any of these sessions, you definitely want to change your password at that point in time. So that's really the way that you can tell if someone's hacked you whether it's your significant other, or if it's a foreign adversary, that you can log those sessions out and change your password. Now, while you're there, this is really cool. I love this about Facebook, they have launched a section of Facebook called privacy checkup. And the way you get there, and this is very simple, by the way, I mean, it's very, very intuitive is very straightforward. And it shows you exactly what you're sharing with everybody. And you can make changes right there. And it has say this is what you're sharing publicly, this is what you're sharing with your friends. This is what you're sharing with advertisers. And this is a really good so if you don't do all this other stuff, I know the other stuffs pretty technical, but every now and again, you should click on privacy checkup on Facebook. And the way you get there is you click on your profile picture. And then you click on privacy checkup. And then you can click on each box and review and make changes as you see fit. And there's a handful of boxes there. But they all got kind of a theme to them. So you got one box that says who can see what you share, you click on there and you can see like, oh, wait a second, I don't want the public to see that. Let me make that adjustment. So you got, who can see what you share, how to keep your account secure, how to how people find you on Facebook, your data settings on Facebook, right. And you also have your ad preferences on Facebook. So you can click through all of those and see how you want to make those settings. And what you're really trying to do is keep the scammers and hackers from getting information now. They don't have to hack your Facebook to use your Facebook information like I gave the example of your mom's maiden name and your dog's name and your birthdate you know, I mean that's all stuff they can do for a target package. And those of us that are in the industry we call this ozen or Ahsan which is open source intelligence and we use it to create a target package. Now, if you want to be super secure, I would say a hacker yourself. What I recommend with Facebook and like I said all your platforms have it your Gmail account has your Microsoft Office 365 Has it. Instagram I'm sure has it but you want to turn on two factor authentication. It's really important I know it can be up pain in the butt. But what two factor authentication does, and a lot of the companies have made it really easy. When you log in, you log in with your username and password. And once logged in, you'll get a second prompt. And that prompt says Enter the text message password that we sent you. And they'll send you a string of numbers. Now the text message, what they call two factor authentication via text message. That's not the most secure. The most secure one is using a token, a hardware token or using an app on your phone. For the average person, I don't recommend that. Because if that app was to go away, or you were to lose that token, you can have a real hard time getting back in if your phone gets broken, where you can get back in because you're gonna go get another phone, and they can text you the one time password. So if you want to be a super hacker, and combat these adversaries, then I would recommend turning two factor authentication on now it's pretty simple, you just click on your profile picture, click on settings and privacy, and then go down to where it says settings security and login. I know it's Facebook, we got a lot of clicking to do, scroll down and click on the Edit button in the box that says get alerts about unrecognized logins. And when you click on that, you can turn on either the app two factor authentication, or the text messaging, I would start with the text messaging first. And it's really simple. And what's really nice is is that, you know, it's going to do it for mostly devices, or after a certain time definitely for all devices it hasn't seen before, but it may have you reenter your password every 30 days. And that's just a good checkup to have. Now, make sure we've talked about passwords and two factor authentication and stuff like that. I just want to give you some quick quick tips on when you create passwords. I've seen this way too many times, I get certain people that have asked me for help with some of their stuff and already know the password before they give it to me because they haven't changed their password and probably 20 years. So not good. So anyways, best practices for your passwords. Guys make them at least 14 characters long. You want to use uppercase, lowercase numbers, which we all know. But we're going to add some more to it, we want to use special characters. And for God's sakes, don't use the pound. I mean, using the pound is a special character. Everybody tries pound How about some special characters that people normally don't use. So you want to throw some special characters in there. And also, we call it a pass word. But think of a passphrase. And what I tell people to do is, is think about their favorite activity, and take the first letter of that activity. Now this is not my password from my passphrase. But I love amateur radio. So I can maybe put a variation of the type of radio I use, and the hobby that I'm in. And my favorite part of that hobby. So you basically write like some words down and then take the first letter, but you can come up with your own. And whatever you do, whatever you do, don't say, Well, I'm just going to use the site name with a slug at the end, right? So don't use Gmail 193844 pound