Episode 71 - Digital Dangers with Cabot Howell - How Secure is My Digital Information?
Todd Orston: Today we're going to talk about several types of cyber threats, some of which you may be aware of, others you may not be aware of, but it's important all the time, and it can become even more important when you're in the middle of litigation, like a divorce, and you want your communications with your lawyer to remain confidential.
Lee Meriwether: Hey, Todd. I thought you said you were going to quite going to Krispy Kreme.
Todd Orston: I did? Of ... How do you know? How do you know I'm not, rather?
Lee Meriwether: I see that you've been going, gosh, it seems like every other day to Krispy Kreme.
Todd Orston: All right, stalker. Yeah, I don't know how you would know that, but-
Lee Meriwether: You're going to have to really listen to this show, because I got this guy that can, like, get into your phone and see where you've been?
Todd Orston: Oh, really? Really?
Lee Meriwether: Yeah.
Todd Orston: Probably the fact that I posted, you know, 47 pictures of me eating doughnuts online probably didn't help either.
Lee Meriwether: No, I knew about it way before that.
Todd Orston: Oh, way before that, all right. All right [crosstalk 00:01:04]
Lee Meriwether: I knew when you pulled up in line and ordered.
Todd Orston: All right, I'm still disturbed, but you're right, it's ... That's what this show is going to be about. It's about information that can be used against you, and it happens all the time. We get information from our clients, and sometimes they get it legally, sometimes they don't do things legally, but still the information is out there.
Lee Meriwether: Not our clients, they get ... Everything they get is legal.
Todd Orston: That's what I mean, right, exactly, but my point is, in a case, information is out there, this show is going to help people understand how that information can be obtained, how it shouldn't be obtained, and how it's going to be used against you, and why you need to be very careful about ... You know, about how you manage information relating to you.
Lee Meriwether: Welcome, everyone. I'm Lee Meriwether, and with me is Todd Orston. Todd and I are partners at the law firm of Meriwether & Tharp, and you're listening to Meriwether & Tharp radio on the new Talk 106.7. Here you will learn about divorce, family law, tips on how to save your marriage if it's in the middle of a crisis, and from time to time, even tips on how to take your marriage to the next level.
If you want to learn more about us you can always call or visit online, AtlantaDivorceTeam.com, and today we are digging into really the question of how secure is my information, and rather than us babble on about something that we do not do for a living, we brought in an expert into the studio to teach us about some of the digital dangers that are lurking out there.
The hope is that we can come away a little bit more away, and when we do that we can prevent the theft of our digital data, regardless of whether the theft comes from a hacker in Russia or your angry spouse who is trying to get a leg up on your divorce, and in studio we have Cabot Howell.
Cabot is currently the vice president of Digital Agent, and Digital Agent provides, among other things, data storage and security services to a wide variety of businesses. Cabot himself brings with him 20-plus years of experience in the field of IT support. Cabot takes a proactive approach to IT management by anticipating what customers need before they need it. He's versed in each customer's existing infrastructure, and gives direction on the most efficient and cost effective ways to reach their business goals. He is the chief technology officer for Digital Agent's IT customers, including our law firm.
Cabot, thanks for ... So much for coming on the show.
Cabot Howell: Thank you, counselor. Might I say it's a pleasure and, oh, maybe an honor to be with you today.
Todd Orston: With me, sure. With Lee, there's no honor, really.
Lee Meriwether: [crosstalk 00:03:37] it was, before the 40 doughnuts.
Todd Orston: That's right. That's right. So, tell me, what am I needing right now? I heard what he said, and it said you're able to anticipate the needs of your client, so what do I need? Come on, let's [crosstalk 00:03:53]
Lee Meriwether: Don't ask him that, it's going to cost us money.
Todd Orston: Okay, got it. All right.
Cabot Howell: Yes, I bill by the hour for this [inaudible 00:03:57] consultation.
Todd Orston: All right.
Cabot Howell: What you need right now is just a bit of awareness of how to use your devices, your phones, your tablets, your computers, Bluetooth devices, any type of wireless devices. We're in the age now of Internet of Things, IoT, and everything is going to be connected. Nearly everything electronic will be connected, so we need to be aware of this connection, the applications that we agree to the license agreements.
We're not only allowing that company in, we're allowing all their affiliates in. We know this with the latest Facebook problems, where it wasn't Facebook that gave the data, it was their affiliate that gave the data in concern with this past election. So, we to ... What we need today, what you need today, Todd, is more awareness about what you're using and how to use it safely.
Todd Orston: And, so, I probably should say at this point that before we decided to do this show I talked with Cabot some, we went back and forth on some emails, and he kept giving me so much information, I was like, there is no way we are going to cover all this in one show. So, just to give everyone a heads up, we're actually going to do two shows on this topic, and even then we're not going to be able to get everything in.
So, we're going to focus on the big things that we need to be aware of, and I think probably what we want to focus on today is sort of those threats ... Those threats where someone gets access to your data illegally or improperly, whether it's a hacker or it's a spouse in a divorce, so ...
And then, next week, we're going to dig into those things where we actually are giving away our data and not realizing it. There are so many ... And you definitely don't want to miss next week, because next week we're going to dig into all those areas where you think what you're doing is private and confidential, and it turns out it's not. So, that's a big area for awareness, and you've ... I know, reading half the things you sent me earlier in the week, and I was like, whoa, okay, I didn't know that. I thought I knew a lot.
