In a way, we could say that all of us do that. You can go onto LinkedIn and you'll see everyone exaggerating their achievements, using, you know, speak— getting invited to a— I'm not saying you two.

Oh, I do.

It's a point of contention.

Smashing Security, episode 158: The Man Behind the Missing Crypto Queen with Carole Theriault. Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 158. My name's Graham Cluley.

And I'm Carole Theriault.

And this week, Carole, we are joined by, oh, a god of the podcast, a very popular podcast host. It is the star of The Missing Crypto Queen. It's Jamie Bartlett. Hello, Jamie.

Hello. I mean, I'm not really the star. I'd say Ruja Ignatova is the actual star. I'm just the presenter.

No, you're kind of the star.

You're not the crypto queen. We should explain that. It's not you, right? She hasn't gone that deep undercover and got the—

Great Halloween costume for you there.

You know, you say that. I know I will finally accept this is a successful podcast if next Halloween someone goes dressed as the missing crypto queen, Dr. Ruja. That's my mark of success.

An excuse to buy a very expensive dress.

All right. I can give you some advice.

We'll talk a little bit more about the missing crypto queen later in this show, but during the course of it, you do raise this possibility that maybe she's had plastic surgery and changed her appearance. To avoid detection.

Oh, Graham, can we not tell everyone everything?

Oh, okay. All right. Shall we just get on with the show?

Yeah.

Carole, what's coming up on the show this week?

Thanks to this week's sponsors, LastPass. Its support helps us give you this show for free. Now, Graham is looking at the loot that a few cybercriminals walk around with, just in case you thought crime didn't pay. Jamie's going to give us some great insight into the missing crypto queen and making it and all the background information. And I'm going to get a little political on this show, just a smattering of digital snafu. All this and loads more coming up on this episode of Smashing Security.

Now, chums, chums, Jamie, I don't know you too well. Do you drive a car, Jamie?

I've got a car. Sorry, I've got a license, but I don't have a car though.

Well, that's halfway there, isn't it?

Yeah, I think so. More than halfway.

If you did have a car, are you the sort of person who would decorate it with pictures of skulls and knuckle dusters and all kinds of evil stuff like that?

I'd probably consider it, yeah.

I know, I'm thinking, I'm thinking I've got an old car and, you know, why not let its last few years of life be cool?

Well, Carole, would you cover yours with sort of camouflage to try and maybe, you know, fit into—

Oxford camouflage? Would I have pictures of students everywhere?

Bicycles? Something like that?

Well, some Oxford spires?

You know, some people would. And the kind of people who would are the two Russian nationals who've just had charges filed against them by the US authorities, because they're alleged to have run a global cybercrime organisation called Evil Corp.

So sorry, do you know if they're registered under that name?

I don't know what the rules of running a Russian business are.

You should do more research on these stories, Graham.

Well, Carole, I suspect they're not paying tax, OK? So they probably haven't bothered to also register their business.

Wasn't that Dr. Evil from Austin Powers? Didn't he run Evil Corp?

Well, yes, I was— it an Evil Corp? It certainly was an organization in Mr. Robot, because if you remember Elliot, the hero of Mr. Robot, he attempts to destroy the largest conglomerate in the world called E-Corp, which he has renamed to Evil Corp. But this particular— this Russian Evil Corp run by these two guys is said to be responsible for some of the worst computer hacking and bank fraud schemes of the past decade, said to have stolen $100 million through spamming out email attachments, which then helped them break into bank accounts and steal large amounts of cash.

Okay, no offense, Graham, but that's chump change compared to Crypto Queen.

Well, we'll be coming on to the Crypto Queen later. Is everything going to be trumped by the crypto? Should we just fast forward to Jamie's segment of the show and talk about the Crypto Queen?

Let's go.

Now look, the National Crime Agency, the NCA here in the UK, Smashing Security have described Evil Corp as the world's most harmful cybercrime group and the most significant cybercrime threat to the whole UK. I mean, that's pretty strong stuff, isn't it?

That they know about.

Well, that they know. I mean, they also know about other threats to the UK on the cybers, Piers Morgan, for instance. He'd be pretty dangerous and a significant threat, I think. But no, they're saying these guys are the most significant cybercrime threat who are out there.

I'm amazed at that, $100 million, and they say that's the most significant cybercrime threat.

Well, at least $100 million, but these guys have been operating for 10 years. They've got quite a large infrastructure, as we will hear, and the US authorities have just placed a $5 million bounty on the head of their leader, a guy who goes by the code name of Aqua. His real name is Maxim Yakubets.

Well, because he can just get out of any situation just like water.

Maybe. Wow.

Like it.

Like it.

I love these guys. Evil Corp. Aquaman.

He is a 32-year-old living in Moscow. He's been thought to have been running this for the last 10 years. The cops have been investigating him for the last 5 years. And according to law enforcement, he has employed scores of people to run his operation from the basements of smoky Moscow cafes. Why are you thinking of applying for the job, Carole?

You know, I don't know. He's obviously very successful at what he does.

It's interesting how quickly you turn.

Well, I'm just looking into it. I'm keeping an open mind. Isn't that what we're supposed to do?

I mean, here we are, 3 impoverished podcasters, and we're talking about these Russians.

I don't think I would say I'm impoverished. Would you say you're impoverished?

Well, you know, I mean, maybe not impoverished, no.

Okay. But you're starting to feel it, aren't you? Now that you've heard that $100 million is being made, suddenly you do feel a little bit poor.

You do. I mean, there's a guy in his early 30s, here I am, 50, you know.

A failure. What have you achieved compared to this guy?

Yeah, what have I managed to do? He's got himself a pseudonym, he's got himself a Lamborghini, it's covered in camouflage. He's got another one which is covered in pictures of skulls and knuckle dusters. He's got scores of people working for him from smoky Moscow cafes. He's defrauded and stolen money from bank accounts of members of the public and businesses using the Dridex malware.

So you're contemplating going to the dark side?

Well, I don't know, Carole. Do you think I should? I mean, do you think now we've been doing this show—

I don't think you'd be very successful at it, actually. I think you could try. I'm not endorsing it, but, you know.

Well, he's been operating for 10 years, and 8 people in the network have already been sentenced. The money launderers, the network of money launderers, because once the money's stolen, the money is moved into accounts and ultimately comes back to Evil Corp. Over 40 years in prison those guys have been sentenced to. And—

So they're in prison in Moscow?

Oh, no, no, no, Carole. That's not quite how it works.

That's what I thought. I just wanted to be clear.

Because yes, these chaps are known about, have been known about for some years, and they are operating fairly openly in Russia. In fact, if you click on some of the links in the show notes, we've got, for instance, a link to a YouTube video of them burning rubber in their sports cars, doing donuts in the main streets of Moscow, holding up traffic.

Oh, is that where all the hot men are?

So they've got all these supercars with personalised number plate, translates to the word thief. They spent over a quarter of a million pounds on their wedding. This guy Yakubets, it looks like something from the Eurovision Song Contest. There are lasers everywhere and chandeliers and fancy lighting. You know, it's— these guys are living very ostentatiously.

