A

Yeah, so there's been a. There's been a couple kidnappings this year. In fact, our. A friend of our CEO, and he got. Actually got taken out of his basement. So he was in his basement. They came and kidnapped him, and then they forced him to pay a million dollars in crypto.

B

Hey, everyone. Returning to the show this week is Mark Kreitzman. He is the general manager for Afani, which is a mobile service that specializes in security so that you never get sim swapped or hacked. Mark, thanks so much for joining me on the show again.

A

Absolutely. Thanks for having me back. Appreciate it.

B

Well, it seems like 2024 was the year of cyber security and crypto hacks. More than $2 billion stolen from customers. What happened? Why is that?

A

So. So hackers are. Well, as crypto rises, hackers just. They want to steal all their crypto, and they're exploiting all these vulnerabilities, especially in the defi platform. So there's been probably six or seven really big DeFi hacks. There's been a lot of sim swap, a lot of big sim swap hacks as well. But. And then the one thing that's really growing is the phishing malware. Just tricking people.

B

Can you talk to us a little bit about some of those schemes? What are people doing? How are people getting hacked?

A

Yeah, so for one, one of the things that was uncovered this year was that there was a couple people arrested at one of the carriers where there was a ring of employees that sim swapped over a thousand people and stole $25 million of crypto. So. And I think most of that was Bitcoin. So, you know, insiders, no matter whether it's a carrier or it's your VPN or any platform you're using, a lot of times it's because of somebody inside of the company. And so it could be a trusted brand, but you've got a rogue employee. One of the other things that's happening, too, is like, the LastPass password manager. And so that's something. This is sort of like a PSA announcement. So if you're a LastPass customer, and I hate picking on another cyber security company, because all of us are trying to do the best thing that we can and protect people. And a lot of times the most secure companies are because they got hacked and then they, you know, put even more money into securing it. But LastPass got hacked back in 2022, but people have not changed their passwords for a couple years. And so as they're combing through the data, they. They stole somewhere around like four and a half, $5 million in February of this year. And then as recently as Q4 of, of 2024, they stole another $5.3 million as well. So, and it's because people put, you know, they store seed phrases in their password manager. So that's a. No, no, you don't want to do that. But they'll put, you know, passwords in there. And a lot of people are using the same password for like their, their coinbase that they use for their carrier account, their electric bill and all of that. And so, you know, some of it's just because a lot of people aren't really aware of their own security.

B

So is it even safe to use password managers given these breaches?

A

So in terms of a seed phrase, I would say it's never safe. I would never put a seed phrase in, in anything that is software based. And in fact, the, the latest cold storage wallet I set up was a seedless solution. So it doesn't even have a seed phrase. The seed phrase is basically three different cards to set it up. But the password manager that I recommend is called Keeper. But part of that's because I've been using them for a while, but I also have a relationship with the executive, so I know if something ever happened, I know where to go. But using a password manager is safer, I guess, than if you're a forgetful person and you're writing passwords down and, and leaving them around. And they have other purposes to them as well. But the other, another thing that's happening is data privacy for US Citizens is gone at this point. And so the data breaches since really are starting around. Like Q2 of this year, like one data breach, National Data Group was 2.9 billion records. And the National Data Group does all the background checks. So your data's in there. My data's in there multiple times. My, all my brothers and everybody I'm related to, they're all in there. And because, you know, there's only what, 330 million of us, and so 2.9 billion records are stolen. So our data is out there. And, and so that's another reason as well. The Snowflake breach was that included 165 companies. They store their data in this cloud solution and Snowflake allows them to store data and then do data analysis that. And 165 companies got their data stolen. And one of those was AT&T. And they lost 122 million records of call records and SMS. And, and then it was advanced auto parts and state farms. So again, all of our data is out there and now if that information gets loaded into an AI tool and the AI tool knows all the people you've called, all the people you've texted, they've texted you and then can find out who, what their names are, they can now have an AI conversation, chat conversation with you, ask you a question about a friend that they know, that is one you know, that's on your list. And, and then eventually say something about crypto and try and lead you in. So you know, these data breaches are just off the charts.