and then for your Facebook account, use Facebook 119934 lb that I even remember that anyways. And you know a lot of y'all do this. I mean, don't use the site name and say, Well, I got a different password for every site. I mean, come on, we can show and demonstrate very quickly that once someone has your password, which they do have your password by the way, I mean, you can go have I been poned.com poned, spelt, paw N, Ed. So just just google search it, have I been poned and you can put in your email address and it'll tell you where all your email address and if your password was also compromised. I mean, the other day I was checking that out. And I found that my face not my Facebook, my MySpace, man talk about a blast from the past. I mean, my email had ended up in a MySpace compromise and so you can see that if my password was my space with those numbers behind it, and then they found out that my last fm which there was another breach about Last fm and they get that password and my pay password is Last fm with the same slug at the end. What what do you think my facebook password is. So make sure that you really use unique passwords for each site and make it not a human intelligible word, but basically letters that represent whatever you want it to be. So you got to get that email secured. I mean, that is the number one target, usually when someone's trying to compromise a system, because what they can do is once they have your email, then we email even work stuff, which we should not be doing that. But a lot of times, people do send their personal email work related stuff. But moreover, they check that personal email at work, even if they don't have the client installed. I guarantee you dollars to donuts that people at work, check their Gmail. And so if an adversary was to put something inside the email, your personal email and you check it at work, now, they could, in effect, you know, maybe get that exploit on that work computer. And it all goes back to these industries are under attack. And it's the same for your kids email, it's the same for, you know, everybody related to you. I'm saying related as far as your connections that they're after, because they're trying to compromise you, because they know that you have access to corporate information. And all this played out in my other podcast, I talked about STUXnet, it's exactly the way they got into the super secret Natanz nuclear facility. So just make sure on your email, I'm sure we're all guilty of it. Someone needs your driver's license. So you snap a picture and you email it, well, that's in your Sent Items in email, maybe you email it to yourself, credit card numbers, pictures of credit cards, all kinds of stuff. And for God's sakes, whatever you do, don't use your work email for personal business, I tell everybody that and it should be a company policy. Because what you're doing is you're putting your company at risk. If you're using your company email for personal business, let's say you got your pay pal tied to it. You got all these discount clubs, you sign up for Sam's Club, you know, whatever. And what you're doing is you're putting your company at risk. And if your company ever gets compromised, they're going to call in an IR team, if they're big enough, which is an incident response team, and they're going to find out where that came from, they're going to trace it back to ground zero. And when they find that, and it comes out to be that someone sent an email that you should never have even been receiving at your corporate mail, then you're probably going to have some explaining to do. So I know that was a lot of information. And like I said, this is just like having the conversation with your parents. When you learn about your personal hygiene, you need to take due care with your digital hygiene. And everything I described with protecting your Facebook account, you can find those same settings, you're looking for two factor authentication, you're looking at last logins, you're looking at that information to see if anything is outside the norm. And if something is outside the norm, then you need to change your password and make it a complex password because you got to remember their to get your password once. There's no telling how they get that password. And if you're reusing passwords and reusing portions of passwords for other sites, then all you're doing is setting yourself up to be compromised. And everything I tell you isn't something that is far fetched. All of this has happened all the way down to a friend of mine who had their email compromised, and the person was able to transfer north of 40 to $50,000 with a wire transfer out of their bank account. And then they froze their personal bank account the bank did then they froze their business account because they don't know if this was legitimate or not. Or they don't know that maybe the person is just reporting this. So everybody this happens, this is real stuff. And I figured now was the time to have the talk about digital hygiene. So with that, I will see everybody next week. I really appreciate everybody that shares the podcast. I'm just so excited that I have a backlog of stuff to talk about because every week someone gives me an idea. And I tell him, let me think about it. And next week, I promise we'll be in for a neat surprise. We're going to kick it back old school and talk about maybe some cold war stuff. So there you go. There's a little hint. We're going to be talking about some technology that's been around since the Cold War, and that is alive and well today. So everybody, stay safe as you prove the highways and byways of cyberspace. And I will see you next week. Until next time,