And living the dream as far as you're concerned, right? Because you feel impoverished.

I don't know if I really want to go and do a doughnut.

Do you want a laser? Do you want to go do a doughnut?

No. And the laser stuff is a bit more Dr. Evil, isn't it, I think, than evil corp.

But do you even know how to do a doughnut? Donut in a car? I wouldn't know how to do it. I don't even know how to reverse park, let's be honest. So I mean, the chance of me doing a donut are fairly remote. Well, no, maybe— I think I know in theory how you do it, but I've always looked on admiringly at the people that can. But no, never had the courage to try it. But the thing is about this is, looking at this story makes me think immediately, with all of these cybercrime cases, when you see how much money you can make and you get to be able to have Eurovision weddings and donut-themed cars in car parks, you think to yourself, well, why would you work for the local authority on cybersecurity?

Maybe they give you a free croissant in the morning.

A donut, surely, Carole, not a croissant.

Or a donut, yeah.

Well, these guys were fairly jammy, you know, because you may say, why would they work for the local authorities helping them secure their defenses? Well, Yakubets also had a sideline because he was also giving direct assistance, according to the US authorities, to the Russian government's malicious cyber efforts.

What a surprise.

Yes, what a surprise indeed. And of course, this is probably what's been protecting him from having his collar felt because they thought, well, you know what you're doing, you could be rather handy because we've got a little bit of hacking we'd like to do ourselves.

Okay, so these guys are still operating now.

Yeah.

And everything is just tickety-boo and the US is saying these dudes are bad and the NCAA are saying these dudes are bad and we've got a bounty on their heads, but they're out there having a great time and you're thinking of joining them because you want to be the next Charles.

Well, no, no, steady on, steady on. I don't want them coming around and making me an offer I can't refuse. So that wouldn't be good, right? But certainly what's happening is that the US has said, there's $5 million if you help us catch these guys. It's going to be more difficult for these guys to operate internationally. They're clearly going to have to probably stay in Russia rather than go on holidays to the Algarve, or they once toddled off to Dubai, for instance, on a bit of a beano. They're not going to be able to do that so easily. So in some ways their wings have been clipped, but I think it's going to be hard for the Americans to actually get their hands on them and extradite them, isn't it?

Yeah, it's kind of interesting how much money they might be putting into it. I guess what they want to do is warn their people and say, hey, look, watch out for these things. But I'm not hearing any of that, right? How are they getting us with email phishing attacks?

Yeah. So they have a very sophisticated piece of malware called Dridex.

Mm-hmm.

And that is spammed out via email attachment and then it puts up fake dialogues. It might steal your passwords for your online bank accounts. And they've been evolving Dridex. I think we've actually spoken about it in a past episode of Smashing Security. They've been evolving it in different ways in order to fool people, in order to get past the antivirus defenses that many people have in place.

But imagine I wasn't actually interested in cybersecurity at all.

Yeah.

How would I stop this from coming onto my computer?

Best way is to keep yourself patched, run an up-to-date antivirus, and hope that it really is up to date. Even that's not going to be 100% security against it. You can also, of course, have two-factor authentication in place for things like your bank accounts, keep an eye open for suspicious transactions.

It's like you've said all this before.

Well, yeah, I mean, it is common advice, right?

Okay, I just thought it'd be good to share, you know.

Yeah, but I don't think the authorities are simply interested in warning people about this. I think they want to try and curb these activities. And these are two youngsters, I mean, I say youngsters, they're early 30s at best, but they have been bragging rather a lot over the years on social media, posting up pictures of their high-speed car chases. They've also posted up videos of them sort of falling off hoverboards, or at one point they appear to be cavorting with baby lion cubs on their oriental carpets.

They live in a country whose

In the 1990s, the UK government was thought to have a policy towards radical Islamists, which was basically, you can live in London, do what you want overseas, but just don't attack us. And as long as you leave us alone, we'll leave you alone. And it's felt like for quite a few years that in Russia, it's been the same.

leader has had pictures of himself

You carry on with your cyber attacks on these other countries we don't much like, we will leave you alone, we'll leave you to it. But don't turn against us. If you do, then you're going to be in trouble.

bare-chested in the woods.

And it's a perfect situation, isn't it, for the Kremlin? Because they have this distance from them. And I wonder whether— I mean, the US probably knows they're never going to extradite them, they're never going to arrest them, but it's all about a power play. You're just publicizing the fact that there are these malicious actors in Russia that are being allowed to operate openly and freely. Because I think that's really becoming one of the diplomatic tools that people are leaning on each other, accusing each other of various types of corporate espionage and stuff. So it's probably just an announcement to just lean on Russia a bit more.

Think about it the other way though, right? Imagine someone living in the UK or the US hacking into some poor Russians who are falling for some scam.

Yeah, I'm wondering whether our governments are ever a little bit lax if it was the other way around. You know, we're just going to target Russian businesses, and whether our government says, okay, you know, we're going to look the other way. And I have no idea. Be interesting.

Maybe in next podcast.

Well, one of the members of Evil Corp is believed to be the son of a former mayor of one of the big cities over in Russia. So there certainly were links to politicians.

Yep. Networking kids.

Good to have connections. So, and of course, countries all around the world are hacking each other. There's a lot of this going on, but it's good. It really is good. And I think this is encouraging to see the US authorities really taking a hard line finally against Russian hacking.

I thought you were going to say, I think it's really good that he finally got a really cool car.

No, it's a gross car. Forget the cybercrimes. This is crimes against fashion and good taste. When you see the pictures of these cars—

Why do you never ask me for a lift when I get mine out?

Well, I don't think yours is— Have you still got that red leather chrome and the dice hanging up as well?

Fake leather, actually.

Leatherette. Well, Jamie, I think it's time for us to move over to you and find out something about the missing crypto queen.

What do you want to know?

Okay, so first thing, let's assume that not all our listeners took our advice to go and listen to it. But a lot of them I'm sure did, but give a little vignette on basically the whole story.

Yeah, yeah, yeah. So basically what happened was 2014, a woman turns up out of nowhere, Bulgarian-German businesswoman. She's 34 years old called Ruja Ignatova. And she says to the world, "You've all heard about bitcoin. Maybe you think you've missed the boat on bitcoin, but don't worry, I've got a new one. I've got the next bitcoin. It's going to be bigger, it's going to be better, it's safer, it's simpler. The bitcoin people are too technical anyway, they're arrogant. This is going to be bitcoin for the masses that you can really use in the local shops, and it's called OneCoin. I've invented it, and would you like to invest? And if you invest now, just like with bitcoin, you're getting in at the very beginning, price is going to shoot up and you can make a fortune."

Wasn't this at a time when there were loads of new coins coming up? Like there were tons of different coins. I mean, every day I'd be looking online going, "Oh, there's another one."

But I think the real golden age was actually 2016 when there were ICOs every other weekend and people are pouring money into these initial coin offerings. But yeah, you're right, 2014, I think that was when Ethereum first arrived. So there were these new coins arriving and there was this sort of a sense that bitcoin was just the start and there were others coming and hers was one of them. And so she says all this and very, very quickly this spread so fast. So by March 2017, over €4 billion has been poured into this cryptocurrency.

