Get Smart on Smart Tech!

[Music] good day everybody my name is danielle chang i'm the vice president of sales at wire fire solutions inc hi i'm rosalind tan i'm the cyber security analyst of wirefr we're here to talk to you today about getting smart with smart tech and we're really thankful for our friends at b-sides for organizing this event for 2021. before we get into the topic a little bit about wiredfire and who we are and why we're actually qualified to talk about this topic wirefire is an eight-year-old consulting program located in gastown vancouver we're a group of consultants with engineering minds and we are focused on secured networks anything from advanced networking for mining to network segmentation for a medical

environment so tell us a little bit more about getting smart with smart tech what's going on here so the reason why we chose this topic is that as employees of a cyber security consulting firm we frequently have meetings with organizations that have been hit by ransomware or experience some sort of data breach when we dig into those incidents patterns emerge usually they have gaps in their network and they say things like well what's the big deal if i use teamviewer to access my water treatment facility remotely or their staff are under trained and they say things like oh i thought the email legitimately came from hr so i clicked the link they're getting very sophisticated too

exactly and so regardless of why the these organizations were unable to prioritize cyber security the fact remains that the security posture of an organization depends heavily on the individuals that make up the organization itself so if those bad cyber hygiene at home persists then more often than not they exist in the office too okay so in cyber security we often talk about having a strong security program means people the process and the technology so i'm following this okay and we thought a good place to start is to address these gaps through cyber security awareness right increasing awareness and but the challenge is cyber security is a very broad topic so we've narrowed it down today to smart

tech specifically we'll be asking where and when do we use the smart tech what kind of data do they collect and if that data falls into the wrong hands what's the potential consequence okay sounds exciting so but before we actually start with the main part of the talk let's make sure that we're on the same page with definitions as in what is smart tech um sometimes they're referred to as smart devices or iots short for internet of things but what constitutes a smart tech let's use a simplified uh definition for the purposes of this talk and just say that if it ticks off one uh two criterias then they're smart type so they're connected to the internet

and they can transmit data okay so like your tv or your google home devices or yeah lighting exactly and that's a good segue those examples you built because smart tech falls into three buckets first is consumer grade so something that we buy ourselves so exactly what you said it can be our smart lighting at home it can be teslas if you can afford it um i cannot there's also enterprise grade which our employers would have purchased for our offices so think of wireless printers and security cameras in our office and then the last one is industrial grade something that our city would install for us so smart parking meters or the cameras and those street lights if someone speeds

sounds like you're familiar with that i have a clean record okay fantastic how do we get started well you know i'm a gamer so i've created a game for us today that's what's behind you yeah very colorful and you have the honor to test drive it i'm excited so how this will work is i'm gonna share a few new stories with you they're gonna fall under each of those three categories i just mentioned and each story corresponds to sticky note that you have there so after you hear a story i want you to stick it on this board and the colors on this board represents a spectrum of good to bad given that wirefire is a b corp you know

that all of our business decision always considers people planet and profit so let's do the same for these news stories if you find that the smart tech in the news story has a positive contribution to society then you want to put the sticky note closer to that green end of the spectrum if they have a more negative one then you put it in the red end of the spectrum no wrong answers so go with how you feel the point is just that i wanted to illustrate the complicated nature of smart tech in our daily lives as in depending on the contacts it can range from life-saving to life-threatening best-case scenario you're going to find this activity as fun and

you learn something new today and worst-case scenario you're going to roll your eyes at me for the next 30 minutes how's that sound that sounds fine let's do this okay we're gonna start with an industrial grade smart tech back in 2016 in the city of kia the capital of ukraine they lost electrical power for an hour while 60 minutes doesn't really sound like a long time that's like a lifetime for critical systems like an electrical power grid so remember in it there's a security model and the abbreviation is cia what does that stand for confidentiality integrity and availability if i'm not mistaken perfect and it goes in that order like priority wise right but in ot

as in operational technology availability comes first followed by integrity and then confidentiality and so availability was exactly what the in-destroyer targeted a malware that was specifically designed to target power grids as most attacks goes this particular one occurred in multiple stages the first stage of the campaign was to exploit a known vulnerability in their siemens spirotech devices and as far as i understand these smart texts were supposed to protect the communication within the power grids to prevent service disruptions a vulnerability was first reported a year before the attack but they didn't patch it was known to result in dos disruptions so dos stands for denial of service think of your network as a pipe and dos