B

I thought that this data was supposed to be protected by encryption. Is, is that technology failing us? Like, why is it so easy for hackers to obtain so many records?

A

So yeah, the way that, so they're hacking inside of these back end systems where they can access it. So if they're sending information externally, then the chances are it's, it's most likely encrypted. But when they can get inside of the database, they obviously aren't encrypting the information inside of their database. And even, even when Ledger got hacked a couple years ago, you know, you would think that they would if anyone was going to encrypt all their customer information, but they got hacked and then their customer list was sent out and placed on the dark web in six different locations. And, and yeah, it's, it's kind of a sad state of affairs, but data privacy is done. Actually somebody posted, I think it was 10 billion records. They, what they did is they went over the last 20, the aggregated data over the last 20 years. And then I think it was around the June time frame they posted a, around 10 billion records. And these are all like plain text passwords. And so anyone who didn't changed their password in the last couple years, you know, they're on that list. So everybody should, you know, once or twice a year at minimum, go and change all of your passwords to really everything that you use.

B

Let's talk a little bit about SIM swaps and I really urge people to watch our original interview because one of the reasons that we had our first conversation was because prominent people within the Bitcoin community, including some of my friends, were SIM swapped. Tell us, why are those attacks so prevalent? What methodologies are used and how can people protect themselves?

A

Yeah, so basically these hackers are using all the data from these data breaches and then mixing that with some AI search tools. And so, and I had a guy demo this to me and using information he got off of me on LinkedIn where some basic information use an AI search tool and he got all the emails that I use and it was scary watching him pop up and, and one of those happened to be one where I, I thought there's no way it'll never, it'll never find this email. But because I never related it to anything else I was doing and I used it for three different crypto wallets and this thing pops up and I couldn't wait to get off that call. And so information's out there, it's just so prevalent. But so you have insiders that work at the phone stores, you have insiders that are working inside the carriers. You mix that with these data breaches, AI tools, impersonation, AI type tools and one of the business customers we just added, the reason they came to us is because their CEO and founder got SIM swapped by somebody using a AI voice. So they spoofed his voice and you can easy to do. So you and I are both on YouTube so these tools can scrape our YouTube videos, recreate our voice. So when that electronic questionnaire comes up and says state this sentence and the AI tool just repeats it back and it passed the AI tool and he lost a lot of money so we're putting his business on a funny to protect him.

B

This episode is brought to you by Kasa. As some of you know, I recently updated my self custody and Kasa makes self custody so easy. Even if you've never held your own keys or used multisig before, CASA has a state of the art app and and live experts standing by to guide you every step of the way. For those with large bitcoin holdings, CASA just rolled out a new service. It now offers a holistic security advisory service. As a private client you'll get a seven step security overhaul, personalized consulting and your own private emergency line for expert help when you need it most. Get 10% off your CASA plan at Casa IO Natalie. Next up, speed. The fastest growing lightning wallet in the world. Speed, send and receive bitcoin, swap with stablecoins and even snag gift cards to earn rewards all in seconds. Download speed via the QR code or the link in my show notes and use code COINSTORIES10 for 5,000 free SATs. Next up, Coinkite. The One Stop Shop for all your bitcoin self custody needs. The flagship Coldcard wallet is the go to for cold storage. It's ultra secure, open source and beginner friendly. Protect your bitcoin like a pro. Visit their site and grab 5% off with promo code coinstories and finally, are you ready to take control of your wealth? The Bitcoin Way is here to empower you. Learn how to take full self custody and eliminate all counterparty risk. Set up a node and become the master of your own transactions and enjoy true autonomy and upgrade your cybersecurity and protect your online privacy like I did. The Bitcoin Way specializes in personalized one on one training to help you become fully self sovereign. Schedule a free consultation today. All right, back to the show. Let's talk a little bit more about Afani. For those who are not familiar with Afani service, can you talk about it and how it adds these layers of protection so that people aren't at risk of sim swaps and other hacks?