That's money, okay? That's money. €4 billion, okay? Not €100 million, measly million.

$100 million was poured in just from the UK. $100 million. So we're talking about colossal amounts of money.

And all these investors, all these people thought they were going to make a fortune themselves.

Yeah, they thought that they were going to get 10x, 20x, 30x, 100x on their investment because they were buying these coins at practically nothing. And Ruja was saying within a couple of years they'll be worth $100 each and who knows what beyond that. People were amassing these coins, 175 countries, I estimate around a million or so people invested. And then in October 2017, she disappears. She has not been seen since.

So she disappears, she just poofs, right? She's out. She's gone.

More or less, yeah, yeah. She takes a flight from Sofia, Bulgaria, which is where her head office is and where she lives, to Athens, Greece, and is never seen again.

She's the CEO and founder of the coin.

The visionary, the messiah, the next Satoshi. I mean everything. She is the genius behind this coin who everyone worshipped. She vanishes off the face of the earth and then of course the podcast is trying to find her but also to uncover the fact that this is a colossal pyramid scam and trying to work out how she's managed to pull it off.

Because that's the thing, I mean it wouldn't really matter if she had disappeared if those people who'd invested would be able to cash out their coins.

Like Satoshi Nakamoto, right? Who never appeared.

And you know, that would have been great, but my understanding, as I remember listening to the podcast, there was no way to get your money out. The promise was that this was going to happen. There was promise, oh, it's a blockchain, it's all been recorded properly. But all people really got was a website where the current price of the OneCoin was increasing all the time, so they thought their investment was increasing?

Yeah, exactly. So the idea was you buy your coins, you get your coins into your account, you open an account on the OneCoin website, and then when you send the money, you get the coins into your account. So you can open it up, look and see, oh, I've now got 100 OneCoin, I've got 1,000 OneCoin. And the price kept updating, and the price kept going up and up and up and up every month. The promise was very soon you will be able to exchange your coins back for real money again at the price on the website. But there was no blockchain behind any of this. It was just a number on a screen. There was nothing behind it. It was probably an SQL database in an office in Sofia and someone was just changing the price. So everyone thought they were sitting on, some people thought they had millions of dollars worth of OneCoin. And they had nothing at all. And to be honest, this is called a crypto scam and everyone called it a crypto scam. And we called it, you know, the missing crypto queen, because she called herself the crypto queen, but really it's actually just an old-fashioned pyramid scam. But you're using a fake cryptocurrency as the product. I mean, was your mom ever an Avon lady or a Tupperware? Because my mom used to sell Avon products. Do you remember that stuff? You get your friends around. Avon is makeup.

Yeah, there's Avon, there's Amway, there's lots of these multi-level marketing schemes, aren't there? Where there seems to be so much pressure to recruit more people to go underneath you rather than actually, you know, the product selling because it's a good product.

So that's the definition difference is that if you've got a product to sell and it's this real physical thing and you can make your money that way, that's legal. There's nothing illegal about it. And yes, it's a controversial way of selling because of the pressure that you're under to sell to your friends and family, but it's not illegal. And so Avon and Amway, they're legal companies, but if you've got no product, but you're selling in this kind of, you sell to your friends and then they sell to their friends and you build a pyramid beneath you, and the bigger the pyramid gets, the more profit you make, because you get these commissions all the time, then that becomes an illegal pyramid scheme. Scam, and that's really what OneCoin was. It was an old-fashioned pyramid scam, but using all the hype of cryptocurrencies and especially bitcoin to make people think they were buying something that was not only useful bit of makeup or Tupperware, but a cryptocurrency that's going to keep going up in value. I mean, what could be more perfect? You don't have to have your garage full of Tupperware.

When I was listening though, I was thinking, why are people actually buying into this when she's saying 100x? Do you think, because you've talked to so many of them, did you feel it made reasonable sense when you heard their reasons to believe, or did you think they drank the crypto Kool-Aid and were just in love with her?

There's a bit of that, but think about it this way as well. What returns were people making on bitcoin?

Yeah.

So when she turns up and says you're going to make 100% because you're 1,000% or whatever, they look at bitcoin and they hear the story about someone who spent 10,000 bitcoin on a pizza or whatever it was. And those stories— I invested $5 in bitcoin in 2010 and now I'm a millionaire.

Oh, Carole, I don't know if you've ever

So, or there's the guy who invested loads on a computer, threw the computer in a Welsh dump somewhere, realized he'd become a gazillionaire, and then

seen my wedding photos, but they're quite similar

tried to pay the council to find his house.

Exactly. So these insane returns don't seem that insane because they've happened.

to that, to be honest.

But she was also very, very credible. I mean, they weren't targeting bitcoin specialists. They weren't targeting the blockchain experts. They were targeting ordinary people who maybe had read an article in the newspaper about these bitcoin millionaires and thought, ooh.

I have a very big question here that occurred to me while I was listening to the podcast repeatedly. How was it possible, do you think, that magazines like The Economist and others of, with such a huge repute would not have done due diligence to actually find out if she actually was worth all that? She did have a PhD. I remember you doing the research on that. Was it really that much of a smokescreen? Or did people fail in doing any digging, do you think?

Oh, that's a good question and a tough one to answer, because there were slightly different things she did. But she was very, very good at sounding extremely believable to people. And she'd take little clips little bits of media coverage she'd had and packaged them all up, taking advantage maybe of some people's laziness to present such a believable image that she was the next Steve Jobs. I mean, she appeared on what looked like the cover of Forbes magazine. Go online and there's a picture of her on Forbes magazine, front cover, like this amazing— Zuckerberg's on there and Jobs is on there and Buffett and all that, and then there she is and you think, wow. Now, actually, what that was was a paid advertisement in a local Forbes Bulgarian franchise.

Revolting!

Which—

Come on, Carole, we've all done that.

Which in Bulgarian said paid advertisement in— But no one— I mean, who reads Bulgarian apart from Bulgarians?

Are you kidding me?

So she took that and she sent that all around the world. I met people in Uganda that had invested their life savings into this because they saw her on what they thought was the front cover of Forbes magazine. Now the question, I suppose, then is, well, why does a local Bulgarian franchise of Forbes magazine— why do they do adverts that look identical to the front cover? But that's it. I don't know. I can't answer that. But then The Economist— yes, she spoke at an Economist event in Bulgaria.

Oh, again in Bulgaria. You see, even in my research subsequently after listening to the podcast, right, I did not notice those. I basically probably did an image search on her and then saw all the covers.

Yeah.

And didn't question them.

The thing is, she appears there. Yeah, exactly. She appears there. And I think you think to yourself, well, I'm sure they would have checked. And I think everyone's thinking everyone else is checking. But from The Economist perspective, what they would probably say is, look, this was a legal company. It was operating in Bulgaria. She won the Bulgarian Businesswoman of the Year Award in 2014. I mean, who organized that? I don't know. How legitimate was that? I don't know. But you look at that and you think, okay, that seems fine to me, then we'll have her as a speaker. And so what she did was every time someone didn't quite do the due diligence they might have done or relied on someone else's research, she'd build that into her profile, and that would mean the next people who should check would say, oh, The Economist checked, so that's fine. So when Thom Jones sang at her birthday party in 2016— Yes, he probably— his advisor— Cryptocurrency— No, no, no, that's Neil Diamond. That's Neil Diamond, yes.

