45 minutes | Oct 14th 2020

You Can Stop Stupid with Ira Winkler

Information security is not just technical. There is a human aspect involved and fixing that is more than just identification and awareness. Our guest today is Ira Winkler. Ira is the president of Secure Mentem and the author of the book You Can Stop Stupid. He is referred to as the modern-day James Bond, given his skills both physically and technically in infiltrating organizations. 

Today, Ira shares with us many of his personal and professional experiences in the area of cybercrime. His valuable tips and information can change how you look at potential threats and scams. He is an expert in how to make people easy prey and how to prevent people from being easy prey. 

Show Notes:
  • [0:51] - Ira graduated college as a psychology major and the only job he could get at that time was in the National Security Agency. This led him into the computer field within the military.
  • [1:31] - He always wound up working on the human side of things.
  • [3:03] - Ira shares his background and how he became a world-renowned penetration expert, which is a fancy name for a hacker.
  • [5:21] - The way you break something is not the way you fix it. This is an important concept when looking at psychology.
  • [7:01] - Psychology helps Ira exploit others but it is also important to understand when helping them.
  • [7:55] - Telling someone the problem and then telling them not to fall for a scam doesn’t work.
  • [8:50] - Ira and Chris discuss the recent Twitter hacks. Ira says that in this situation, anyone could have done what the hacker did because it was easy. You just have to have the questionable ethics and morals to do it.
  • [9:41] - A lot of times, hackers and criminals are hired in various agencies including government and law enforcement because of their skills. Ira says this is very backwards and gives examples why this is “horrendous.”
  • [11:58] - How do we get people to not fall for various types of scams? Ira says it is a very multi-layered process and gives a few examples of what can be done.
  • [13:02] - Ira uses a comparison with terrorism attacks and how we can use that knowledge to help us protect ourselves, plan for a problem, and how to respond.
  • [15:59] - A lot of sites other than banks and credit card companies are putting in security measures to keep people safe. But a lot of people get annoyed by security protection’s inconvenience.
  • [17:15] - In general, most people use the same password across multiple accounts. If one user ID and password is compromised then the others are as well.
  • [18:32] - Ira uses the real moral of the story of The Wizard of Oz: You have what you are looking for, you just don’t know it or how to use it. This is applicable to security. You have what you are looking for, but you aren’t using it.
  • [21:38] - People have to stop being offended when people put security mechanisms in place.
  • [23:10] - Something that bothers Ira is when real credit card companies are calling and ask for points of verification like social security numbers. This is exactly what scammers do and when real companies do this, it is hard to tell the difference.
  • [25:43] - If somebody is injured, it is the fault of the system where the user exists. Somewhere they enabled the user to put themselves in a situation to allow them to be harmed.
  • [27:42] - Sometimes bad grammar and poorly written scams is actually a filtering feature for scammers to filter out the people who are too smart to fall for it. Even a small percentage of people falling for a scam is still money in the criminal’s pocket.
  • [28:44] - We need better infrastructure to protect organizations and individuals because these events cause so much money to be lost.
  • [29:46] - Anyone who tells you there can be perfect security is either a fool or a liar.
  • [30:19] - Anytime you have the option to add two-factor authorization, take it! Yes, it is annoying, but the consequences of not utilizing it are far more annoying in the end.
  • [32:11] - Ira shares a story about when there was suspicious activity on his bank account. He saw the pattern and told the bank that he would work with them and law enforcement because he does this for a living. They “made a note of it,” and didn’t really do anything to stop the problem.
  • [35:14] - Ira references a movie called Focus that is about scams, social engineering, and con-artists.
  • [37:21] - You have to admire the minds of these criminals and the lengths they’ll go to manipulate and take advantage.
  • [38:10] - You need to respect your potential adversaries.
  • [39:00] - Chris and Ira discuss why the United States is different from other countries in regards to using the combination of cards and signatures versus cards and a PIN.
  • [40:24] - How much risk can you assume as a culture?
  • [42:13] - Chip and PIN is risk mitigation, but how much risk is it actually mitigating?
  • [43:10] - You Can Stop Stupid, Ira’s book, is about how stupid is an effect, not a cause. It outlines what you can do now and how you respond to a problem.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. 

Links and Resources: