Thriving With Technology Podcast TOP PRIVACY TIPS
Available here too:
Online Privacy: Top 7 Tips From A Leading Expert
In this episode, August talks with one of the world's foremost experts in Cyber Forensics. Bryan Neumeister, head of USA Forensic, helps law enforcement, government agencies and the legal system. He can find erased information on cell phones--your bank accounts, exactly where you've been, the passwords to all your accounts and so much more. He can do the same with your laptop, as well as pick out a single voice in a crowded airport and help identify people on grainy video footage. Bryan and August talk about the best ways for you to keep your online information private and give you Bryan's top 7 tips to protect yourself and your family.
I hope you enjoy the episode. If you find what we're doing useful, please like us on the iTunes Store and share the message with your family and friends. And of course for more information, visit us anytime at Tech Wellness.
Be Well!
August Brice
Here's the full transcript of the podcast:
August Brice: Welcome to Thriving With Technology. This is the podcast from Tech Wellness. Now, you might know our mission is to help you achieve mindful living in a digital world. We want you to know what's going on out in the world of tech so that you can make good choices. We really do. Protecting your privacy online is a really big component of it. Now, I know some people would argue, and I'm included in that group, that there's just no such thing as online privacy, that even if there's just the presence of some digital technology, our privacy probably isn't going to be kept to ourselves, that in some way somebody's going to be listening or finding out what we're writing, texting, or saying. Well, today we're going to get some answers. We have an amazing guest with us, a worldwide expert in digital forensics. Now, Bryan Neumeister leads a company called USA Forensic. It's based in Phoenix, and it's built an international reputation for being able to find and clarify any kind of digital evidence that a person might leave. Bryan and his team work for law enforcement, they work for the justice system, and they come in in situations where data needs to be retrieved for any number of reasons, from computers, cellphones, cell towers, video, and audio recordings. So, as it happens, I've known Bryan for a long time. I met his incredible dad when I was interning at NBC. And you know what? It has been fascinating to watch Bryan's career. So Bryan, welcome to the Tech Wellness podcast.
Bryan Neumeister: Welcome. Thank you.
August Brice: I'm so excited. I want to talk about this. I want to talk about how you got into this just to start.
Bryan Neumeister: Well, I don't think anybody plans to get into this. I, back in the '70s, had a music scholarship at Cal State and became a news reporter at a small TV station after I graduated in Palm Springs. It was one of those situations where you did everything from report to change the oil in the news cars.
August Brice: I remember those days.
Bryan Neumeister: Yes. I was terrible on camera, so I realized it would be better suited for me to work with cameras on the photography side. I went from there to Reno and then to KPNX in Phoenix. KPNX gave me a foundation in working with tech. Because when I first came there I worked an overnight shift, and I used to go down and work with the switchers and pretty much anything. And then the engineers would come and fix what I did in the morning, basically. Later on, I got involved helicopter live photography, and that involved use of microwaves and stuff that I was really getting into. I started getting into the tech end of it. So spent about a decade in helicopters doing all sorts of innovative things, working with law enforcement, working with TV stations. Again, at that time I was also, in my spare time was spent making music. And it did pretty well. I did music for a lot of commercials, a lot of video games, that kind of stuff. And finally left the helicopter career to pursue that. And basically, music, at that time, was all computers. I had probably 40, almost 50, keyboards. They were all computer controlled. This is in the '90s. In order to be able to understand how to better utilize those primitive computers, we would tear them apart and rebuild them. And I was [inaudible 00:03:10] audio engineering classes now, the graduating classes. The best way to learn about something is to do it yourself, learn by failing. Yeah, that's the only way to get ahead. The thing is ... about digital audio, video, cellphone forensics ... it's all binary data. Once you know the basics, you have to do research. I would say we average two hours a day of actual research. Like we say, that software you're using is so two o'clock.
August Brice: Yeah, it's constantly changing. You just have to stay on top of it.
Bryan Neumeister: Yeah, for example, right now we're talking on a new version of iOS 11.4. there's always something new you have to be able to figure out how to get in and get around. We normally work for law enforcement. Of course, we work for a lot of private attorneys, insurance companies, store chains, airlines, you name it, banks, law firms. Our object is to retrieve data, figure it out, decrypt it, find out where it's been, see if it's been modified, which we see more and more of these days is people altering data and not knowing how to get away with it. For example, cases with document fraud. You're doing a case that's a very high-profile case where documents may have been forged, it's fairly easy to tell by going through the computer's registry what was done when and requesting access to the original data files as opposed to copies. We use what's called hexadecimal editors to understand how the process works, but it's amazing what people try to pull off with Photoshop and stuff, not realizing that the digital fingerprint is all in the meta data.
