1247: Eric Cole | Protecting Ourselves in an Age of Cyber Crisis

1247: Eric Cole | Protecting Ourselves in an Age of Cyber Crisis

This transcript is yet untouched by human hands. Please proceed with caution as we sort through what the robots have given us. We appreciate your patience!

Jordan Harbinger: [00:00:00] Welcome to the show. I'm Jordan Harbinger. On The Jordan Harbinger Show, We decode the stories, secrets, and skills of the world's most fascinating people and turn their wisdom into practical advice that you can use to impact your own life and those around you. Our mission is to help you become a better informed, more critical thinker through long form conversations with a variety of amazing folks, from spies to CEOs, athletes, authors, thinkers and performers, even the occasional journalist turned poker champion, fortune 500, CEO, arms dealer or drug trafficker.

And if you're new to the show or you wanna tell your friends about it, I suggest our episode starter packs. These are collections of our favorite episodes on topics like persuasion and negotiation, psychology, geopolitics, disinformation, China, North Korea, crime, and cults and more. That'll help new listeners get a taste of everything we do here on the show.

Just visit Jordan harbinger.com/start or search for us in your Spotify app to get started. Today on the show, we're talking with Dr. Eric Cole, cybersecurity expert former CIA, something or other, and the guy who probably [00:01:00] looks at my phone the way a cardiologist looks at a bacon cheeseburger. We're getting into the stuff that doesn't make the news because apparently a Kardashian wearing a hat is more urgent than foreign adversaries chilling inside of our power grid like it's an Airbnb.

We'll explore why a cyber nine 11 is not a Tom Clancy fever Dream. How the systems running. Our critical infrastructure are basically the secured with the digital equivalent of password. 1, 2, 3. And we'll discuss why TikTok might be the most effective psychological warfare tool ever invented. Plus how thieves will happily drop a million dollars for a stolen laptop.

I was surprised by that one. We're also diving into the dark web. What's on there for real? What criminals buy and sell and why every business on earth, including your local sandwich shop, actually has data worth stealing. Last but not least, why Russia disconnected from the global internet for a day, whether China is baking malware into devices before they even hit store shelves.

And the story of how my buddy Rob got his credit card stolen just because his speaking gig was published online. It's a wild ride through cyber cold war territory. So grab your VPN, unplug, your smart toaster, [00:02:00] and let's dive in with Dr. Eric Cole. Well, I read the book, first of all, and I, I found it to be, it's geared towards businesses, but I found it to be quite interesting, some of the anecdotes, and I'd love to focus a lot more on like.

Global cybersecurity and personal cybersecurity as opposed to business cybersecurity. So you've mentioned there could be a cyber nine 11 with airplane control systems. I want to get into that. TikTok is a tool of war. I want to get into that, but I was quite alarmed by, in the intro of your book, you mentioned there's this cybersecurity attack every minute and that just sounds like a lot.

Um, and there used to be, this is probably 20 plus years ago now. There used to be this visualizer, a map of the world where you could see lines going from one area to another and it was like, this is live cyber attacks as reported by, I don't know, it was like Kaspersky or something was monitoring this and they would make a visual and it would show like thing coming from the USA going to Moscow thing.

Go from Moscow going to Korea thing from Korea going to China thing from China going to la. [00:03:00] It was really interesting, possibly fake because why do that? But it sort of brought early attention to the fact that this is just constantly, constantly happening. So what types of cyber attacks are we seeing every minute, if, is it actually happening every minute or, or what are we seeing that's happening that often?

Eric Cole: Yeah, so what's happening that often is with AI or artificial intelligence, they can now automate specific attacks against individuals and corporations. So in the past, a foreign adversary would look at a large company and they'd spend six or seven months trying to plan an attack or go after the government.

But now with ai, there's automated scripts that are literally targeting you and me and every individual, every small company, every medium company looking for vulnerabilities. Looking for flaws. So they're always sending out phishing attacks. If you don't believe me, how often do you get a phishing attack or the toll booth scam?

Jordan Harbinger: The text where it's like, click here and pay your toll. And the, but the URL is like zw X 1, 4, 7, 5, do Exactly. Co Z. Yeah, exactly. [00:04:00] There's tons of those.

Eric Cole: Yeah. My question is, if you're getting those eight or nine times a day, which I know I do. Mm-hmm. Think of how many, every individual is getting there. So if you multiply that by every single citizen in the United States.

You could see how quickly it could be an attack every single minute of every single day, because they're just constantly sending out spams to you, to companies, to individuals. And the idea is they don't need everybody to click on it. They just need one. Yeah. If one person clicks on the link, they get in to yourself, your business, your identity, and your company.

So yes, when you're looking at the fact that every individual and every company is being targeted and scanned by these phishing attacks, yes, it is happening every minute of every day.

Jordan Harbinger: My family's been the victim of several of these. There's a business that my mother-in-law works in, and someone had emailed either her or someone else in the business and she was on a call and it was like, oh, we've changed our bank wire information.

Please update your systems. And somebody was about to send a wire or did send a wire of, you know, 40 grand or whatever to [00:05:00] this company. She was like, no, I'm on the phone with this guy right now. And he didn't say anything about that. So let me just ask him. And the guy's like, we have not changed our banking information to my knowledge.

And they're like, call the bank right now. So it was minutes later they got the wire reversed. 'cause it's hard to get a wire reversed. You can do it if it's five minutes in. 'cause it usually takes like 24 hours or something to, I don't know, reconcile. And then also you catch even the sharpest person at the wrong time.

My, I feel bad I'm gonna out him here. But my brother-in-law was on a call doing something, probably also driving or whatever and he clicked on the toll booth scam and paid and was like, wait, I think I just got scammed. I was just, I wasn't paying attention. Exactly.

Eric Cole: They're rushing. They're rushing up.

Exactly. Yeah. That's what they're thinking after. And I was

Jordan Harbinger: like, well call dispute it and get a new credit card right now. And so that was it. Yeah. He looked at the text and he is like, yeah, this URL's nonsense. Like I just didn't look at it. It was on my phone. We don't hear that much about this. 'cause the media doesn't prioritize it.

So I think for me and a lot of other people, we don't see this [00:06:00] as a big problem because the media isn't reporting on it 24 7. It's like when I see, oh, phishing scam, I just think, oh, slow news day, nothing's happening. Nothing real is happening. So we're talking about phishing scams or holiday safety. Don't let your Amazon packages get stolen.

And you're like, okay, nothing happened in the whole world today. So now we're focused on like credit card points, roundups and stuff like that. Like it's relegated to that tier of

Eric Cole: importance, right? And you nailed it as, I mean we, we constantly piss the media and nine times outta 10, they're like, it's either not important.

Or they'll go in and say, we'll do the story. But then that next day something hot happens in the media, right? And they cancel. Like for example, right now, how many times do we have to hear about the government shutdown? How many times do we have to hear about the Democrats and Republicans not getting along and them fighting with the White House yet?

That is all they want to cover. Every day we're pitching the media on breaches and it's just not high enough priority to them. Yeah, because they look at it as sort of petty theft. [00:07:00] Like if the fact, if your local grocery store gets robbed of $20, yeah, that's not newsworthy. But what if every single store was getting robbed by $20 across the entire United States?

I think that's newsworthy, but unfortunately they don't. So the American public just don't realize that they're a target and that cybersecurity is their responsibility.

Jordan Harbinger: It's interesting 'cause I, I look at scams like this and I go. If I hadn't shaped up as a teenager, this is what I would be doing right now because, and I'm not, not saying that to like brag or anything, it's actually kind of terrible.

Right. You know, I did a lot of scammy stuff when I was younger, but it was for the thrill. I didn't need the money. I wasn't thinking it was gonna be my career, but I was pretty good at that kind of stuff, you know, and getting a mass market, I don't, I'm not trying to give anybody any ideas, but getting a mass market sort of rogue, we don't care what you do.

Mass texting software system to sign you up as a client to get, uh, a couple of URLs to find a merchant account company that's a little bit shady and lax and get 10 of them so that when they finally cancel you, you just roll it over to the next one to get some AI chat, G-B-T-A-P-I [00:08:00] stuff going that it can script conversations if even necessary to get a chat bot on a website.

Like none of this is hard. It wouldn't surprise me if some of the massive scams you see are run by like 19-year-old kids living with their parents.

Eric Cole: And the scariest part is imagine if you take that up a notch. It's not only being run by these 19 year olds, but what if it's a corporation? Mm-hmm. What if it's a company?

Imagine a company with a 20,000 square foot office. They're a incorporated business. They have 3000 employees, they're making $50 million a year, but they reside in Russia or China, and their entire job is to target you, your companies, and your individuals. And here's the crazy part, it's not illegal in those companies.

Right?

Jordan Harbinger: And

Eric Cole: there's no extradition treaties,

Jordan Harbinger: right? Those countries. Yeah.

Eric Cole: Yeah. You call the local police, they'll say it's an FBI issue. You call the FBI and they'll go, we know who they are, we know what they're doing. But unfortunately, because it's below five or $10,000 per individual and because they can't arrest the person, [00:09:00] there's nothing they can do about it.

Right? So it's basically a crime without any prosecution or any legalities associated with it.

Jordan Harbinger: The amount of times that I've had the thought of like, okay, had I stayed kind of a bad kid as a teenager, what would my life be like? Most of the time I'm living in Southeast Asia or Russia, and the, my best buddy who I see for golf every Saturday, I don't even golf, is the police chief of the national security who's on my payroll so that I don't get busted for doing the obvious organized crime thing that I'm running, right?

And I run a scam center. I rent office space from a large real estate company in the center of town. I've got catered lunch. This, this place is Google. You know, I've got my, my employees are well compensated, they're smart, they're bilingual or trilingual folks that are good at English and a couple local dialects.

