Malwarets a form of that when he gets on your , taking yourem files and encrypt in them. The newest one went for the master boot as well, making it more difficult to recover data. The person who holds it hostage is looking for bit coin for those files to be decrypted. Many of them do and will they have figured out a way to crawl into your system so that even if they are decrypted they may still be in your system with that information. Ransomware has become the new black for hackers. Instead of a hacker having to get into a system and work around the system and get that and sell it on the lack market and hope that they will get a herein amount of money, its basically a question of not what is your data worth to someone else, but how much are you willing to pay to get your data back. Host about one week after these attacks hit around the world, what do we know about the origin of these attacks and whos behind it . Jumpingobodys really the first set of attacks, the one i cry attacks, some people pegged it to the north koreans. The second attacks, which have different names depending on the Security Firm youre talking to, no one is exactly sure, however 60 of the impact occurred in the ukraine, which might hint that it has something to do with russia. Of the secondmost hit country was russia, which confuses the situation that a lot of institutions working all over the world, everything from infrastructure, transit, shipping companies, to companies russia, fedex in the United States, merck in the u. S. , it had a wide swath but the bulk of the damage occurred in europe and asia. Connectionin the back to the nsa and eternal blue. As you know, the nsa was hacked, the information was leaked through a group called shadow brokers. They have released it and created what they call the hack of the month club, where they s. E selling exploit these are nsa hacking tools. They were compiling vulnerabilities. Anytime they found a vulnerability they would compile it, keep it, think of ways to weaponize it. Unfortunately it leak and a got out there on the web and a lot of different organizations and individuals got their hands on it. So, you could i at in use it. What was interesting was the folks that tweaked and weaponize that further are asking for a piece of the action. I believe its an 85 15 split. This is really ransomware as Business Model now. Host congress, certainly taking notice. Heres statements last week from my firsta, saying and urgent request is that if the nsa knows how to stop this global malware attack or has information to help stop the attack, the nsa should immediately disclose it. If they have a kill switch for it, the nsa should deploy it now. Given the ongoing threat, i actively urge them to notify Companies Like microsoft of software vulnerabilities. What are your thoughts on the likelihood of a kill switch and the nsa working more with companies to identify vulnerability . Guest first of all, the first attack, someone found it kills which. A 22yearold researcher who found that it was somehow attached to an unregistered domain. He registered it in a became like a sinkhole. The sense is that the folks who did the second or third wave, or fourth wave, because you never know, every day there is a new variant of it, they think that there is no kill switch. As to whether or not the nsa can do anything about it, who knows . Whether or not they are willing to work with a lot of the companies, nobody really knows. Nsa is already being covert about all of this. Thats what they are all about. But its a big problem. However, one of the ways you can solve the problem, as a consumer and a business, is when you get up get a notice that when the software you are using hasnt up eight, dont look at it as a mosquito to be worried about later. Do the update. If you get an opportunity to do an upgrade, do the upgrade. Of even equal or greater importance, backup your data. But make sure that the backup. Ystem that you use is air gap which means not connected to the internet. Maybe you automatically update, but your system backup is not connected 24 7 to your network because the danger is that if which the malware for ransomware gets on your system, it could crawl through. Our network into your backup thats why its so important for your backup to be separate. ,ost talking with adam levin d, thehor of swipe former director of the new Jersey Division of consumer affairs, talking about malware, Cyber Attacks in the future of security. Phone numbers if you want to join the conversation jack is up first. Line for democrats question mark providence, rhode island. Hi, good morning. Theres many forms, today, of attack. Like, for example, like months ago when they said that north , you know,ked sony with the sought the cyber messaging, im no expert on this issue, but with international affairs, north korea has been a problem since the 1955. Now there are worse problems. No ones talking about this because theyve got to be politically correct, or they are told not to talk about it. If they listened to Douglas Macarthur back then, that problem wouldnt exist in that area of the world today. Not be a problem, north korea would not be a problem. When they talk about chinas going to help us, china is not a friend of the United States. Chinas longterm strategic interest is to usurp the United States by the year 2049 and become the Number One World power. Are not discussed. Ok . I would like to hear your very learned guest talk about this. As you do, if you could explain the sort of Cyber Capabilities that we know of of north korea and china . First of all, we know that there are many nation state sponsored hackers and many of them are very good. I was asked a while back, who has the best offense of hacking