August Brice: Everything's trackable is what you're saying. So they try to use Photoshop. They try to change something, but you can see the changes.
Bryan Neumeister: Yes. We've had cases from all over. We have requests on our website, which basically asked, legally, for specific types of data. Chain of custody is very important in what we do. You can't judge if the Mono Lisa is real by looking at a Polaroid of the painting. You have to see the painting. So we're always asking for the original content. You can't take somebody's word for it. If there's a cellphone that comes into a situation, we'll want to do a forensic image of it ourselves and then work with that. We get requests a lot for almost anything you can think of, clarifying surveillance, which we can do an amazing job of. But really, because of my background in video, I was always interested in audio and video clarification. Getting a voice out of an airport would be another thing we're asked to do.
August Brice: I saw an example of this on your site. It's so cool.
Bryan Neumeister: It's interesting. Yeah. People don't realize there's no one panacea, no one program. In audio, I've probably got 400 different programs on different specific things. Right now I'm working with some other folks on voice recognition software for cellphone use. There's 70 PHDs involved in this project, involved in the various different things. For example, the way I'm talking, the type of enunciation, my nasal cavities, how that carries over cellphone, the pattern of my speech, the accents. All that has to be figured into a binary code that can basically create an algorithm that may at least limit ... It's never going to be 100% accurate, but it's going to limit your database. If you've got 15 suspects, it may eliminate it down to two, and then you go into the manual forensics of sorting out every vowel, every consonant with a linguist.
August Brice: Oh, Bryan, is there anything that you can't discover?
Bryan Neumeister: Yes. There's some very basic things. For example, on a cellphone people will think that they can erase data by deleting their texts or whatever. And that has no effect on recovering the data whatsoever. However, if somebody resets a phone to factory new, it does destroy the data. That, for example, would happen if somebody completely reset it for sale, for example if you're going to give your iPhone to somebody. However, people always forget that their backups are in the iCloud. And most apps, by default, backup to an iCloud or to whatever their phone system is. And the reason that is ... it's a very simple reason ... everything is based on economics. When you first get an iPhone, for example, you get a 5 GB free iCloud account. Well, 5 GBs is nothing these days. So as soon as you fill it up-
August Brice: You pay for more.
Bryan Neumeister: Yeah, 99 cents for 50 GBs. Oh, that's nothing. That's fine.
August Brice: Yeah, right. Here we go.
Bryan Neumeister: Yeah, and then you fill that up and, oh, another 99 cents and you got a terabyte or whatever. So all that stuff that remains up there is very and people don't know how to particularly edit or erase that very well. So we do a lot of our stuff by decrypting and getting into cloud accounts. Sometimes it requires a warrant. Sometimes it just requires permission.
August Brice: Oh, you know what? You said something that just really haunted me. When we were first talking about Tech Wellness website, you said you'd be interested in this. You said the cellphone is the cesspool of the soul.
Bryan Neumeister: Yes, absolutely. People do things on a cellphone that they never would ... For example, in drug cartels situations they'll snap a photo of a body-
August Brice: Oh.
Bryan Neumeister: ... and they'll quickly send it to prove they killed the person. Or they'll quickly send it to somebody and delete the photo. First of all, they've taken a photo and deleted it, which can be easily recovered. Second of all, you can trace, by GPS, where that photo was taken. And third, you can see who it was sent to. So it's basically like, "Here. Here's where I did this, and here's where I'm sending it." Very often we create a map based on how many Wi-Fi pings think are if you want to see where somebody's been in the past week or so or whatever, you look at their Wi-Fi patterns. People don't know this, but when you're downloading those apps that are free, they're not free. They're collecting information on your shopping activities, your driving activities, the stores you visit. That data is sold to marketing companies that, again, re-enter and sell that to specific needs. For example, if you go into Starbucks a lot, you might start getting a lot of ads for coffee and Starbucks coupons to keep you coming in. If you're driving on the freeway, then, it might alert you to the nearest Starbucks while you're on Google. It's a fascinating interweb of marketing and communications that is also really helpful forensic experts to track where these pings happen.
August Brice: Well, and as you're talking about that, just ... I'm back where you were talking about the apps being on. What if I disable the app after I download it and only enable it when I need it?
Bryan Neumeister: That's a good idea.
August Brice: Does that offer any protection? I get the little bit.
Bryan Neumeister: Yes, it's decent protection. Some of these things that are supposedly off really aren't off. When you turn off your Wi-Fi and your ... On the new iOS, if you turn off your Wi-Fi and your Bluetooth, it will restart in the morning. I mean, you can shut it off to certain devices and stuff, but in the morning, when you turn on your phone again, it's going to automatically kick back on.
August Brice: Wait, wait, wait, wait, wait.