to disrupt the service is they flood it with requests and so nothing can go through and so you don't have internet for example it's the hairball of the internet i got you all right that's exactly what these devices are supposed to prevent but they had that vulnerability okay ironic isn't it second stage of the campaign was the hacker simply waited for the scheduled time and date for the blackout to occur and when the minute struck the indestroyer activated its payload and targeted four communication protocols what's unique about this malware is that it's very modular as long as one of the four communication protocols were active then the attacks persisted and was able to amplify and so in the third stage the amplified

attack was a dos tool that rendered the protection relays unresponsive and a wiper tool which targeted microsoft windows workstations that were used to administer control and configure protection relays finally it crashed the system that's the short and sweet version of that devastating incident if you were to rate the contribution of or impact of the smart tech to society in this new story where would you put it in the spectrum in any government i would think that there are very few things that would be as disruptive as taking out an electrical grid other things that come to mind might be econ 9-1-1 or a water dam or traffic light so this one's really high up there for me

when i think about it from a people perspective uh there's a couple of things that i'm thinking about what does a power grid really support right so i think about critical services like health care right people that are in life support folks that are in the middle of a surgery that blacked out might not be a great thing in terms of planet and profit well that's an interesting one because power grids also support uh things like your dams right and regulating those dams or regulating and waste water management treatment plants right what if there was a scenario where you could not control the toxins being leached out into the community i think that could have a major environmental

impact and lastly from from profit perspective i'm not familiar with the way that electrical companies are structured in the ukraine but if you're looking at bc hydro for example which is technically a non-profit but funded by our tax dollars um it's certainly going to be impacting the one of the revenue streams that the electrical company might have which is to be able to charge for their product and where does that come from unfortunately it might come back through back to us as a consumer eventually by coming through a different system right so for me um that is three red boxes so i'm going to put it right here what's next for us all right so this past earth day april

22nd the european space agency announced a three-year-long project to develop government-grade iot solutions to provide an effective natural disaster early warning system it will be capable of monitoring a range of geo hazards like floods and landslides so norway is actually piloting the program in an area that's highly susceptible to various types of geo hazards it's it's due to the topographic geological and hydrological conditions of that central region in norway a key smart tech of this project is a marsettes global l-band satellite network don't ask me to explain what that is but in a nutshell from what i understand the smart tech industry is going to be designed to collect geographic data that will be fed into a super computer

that'll potentially help prevent anyone from being harmed by natural disasters going forward from a people perspective i can definitely see the positive impact of having a technology like this deployed i don't hear any stories about collecting personal information so that's that's a very positive sign in terms of planet we're not really stopping the floods or anything like that we can't we can't um so i'm going to put that as neutral and from a profit perspective i'm going to make that a green because while we're not monetizing this necessarily it is going to create jobs for people uh in their r d of this technology and it's also going to be able to give businesses an opportunity to respond to

these threats right and act their business continuity plans protecting their profit so for me true greens and yellow puts right smack dab in green there we go so the next news story is near and dear to wire fire because i'm sure it will remind you of some of our clients no no names a quick recap on what happened last february 5th in florida hackers gained access to their water treatment facility by using a dormant remote access software and then try to poison their water supply but fortunately one of their staff was able to sport that attack imagine what the implications would be if a city's water cleaning and disinfection processes were shut down well the citizens of ellsworth kansas

don't need to imagine because they had a close call themselves when a former employee of their water district remotely accessed their computer system back in 2019 a plant operator did notice the dangerous levels of sodium hydroxide in their water system reverse the change on the one hand the florida incident was made possible with three factors one they were still using windows 7 operating system which has been end of support since last january of 2020. they use the same passwords for all of their computers for remote access and they don't have a firewall at all on the other hand the kansas incident didn't even require a cyber hack because the problem there was the credentials of the

former employee were just not revoked in a timely manner given what you just heard how do you feel about critical infrastructures such as water treatment facilities going online well i think there is many reasons why a water treatment facility might need to go online given the pandemic right now we're not able to access our offices as often as we should to keep people safe so having remote access back into your environment is a critical thing for us to keep operations going right now from that perspective i think it's important keep in mind that these systems right they're also updated in theory by the vendors that actually produce them right so common ones would be ge schneider electric