Cabot Howell: Eye opening, isn't it?
Todd Orston: It is eye opening. I thought I knew a lot until I read your stuff, and then I was like, I'm not prepared. I'm just glad that you are monitoring our data here at the firm, that's all I can say.
All right, so, let's first start off with one of the things that I think that we see our clients ... So, what happens a lot of times is, in a divorce, we get ... There's financial data, which obviously has social security information, pay information, a lot of ... And sometimes health information, so, a lot of confidential information that clients forward to us, and we do that with a secure portal so that ... To help prevent somebody accessing it.
But, there's a danger when someone's out in the public, let's say at a Starbucks, or at an airport, and they're using public Wi-Fi, and I think a lot of people aren't aware of the danger, and you've definitely lightened me ... You've lightened my awareness, awakened my awareness, as to how dangerous public Wi-Fi is. Can you share with the listeners some of the problems that someone might encounter when you're dealing with public Wi-Fi?
Cabot Howell: Well, the public Wi-Fi, we have to understand, it's public. Everyone has access to it, and many times it's not locked down with a key. Sometimes, at some of these places, you know, you buy something, they give you the key to the ... The password to the Wi-Fi, but most cases it's wide open. So, we're wide open means you have to protect yourself. That is the issue.
There are various attacks ... And we're calling it attack, let's use it for this conversation, the attack is not necessarily someone attacking you, it could be someone listening to you. I consider that attack as well, because they're getting your data by listening. They're not actively going after you, but just them out there sniffing and snooping will be an attack in my opinion.
So, this is what we have to ... We have to find the ways in order to protect you from those attacks.
Todd Orston: So, when we're dealing with public Wi-Fi ... So, when it's open, can people literally, like, pick up a ... Like, if you send an email over a public Wi-Fi, can someone get access to that email?
Cabot Howell: Very good question. There's different ways they can do that. One way is called a man in the middle attack.
Todd Orston: Okay.
Cabot Howell: That's where they are emulating, or picking up, excuse me, they are picking up the data you're putting out there. Now, how they do this is they redirect your attachment to the router, and you think you are going right directly to the Internet, but actually what you're doing is you're going through their system and then to the Internet.
Todd Orston: And for most people, you're not going to have any idea that this is happening. It's going to seem like a ... It's a seamless ... You're going to the Internet, you're doing what you're doing, and you're not going to know, you know, anything is going on, right?
Cabot Howell: Well, that's correct. Again, unless you are attuned, and as I said earlier, Todd, aware. One awareness would be all of a sudden things are running a little bit slower. Okay, as a professional, I would jump out, and test a few things, and see ... What I'm expecting, speeds I'm getting, I'm not getting. So, unless you are hyper attuned to those kind of things, you're correct, you're not going to know it, and this is where we need to be careful on the onset, connecting to that Wi-Fi router, and how we use that. I'm not saying we don't use public Wi-Fi, but there are safe ways to use public Wi-Fi.
Todd Orston: So, when ... Are there ... What other ways could someone who's, perhaps ... Let's say you're in a Starbucks, because I've heard of people being in Starbucks, and that's where they'll have some transactions, or maybe buy something over their computer, and next thing you know, like, that afternoon, someone else has used their card. So, are there any other ways that somebody sitting in that same Starbucks could be picking up your data?
Cabot Howell: Yes, with the snooping and sniffing, if you don't have an encrypted connection, if you're not using encryption communication, yes, they ... Everything could be out there for the attacker, as we say. You have ... In my opinion, in my counsel, I say use encrypted communication at all times. We can go into that in a minute about what type of encryption are we talking about.
Todd Orston: So, yeah, what ... I'm definitely not that familiar with the different levels of encryption, I just do what you tell me to do, so what kind of encryption are we talking about?
Cabot Howell: Well, one is we need an encrypted connection to the Wi-Fi device itself, to the router itself. So, if someone is letting you on without encryption, we need to not use that right away, because passwords and such are just going across in an ... What's called plain text, un-encryption.
Lee Meriwether: Okay.
Todd Orston: Okay.
Cabot Howell: We need to avoid that. So, you attach to a hotspot that requires a password, number one.
Todd Orston: Okay.
Cabot Howell: Number two, and the most important, is to use another application that encrypts it, that encrypts all of your data, and this is through a VPN. You, Lee and Todd, I take care of your VPN at office, so you are protected at all times.
Todd Orston: Okay.
Cabot Howell: But there are VPN software applications that can be used individually when you're not part of a company. We can discuss that in a moment.
Todd Orston: Yeah, and up next, because we're actually running out of time and there's no way you could explain it with the little time we have left. Up next, we're going to get into the other ways that you can protect yourself if you're out in public and you need to send data across the Internet.
Lee Meriwether: Welcome back everyone, I'm Lee Meriwether, and with me is Todd Orston. Todd and I are partners at the law firm of Meriwether & Tharp, and you are listening to Meriwether & Tharp Radio on the New Talk 106.7. If you want to learn more about us, you can always call, or visit us online, AtlantaDivorceTeam.com.
Well, in studio we have Cabot Howell, and he is an expert when it comes to protecting your digital data, protecting yourself from hackers, from people that are sniffing, and on the last episode we were talk ... Or, last segment, we were talking about using public Wi-Fi and the dangers, and off-air you had mentioned something to me, and I definitely want to make sure we repeat it here, because the radio show keeps going even when we take a break.