Bryan Neumeister: Yes?
August Brice: So I turn off ... On my phone. You're talking about on the phone?
Bryan Neumeister: Yes.
August Brice: I disable Wi-Fi.
Bryan Neumeister: Well, for example, if you flip up on the bottom of an iPhone, you'll see the icons for Wi-Fi, Bluetooth-
August Brice: Right. Go to the control center, turn it off.
Bryan Neumeister: Yeah, turn those off and then see what happens in the morning. After a 24-hour period passes they'll be back on.
August Brice: Anything I can do to override that?
Bryan Neumeister: Yes, you can shut it off manually in the control center. But the one that works on your slide up panel is a little different. Those are mainly made for turning it off in an airport or something like that. If you forget, they basically reset it in the morning. You want to keep an eye on your data. Again, there's no real panacea. These things are a screen door in a submarine the cellphones and computers these days, because what's the most valuable thing is data. Data o'plenty on a cellphone. People do things on a cellphone they wouldn't normally do in any other medium. It's pretty amazing what you find on people's cellphone. Like you said, we call this. The cellphone is the dumpster of the human soul.
August Brice: It's crazy. It makes sense because for so many it's just part of their being. We encourage a daily unplugging, so people keep perspective that the phone is just a machine, and it's not the boss of me. But I think they feel like their phone is them. And so, like you said, it's the cesspool of the soul because we've become one with our phone. It's super, super disturbing and scary. But I'm talking right now to the people who have that perspective and want to use technology because it's fun. It's great. It makes life easy. But we want to do it as safely as possible. So you were talking a little bit before about the specifics of turning apps on and off. What about location services? If they're turned off and the phone is in airplane mode, can you still find out where someone was?
Bryan Neumeister: If everything was turned off from the actual control panel as opposed to on the front of the phone, if everything was shut down, yeah. You still can if you know what you're doing. But sometimes that involves apps that aren't really accessible to the public. If you really want to be safe, you could power off your phone. That's even, at some point, very rarely questionable. But the best thing is a faraday bag, which is a bag that blocks incoming electronics. We those for all cellphones that come in to be examined. But it's basically a simple copper bag 'cause copper bags block the frequencies.
August Brice: Right. We have one on the site that I actually, that Hal uses, my husband uses. I use it as well.
Bryan Neumeister: Absolutely.
August Brice: But, and something that I became curious of the other day. I turned on my phone. I recorded video and audio, and then I stuck the phone in the bag, and it stayed on.
Bryan Neumeister: Yes.
August Brice: So it was off. We had no cell service. It was just me playing with the camera basically. And it could hear everything that we said. So are there apps or some malware or something out there that can actually access my microphone and my camera with my phone off?
Bryan Neumeister: Yes, but they have to be put on the phone before you turned it off. Actually, it really requires access to somebody's phone to that up.
August Brice: Okay.
Bryan Neumeister: You're not going to download that as a malware unless you're getting it from a real high-end agency. For the most part, somebody needs to physically access your phone.
August Brice: That made me feel so good. Sense of relief.
Bryan Neumeister: Yeah.
August Brice: Woo.
Bryan Neumeister: Yeah. There's another way to ... It's a very simple way, actually. People don't realize this. If you go to your battery settings, it says what apps are using your battery. It doesn't matter what's put on there. If you've got some kind of recording app that's on there, some kind of child minder or something like that that is voice activated, it will say that it was activated and how much battery it used. So the iPhone, without really meaning to, kind of tips the way the phone's being used. If you notice that your phone's abnormally warm even though you're not using it, it's a possibility you have a bit of spyware on there. It's rare, but I will tell you this. We do get called out quite often to what's called sweep a room, which is check for bugs and that kind of stuff. That's old technology. It's pretty rare. I got one case right now where they're sending me a stuffed animal that had one in it, but for the most part, it's all done through cellphones and computers with what's called keyloggers, which basically don't monitor your voice, they monitor what you type. I could tell you all kinds of horror stories about what can be done, but for the most part, this is not going to affect the average person, except on a PC. On a PC, a keylogger's fairly easy to get. And there's some free programs that get rid of that stuff very well.
August Brice: Oh, good. I'll put them on the site. I hear this statement all the time, especially from the generation that has grown up with this technology. They say, "I don't care. I have nothing to hide." What do you say to them?
Bryan Neumeister: Well, I'd tell you this. Any credit card number you've ever put in your phone, any bank password, anything you've ever put in your phone, I've got if I had your phone. It doesn't go away. I'll find your password to every account you have on your phone. When we get phones in on a criminal investigation, we're only limited by, for example, what a warrant says we can go after. We'll have all their passwords and all their tokens and stuff like that to every Snapchat account. That's another thing, too. Snapchat. Kids use it. They think it goes away. It doesn't. It doesn't.