We're talking about the green, green grass of Bulgaria is the one we should be doing.

So she's got the wrong guy. So yeah, just like you. Thom Jones' advisor probably looked and said, well, she's been on the cover of Forbes and she's the economist.

Come on, if you're the manager for Thom Jones, you're not even going to do that. You're just going to say, someone's come along with a whole load of cash, Thom. You don't have to wash your hair.

Get yourself to Bucharest.

They're a legal company. They exist. They function legally in Bulgaria. So what's the problem? Exactly. That, I think, that's a real thing of our age. In a way, we could say that all of us do that. You can go onto LinkedIn and you'll see everyone exaggerating their achievements, using, you know, speak, getting invited to a— I'm not saying you two.

Oh, I do. Yeah. But everyone does it.

It's a point of contention. Everyone does it, don't they? And you do a little talk somewhere, you get invited to do a talk and the people organizing it are busy. Or maybe you get invited to come on a podcast or go on the TV and every— the producers are busy and stressed and then you clip that up and then you show that to everyone and then they get you on next time because you've been on this program and you build up like that. Are you a fraud, Jamie?

Just gonna check. Is this really Jamie? Yeah, exactly.

I mean, we've been joking about this, but it's really so sad hearing some of the stories of people. There's a woman who you spoke to who was a fervent believer in OneCoin and you actually play a recording of someone who was a skeptic arguing with her for ages. And she's now turned around and she's now formed this support group for people who've lost money. But it's—

That was delicious audio, that segment. It's almost— I mean, beautiful.

I had a friend who joined a religious cult and listening to some of the episodes of The Missing Cryptocurrency really reminded me of that cult-like fervor of there's nothing which Dr. Ruja can have done wrong, and for you to question her means that you're, you know, we have to close you off, we can't speak to you because you're just spreading lies, just like the BBC are spreading lies about OneCoin.

Yeah, they came back to us and said, you know, propaganda, fake news, all of that stuff. And the, one of the most insightful interviews I did for this was someone who didn't know much about OneCoin at all but had specialized in religious, new religious movements and cults. And she had so— she was a professor from the London School of Economics and so insightful about describing some of the behaviors of supporters of OneCoin. So I said to her, surely when Dr. Ruja vanishes in 2017, the believers, the people that really bought into OneCoin, would start to question, is this all she said it was? And Eileen Barker said, you don't understand, she has your money. Once you've invested your money and once you believe this is going to change the world, you can find a reason for this. She's disappeared.

She's got you by the short and curlies, right?

You don't want to admit it because it's very hard to admit you've been fooled. And people would rather— would rather— you put your reputation into this, you put your money into this, you put years of your life into this sometimes, and you would rather find a reason why she's disappeared. That's because she's gone into hiding because the banks are going to take her down and the governments are scared of her, but she'll be back soon. It's easier psychologically for you to do that. And I thought, yeah, it was right. It started to sound a bit more like a religious movement really than an investment opportunity. But you know what? This is one of the awkward things about OneCoin. Sometimes when you listen to the legitimate crypto enthusiasts, they also have the same kind of fervor. You know, bitcoin, you can't criticize bitcoin. This is the greatest thing ever. And so there are similarities in OneCoin to lots of different movements as well, you know, different behaviors that we all have. That's what I enjoyed about it as a story. I thought it said something about society as a whole.

Now, while you were recording this, when were you most shit scared?

Well, yeah, there's some scary moments.

I didn't know if it was kind of dramatized a bit or because, but I felt it. I felt it.

Well, first thing is, to be honest, there are people like that Jen McAdam, the Scottish woman, and Tim Curry, who was the person she argued with, who was a skeptic, who've been calling out OneCoin since late— well, Tim Curry's been saying about this since late 2015, and it's much scarier for them than it is for me when I turn up with the BBC and I've got these lawyers and I've got, you know, all of that stuff. I don't think I was ever as scared as they might have been doing this. But probably the scariest bit was going into the— anyone who's not listened to this podcast won't— will think this is ridiculous, but going into the beauty pageant. Yes. I know that will sound a bit of a tangent.

Yeah, it's a good teaser.

It was a truly surreal moment in the podcast, I have to say. It really was. It really was. And we didn't know at that point.

Was it— was the pace of doing the show exhausting? Because you guys travel all over the place, or how long did you do that?

Yeah, how does something like this start, Jamie? Did you come up with the idea of the podcast, or were you approached, or what happened?

Here's the weirdest thing about it, and it was exhausting by the way, because the story kind of unfolded as we were doing it. And some podcasts, because you obviously got your podcasts, and then which are sort of, they go over several years. Yeah, well, you're on 100 and episode 50, 158, is it? Yeah, wow. So, but then you've got the ones that are just 8 episodes on one story, which is obviously this one, and they're quite different even though they're both called podcasts, aren't they, and what they're about and how they are structured and everything. But some of the people that make those podcasts, they make all of them and then they release them week by week, but they're already made, they're all finished, they're all done, legal and checked, and— but they're just slowly releasing them for the tension. But we were making each one as we were going.

So cool, because we're so glad to hear that.

And you were getting feedback from listeners, weren't you, and leads and things?

It was astonishing. Yeah, well, that's what we knew would happen because we realized just how big this story was, and we thought when we release episode 1 and 2, people are going to come back at us. OneCoin's going to come back at us, investors are going to come up with stories. Maybe listeners will have spotted Dr. Ruja and will phone us up. So we thought we can't make them all. We made some of them, obviously, but we couldn't make them all. We left a lot of gaps, and each episode, we were changing them sometimes right up to literally a couple of hours before they were published.

Heavenly in a bit though, because it's quite fun. Did you suffer? Did you suffer though after you finished? After you kind of put out your last episode, did you have a bit of paradise syndrome? You know, where you're kind of like, what do I do with myself now?

Of course, yeah. And I used to get that when I used to do exams and stuff. You'd look forward to the moment it was over, and then the minute it was over, you don't know what to do with yourself. But I mean, me and Georgia, who's the producer, who's in it quite a lot—

Yeah, yeah, no, high five to her for all the production.

Amazing. Oh, incredible, incredible stuff. Yeah, really great. She was so great to work with. And but we would be, we'd be up at 6 AM on the phone to each other, and then midnight in bed, be phoning each other. What's good? Yeah, what's the date? And then suddenly, Graham, it's not just us. So it really was. But I mean, the thing is, for those who've listened, they'll know that maybe there are bits of the story that haven't quite fully finished. And so, yes, it's— ah, we're gonna be another one. Let's just say we're still talking basically every day. But you're talking seriously, right? Yeah, we're talking every day, all the time. I mean, the thing about it is though, and those people that have followed this story will understand this. It gets very weirdly addictive. You know, you become obsessed with this woman, and every weekend you're just, you know, what's the latest? Has there been a thing? And look at these videos.