I've got assistants, I've got a kitchen here, micro kitchen with snacks in it. I mean, this place is the works, and all I have to do is just never go to a country that has an extradition treaty. And you know, [00:10:00] again, if I was a more dysfunctional version of who I am today, that would be more appealing than being a poor and also dysfunctional version of who I am today.

It's not hard to run this stuff. I've worked with, um, some scam center people, uh, counter scam center people, I should say journalists and otherwise, all you need is professionally installed VPN stuff at the router level that they'll run to your office and do it. You could change your, all the ips in your whole office three to every three times a week.

And they'll never be able to block you. These services will never be able to outrun you. You're always gonna be a paying client. Your pay, your checks are gonna clear for the texting company, right? So you are gonna own that company. They're gonna do what you want, like you can acquire people that don't wanna cooperate with you.

I mean, it's really. Maybe you haven't noticed. I've thought about this, like, what if the texting company won't cooperate? You're scared me a little Jordan, you're scared me a little. Yeah, I know. But it's like, buy them, buy them with a shell company and then tell the boss like, you do this, or you're fired.

And they're like, ah, it seems like it might be part of a scam. And you're like, cool. Who's willing to do what I tell them to do? And you're gonna find somebody who's willing to be an [00:11:00] accomplice on the ground in doing what you want. But the bigger question is, a lot of people are thinking, come on man. I run a podcast.

I run a dry cleaner. Criminals don't need any information that my business has. Tell me why that might not be true. Uh, first of all, do you have an identity? I believe I do. Yes. Yes. So questionable one, but yes. Yeah. Especially after this episode.

Eric Cole: So how, how many times do you go to a retailer and they say, if you sign up for a credit card in the store, we'll give you a free account and you can charge it right there.

And if they have your basic information, your date of birth, your last four digits. They could open an account in your name and if it's under a thousand dollars, it basically would be allowed by the individual. So think of how many different people are getting credit cards open in their name. I have this happen all the time to folks, plus do you have a hundred dollars in your bank account?

They don't need to steal a million dollars from one person. They steal a hundred dollars from a million people and it adds up. So the reality is why [00:12:00] would they not go after you? Because if a big company, if you take a big bank, a Fortune 50 company, they're spending $50 million on security. They have 300 people working on security.

They're a hard target, they're difficult to break in, and it would take months and months and months. Question, how many people do you have dedicated to protecting you and your family? Right? Zero. Zero. How much money are you spending? Probably zero or maybe $49 a year. Hey, come on

Jordan Harbinger: man. I got McAfee virus scan over here, or whatever it's called.

So who's gonna be the

Eric Cole: easiest? Target my friend. You're much easier, quicker, and faster to break into. I'd rather break into Joe's dry cleaner and your individual account and steal your identities and your customers. Also your customer list. Why should I bother going in? Trying to go to the dark web and buy individuals.

I can break into the dry cleaner, steal your database of 500 people. Then the local community, and now I can target all of them. I have their email address, I have their phone number, and I have basic credit card information about them.

Jordan Harbinger: Yeah, and I would imagine, look, I live in the Bay Area. You target a dry cleaner in [00:13:00] Palo Alto, California.

You're getting Facebook employees, you're getting executives from all these companies, each of these people's worth multiple millions of dollars. These are valuable identities to steal. This is not a database of teenagers who signed up for a credit card at college for the first time and have a $400 limit or whatever it is, right?

So yeah, that stuff could be valuable. I'm imagining small businesses, essentially, their security policy is, all right, guys. Announcement, I know your passwords are like your dog's name. And then 1, 2, 3. Now change it to your dog's Name, 1, 2, 3, but put an exclamation point at the end of it that's gonna make everything much safer.

Thanks for your attention. I mean, that's kind of like. I mean, I hate to say it, that's every sort of boomer, right? Like you're like, what's your password? Let me help you with this. And they're like, it's Alex, and then his birthday, and you're like, it's your grandson's name and his birthday. That's like in the top five things people are gonna guess.

It's like, oh really? It's like my mom had a friend who used to hide money under the bed, and my mom said. You don't use a bank? And she's like, no, I don't trust the banks. And she goes, well, where do you [00:14:00] hide the money under the bed? And this woman who was like an immigrant from Poland, she turns to her daughter and goes, you told your friend where we hide the money?

She's like, no. Yes. Everybody hides their money under the bed. Exactly. Whatcha talking about mom? This is, everyone hides their money under the mattress. And it's like, oh, okay, I didn't know that. So that's what we're dealing with. That's the level of security we're dealing with cyber wise is the money is under the bed.

Eric Cole: And to make it worse, it's under every bed. So my guess is you probably have three or four passwords that you rotate across all your accounts. What's the probability for the average person that their email, their bank account, their e-commerce and others all use the same or similar password? How many times do you log into an account and it says, this password has been used in a previous attack?

Yeah, you might wanna change it. And how many people say no? How many people deny that and don't change it? So it's one of those where they find out one password from one breach and they get it. And a great example is if you go back three months ago. It was the largest password breach in the [00:15:00] history of the internet.

Over a hundred million passwords stolen. But two things. One, it wasn't 'cause they broke into a large database, it's 'cause they broke into individual accounts, which means individual phones, smart phones and tablets are all compromised because their password is taken. But here's the crazy part. The story broke on the day that we attacked Iran with the mob bombers.

So, oh yeah. I was set to go on the news Saturday and Sunday and every single media canceled because the Iran attack was a bigger story than everyone's tablets and devices. So think about it, hundreds of millions of devices are all compromised. They know all those individual passwords. Yet nobody knew about it because it wasn't newsworthy.

Jordan Harbinger: That's crazy to me. That's crazy. What, when someone steals your car, you know, like right away. But identity theft is scarier because you don't know until someone's like. Wait, I didn't get my tax refund. Wait. It got sent to a bank in North Carolina to a shell company that sort of sounds like the same name as my [00:16:00] company.

What happened there? And it's like, oh yeah. And fake Jordan Harbinger set up another LLC in another state at another bank with your identity information and got your tax refund. And they've been planning this for eight months.

Eric Cole: Exactly. It's happening all the time. And the probability people knowing it is very slim.

Like you said, a lot of people after they do it will realize it. Like you said, your brother I think clicked on the toll booth scam. Mm-hmm. Or your friend transferred the money. But think of how many people don't catch it right away. The issue is if you don't catch it right away, usually within 12 to 24 hours, it's too late.

Mm-hmm. I can't tell you how many times people have transferred money like uh, that bank or that company, and they don't realize it for three or four days later. And by then, because the money is stolen, because it's cryptocurrency. Right. They can't get it back. And the probability is you're liable. If you went in and you transferred money even though you were scammed, it's not the bank's fault.

It's your fault. And in many cases, once the money is left your account, you are the one [00:17:00] liable, not the bank.

Jordan Harbinger: I mean, technically the scammers liable for fraud, but we already covered the fact that they live in another country and they know that you're not going to get them, and the bank is not liable.

Right. You're on the hook, but the remedy is sue the fraudster, which isn't happening. It is quite scary because I do investing here and there. Like I'll get a company that's not gone public yet and they'll say, Hey, do you want some restricted shares or something like that at the current price? And I'm, yeah, sure.

And you put in a certain amount of money and my bank will call me and be like, do you know these people? Are you sure you know these people? Yes. And then what I'll do is, thankfully they do that because it, they probably deal with this a hundred times a day. Whenever I do this, I'm like, I gotta be on the phone with the lawyers who are handling the paperwork for the company and someone from the company, because otherwise I'm not gonna, what you don't want is somebody to go, Hey, we never got your $25,000.

And you're like, but I wired it to you when you either mailed it to me and they're like, we didn't email you. We set up a Zoom call for Monday and it's Thursday. So I'd love to hear a little bit about your time, what you can speak about anyway, your [00:18:00] time with the the CIA and the, I wanna know about the dark web because I think a lot of people are not familiar with the dark web.

They just think it's illegal things on the web, but it's not the same thing.

Eric Cole: Yeah. So I started working at the CIA in the nineties in 1990, to be exact. And the crazy part about it is in 1990 when I joined the CIAI was an AI programmer. I was actually programming neural networks and predictive systems for the counter-terrorist center.

So AI is not new. The ideas and concepts have always been around. It's the data sets. So we had data sets and predictability of the terrorist, and then in 1992, something happened, the worldwide web was developed. The worldwide web wasn't developed until 1992. I joke that Al Gore might have invented the internet, but I actually helped create and build it.

So in 1992, I'm in an all hands meeting in the bubble at the CIA and they're talking about switching communications to the internet. And I did one of the most dangerous things you can [00:19:00] do in the government, and that's ask a question. I raised my hand and I'm raising my hand, and my boss was in the front row with all the execs and she's looking back and she's going like this.

And I thought she was waving to me and I waved back and she was like, put your hand down. You don't ask questions. And I asked a question that changed my life and changed my career, and that was this. How do we know it's secure if we're moving to this new thing called the internet and the worldwide web, how do we know it has security in place?

Well, in the government, if you ask a question and nobody knows the answer, you're volunteering to solve it. Yeah. So they looked at each other and said, okay, Dr. Cole. Well, at that time it wasn't Dr. Cole. Okay, Eric Cole. We'll give you $50,000 in three people. You have six months to solve it. So I thought there'd be mathematical formulas to go in and show how to secure a system, but what I learned is there's no way to prove a system is secure.

You can only prove it's not secure by breaking in or hacking it. So that's when I began my career as a professional hacker where the only way to find vulnerabilities and issues is to hack them and find them before the [00:20:00] attacker does. Wow. And then I started going in and testing our systems, testing other government systems, and also going in and starting to focus on working with the nuclear regulatory commission of how do we secure and protect nuclear reactors.