August Brice: Where does it go? Where does it go?
Bryan Neumeister: Snapchat stuff stays on the phone, too. Any kind of photo that you might have sent, any kind of recording or whatever you sent is going to be on the phone still. It visually disappears, but again, what you see ... For example, when you're deleting a file on a computer, you're not deleting the file. You're deleting the link to the file. Now, eventually, it'll get written over as more and more data comes onto the computer, but today's cellphones where you have a lot of, maybe 256 GBs, you're not going to see stuff overwritten very quickly. Here's another thing people don't realize. You'll get a case where somebody says, "Well, this was not the iPhone I had during that time," or the phone. I'm like, "Did you have the same phone number and provider?" "Well, yes." Well, every time you make a transfer from one iPhone to the next iPhone, all that old stuff goes with it. So I might have a 2018, and I'm looking for 2013 data that was recorded from four iPhones ago, and I'll find it on that same iPhone on the new one. So it sticks with you.
August Brice: The interesting thing about that is, though, that I can't get that information on my own phone.
Bryan Neumeister: No.
August Brice: Why's that?
Bryan Neumeister: it's a forensic process basically. There are various forensic programs, like Cellebrite and Oxygen, which are what we call push-button forensics that are pretty good at doing the basics. But very often you have to get into writing code to get around key locks, to get around locked phones and stuff. You basically need to parse the, what's called, unallocated space on a phone. It's all going to be marked as deleted, but forensically, that stuff's recoverable and sometimes very valuable.
August Brice: Sure.
Bryan Neumeister: I'll give you a case that was interesting. It was a homicide case. I'll keep it generic. But person was accused of a homicide, and I went through that person's phone and I found photos of this person that were selfies with geo-coordinates in another city. So basically, we were able to prove this person was in another city. But he was not with his wife, so he had erased all the photos. And there were landmarks in the background and GPS, so the murder charges were dropped. But he was still a dead man walking because he was not with his wife, and he was taking photos. So it actually saved him in some ways and probably hurt him in others.
August Brice: Well, yeah. You have that interesting illustration on your site, usaforensic.com, that shows an incredible amount of information that you can get from one single digital photo.
Bryan Neumeister: It is amazing. I do have a case right now where data was Photoshopped, a lot of cases where data has been Photoshopped. They don't realize that they can try to strip the meta data, but you could always figure it out. I had a case the other day where I showed a picture, and I had it run by another forensic team and they said, "Okay, that picture was shot in 2007 in another state." And I'm being really generic, but I said, "No, I actually shot it here two weeks ago. I just spoofed the meta data." And they're like, "What?" And I'm like, "You can spoof meta data if you know how to do it." Now, not a lot of people-
August Brice: Well, is there a way to turn it off? Can I turn off the meta data on my phone?
Bryan Neumeister: You can turn off certain things, but you can't turn off ... You could turn off your GPS, for example, on the photos, but you can't-
August Brice: No, I mean. Oh, okay. Okay. Location services.
Bryan Neumeister: Yeah. You can't turn off your dates created. You can't turn off that sort of stuff. So when you export it, a lot of the meta data that you see on those mini pages goes with it. The geo-locators can be turned off, but depending on what photo app ... You may not be using the regular photo app. You might have a Wi-Fi thing if you're using Camera Plus or something like that on an iPhone that give a Wi-Fi ping when you took a ... You might have your Bluetooth on with your ear piece on that could give us data. There's all kinds of ways to track down this stuff.
August Brice: If somebody really wants to know. So basically, if I want my business to stay my business, I shouldn't do it on my phone.
Bryan Neumeister: There are some apps, like Signal Audio, which congress now uses. It's called Signal. It's a free app to download. I recommend everybody have it. You can communicate securely, and that means you can't be interrupted by what's called a StingRay, or a device that is made to capture calls. Problem with a StingRay is they cost about $300,000, and you need a warrant to use them to intercept calls. It acts like a false tower. But you can build one yourself for around $1,300, certain kind of media outlets, tabloids, buy those things to intercept phone calls, or build them. Your privacy, again, is best to have a secure phone to phone encryption. When you use Signal, it gives you not only an encrypted path to path signal, but it also gives you passwords. If you both don't have the same passwords, that means there's a third party intercepting call. It's a very good app, and it's free. Like I say, congress was just told to put it on their phones, and I think everybody should be using it.
August Brice: Thank you for that, because my husband, Hal, actually downloaded that and asked me to download it. And I was afraid of it because how do you know what's safe? Do I have to call you every time and ask?