A

Yeah, absolutely. What we do is very, very simple. So we're set up as a reseller of AT&T and Verizon and we've picked those because we like both of those networks and they don't have as many inside problems as T Mobile. They seem to have some leftover issues between the Sprint and T Mobile merger and they just get sim swapped a little bit more. And then what we do is once we, once a customer chooses the network, we port them over to Afani. So Afani is actually, we become the mobile service provider and we basically lock them down and, and then we disconnect them from what I call the API matrix of the carriers. Because it's. The scary thing about mobile operators is that I can move you if I just have three bits of information about you, I can move you to Afani without having to call your carrier and without you having to call your carrier. So the carriers have made it really easy for you to leave them. They don't want any cost. Once you decide to leave, it's like you're gone. And so you're connected to this carrier matrix where we all have portals. So there's thousand plus Afani's out there. They're not doing what we do. But resellers out there all have portals and we can pull customers over. So we're unplugging you from that. And then everything we do from that point is manual. And so we're doing 11 verification checks. You can create a custom password or custom step as well. You could ask for a video call for like a port out, you could ask for, to use a certain passphrase and then it's really a manual effort from that point. And we also provide a $5 million insurance policy. So to describe Our business in the most simple way is we provide mobile service and we have a $5 million insurance policy that we're going to do everything to protect from ever having to be used. Because that's our really, that's the main thing, right? Never get SIM swap, never use our insurance policy. And because of that, we're going to make sure that you as a customer will never be SIM swapped.

B

And that's what you kind of stake your reputation on, right? You don't, you don't want to be paying out those insurance claims. And if you are a customer of AT&T, T Mobile, Verizon, you can't seek the damages that if you lost all your crypto, you can't call one of the carriers and hope that they're going to make you whole, right?

A

Yeah, absolutely. So what you'd find out is let's say you got SIM swap and you lost fifty thousand, a hundred thousand or more. You're going to find out that there's arbitration clauses now slipped into everybody's mobile account so you would have to take them to arbitration court. I've been asked to participate in arbitration court many times and I've never said yes because I don't want to go against carriers that, you know, we're reselling. So I know how this works and you'd be lucky to get 35, 40% back. And one of our biggest fans is ex CTO of AT&T and what he told us on a call was that we've present, we've actually created a problem for the carriers because now the carriers can no longer say, oh, this is, you know, everybody has the same issue, we're all getting SIM swapped and it's been normalized and therefore we can't be held accountable because that's their defense. And so he said you've now created a problem because you've never been SIM swapped and, and attorneys can now use that as part of their pursuit of getting funds returned.

B

Let's say someone is watching this or listening to it and they are a little bit skeptical and they think, well, doesn't this centralize things and essentially create a honey pot that if someone hacks a Fonny, they get all these users and potentially very, very prominent clients data. How do you protect against that?

A

Yeah, absolutely. Great question. So one is we take every single precaution that we possibly can in terms of how we handle data, even inside of 18, even inside of Afani. It's a who needs to know type business. So me as the general manager in Even Though I'm a, a part owner of Afani, I have zero access into anybody's account. So if, like, you were a customer and you called me directly and said, hey, Mark, can you tell me how much data I've used? I can't even access that information, and I wouldn't even be allowed to do that internal. You'd have to come through the right process. The other thing is that we only collect what's necessary, so you can't steal what doesn't exist. And so we store only payment information and verification information. And everything else is just. We don't store it. And therefore any information beyond that can't be stolen. The information is kept in silos, the information is encrypted, and the access to that information is extremely limited, down to just a few people on the planet that can access it. We also do two penetration tests per year, one required by one of our Fortune 100 companies customers, and then we also do an additional one. So we actually have two different penetration test companies that we pay to make sure that we're totally secure. And then as you can imagine, we actually have a bunch of pen testers that, that's, that's their career, that's what they do for a living. And every once in a while, when one of them gets me on the phone, they'll say, hey, I just want to let you know that I tried to sim swap myself and I wasn't successful. And so you're doing a great job. And so.