And are you— when you go around Homebase, are you sort of looking down the aisles just thinking, could that be?

Yeah, because that's what she'd be hanging out. She'd be buying some doorknobs down at Homebase, which doesn't—

I don't think exists anymore. Funny you should say that, but I did spot Jeremy Corbyn in my local home base the other day.

So, well, of course he's there, he hasn't got anything else to do.

It was a while ago now, actually, but someone did tell me that they'd seen her in London recently, and swore that it was her. And I've been getting a lot of people telling me they've seen her all over. So you know what I did? I personally do keep an eye open. You know why? Because I was told by someone that she's so brazen about what she does that she would have found out where I go and where I work, and she'd probably drive by me just to see what I look like.

Do you think she may have perhaps sociopathic tendencies? Perhaps? Because it wasn't her first show at the rodeo, was it?

No, it wasn't. No. And just so, Graham, to answer your question, you said how did it come about? Just so I can— because it's quite interesting that Georgia was approached by someone, one of her friend's friends, who was in a pub going on about it, saying, oh, I found this amazing new cryptocurrency 'You know, this is amazing, I'm gonna make loads of money.' She started looking into it and thought, 'This is weird.' Phoned me up because she knew I'd covered these stories in the past and said, 'Have you ever heard of OneCoin?' And it was so weird because the whole of the crypto world, it kind of passed them by because they looked at it and just thought, this is a Ponzi scheme, this is a pyramid scam, this has nothing to do with us. So they ignored it. And the mainstream press looked at it and thought, oh, this is a cryptocurrency story, that's for them, those crypto specialists, to look at. And it kind of was just missed by everyone. And then they get on the cover of Bulgarian Forbes, and we all, oh yeah, yeah, it's almost like an echo chamber thing.

I bet they were making a lot of noise. Do you know if they were doing any investment in social media ads and that sort of thing to try and target particular victims?

That's a good question. I don't know if they were running social media.

Well, they may not have been, but of course the people who are trying to recruit other people, yeah, exactly, they were probably the ones wasting their money giving it to Facebook and Twitter or whatever, trying to get more OneCoin. And the truth is, OneCoin still going, right? Are there still people out there who still believe in it?

This is what makes the story so fascinating. There's a lot of people that still believe in it. In fact, a handful of them posted a picture the other day from the OneCoin head office in Sofia. They're still going. They're still denying they're a scam. People are still investing all the time in this because not everyone listens to the BBC's podcast. So how are they gonna— and if they do— what fools!

Don't worry, don't worry, we've got the rest of them. BBC played this, we've got about the rest.

And then OneCoin people, even if you did listen to it, you'd say, oh yeah, well guess what, BBC's fake news because they're scared of the crypto revolution. So you can't— it's so difficult to change people's minds.

Yeah. And what's really annoying is that not only is their money tied in, but people have made a lot of cash because they're selling a kind of education plan and they're getting money back.

Yeah, this is what people think, that everyone lost out who put money in, but that's not true because it's a pyramid scam. People at the top of the pyramid were making loads of money. We interviewed one guy who was making over a million dollars a month selling OneCoin because he's— so you get a 10% commission on every package you sell to people, and you'd sell a package for €5,000, you know, €5,000 worth of OneCoin, and you get 10%. And then if they sell and then their friends sell and then your pyramid gets bigger, then you get— it gets very— the only thing more complicated than cryptocurrencies and blockchains is multi-level marketing compensation schemes. Honestly, it's you get a matching boat, you have the strong leg and a weak leg, and you get sales volume per week, and then your weak leg is deducted from your strong leg, and what's left over you're paid out a percentage of that, and 40% in real money, 60% in OneCoin, that kind of thing. So people at the top who are near the top of the pyramid, they were making lots of money, but then of course most pyramid schemes nearly everyone loses out. It's only those who got in early.

It's just, it's a mind-boggling experience, even to listen to and to imagine. And that's still going. You're just reminding me of this podcast, remember that? The Shrink Next Door, Graham? And it was about this guy who had basically fooled his patient into basically taking over his life. But literally, the whole idea is 20 years, people just snowed. People can believe anything, can't they?

It's amazing. It's amazing.

But then there's a lot of things that happen in reality that are pretty crazy. I mean, didn't Elon Musk just, you know, release a crazy-ass car? You know?

I mean— Oh, that's insane, isn't it? Well, Jamie, it's an incredible podcast. Well done for putting it together. It's been an extraordinary story. I mean, we've only really sort of dipped our toe into it. I think we'd strongly recommend listeners to our show go and check out The Missing Crypto Queen. You will not be disappointed. And I really hope there are more developments in the story. I've seen some in the news, but I'm sure there are probably a few more episodes of The Missing Crypto Queen to come.

Yeah. And if our listeners, if you happen to spot her anywhere, maybe not just report it to Jamie, but take a picture, send it over.

Please, please do.

Just for a Jamie, I love your obsession. Can we be friends? Can I check in occasionally and just go, how's it going? Are you alive? bit of photo evidence. Please.

I think this will be— I think this is something that's going to stay with you for 20, 30 years.

I think you're right. And you know, the weird thing is, if she's caught and extradited and goes to prison, there'll be a certain— I would never say sadness, because this is what she needs.

I'm not suggesting it'll be a— of course you're going to do other exciting and interesting things, but it feels something which is

And for this thing to really finally stop, her being sentenced would help.

going to be there, a bit like background radiation, all the time until this woman is imprisoned.

But there'll be a small bit of me that will miss the search for her when that happens.

Well, you could go visit her in prison.

Oh, I will. Yeah, it would help. But of course there have been cult members in the past where the leader has been imprisoned and people just carry on believing, don't they? Well, that's true. That's true.

Every time I thought— because I thought what happened two weeks ago was that the brother of Ruja Ignatova, Konstantin Ignatov, was arrested in March 2019 because he took over OneCoin when she disappeared. And he admitted two weeks ago or three weeks ago in a US court, he pleaded guilty to multiple counts of fraud in connection with OneCoin as part of a plea agreement. And I thought this, finally, this is the moment that OneCoin dies. But it's still going.

Fascinating, isn't it? Totally.

Kroll, I think we should move on, shall we? Kroll, what have you got for us? LastPass. How are you going to follow that?

Yeah, okay, I'll follow this. No problem.

Tell us your brilliant story from the world of computer security and privacy.

Easy peasy lemon squeezy. Oh, well, it's not from computer security, Graham. I don't know if you know this, but in a few days' time, on the day that this podcast is made available to the world, it is election day in the US.

Yes, it is.

And I don't know how you guys feel about it, but it's a pretty scary event for me. I mean, there are a lot of people out there who want a better UK but are stumped as to how to get it. And the thing is, this UK election has been racing ahead at a clip that makes people Ben Johnson's 100-meter time look positively slow.

You should compare it with Boris Johnson's 100-meter time, I think.

Is that quite fast? See how they compete. Maybe that's how we should decide elections in future. Just get the different leaders, give them a 100-meter race. Are you guys feeling at all uneasy about it, or you already know what you're doing and it's all cool? Well, I know what I'm doing in my constituency. I know who I'm voting for, and I'm fairly confident that that person's going to win. All right, so you're just going with the flow?

