Yahoo Email Hacking

More from this show

The US Justice Department has issued indictments against two Russian agents and two others accused of the 2014 Yahoo email hacks that impacted 500 million Americans. The hackers also used the data to send spam and steal credit card and gift card information. Eric Marcus, the Tech CEO of Marcus Networking, will talk about steps people can take to minimize the damage that can be done by hackers who get into their email.

TED SIMONS: COMING UP NEXT ON ARIZONA HORIZON, WE'LL LOOK AT THE BEST WAY TO PROTECT YOUR E-MAIL FROM HACKERS. ALSO TONIGHT, A PROMISE IN A NEW TEST TO DIAGNOSE LYME DISEASE IS BEING DEVELOP IN THE VALLEY, AND THE PHOENIX NEWS TIMES HAS A STORY ABOUT LOCAL IMMIGRANTS. THAT'S NEXT ON "ARIZONA HORIZONS."

TED SIMONS: GOOD EVENING AND WELCOME TO ARIZONA HORIZON, I'M TED SIMONS, AN AMENDMENT POPPED UP IN THE ARIZONA SENATE TO ALLOW PAYDAY LENDERS TO ONCE AGAIN OFFER HIGH INTEREST LOANS IN ARIZONA. 2008 BANNED PAYDAY LENDERS IN THIS STATE BUT THE NEW AMENDMENT WOULD ALLOW INTEREST RATES OF 164% ON LOANS TOPPING OUT ON $2500. DEMOCRATS OPPOSED BILLS TO ALLOW PAYDAY LOPES BACK IN THE STATE BUT REPUBLICAN BACKERS SAY THE LOANS GIVE PEOPLE WITHOUT CREDIT ACCESS TO CASH. THE JUSTICE DEPARTMENT ISSUED INDICTMENTS AGAINST TWO RUSSIAN AGENTS AND TWO OTHERS ACCUSE IN THE 2014 YAHOO E-MAIL HACKS. THE HACKERS USED THE DATA TO SEND SPAM AND CREDIT CARD AND GIFT CARD INFORMATION. ERIC JONES JOINS US NOW TO TALK ABOUT HOW BEST TO PROTECT YOU AND YOUR E-MAIL FROM HACKERS. THANK YOU FOR JOINING "ARIZONA HORIZON." THIS WAS THE BIG DEAL. HOW MANY PEOPLE WERE AFFECTED BY THIS?

ERIC MARCUS: 500 MILLION PEOPLE HAD THEIR E-MAILS HACKED.

TED SIMONS: AND HAVE THERE BEEN RECENT ATTACKS AS WELL?

ERIC MARCUS: THERE HAVE BEEN RECENT ATTACKED FROM DIFFERENT SERVICE PROVIDERS LIKE YAHOO! GOOGLE, AND A FEW SMALLER ONES AS WELL.

TED SIMONS: LET'S TRY TO FIGURE OUT HOW TO PROTECT OURSELVES WHEN AND IF -- I THINK IT'S MORE LIKE WHEN AS OPPOSED TO IF -- SOMETHING LIKE THIS HAPPENS AGAIN. WHAT ARE THE BEST THING TO DO?

ERIC MARCUS: THE BEST THING TO KNOW IS NOT SOMETHING IN THE CONSUMER LEVEL WHERE WE TALK ABOUT CREATING A PASSWORD THAT MOST PEOPLE ARE FEARFUL OF. THIS IS THE SERVICE PROVIDERS LEVEL THAT A YAHOO! THEMSELVES, THEIR E-MAIL SERVICE WAS HACKED. THAT CAN HAPPEN TO GOOGLE, MICROSOFT, OR REALLY ANYBODY. YOU HAVE TO LOOK AT WHAT IS IN THE CONTENT OF YOUR E-MAIL ITSELF. A LOT OF PEOPLE STORE IN THEIR E-MAIL BOX, CREDIT CARD NUMBERS, TAX RETURNS, GIFT CARD NUMBERS. ANYTHING THAT'S A PERSONAL PIECE OF INFORMATION THAT A HACKER CAN TAKE FROM YOUR E-MAIL AND THEY THEN CAN USE AGAINST YOU.