B

Oh, wow.

A

You know, we have a lot of security conscious people that are in the security business.

B

Wow, that's really interesting. Yeah. I've actually met someone in the bitcoin space. Their, their kid. His job is to literally try to hack companies to find their vulnerabilities. I wanted to ask you about fake cell towers. Can they really intercept calls and messages?

A

They can, yeah. And, and it's, and it's literally like the, the size of a mini iPad as well, with these three antennas. And the scary thing about it is that somebody, somebody put do it yourself plans on YouTube a couple years ago. So it's a, it's a do it yourself plan of what's called a stingray. So the FBI and intelligence, they have these stingray devices and, and they're pretty powerful. So they can, they can push malware to your devices. They can listen to phone calls. So if somebody was nefarious, they could put it in a backpack and take it to the bitcoin conference and, you know, put it under their chair sitting in that Big ballroom there and, and you know, put your phone to sleep and then, and then turn it back on. So they use a cell jammer to jam all the phones and then unjam it. And then the, and then all the phones are, have this protocol built into it. They're starting to say hello to the cell towers and there's a couple bits of information that's unencrypted and they'll try and gather that. So they try and get the MC number and a couple other things and then later on try and potentially use that to sort of reverse engineer go to a carrier and say, you know, who owns this Mz. Now they already know if you're at a crypto conference. Right. So they already know that you're going to be most likely a crypto user. But one example of, of the power of these things is that just, just a couple months ago, two Chinese guys in Bangkok were, they spent a week driving around in a van and they, they had a, a large cell tower with, with enough power that it was reaching, depending on the buildings, they're going into these condensed areas and they said it could reach from one to three kilometers. And they were texting, they texted in three days, nearly a million people. And so they were trying to get people to click on links and, and then use that to, you know, whether it's malware, steal passwords, download things, things onto their phone. And, and that shows you the power of what, what these things can do. So again like if somebody parked a van near the bitcoin conference, they could be sending out text messages trying to get people to, you know, click on links like, hey, you won this prize. You're the, you're, you, you just won a bitcoin if you click here or things like that. And, and so it, it, it was finally proof of how you could use these on mass scale.

B

So you don't even have to hook up to what you think is a legitimate WI fi. This is actually impersonating a cell phone tower and your phone might automatically connect to it and start transferring data.

A

Yeah. So it's, it's mimicking like a care, it's mimicking one of the carriers. And so cell phones are dumb and it's going to connect to whatever the strongest single signal is. So typically they'd have to be within say 50 to 100 meters of you for them to have a small one that they could hide.

B

Is there a good way to recognize phishing or hacking attempts? Because we're seeing them happen from, you know, impersonating Major companies, the big exchanges, they're trying to get people's crypto, their Bitcoin. What are signs that we should look for?

A

Yeah, well, one of the most obvious things is, and I, and I talked to a lot of hack victims and a lot of prospects, so if they've been hacked or attempt. Attempted to be hacked, a lot of times they'll end up with me at a funny, because I'm sort of the cyber nerd here. And so they're all telling me the same thing, which is that they're getting emails, text messages, and, and now actually phone calls of people saying that they're from Coinbase, from Exodus, from, you know, any of the major, you know, wallet providers and saying, hey, we, we, there's something wrong with your account. And so if any of these, if you get a call from any exchange for one, they have really no customer support, live, no phone support. And so the odds are 99.99 that this is going to be some kind of, you know, phishing scam. But in terms of, you know, somebody sends you an email or a text with the link in it, it's. It's pretty much impossible to know other than you want to make sure that you know who the person is. You want to make sure that it's, you know, because you get these, like, you have a Amazon package waiting for you, it's been your three days, click here or we're going to send it back, things like that. Just, you know, all that stuff is spam and you just don't want to click on it. And that's, you know, behavioral thing that people need to really be aware of. And, and it's costing people a lot of money.