So, you had mentioned ... I had asked you the question that if, let's say, you were at a Starbucks and someone gave you a password to get on their Wi-Fi, but there's still a hacker in that room, and they had certain software, and they get into that same Wi-Fi, get the same password, you're still wide open. Your data could potentially be taken when you using that Wi-Fi.
Cabot Howell: That's correct, they're sniffing and snooping you. That's right, and they can get all the data. Now, you're on the same network as they are on, so now you're susceptible to their intrusion, if you will. Again, we're using the word attack, you're susceptible-
Lee Meriwether: Right.
Cabot Howell: ... to their attack, to them listening to everything, and it comes across, and the data comes across in what's called plain text, easily readable by any-
Lee Meriwether: Okay.
Cabot Howell: By any software kit nowadays. So, what you would like to do there is use a ... Incorporate a software package, and I'm not promoting any one particular, but a good one is Norton Wi-Fi Privacy-
Lee Meriwether: Okay.
Cabot Howell: ... Nord VPN, Express VPN, Private VPN, TunnelBear, CyberGhost, and the list goes on and on. What these do is provide not only a firewall, but they provide an encrypted connection to one of these providers' servers. So, now if that sniffer has your data, which they will, again, we're in Starbucks, they're sniffing, they see your data, they cannot do anything about it. It's all encrypted.
Lee Meriwether: Okay.
Cabot Howell: That's the answer. That's one answer. Another is, if you don't go that far, just simply ... When you're on public Wi-Fi, simply do not do any financial, or any private, surfing. Don't go to your bank account and try to balance your checkbook while you're at Starbucks. This is unacceptable.
Todd Orston: Kevin, is there a fear, though, if you connect ... Let's say you're not doing any financial transactions or anything like that, like you're talking about, but you connect to the Wi-Fi. Does that open up a proverbial door or, you know, give people who, let's say, are in the area trying to do something improper. Can they see you on the network and then get into the phone and just start doing things, even though you're not doing transactions, does it give them an entryway into the device that people are using?
Cabot Howell: Absolutely, and that goes to your point earlier about the firewall, is the firewall necessary? Yes, it is. That is correct. They come in, if you're open, you are susceptible. There are varying levels of protection we could take. Like, if you had a Windows computer, and you connected to that Wi-Fi, your Windows computer pops up, what type of profile would you like to use, work, home, or public? You choose public, because what public does is it ... It already has a predefined profile to separate you, give you some level of protection.
So, there are all different types of level of protection, but there's always a better one. There's always a better one, and that's why I say, don't depend on Microsoft's, or Mac's, Apple's, or Linux, or any of these OSs to protect you. You need a professional group that also puts another layer of protection on there. That's essential as well.
So, to answer your question, yes, you are susceptible on any Wi-Fi network. That's why it's up to you, your responsibility, to encrypt your data that you want to go through. Make sure you connect to HTTPS secure sites, that S instead of the HTTP, and you ... Everyone will see the little lock at the top of your browser, or the little green bar, you want to look for those when you're doing ... Especially when you're doing financial transactions.
Lee Meriwether: So, make sure that it says HTTPS, because that's extra security, and establish ... I'm just ... Because I know we're going fast, because we have a lot of material to cover, but make sure that if you are going to use public Wi-Fi, or even a Wi-Fi that's got a password protection, but many ... Like, in a hotel, that's a good example.
Todd Orston: How about at your house? I mean, I know when I'm sitting in my house, and I'm on my Wi-Fi, I'm picking up five or six of my neighbors' Wi-Fi, you know, as well, which means that ... I mean, I've heard stories of people that literally drive down the street and, if they can access it, then boom, they can try, at least, to do inappropriate, maybe even criminal things because they're praying on people who haven't put the necessary protections in place in their own homes.
Cabot Howell: That's correct, most ... Let's give you an example, Comcast, that's quite popular around Atlanta area, all the modems they ship out have the same password in them. So, everyone has access to that modem unless you go in there and change your password. AT&T is the same way. So, unless you go in there as a home user and put a firewall at that access point, or on your laptop, or desktop, whatever you have at home, unless you take the necessary precautions, even in your home, you're right, Todd, you are susceptible to those dangers.
Todd Orston: Okay, what other things can we do to give additional Wi-Fi protection to both ... You know, not just our computers, but our devices, our phones, our tablets?
Cabot Howell: Well, again, on the surfing aspect of ... There are applications such as HTTPS Everywhere, use HTTPS options, SSL Enforcer, this SSL is important to understand when you're surfing. Again, the green bar or the lock. The SSL is a third-party technology that says, yes, this is a good site.
So, Todd, you don't know me. Lee knows me, okay? And, so, you taking advice from me, you probably will back off because, again, I need to have a reference before I'm legit. So, Lee is the third party. Lee is the SSL certificate provider we'll say, in this case. So, you ask Lee, is this really Cabot or not? And when Lee says, “Yes, it's Cabot,” now you're confident, you've got a little green bar up there now, and you've got the little lock, and now you're confident that you're at the right banking site. Cabot is legit, or Cabot's Bank is legit now.
So, we want to look at that. That SSL is important. We don't have to understand SSL, we have to understand we have a lock or a green bar. That's when we want to do it. If we ... Because many of these attacks will redirect you from that HTTPS site to an HTTP site, and you think you are connecting into your bank. You give them the username and the password, within seconds they are on your bank account.