Well, where I live, it's fairly easy choice. I'm a little bit worried about what the overall outcome is going to be, though. It's a weird position to find yourself actually hoping for a hung parliament. Rather than anyone to win.

No, you see, a hung parliament would be read as the people have spoken and they've said they're quite happy with more hung parliament, so carry on.

Out of the options at the moment, I think I probably am, but as weak as possible.

Yeah, I haven't— you know what, I mean, I still haven't really decided what I'm going to do. Yes. The case is still open.

You know, I thought I decided yesterday, and now I'm doing this story, I was oh God.

I am still here. I'm never going to stop.

I'll chat to you after the show, Carole, and I'll tell you what— Oh yeah, no, and I'll just do what you say.

Never going to stop. I don't care whether the BBC pays me anymore.

Now, okay, so basically, but you know what, it's not just our politics. World politics are a bit scary these days thanks to things flipping fake news and the fact that so many a content provider out there says they're not responsible for what is pushed out on their sites.

I'm just going to keep going.

But sometimes on these sites, there are some juicy truths that get through as well, right? So just because there's a lot of fake crappy stuff out there doesn't mean there's not a few gems once in a while.

Yeah, of course. Yeah, agreed. You gotta find them, but they're out there.

Just for anyone outside the UK, why would you bother following UK elections? Right, so high level facts, Graham, you're much more okay on this stuff than I am. So if I forget anything, you just jump in and interrupt me. We've got crackpot media buffoon Boris Johnson, our current prime minister. Yes, he's up for his post. And we have testy faux leather elbow patch Jeremy Corbyn. I'm sure they're faux leather, and that's basically the two main players, would you agree?

Yes, of the people who are likely to become prime minister, those are the most likely. By far, I'd say, according to the opinion polls, yes.

Yes, and we all know we can trust those 100%. One of the big issues that they're debating is the UK National Health Service, a beautiful system which is getting a lot of heat. Listeners that don't really understand, it's a loved system, but for the last decade, the system has been smacked with austerity and it has less money for services, staff, and equipment, and it's hobbling along right now.

Yeah, I think it'd be fair to say most of the population considers it very much loved, but it's also considered vastly under-resourced. Particularly now.

I mean, we did have a little time of austerity, which was timed with a huge uptick of ageing populations, so that was a really smart thing to do, because of course microcracks might become huge wounds.

A lot of NHS workers come from Europe, which we appear to be detaching ourselves from as well, which could be a challenge as well going forward.

Fun times in the UK as well right now. During the recent debate between these two party candidates, Corbyn and BoJo, they were discussing the NHS, and during this debate, Corbyn reveals a heavily redacted 451-page document, his aha moment. And he says that the document proves that US negotiations were hoping to secure "full access" to Britain's health sector as part of a bilateral trade deal. Right? This is a big deal. And Corbyn said that Labour had obtained official documents which showed that this would be the case, that the US is demanding that the NHS will be on the table in talks in a post-Brexit trade deal. So lots of people are thinking, this must be fake news, this must be fake, what's going on, this is a bit weird. But it turned out that perhaps it wasn't fake news. Johnson replied to this, puffed up his chest as only he knows how. Ruffled his hair and said, this is an absolute invention, this is completely untrue, puff, puff, puff.

Stammer, stammer.

Yeah, maybe we should link to Stammer time. Just for those who haven't seen it, go look at the show notes. There's a little cute Easter egg for all of you there. "Under no circumstances whatever will this government or any Conservative government put the NHS on the table in a trade negotiation. The NHS will never be for sale." Okay, so you're thinking, okay, bravo. This must be a storm in the teacup, but what's this document? Right, and Labour is staying totally stum about where they got it from. Johnson, of course, is demanding to know the source of the leak. It's a bit similar to the whole Trump stance on the whistleblower, right, with the Ukraine-Zelensky case. But whilst all this is going on, they didn't get a lot of time to play that game because Reddit came forward last Friday confirming that an unredacted document was uploaded as part of a campaign that has been reported as originating from Russia.

Russia again? Yeah, they're really becoming the bogeyman in this episode, aren't they?

But what's interesting is you think, okay, Russia, this is all fake news, fake news, fake news. It's being branded in a lot of this media that I saw today, and there's the ones you'll see in the show notes, as a Russian disinformation campaign. And while Johnson has denied Labour's accusation that the NHS will be carved up, it does seem that the document is actually genuine.

So what you're saying, that the document does appear to have genuinely been leaked from the government.

Well, the government, yes, but not by the government. No, no. Via this Russian sidestep. Potentially.

So your theory or the feeling is that maybe the Russians have deliberately distributed this on Reddit in order to meddle with the election chances of either Corbyn or Johnson.

Oh, don't take my word for it. Let me tell you what Reddit said in the story. Right? They said its investigation had found a pattern of coordination between the now banned accounts on its site and a Russian campaign uncovered by Facebook earlier this year. And they said, "This group provides us with an important attribution for the recent posting of the leaked UK documents," the ones we're talking about, "as well as insights into how adversaries are adapting their tactics."

Now, because they want a particular side to win.

I don't think anyone knows at this stage other than the cause, crazyola, right? I'm sure that'll all come out in the wash.

It just adds though to the general uncertainty amongst the population, isn't it, as to you can't know anything. You can't trust any piece of information because you're always trying to second-guess, well, why has that information come out? And is what has been reported actually true? Or is there some sort of undercurrent of mischief-making which is going on.

What's amazing about this, right, I mean, it's no politicians have heard of Reddit. I mean, but this is probably the first time 95% of MPs even know what Reddit is. Imagine what other amazing things are on there for them to learn about. I mean, there's all sorts of stuff on there. If they just spend 5 minutes scrolling through Reddit, they'll find things that blow their minds.

Oh, there are cat memes. Fantastic.

But the thing is about the whole story, the way I see it, is that the Russian tactics, which have been evolving over quite a few years now, have really focused on leaked strategic documents, not making things up because that's maybe risky or doesn't work so well. But there's a lot of ways you can get leaked. There's a lot of ways you can find doxing. There's a lot of weak points in society. You know, political parties have terrible security and they send all sorts of very sensitive material amongst themselves, as we saw in the US election with the famous Clinton emails. There's a lot of weak points in a democracy that aren't well defended. Or in any bureaucracy. And so, as a journalist, I know that nothing works quite so well as adding the word leaked to something, even if it's not leaked. But if you say leaked, it sounds really exclusive, even though it's been on Reddit for weeks. Add the word leaked to it, and suddenly it's an exclusive. Everyone starts talking about it. And if you're the Russians, very easy probably to get hold of a document that was a trade envoy's discussion. I'm sure there's all sorts of people that had that and didn't have amazing security. And you're right, I don't think the purpose is necessarily to get one side elected or another. It's just to make everyone confused and angry, disagreeing, bitter, nothing can be trusted, because that weakens the resolve of countries that you might consider to be your enemies. And it's very, very cheap. It's so cheap to do this. I mean, it could have been one person did this in a day.