whatever it may be um so there is going to be that necessity for these environments to be lit up yeah okay but regardless you know going back to the people process and technology it sounds like these two situations ended up in the same result but through different channels right the first one didn't have the technology in place yeah that's one problem even if they did would they have the processes the people to manage it who knows but the second case like uh off poor off-boarding process that's exactly it right so we're you know that is a poor or off-boarding process and it's it's unclear to me where that actually resides right is it id maybe right

should they remove uh the the password access and all that stuff but it doesn't necessarily own the responsibility for operational technology environments so is it ot that's supposed to take away the credentials maybe everyone's pointing fingers or in this case since it's an offboarding activity should it have come from hr yeah all right so there's many ways to look at this and um for me i'm gonna put this in a yellow this is our final industrial story okay but the story doesn't actually involve one smart tech but it involves regulations towards smart tech okay so the white house recently released a 100-day power grid cyber security plan its central strategy is to develop a stronger relationship between national

security agencies and their electrical utility systems which did you know that in the u.s it's the majority is private yes i actually didn't know i did not know that so the plan will be managed by the cyber security and infrastructure security agency in collaboration with their department of energy the primary goal of biden's administration is to safeguard u.s critical infrastructure from persistent cyber attacks in order to achieve this here are some examples from the initiative so they will encourage owners and operators to implement measures or technology that enhance detection mitigation and forensic capabilities this will include concrete milestones to quantify progress that's good the second part they will reinforce and enhance the cyber security posture of critical infrastructures for

ics industrial control systems ot which i actually mentioned earlier but i didn't explain what it is it's operational technology and i.t so information technology all the networks of those three but the latter part is voluntary so to be honest the pessimistic side of me is not convinced well it's a step to the right direction i'm concerned with words like encourage and voluntary i'd prefer to see enforce and mandatory what about you i'm on the same page as you given that the real life impact that industrial technology can have on people and unlike an it where a data breach could result in a fine a breach in on the ot side could not only halt profitability but actually

can cause injury to people your pets whatever it means physical impact it is a physical palpable impact right i would definitely agree with you that it should definitely be a little bit stronger in terms of what we expect our people to do so how would you rate that that's a tough one i think i'm to go with a blend of yellow and red that would be orange we're now stepping away from industrial grade smart tech to enterprise grade and we'll start with a medical facility oh okay yale new haven health in connecticut was impacted when one of its outside vendors electa took its entire health system radiation machines offline in response to a cyber attack

but this resulted to cutting off cancer care for 200 critically ill patients statewide because the hospital lost cloud access their ceo when asked said we do not have the ability to operate the machines because the information that is programmed into those machines up in the cloud so as we speak electa is still unsure what the timeline will be to restore their services and cannot provide an estimate and we also can't rule out that pii or personally identifiable information has already been compromised so given that electa is a software specifically designed for cancer a life-threatening and time-sensitive condition it's alarming to me that neither the hospital nor electa the software company has any nearline or coldline backups

what do you think i'm thinking that's a bread that's sorry my sense is that clinicians need to start thinking of technology as a critical part of care delivery think about all the technologies that we engage with within the healthcare system if you're in a surgery that could be a da vinci machine where a doctor is around the world operating on you through robotic hands that could be the mri machine i just talked about earlier that can be an infusion pump and it's important for all these technologies to be secured especially when you're talking about an oncology uh discipline because we know that these unfortunately time is not on the side of the patient battling cancer right yeah um

so based on that i'm gonna give it a poor score that's fair i felt the same way there are options for them to back up their information and they chose not to i don't know their reason but options are available absolutely okay another enterprise smart tech is ai cameras hacked cameras which live stream peoples who are unknowingly filmed while they engage in intimate activities was not new when they flooded the news headlines back in 2019 but it was only when high-profile k-pop celebrities were sentenced to prison for consuming such content that the rest of the world took notice in some incidents cheap tiny cameras were deliberately installed on others connected ai robot cameras like tapia

were found in hotels motels airbnbs that were breached so they were hacked and live streamed to paying audiences you know i hate to say it but cameras are literally everywhere we go whether we are aware of it or not and while i definitely think that the technology is really um interesting um especially when you're thinking about it from a law enforcement perspective or a retail perspective like uh like the amazon smart stores that we do not have in canada but we do see inventories cool right so there's a lot of efficiencies to be gained for sure but i do have to say that i am quite paranoid about all the cabinets within my home and they're not even just

