The Jordan Harbinger Show

1247: Eric Cole | Protecting Ourselves in an Age of Cyber Crisis

November 27, 2025

Key Takeaways Copied to clipboard!

  • Cyberattacks are happening every minute, largely due to AI automating phishing and vulnerability scanning against individuals and corporations. 
  • True 100% security is unattainable without sacrificing all functionality, meaning security and functionality are inversely related. 
  • Unlike many adversaries, the United States cannot easily disconnect from the global internet, making it uniquely vulnerable during a major cyber conflict. 
  • The United States is uniquely vulnerable to cyber attacks because, unlike nations such as Russia and Iran, it cannot disconnect from the internet, which it essentially constitutes the backbone of. 
  • A significant portion of cyber threats stems from hardware and devices manufactured in China, creating a high probability of pre-installed, dormant malware waiting for activation. 
  • Cyber attacks are often detected not by security teams, but by IT noticing performance degradation caused by attackers exfiltrating massive amounts of data, indicating that 'death by a thousand cuts' is the current reality of infiltration. 

Segments

Cyber Attacks Frequency and AI
Copied to clipboard!
(00:04:44)
  • Key Takeaway: AI enables automated, constant targeting through phishing and vulnerability scanning, leading to attacks occurring every minute.
  • Summary: Automated scripts powered by AI are constantly targeting individuals and small companies by sending out phishing attacks, such as the toll booth scam. The sheer volume of these automated attempts across the population results in an attack occurring every minute. Attackers only need one successful click to compromise an identity or business.
Media Coverage and Public Awareness
Copied to clipboard!
(00:07:27)
  • Key Takeaway: The media often prioritizes sensational news over constant, high-volume cybercrime, leading the public to underestimate the severity of personal cybersecurity threats.
  • Summary: Cybersecurity breaches are often relegated to a lower tier of importance by the media, similar to petty theft, unless they reach a massive scale. This lack of consistent reporting means the American public often fails to realize they are a constant target and that cybersecurity is their personal responsibility. High-profile political news frequently displaces coverage of significant data breaches.
Ease of Running Large-Scale Scams
Copied to clipboard!
(00:09:00)
  • Key Takeaway: Sophisticated, large-scale scams can be easily organized by small teams using readily available technology and operating from jurisdictions without extradition treaties.
  • Summary: Setting up a large scam operation is technically straightforward, requiring mass texting software, shady merchant accounts, and AI scripting tools. Such operations can generate millions annually by targeting individuals, especially when run from countries like Russia or China where prosecution is nearly impossible. The lack of extradition treaties effectively makes these activities a crime without legal consequence for the perpetrators.
Why Small Businesses Are Targets
Copied to clipboard!
(00:12:47)
  • Key Takeaway: Small businesses are easier and faster targets than large corporations because they dedicate minimal resources to security, making their customer data highly valuable.
  • Summary: A small business owner’s security posture, often relying on weak passwords like ‘dog’s name123!’, makes them significantly easier targets than heavily defended Fortune 50 companies. Stealing a local business’s customer database provides attackers with hundreds of valuable identities, including contact information and basic credit details, which is more efficient than buying individual records on the dark web. The risk/reward calculation favors attackers targeting numerous small entities over months-long efforts against large, well-funded organizations.
Password Reuse and Major Breaches
Copied to clipboard!
(00:15:56)
  • Key Takeaway: The vast majority of people reuse a few passwords across multiple accounts, meaning a single large breach can compromise hundreds of millions of devices simultaneously.
  • Summary: Most individuals rotate only a few passwords across their email, banking, and e-commerce sites, making them vulnerable when one password is exposed in a breach. A massive breach exposing over 100 million passwords often goes underreported if it coincides with major geopolitical news, leaving users unaware their devices are compromised. If a password is stolen, attackers can use it to gain access the next time the user authenticates to a linked service.
CIA Origins and Proving Security
Copied to clipboard!
(00:19:46)
  • Key Takeaway: Security cannot be mathematically proven; it can only be proven insecure by successfully hacking it before an adversary does.
  • Summary: Dr. Cole began his cybersecurity career after asking how the CIA could secure its move to the internet, volunteering to solve the unknown answer. He learned that the only way to validate security is through penetration testing—hacking systems to find vulnerabilities first. This principle applies to critical infrastructure, where testing often reveals outdated, insecure systems from decades past.
Dark Web Marketplace Dynamics
Copied to clipboard!
(00:24:53)
  • Key Takeaway: The dark web functions as an ‘Amazon for evil people,’ where basic PII sells cheaply, and readily available software allows criminals to achieve massive returns quickly.