Bryan Neumeister: No. Actually Signal is a very well put together app because the way it's encrypted. Some of the guys that put it together, they designed some other apps that were very similar for different applications, and it's a very good secure app. People can feel very comfortable about using it. The other thing I suggest people have is called a VPN on their phone, and that's a virtual private network. The services for a VPN are very inexpensive. It's a few dollars a month. Any time you send an email ... and you can select what country you want it to come from. If I wanted to send you an email from Egypt, I could just click on it, and the routing information, the IP address, will come from Egypt. The reason these are good, especially in an airport, or any public place, you always want to be sending your data through a virtual private network because it's encrypted. And even if you're using a house Wi-Fi at a coffee shop, your data is going through various layers of protection that really make it darn close to impossible to get into your phone. Especially, like I say, airports and coffee shops. So a VPN service is imperative to have.
August Brice: Do you recommend one? Is there a particular one that you recommend?
Bryan Neumeister: No. I've got a few that we use, and they're the most common ones.
August Brice: Okay.
Bryan Neumeister: Now, they're-
August Brice: We'll put them up on the site.
Bryan Neumeister: There's some really good ones out there. What you want to look through is what their bandwidth, their throughput is. In other words, I've got about 150 countries or so on my phone that I can send messages through. Do you need more than that? No. What it does is it bounces the signals through a bunch of servers. You want to make sure that it's a good quality VPN. It'll be one of the name brand ones. And it's a fairly secure way to communicate. Is it completely secure? No. For the most part, for the average, every day person, a VPN is a great thing to have to keep from your banking password, anything like that, intercepted at an airport or a ballgame, whatever.
August Brice: Perfect. Thanks, Bryan. That's great, great, great advice. I'm wondering. What do you think about the reputation protection services and the LifeLocks. Do you think they work? Do you think we should all have something like that?
Bryan Neumeister: I remember when LifeLock first came out, I believe it was the CEO put his social security number on the side of a truck. And of course he got hacked immediately. Thinking that you are secure is a misnomer. There is no such thing any more. For every action that security companies do, there's a reaction. So it's just how long does it take the hackers to catch up? It's sport, basically.
August Brice: Same with those password protectors, so same thing.
Bryan Neumeister: A password protector is better than not having one. The worst thing you want to do is use the same password on everything. It's too easy to crack. One of the easiest ways ... People go, "Well, how did people get into my account?" Well, the way they got into your account is they didn't hack your phone. What they did is they found out a little bit about ... They went to Facebook, and they found out what high school you went to. They found out your favorite band. Then they call the customer support and say, "I can't get into my banking account." For the most part, people, for example, on their safety passwords, will put in their high school, their favorite band, the name of their first dog. This is all stuff that's easy to find out on Facebook. So very often people call and pretend to be the person saying, "I locked myself out of my account." They'll go, "What high school did you go to?" And you'll name it. I always recommend that people give wrong answers to security questions that they can remember.
August Brice: I used to try to do that. I used to give one word for all of them that had nothing to do with anything. And they don't accept that anymore. Now you have to really think about those made-up answers.
Bryan Neumeister: Anything that you can do on your own. These services are really limited. At one point they were reasonable what they could do, especially with credit card fraud. Because of legislative changes they're no longer as effective as they were perhaps six years ago. My thought is just common sense, very long passwords.
August Brice: And speaking of common sense, and I think I know the answer, but what's your perspective on Alexa, Google Home, HomePod. Do you have one?
Bryan Neumeister: No.
August Brice: Are they dangerous?
Bryan Neumeister: I think they're hilarious. It's just inviting people to spy on you. They're so easy to hack. I can see where they're helpful for an elderly person needing to turn on lights and stuff. We have a situation like that in our family, and it's great. However, they're not discussing work things. I would never have one in the workplace or in a private conversation area. They're too easy. You've got seven microphones on one of those things. And you got a Wi-Fi or Bluetooth signal that's easy to hack. So to me it's like sticking a microphone in your work place or your home. Some people might disagree, but they're fairly easy to get through if you're a tech.
August Brice: Yeah, thanks for that information, and are there any other devices that we should be suspicious of or that we should be extra careful around? I mean anything that just might even have a Bluetooth, like a Bluetooth speaker?
Bryan Neumeister: That's a really good question that most people don't ask. Here's a great example. It's called the Internet of Things. People want to have everything ... For example, my JURA coffee maker. It'll grind the espresso and stuff via my iPhone. The problem is there was a hack ... I'm going to say six months ago ... where they shut down a good piece of the East coast's internet. They shut down a lot of America's infrastructure. They didn't use computers. They used people's refrigerators. They used all these remote little things to basically harness-
August Brice: You mean because the Bluetooth went to the Wi-Fi.
Bryan Neumeister: Exactly.
August Brice: Tell me. How did that happen? Okay.
Bryan Neumeister: Rather than do the usual denial of service attack by using computers ... kind of an experiment, but they used anything that wasn't a computer, basically ... harness that horsepower to just jam up frequencies and signals. Any of that stuff, it can't be done by one person, but if you've got 20 or so, or 40 or so people teaming up, and they do a joint attack, you can really do a lot. I always said, look, a bomb will destroy a city. A computer will take down a country. And people have to be very cognizant of what's going on in the airwaves these days. There's a lot of federal agencies out there doing a great job just trying to quell the insanity that's out there.
August Brice: Am I better off in my low-tech home? If I actually don't have a lot of Bluetooth items, am I safer?
Bryan Neumeister: Oh, much so. Yes.
August Brice: Wow. From any, even a big attack?
Bryan Neumeister: It's all relative. Is somebody going to come up to your house and go, "I'm going to attack the internet by using Hal's [inaudible 00:27:27] system?" No.
August Brice: We don't have one.
Bryan Neumeister: No. Exactly. But I'm just saying it is a conglomeration of things. The less things you have sharing data, the safer you're going to be. The fact that you're selling the faraday bag on your site, I'm surprised that you even know what is. Most people don't, and they're so invaluable to have. You need these for your own protection. If you're going into a movie theater, stuff like that, people could hack into your phone so easily. I can tell you ways, offline, that data is gathered from cellphones by intelligence agencies just by walking by. If you're into a certain situation, you want to have your phone in a faraday bag, so your data just can't be harvested as you're walking by a place.
August Brice: I'm the same. But at my office everyone gets a faraday bag and places their phone in the faraday bag while they're at work.
Bryan Neumeister: That's great.
August Brice: They can go outside and use their phone. And it's just for me, because I can't control their apps. I can't control their phone, nor do I want to. But I can make sure that their phone isn't surreptitiously recording something that's important at work.
Bryan Neumeister: And people might think that's overkill. It's not. It is so simple to get into somebody's computer and put in a keylogger, or somebody's phone, and monitor everything they're doing. We have these cases all the time, especially in ... I hate to say it ... but especially in divorce cases. We handle everything from homicide to you name it. But divorce cases are about as bad as it gets. People will do anything, especially if there's a large amount of money involved. So the kind of tech gadgets that they're pulling out of their pockets these days, they're getting into people's home surveillance systems, all sorts of things, especially through the internet. Logging into somebody's surveillance system. I had to do a homicide job in another state where I needed to get into a system, and we were able to go back ... Even though the system had been destroyed, I was able to get the iCloud account of the homicide actually happening. It was something that was forwarded up to a cloud. But again now, think about this. If you're just walking around your house and you've got a surveillance system constantly running that's feeding into the iCloud account, there is no cloud account that isn't hackable. Somebody can find an easy way into that. So if you're walking around doing something, it could be easily hacked by somebody. You have to be very careful to control your data. Think of your data as your most important asset of privacy. So you're definitely going to want to have every way you can to protect it. iCloud storage and stuff, I'm not a big fan of any of that. We use very large servers, and we have them in different places.
August Brice: Your own servers that you own.
Bryan Neumeister: Yes. And we have them in different places just in case something happens to one set. Now, I know that's unique 'cause of the type of business we're at.
August Brice: Yeah, that's not-
Bryan Neumeister: ... but if you're going to put all your stuff on an iCloud, and somebody says it's unhackable, well that's the first thing that a hacker wants to hear. Really? Unhackable? That sounds like fun. Let's get a group of guys together and get a bunch of energy drinks and break into this thing.
August Brice: The stuff that you deal with, it's so amazingly, like you said, the cesspool of the soul. But you've got such a great sense of humor. How are you able to ... You haven't really even told us just the grime that you have to deal with on a daily basis. But obviously you do. But how do you keep your sense of humor? How do you keep perspective on all this?
Bryan Neumeister: My parents used to say, whenever I complained about anything ... It always stuck with me. My mom would put her hand to her ear, and she goes, "Do you hear that?" And I'm like, "What?" She goes, "That's the sound of no bombs dropping."
August Brice: I love your mom, [inaudible 00:31:04].
Bryan Neumeister: Well, they grew up in Europe during World War II.
August Brice: Right. I know.
Bryan Neumeister: So anything after that became less.
August Brice: The bright side. The bright side.
Bryan Neumeister: Right. While I worked in the helicopter, we did a lot of first response to plane crashes and to whatever. You have to distance yourself from it. You have to separate yourself from it. That is, you have to compartmentalize the stuff. I do think one of my main things ... and I will say that to our crew here ... is if we're not having fun, we're doing it wrong. The only thing is it does become your seven day a week life. My wife, the people I work with, this is all we do. It's rare that we get away, do anything else. But on the other hand, it's what we love doing. We have a seven day a week work policy, but we don't call it work. There's nothing else I'd rather be doing.
