Travis Taylor:
Hey guys, I’m actually talking with you on a new computer right now.
Beau Friedlander:
You get an IBM something or other?
Travis Taylor:
No, I’ve gotten my first Apple computer in over a decade. I used to be a big time Apple user, and one of the main things that was the big selling point was that they couldn’t be hacked, or at least they weren’t as vulnerable as PCs.
Beau Friedlander:
Yeah, that’s not true though.
Travis Taylor:
Well, back in the day, apple used to be regarded as a lot more secure because the fact that it was supposed to be thought of as almost unhackable, a big part of that was because the fact they had a lot smaller market share. There were only 2% of the computers on the market, 98% of the people were using Windows computers. So that just meant that if you wanted to really hack into someone that was a lot bigger of a target.
Adam Levin:
So what brought you home?
Travis Taylor:
Ease of use. It’s a nice little laptop and everything like that. It definitely looks a lot cleaner and everything, and I definitely think it plays a lot more nicely with an iPhone. But the main thing I’ve been fighting too though, is that that luster is faded about it being more secure these days.
Beau Friedlander:
Well, that because there’s so many people who are on Apple now that they’re just as big a target, if not bigger than PC users.
Travis Taylor:
Exactly. And the difference there is that if you have an Apple computer, chances are you also have say an Apple Watch and Apple phone, and so you have a full range of things that can be hacked, whereas the average Windows user, let’s face it, they’re not using a Windows phone. I don’t even know if they make Windows phones anymore. So
Beau Friedlander:
You’ve chugged the Apple Kool-Aid.
Travis Taylor:
Exactly. And hoping not to end up like Snow White here, but,
Adam Levin:
But speaking about Snow White and curses and witches and bad people, apple had a problem a little while ago, didn’t they?
Travis Taylor:
Yeah. I mean, they’ve had a line of, or a long string of emergency patches of late, they’ve found several really high profile of vulnerabilities, but the most recent one was called a zero click vulnerability.
Adam Levin:
Now what’s that?
Travis Taylor:
Usually if you get say any kind of email thing, if you get a phishing email with a suspicious attachment on it, you need to click on it, you need to open it up or you need to install it, or it takes, well, I thought
Beau Friedlander:
You weren’t supposed to click on it or
Travis Taylor:
Right, and
Beau Friedlander:
You need you to get infected, you mean? Exactly. Correct. Got you.
Travis Taylor:
Yeah. So a lot of these things, the most common malware out there requires some sort of action on the target’s behalf
Beau Friedlander:
To work.
Travis Taylor:
Exactly. So you’ll see something saying like urgent click here, or here’s your invoice, or anything at all like that. A zero click exploit is something that requires no action on the part of the target.
Beau Friedlander:
So it’s made for Jason Bourne, not me. This sounds just like Apple back in the day. I don’t need to worry.
Travis Taylor:
Sort of. It’s actually been linked to the Pegasus Spyware, which is a very, very controversial program,
Adam Levin:
And the folks who developed this, the Pegasus software, what was it?
Travis Taylor:
The NSO group, they’re called, it’s a cybersecurity and tech company operating out of Israel.
Adam Levin:
And as I understand it, they say that they have a quote code of ethics relative to the countries they work for because apparently they’re very country oriented. However, some questions have been raised about how strict that code of ethics really is since there are some questionable regimes that they’ve been working for. Right?
Travis Taylor:
Yeah, exactly. There was a leak recently in the last several months that showed 50,000 people have been targeted by the Pegasus spyware, and that includes journalists, some heads of state diplomats, human rights advocates, and the like. This
Beau Friedlander:
Is countries using this stuff. How does this affect Adam or me or you?
Travis Taylor:
It’s debatable. It depends on what kind of line of work you’re in. I think one of the main things about it is it shows the sophistication and the availability of a vulnerability here. They were able to create a type of malware that could be sent to anyone that could receive an iMessage. So it’s less about whether or not you’re being targeted. I don’t think Apple would’ve scrambled that quickly to release a patch if there wasn’t any general danger to folks. But the type of access this malware has, it can access and turn on your phone. It can intercept communications, including encrypted communications being sent through a signal. It
Beau Friedlander:
Can even use your phone when you’re not using it.