Lee Meriwether: So, it's a fake website.
Cabot Howell: It's a fake website that looked like Wells Fargo.
Lee Meriwether: Okay.
Cabot Howell: To look like Bank of the Ozarks, et cetera.
Lee Meriwether: Okay.
Cabot Howell: Okay? It looks just like it. It's what you normally went to. That's easy to duplicate. So, these men in the middle, these malicious hotspots, are emulating this, and, so, when you request that, they redirect it to an HTTP site.
Lee Meriwether: So, I guess that would be a important thing to remember, if you are, let's say, in a hotel lobby and you see, oh, look, Wi-Fi, and you get on it, that could be a fake ... I mean, that could just be a malicious hotspot somebody set up just to redirect you to the wrong website.
Cabot Howell: That is the most common, as we said, attack. That is right. They're sitting around in Starbucks on a Saturday and Sunday, knowing a lot of people are in there, going to look at their bank account. They know where the weakness is, and they're going to exploit it.
Lee Meriwether: Wow.
Cabot Howell: Now, there are also exploits, naturally, in all software. It's important that we stay patched up, latest firmware, latest versions. I just seen an article today, a Nintendo got hacked. Little Nintendo games got hacked, and they said as of right now it's a hardware flaw. There is no fix for it, and there will not be a fix for it.
Todd Orston: That's a problem.
Cabot Howell: So, again, this is ... I just seen it in the news this morning. So, with that, it will be a hardware chip replacement in order to fix that one. They are ... Vulnerabilities and exploits are everywhere, and I'm not saying this to make anyone afraid, because, as we said at the beginning of the first segment, there are ways to protect yourself and to ... Again, being wise and being aware will provide you the protection you need.
So, it's not like we're destitute, we're doomed here. We've given a lot of scary stuff, but the good news is there's always a way that we can protect ourselves.
Todd Orston: You know what's amazing, also, I know with computers, for years I've taken that very seriously. I've made sure that there were ... There was virus protection and other protections on the computer. We walk around, day in day out, with little computers in our pockets with the phones, and I can tell you right now that, in the past, I have not taken it as seriously as I have with home and work computers, and putting the virus and other protections on computers, and I think a lot of people, unfortunately, fall into that trap.
They don't protect their phones, yet the phones are the most vulnerable tool because that's what they are using remotely. That's when most people are in the Starbucks, or they are elsewhere, and they are accessing ... They are not pulling out, for the most part, laptops, they're looking on their phones, and yet people aren't spending the time, money, and effort to put the protections on the phone necessary to protect information.
Cabot Howell: Well, you're probably in front of the computer X number of hours a day, but you are never away from your phone. Every conversation you have, everything you do, everything you look up, is synced to that phone as well. I know you, Todd, I've got everything synced to your phone. So whatever you get ... Look, in your computer, I've got it going to your phones, but vice versa.
Todd Orston: I'm a little creeped out right now, but whatever, I mean ...
Cabot Howell: Well, how do you think Lee knows about the doughnuts?
Todd Orston: That's right.
Lee Meriwether: So, you ratted me out. Thanks, Cabot. Acceptable use policy, Todd, acceptable use policy.
Well, I will say that I think somebody from your organization ... I have the new iPad 12.9 inch, and somebody set up on that a VPN so that when I may need to look at clients' confidential information I can VPN to do it. So, even on my iPad, I have a VPN set up, thanks to you guys. Because, obviously, we don't want to ... We don't want our clients' ...
Todd Orston: No.
Lee Meriwether: So we, as lawyers, take this seriously, very, very seriously.
Todd Orston: Because of what we do we have to take extra precautions to make sure that-
Lee Meriwether: Right.
Todd Orston: ... confidential information from our clients is protected.
Lee Meriwether: But the reason for the show was because-
Todd Orston: ... most people don't have that same level of responsibility.
Lee Meriwether: Right, and on their end, you know, if the clients' getting us the information we need, I don't want that to be intercepted on the way to us.
Cabot Howell: You're only as good as your weakest link, right? You're only as strong as your weakest link, and if your clients' the weak link, it's time to educate them.
Lee Meriwether: Yeah.
Cabot Howell: Speaking-
Todd Orston: And that's what we're trying to do.
Lee Meriwether: Yeah, exactly, and up next we're actually going to learn a trick I didn't know about, the dangers of passive earphones and how those can actually be used against you. So, you don't want to miss this. We'll be right back.
Welcome back everyone, I'm Lee Meriwether, and with me is Todd Orston. Todd and I are partners at the law firm of Meriwether & Tharp, and you're listening to Meriwether & Tharp Radio on the New Talk 106.7. If you want to learn more about us you can always call, or visit us online, AtlantaDivorceTeam.com.
And this whole show we have been digging into basically all the digital dangers there are out there, the threats to our private, confidential information from, just, people that shouldn't get access to it. When we're talking about hackers, or perhaps we're talking about the opposing party in the litigation you're in, and we often see it in divorce cases, where people just feel like they've got to get this information, so they do things that they really shouldn't do.
But, we wanted to have a show that broke down some of the just simple things we can do to help protect us, and the mistakes that a lot of people make that causes them to basically hand over their financial information to someone who's going to spend it, and not the way you want it spent. It's definitely not going to your favorite charity.
So, where we left off, we were ... We spent a lot of time talking about Wi-Fi, because so many people use Wi-Fi, especially on our devices now, and before we move to the next thing, is there anything else that people should be aware of when it comes to Wi-Fi? Any tips that they should be applying to make sure they don't make a mistake and share their data with someone they shouldn't?