TED SIMONS: INTERESTING. SO I HEARD THAT THIS HTTPS -- THE S ON THE END OF THE P THERE, THAT'S A BIG DEAL.

ERIC MARCUS: THE S STANDS FOR WHAT'S S CERTIFICATE. IT ALLOWS YOU TO KNOW IT'S A LEGIT WEBSITE TO USE. SO IF YOU WENT TO BANK OF AMERICA AND IT DIDN'T HAVE AN "S" AFTER THE HTTP, THAT MIGHT BE A SPOOF WEBSITE WHICH IS ONE THAT LOOKS LIKE THE REAL WEBSITE BUT IT'S NOT.

TED SIMONS: CAN YOU CONFIGURE YOUR OWN E-MAIL AND WEBSITE AND SUCH WITH THAT S ON THE END?

ERIC MARCUS: YOU ACTUALLY CAN'T, YOU HAVE TO BUY THE CERTIFICATE FROM AN AUTHORIZED THIRD PARTY COMPANY. ONLY A HANDFUL IN THE UNITED STATES THAT ALLOW YOU TO DO THAT. THAT CERTIFICATE REQUIRES YOU TO PROVE YOU'RE THE COMPANY THAT OWNS THAT WEBSITE. SO BANK OF AMERICA WOULD HAVE TO GO TO THAT COMPANY AND SAY HERE'S OUR CERTIFICATE.

TED SIMONS: SO I WOULD IMAGINE DON'T OPEN UNFAMILIAR E-MAILS. THAT'S KIND OF A NO-BRAINER THERE?

ERIC MARCUS: YEAH, THE NO-BRAINER IS NOT TO DO THAT. HOWEVER, A LOT OF THE HACKERS FOR RANSOM WARE AND THESE PARTICULAR INSTANCES ARE SENDING E-MAILS OUT THAT LOOK LIKE BANK STATEMENTS FROM AMERICAN EXPRESS, WELLS FARGO, THINGS LIKE THAT. SO WHEN YOU GET AN E-MAIL AND IT LOOKS LIKE IT WITH THE PICTURE, RIGHT? IT SHOWS YOU A PICTURE WITH THE AMERICAN EXPRESS LOGO, A LOT OF PEOPLE CLICK ON THAT LINK AND IT TAKES YOU TO THIS FAKE WEBSITE THAT ALLOWS A HACKER TO GET IN YOUR COMPUTER.

TED SIMONS: IT IS JUST THAT EASY. YOU GO TO THE FAKE WEBSITE AND IT'S ALL OVER.

ERIC MARCUS: THAT'S IT.

TED SIMONS: HOW DO YOU KNOW YOU'VE BEEN HACK?

ERIC MARCUS: A LOT OF THE NEW VIRUSES WILL NOT TELL YOU YOU'VE BEEN HACKED. THEY'LL SIT QUIET IN THE PACK GROUND AND MINE DATA. ANTI-VIRUS, NOT VISITING WEBSITES THAT YOU'RE UNFAMILIAR WITH ARE VERY IMPORTANT. IF YOU GET AN E-MAIL FROM BANK OF AMERICA, AMERICAN EXPRESS, SOMETHING LIKE THAT THAT SAYS PAY YOUR BILL, GO TO THE WEBSITE ITSELF AND LOG IN. DON'T CLICK THE LINK FROM THE ACTUAL E-MAIL.

TED SIMONS: IT MAKE SENSE THAT YOU COULD BE DOING EVERYTHING RIGHT BUT YOU GO TO GRANDMA'S HOUSE AND YOU USE GRANDMA'S COMPUTER AND THAT THING COULD BE JUST RIDDLED WITH ALL KINDS OF THINGS AND YOU DO PERSONAL BUSINESS THERE, YOU'RE TOAST.