B

Yeah. When I was a reporter, we did a story where it showed how easy it is to actually get into someone's computer. And all of a sudden they could see what they're doing from the camera. And it was just someone clicked a link and all of a sudden you are exposing your entire computer and your data to potentially someone very, very criminal. So as we start to wrap up, so if someone becomes a customer of Afani, and if you use my link, there's a discount that you'll get. Let's say they're going to the Bitcoin conference and one of these, one of these signals, one of these fake cell towers is active. Does Afani protect against that?

A

So, so for the plan that we're, that we sell today, we call it the safe plan. Its primary purpose is to prevent SIM swaps with some privacy and the $5 million insurance policy. So unfortunately our safe plan is not going to protect against MZ catchers and that's just, you know, it's, it's a very difficult thing to fix. Now we are working on a premium solution and we plan to have that out in about 90 days. We're going to sell it strictly only to our existing Afoni Safe customers first and then a couple months after that, hopefully by the end of the year we'll open it up to the public. But yeah, it's unfortunate that it's just a difficult thing and if I'm going to go to the Bitcoin conference, I'm going to stick my phone in a Faraday bag and then your phone won't work at that point. But it's better than having to be. Yeah, exactly.

B

It's good advice, Very good advice. Is two factor authentication for your accounts enough and do you have any recommendations for people that use two factor applications, what they need to know to make sure that their data is really safe.

A

So if you're in, if you're in Bitcoin or crypto, you got to use cold storage. You just have to learn how to use it. And I play golf with a lot of guys that are between like 40 and 70 years old and, and I'm starting to play with more and more that are into crypto. So I know a few of them are now starting to use the easier wallets like a Tangem wallet and some of those. But you got to learn how to move it onto cold storage. Now you have to have some place to move that crypto to, to sell it, trade it, convert it. And so you're going to have your coinbase or you know, some online wallet. So you want to have a funny and you want to have that SIM swap protection to make sure. But you if unfortunately 80% of the banks in the US are still only the SMS verification and so that's a, that's a big hole. But if you can use the Authenticator app, that's the next, that's the next step to be more secure. But if somebody SIM swaps you and gets you into your email, they can still have access to reset authenticator apps if they're a pro and they have time and then a Yubikey or like a hardware key beyond that.

B

Yeah, I actually wanted to ask about that. So people can actually hack the Authenticator apps and is that done only through SIM swap? Someone would have to SIM swap you gain access to your email and basically reset or access your authenticator yeah.

A

So we have victims that call us up and say, hey, I wish I knew about you guys, you know, six months ago. But they, they sim swapped them, hack into their email, daisy chain through another email, figure out what authentication app that they're using, and, and then, you know, reset it. So if they, if you give them enough time. This is the problem with, you know, like if, if you, if you're flying to Tokyo, you know, you're going to be on a plane for, you know, 11 hours from the west coast and you go to sleep, you play golf and, and you're not looking at your phone. So time is not, time is on the hacker side. If they, if they have time, then they can, they can get you. It's one of the reasons why, like, even on the Afani accounts we, we allow the hardware keys so you can use a Yubikey, for example, and secure your Afani account. Because that's one of the ways that people will hack you eventually is they, if you're on AT&T Verizon, T Mobile, they'll hack into your account first if they can, and then re. Change a password, change a pin, change things in your account, and then when they come back later on when they go to impersonate you and verify you, they're actually using the right information. Now it's not right for you, but it's. But when they're talking to the, the carrier rep, then, you know, they change the information. So now they, they can verify.

B

Well, this is really good information. I got my Faraday back from casa. I think you guys might have a partnership with casa. I'm not sure if you want to share anything about that, but the CASA CEO recently did a PSA and discuss recent attempt at being hacked. He actually got the hacker on a call, got him talking and revealing what his whole methodology was. His data had been released because of another exchange and a data breach that happened. And so this hacker, this is the scary part, knew how much bitcoin was associated with him and then targeted him because of that. And so I really, I really urge you to again, Afani Cold Storage, take all precautions that you can, including Faraday bags. But do you want to mention anything about the CASA partnership?