The irony of the whole thing, though, really, right, is that it went up on Reddit, but it caught hardly any traffic at all. But somehow it ends up in the Labour camp, right? And they must have just been the cat that got the cream.

The cow gives the cream.

What are cows doing now? That's almost cannibalistic— the cat that got the cream, right? Because they must have been reading it going, oh my God, oh my God, it's so juicy. You know, and fair play to them, they did reject it before they went on national television with it, so we didn't have any micro cameras going in and trying to find out some secret information. But the whole idea here is, see, they're basically saying— so Corbyn's saying, look, you're trying to sell off the NHS in some way post-Brexit. Johnson's saying, no, no, no, no, no, no, and you know, I have this document to prove it. And they're saying, pish, pash, push, who gave you this document? And he's now gone a bit quiet now. So there's no contesting saying this is absolutely fake from the Conservative Party that I could find. But what is a little bit interesting is that last July, there was news items or murmurings that Amazon were partnering with the NHS to stream the health service advice via Alexa, right? Which all this information is already available online, but using voice. So what do you mean, NHS Direct?

So they have that website where I can go and I can say, I've got a paper cut, and you go through a sort of flowchart that eventually tells me to go to A&E or something, or you're having a heart attack. So I would be able to say that to Alexa instead, say, I've stubbed my toe, or I've got a pain in my groin, what should I do?

Or you'd say, what are the symptoms of this? How do I treat this? Right, okay.

Yeah. So that's the deal that Amazon are trying to do with the NHS, or NHS trying to do with Amazon.

But this week, it seems that responses to Freedom of Information requests published by the Sunday Times show that the contract will also allow Amazon access to information on symptoms, causes, and definitions of conditions. So basically, all relatable copyrightable content and data and other materials is going to be shared with Amazon. Now, not patient data, okay, I have brackets here, at this time, right? But no patient data is currently being shared. And, you know, they've made a lot of statements on the NHS website about the great security measures they have in place to stop that sort of thing. So there's a little ray of sunshine there, I'm sure everything will be fine. But the thing that's kind of shocking is that they didn't get any payback. So this is basically being offered to Amazon for free, right? So the UK is considered a world leader in compartmentalizing and basically organizing all this huge wealth of health information. And it's now been shared with one of the richest, well, the richest man in the world's company.

Is it that NHS are gonna give all kinds of data to Amazon to process and do data mangling on?

Whatever they want, yes.

Or is this an Alexa deal where you can speak to a database and get information on your symptoms?

So in July, it was presented as a, hey, we're partnering with Amazon to give you some Alexa. Yes. But a recent Freedom of Information request revealed, right, and this was published by the Sunday Times, that the contract between Amazon and NHS was much, much bigger than we all originally thought. And they're not just going to be giving power to Alexa to be able to help people, but they're also sharing with Amazon information on symptoms causes, definitions, conditions, basically this huge, huge, huge copyrightable database of health information.

Can I be devil's advocate for one moment? Which is that the NHS obviously needs lots of processing power and probably wants to make use of big data and, you know, rightly or wrongly, thinks that that would help people live fuller and healthier lives.

That's certainly the conservative view, yeah.

Well, okay, I know I'm just, I said, the devil's advocate.

Oh, the Labour Party will do this as well. We know that they will. They will, because it will offer savings. It will. We're struggling with an ageing population, and there will be great benefits to patients from sharing all this data, won't there? That's sure.

And my question really is, okay, so you're highlighting this and saying, oh, this isn't the big concern. Well, what big technology companies could they partner with who aren't American? You know, it's not there's a UK company who can decide to do all this data mangling for you, is there? All the powerhouses are over there.

All the signs are that one of the next big growth areas in digital technology is going to be health data, and the NHS holds what must be the best data set of databases about people's health anywhere in the world. So all the big tech— we've got decades, I would hope people's entire lives have been datafied on the NHS. Amazing stuff. And when we start processing that, amazing findings and things to learn and preventative things we can take on board. So you've got to think that all the big technology companies are going to be desperate to get their hands on this data, which worries me a great deal. I think that if the UK is going to develop a really healthy and competitive tech sector, it's going to be in health data, it's going to be in health apps, it's going to be in the next sort of wave of diagnosis tools and stuff. And we have to invest in UK-based companies to be able to do that, rather than just outsourcing it to the big players who've already got all the processing power.

I agree. You know, that privatization, we've seen it here in the UK with lots of things, trains, everything, you know, privatization is a very delicate operation. And I think it needs to be approached very cautiously. And right now, both sides are denying that there's any privatization going on, but I think you're probably right. There's no other way to maintain it without the rich funds of the private sector.

We should probably do it. We should do all this stuff 'cause of the benefits, but it's gonna have to be so carefully regulated that you're gonna want it to be with a company that's, I mean, maybe it's a public-private partnership company. Maybe it's a company that the government owns some proportion of the shares in, or, but a company based here at the very least would be forced to follow very strict UK-based regulations. And so you'd just be able to control a bit better how that data was used.

Maybe we need to nationalise Amazon and Google and some of these companies, at least in their UK operations. Maybe that'll be on the manifesto next time.

Very, very, very happy story for me. I have no idea what my end result is other than say— Time for sponsors. Yeah, it was. That's what's been on my mind this week. Excellent. Don't you love a win-win situation? Imagine if you could have both enterprise-wide password management with single sign-on. What is single sign-on? Well, Graham, let me dazzle you. Single Sign-On is designed to connect employees to high-priority apps, all without needing the user to log in at every single hurdle. Now, by combining these two services, our friends at LastPass may have just revolutionized security at the enterprise level. Learn more at lastpass.com/smashing. You don't need to say the forward slash.

Ah. And welcome back. Can you join us on our favorite part of the show? The part of the show that we like to call Pick of the Week.

Pick of the Week.

Do I say that as well? Pick of the Week. Beautiful.

Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security-related necessarily. Better not be. Well, my Pick of the Week this week is not really security-related, although it Huzzah! It is a problem sometimes you might encounter at a security conference, because I don't know if any of you have encountered the issue of smelly armpits and bad body odor.

I mean, that's not just something you get at security conferences.

Yeah, Graham, we don't hang out that much anymore, so it's not been so much of a problem.

Hasn't been so much of an issue. Well, I have to say, just recently I was saying to my lovely wife, I was saying, you know, 'Look, you know, I've noticed that I seem to be a bit stinky,' I thought. And I'd go away and I'd wash my armpits and I'd come back and I'd say, 'I'm still stinking. What on earth is going on?' And so for some reason it wasn't working. And I thought, 'This is a bit funny.' And I saw a tweet written by a rather— well, you may know him actually, Rik Ferguson, who works— He's a long-haired, heavy metal kind of chap who works as a cybersecurity expert at Trend. He's a dude. And he was recommending, he said that his life had been transformed by a different method of cleaning his armpits. And it's called NUUD. N-U-U-D.

Oh Christ, okay, so you're gonna run around naked now?