ERIC MARCUS: YEAH YOU'RE 100% CORRECT. A LOT OF COMPANIES -- I GO BACK TO BANK OF AMERICA AND AMERICAN EXPRESS BECAUSE I USE THEM--THEY HAVE TWO FORM AUTHENTICATION. IF YOU SIGN ON FROM GRANDMA'S COMPUTER, THEY WANT YOU TO SEND A TEXT MESSAGE TO A REGISTERED DEVICE AND YOU HAVE TO ENTER A PIN CODE. THEY KNOW YOU HAVE THE DEVICE IN FRONT OF YOU AND IT'S LEGITIMATE FOR YOU TO LOG INTO THE COMPUTER. THAT HELPS TO PROTECT YOURSELF. THAT'S WHAT THE COMPANIES WILL ARE LOOKING FOR, THE TWO-STEP VERIFICATION.

TED SIMONS: ANTI-VIRUS, ANTI-SPY WARE, FIRE WALLS, THESE SORTS OF THINGS, DO THEY WORK?

ERIC MARCUS: NO.

TED SIMONS: THEY DON'T WORK 100%.

ERIC MARCUS: THEY DON'T WORK 100%. THE PROBLEM IS ANTI-VIRUS COMPANIES CAN'T KEEP UP WITH THIS NEW TECHNOLOGY EVERY SINGLE DAY. SO WE HAVE CLIENTS IN THE PAST THAT HAVE GOTTEN RANSOM WARE, THEY HAVE A FULL PACKAGE SUITE WITH ANTI-VIRUS AND THEY STILL GET IT BECAUSE IT'S A SELF-INFLICTED VIRUS. YOU CLICK ON THAT LINK AND THAT'S ALL IT TAKES. TAKES YOU TO THE WEBSITE AND DOWNLOADS THE VIRUS.

TED SIMONS: YOU STARTED SPEAKING AND SAID PASS WORDS DON'T MAKE A HECK OF A LOT OF DIFFERENCE. I -- YAHOO! THEY SAY CHANGE YOUR PASSWORD, SO I CHANGE EVERY PASSWORD I HAD, YAHOO! OR OTHERWISE, WAS I JUST WHISTLING IN THE DARK HERE?

ERIC MARCUS: CHANGING YOUR PASSWORD IS WHAT YOU DO NEED TO DO. YAHOO! THEMSELVES, THE SERVICE PROVIDER WERE HACKED. SO THAT MEANS THAT THE HACKERS THAT WERE FOUND GUILTY, THE RUSSIAN, THE TWO INDIVIDUALS, WENT TO YAHOO! DIRECTLY AND HACKED INTO THEIR DATA BASE. SO ALL OF THE 500 MILLION USERS, THEIR PASS WORDS WERE COMPROMISED. THE PASSWORDS DO NEED TO BE CHANGED SO THEY CAN'T GO IN AND GET YOUR INFORMATION.

TED SIMONS: THEY STILL -- IF I HAD YAHOO! AND I CHANGED MY PASSWORD AND HACKERS COME ALONG TOMORROW, I -- THERE NOT MUCH I CAN DO.

ERIC MARCUS: NOT MUCH YOU THE CONSUMER CAN DO OR BUSINESS OWNER. THAT'S UP TO YAHOO! OR GOOGLE OR MICROSOFT OR COX OR CENTURY LINK. THEY HAVE TO TAKE THE ONUS TO PROVIDE THE SECURITY TO DEFEND THEMSELVES AGAINST THE HACKERS.

TED SIMONS: ARE THEY DOING THAT?

ERIC MARCUS: THEY ARE. THEY'RE REQUIRED BY LAW TO PUT CERTAIN PARAMETERS IN PLACE. HOWEVER, HACKING IS HACKING. IT'S SOMETHING THAT'S BEEN GOING ON FOR 20 YEARS. AND THAT'S THE WHOLE GOAL OF THE HACKER, TO BREAK THROUGH THE SYSTEM. NOT NECESSARILY ALWAYS TO STEAL INFORMATION, BUT TO PROVE THEY CAN DO IT.