So I actually have a, a niche where I wrote a lot of the regulations for the NRC of how do we protect, control and secure and lock down our critical infrastructure.

Jordan Harbinger: Critical infrastructure stuff is scary. I, I gave a talk at Defcon, which I'm sure you're familiar with, but for people who don't know, it's the biggest, would you say Hacker conference in the world?

Yes, exactly. Yep. Um, for lack of a better term, and. It's full of exactly the type of people that you would expect, but like brilliant talent pool, like Insane talent pool, they'll, they'll wheel I, I just love it. They'll wheel in ATMs, real ones, and they'll be like, all right, have at it guys. And you'll see these basically kids, I mean, 20 somethings, maybe jury rigging computers that are connected to their laptop, that they feed into the ATM, break it off the front and then they can get these things spitting out [00:21:00] money.

It's sponsored by the ATM company, right? Dbol or whatever, or Diebold. They'll go and they'll say, we're donating three ATMs. We don't really care if they break. Ideally they don't, uh, or are fixable. We want your best minds to hack this. And if they can get the $10,000 out that's in there, they can keep it.

And then they'll hire 'em. They'll hire 'em. Yeah. Yeah. It's signing Bonus pal. How did you do it? Because we need to fix that problem yesterday. Because the unspoken part of that is if you can do this to one a TM and get $10,000 out, you could make your entire career doing this and you would be very wealthy.

But instead, how about avoiding prison and coming to work for us for $400,000 a year or whatever it gets, you know, whatever the pay is for somebody in that position. So this, this conference is amazing and I bring this up because you mentioned our critical infrastructure control. One of the talks that I went to that I'll never forget was somebody showing how basically these systems are from like 1985 and not secure at all.

Are really, really [00:22:00] basic and kind of the, basically the unspoken truth that China and Russia and whoever else has just penetrated the entire United States and probably the whole western world critical infrastructure. And there's not maybe much we can do about that 'cause we don't really know where they are or how to secure these things.

Is that accurate?

Eric Cole: It is spot on and it's happening all the time. And even not at Defcon. But they'll actually go out and post these systems on the internet saying, Hey, we'll authorize you to try to break in. And then this way, if they do, they can hire them. But here's the reality. A lot of those folks, it's actually better and more money for them not to work for the company, but sell it to the adversary.

Because if you go in and find an exploit of a system and you sell it to the company, they'll maybe give you a hundred K, you sell it to an adversary, they'll give you millions of dollars to break in. So like you said, if you were living a different life mm-hmm. And a different focus area, what would be the probability that you would just go in and work for the dark side instead of the good folks?

Jordan Harbinger: I mean, I got such a thrill with the dark side stuff man. I'm just [00:23:00] thankful that I outgrew that stuff very much so my parents even more so probably. Um, but let's talk about the dark web again. 'cause I think people don't know what it is. They don't know. You mentioned it before, Hey, why go to the dark web and buy identity info?

There's a lot more on the dark web and I wanna give a brief primer as to what it even is. I probably should do a whole show about this 'cause I think it's a deep topic, but can you briefly define what it is and what can be bought and sold there? So the dark web is

Eric Cole: basically Amazon for evil people. It's basically where you can buy and sell anything illegal from drugs to weapons, to credit cards to social security numbers.

I mean, you go in and you have basic PII personally identifiable information, the name and address, and a phone number. And that sells for about two bucks a person. You start adding in either credit card or social and you can get up to seven to $10, sometimes $20 depending on how much it's worth. So you go out and you can either buy this information as a criminal and then use it to target it 'cause the [00:24:00] software's available.

So you go on the dark web, you can download software for phishing, you can download the accounts, you can download the information. And for about $20,000, you can make about $20 million within, uh, two to three weeks, if not sooner. And you can then also then take your proceeds and sell it back on the dark web for even more money

Jordan Harbinger: if you have the organized crime infrastructure to do that.

Right? If you, I remember, man, this is a while ago, but I'm sure you know about this. This is probably even 10, 15, 20 years ago. There was a large, I think Ukrainian organized crime ring or Russian organized crime ring in all over, but also in u, especially in Ukraine and in New York, and they were getting tons of credit card and debit card information taking blank cards, which I saw with my own eyes actually in, uh, Ukraine.

Blank cards that had visa hologram stickers on it. Whatever. They would print the, you know, remember you could just press it into the back. You probably still can with credit cards. Press the number into the back, press the name in the back. They would've fake information and they would just program these mags stripes with these MAGSTRIPE [00:25:00] programmers, and they would go to ATMs and withdraw 500 bucks here, or 500 bucks there, burn the card out.

And this guy, he had hundreds of people doing this all over the place. I don't remember the number, but it was something he was making like $20 million a month. And they finally caught him. And I remember one of the funniest things that he said was, I'm, I got so depressed. And it's like, why? And it was just because he, he had gotten everything he ever wanted and more, right?

You're making 20 million bucks a month or whatever it is. But he was under so much stress. And then also it didn't make him happy because he was still a dysfunctional piece of crap. But it was just such an interesting case because you think to yourself, you can just make a credit card and program it with information and then have somebody go to an ATM, withdraw the money.

And the answer is basically, yeah,

Eric Cole: you can. And the tools for doing it are cheap, free, and or low cost and readily available on a dark web. Yep.

Jordan Harbinger: You mentioned you can't prove that something is secured or you can only prove that it's insecure. If you have an interesting metaphor in the book, how something that's secure a hundred percent ish, it means it doesn't work [00:26:00] anymore.

Eric Cole: Can you take

Jordan Harbinger: us

Eric Cole: through that? Sure. So everyone always goes, we want a hundred percent security. Jordan, I can give you a hundred percent security. So easy. You want to be a hundred percent secure. You want your family to be a hundred percent secure. It's easy. Pack up your bags, sell everything. Move to Pennsylvania and become Amish because I'll tell you, I hacked a lot of things in my life.

I have not been able to hack a candle and a horse and buggy. Yeah, nice. It's not hackable. So the reality is, if you have no functionality or no benefit, you can be a hundred percent secure. And to give you a more realistic example, my smartphone, if I wanna make my smartphone a hundred percent secure, it's easy.

Smash it with

Jordan Harbinger: a hammer,

Eric Cole: smash it, burn it, throw it in a ditch, yeah, and turn it off and it'll be a hundred percent secure. But the reality is, as soon as you add any functionality, you're decreasing security. So security and functionality are inverse a hundred percent. Security is zero Functionality. People always come up to me and go, Eric, when I hear I work in cyber, you're gonna tell me I can't do that.

You're gonna say, I can't do [00:27:00] that. I can't do this. You're the no guy. I'm like, Uhuh. I'm not the no guy or the yes guy. I'm the options guy. So what I do with any company, any business, or any individual, I'm never ever gonna say, you should or shouldn't do something. I'm gonna ask you two questions. What is the value and benefit?

What is the risk and exposure? Is the value worth the risk? If the value of benefit is worth the risk, do it. If the value and benefit is not worth the risk, don't do it. And the crazy thing is, that's the exact same advice that Warren Buffett gives in investing. He always says, minimize the downside. That's why Warren Buffet doesn't invest in cryptocurrency, because the upside is great, but the downside is devastating, so therefore it's not worth it to him.

And you have to do the same mindset when you're looking at adding functionality. Is the value of benefit worth it? And a great example is Alexa. When Alexa first came out, everybody loved having her in her home. Because, Hey, Alexa, what's the weather? Or play this song or play this music. And they thought it was the coolest thing on the planet.

And then when [00:28:00] people, two or three years later found out that Alexa is basically listening in on everything you're doing, they're like, wait a second, I don't want a personal device bugging my house. And everyone goes, Alexa isn't listening, she's not recording. I'm like, wait a second. Yes I am. How can she respond if she's not recording?

Right? If you go, if you go, Alexa, tell me the weather, or Alexa played this music, and she responds, she has to be recording what you're doing. And I do expert witness work, and I worked on a case last year. Where it was a crime that committed in an office building that had Alexa. Yeah. And one of the first things law enforcement that's trained well in cyber will do is they'll immediately unplug the devices.

'cause it records the last 30 or 40 minutes. And we actually had a case where Alexa testified at trial. That's incredible. Alexa was actually allowed to be played and I verified and validate the authenticity of it. And she basically testified at trial against somebody and the jury used it to basically prove their Gelt.

Jordan Harbinger: So you can say, Hey Alexa, what's the last 40 minutes of the [00:29:00] recording? And it says, I here, let me play it for you. And it's somebody getting clobbered with a claw hammer in the office building. That's crazy.

Eric Cole: Or in this case it was insider trading in somebody's office and they happened to have Alexa recording the insider trading deal and they were able to capture it on Alexa and play it back.

Jordan Harbinger: That's crazy. I remember it caught a murder a long time ago. Yes. I can't remember the exact details, but it caught a murder and they were like, we need to get those records. And Amazon was like, they don't exist. And they were like, no, no, no. This is a murder. Cut the bullshit. Where is it? And I don't remember the exact outcome, but it was basically like, okay, maybe it's on there somewhere.

Uh, if you can find it. And I, I must have done this on the show. There was another device, I'm gonna throw Google under the bus and I hope that I'm right. It was something like a Google Home, and in the schematic there was no microphone, but in the actual device when disassembled by whatever, whoever it was, Wirecutter or whoever, there was a microphone on the circuit board and it was like, wait, wait, wait.

This isn't on the instructions. It's not a feature of the device. It's not in the [00:30:00] schematic of the device, it's not of the patent or whatever it was, you know, whatever sort of thing. They, it's just sort of secretly in there. And I think the response was, oh, it's not in use. And it's like, well, why did you put that in every device at the cost of, I don't know, an extra dollar?