Cabot Howell: Yeah, let's call these common sense tips, or as I put with Todd, awareness tips. The first thing is, keep the Wi-Fi turned off if you're not using it.
Lee Meriwether: Okay.
Cabot Howell: Just don't turn it on. Only turn it on when you need it. Don't ... Plus, you'll save on battery as well. So, just keep it off until you go to use it. Also, don't allow your device, and devices, we're talking about tablets, computers, phones, whatever, and these will increase as we go along, your smart watches, et cetera, don't allow them to connect to these Wi-Fis automatically-
Lee Meriwether: Okay.
Cabot Howell: ... there's a setting to always connect automatically, uncheck that. Don't let ... Let you control it, because it will, as we talked about earlier, there will be a malicious hotspot with the same name, and your device will try to connect to it. So, don't do any auto connection. Turn it off, only ... Turn it on only when used, and select the hotspot yourself.
Turn off the sharing. We talked about that just a little bit earlier, always choosing the public profile when you are attached to a network. That public file turns off all sharing on your computer. That ... Again, first layer of defense.
Lastly, we want to stay protected by keeping your antivirus, your anti malware, and your patches up to date, all your Microsoft or your operating system patches. That's important. Security flaws are rampant out there. Microsoft releases it once a month, a full ... What is it, second Tuesday of every month, I believe-
Todd Orston: Wow, I [crosstalk 00:25:07]
Cabot Howell: ... that they're a large company and they're releasing patches every month. Every day, nearly, but every month. Take advantage of that. There's a reason they release them. There's exploits found every day. So, stay up to date on patches.
Again, these are just simple things we can do to protect us.
Lee Meriwether: Or you can hire Cabot and his company, because they do that for all our computers in our office. I've gotten lazy in some respects, because I don't keep mine up to date because y'all are taking care of it. Boy, that makes me realize how thankful we are to have y'all.
Todd Orston: Well, because it's easy to be ignorant, and I'm not saying that in a bad way, I'm not calling you ignorant-
Lee Meriwether: Right.
Todd Orston: ... but it's easy to be ignorant. I'm hinting at it, but I'm not saying it. No, but it's-
Cabot Howell: He alluded.
Todd Orston: It's easy to be ignorant of-
Lee Meriwether: I'm glad I have thick skin.
Todd Orston: Of the dangers that are out there. I mean, seriously, it wasn't until we really started putting this show together that the level of danger, the ... How open we are to attack, that it became crystal clear, all right ... And when I say crystal clear, it's still pretty darn cloudy for me ... I mean, I'm-
Lee Meriwether: Crystal clear that there's a problem.
Todd Orston: Yeah, that there's a problem, but the fix ... Absolutely, if you aren't ready, willing, and able to do the homework to figure out how to protect yourself, then people like you are absolutely necessary. You need to do something, otherwise you're going to be dealing, potentially, with stolen credit card numbers, bank information, and all the headaches that come along with-
Lee Meriwether: Health information.
Todd Orston: Absolutely.
Cabot Howell: You're right, Todd, it's ... Lee gave me a lot of credit with the intro at the very beginning, but I can't take all the credit. It takes a team of us. You're right. Speak about ignorance, there's so much that any one person cannot keep up with, so I have a team, as well as we employ software, to help with our monitoring. So, it takes software and a team to be able to do this, to protect you guys.
And, so, you can see where it would be difficult for your average user, your person who's under litigation. Who are they going to turn to? What are they going to do?
Lee Meriwether: Yeah.
Cabot Howell: Well, again, this show is helpful. If you just take some of the tips that we've talked about, you're 99% there.
Lee Meriwether: Yep. All right, but you told me something recently I had never even heard of before, and I like to think ... I joke ... All jokes aside, I actually like to think I keep up on this stuff because we have to as lawyers, even though we have you keep protecting our clients' data, I still try to keep up on it, but tell the audience about how your earbuds can be a threat.
Cabot Howell: Well, this is interesting, and it's ... Some of it's fairly new, new finds, and as we go ... As along with the advancement in chip sets and software, but yes, as we know that speakers as microphones are the same ... Really, practically the same device. They both have a diaphragm in there, one is to take acoustic signals and transform them into digital, the other is supposed to take digital signals and transform them into acoustic.
So, all it takes is software to reverse that process, and this is where it gets important to take your mother's advice. Your mother says if you don't have anything nice to say about someone don't say anything at all, and there's another little metaphor out there, that the walls have ears.
Lee Meriwether: Yeah.
Cabot Howell: Gentlemen, they do. You've got that phone on you at all times. At any time ... If it's compromised, at any time that can be turned into a microphone, your speakers on there, your jack. The jack is called jack re-tasking. This is a technology in which they reverse your speakers and make them microphones.
Lee Meriwether: So, you put in ... And we're talking about the earbuds that you would plug into a computer, that's got the string [crosstalk 00:28:36]
Cabot Howell: What we're talking-
Todd Orston: The wireless ones are the issue-
Cabot Howell: Right.
Todd Orston: ... right?
Cabot Howell: Now, that is ... Yes, that is easy today. That is ... Today we're talking about the passive earphones, the ones that do not have an electrified amplifier on it.
Todd Orston: No power.
Cabot Howell: No power where you can turn up the amplifier on the speakers themselves.
Todd Orston: Right.
Cabot Howell: When it's just called passive speakers. That's been easily hacked for some time. What I'm more afraid of is the brand new jack re-tasking in which they reprogram your speakers to be a microphone, and then they can listen to your conversation.
Todd Orston: Is that powered or non-powered?
Cabot Howell: Yes.
Todd Orston: Right.
Cabot Howell: Yes.
Lee Meriwether: Wow.
Cabot Howell: That's just the audio jack, because the audio jack is just a chip.
Todd Orston: So all of these wireless earbuds that people are walking around with that are connecting through Wi-Fi and whatever, they can suddenly be turned from what they are, which is-
Cabot Howell: A speaker.
Todd Orston: They're speakers, into microphones, so-
Cabot Howell: Yeah, into microphones.
Todd Orston: ... you're walking around, talking, and someone is listening to anything and everything that you're saying.
Cabot Howell: Correct. Correct.
Lee Meriwether: So-
Todd Orston: That's amazing.
Lee Meriwether: Yeah.
Cabot Howell: Now, I don't even want to talk about Bluetooth. I know you want to talk about it, but if you want to talk about security, we don't need to talk about Bluetooth. It's the most insecure technology there is out there.
Todd Orston: So, you're saying we should keep Bluetooth off.
Cabot Howell: Do not talk about your spouse in a poor way if you are in public on a Bluetooth.
Lee Meriwether: For the record, I never do.
Cabot Howell: There practically is no security with that.
Todd Orston: Wow.
Cabot Howell: Okay, and again, we talked about, Todd, be aware. This is something we're going-
Todd Orston: Yeah.
Cabot Howell: ... to say [inaudible 00:30:01] and that's all this show is about-
Todd Orston: Yep.
Cabot Howell: ... is making people aware.
Lee Meriwether: That's right.
Cabot Howell: All right? I loved your segment on social networking a couple weeks ago. I liked the one on the divorce toolkit. You're just making people aware. That's what this segment is about as well, we're just making them aware. All ... You're susceptible to this, and if you're out in public, we're just telling you what not to so. You can still talk to whoever, talk to them over the phone, talk to them where you can, but watch what you say.
Todd Orston: Yeah, I mean, this-
Cabot Howell: Over the phone, over email, over text-
Todd Orston: This is not far fetched sci-fi kind of stuff. This isn't stuff that you see in the movies and it's like, ah, that doesn't really happen. This is stuff that's going on right now. These are new things. The jack re-tasking and all of that, this is real stuff that's affecting people as we speak.
Cabot Howell: Yes, the beauty of convenience, of all the phones and all the devices, also leaves you susceptible.
Lee Meriwether: Wow.
Cabot Howell: That's the problem, is the more convenient it is for you ... We haven't even gotten to ... We'll get into this, I think, next week, talking about voice recognition and virtual assistants. We got a whole segment on that next week, that what you say is always recorded, that's right.
Lee Meriwether: Oh, man. I definitely want to ... I can't wait for that one. All right, so we ... It's safe to say that Bluetooth is just absolutely unsafe.
Cabot Howell: Yes, sir.
Lee Meriwether: All right, so if you're using ... Now, Bluetooth has a limited range, so you want to make sure ... It's okay to use Bluetooth at home, because odds are someone's not going to ... Not within the range of your Bluetooth to hack in.
Cabot Howell: That's right. That's right. Again, awareness, be aware of where you ... If you are in a crowd, don't use it. If you're out by yourself and you're jogging, it wouldn't be a problem. You're right, it has about a ... What, a 30-meter range at maximum, I think.
Todd Orston: So, in other words if somebody with some computer devices is running behind you through the park, be suspicious.
Cabot Howell: Be suspicious, all right.
Lee Meriwether: Now, let me make sure I'm ... So, they can hack that ... The communication between the Bluetooth earbud to your phone, but can they use the Bluetooth to get into the phone?
Cabot Howell: Yes. Yes-
Lee Meriwether: Oh.
Cabot Howell: ... they can. What is the password on your Bluetooth? Does anybody know the passwords on your Bluetooth? They're all the same thing, 0000, so, I think any hacker can understand that password.
Lee Meriwether: Can you change the password on your Bluetooth?
Cabot Howell: There are some devices, yes.
Lee Meriwether: Oh, I didn't-
Todd Orston: I switched mine. Mine is actually 0000, so ... Just to try and keep them on their toes. That's-
Cabot Howell: See, Todd's already learning.
Todd Orston: [inaudible 00:32:26] just hope nobody listens to the show. Oh, darn it, I have to change it again, 0000.
Cabot Howell: Use a capital zero [inaudible 00:32:35]
Todd Orston: Right, exactly.
Lee Meriwether: That would be good. All right, up next we're going to go into more of things that ... Ways that people can get access to your information when you least expect it, including software that can be put on your computer that can track everything you do. You don't want to miss it.
Welcome back, I'm Lee Meriwether, and with me is Todd Orston, Todd and I are partners of the law firm of Meriwether & Tharp, and you're listening to Meriwether & Tharp Radio on the New Talk 106.7. If you want to learn more about us you can always call, or visit us online, at AtlantaDivorceTeam.com.
And this whole show we have been learning all about the dangers that are associated with our data, especially over Wi-Fi, and different ways that people can basically get access to our portable devices, our phones, our tablets, even our watches, especially if you use Bluetooth, which is ... Pretty much has no protection, and our computers.