capability in the world. The answer is the United States. Good, russia is are a good, north korea is her a good. Iran israel. England, france, they have Cyber Capabilities. Mostl made me consider the the best offense of an deep cyberense of and defenses capable nation. The United States defenses are not as great as they should be. Heres something i found incredibly distressing. During the 2000 race for president , there was an enormous amount of conversation about building the great wall of mexico. Now the solar wall of mexico. But there was very little conversation about building a cyber dome. Which may be unrealistic, but how do we tighten and harden the only when the . Democratic National Committee got hacked and there were other hacks of maybe the republican campaigns that people arent talking about, suddenly cyber came to the four. Fore. The cyber war has replaced the cold war. Whether or not we should have done what we should have done years ago, we are in the world now where it is dangerous, where there could be a cyber where power grids, defense grids, transportation grids could be brought down by a it is, whether statesponsored, forprofit, a cause, or even the proverbial 400 pound guy on a bed in his mothers basement. This is an issue that we have to confront. There are no red states, there are no blue states when it comes to cyber. We are all in a state of emergency. Host james, washington, independent, good morning. Caller thank you. Sir, i would like you to be specific. In particular these Voting Machines that can be hacked or were actually hacked in the election that allowed donald trump to win. As they went into the county they took control. Changing the tabulation vote. Ciacan see the former director saying that these Voting Machines, what they did was 70,000 in ohio and no one voted for clinton. Youyone out there, i want to know, there were thousands of continents running this Voting System that allowed these machines to be hacked. I want to get adam to weigh in. Guest the truth is, there are certain Voting Machines that are double hack hackable. We do know that there were significant probes into in anywhere from 29 to 39 states. Concern across the country as to the integrity of the Voting Systems in this country and the fact is that each of those states have to pay much more attention to the cyber hygiene of those databases, as taking a hard look at the capability of those machines. Another disturbing thing that has nothing to do a Cyber Security, in the state of michigan the president one, by 10,700 votes, yet 90,000 people voted downe election ticket but didnt vote for concern, because of discussed, or displeasure with both candidates. Yes, we should be very concerned about hacking, but we should be just as concerned about what we do to increase Voter Participation in this country at the highest level. About 15 minutes left with adam levin. We talk about his book, swiped. Hes also the founder of cyber scout. What is that . Guest Identity ProtectionCyber Security country company. We are global, working with 45 Million Consumers and businesses worldwide. They are involved with Identity Theft education, breach response and forensics. Is with us,evin taking your questions and calls, including phil. Go ahead. Caller [indiscernible] sure but hes getting at. Bruce is in columbia, south carolina. Bruce . Caller good morning. For taking my call. Thanks for this program. I keep getting this message on my computer over the last six months, mr. Levin. Like you said not to do, i have ignored it like a mosquito. It keeps saying that your windows seven copy is not genuine. Then it gives me two options, activate windows now or learn more. But then it goes away after about three minutes. Im sitting at my computer now. It just disappeared. Is this a legitimate thing or have i been hacked . Or should i get a new Windows Program and update . Guest any chance you get an opportunity to update, you should be updating or upgrading. But you need to be very careful about things that just pop up on your screen. Thats why what you might want to do is go directly to the microsoft site, see what updates are available for your windows into the up eight. There have been so many Tax Technology scams where people get into their computer or even receive a phone call from somebody representing themselves as being from microsoft, telling you theres whichue in your computer, microsoft wouldnt, then asking you to download Certain Software that remits them to actually get into your computer. Host on twitter host sound like good advice . Guest excellent advice, excellent advice. Update, upgrade, backup, very, very important. There are a lot of people out there looking to exploit us for their benefit. Many consumers are very, very trusting. You should always adopt the formere, paraphrasing president reagan, never trust, always verify. Host bruce, independent, good morning. Caller i just spoke. Host sorry, bruce. Thanks for hanging around. Guest thanks, bruce. Host bob, republican, go ahead. Morning, love cspan. Going to order the book as soon as i hang up. Is there enough time between now and 2018 or 2020 for the Trump Administration to fix our Cyber Security so russia can no longer hack into our elections . I remember something about mayor giuliani being in charge of Cyber Security for the president. As anyone seen the former mayor of new york, mayor giuliani . He has supposedly guest he has supposedly been the president s cyber czar. I havent seen too much from him. Sometimes, again, the line that a lot of people like to use in the cyber world is that we dont talk about Cyber Security sometimes and we dont talk about the fact that we are not talking about it sometimes. There is time to do some