Travis Taylor:
That’s right.
Beau Friedlander:
And so the thing that I was thinking, Adam, is that this exploit is like other exploits we’ve seen that started as an NSA or NSO program, but then got leaked. And then people who are even less trustworthy than the people who we may not trust in government agencies have access to them.
Adam Levin:
Well, not only that, but we’ve learned that anytime you have anything that creates a back door and it is created for, let’s say, governmental use sometimes tends to fall into the wrong hands because those government agencies have been hacked. In this case, you don’t really know what it’s doing, where it’s doing and who’s behind it all. So it can be pretty scary.
Beau Friedlander:
And those government agencies may be doing business with people in trading, horse trading. We have no idea how people are getting
Adam Levin:
This done. In other words, if you get me this intelligence, I’ll give you a little access to this. I mean, unfortunately it’s done all the time. But anyway, Travis, big question. Is it fixed now?
Travis Taylor:
It’s supposed to be fixed now. So the most recent iOS update, which again, apple scrambled to get this out the door, and they urged everyone with any device that has anything resembling a piece of fruit on it to update. But I think from a point of view, the thing that’s most interesting and perhaps most frightening here is that Apple had already announced that they had fixed this with recent versions of their operating. They developed something called Glassdoor, which again, that sounds like it’s supposed to be super secure. It didn’t take too long for NSO group to find a way around it. And if they could do that, this is just an example of them getting discovered. We have no idea how many similar things there could be out
Beau Friedlander:
There. So we go from the extremely high tech to the fact that most of us, when we’re hacked, it’s so low tech, it’s so just dangle the lure in front of me and see if I bite. Right. And that is something that happened to our next guest.
Adam Levin:
I’m Adam Levin, former director of the New Jersey Division of Consumer Affairs, founder of Cyber Scout, author of Swiped, how to Protect Yourself in a World full of scammers, fishers, and Identity Thieves.
Beau Friedlander:
I’m Beau Friedlander, a person who is often lurking in the background trying to get hacked.
Travis Taylor:
I’m Travis Taylor, resident tech guy, and often lurking behind Beau trying to hack him.
Beau Friedlander:
Adam, I want you to meet my friend Ivana, and I’m going to try to say your last name. I think Ivana, I’ve always just known you as Ivana, but are you not?
Ivana Miličević:
You nailed it.
Beau Friedlander:
That’s because my nickname is. Yeah, that makes sense. And that means Monkey, monkey. So Adam Ivana is a friend of mine and I would like to introduce her to you. She is an actress, she is a mom. She is a person who lives in Ireland. She’s amazing. And she got hacked. Yeah.
Adam Levin:
And Ivana, I have two words for you. Bond and Banshee.
Ivana Miličević:
Yes, yes.
Beau Friedlander:
Why do you have those words?
Adam Levin:
Because Ivana is a famous actress and it’s really exciting to have a celebrity. For years, our biggest celebrity was Beau ,and now we have a bigger celebrity, and I’m very excited about that.
Ivana Miličević:
Thanks guys.
Beau Friedlander:
You’re famous to me just as Oh, Ivan. Ivan Ivana. But it’s nice to have you here.
Ivana Miličević:
Thank you for having
Beau Friedlander:
Me. It’s really not nice to have you here because you’re not here for an awesome reason. But before we get into that, Adam, I’m sure you have some questions for Ivana. I
Adam Levin:
Do. So tell me, you’re living in Dublin now. Rumor has it.
Ivana Miličević:
Well, I am because I fell in love with an Irishman, and then we had been living long distance between Los Angeles, Vancouver, Croatia, everywhere, where I was working since we were together. And then I got pregnant, was working, and two years of my son’s life, we were traveling like that. So then 2020 was going to be the year I spent in Ireland supporting him. And then Covid happened, and then I really liked Ireland. And here I am still. I mean, I still have a place in la, but I am mostly here. It’s a great place to raise kids.
Beau Friedlander:
What was Patty doing now? Your husband’s Patty, what was he doing? What were you supporting him doing?
Ivana Miličević:
He has an incredible restaurant here called Nut Butter, and it, it’s very California inspired, although I’ve never been to anything like it anywhere else. It is like healthy food, but flavors you’ve never had before. Listen, I’m a pizza and burger girl, and I love this food.