And with us is Cabot Howell from Digital Agent, and he's actually the one that protects us, because our clients' data is very important to us, and he's just ... Thankfully he covers us all the time, but I had no idea to the extent that you are protecting us until we started working on this show. I mean, I knew some of the stuff because I had to make sure you were doing ... Some of this we, as lawyers, had to make sure our digital company's covering us, all the data we are storing as part of our ... The divorce process.
So, when we left off, we were talking about ... Well, we wanted to get into some software that people can plug onto your computer. Now, it may not be legal, so we're mainly focusing on the illegal stuff, and maybe spend this last segment talking about what we see in divorces, most commonly.
Todd Orston: Yeah, we see this kind of stuff all the time, tools that people try to use to obtain information, because, of course, in a divorce case, information is key. I mean, you try to gather information, financial information, sometimes behavioral information, and parties will want to use that information to benefit them in the context of a case. Sometimes the information is obtained, sort of like I was saying at the very beginning of the show, legally, and sometimes not.
So, I guess the first thing that I would say before we jump in and talk specifics is if you are thinking about engaging in any kind of information gathering effort, talk to someone, talk to an attorney, that can tell you whether or not the behavior is legal or not, because the last thing you want to do is engage in this kind of behavior only to find that criminal charges are being brought against you.
Lee Meriwether: Right.
Todd Orston: So, be very, very careful. But, then, the flip side is now, let's talk about these different types of tools people are using, because people are using it, and if it's-
Lee Meriwether: [crosstalk 00:35:38] and we need to be aware of it.
Todd Orston: Absolutely, and we, as attorneys, are getting information obtained in different ways, and we are actively ... The legally obtained information, we are actively using it in court to benefit our clients. So, understand, it's a reality. It's happening. So, let's talk about some of the things people are using to gather that information.
Lee Meriwether: So, I know there is a program you can install on a computer, I think they call it a keystroke logger program or something like that.
Cabot Howell: Right.
Lee Meriwether: So, what does that do when someone installs it on the computer?
Cabot Howell: They're ... Well, different programs do a lot of different things, one being, again, log all keystrokes so that you could find someone's username and password to sites. [inaudible 00:36:21] or maybe they have a log in to their social media, these kind of things.
Lee Meriwether: Okay.
Cabot Howell: So ... And the spouse, as you're saying, wants to know about that. Another thing is that the ... These loggers can also take screenshots of your actual computer, any moment in time take scheduled screenshots, as well as pull down and crack passwords. The password is stored on your computer somewhere.
Lee Meriwether: Okay.
Cabot Howell: Somewhere it's stored, usually in your browsers nowadays.
Lee Meriwether: Yeah.
Cabot Howell: It is stored in there, and it's encrypted, but these keystroke loggers, keystroke programs, have the ability to hack, or crack that password.
Lee Meriwether: Okay.
Cabot Howell: So, they come with many functions, many ... They can replay everything that you sent out in an email, or in a text, or your social media. They can replay anything, view anything, have a history of where you been and what you did, how long you were at websites. So, there's a lot of information contained in your computer, and this can glean all that information, these little keystroke loggers and keystroke programs, spying programs, basically, is what we're talking about.
Lee Meriwether: So, if you did all the other things you're supposed to do protecting yourself, going to the right websites and all that stuff, that won't protect you from this software.
Cabot Howell: Right, well, you've let somebody in the door at that point.
Lee Meriwether: Right.
Cabot Howell: Somebody has been let in the door. Now, there are ways that you can trick an end person to installing these things themselves, that is true-
Lee Meriwether: Okay.
Cabot Howell: ... especially on the phones, when you get these spy programs that go on your phones. There are ways ... The person has to be ... I'm not saying gullible, they have to be trusting, how about that?
Lee Meriwether: Okay.
Cabot Howell: And they ... I know one, in particular, they pretend like they're from Verizon, say that, “We've noticed suspicious activity on your phone. We're from Verizon,” because you can send a message to anybody and spoof who you're sending it from.
Lee Meriwether: Wow.
Cabot Howell: These are on the web, all over the place. Again, I'm not going to give too many instructions on how to do these things, but just making you aware of what you're susceptible-
Lee Meriwether: Right.
Cabot Howell: ... that you could ... You see this coming from Verizon, you click the link as it was asked, because it appears the number came from Verizon. It's a legitimate 888 number that come from Verizon, because all you did was spoof the number. So, that person clicks on it, this little text message or what ... However, Verizon sent it to you, or this supposed person from Verizon, that installs the spy program right there.
Lee Meriwether: Oh.
Cabot Howell: So, now that ... The ex, or the angered ex, now has full access to your phone to see anything, everything, where you are, what you're doing, and how long you've been there, and to turn on your speakers, to turn on your camera so they can see what you're doing.
Todd Orston: And what-
Lee Meriwether: So, you could get that, I am guessing, from ... You could click on ... It could be in Facebook Messenger, it could be a text message, it could be an email.
Cabot Howell: Exactly. That's right, exactly.
Lee Meriwether: So ... Because I ... you know, you mentioned that and it just hit me that I had gotten a Facebook message from ... It looked like someone I knew, but there was this, like, hyperlink in there, and I'm like, this type of person doesn't send me hyperlinks. So, I deleted that whole thing [crosstalk 00:39:07]
Cabot Howell: You are learning from me a bit, Lee. Finally you're ... Instead of the curiosity that gets you in the trouble, you're starting to learn now, be careful, or were you expecting this?