on a video game system where you might be familiar with it my xbox or xbox i'm thinking about my peloton oh yeah my car has cameras everywhere and you're not necessarily as a consumer making that choice sometimes right like maybe the security cameras but the ones in your car it's pre-installed exactly you know for me i'm gonna be a little bit less harsh than i have been because i do see a positive use case here moving on i'm gonna warn you this is my favorite story okay so while i can't disclose the name of the casino for privacy reasons i can tell you the details of how a hacker was able to exfiltrate data from their high rollers

database through a thermometer so gives me the chill the problem started with the smart fish tank it was installed as an attraction in the casino's lobby for their guests the technology enabled remote monitoring of temperature salinity of the water and automating the feedings of the fish the casino configured a vpn to isolate the tank's data from the commercial network and figure they were now safe but one day the activity logs revealed that a large amount of data is currently being exported at the time of this discovery the tank had already sent 10 gigs of data to finland using a transfer protocol typically used for audio and video so personally this is such an interesting case study because i've

encountered many industries that assume that because they have one or the other like an antivirus or a vpn then they're good but they have to think of it from a layered perspective right because network is a layered approach so they have to put in security measures in each of those layers you're talking about the purdue model aren't you exactly okay and so this is what that story is lacking for me uh what do you think i'm actually really familiar with the story because the folks that helped out this casino was actually my old company yeah and uh i'm gonna be sharing the same insight i did with the previous use case where yes the city of las vegas has so

many of these iot devices monitoring different things but what's missing for me here is exactly what you're talking about the purging model which is why have these organizations not thought about segmenting their network securely to prevent this type of activity going on right you know i've seen a lot of organizations where it does its own thing very secure there they think about the cia right so that's the confidentiality integrity and availability but it's not the it folks that are in charge of these fish tanks is it right and uh it's it's the people that are installing these into the fish tanks are probably thinking about i just need this thing to work you hit such a good point there because

the fact that they use a vpn that means they had good intentions they actually thought about it ahead but the execution was poor right it's too bad um yeah the way i pictured it was like you build a 10 feet wall around your castle to protect it but then you learn the hard way that your enemy can fly oh there's a good one next story okay so two years ago back in oslo the capital of norway halvor mullen was awakened by his phone ringing at three in the morning it's never a good call the call was to inform the vice president of um norsk hydro so mullen that their global aluminum production has been seized by a crippling ransomware

infection that spread through the company's networks his initial thought was to shut down the network entirely but there was nothing left to isolate anymore so as a result the company lost 110 million dollars the story is in no way outstanding but mullen and his team did something unusual that makes him an outlier among the many ransomware victims they chipped away at the stigma around publicly discussing cyber security incidents and told the public what happened in vivid detail norway's government expressed that norse hydro's willingness to share details of the breach has helped other companies block similar hacking incidents despite this many ransomware victims across different sectors still remain reluctant to discuss their experiences for fear of tarnishing

their reputation so if you were in the vice president shoes how would you handle a ransomware attack roslyn you posted on our linkedin a while back where some countries are now holding executives personally accountable for any sort of breaches that's being proposed so it may be effective by like 2025 exploring the onus is now fully on the executives of these organizations um within any sort of ransomware attack or any sort of cyber security incident i think it's really important to keep a cool head you'll hear our cto elon talk about that a lot you don't want to trigger the threat actor any more than they are already triggered i do think that the approach was correct i always feel

like it's not a matter of if you're getting attacked it's probably when so if we remove the stigma on ourselves and start building a community of well this happened to me so i'm going to share it with you so it doesn't happen to you i think that's a really nice move from a people's perspective i would rate it really quite high with green because i actually do think um it's going to be a great learning for everybody okay so that was the last enterprise grade we're now moving on to consumer grade so in tour okay back in 2019 a couple from wisconsin reported that a hacker tapped into their google home device and cranked up their

heat talked to them while looking through their camera and played vulgar music google responded by saying that the device itself was not hacked but the users failed to use mfa or multi-factor authentication to protect their credentials more disturbingly during the same year a chilling exchange is caught on camera between a hacker and eliza an eight-year-old girl in mississippi eliza's mother installed amazon's ring camera in her bedroom for peace of mind but it resulted to a strange man talking to eliza while watching her through the camera over several minutes the man repeatedly directed a racial slur at her and tried to persuade her to misbehave when asked to comment amazon had a similar response to google