Then if it's not in use, wouldn't you wanna keep that profit for yourself? The real answer is, it's in use, or we're gonna use it at some point, and we didn't want to have to announce that or tell that to anybody. Right. And it's like, well, so is it recording or not? The answer is always, can you prove it or not?

It's not recording. If you can't prove it is, and if it is, then prove it, and then we'll pay the whatever fine we have to pay to get out of this jam that we found ourselves in. Am I, am I off base at all?

Eric Cole: No, you, you nailed in. And the reality is, and I always tell people the most dangerous word on the internet is the F word.

Now, I, I grew up in New York and the F word was part of our normal vocabulary. Yes. To me, the F word is the most dangerous word on the planet, and it's not what you're thinking. The F word is free. Free is not free because all the [00:31:00] times when you have a free app, you're basically allowing them to access your microphone or your camera or your pictures, and everyone goes, oh no, Eric, it wouldn't be allowed in the app store.

Or wouldn't it be allowed in the Android store? But here's the reality. If they ask you and you say yes, and you give them permission, that's actually an authorized app and is allowed. And the reality is most people don't even realize when they install these apps, they're hitting yes, yes, yes, yes, yes. And allowing access, right?

When was the last time you went under your settings? You looked under, uh, security and you looked under microphone to see how many devices are accessing your microphone. And I'm sure if you pay attention, you'll see this happen. You're talking with your phone to your family or your kids, and let's just say you're talking about buying a new car and you put in a certain vehicle model and a certain type, and you're talking about the car and you're talking this and that about it.

And then you go into Google and you just type the word w. The phrase that automatically appears is, what is the price of this car? Or what is the cost of it? Yeah. And you're [00:32:00] like, and when you start paying attention, you're like, how does it know this? Right? And then you go in and you start surfing social media and all of a sudden all the ads that pop up are for that car that you just talked about and everything.

And, and when you start really paying attention, it's actually freaking scary of how much you're being monitored and tracked with your phones that you don't even realize it. In most government settings, you're not allowed to bring a smartphone into a secure location. More and more companies now are not allowing devices into the boardroom.

You actually have to leave your phone outside in what we call a fairity cage, which I'm sure you're familiar with. If you've go to DEF com, that basically doesn't allow your device to transmit or receive any information. So companies are getting smarter and realizing that you are being spied on, and it's because of the apps you installed and downloaded.

Jordan Harbinger: And if the Russians and Chinese are really hanging out inside our power grid like they're waiting for bottle service, that's not exactly comforting. Here's something you actually do want in your life. We'll be right back. [00:33:00] This episode is sponsored in part by Momentous. I always thought creatine was just for bodybuilders.

Something you took if you were trying to bulk up. Turns out I couldn't have been more wrong. Creatine is one of the most researched and effective supplements out there, not just for building muscle, but for improving brain function, focus, recovery, even healthy aging. It's become part of my daily routine, and I recommend it to pretty much everyone, even my parents.

What's great is that momentous just made taking creatine ridiculously easy. With their new creatine chews, these little lemon lime chews, they taste decent. Each one delivers exactly one gram of pure creatine monohydrate. The gold standard. It's single sourced from Germany, NSF certified for sports and trusted by Olympic athletes, pro sports teams, elite military operators.

What I love most is that momentous doesn't mess around with junk. There's no fillers, there's no artificial sweeteners, just clean tested ingredients that actually work. They spent years perfecting these chews to meet the momentous standard, meaning uncompromising science, meticulous sourcing, and total transparency.

I keep a pack right on our kitchen island so it's easy to grab one on the go. This is creatine done right and the fact that it comes in a chewable form now just makes it a [00:34:00] no-brainer.

Jen Harbinger: Right now, momentous is offering our listeners up to 35% off your first order with promo code JHS. Go to live momentous.com and use promo code JHS for up to 35% off your first order.

That's livemomentous.com. Promo code JHS.

Jordan Harbinger: This episode is also sponsored by Signos. I like knowing why I feel the way I do, whether it's sleep, focus, fitness. I've learned that once you start tracking something, you can actually make it better. Lately, I've been digging into how my body responds to what I eat, and that's exactly what Signos helps with.

Signos pairs a small continuous glucose monitor. One of those little sensors you've probably seen on people's arms with an AI of course, powered app that gives you real time feedback on how food, stress, sleep, and movement affect your body. It's not just about seeing numbers on a screen, it's about learning what they mean for you.

You start noticing patterns like how that healthy banana might spike your glucose more than you think, or how just a quick walk after dinner can bring your levels right back down. It's quite eye-opening, in fact, and it makes eating well a lot more intuitive. People are realizing this tech isn't just for diabetics anymore.

[00:35:00] I know everybody laughed at me when I told you I had a CGM on, and a lot of diabetic listeners were like, you're such a dork. Don't do that to yourself. But it really is a way to understand your metabolism and make smarter choices every day.

Jen Harbinger: Cis took the guesswork out of managing my weight and gave me personalized insights into how my body works with an AI powered app and Biosensor, CIS helped me build healthier habits and stick with them.

Right now, CIS has an exclusive offer for our listeners. Go to cis.com. That's S-I-G-N-O s.com and get $10 off select plans with Code. Jordan,

Jordan Harbinger: if you're wondering how I manage to book all these great authors, thinkers, creators every week, it is because of my network, the circle of people I know I and trust.

I wanna teach you how to build the same thing. It has changed my business. It has changed my personal life. I teach you basic systems, not cringy, weird self-helpy kind of stuff, not cheesy tactics, just really practical exercises and systems that'll make you a better connector, better at work, better at home, even if you're retired, even if you're new to the career game entirely.

Six minutes a day is all it takes, and many of the guests on the show subscribe and [00:36:00] contribute to the course and it's free, no shenanigans whatsoever at Six Minute Networking dot com. Now back to Dr. Eric Cole. I think a lot of people have suspected. That their phone is listening because everyone has had this happen to them.

You go, man, it's so cold out, I would love to go to Greece. And then you open up your phone the next day or even an hour later and it's all ads for like Escape to Greece and you're like, wait. And then someone goes, oh, come on. They're advertising all over. 'cause it's winter where you are. That's all it is.

It's a coincidence. It's confirmation bias because now you're, you were just talking about it, you wouldn't have noticed the grease ad. You've probably seen it a thousand times and you're like, okay, maybe you're right. But then it happens over and over and over and over again and you're like, okay, it could still be confirmation bias, but damn is this, A lot of this is quite coincidental.

You notice it when it happens with something really, really random. Like I was searching for, or I was talking about, this is embarrassing, but whatever. Pouch, underwear, which is like kind of what it sounds like. That is not something that like is being [00:37:00] advertised to millions of people all the time.

Everywhere. These are small businesses. It's a little bit niche and suddenly I was getting a bunch of ads for that and I was like, wait a minute, okay, this is too niche of a thing. Yeah, you're searching for a flight somewhere. Okay, it's winter, it's cold in Michigan. They're giving you a flight to somewhere else.

Fine. Pouch underwear, bro. I don't know man. It's a small marketplace, you know, it's not really like the biggest sort of hottest holiday item that you're gonna get for your friends or anything. It's just a, it's a little bit strange. So that kind of thing always makes me go, okay, this thing's listening to me and there's just nothing I can do about it.

In fact, I leave it right here on the show so it can show me ads about cybersecurity products after the show.

Eric Cole: And I appreciate it. 'cause I have my phone here, so I guarantee you I'm now gonna start getting ads for pouch underwear. So thank you for that. Lemme know. Thank you. Lemme know.

Jordan Harbinger: Yeah, and try it out for yourself.

It's quite comfortable.

Eric Cole: Should I go in when they say how you referred, should I say I was referred by Jordan Podcaster? I'll put your name in there. That's right. Exactly. Put my

Jordan Harbinger: name in there. I might as well be further associated. Yes. With awkwardly branded underwear. So, so it sounds like your point is, [00:38:00] don't ask, is it secure?

Basically ask if the benefit of whatever it is, the software, the device, is the benefit worth the security risk that is inherent in using anything?

Eric Cole: Exactly. And, and the other thing we have to realize is that, and this is a big thing with phones and ai, we can't let it replace human interaction. I sort of have a rule that if you go to dinner with me, a lot of people say, Hey Eric, we want to go to dinner with you.

'cause I'm pretty well known in the space and people are in town and some big names. And I always have a rule. I'm like, listen, I'll go to dinner with you. But there's one rule, you must keep your cell phone in the car or in your pocket. If we are at dinner and you pull out your cell phone and start tracking or texting it, I will get up and leave because that is the rudest thing on the planet.

If we're in a restaurant and me and you are talking and I all of a sudden turn around and start talking to a random person for five minutes and I do that every 30 minutes, you'd be offended and you'd be like, Eric, what the heck? I'm outta here. But yet we let people do that with our smartphones all the time.

Jordan Harbinger: Yeah. It drives me nuts. We have

Eric Cole: to stop going [00:39:00] in and doing that. And also how many times you at a restaurant and you see a two, three or 4-year-old. Instead of the parents talking with them and playing with them and interacting in, they give them their phone or they give 'em an iPad. I see this all the time in restaurants and infuriates me.

You see a family with three or four kids and the parents are not only not talking to the kids, but they're on their phones and all the kids are on their cell phones. And I'm like, why are you going to dinner? This isn't dinner. Right. This is basically you interacting individually with other people and ignoring your family.

Jordan Harbinger: Yeah. I will say in defensive parents, 'cause I have two little kids, sometimes it's the only break I get all day. Yes. And I'm like, look, I can't, otherwise I'm stuck feeding them the whole time. And it's just, it's, it's, it can be annoying. I agree. It's a crutch, but man, I have a hard time coming down too hard on parents for wanting a solitary 45 minutes where they can have an adult conversation.

Well, which

Eric Cole: is okay, but then the question is this, are you consciously aware. Of the games they're playing and the apps they're being shown because most parents don't want to [00:40:00] pay the 7 99 and they give the kids free apps and basically look at the ads that are showing up. Those ads are raising your kids.

Are you actually aware and know that, so, yeah. Yeah, that's true. If you wanna make a conscious decision that, listen, I need a break for an hour and I'm gonna allow the internet raise my child for the next 60 minutes, that's okay. But are you consciously making that decision and allowing someone else to raise your kids for the next hour?

Jordan Harbinger: Yeah, I mean, I'm with you on that. We don't allow them to use any sorts of apps that are not education games. They love those, you know, where they learn little math skills or different colors, depending on their age. We let them use that stuff. But yeah, you're right. My Apple bill every month is like a hundred bucks.

'cause it's like you pay for this and you pay for Disney Plus and you pay for the 'cause. I don't want, I, man I, I'll tell you, I was watching the show the other day on Amazon Prime video. I don't have the fancy ad free one. 'cause I never watch anything. I mean, I, I have two kids in a business. When am I gonna have time to watch anything?

So last night my wife's like, we gotta watch this show. Everyone says it's great and we watch an episode of it, but it has ads in it. And they're like two minutes long. And I'm [00:41:00] like, I don't buy Tide. I don't give a crap about this. How much does it cost to get rid of this? And it's like 7 99 a month. And I'm like, just pay this.

I don't want my show interrupted all the time. But you're right. You're giving this thing to your kids and it's like, buy this crab, buy this toy, here's another, or worse. But man, even YouTube makes it kind of hard. You have to, I thought, oh, I'm just gonna block annoying channels that I don't like. There's an unlimited number of stupid, boring, not educational channels where they don't talk, they just make little noises and throw things and make big messes.

There's a million at least, and I'll block it. And then the next one that comes up is just people of a different ethnicity doing the exact same thing in a different half-assed language. And I'm just like, oh my God, you can't, there's an un This is the formula. There's people making so much money off these.

There's an unlimited number of those. But, uh, back to, uh, back to actual cybersecurity, we touched earlier about how the Russians and the Chinese, et cetera, are in our power grid and companies right now. How do we know that that's true?

Eric Cole: Uh, because they'll tell you if you actually go in and ask [00:42:00] the modern power grids or check the internet, if you actually go in and look at the amount of data breaches.

'cause here's the reality. They are publicly traded companies, and the SEC passed the law that if you have a breach or you think you've been compromised, you have to publicly disclose it in your SEC filings. So go to the Google and do this. Go how many power grid companies or how many infrastructure companies have had data breaches that have been give in their SEC disclosures or use AI and ask ai.

And you would be shocked of how many companies would come up in your list. But the reality is people just aren't looking and the media's not covering it. So they're actually going in and telling you this. But here's the, the good part, the only good news, they're in our power grids, but they're in theirs.

So this is like, they're a cold war with Russia. Where Russia had enough nuclear weapons to destroy the country, and we had enough nuclear weapons to destroy Russia. So neither side would launch a nuclear weapon 'cause it would basically result in [00:43:00] mass destruction and devastation. So even though they're in the power grids, it doesn't make sense for them to actually take it down because we would attack them.

And here's the other part. China needs the United States to have a healthy economy. China doesn't want to bankrupt the United States. They wanna steal our intellectual property. Russia would go out of business if the United States banking system crashed because they would not make the hundreds of millions of dollars in cybercrime.

They need our banking infrastructure to be healthy. They just wanna steal and take enough from it that it impacts you and me, but it doesn't devastate or take down the system. So the fact they're in that critical infrastructure and we've seen a colonial pipeline. Remember that attack a couple years ago where it took down?

Yeah. Uh, it might not have impacted you. 'cause it's funny how a lot of people on the west coast didn't realize it, but I live in Northern Virginia and we had five days where gas stations were closed. Geez. Like people were starting to freak out, like going, there's lines at gas stations, you couldn't get gas.

Are we gonna actually have to [00:44:00] walk to the store and take bikes? But it was a reality that hit the East Coast. And the thing is, the way you protect critical infrastructure is by air gapping it, not having it connected. But here's the issue. Companies are getting lazy and going, wait a second, having our critical infrastructure air gap is difficult and hard to bill.

So what's the real issue? We haven't had an attack in three years. So they start connecting it to the internet and then all of a sudden the attackers get in. And these breaches are happening so much that, as we said earlier, media's not covering it and media just doesn't care.

Jordan Harbinger: Yeah, I've told the story a couple times on the show, but I had a, an acquaintance whose father, I think it was worked for, the power company, or of cri, I should say, critical infrastructure back in Michigan.

He, one time he was like, yeah, if you go down this tunnel, there's this stairway and it goes down, down, down, down, down. I'll show you guys some time. All of our computers and systems are down there. And we got, I was like, oh, doesn't it flood? He's like, no, we got pumps and stuff and there's occasional leaks.

We're having it repaired right now, but when it's done, I'll [00:45:00] show you. And I was like, so every time you gotta go to work, even in the winter, you've gotta go like down into this cold ass tunnel underground. And he goes. No, no, I just dial in from home. It's like the whole thing is in a tunnel so that it can't be bombed or something.

But like it's got a little phone wire that sticks up and you could dial in from your crappy modem in your home office 'cause it's cold outside. And I'm like, oh my God.

Eric Cole: If only the hackers had thought of that and, and that's what happening is Hollywood movies are no longer fictional. And you, you say that with a dial up, but watch the movie war games.

Oh,

Jordan Harbinger: I love that movie

Eric Cole: so good. Where basically a kid was able to access and log in where he was just war dialing and found these systems. Yeah. If your friend and others are working from home, COVID was the worst and most devastating thing for cybersecurity because it basically took all of our critical infrastructure, all of our banking systems, and allowed people to work remotely.

Well, if you could log in remotely with a user ID and password, how hard will it be for an attacker? And the better [00:46:00] part is they don't even need to steal your user ID and password. They just compromise your system. We talked about phishing attacks where you click on a link and it compromises your device.

What if it's not to steal your bank account? What if it's not to steal your personal identity, but it's to actually put an agent on your system so the next time you VPN or connect to your company, it actually rides that connection in. So even if you're using two factor to authenticate, it's already compromised your system.

So once you two-factor authenticate, it's using that compromise connection to break in to your company, plant malware, and just navigate through your entire company.

Jordan Harbinger: That makes sense, right? It just waits for you to authenticate and then whatever it attaches a malware payload to something you're doing in the system or, or something along those lines.

Yeah, that completely makes sense. So the good news is we're also in China and Russia's systems. Is that what it is? It's like you shut down our power grid, we'll make sure that yours is also shut down. Is that kind of where we're at with this whole standoff Deante thing?

Eric Cole: Yeah. So it's twofold. One, that's true.

If you break into ours, we'll break into yours. But the bigger part [00:47:00] is how can China go in and steal our intellectual property if our power grid is down? If our systems are down? Yeah. So they don't wanna take down our systems. They wanna just go in and access and monitor it. And you see this all the time where telecom and sell networks are compromised.

They're not trying to take it down. They're listening and gathering data. There's a reason why TikTok is so worth so much to the Chinese because they're gathering data. They have information on American citizens for the last 12 years, and that information's valuable. And we're looking at, okay, we're going in and gonna make TikTok a US-based company, but nobody's talking about, what about all the servers and data centers in China?

What about all that information that's in there? And then we joke that we don't want China to have all that information. So we're okay with social media having that information. We're okay with Mark Zuckerberg having that information. And then the crazy part is. There's a reason why Larry Ellison from Oracle is one of the prime bidders who's most [00:48:00] likely gonna acquire and take over TikTok.

He's a database company. He wants data on individuals. Why in the world would Oracle wanna own TikTok? Why in the world would Oracle wanna own one of the largest social media platforms? It's not the social media. It's all the data they can gather and store in their databases so they can do correlation and analysis.

Jordan Harbinger: I would love to talk about why Russia disconnected from the world internet for 24 hours. Do you remember this, by the way? This is a couple years ago. Yes. So tell us what happened because I, my buddy's is a very sort of high level cybersecurity dude. In fact, I'm, I'd be shocked if you don't know each other, but he messaged me and was like, this is a big deal because, well, I'll let you explain the reasons.

Eric Cole: Yeah. So almost every major company, except the United States, actually have connection points to the internet where they can disconnect because here's the reality. They wanna be able to run independently and stop a cyber attack. So if there was a major cyber attack against Russia, they want to be able to disconnect and control and [00:49:00] limit that information.

So they go in and every year they disconnect from the internet for a day or two to be able to prove that they can be resilient and reside without it. When the attacks began between Israel and Iran, Iran disconnected from the internet for three weeks to be able to stop or minimize attack vectors. And the crazy part is the United States is the internet.

We created the backbone of the internet, so we can't actually disconnect. We basically are the internet. So everybody is always asked and every president asks the same question. What are all our connection points to the internet? And can we disconnect? And the answer is no, because we are the internet. So what we should be doing is instead of spending trillions of dollars on paving our roads or doing all these big beautiful bill stuff, we should be spending trillions of dollars of building a separate isolated internet.

So at least the government can disconnect if needed. We could disconnect if needed, but because we can't disconnect from the internet, [00:50:00] we are a major target. If a major cyber war broke out, China could disconnect. North Korea could disconnect. Russia could disconnect. The United States can't. So that's significant.