Adam Levin:
What kind of food is
Ivana Miličević:
It? It would be like, it’s like a mix of all these different things. So people who are completely vegan can eat, can go eat with meat eaters and be super healthy. So it’s not like fake meats. There’s beautiful Irish brisket tacos say, but then you can also have jackfruit tacos. So it’s not like jackfruit is turned into a burger patty. It’s just jackfruit seasoned in a way that makes you feel like it might be pulled pork.
Adam Levin:
Alright. Beau and I will be calling a little later to get a reservation. You
Ivana Miličević:
Are more than welcome.
Beau Friedlander:
No, I really want to go. It’s
Ivana Miličević:
Not far from New York.
Beau Friedlander:
No. It’s only like five hours away, right? Yeah, yeah. Yes.
Adam Levin:
So as an actor,
Ivana Miličević:
Actress,
Adam Levin:
I would love to know because I’m a movie fanatic. Two part question. Question number one, what’s your favorite movie ever? And question number two is what is your favorite movie that you were in?
Ivana Miličević:
Okay. Favorite movie ever. If I can only pick one, I mean the top three would be easier. I’m going to say 2001 A Space Odyssey, because at least that’s, wait,
Beau Friedlander:
2, 3, 2, 3. Come on. Two, three,
Ivana Miličević:
2001 Space Odyssey. I love Amadeus. Should be five, but, and then let’s say, oh, I really love The Shawshank Redemption too.
Adam Levin:
What is your favorite movie that you’ve appeared in?
Ivana Miličević:
I’m going to say it’s not a movie. I think that my favorite thing I’ve done to date is probably Banshee, even though I know it’s not a movie, and if you’ve said movie, I would probably not give you what you wanted because it would be head over heels, which is this girly chick flake. But it was just so much fun. It was my first kind of time getting to be a comedian, which is my first love really. Now I’m this dramatic badass, which is weird. And then Banshee, because I really gave it absolutely everything I had. Mind, body, spirit, sweat, tears, bruises, nudity. I mean everything was there. So that was really special.
Beau Friedlander:
Did you enter into it Ivana as a person who knew how to do all that fighting?
Ivana Miličević:
I knew I was going to take to it, put it that way. I wasn’t a fighter, but I knew I could move and I knew I could pick up choreography. And even the way the fights are structured, I don’t know how much of it you’ve or not. I know I’m in it a lot, but it’s still structured. The fights are choreographed in a way that I look really good. In other words, I’m excellent with my hands. You don’t see me doing crazy kicks because my feet are a mess. But I’m really powerful, my upper body and with my legs as a base,
Adam Levin:
We are all huggers. We are not hugging at the moment, and none of us are naked at the moment. So therefore I’ve
Beau Friedlander:
Never been in a fist fight my entire life. True story
Adam Levin:
Almost though I remember that time. But anyway,
Travis Taylor:
I was just hoping you’d mention a rid alert three personally,
Ivana Miličević:
Lord, three, Amanda and Conquer.
Travis Taylor:
Yeah, exactly.
Beau Friedlander:
When I asked Travis what his favorite thing that you were in about that, he was like, yeah, that alert.
Ivana Miličević:
That’s awesome. Do you remember my character’s name? I remember how she sounded.
Travis Taylor:
I remember the Voice. I don’t remember the name exactly, but yeah, between that and Transylvania, that’s sort of the geek creds. Yeah.
Ivana Miličević:
Oh, nice. I love that. I’m part of these geeky things. Yeah.
Adam Levin:
So what brings you to us today?
Ivana Miličević:
Oh, I’ll tell you. I got fished like a bitch one Tuesday morning on my Instagram. Early morning, to be fair, I was doing the master cleanse, so it was a little bit loopy to begin with. It was early in Ireland, which means it was late in Los Angeles, even later in New York, but it would’ve been similar time, like 6 37 in Europe. And I was just going through my Instagram messages in the morning like you do, and I get a message talking about looking real official and my Instagram inbox from Instagram something, Instagram support, talking about how I violated some copyright, which as an actor and a model, you’d never wanted to think that I maybe use somebody’s images. So I looked in and not only did I try to give them what they wanted immediately, they’re like to appeal this, click here. But immediately it was like, let me appeal this immediately. Let me handle this real quick before I even get out of bed. And I don’t know if the damage was done the moment I clicked on it or when I was trying to give them my password. I forgot. I know that it would never be an app. I was just groggy. I know not to give my stuff, but
Adam Levin:
Well, let’s start by attributing it. Let’s start by attributing it to the cleanse that really did it. That got you. That didn’t help, not as focused as you should have been. And so therefore, and again, one of the things that Beau and I have always talked about with Travis is that hackers and scammers always rely on the fact that someone is going to be distracted and they’re going to dump something on them that is going to demand almost an immediate response if they’re a responsible person. And as a result, you basically took the bait, you took the Beit. Okay, so you gave them your user ID and password.
Ivana Miličević:
I don’t know. You guys tell me. I still don’t know if it happened the moment I clicked on the link.
Beau Friedlander:
No, I didn’t
Ivana Miličević:
Because I don’t know that I remember, because remember one time I couldn’t remember my username and password and I actually wrote to whatever it was saying, I’m having trouble remembering my username and password all in my devices. It’s not like I’m logging in and out all the time. So I remember even asking them to help me, which they didn’t. I must have done it correctly at some point. You are right. And then I immediately, the moment I was like, ah, what have I done? And I immediately changed all my passwords, but I think it was too late.
Beau Friedlander:
That would be a good cybersecurity. I must have done it correctly at some point. But Travis,
Ivana Miličević:
That’s only funny to you guys. You don’t even know what that means.
Beau Friedlander:
Well, but it’s also funny because in your case, well we’ll get into it, but there’s some humor here, thank God. Oh yes. But Travis, did it happen when she clicked or did it happen when she provided her password?
Travis Taylor:
I’d say with about 99.9% certainty was when you provided your password. Sorry. I mean there could have been some sort of high level malware or something like that that you can download when you click on a link. But if you gave your password, that was almost certainly,
Ivana Miličević:
I just was never certain that I gave them my actual password. This is the only reason why I’m confused. Otherwise I would not be trying to cover myself by being
Travis Taylor:
Well, did it take you to any sort of a prompt to enter your password, for instance?
Ivana Miličević:
It did, but I entered it incorrectly. Oh, okay. And it wouldn’t let me fix it. Okay.
Beau Friedlander:
That we figured
Ivana Miličević:
Out. That’s what I’m saying.
Beau Friedlander:
Yeah. That’s the hack part that happened to you.
Ivana Miličević:
I had only just found out because again, I’m not on there that much too much, but not that much. People told me before I realized it, put it that way. My friends with my phone number texted me before I knew what was going on. In fact, you guys might’ve been my third call with already a solution when it was like, yo, babe, I think you got hacked. Don’t worry. Bon knows a guy. So before I even knew what happened, somebody, which is my good luck, which I know everyone’s not that lucky. And by the way, I got hacked through my friends. They were using my friend’s profile to get to me what they had parasite or would even call that. It was a different name. It’s a good word. But it was through their account that they got to me.
Travis Taylor:
Daisy chaining.
Beau Friedlander:
Daisy chaining Travis. So I know that you know this hack well at this point. So Daisy chaining, or how did her friends get to Ivana? How did that part work?
Travis Taylor:
Well, the way that Instagram in particular works is that it’s connected to your phone or your phone number. So if you can compromise one account, that means you have all those other contacts both by way of the phone, but also the Instagram account so that then you can reach out just by way of a DM to other people and then give them links and so on. It also helps them to identify, even if they’re going to be claiming to be operating on behalf of Instagram tech support, they now know your account name and account and your account info. Just because of the fact that if they’re in one account, they can see some of the information for all their connections on there. That includes primarily phone numbers. That’s a big one.
Adam Levin:
The general advice we also give to people, and it’s really true, is that oftentimes one person is not the actual target. It’s someone else, someone they know, but they use familiarity in order to get in and then get to that other person.
Ivana Miličević:
Are you saying that when they got into my account, they could get into my actual physical phone to know the numbers? That’s what I was afraid of. That’s what you’re waiting for or you’re saying, because on Instagram, some people have their phone numbers up there.
Travis Taylor:
Not as such. When you sign into Instagram, it gives you an option to sync your contacts, in other words, to let you know other people who are on your phone, what their accounts are on Instagram. So when
Ivana Miličević:
You do that, but they don’t necessarily know their numbers to then
Travis Taylor:
Call
Ivana Miličević:
My celebrity friends or
Beau Friedlander:
No, but it is why you got targeted and it’s a more mechanical hack. Once they have control of your account, they can send out messages from your account,
Ivana Miličević:
But they sending weren’t sending it as me.
Beau Friedlander:
So G Guinevere did get a message from me. Yeah, saying you have done a copyright infringement, I
Ivana Miličević:
Think, but it was me, but the one I got was it didn’t look like when you go deep, you’re like, why is that coming from Ivana’s account? But it’s not our name. It’s not my name on top. At least the one I got, I don’t know what Guinevere got. So
Beau Friedlander:
She got one right after we saw that your account was hacked. She got one saying, your account has committed whatever. And she said, is this a hack? And I said, yeah, a hundred percent. And that was the end of it. So that’s how I know that no click was the cause, but handing over the information was. But this scam in particular was something that’s an API based scam. The API lets the Instagram and a third party know that they’re connected and Instagram uses that to pass information back and forth. Now, some people control their social accounts through other websites that you can do Twitter, Instagram, Facebook, all at the same time. Hulu Suite is one of them. What is it called again? Sweet Suite? Hootsuite. Hootsuite. At any rate, Instagram communicates with Hootsuite through an API. And as I understand it, this hack worked by having the API connecting to a Hootsuite like service gave the hackers an opportunity to then change Ivana’s login information. Yeah, the
Ivana Miličević:
Phone number and
Beau Friedlander:
The email address
Ivana Miličević:
On the account and where they were located. I didn’t understand why, one, they let everyone know I was hacked by putting all those pictures up. So I don’t understand. It just didn’t seem
Beau Friedlander:
That was to make you scared and make you cough up some money,
Ivana Miličević:
Which they never asked for,
Beau Friedlander:
Which is weird. And what’s weirder yet, Adam? Yes, they were in Turkey and Instagram was not able to just go, duh, duh. That’s why. Is she in
Ivana Miličević:
Turkey
Beau Friedlander:
In Ireland?
Ivana Miličević:
Yeah. No, no. And not only that, here’s the thing. I am a user that’s based in Los Angeles. When I set up my account, I was in Los Angeles. I live in Ireland now, right? Do you think I went to Instagram and was like, well, they ought to know that now I’m based in Ireland. Who cares? I still go back and forth. But they do know. So when this all happened, they can know all they want. My point is when all of a sudden I’m changing my info to Turkey that they weren’t like, this is weird. Let’s freeze it. My biggest issue with all of this is that I was lucky you hooked me up with Andre and life FARs. How about the people who need their thousand followers for their small business? They have no recourse. It’s not like there’s a number to call on these on Instagram or Facebook or any of these places. It drives me crazy.
Beau Friedlander:
I hear you. But Adam, I would like you to just take this opportunity to explain who Andre is.
Adam Levin:
Andre is a forensic expert. He really is a superstar when it comes to cybersecurity. He’s one of the guys you read about that you don’t necessarily see. He’s an ethical hacker and he runs a company that specializes in basically helping highly placed individuals, companies. They’re there for all that. We have horror story after horror story after horror story about people desperately trying to contact these massive platforms and ending up with nothing but crickets. They just don’t get a response. These platforms are not tracking as well as they should. I mean, Travis, we’ve seen situations where you’ll log into something and it will go unfamiliar device. So then they send a code and everything else. And it should have, coming from Turkey should have been considered unfamiliar, correct?
Ivana Miličević:
It did. I did get an email that I didn’t see
Beau Friedlander:
You did got one about because
Ivana Miličević:
Look how quickly it all happened though so fast. They gave me very little time to see it again. I’m not sitting at a desk all day seeing my emails come
Beau Friedlander:
Up. No, and they are. And that is the difference. So you’re not looking at your emails every 10 seconds, but the hackers are relying on the fact that they can go faster than you can in terms of authentication and reconfirming their account. Let’s back up. So you wake up in the morning and you are told that you are a criminal, and you’re like, well, but I don’t want to be a criminal, especially not that kind of criminal how I make a living. So you go, okay, I’ll do something about this immediately. The thing that you immediately do is that you provide your password to
Ivana Miličević:
Instagram who already has it, of course, but
Beau Friedlander:
Yeah, fair enough. Fair enough. So you give it to Instagram now, what do you think in then? Do you go back to bed?
Ivana Miličević:
No, I immediately change my passwords or so I thought
Beau Friedlander:
Then
Ivana Miličević:
What? Then I went about my day. I thought I changed, or I even said to my husband, I was like, oh, I think I almost got hacked.
Adam Levin:
That goes under the famous last words category.
Ivana Miličević:
I think so.
Beau Friedlander:
And then the next thing you got was calls from us and other friends. Yeah,
Ivana Miličević:
Pretty much later that day I think. Oh, and I started to get WhatsApp messages from the guy in Turkey, and he was like, hi, I’m so sorry I have your account, but I want to give it back to you. Please. I’m so sorry. Here’s the password for your accounts. You can get it back. So I don’t know now, I don’t know if he was seeing what I was going to do. If I log into that, then he can get into more stuff. Travis, I have a question. Travis. He never asked for money. No, I never responded either though.
Beau Friedlander:
So he provided you with a link and a password?
Ivana Miličević:
He provided me with a link. Would’ve been good if I charged my phone so I can tell you exactly what he said. But he provided me with a, he’s like, this is your username, or whatever it was, and here’s the password, which of course I didn’t touch because at that point I didn’t trust anyone or anything. He was
Beau Friedlander:
Trying to get
Ivana Miličević:
Deeper, but he never asked for money. And he was like, I’m so sorry these emojis, I’m so sorry. I want to give it back to you. But of course you can’t
Beau Friedlander:
Even trust that bad Travis.
Travis Taylor:
Yeah, it sounds like he was trying to give you more malware to get even deeper into your accounts.
Beau Friedlander:
Yeah. The question that I have is, what are you thinking when you see the WhatsApp messages? Are you feeling like you’re getting hacked further or are you feeling like, oh, maybe
Ivana Miličević:
Yes. Now I don’t trust anyone. And even when you hooked me up with Andre, I’m like, who’s Andre? All of a sudden you feel like you’re in the game that Michael, we’re in the game. I mean, all of a sudden you’re like, I’m like, is this really Guinevere? Is this really Bo? Is this really anyone? Because social media and computers, everything is made so that everyone can use them, but we don’t know what we’re doing. They’re just simple clicks. I mean, it’s no different than a light switch. So we’re not computer experts in the slightest, even though we’re using all of these really powerful devices that are capable of so much more than what we know what to do with them, including these social media platforms.
Beau Friedlander:
Now, my second question on this WhatsApp part is did that happen before or after I put you in touch with Andre?
Ivana Miličević:
I think it might’ve all been happening at around the same time because he told me to turn on my LA phone if I remember correctly, and did, Andre did and because that’s what was connected to it. And so then I started to do exactly what he said to do, and then that’s what it all started to happen very quickly. So my LA phone came on line, finally, I charged it, turned it on. I started to get messages from the hackers, and I think Andre started to play dueling hacker piano with the hacker and eventually got to the point where one of them had the number and one of them had the email. So both were locked out. I think Andre managed to secure my email or an email for the account, and the hacker still managed to secure the phone number or
Beau Friedlander:
Something like that without naming the secret sauce. We also know that Andre had a lifeline where he called the troops in to help him a little bit.
Ivana Miličević:
Yes, exactly. But that didn’t happen until the, oh, I don’t know actually what point he started using them,
Beau Friedlander:
But I just wondered if the WhatsApp stuff started because he kicked the hornet’s nest.
Ivana Miličević:
I wonder. And also I know that if we’re keeping it a secret, geez, so mysterious his in that helped him with my account. What happened with that? He asked me, I dunno how to say this without, he asked me if it was okay if we wanted to go after them, because he said that if the hacker asked for money, then it elevates the crime.