August Brice: Well, it is fascinating. It's an amazing field. You are so prepared for it. Your life story has brought you to this perfect place to do this work, and I love how on usaforensic.com you say that you're available seven days a week, so call any time. I understand that one of the number one hacks is on your laptop webcam. I make these little stickers to put over. You can use tape. I really like my stickers because they say fun and happy reminders, like make good choices, or stealth. What else can we do about that other than covering the webcam? And is it true? Is it a number one hack?
Bryan Neumeister: It's not a number one hack. The number one hack is keyloggers. Now, what a keylogger is ... It can be downloaded in any sort of way. It's just a little app that anything you type is sent out to somewhere else. In other words, if you're on the internet and you're typing a letter, every keystroke you make is going to an external server.
August Brice: Totally creeps me out. How can I make sure I don't have one?
Bryan Neumeister: I'm going to give you the name of two freeware pieces of software that are great. One is called Malwarebytes.
August Brice: I have it.
Bryan Neumeister: And the other one is called SUPERAntiSpyware.
August Brice: Okay. Yeah, I use Malwarebytes. So that's going to protect me.
Bryan Neumeister: Now, I would say also if you're using Malwarebytes, use the premium version and turn on a setting called "scan for rootkits." It's worth it. Those are consumer level products.
August Brice: That's what we are.
Bryan Neumeister: Yeah.
August Brice: We're consumers.
Bryan Neumeister: And they work almost as well as the very highest end stuff. Now, we have some more intense stuff, but for 99% of things that you're going to run across, those two will handle it. I really like the paid version of Malwarebytes. And we beta test everything, and I am no way affiliated with them, but I really like their paid version.
August Brice: Okay, and I use it and I like it. But there's still nothing that can stop someone from hacking my webcam, right? That can just happen.
Bryan Neumeister: It depends. Again, you're not exactly hacking a camera. The question is are you hacking the outgoing stream or are you hacking the actual computer that it's on? I always just put stickers on every camera, and I also put them over the microphones. Now, you can also disable-
August Brice: I'm going to send you some.
Bryan Neumeister: Oh, cool.
August Brice: I had them especially made.
Bryan Neumeister: Sweet.
August Brice: I went out and found all the sizes and where all the microphone locations were on all the most popular laptops, and so I have really, really nice, thick stickers that say cute things that go over all the microphones.
Bryan Neumeister: That's a great idea. We do it on everything. Any phone that comes in here, everything. The first thing after is photograph and cataloged. Those things are marked off.
August Brice: Hey, wait a minute. Phones. I cannot cover the microphones on my iPhone. I think that it's somehow getting the sound through the screen.
Bryan Neumeister: Well-
August Brice: No?
Bryan Neumeister: No. No, it's-
August Brice: Okay, I'm a little paranoid.
Bryan Neumeister: Yeah, no. There's only two ways to get sound, really, to an iPhone. One is going to be the microphone. The other one's going to be any kind of Bluetooth accessory that you're using, like a headset, like a Plantronics or something like that headset. Yeah, you can't cover the microphone on that. That's where the faraday bag comes in because is if somebody's going to be recording something, it's going to be something to send out by a signal. If you have your phone in airplane mode, and it's in a faraday bag, it's as about as good as it's going to get without being ridiculous.
August Brice: But what if your phone is just sitting out? It's not in the faraday bag, you're using your phone. Can someone hack the mic or the camera while your phone is being used?
Bryan Neumeister: Yes. Again, really to get a good program on there, it requires access to the phone, though. Because the app store makes that kind of stuff ... It's almost like a nanny cam-type setup somebody would have to download onto your phone.
August Brice: Okay.
Bryan Neumeister: Apple is cognizant, or the other people are cognizant of that kind of stuff. If you have a jail broken phone, which means a hacked phone, it's easier to do than to a factory iPhone. If your phone is just laying there on the table, is it susceptible to that kind of tom foolery? Yes, it is. Is it hard to do? Much harder than they make it look on TV. There is the CSI factor where people say they're using all these extreme whiz bang gadgets on your phone. It's not really that much. It's just common errors that people do. For example, sloppy passwords or letting somebody see them enter a phone code or using a non-protected signal in a coffee shop, a non-VPN signal. That's how your data gets out.
August Brice: Or even allowing an app access-
Bryan Neumeister: Yeah.
August Brice: ... by virtue of their privacy policy and in enabling that app.