Where they actually can control and minimize cyber attacks, we can't.

Jordan Harbinger: That's interesting. I mean, I guess what you need is somebody who's in charge of things with the balls to say. You're cyber attacking us, we can't cyber attack you back. What we're going to do instead is take out a couple of your ships or oil rigs or you know, make sure you clear your personnel from this infrastructure because if we can't hack it, we're gonna level it.

You just need somebody who's willing to escalate to that degree and call their bluff because it seems like that's what they're planning. They're planning on being able to attack us and we can't defend in kind. But if we can't defend in kind, we have to escalate or do something in a different way.

Correct. That is correct, yes. Additionally, look, I know that you had mentioned in your book the Chinese embed malware in our devices when they manufacture them is, can you explain this? Because I think a lot of people don't understand what, how something that's not [00:51:00] a personal computer can have software on it, for example.

Eric Cole: So we go in and it's not a coincidence that everyone says China is one of the major people attacking the United States. When you go in and look at who the top cyber threats are, China is always at the top of the list. We're afraid of China. We're concerned about China attacking our systems. But do me a favor.

Take any electronic device, any tablet, any computer, any smartphone, and flip it over. What do you see on the flip side? Made and made in China? In China? So we're sitting here and saying that we're concerned about China attacking us. Yet all of our hardware, all of our chips, and all of our devices are made in China.

And what's the probability that they're putting malware in those chips? Malware can reside on any hardware, any firmware, or anything else. So now we go in and imagine if all of our devices have some sort of malware installed and they just didn't activate it yet. They're just actually waiting for the right opportunity to activate the malware.

What would this malware [00:52:00] do, for example? Listen to what we're saying. Capture personal information, capture personal data, or potentially go in and start capturing all of our credit cards or our bank accounts or our passwords or our information, because basically if it's on our device, they can listen and capture everything we're doing and everything we're saying.

Do we have

Jordan Harbinger: proof of the malware being installed on it, or is it just like, Hey, if they're smart and they are, they're definitely doing this.

Eric Cole: It's definitely more the latter because we're not going in and checking or verifying the integrity of those chips, right? We're, we're going in and we're terrified of TikTok because it's a Chinese owned company.

Yet we're not afraid that every one of our chips are manufactured in China. It's a double standard. If we don't think that China should own a social media platform like TikTok, and we're putting so much energy and effort, why are we allowing a Chinese company to own all of our chips and all of our hardware devices?

Jordan Harbinger: I mean, look, I agree with you. There's some other horror stories that were quite interesting. One was a home sale. The couple got, there was a hacker in the real estate agent's [00:53:00] computer, told the couple who was buying a house to wire their money to a different person. They wired their money to a thief. The real estate title company never got, or escrow company never got the money.

These people lost their life savings, or at least part of it. Um, really, really sad. Uh, there was another one where the Chinese company was negotiating to acquire another company and they were monitoring the email and saw the bid and said, we know the lowest bid you'll take, so here you go. But I would love to know more about risks I might be at as a public figure everyday.

Joes, of course, the home sales stuff is bad, but there's one that I thought was quite interesting. This guy's credit card gets stolen because his speaking gig was public. Can you take us through that story? That was kind of a little bit of a plot twist for me.

Eric Cole: Yeah. So you go in and an executive at a company, whether it's CEO or COO or CFO.

They're speaking at conferences. It's pretty well known. Like you go in and you look at these large events, you can go in and see where these people are speaking, right? They're on the speaking circuit, [00:54:00] so you can go in and see that so and so is actually speaking at an event, at a large conference, at a certain hotel in a big city.

So they knew that, and they knew that his keynote was at 10:00 AM in the morning. So at 10 0 5, they basically called the executive's assistant saying, listen, we have your boss checked in at this hotel. And if we don't get credit card information, 'cause their credit card failed, we're gonna actually have to kick 'em out of the room within the next, uh, 60 minutes.

Oh wow. And the exec is like, wait, my boss is speaking. If they come back and they've kicked outta their room and they lost all their stuff, they're gonna be upset and angry. And it sounds legit. It's from the, the right hotel. It's from the right person. So they go in and say, okay, let me give you a credit card or billing information to be able to charge us for his room.

And it's basically a scam. And by the time they find out, or in some cases, the assistant wouldn't even tell the person. They're like, oh, it must be legit. And they don't talk to their boss for a couple days and they don't say anything. And by [00:55:00] the time they either realize it or get the bill, the money is gone and the account's been charged.

Jordan Harbinger: Wow. Yeah. That's crazy because of course you're gonna promote your speaking event. Yep. This is the modern day equivalent. I remember when I was a kid, my parents used to say, never tell your friends if we're going on vacation. Thankfully, we just never went on vacation. But they would say, never tell your friends if we're not gonna be home.

Because not that your friends are bad people, but they could say, oh, Jordan's going out of town. And then the older brother hears it and he tells his friends and they say, well, where does he live and when is he leaving? Because we can go and rob the house while they're gone. You know, it's those those little innocuous things that you don't think of because you're not a thief.

People do impersonate me. They'll try, they'll message people on social media from like a crappy fake Jordan Harbinger and they're like, I've lost all my luggage and I'm in London and I know you're a fan of my show. Can you please wire me $5,000 or can you give me $5,000 in Apple gift cards? 'cause that's the only payment this hotel is taking.

Or you know, just some ridiculous nonsense. Luckily, my show fans are not brain dead. And so they message me and go, here's a, I reported this account, but [00:56:00] they're impersonating you. And you know, Instagram will take care of it, but it, this happens so much that it must be working at some point. Otherwise they wouldn't do it.

Eric Cole: You nailed it. Like people go in and say, why is this happening? Why, why do I keep getting it? It's because it's working. Why do you think you're getting so many toll booth scams? You might not click on it, but people are, because that's why they're doing it. And a funny story there. I had a friend of mine that's a pretty well known social media influencer.

His social media got hacked. It sent messages to all his friends saying, Hey, I'm, I went on a last minute vacation. I'm stuck here. You know, I mean, he needs to transfer money. And the funny part is, all of his friends were savvy enough and didn't click on the link. He calls me up and he's pissed.

Jordan Harbinger: Yeah. My friends don't give a crap about me.

Exactly. He

Eric Cole: goes, he goes, Eric, if that was real, none of my friends would've gave me money. He goes, and I'm like, dude, you, you're missing the point here. And he was actually annoyed that none of his friends cared enough about him to actually do it. That's funny. But you, you go back to the posting that you going on vacation.

There used to be a site called Please Rob me.com.

Jordan Harbinger: Oh no.

Eric Cole: And it would [00:57:00] basically go in harvest, social media, look for people posting pictures on vacation. They would go in and look for personal pictures with that had your geolocation. 'cause when you post a picture, most people don't realize the metadata shows where you live or where it was taken.

And then they go in and if you put in a zip code at the please rob me.com. It would not only show you all the houses that they're on vacation, but it would use public records to determine how much the house was worth. Wow. And it would actually do dollar signs. So if the house was a hundred to 200 K to have $1 sign, two to 300 have $2 signs, 500 would've $3 signs.

And it actually was not illegal because it was using publicly available information. It got such negative publicity that they actually had to take it offline, even though they just did it at a public service, not because they were doing anything wrong or breaking any laws,

Jordan Harbinger: right. This was to attempt to show people that they shouldn't post these things, but the solution was, Hey, stop reporting on this bad security practice.

It's making people scared. Yep. [00:58:00] Oh, that's so typical. Somehow that's like, we don't have COVID anymore. How do you know? Well, we stopped testing for it. Yes. So the test results are showing zero cov. It's like that kind of thing. Oh man. And on the dark web, you can buy everything from stolen tax refunds to malware kits, basically Etsy for criminals.

But if you want something that's actually legal useful, and won't get your door kicked in at 6:00 AM check out our sponsors. We'll be right back. This episode is sponsored in Part by Factor. Fall always feels shorter, busier schedules, darker evenings, suddenly dinner's the last thing you wanna deal with.

That's why our Family Loves Factor, their Chef Prep. Dietician approved meals make it easy to eat something that's actually good for you and still tastes amazing. Even on hectic days, we've used Factor for years, they've seriously upped their menu now offering premium seafood like salmon and shrimp at no extra cost.

They've also added GLP one Friendly Meals, Mediterranean Diet Options, blue Zones, packed with protein and healthy fats. And this season they're rolling out global flavors inspired by China, Thailand, and more. So you never get bored. It's no wonder 97% of customers say [00:59:00] Factor. Help them live a healthier life for us.

It saves time, cuts stress, and the food is always great.

Jen Harbinger: Eat smart@factormeals.com slash Jordan 50 off and use the code Jordan 50 off to get 50% off your first box plus free breakfast for one year. That's Code Jordan 50 off@factormeals.com for 50% off your first box, plus free breakfast for one year. Get delicious.

Ready to eat meals delivered with Factor Offer only valid for new factor customers with code and qualifying auto renewing subscription purchase.

Jordan Harbinger: This episode is also sponsored by Progressive. You ever find yourself playing the budgeting game, shifting a little money here, a little there. Hoping it all works out well with the name Your Price tool.

From Progressive, you can be a better budgeter and potentially lower your insurance bill too. You tell Progressive what you wanna pay for car insurance. They'll help you find options within your budget. Try it today@progressive.com. Progressive casualty insurance company and affiliates. Pricing coverage match limited by state law.

Not available in all states. I've got homes.com is a sponsor for this episode. [01:00:00] homes.com knows what when it comes to home shopping. It's never just about the house of the condo, it's about the homes. And what makes a home is more than just the house or property. It's the location. It's the neighborhood. If you got kids, it's also schools nearby parks, transportation options.

