Aviva Zacks of Safety Detective sat down with Scott Schober, President of BV Systems, and found out what he thinks are the next moves the cybercriminals are going to make.
Safety Detective: Tell me how you got started in the cybersecurity industry and what you love about it.
Scott Schober: I got started in this family business that’s been around for 48 years when I was young, and twenty years ago, I became president. Our focus was always on developing test tools for mobile phones—test transmitters and receivers—and a lot of their offshoots were focused on the vulnerabilities in mobile phones. We understood what makes them work and where those vulnerabilities are, which led to developing specific niche security tools.
Most of the security tools that we sell have a focus on wireless, so we sell to wireless threat detection agencies and cyber groups to combat any type of wireless threat. In the process of developing tools, I continually educate our customers. And many of them are DOD agencies, but also universities, Fortune 500 companies, and companies around the globe.
The bad guys—the hackers and cybercriminals—didn’t like the fact that I’m educating people, and eventually put a target on my back. They started going after me personally as well as my company—our Twitter account was hacked, our website received repeated DDoS’s attacks, our online commerce stopped, my credit cards and debit cards were compromised, and then finally, $65,000 was taken out of our company checking account.
There is was a federal investigation that led to me writing a book about the subject called Hacked Again.
SD: What industries does BV Systems work with and why?
SS: The majority of our company’s customers are the FBI, Secret Service, CIA, Army, Air Force, and the Marines. These customers buy our tools often to protect areas where they house classified information for the government.
SD: Can you describe how your product works?
SS: A fair number of our products are handheld tools that are coupled with direction-finding antennas. One is called a Yorkie Pro, which will scan and look for any energy that’s transmitted from a cell phone.
If somebody brings a connected device into a facility, and it becomes a rogue access point with which they’re trying to cause havoc and hack into the network, Bluetooth, smartwatches, Fitbit or anything that could possibly be used to compromise any type of sensitive information, it could be hunted down with a tool such as our Yorkie Pro, which is a high-quality wireless intrusion detection tool that’s coupled with direction-finding.
We also have a sister product—Wall Hound and Wall Hound Pro. It does the same thing, but it’s literally fixed on a wall. And at the entrance of any facility—company, prison, university, government facility—if you’re bringing a mobile phone in, our product will light up a sign, flash an alert, and say out loud what device it detects. Then our product will allow or deny it based upon what that device is and what the security protocol has it set to.
Cybercriminals have been targeting ATM cash machines and gas pumps where they can commit cybercrime and fraud. They are putting skimmers into the machine, so we’ve developed some anti-skimming tools, which checks the slot where your credit card or your debit card goes in and sees if there’s an illegally placed skimmer in there that’s trying to steal your credit card or your debit card information.
SD: What do you feel is the worst cyber threat today?
SS: I would say phishing attacks with all sorts of malware and viruses being embedded in different links. Security awareness, training, phishing simulations, and also common-sense are paramount. A lot of people will often forget or neglect to update the security patches for their apps. Updating the operating system on a regular basis when there are new patches available, updating your virus and malware or software regularly, and making sure that you have it on your computer will help protect your devices.
Another threat is one that very few companies talk about—keyloggers, which is an invisible threat. Every single keystroke that we type, keyloggers are recording it. If we log onto our favorite site—entering login credentials, passwords, account information—a criminal can put that through automated software that will parse it and pull out the bank name and our login credentials.
Another problem is password reuse. Too many people reuse the same password across multiple sites. Once they compromise one password, they will try to log into all the top 100 sites, using that same username and password to see if the person re-used it across multiple sites. All these things make us extremely vulnerable to hackers and cyber thieves.
SD: How do you see cybersecurity developing in the next five years?
SS: There will be advanced ransomware attacks, targeting areas where there is critical infrastructure, like our electricity grid. These are scary things that are going to affect people, especially with this Coronavirus pandemic that’s going on around the world. Imagine if cybercriminals targeted critical infrastructure, that to me is very scary.
Everybody is connected to the top 50 car manufacturers around the globe—all have built-in wireless in the cars: Bluetooth, ZigBee, RFID, near-field communication, Wi-Fi Hotspots. They all have cellular modems in them: 4G, LTE, cellular modems, which are all conduits that cybercriminals can use to target and hack into cars, cause all kinds of havoc, and take over the engine control unit (ECU). These targeted attacks will be like a ransomware-style attack. A big executive could be driving his Tesla and gets locked in and the cybercriminal says, “We’re going to lock your brakes up, or do something else that will endanger your life unless you agree to pay this ransom in Bitcoin.” These types of futuristic hard-to-believe-that-it-will-ever-happen attacks? I believe will happen in the next five years.
With all the information that cybercriminals are stealing, it eventually ends up on the dark web sold to the highest bidder. Future enforcement against cybercrime will take place in this dark underworld. There are some companies ahead of the curve that use advanced web crawlers in the dark web and can report if any of your personal information (PI) has been compromised. These companies immediately alert you so you can change your login credentials (username and password) on a particular web site that has been hacked. I am working closely with a New York-based company called Cyberlitica that is fighting back on the front lines in the dark web. I regularly have Cyberlitica perform a dark web scan to see if my PI has been compromised.
The future of cybersecurity may scare some people, but I am optimistic that we can and will win this war by never giving in to hackers and cybercriminals and use any and all technology to fight back.