saying that it's the shortcoming of the victims that they often reuse credentials that may have already been compromised from other services it sounds like the manufacturers are pushing all the responsibility towards the consumers does that seem fair to you i don't know what fair would look like in this context to be perfectly honest but i do think that the more that consumers empower themselves and myself included the better off we will be i think it's really important for us as consumers to educate ourselves on the power of changing your password yes and using mfa and using your mfa you know internet's not a new thing we all know to change the passwords on our router

so why are we not adapting that morning as we continue to light up our homes with different smart technologies we lack awareness we lack awareness and education so back to my original point there's no shortage of information out there right besides is a really fantastic source for isaka where we're both associate directors very good resource for learning about our responsibility and protecting our pia um i'm sorry pii i'm struggling with this one a little bit i'm gonna put it in yellow okay next smart tech so mark fellowes is a hitman in the uk currently serving life imprisonment and was convicted because evidence gathered from his watch revealed that he was conducting reconnaissance runs near his victim's house less than two

months before the incident upon further investigation the manchester police used this data as evidence to show the escape route fellows had taken after gunning down his victim in his own driveway so on the one hand i'm glad that the criminals own smartwatch help solve the crime but on the other hand i feel uneasy with the thought that my fitbit could potentially be used against me like there's already insurance companies like john hancock in the u.s that incentivizes their members to wear smart watches in exchange for their data what would stop these companies from using that data to raise premiums or refuse to insure someone altogether right so for you like smart watches in general how do you feel about them

i don't have a smart one but it's not because of this reason it's because i i generally prefer not to be pinked on five different devices every single day um but my mom does have one and the reason she does is because uh it should track her heart rate um tracks her activity level um and also she considers it a bit of a lifeline because she lives alone and for security reasons she likes to have access to a way of communicating with family members if anything should happen so for her very good but keeping in mind it does store a lot of your personal data right he knows way too much about you it knows

way way way too much about you so i'm hearing yellow you are here i'm gonna put it like yellow green um next story it may seem outrageous for individuals like us who live in canada to learn that there are countries that categorizes the following as crimes punishable by imprisonment being homosexual and owning intimate lifestyle products so such was the case of an incident in malaysia where the location of a smart adult toy was used to track and convict a same-sex couple for living their lives so if you remember a few months back this was the first and only story i pitched to you when we decided to do this presentation and i'm humbled by how much faith you

had in me that for letting me continue my research without knowing what kind of scandalous stories i would tell her today but seriously i'm curious to learn your thoughts on this because personally i see the pros of connecting such devices to the internet hear me out it's remote features come in handy amidst this pandemic think about that okay but i'm not sure if the pros outweigh the cons so what about you how do you feel about it um i'm gonna be perfectly honest this is not a world i'm very familiar with but i'm glad you did the research on a wi-fi laptop so i consider myself a bit of an advocate for diversity in my volunteer life with isago i

actually am the associate director for she leads tech and we're highly inclusive of all genders and all sexual orientations at wire fire we als also encourage um and actually mandate ourselves to hire based on diverse principles right so it is really sad for me to see that some countries can still punish someone for homosexuality by throwing them in jail or worse so i'll say that first i think especially in these pandemic times there is a lack of intimacy connection and this technology is clearly fulfilling a gap right physical emotional whatever it may be i i recognize that this is an innate human desire to have um and how individuals seek that out is entirely their business and i believe

that if they're not hurting anybody do what you like right live your life live your life um for me though and i don't know where to put my red against it won't be the technology but it will be the government because i feel like this is very uh an ethical use of technology that was it's not intended for this purpose exactly right um and when we get into surveillance of people in their own homes and unfortunately depending on where you live in the world right now it may not be acceptable in canada it certainly isn't and that's our privilege to recognize but in other parts of the world um it is acceptable and it's a really tough question to answer i

i hear you i mean i'm from asia as well right so i i did i didn't migrate here until i was 18. so i have lived quite like two lives of something a country that's very conservative and a country that's liberal um so yeah i totally understand where you're coming from and i i see i can see why you would put it in red absolutely without trying to cast judgment on how people govern how people live their lives or how to use information i'm gonna go with gut and my gut is telling me that's a red all right so the last story is a little bit something that we touched on earlier already because you mentioned something about

your mom but i'll tell it anyway okay so bob march is a 58 year old man who received an apple watch as an anniversary present and once he started using it he noticed erratic heart readings with highs as much as 127 beats per minute and lows in 60s on getting track from a practitioner he was diagnosed with arrhythmia a condition where people suffered irregular heartbeats causing his heart to work in overdrive soon bob had to go through surgery and now he's doing fine and goes for daily runs with his puppy so apple is not a b corp but their apple watch got me curious if it serves people planet and profit so according to their self-published

environmental report apparently it does um it's it's very like it use recycled materials it has a minimal packaging and all that but are you sold like i know your mom has a watch you don't so if we revisit this based on this story i mean where would you rate apple watches i look at it from the people profit and planet perspective people first i'm going to say yes right um clearly uh this gentleman would be in a much worse position had he not picked up that he may have potentially arrhythmia and i believe that by having this beautiful gift from i assume his wife if it's an anniversary gift it potentially prolonged his life with her so i think that's a wonderful

thing from a planet perspective you know maybe um maybe that's true and i applaud the effort but we also have to consider the supply chain right what does your carbon footprint look like if your product is designed in california but made in china yes and what about the minerals involved right are they there are many um many instances where there's conflict materials being used in our technologies does apple avoid those right so we have to really consider the full uh supply chain and profit um well they make a lot of profit yeah i think they're doing well i think people are doing well at apple so let's take a look i'm gonna put this in yellow green just because of the

question mark around the planet cool so in my research it seemed that people's attitudes towards smart tech fell under one of these three categories you're either a person who actively avoid buying these things because you really want to protect your data you're an individual who dislikes the idea that google can predict when's your next menstrual cycle and knows when to target you would damp on ads but as long as there's some sort of benefit they reluctantly use the the product still that's me and then the third is just individuals who don't see any problem with it after doing this activity did this impact you in any way of how you think about smart tech you know i think about smart tech a lot

given what we do at wirefr um so i think what what it's made me aware in this process is that i'm willing to give away a bit of my privacy for the benefit that technology brings to me um i think i said earlier that you know i wish i was always a responsible netizen i was not right in 1995 when we had dial-up there was none of this yeah i talked to strangers through icq like icq whatever it was right um so for me for somebody like me you know the world knows as much about me as i do maybe even more so given that it's less important for me to really be safeguarding my data

and what i really love about people having access to it is that i get things that are pushed to me that i actually enjoy instagram for example it knows exactly what i like netflix suggestions netflix suggestions music suggestions so i'm constantly surrounded by things that i really enjoy what was really interesting was how much i'd be willing to give up for the sake of convenience convenience yeah right and i don't think i'm alone in that no and i hope viewers don't walk away from this session feeling like i'm against smart tech i mean i i have a fitbit i have smart lights at home i i own a smartphone but and i find smart technologies

awesome but i don't find them completely awesome i if applied correctly i think smart tech can help drive smarter more efficient operating environments for manufacturing plants utility providers power stations and more like predictive maintenance alone could help vast amounts of outgoing costs while also helping critical infrastructure run smoothly but what do we frequently hear from our clients they struggle to find their gaps because they don't even have visibility of what their gaps are and second when we finally help them gain visibility they're overwhelmed with the amount of things that they need to address and then third they're under staff and already struggling to keep their heads above water cyber security gets neglected and unfortunately buying the latest and greatest security

tools doesn't automatically solve their problems yeah so all of these concerns are fair but we got to start somewhere and in my opinion cyber security awareness is one of the cheapest and most accessible places to start what do you think about that i don't believe that people should fall into the victim mentality because it suggests that you're not empowered to resolve it right yeah and the way i see it is that we're always on our smartphones anyway so why not incorporate some cyber security news into our media diet from time to time if you don't like reading we have friends from cyber security matters podcast can just listen to those right and they give really good insights

it's impossible to dictate what is available in the market as well for us to consume right and we can only hope that manufacturers will incorporate security into their designs or that city officials will properly vet smart technologies that they deploy in our cities despite not having the choice all the time because our employers our cities have already chosen to be smart on our behalf the best we can do as consumers is to take the initiative to educate ourselves so we know what to look out for thank you everyone i hope you learned

something