Bryan Neumeister: That's a very good point. Any time you download an app, go in and shut off the camera and microphone settings unless you really need it. And if you're not using it, like Skype, for example, when you called me here, I had mine off. So I basically had to turn on the mic and the camera again. Turn off. Go into your app settings and just turn off anything access to ... Same thing with your Windows PC or whatever. Shut off all the access. Go into privacy settings and shut every single privacy setting down. There's nothing there worth keeping on in the privacy settings in Windows 10, not a thing. Just go through it. There's tons of stuff that's giving away your day-to-day workings.
August Brice: Great. Great. And that brings me day-to-day email. Do you recommend a specific email program that values your privacy? And did you see my story on Google Vault? Did you happen to watch that?
Bryan Neumeister: I didn't. I did not. I'll check it out though.
August Brice: Well, basically you already know this. I discovered that every word that someone types on Gmail is saved to their servers even if they delete those words.
Bryan Neumeister: Sure. I will tell you this also. For example, let's say you deleted your Facebook account two years ago ... I mean you completely deleted it ... and I needed to get a hold of it for a legal case, I could.
August Brice: Well, and that makes sense to me. But the thing that really blew me away was signing up for Google Vault and then realizing that the drafts of my employee's emails had been saved, words that they actually deleted within seconds of creating those words, stayed on the server. And I don't think people realize that. Is that specific to all email programs or just to Gmail?
Bryan Neumeister: We use private servers. It's funny because I do use one old generic email that I think is funny just because it's an old AOL account. It's kind of a tech's laugh to send something over AOL because it's funny. But you don't use it for anything else. We use private email servers. We basically built them ourselves. Most people can't go through that. As far as email, you'll hear that various companies that are email handlers get broken into, as far as their data. That's going to happen. So keeping your stuff on a private servers is pretty much the way to go. The other thing is ... People don't realize when you upload a picture to Facebook or whatever, they own it. They can do with it what they want. Same with all these companies. They own that photo. They can use it in advertising and not pay you. Your data doesn't belong to you. It belongs to whatever server you uploaded it to.
August Brice: I understand. Should small businesses have their emails servers?
Bryan Neumeister: Oh, absolutely. They're fairly easy to set up. It's worth a few thousand bucks to get a good server, especially if you're dealing with any kind of trade secret, or trade craft, or any kind of proprietary information. Of course, you should have your own servers.
August Brice: But once it goes out to the Gmail universe, even if somebody that you're communicating with, like you ... If you communicate to me on Gmail, they have it even if your server is encrypted.
Bryan Neumeister: That's true. That's why you can use peer-to-peer emails like Pronto Mail or something like that that's encrypted.
August Brice: That you want to remain private.
Bryan Neumeister: Yes. There are apps like that. You can also encrypt any emails. We do that a lot with cases. The emails are encrypted, and then we call them with the decryption key, so we don't send, obviously, the key in a follow-up email. So you would send an encrypted email that can only be unlocked with a certain password.
August Brice: Right. Not so easy for day-to-day communication with your mom.
Bryan Neumeister: No. And again, for day-to-day, 99% of the people don't need to worry about it. It's not like there's constant surveillance of everybody on an individual level. There is constant surveillance through NSA and stuff, but they're not looking at everybody's stuff. They're looking for keywords.
August Brice: Okay, so for all the regular people ... before we go here, Bryan ... can you recap the top tips that we should be using on a day-to-day basis to protect ourselves?
Bryan Neumeister: On a day-to-day basis, or for Windows, go through on the privacy settings and turn off every single thing that shares data. You just go to privacy. Just click on privacy, under settings, and there's lots of stuff all the way down to Xbox settings sending your data out. Also, on cellphones, use a VPN, which is a virtual private network. They're very inexpensive. Great way to keep your data secure. Go into your settings, turn off all your sharing info on each individual app. Every app wants your data. Turn off camera and microphone access to every app. It's just simple things.
August Brice: This is the outro. Wow, that's all excellent advice. Thank you, Bryan. Once again, our guest today, Bryan Neumeister, head of USA Forensic. If you want to learn more, if you want to hunt somebody down, head over to USAforensic.com The site says "open seven days a week." That's awesome. Of course, we've got more great information like this on Tech Wellness, too. In fact, what I'm going to do is put all of the resources and advice from today's episode on the site. Visit techwellness.com, click on privacy. I'm also going to give you a link to this great video, how to disable your microphone on your computer and your smart phones. And actually, I know it's pretty cool because Dr. McCuller recently put this video on his site for this special cyber security post he was doing. So you've been listening to Thriving With Technology. If you enjoyed this show ... I hope you did ... please like us on the iTunes store and share it with your friends. I'm August Brice. Be well.
And one last Tech Wellness online privacy tip: If you care about privacy: Keep Google off your phone! Other Excellent Privacy ideas here