substantial work on the election systems in this country. I know that independent secretaries of state around the country are in fact focusing on it. The department of Homeland Security has in fact designated it now as Critical Infrastructure and it was not met with the greatest reception because some states felt like it might be big brother, the federal government coming in. We have to realize the fact that when it comes to Cyber Security, we are all in this together. Its a very difficult thing to guarantee 100 , because as a defender, you have to get everything right. As an intruder, all you need to do is find one moment of vulnerability where you get in and then you can stay in, float around, look for what you want and then do what you want to do. Thats why its so important to have monitoring systems, to be monitoring continuously, and always be looking for either exfiltration data or something that doesnt look right. These are the things that can be done, these are the things that should be done, and frankly these are the things that must be done. Back to thisg us ransomware attack, the recent story you had, why this plague of ransomwares only warming up. Why is that . Guest because they have found it to be so successful. They can be used for a variety of things. Not just generating money, but to cause enormous disruption, which many people feel was the whole point of the goldeneye. Ttack to create disruption and impact Critical Systems in a country, or in several countries, and to undermine the faith in systems and countries. The important thing about ransomware versus all other forms of hacking is that its almost instant gratification. You turn on your computer, its frozen, you see writing that has a clock thats ticking back from say 90 hours, demanding payment in bit coin. Bit coin is virtually untraceable. Its a wonderful revenue generator for people. Even if you think its a small amount of money, coming from different places, think of it as the boiler room operation from penny stocks or a multilevel for theg operation benefit of the weaponize ares of a particular malware. Its here, its here to stay. It works. Also the reason why it works is because so many people fail to up rate, upgrade, or backup. An estimate out there on how much has been paid in these Ransomware Attacks in the past year or two, to get a sense of the growth of this . Host it is estimated that ransomware guest it is estimated that ransomware is now at now a billion dollar business. Attacks have increased by 300 in the last year. Just as, for instance, what they call business email compromise, where an organization gets in email that looks like its a Wire Transfer request from someone in the organization and money is wired to the wrong place. That has been a 3 billion business. We are exposed and we really need to step up. Guest phil host phil, line for independents. Go ahead. Toler calling in reference the last caller, who talk about the hacking of the polls. From my sources, i keep hearing that the polls kept going up and trump us defense. I dont know why they dont just drop it. Thats all i have to say. Host who are your sources . Caller i dont think i need to tell you that. , any ok, adam levin comments on that . Guest its all about the vulnerability of our election systems to outside influence from hackers from other nations. This is not something new. Russia has been hacking and attempting to influence elections all over the world for years. The u. S. Has played its part in elections over the years. Other countries as well. This is a worldwide issue. Its not a question of is it one candidate or another. I go back again to my theory that this is not red or blue states. We are all in a state of emergency, we have to up our game and this has to be a cooperative effort between government, business, media, and consumers. There should be no conflict between state and federal Election Officials because its about all of elections in the United States in thats why we have to be unified in our approach to get to the bottom of the problem and better secure our databases and make sure that any Voting Machines that are connected are properly protected. Oakdale, pennsylvania is neck. Donny, democrat. Good morning. First of all, i want to complement the guests. I think he needs to be at the top the table of any administration. There have been reported accounts that the democratic and republican parties were hacked by russia during the election. And the fbi was allowed in they were invited in to help. But not the dnc. Do you think that if they had , thatd the fbi to come in the attack could have been stopped . Is that your understanding of what happened . Guest my understanding is that the democratic National Committee said that they didnt feel they needed it. But when asked, the chairman of the democratic National Committee said she was unaware of it. A lot of other people seem to be aware of it. The real issue here is that a mistake was made. The john podesta, for example, clicked on the wrong link, which looked very official, provided information that was then used to go in to his email system. Those emails were then leaked. Cyber this is all about hygiene. This is about creating a culture of privacy and security. Thats what we havent done. This has got to be something that goes from the mailroom to the board room and every organization in the United States, for each person has a sense of ownership, where each person feels they have to be careful. Where employee Awareness Training is a daily event, not something that occurs when people have their orientation and every quarter or every year, its got to be a constant discussion. Bruce schneider said it best. Saying that if you think that technology is the solution t