Todd Orston: So-
Lee Meriwether: Yeah.
Todd Orston: ... once it's there, I'm going to go out on a limb and say the average person isn't going to be able to find it, see it, know it's there. What do you do, then, in order to check a computer if, let's say, you know, you're going through a divorce, your spouse comes in and out of the house, or is even still staying in the house, how do you even go about checking to see whether or not that kind of a program is on your computer?
Cabot Howell: Your average person I don't think would have too many tools to be able to do that. Just like they can't handle their own divorce they hire a professional lawyer. I believe the counsel in this aspect would be IT counsel, they would have to seek it. You're dealing with a higher level intrusion right here, and, so, you need a higher level protection.
You are in a particular situation, now, a divorce, we'll say, litigation. If you are against someone ... This is your area, folks, is that you should be saying, these are the steps you need to take to protect yourself, and if you're afraid, or if that person was savvy, you might need to protect yourself and have your stuff scanned. We do this often.
This is part of what we do. Someone's a little nervous, they noticed suspicious activity, they think they did something. They noticed the computer slowing down, these kind of things ... And they are in litigation, we come in and we review things.
Lee Meriwether: Scan the computer and the-
Cabot Howell: Scan it, that's right.
Lee Meriwether: And the devices to see ... I guess there's a way to scan to see if your phone has something installed on it.
Cabot Howell: Yeah, the safest thing to do with phones is to wipe it. Start all over. Go back to factory ... You're talking about the layman, the layman can easily do that. Wipe that. Send it back to factory default, reload your apps, reload your programs.
Lee Meriwether: Okay, yeah, because most of the stuff is stored in the cloud anyway, so, just go back to factory reset and just reinstall everything.
Cabot Howell: That's correct.
Lee Meriwether: Okay. Well, that would ... That take care of it.
Todd Orston: Yeah, I have no doubt there would be a lot, a lot, a lot of people who would be, like, I don't want to do that because I may lose information, I ... You know, but look, the bottom line is, if you take these steps necessary to protect yourself in the first place, you may not have to ever think about having to fix the problem, because there won't be a problem.
Cabot Howell: [inaudible 00:41:22] the problem is going to be there. The threat, or the attack, as we say, is going to be there, when are you going to deal with it, up front or after the fact? Are-
Todd Orston: That's-
Cabot Howell: ... you going to be scrambling after the fact [crosstalk 00:41:29]
Todd Orston: ... a much better way of putting it.
Cabot Howell: Aesop. Aesop with the grasshopper in the end gave us that lesson, be prepared.
Lee Meriwether: So, we're almost out of time, unfortunately ... Let's ... Is ...
Cabot Howell: But I have so much more, Lee. I have-
Lee Meriwether: I know.
Cabot Howell: ... so much more to share.
Lee Meriwether: I know.
Cabot Howell: I'm on the edge of my seat right now.
Lee Meriwether: You are, and so am I, but we're almost out of time.
Todd Orston: If you fall, I'm not picking you up, I'm just ...
Cabot Howell: You're the one with the 40 doughnuts.
Lee Meriwether: So, are there ... What sort of ... You know, is there anything we missed that we might want to hit real quick in the next 60 seconds? Or is there something, like ...
Well, I will say real quick that one of the smart things to do from a legal perspective, you're getting ready to go through a divorce, go and change your passwords on all your devices, your phone, your computer, all that stuff, because odds are, during the course of your marriage, you probably shared your passwords with your spouse, and that's how we've seen a lot of people put keystroke software on there, because they already knew this password, because it was given to them by their spouse.
Cabot Howell: And it's usually very simple. So, my last tip on the passwords, Lee, I'll give you something that computers cannot understand, it's a simple phrase. If you can think of a phrase, computers have a hard time hacking that.
If you have a series of letters and numbers, that's easy to hack. Eight letters and numbers, that will be hacked pretty easily, but if you give an entire phrase, like Scarlet O'Hara, oh, I'll worry about that tomorrow, you do that long phrase right there, you'll always remember it, and you can always spell it, and it's very simple, but the computer cannot hack that because it's too long of a phrase. It's an entire phrase. There's 20-something, 30-something letters there, and it's easy for you to remember.
Todd Orston: We did get a laugh in my office, because when you set up one of my computers, the password you gave me, I needed to tattoo it onto my arm. I think I forgot it about a hundred times, but I guess my computer's protected. So, you know, that's the trade off.
Lee Meriwether: Hey, well, that about wraps this show up. Cabot, where can people find you online?
Cabot Howell: It's the old www.DigitalAgent.net.
Lee Meriwether: Awesome. So, you know, we covered a lot of technical issues today, I mean, you know what I'm going to try to do is I am going to take all this stuff and I'm going to try to put it down into a series of bullet points, and some really positive takeaways, and post it on our website, and you could get there by AtlantaDivorceTeam.com, and then go to ... In the search bar, just search podcast, and it will put up a link to all of our podcasts, and then you can go from there and download this free PDF that I'm going to put up there for you to use. So, if you've heard a lot of things and you're like, I can't ... I'm in the car, I can't write these down, we'll have it for you online.
Todd Orston: Without any harmful links.
Lee Meriwether: Exactly, and thanks so much for listening.
Speaker 4: This audio program does not establish an attorney client relationship with Meriwether & Tharp.