No, no, no, no, no, no, no. This is this weird little tube of stuff and you squirt out a tiny little pea size of it and you sort of, you just rub it into your armpits, Carole. And here's the wonder, here's the wonderful thing, is that you don't have to do anything again for 4 or 5 or maybe 5 days or so. You don't have to do anything anymore. You can shower.

Are you putting

Are you slathering?

Are you bathing in this

No, no, it's— I'm purely using it on my armpits.

stuff? Is that what's going on?

I am showering every other part of me, and you can

this all down your crotch?

It's a wet wipe for adults.

still shower your armpits should you wish to. Unlike other ways of dealing with your armpits, it doesn't have aluminium and petrochemicals and all kinds of nasty stuff. It's all natural. And all I can tell you is it really works. And according to Mrs. Cluley, at least she says I don't stink at all anymore.

Are you back in the old days?

So my pick of the week this week, and thank you, Rik, for mentioning it on Twitter because that inspired me to give it a try, is NUUD. N-U-U-D. Links in the show notes. We're not getting a commission.

It's when you have stinky armpits

Maybe we should. Maybe they should have a multi-level marketing. Maybe I'm now part of his pyramid. Who knows?

and you always have your elbows

Oh dear. Jamie, what's your pick of the week?

glued to your side.

Oh, mine seems really boring now, but I read an amazingly interesting article in the New York Times about this guy called Anthony Carmello, right? He's standing trial at the moment in Staten Island because he shot and killed a top gangster called Francesco Carli. Now the thing is, it seems that this young man, he's only 25, is Anthony Carmello. It seems that he was really obsessed with these weird online far-right conspiracy theories like QAnon. Have you heard of that one?

Oh yeah, my goodness.

Yeah, these things that are spreading all over the internet. I spent quite a lot of time studying conspiracy theories in the past. They're very interesting things, and it's, I suppose, sort of related to OneCoin in a way, like you create these information bubbles and nothing can break through. But the interesting thing about this is that his lawyer is basically claiming that because he believed in these conspiracy theories, he's kind of pleading insanity. And the question that the New York Times asks is, and it says that this will become a big issue in the future, is at what point does belief in a far-right conspiracy theory make you legally insane. That is what the court will be considering. Isn't that weird? I mean, but it's kind of— So weird. Yeah.

Maybe it's a question the Senate should be questioning, asking themselves soon as well.

And presumably, you could do it for the far left as well. So basically, if you're not within the acceptable bounds of—

Yeah, you can be locked up. Or you could claim as a defense against terrible, heinous crimes, claims that I was temporarily insane because I believed in this weird conspiracy theory that drove me to these acts. It's based on a belief though rather than I think any kind of psychiatric testing or whatever. Oh my goodness. But as in to have believed so much in this obviously ludicrous theories to the extent that you would then go and kill someone because you thought they were part of the anti-Trump deep state renders you insane. I mean, I don't quite know what I think about this.

Yeah, but it's kind of interesting.

I wonder which conspiracy theories qualify and which don't. So if I believe in Nessie or something, or the Abominable Snowman, whether there's been some government— there's been some government cover-up which is preventing Nessie having her day in the sun, and so I'm going to take down Anne Widdecombe or something. Oh, I don't know. You know, it's just— it's, it's a bit— but the whole world— what I've learned from this podcast is the whole world is insane.

Yeah, it's nuts. The world is a bit madder than we let on. You know, I think the great thing that we've all been assuming since the Second World War is that everyone is— democracy and all of our systems are based on the assumption that everyone is roughly rational and sensible, and that's not actually true. And we're finally beginning to realize it, and things are falling apart.

Take heed, children. He speaks sense. Hey, you know what?

It's not just listeners who have to listen to that, Carole. It's you and I, right? What are we doing? We're pod— we do a podcast. Where's the sense in that? Carole, what's your pick of the week?

Okay, I didn't do much work on my pick of the week.

Oh, nice. Okay.

No, no. Well, look, yesterday Graham and I did a charity podcast. Oh, yes.

BeerCon 1 with the Beer Farmers and the Many Hats Club.

And I was a teeny tiny little bit rude, I think.

A bit vulgar, yeah.

A little, well, you know, it was Sunday, I felt free, and maybe, anyway, I think everyone enjoyed it, I think, right? But I thought link's in the show notes. My pick of the week would be a bit more family-oriented. Just to make up, you know, address the balance. So I found this podcast, which I started listening to, right? And it's called The Radio Adventures of Dr. Floyd. It's been going since 2004, which is kind of cool, just in itself. And it's a family-friendly twist on old-time radio. It features adventures and exploits from the world's most brilliant scientist, Dr. Floyd. Dr. Floyd thwarts the plans of his evil arch nemesis, Dr. Steve. Everyone hates Steve. But what's cool about it is during all this you learn about people and events that shape history and the earth and all kinds of cool stuff like that. So there's lots of tidbits of actual useful information. So what I was hoping is that Graham and Jamie, you soon, makes sense in a second, and all our listeners could maybe get one of their kids to check out an episode, just a random episode, because I really like this, but I don't think I'm the target audience. I want the under 10s, under 12s to let me know if they think it's boring or amazing. Take a listen to one episode. The episodes are short, you know, they're not very long.

The Amazing Adventures of Dr. Floyd Radio Adventures. The radio.

Dr. Floyd. Yeah, you can find it in most places where you find your podcasts. And it's quite a fun little family time, right? Six minutes. And send me some reviews, thumbs up, thumbs down. I just think this kind of thing, we need more of this. So I'd like to know what you guys think. That's my pick of the week. I know I'm stretching it, but you know, I've done 157 pick of the weeks. Basically, I'm done. I'm tapped. I'm tapped. What do you want to quit doing pick of the week? Maybe we should.

Maybe we should do that. Carole, do you remember that one time we did the Agony Aunt Corner? Maybe we should bring back the Agony Aunt instead of Pick of the Week.

Maybe 2020 should Everyone loved that.

Everyone loved it. Well, on that bombshell, we just about wrapped it up for this week. Jamie, I know lots of our listeners would love to follow you online and find out more about the missing crypto queen. What's the best way for folks to do that?

be a brand new thing.

Oh, well, you can get The Missing Crypto Queen on BBC Sounds or anywhere else you go. What's the saying everyone says? Or wherever else you download your podcast. Yeah, I mean, that's the best place to go. I mean, I'm on Twitter as well, @JamieJBartlett. I'm still basically there. I'm posting updates. So any new bits of the story that come along, any interesting new rumors I hear, I share them there as well.

Fantastic. And you can follow us on Twitter at Smashing Security, no G, Twitter and mousetaveag, and you can carry on the discussion about the episode over on Reddit. So, Jeremy Corbyn, if you're listening, make sure to check out the Smashing Security subreddit. And listeners, you are the wind beneath our wings.

Thank you for listening, supporting us on Patreon, and giving us shoutouts. It all helps tons. And thank you to this week's Smashing Security sponsor, LastPass. Its support helps us give you this show for free. Check out smashingsecurity.com for past episodes, sponsorship details, info and how to get in touch with us.

Until next time, cheerio, bye-bye, bye-bye, adieu, Pick of the Week, adieu.

That was a long show, but you know what was worth it, Clue?