A

Yeah. So, you know, CASA reached out to us and, and they wanted a partner just because they, they secure a lot of hope. High profile people and anyone can become their customer. But you know, they're into securing Bitcoin and, and that aligns with us. About 85% of our customers are bitcoin investors. That's sort of the common theme, whether they're a professional athlete or, you know, drummer or, you know, investor. You know, bitcoin is really the common theme. And so, you know, casa mixed with the fonny is a great way to secure yourself. So, you know, they have their storage solutions. Faraday bag. I. I haven't used their Faraday bag, but I'm assuming it's high quality, like the company. And. And so they're good guys.

B

Usually when one of these attacks happens, it's from a distance. And. And the worst case scenario, they steal your money. You may or may not be able to trace it, get it back. But we've seen more serious instances, kidnappings, ransom, where someone is physically harmed or taken. What can you share about that?

A

Yeah, so there's been a. There's been a couple kidnappings this year. In fact, our. A friend of our CEO, Dean, who's the company. He's the c. He's the CEO of. He's the CEO of a wi FI company. And he got. Actually got taken out of his basement. So he was in his basement, they came and kidnapped him, and then they forced him to pay a million dollars in crypto. And so I knew this was coming. And because we've seen this, you know, if you. If you search for it, you. This has happened in Venezuela, this happened in Brazil, and I'm sure it's happened in Puerto Rico. But it's only a matter of time before, you know, it starts happening here. And it's just something you have to think about. Like, even my, you know, one of. One of the cold storage wallets I love, and I. It's this. This is the tangent ring. And so I use it only if I am planning on accessing this particular wallet, but I would not wear it outside. And so we have to. We have to start being very careful about our surroundings and people that are promoting themselves as, you know, really heavily into Bitcoin, and. And make sure that you're taking precautions that well.

B

And it also highlights the importance of multisig custody. Even with the fires that just recently happened. If you have one hardware wallet, one seed phrase, and something happens to the place where you store it, you could potentially lose all of your bitcoin. So it's really about taking some of these steps. None of them are hard. Sometimes it's time consuming. You need to do a little bit of research. But all of it, I think, is really, really necessary. We need to take responsibility. Anything else you want to share before we wrap up?

A

Just that, Afani, we support the US only but we are starting to if we do on a case by case basis. If somebody's outside the US and they, they want a US mobile number and they still need to transact and do SMS and that, we can support that. But it's on a case by case basis and I'm happy to talk to anybody who's interested in that. We do have a number of people that live overseas. They're using a fani and it's just US mobile numbers. But we would, we, you know, appreciate being part of communities such as yours. We're huge supporters of crypto, of bitcoin in particular and we're fighting for people's data privacy. Our CEOs spoke in front of Congress and so we're doing more than just Afani but trying to help change legislations. Obviously it's not working because, you know, our data is just getting stolen. Anyways, we'd love to have you as a, you know, all of the community as a secure mobile customer of ours and you can reach out to us, schedule a call. We're happy to answer anybody's question.

B

Yeah, thank you so much, Mark. It's such an important message. Head to my link afani.com Natalie you'll learn more about the service and, and you can get a discount and I just really appreciate it. I think again we got to get this message out to as many people as possible. We'll keep doing refresher episodes because there's always new stories to cover and new ways that people are finding the ability to attack and hack consumers. So thank you so much Mark. I really appreciate it.

A

Absolutely. Thank you for having me.

B

Thank you so much for checking out this episode of Coin Stories. Make sure you're subscribed to the show. Also check out our weekly free newsletter@thenewsblock.substack.com this show is for entertainment and educational purposes only. Nothing should constitute as investment advice and you should always do your own research. I'm always open to feedback and guest suggestions. So please feel free to out reach, reach out@infoalkingbitcoin.com I'll see you next time.