  • Summary: The dark web is a marketplace for illegal goods, where basic Personally Identifiable Information (PII) like names and addresses sells for about two dollars per person. Criminals can purchase phishing software and stolen data for a small investment, potentially generating millions in a few weeks. The tools and data are cheap and accessible, enabling even young individuals to run highly profitable, organized crime operations from abroad.
Functionality vs. Security Tradeoff
Copied to clipboard!
(00:27:26)
  • Key Takeaway: The core principle of cybersecurity is that adding functionality inherently decreases security, requiring a conscious decision on whether the benefit outweighs the risk.
  • Summary: Achieving 100% security is only possible if a device or system has zero functionality, such as smashing a smartphone with a hammer. Security experts should act as ‘options guys,’ presenting the risk/exposure versus the value/benefit of any new feature. This mindset is identical to investing advice: if the potential downside is devastating, the feature is not worth the risk, as seen with the privacy trade-offs of devices like Alexa.
Smart Devices Recording Testimony
Copied to clipboard!
(00:29:21)
  • Key Takeaway: Smart devices like Alexa actively record audio, and these recordings are admissible in court as evidence, demonstrating their inherent security risk.
  • Summary: Smart speakers must record audio to respond to wake words, meaning they are constantly listening, despite company assurances. In one case, an Alexa recording was played in court, effectively testifying against a defendant in an insider trading case. Law enforcement immediately unplugs these devices at crime scenes because they retain recordings of the last 30 to 40 minutes of activity.
The Danger of ‘Free’ Apps
Copied to clipboard!
(00:32:16)
  • Key Takeaway: The most dangerous word on the internet is ‘free,’ as free apps often require authorization to access sensitive hardware like microphones and cameras.
  • Summary: When users accept permissions for free apps, they authorize access to their microphone or camera, which is legally permissible if consent is given. This monitoring is often subtle, evidenced by targeted ads appearing immediately after private conversations about niche products. Companies are increasingly banning smartphones from secure areas like boardrooms, utilizing Faraday cages to prevent transmission.
Adversaries in Critical Infrastructure
Copied to clipboard!
(00:43:24)
  • Key Takeaway: Foreign adversaries like Russia and China have compromised US critical infrastructure, but mutual assured destruction via cyber retaliation prevents catastrophic shutdowns.
  • Summary: SEC filings reveal that many infrastructure companies have disclosed data breaches, confirming that adversaries are present in systems like the power grid. However, these actors primarily seek to steal intellectual property or monitor systems rather than cause total destruction, as a full shutdown would harm their own economic interests or invite devastating retaliation. The US is uniquely vulnerable because, unlike Russia or Iran, it cannot disconnect from the global internet backbone it helped create.
National Cyber Disconnection Capability
Copied to clipboard!
(00:50:23)
  • Key Takeaway: The US cannot disconnect from the internet, unlike adversaries like Russia and Iran, making it a perpetual target.
  • Summary: Adversaries practice disconnecting from the internet to prove resilience against cyber attacks; Iran disconnected for three weeks during conflict. The US, having created the internet backbone, cannot disconnect, leading to a strategic disadvantage in cyber warfare. A proposed solution is building a separate, isolated internet for government use during crises.
Cyber Retaliation Strategy
Copied to clipboard!
(00:51:49)
  • Key Takeaway: If direct cyber retaliation is impossible, the US must be willing to escalate to physical infrastructure attacks to deter adversaries.
  • Summary: Since direct cyber counter-attacks against certain actors may be impossible, escalation might require targeting physical assets like ships or oil rigs. This requires leadership willing to call an adversary’s bluff regarding cyber warfare. The current planning seems to anticipate the US being unable to defend in kind.
Malware Embedded in Hardware
Copied to clipboard!
(00:52:22)
  • Key Takeaway: The near-total reliance on Chinese-manufactured hardware creates a high probability of embedded, unactivated malware across all US electronic devices.
  • Summary: China is consistently listed as a top cyber threat, yet nearly all electronic devices are ‘Made in China.’ Malware can reside in hardware or firmware, suggesting that malicious code may already be installed on US devices, waiting for activation. This risk is arguably greater than concerns over specific applications like TikTok.
Real-World Cyber Fraud Examples
Copied to clipboard!
(00:54:27)
  • Key Takeaway: Cyber criminals exploit public information, such as speaking schedules, to execute highly targeted financial scams against executives and their staff.
  • Summary: A hacker compromised a real estate agent’s computer to redirect a home closing wire transfer, causing the buyers to lose their life savings. Attackers monitored an executive’s public speaking schedule to call their assistant, claiming the executive’s credit card failed at the hotel, successfully scamming billing information. Publicly announcing travel plans, even innocuously, creates opportunities for theft, as demonstrated by the defunct pleaserobme.com site.