That's why homes.com goes above and beyond to bring home shoppers, the in-depth information they need to find the right home. It's so hard not to say home every single time. And when I say in-depth information, I'm talking deep. Each listing features comprehensive information about the neighborhood complete with a video guide.

They also have details about local schools with test scores, state rankings, student teacher ratio. They even have an agent directory with the sales history of each agent. So when it comes to finding a home, not just a house, this is everything you need to know all in one place. homes.com. We've done your homework.

If you like this episode of the show, I invite you to do what other smart and considerate listeners do, which is take a moment and support our amazing sponsors. They really make this show possible. All of the deals, discount codes, and ways to support the show are searchable and clickable at Jordan harbinger.com/deals.

[01:01:00] If you can't remember the name of a sponsor, you can't find the code, just email meJordan@jordanharbinger.com. I am happy to surface codes for you. It is that important that you support those who support the show. Now for the rest of my conversation with Dr. Eric Cole, you mentioned in the book that thieves will pay up to $500,000 or more for a CEO or an executive's laptop because the data on it is worth millions.

So do executives get training on not letting their laptop outta their site? 'cause like, I feel like I see people leave their laptop in hotel lobbies all the time when they, they ask me to watch it while they go to the bathroom and like I'm an honest person, but like, they don't

Eric Cole: know that Exactly. Or, or people forget it.

Or one of the big scams they have to be so careful of is you're going through security and as an exec or somebody, uh, if you don't have TSA pre, you have to take your laptop outta your system. So they go in and they say, Hey, I'm in a rush, or this or that, and they incidentally cut in front of you or they split up.

So they'll have somebody that targets you as an [01:02:00] exec, they'll go in front of you and then they'll go through security and then you'll go to go through security and the person in front of you that works them screws around, it delays, right? It will screw around or their watch or their ba and it's like, wait a second, please step out.

Please step out. And by the time you actually get through, your laptop is already cleared and they've taken it. And once again, this happens all the time. It doesn't have to be a lot of people, but if they just do enough of these scams, it works and it's payout for them. Crazy. Even if the data on there is encrypted, like even if they have file vault on or whatever it's called.

Exactly. Because, but once again, they probably already might have installed malware systems, so they already have access. Or how many execs, and I see this all the time, is you look at their laptop or their tablet. They have a little sticky pad that actually has their username and password written down. No.

Stop. That's so stupid. I mean, yes, dude, that is all the time. I mean, I just look on airplanes. When you see executives working and I constantly look down at their laptop and you see a little sticky note that has their password [01:03:00] written down on a little post-it note.

Jordan Harbinger: I have told people not to do that. I'm like, look, I'm not looking at your screen, I promise.

But whatever's on that note is something everyone can see and they're like, oh, it's fine. It's just something temporary. And I'm like, but you're still using it, right? Yeah. They're like, okay, you got me on that, right? Like, maybe you only are using it for this flight. It's brand new and you're about to go in there and change the password.

How much time do you think I need in that system? If I'm sitting next to you and just got a dumb curiosity in boredom on that flight, what if I decide to log into whatever you're in right now? How much time do I need to make a problem for you? And if the answer is a few minutes, then that's too long to have that thing up there.

You mentioned actually that most cyber attacks, like heavy duty infiltrations of systems are not detected until the theft of data gets so large that it impacts server performance. Can you explain what you mean with this?

Eric Cole: Right, so an attacker breaks into a system. They go in and they'll access a user account, and then they'll set up pivot points where they'll slowly pivot into the network server after server after server to [01:04:00] get to the critical system.

And most of the time these attacks are detected by it, not by cyber, because what'll happen is they'll all of a sudden have performance issues. So you'll have a database server. That was actually running and it was running at 60% performance and all of a sudden within two weeks it goes from 60 to 95% and now transactions aren't being done.

And it goes, wait a second, why did our performance almost double within two to three weeks? And it's because instead of users downloading two or three records, it's now downloading the entire database and it impacts performance. So most attacks are detected by performance of it impacting the systems and not because cyber's actually detecting or catching 'em.

Jordan Harbinger: I see. So it's basically like, why is this thing ground to a damn halt? And the answer is, oh, someone's, someone got greedy and started taking way more data than they probably should have to stay under the radar. Crazy bingo. I heard we even get cyber attacked by the uk. That was a plot [01:05:00] twist for me. Is that just a threat actor routing attacks through the uk or are people in the UK actually attacking the United States?

Eric Cole: It's both. Okay. Here's the reality. On the internet, there are no allies. Because what stops an individual who lives in the UK or an attacker living in the UK of attacking our systems. Nothing. We're just as vulnerable and we're just as exposed from the system. So it's actually not only are attackers VPNing in from the UK because we're not blocking those IP addresses, but why would attackers not live in the UK or Canada, or other potential companies that are allies and attack our systems?

It's individuals attacking it, not the government. And individuals don't follow laws and don't have allies.

Jordan Harbinger: This makes sense. I was just wondering if it was a state actor, you know, coming from the uk, but you mean individuals. I mean criminals, right? No honor among thieve. I know that we, in the past we thought maybe Iran wasn't attacking us, but it turned out they were just routing attacks through China.

Why would China allow an actor like Iran to route attacks through China? Doesn't [01:06:00] that make China look bad? You know, doesn't that anger China

Eric Cole: as well? It does, but once again, their systems are just as vulnerable as ours, so why go in and you don't think Chinese systems are compromised and Chinese systems are broken into and individual users are being targeted, so why not go in and just hide under the radar if we know that we're getting large number of attacks from China and 10% increase?

I see China doesn't care. We don't notice. And so the idea is why go in and have Iran attack us when they can just go in and slightly increase the amount of attacks from China and just hide under the radar?

Jordan Harbinger: Yeah. Yeah. This makes sense. I think North Korea attacks us from China too, doesn't it? Because they just don't have a robust enough infrastructure to do this locally.

A friend of mine who works for a contractor told me that the North Korean attacks come from Beijing pretty much all the time. That's pretty much ex exclusively. Yep, exactly. There are ways to kill people using cyber. I think that's important to note because a lot of people don't really, they'll go, oh man, you know, they shut [01:07:00] down.

Our internet systems are banking. Okay, that's bad. People can't buy things, but at least no one's gonna die. That's not necessarily always gonna be the case. Right?

Eric Cole: Right. So just think of how many embedded devices people have in their system, whether it's a pacemaker, whether it's a monitoring device. We are putting more and more computers or chips within humans, and what stops an attacker from targeting, breaking in or going after those different systems?

And not only that, but even in hospitals. What if attackers can break in and impact life support or take down medical monitoring systems that are keeping people alive or safe? I mean, anything running on a computer can be hacked and we're keeping people alive and we're embedding computers and individuals, so why not attacker go after those?

Jordan Harbinger: You know, that's interesting. I, I went to a hospital once recently, and I'm trying to, I gotta sort of anonymize this, but basically the equipment I saw was running on. Something like, what is it called? Windows 2000 or something like that. It was like, or Windows [01:08:00] Me. It was something so old that I remember going, what the hell?

And I commented to the tech, I said, why they don't update this? And he goes, this is all sort of customized for this machine. And I said, but it's Windows. And he goes, yeah, but it's got, it's like stripped down and there's stuff added to it. You can't just throw a CD in here and, and put the newest version of Windows on there.

And so that of course begs the question, so how do you do security updates on this thing? And the answer is, you just don't. Right? You get this machine. What you pray to God is not for something terribly important. And also you really hope it's not connected to the internet at all. But who knows? And you just hope that it's secure enough as is to do its thing without any security updates for the last 25 years.

Eric Cole: Exactly. 'cause when you're looking at critical infrastructure, hospitals and banks and others, what's the most important thing? Availability. Those systems need to be stable and available. And what makes a system unstable, updating or changing software? So you now have the choice is [01:09:00] do they update patches all the time and make the system unreliable with updates and software?

Or do they basically say, in order to install a patch, it gets to get improved and verified by the vendor? And that takes years upon years to do so. These systems are just sitting wide open and exposed. And you probably heard last week, AWS went down for 12 hours.

Jordan Harbinger: Yeah. We all notice that because everything stopped working from my mattress to Reddit.

Eric Cole: Yeah. And, and you go in and think about that. AWS has stability. It has reliability. I mean, it should stay up. AWS doesn't go down. It shouldn't go down. So the fact that it went down and it took down ring doorbells, people's security systems were down, their banks were down. E-commerce, I mean, it impacted a large number of people.

And if that can happen to Amazon, it could happen to anybody.

Jordan Harbinger: That's right. Yeah. That's a good point. Amazon has, I have it on good authority. Quite good. Cybersecurity and cyber people working on AWS the backbone of the entire fricking internet. Right. Much more than you [01:10:00] would have at your a standard hospital.

Yeah. It seems like you could change hospital records, you could change, I mean, you don't even have to have a machine turn off somebody's life support when they're breathing. You could just change a record that says that they need a different dose of something, or that they're supposed to be dosed with this or that they're supposed to get this particular thing amputated instead of this other thing.

I mean, who knows? Um, who knows? You could disable the safety system in a car potentially. It just really seems like this kind of thing is, is hard to defend against. Like I mentioned earlier, any sort of cyber war that comes from a state actor could become hot because of the response chain, right? If you can't hack North Korea back or China back or whatever, Iran back, you blow up an oil refinery because that's the only way to sort of show them that we're paying attention, and that is problematic for a lot of different ways.

One of the tips in your book is to use a credit card and not a debit card. I agree with that. Credit cards, they're responsible for fraud. Uh, essentially debit cards. Your bank makes you responsible for it until you [01:11:00] can twist their arm enough to give you their money back. Have you heard this sort of, I don't even know if you could call it a scam, but I guess it's a scam.

North Koreans getting remote IT jobs and just not turning on the camera or pretending that they're in China, or pretending they're in Korea, or even pretending they're in the United States and they'll get a job with a company. And they often will pay someone locally, like they'll offer, Hey Jordan, we'll give you a thousand dollars a month if you set up this laptop on your internet and let these people VPN into it.

And you're like, okay, I could use that money. I don't know what they're doing. And so these people will get jobs and I don't know if they're doing the job and funneling the salary back to the regime or if they're stealing the IP and giving that to the regime. Probably a little bit of both. Have you, have you heard about this or am I talking to myself?

Eric Cole: Absolutely. I mean, we, we, we work on trade secret cases all the time where it's basically foreign adversaries or foreign governments have planted an individual at a company, and it's not what you think where they get hired and steal right away. They work for four or [01:12:00] five years, they get promoted, they get well known, they work at key positions, and then after four or five years, they slowly start stealing, gathering data, or they do what we've seen with Robert Hansen and Aldrich Ames with the CIA and the FBI.

They just recruit somebody. How many people out there that are getting paid 200 KA year? If you go in and say, Hey, we'll give you another 300 K if you actually install malware or copy data to USB drive or steal data, and then many of 'em will do it. Or you go in and you say, oh, no one would ever steal from the company.

Watch the movie Firewall Firewall with Tom Harrison. He was actually a chief information officer for a very, very large bank, one of the most moral, ethical guys on the planet. They kidnap his family and they say, unless you install this software behind the firewall and you allow us to steal data from the company, you'll never see your family again.

And my question is, you might be the most ethical person on the planet. If somebody kidnaps or blackmails you and it could ruin your life or [01:13:00] ruin your family, everybody could pote be a potential insider.

Jordan Harbinger: Yeah. No, this is true. This is true. What's the craziest security risk you've seen? I don't mean like default password on a critical database, but is there anything that stands out as like, holy crap, I can't believe that that was allowed or, or how that, that was so risky.

We're just so

Eric Cole: lucky that didn't go wrong. The craziest thing is BYOD, bring your own devices. If you remember like 10, 15 years ago, we made a big stink of if somebody was gonna access corporate data, you had to go in and use a corporate device, and then that became too expensive to give everyone their own smartphone.

So now we allow BYOD, how many people's personals devices. That have known passwords, known free software on it, are allowed to access and connect to the company's network. How hard would it be for somebody to go in and with a free app, install malware on your system, and then use that to basically compromise your email or your company's VPN?

'cause you have that all installed and set up on your personal device.

Jordan Harbinger: Yeah, that makes [01:14:00] sense, right? Because I, and I get it, I don't wanna carry two cell phones, one for my online telehealth company and one for me. Come on man. Just let me use my cell phone for the, and I'm only gonna answer email on it.

What's the big deal? And the big deal is it's also got a VPN on it and it's got company documents and I'm in the Google Drive that's shared with the company and I'm also on the company box and all this stuff. Yeah, that's a good point. I had not thought about that. What would a cyber nine 11 look like?

Eric Cole: It's what's happening right now. Is they're compromising individuals. They're stealing passwords from you and me and your family, and they're slowly exfiltrating data. But because it's death by a thousand cuts where they're slowly taking information. Here, here and here we already are in a cyber nine 11.

Look at what happened. I told you a couple months ago where the biggest password breach occurred of hundreds of millions of passwords, and it wasn't because a large database was compromised. It's 'cause all those individual systems were compromised. A hundred million personal devices is a cyber nine 11.

It is happening, but [01:15:00] because it's so small and it's death by a thousand cuts, nobody's responding or reacting and the media's not covering it yet. It's slowly bleeding information from us, bleeding trade secrets and hurting us. Yet no one's aware because it's happening so slow and low.

Jordan Harbinger: I heard you were in essentially in charge of whether or not Barack Obama was allowed to carry his cell phone.

That's it's crazy. In 2025 to think a president would have his cell phone. Tell me about that.

Eric Cole: He was one of the first presidents that actually wanted to have a smartphone or a Blackberry, and everyone was like, oh, we need to secure and protect it. My issue is I don't care whether he had a device. What I worried about is the tracking of it.

Imagine if you could pinpoint where in the White House he was located. Imagine you can pinpoint where he was traveling or where he went on vacation or where he was, because he basically was having a personal tracking device. So my whole issue was not that he had, it was how do we go in and hide and mask the location?

So this way somebody couldn't find or identify where he [01:16:00] was. So we actually had to go in and put different various VPN devices and remote devices that basically hid his location or covered where he was. So somebody couldn't actually use it to track or find or identify him. It's not that they had access, it's where was he going and what was he doing.

And a great example is when I worked at Lockheed. If you remember the Joint Strike Fighter? Yeah. It was compromised by the Chinese. Right? And everyone was like freaking out going, they have access to the joint strike fighter. And I'm like, I don't care. 'cause guess what? The Chinese already had access to that information.

What I worried about was not that they had access, but what did they modify or change? 'cause if I was the Chinese and I broke into one of the most sophisticated airplanes, I wouldn't go in and try to steal the information. I would embed code into the system. So now I could modify change or alter flight control systems or weapon control systems in flight of these aircraft if there was a national attack against China or Russia.

So it's [01:17:00] all about not getting access to the information, but about the identification, integrity, and verification of that data.

Jordan Harbinger: Yeah. That's quite scary man. There's a lot here. I appreciate it man. This is an interesting set of topics, man. If it really touches on IP theft from nation states and even securing our own routers, 'cause they're made in.

China or our own devices or not using free apps. I mean, there's a lot of practical takeaways here. Very interesting subject and frankly, I, I think it's quite important. Obviously that's why you're on the show, but I'm, I'm disappointed other people maybe disagree. Right. I dis I'm, it's sad to me that we care more about a big bomb being used in Iran, granted, interesting than we do about the fact that we are being infiltrated and essentially attacked every single day to the point where it has become boring

Eric Cole: to the news and media.

Is that accurate? It's common. It's so common that, hey, why cover something that's so common and happens all the time. Right? But it's just not a big enough story. It's like violent crime.

Jordan Harbinger: Oh my god, [01:18:00] my grandma got mugged at gunpoint. Well, that happens a lot here in South Africa or whatever, right? So we're just not gonna bother reporting on it.

It's like, all right, but that might be a bigger problem. Might wanna solve that folks. Exactly. Dr. Eric Cole, thank you so much, man. Really interesting episode.

Eric Cole: My pleasure. And thank you for having me, my friend.

Jordan Harbinger: What if the most powerful painkiller, memory booster, and mood shifter wasn't in your medicine cabinet, but in your playlist?

JHS Trailer: Well, experiential fusion is a term coined by Richard Davidson at Ity of Wisconsin Madison, who works closely with the Dalai Lama about altered states and meditative states and such. And the idea is that it's sometimes referred to as flow, although it's slightly different, a flow state, you're in the zone if you're a basketball player or if you're a coder, you just lose track of time.

But the experiential fusion that you and I are talking about with music is that. Under the right circumstances, you forget that you're listening to music. You might even [01:19:00] forget who you are. You become one with the experience. There is an evidence base now for music therapies and music interventions. We know that music can affect the immune system in several ways.

Listening to pleasurable music can increase levels of immunoglobulin A, an important antibody that travels to the site of mucosal infections and help fights them off. We know that music that is pleasurable to you can increase the production of natural killer cells and T cells. Also important for fighting disease and infection.

Some music can lead to reductions in inflammation. Why music does this and why the immune system responds to it, we don't know,

Jordan Harbinger: but it does. For more on how music hacks your brain's chemistry to heal in ways that medicine can't Check out episode 1147 with Neuroscientist Daniel j Leviton. Big [01:20:00] thanks to Dr.

Eric Cole for joining us today. If today's episode freaked you out a little bit, then good, because that's the point. Cybersecurity is not a movie. Hacker typing really fast while green code rains down the screen. It's small, boring, invisible stuff. Default passwords, free apps that are not really free routers made by companies you can't pronounce, phoning home to places you don't want 'em to phone.

Remember, if you think you're not being attacked, it just means you don't know about it yet. And if your business security strategy is basically strong password and antivirus, congratulations, you're the world's easiest pinata. Links to Dr. Eric Cole. His work and his book Cyber Crisis will be linked to the show notes.

Of course, as always, share this episode with somebody who thinks the dark web is using incognito mode at their browser. Or a friend who still uses their dog's name for every password. Looking at you, Steve. Alright, y'all, advertisers, deals, discount codes, ways to support the show all at Jordan harbinger.com/deals.

Please consider supporting those who support the show. Also, our newsletter wee bit wiser. We'd love to see you there. You guys love hit and reply to this. I love hearing from you. The idea behind the newsletter is something practical [01:21:00] specific that you can use right away. It'll have an immediate impact on your decisions, your psychology, your relationships.

It's a two minute read. I don't write long stuff for you. I don't. Nobody likes that, and I know that. If you haven't signed up yet, I really do invite you to come check it out. It is a great companion to this show. Jordan harbinger.com/news is where you can find it. Six Minute Networking is over at Six Minute Networking dot com.

No shenanigans there either. I'm at Jordan Harbinger on both Twitter and Instagram, or connect with me on LinkedIn. Speaking of shenanigans, this show is created in association with PodcastOne. My team is Jen Harbinger, Jase Sanderson, Robert Fogarty, Tadas Sidlauskas, Ian Baird, and Gabriel Mizrahi. Remember, we rise by lifting others.

The fee for the show is you share it with friends. When you find something useful or interesting, the greatest compliment you can give us is to share the show with those you care about. In the meantime, I hope you apply what you hear on the show so you can live what you learn, and we'll see you next time.