Beau Friedlander:
Yeah. So the person that Andre, since we can’t really clarify beyond what we’re talking about here. Andre pulled his car up to another car sort of and
Ivana Miličević:
Asked, do you have any
Beau Friedlander:
Under a bridge somewhere? And they opened their windows and he said, yo,
Ivana Miličević:
Do you have any grape coupon?
Beau Friedlander:
Yeah, do you have any great football?
Ivana Miličević:
I love that you get that.
Beau Friedlander:
And it
Adam Levin:
Really was incredibly kind to President Putin to intervene on
Beau Friedlander:
Your behalf.
Ivana Miličević:
It really was. He’s always had a crush on me. That’s
Adam Levin:
True.
Ivana Miličević:
He loves Banshee.
Beau Friedlander:
So Andre called his mysteries person. And did that solve your issue? Are we saying that basically you got saved by a
Adam Levin:
Mystery person?
Ivana Miličević:
It took the mystery person, I think to finally get my account all the way frozen until we could solve the rest. And then I think,
Beau Friedlander:
And what is frozen? What does that mean when they freeze your account?
Ivana Miličević:
It meant that no one can get into it. Not me, not them, not anyone. Until I start through, again, avenues not directly dealing with Instagram to reset it, I needed to promise I would do double factor authentication. I had to promise I would get a whole new email for it. I had to promise that I would use that. I would use two factor authentication, good cyber hygiene. Nice, but not just that, but also what are they call those? Authenticators? Yeah, the
Travis Taylor:
Authenticator app.
Ivana Miličević:
I got one, but I’d like to use it for everything. But I don’t know how it’s hard for you guys. Things have to be,
Travis Taylor:
It’s really not very intuitive authenticator apps. It’s not. I think they have a ways to go before they replace just basic two-factor authentication.
Ivana Miličević:
And then I have those little, I copied some little codes to have as well. That’s somewhere in my photos and hell. But I have them. They’re in there somewhere.
Beau Friedlander:
You froze your account and that’s basically, it sounds like a digital timeout for, there was a fight in the playground and they’re like, everybody, you got to sit at this, sit down and just chill. So then they figured out that you, you and you could have your account back. But then they said, but only if you do all these things and all the things that probably we preach here minus the authenticator, because I don’t use one, but I can’t believe I just said that. I guess I’m going to download it tonight. And that is the part that Adam was talking about in the beginning, which is hackers assume there’s going to be a moment when you’re tired, when you’re doing a juice cleanse, when you’ve got a baby, when you just got back from a trip, when all these things that happen to us all the time because they’re sitting there like your friend who answers a text immediately when you go, hi, how you doing? Fine, they’re there. We’re like, why didn’t you say hi? And that’s the problem is I’m just trying to have a life and brush my teeth and by the time I got to the second side, I’m hacked. There was
Adam Levin:
The thing you have to remember all the time is we all have day jobs, whatever those day jobs may be from raising a family, working for somebody, running a business, being involved in philanthropic activities, going to school. Whereas for these guys, we are their day job. So that’s why they are sitting there. Good point. They will text you immediately.
Beau Friedlander:
Alright, Travis, I’m going to let Ivana do your job. Ivana. What is the list of things that you are now doing as a responsible person who’s no longer going to get hacked?
Ivana Miličević:
Well, one, I’m learning more because I don’t have everything figured out yet. Like I said, I have two factor authentication. Obviously I’ve changed all my passwords. I’m trying to use those crazy alphabet number symbol googly, eye emoji passwords that you can’t remember. I have the authenticator, but honestly I really don’t know how to use that all the way. But I have it on my Instagram. I have saved those codes. How they give you, you can get four digit codes you can
Adam Levin:
Save. They’re like to save out jail free cards,
Ivana Miličević:
Get out of jail, free cards. I have those for a couple and I have them somewhere secret places,
Beau Friedlander:
Which all of those were lies. If you’re listening to heck Ivana though, she doesn’t have them written down. She hasn’t.
Ivana Miličević:
I’m letting you down a wild goose chase guys. Yeah, but
Adam Levin:
You should consider, and we’ll continue. You should consider getting a password manager. It’ll make your life a lot simpler.
Ivana Miličević:
Writing that down.
Beau Friedlander:
But Travis, Travis, hold on. Password. Just recently on adam levin.com, I think you wrote the article, Travis, about three word passwords. So just like if people don’t want to use a password manager, can you explain why a three word password might be a good move?
Travis Taylor:
Sure. One thing that helps with password security is overall length. In other words, something that’s 25 to 30 characters long would take a longer time to hack or breach than something that’s eight to 10 characters long. And so rather than having something along the lines of at cy, lowercase K, exclamation point, uppercase S, et cetera, the recommendation this came from the United Kingdom’s Cybersecurity Agency, is to string together three random words. And then if you want to, you can add a number, a letter to it. But three random words is about as hard if not harder for a hacker to guess as a bunch of random characters really. So if you were to just say Flo lamp wall clock recliner, that is a very, very, very long password that would take a very long time to be able to crack. Whereas something, even if it’s completely, utterly random characters, if it’s a mix of numbers, letters, alphanumerics, anything like that, that can still be cracked by a brute force attack. If it’s shorter, it’s a brute
Beau Friedlander:
Force attack.
Travis Taylor:
A brute force attack is pretty much where you have machine a program that goes through and tests out A then B. And then that’s how I
Beau Friedlander:
Learned how to talk.
Travis Taylor:
Exactly. Yeah.
Ivana Miličević:
Peters can do a quickly program, right?
Travis Taylor:
Yeah. They can just throw a million passwords just to see which one works.
Ivana Miličević:
I don’t understand then why words wouldn’t be easier to hack than random, do you know? Because one, they start to get like, oh, unicorns
Travis Taylor:
A single word start. A single word is really easy to guess. That’s called a dictionary attack. Where there are programs out there that have just the entire English language dictionary and they, they’d start with aardvark instead of a, and then work all the way down to, I don’t know, zygote or something like that.
Ivana Miličević:
Fabulous goodness.
Travis Taylor:
But if you were to think about the sheer number of words, that would be an dictionary, for instance. And then if you were to take a second word and append it onto that, then that is exponentially more things that would need to be guessed than if you’re to do three words. That’s even more so that’s hundreds of millions, maybe even billions of possible combinations that even if you’re using a dictionary, it would still take an extraordinarily long amount of
Ivana Miličević:
Time stuff to put ’em together. No,
Beau Friedlander:
You’re hurting my brain, but don’t use unicorn. Why? Because I know you like unicorns. Unicorns, who doesn’t? I don’t. They freak me out with the horn. The horn.
Adam Levin:
And don’t use the series of numbers that simply go up or go down in
Beau Friedlander:
Order, but just don’t let it be guessable. It can’t be something that we know that you’ll pick.
Travis Taylor:
Right, right. And I think that’s one of the other things to keep in mind too, is that with password guessing algorithms are things out there that if you were to say Go Mets one, go Yankees one go rangers one. Probably at some point, one of these little programs to be able to say, go giant, sir.
Adam Levin:
Then I think I have to change all my, hold on for a second. I have to get rid of the Yankee thing.
Travis Taylor:
We’ll wait. But yeah, so the main thing though is the three words system is a good one because the fact that it’s really long, it can’t be very easily guessed, especially not by an algorithm or a dictionary or brute force attack. And it’s a lot easier to remember. I would remember flora lamp proline or wall clock a lot more easily than I’d remember at. Yeah, that’s gibberish where you
Ivana Miličević:
Can, and it’s really one word for those brute force actors ais, right? That’s one word that they’re like, they’ll get there eventually. It doesn’t matter to them if you’re spelling aardvark or
Travis Taylor:
Right. And the standard caveat though is that you could choose the longest password in the history of the world. It could be completely unguessable if you use it on every single account. And it only needs to get breached once.
Adam Levin:
Right. It’s kind of like the difference between an indecipherable password and a discovered password. Exactly.
Beau Friedlander:
That might
Adam Levin:
Be indecipherable. But anyway, listen, this has been awesome and heaven knows we could go on for hours hours, but we’re going to have to call it to a close now. So from all of us, to one of you, thank you so much for being part of this today. You were great. Thanks.
Beau Friedlander:
Thanks Ivana. Thank you for having me.
Adam Levin:
What The hack is a loud tree media production in partnership with LARJ media. That’s LARJ Media. You can find what the hack wherever you get your podcasts. Be sure to follow us on social media and find additional information adamlevin.com.