Executive Laptop Value and Security
Copied to clipboard!
(01:02:49)
  • Key Takeaway: Executive laptops are worth up to half a million dollars due to their data, and physical security lapses like leaving them unattended or writing passwords on sticky notes are common risks.
  • Summary: Thieves target executive laptops because the data they contain is worth millions, necessitating strict physical security training. A common airport scam involves delaying an executive at security checkpoints so an accomplice can steal the laptop after it has been screened. Many executives still write usernames and passwords on sticky notes attached to their devices, providing immediate access if the device is compromised.
Cyber Attack Detection via Performance
Copied to clipboard!
(01:05:24)
  • Key Takeaway: Major system infiltrations are typically detected when attackers’ data exfiltration causes noticeable performance degradation, not by proactive cyber monitoring.
  • Summary: Attackers establish pivot points to slowly move through a network toward critical systems. When an attacker begins downloading entire databases instead of small records, the resulting performance spike (e.g., from 60% to 95% utilization) alerts IT staff. This indicates that the attack is only caught when the attacker becomes ‘greedy’ and exceeds the threshold for remaining undetected.
Attacks from Allied Nations
Copied to clipboard!
(01:06:30)
  • Key Takeaway: On the internet, there are no true allies, as individual criminals in allied countries can easily route attacks through VPNs or compromised systems.
  • Summary: Attackers from countries like the UK or Canada can attack the US systems without government involvement, as individuals are not bound by international alliances. Iran has been known to route attacks through China to hide their origin, and North Korean attacks frequently originate from Beijing. This highlights that the source of an attack is often masked by the infrastructure it passes through.
Cyber Attacks Causing Physical Harm
Copied to clipboard!
(01:08:27)
  • Key Takeaway: Cyber attacks can directly lead to fatalities by targeting embedded medical devices or compromising hospital life support and monitoring systems.
  • Summary: The assumption that cyber attacks only cause financial harm is false; embedded chips in pacemakers and monitoring devices are vulnerable targets. Attackers could impact life support or alter medical records, such as changing drug dosages or surgical plans. Critical infrastructure like hospitals prioritizes availability over security updates, leaving old, unpatched systems wide open to exploitation.
Insider Threats and Blackmail
Copied to clipboard!
(01:13:42)
  • Key Takeaway: Even highly ethical employees can become insider threats if they or their families are blackmailed or heavily incentivized financially.
  • Summary: Foreign adversaries often plant individuals who work for years, gain trust, and reach key positions before slowly stealing data or installing malware. A CIO in a movie example was coerced into installing software after his family was kidnapped, demonstrating that anyone can be compromised under extreme duress. Financial incentives, such as an extra $300,000, can motivate employees to steal data or install malicious software.
BYOD Security Risks
Copied to clipboard!
(01:14:51)
  • Key Takeaway: Allowing employees to use personal devices (BYOD) to access corporate networks introduces significant risk because these devices often contain known passwords and unvetted free software.
  • Summary: The move away from corporate-issued devices to BYOD allows personal phones, which may have known passwords and free, potentially malicious apps, to connect to the company network. A free app could install malware that compromises the device’s VPN connection or shared company documents. This blurs the line between personal and corporate security, creating an easy entry point for attackers.
Cyber 9-11 is Already Happening
Copied to clipboard!
(01:16:01)
  • Key Takeaway: The US is already experiencing a ‘Cyber 9-11’ through the slow, continuous exfiltration of data from millions of compromised individual accounts, which goes largely unreported.
  • Summary: The current state of cyber warfare is characterized by ‘death by a thousand cuts’ as data is slowly stolen from individuals, making it boring for the media to cover. A breach involving hundreds of millions of passwords resulted from compromising individual devices, not one large database breach. This slow, low-level infiltration is bleeding trade secrets and hurting the US without triggering a major public response.
Presidential Device Security
Copied to clipboard!
(01:16:48)
  • Key Takeaway: Securing a president’s smartphone was less about preventing access to the device and more about masking its physical location to prevent tracking.
  • Summary: When President Obama wanted a smartphone, the primary concern was preventing adversaries from tracking his location via the device’s GPS. This required implementing various VPNs and remote devices to mask or cover his real-time location data. The focus shifts from data access to integrity and verification, as seen in the Joint Strike Fighter compromise where modifying flight controls was the greater threat than stealing blueprints.