TED SIMONS: YOU MENTIONED THEY KIND OF SECRETLY IN THEIR MINING INFORMATION AND BIDING THEIR TIME, THERE'S NO WAY TO KNOW THAT THEY'RE THERE.

ERIC MARCUS: SOME HACKERS, YOU KNOW, AREN'T THAT GREAT. SO THERE ARE WAYS TO TRACK THEM IF YOU WILL. BUT THERE ARE SOME HACKERS THAT CAN SPEND A SIGNIFICANT AMOUNT OF TIME ON A NETWORK QUIETLY AND MINE THE DATA. THAT'S WHAT HAPPENED WITH YAHOO!.

TED SIMONS: HACKED HACKERS IF YOU WILL. I READ THAT THE SECURITY Q&As THAT YOU HAVE ON SOME OF THE WEBSITES FOR PASSWORDS AND WHAT WAS THE NAME OF YOUR FIRST PET, WHEN WERE YOU BORN, THAT KIND OF STUFF, THIS MAY NOT WORK, IF YOU HAVE A FACEBOOK PAGE, YOU'RE SHOWING YOUR PET OR YOU'RE MENTIONING HOW I WAS BORN IN SUCH A SUCH A PLACE, THEY CAN FIND IT THERE.

ERIC MARCUS: YOU'RE 100% CORRECT. THAT HAPPENS A LOT IN OUR INDUSTRY. A LOT OF PEOPLE'S PASSWORDS FOR WHAT THEY THINK IS STRONG REALLY ISN'T. A LOT SOFTWARE OUT THERE CAN JUST CHIP AWAY AT YOUR PASSWORD OVER TIME TO SEE IF IT IS CORRECT OR NOT. THAT'S WHY TWO-FORM AUTHENTICATION IS A WAY TO STOP THAT.

TED SIMONS: IS THIS ONE OF THE THINGS THAT YOU SIT BACK AND HOPE IT DOESN'T HAPPEN?

ERIC MARCUS: I DON'T THINK THAT. BUT AS A CONSUMER AND BUSINESS OWNER, YOU SHOULD BE MINDFUL OF WHAT YOU STORE IN YOUR E-MAIL. IT COMES BACK TO THAT. IF I HACK YOUR PASSWORD, WHAT INFORMATION WILL I G ET FROM YOUR E-MAIL BOX ITSELF. THAT'S WHAT PEOPLE HAVE TO LOOK AT.

TED SIMONS: PUT THAT STUFF ON THE COMPUTER IN SOME WAY.

ERIC MARCUS: CORRECT, STORE IT ON THE COMPUTER, DON'T STORE IT ONLINE. THEY GOT CREDIT CARD INFORMATION, GIFT CARD. THEY GOT -- EVEN A GIFT CARD. BED, BATH & BEYOND GIFT CARD AND USE THOSE. THAT'S REALLY THAT EASY TO GET.

TED SIMONS: GOODNESS GRACIOUS. THANK YOU FOR COMING.

ERIC MARCUS: THANK YOU FOR HAVING ME.

TED SIMONS: COMING UP ON ARIZONA HORIZON A PROMISING NEW TEST TO BETTER DIAGNOSE LYME DISEASE.

Eric Marcus: Tech CEO of Marcus Networking

Illustration of columns of a capitol building with text reading: Arizona PBS AZ Votes 2024
April 2

Arizona PBS to present candidate debates as part of ‘AZ Votes 2024’

A photo journalist walking a destroyed city
airs April 2

Frontline: 20 Days in Mariupol

A woman working on a project in an art studio
airs March 29

Violet Protest

The
aired March 25

Pulitzer on the Road: Small Town Shakedown

Subscribe to Arizona PBS Newsletters

STAY in touch
with azpbs.org!

Subscribe to Arizona PBS Newsletters: