GRAHAM CLULEY
To pay or not to pay, that is the question. Whether 'tis nobler in the mind to suffer the slings and arrows of outrageous malware or to take armfuls of bitcoins and buy paying—
MARIA VARMAZIS
Damn it, it's done.
CAROLE THERIAULT
It sounds like a Dalek doing Shakespeare.
Unknown
Smashing Security, episode 223. Doxing, nudes, and insurance dudes with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, episode 223.
My name's Graham Cluley.
CAROLE THERIAULT
And I'm Carole Theriault.
GRAHAM CLULEY
And Carole, we are joined this week by returning guest, family favorite, Maria Varmazis.
CAROLE THERIAULT
And my Sticky Pickles BFF.
GRAHAM CLULEY
Hey! Wow, I think that could be a record. Only 12 seconds in, we've already got a plug for Sticky Pickles.
MARIA VARMAZIS
And it wasn't me who did it this time. Amazing.
CAROLE THERIAULT
Graham, you plug your website every time you say your name dot com.
GRAHAM CLULEY
So, what's new with you, Maria, or indeed with any podcast you may happen to co-host?
MARIA VARMAZIS
Well, our podcast is doing amazingly, so please listen to Sticky Pickles. That's exactly— I am half vaccinated. My kid is back in school.
GRAHAM CLULEY
Top half or lower half? Which half?
MARIA VARMAZIS
Oh, you'll have to guess. That's for me to know and you to find out.
CAROLE THERIAULT
Graham, if you're getting this shot in your ass cheek, something's wrong.
MARIA VARMAZIS
One can though, you can ask for that.
CAROLE THERIAULT
Oh gosh, can you?
MARIA VARMAZIS
Just needs to go in a muscle if you have any butt muscle left.
CAROLE THERIAULT
You don't tend to sit in your shoulder, you tend to sit in your ass.
GRAHAM CLULEY
Can I just remind you guys that I'm editing this part of the podcast?
MARIA VARMAZIS
We're making it extra difficult for you.
CAROLE THERIAULT
That was gold.
MARIA VARMAZIS
You're not gonna keep that banter?
CAROLE THERIAULT
Exactly. So why don't we move on to thanking this week's sponsor, 1Password and Duo Security. Their support helps us give you this show for free.
Now, coming up on today's show, Graham, what do you got?
GRAHAM CLULEY
I'm gonna get Shakespearean on your ass.
CAROLE THERIAULT
That's the word du jour. Maria, what about you?
MARIA VARMAZIS
Okay, cars, inspection, and malware.
CAROLE THERIAULT
Whoa, sounds super sexy. And mine is one for the boozers out there. Bad guys are after you. All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY
Now, chums, after that rather tawdry beginning to the podcast, I feel we need to raise the tone a little bit. We need a little bit of culture, maybe.
MARIA VARMAZIS
I'll leave the podcast.
GRAHAM CLULEY
So how about this? To pay or not to pay? That is the question.
Whether 'tis nobler in the mind to suffer the slings and arrows of outrageous malware, or to take armfuls of bitcoins and by paying—
MARIA VARMAZIS
Exterminate, exterminate!
CAROLE THERIAULT
Yes, exactly! Sounds like a Dalek doing Shakespeare. Just watch it. Oh my God.
MARIA VARMAZIS
That was a journey you took us on, I just gotta say.
CAROLE THERIAULT
Did you see the sci-fi set?
GRAHAM CLULEY
I'm sorry, Maria, I should have said it in the original Klingon, shouldn't I?
GRAHAM CLULEY
It is, of course, a huge debate. Should we pay ransom demands or not if we're hit by ransomware? And it's a struggle that many companies have.
Paying a ransom can get you out of a sticky pickle for sure. But if you're— Oh, even I'm doing it now.
MARIA VARMAZIS
Oh, I love it.
GRAHAM CLULEY
No, because it can work, right?
Because if your extortionists keep their word, you'll get a decryption key to recover your data and your files, unlock your computers, and hopefully they'll not release your stolen data to the wider world.
MARIA VARMAZIS
Well, rely on the honour of thieves, right? Yeah, sure, they'll keep their word.
GRAHAM CLULEY
But they're running a business, aren't they? It would be bad for their brand as criminals if they didn't keep their word, because they want to extort more money out of more people.
It's simply good business for them.
CAROLE THERIAULT
It's so interesting, that concept, right?
That they are going to follow good business practices, but they're an illegal company that just basically, you know, ransack you and then steal your data.
CAROLE THERIAULT
Politely. And with, "Thank you very much for your payment."
GRAHAM CLULEY
"Please rate us." Some ransomware gangs offer better customer service and support than legitimate companies.
They will give you advice on how to better secure your business in the future. They just did that with FatFace.
CAROLE THERIAULT
Yeah, that's right.
GRAHAM CLULEY
It's a UK retailer who just paid up a ransom.
MARIA VARMAZIS
Well, they probably get better paid consultants there on the illegal side.
GRAHAM CLULEY
But of course, by paying, you're sending out a clear message to other criminals that you're prepared to pay ransoms. You know, that's kind of useful to know, isn't it?
If you're an extortionist, it sends out a message that cybercrime does pay and encourages others to enter the world of extortion.
So there's more criminals jumping into the ring thinking, oh, this seems a pretty good thing to get involved with.
CAROLE THERIAULT
So what's missing? Why is this happening?
MARIA VARMAZIS
Why is ransomware happening? Yeah. Do you think—
CAROLE THERIAULT
I'm not saying it makes money.
CAROLE THERIAULT
Yeah, it makes money because—
MARIA VARMAZIS
End of podcast.
CAROLE THERIAULT
Do you think— do you think it makes money because of lack of legislation? Surely, surely that's the problem.
GRAHAM CLULEY
It makes money because people pay it and the criminals don't get caught. You know, it's really simple.
There's only two things which could change this is if nobody ever paid a ransom or if all the criminals were caught. And neither of those are terribly likely to happen, are they?
MARIA VARMAZIS
No, I don't think legislation is going to make criminals think twice about what they're doing.
GRAHAM CLULEY
So it continues. Ransomware demands can be pretty high, right?
GRAHAM CLULEY
But the cost of not paying can be devastating as well.
And so I think some companies are paying because they think, well, we don't really want to pay, but it would be worse if we didn't.
If you didn't pay, you can hold up your head and say, oh, we're proud of our decision. And you know, but what happens to your company? Can it survive?
The cost may be higher than the ransom being demanded. What's going to happen to your staff, your business partners, your suppliers?
What impact might it have on them as well as your organization? And what's to say you won't be hit by ransomware again and again and again?
And have you learned the lesson from the past? So some do weather the storm, notably Norsk Hydro in 2019. They were hit by ransomware. Their profits plummeted 82%.
CAROLE THERIAULT
For how long?
GRAHAM CLULEY
Well, yeah, for a while. They weren't able to do any business. They basically shut down much of their business while they were dealing with it because it was a huge problem.
They refused to pay the ransom demand, which would have cost a lot less than the £45 million the attack eventually cost them.
Now, inevitably, with the rapid rise of ransomware, others, as I say, have seen the opportunity to make a quick buck, including insurance firms.
CAROLE THERIAULT
We've talked about this.
GRAHAM CLULEY
It's now not uncommon for companies to not just have cyber insurance, but specific coverage for ransomware attacks to cover the cost of a ransom should one be demanded.
And the British Association of Insurers, they say that paying the ransom is the cheapest and most effective option for companies. Well, they would say that, wouldn't they?
MARIA VARMAZIS
Ah, okay. Yeah, 'cause yeah, they get a cut.
CAROLE THERIAULT
Yeah. The insurers say that.
GRAHAM CLULEY
The insurers say that. They say paying the ransom is cheaper and more effective for companies than anything else.
They still think you should try and prevent it, but they think it's probably the sensible thing financially.
CAROLE THERIAULT
That's mind-blowing.
GRAHAM CLULEY
Well, some people do agree that it's mind-blowing. For instance, Kieran Martin is the former head of the UK's National Cybercrime Centre.
He's now a professor at Oxford University, just down the road. He says that insurers are, quote, funding organized crime by accepting ransomware claims.
GRAHAM CLULEY
Of course, the insurers are paying out. Marcus Willett, who's now at the International Institute for Strategic Studies, but used to be a bigwig at GCHQ, the UK snooping outpost.
GRAHAM CLULEY
He has argued in a recently published article that payments fund criminal organizations and only make ransomware attacks more likely.
And he says that what is needed is new laws which establish disincentives to pay ransoms.
CAROLE THERIAULT
Oh, so legislation.
MARIA VARMAZIS
So interesting legislation to punish businesses who pay? Oh, jeez.
GRAHAM CLULEY
I think what he's actually saying is that the insurers shouldn't be able to offer ransomware insurance because it's currently too convenient for companies to use their insurance to pay up.
CAROLE THERIAULT
Okay, here, let me give you an example here, right? Let's assume that ransomware is like marijuana, which I know is legal in many places, but it's not legal in the UK, right?
GRAHAM CLULEY
Jazz cigarettes, you mean?
MARIA VARMAZIS
Jazz cigarettes.
CAROLE THERIAULT
Yes, right, right. Okay, right. So if I pay money to buy a bunch of jazz cigarettes, an illegal substance.
MARIA VARMAZIS
Why would you do such a thing?
CAROLE THERIAULT
I am at risk of being arrested. I am breaking the law.
CAROLE THERIAULT
So why is it not the same for if you get ransomware?
CAROLE THERIAULT
I'm not saying it's your fault that you get ransomware, but you get ransomware and you're kind of fucked and you're going to go fund an illegal operation in order to justify business proceedings.
MARIA VARMAZIS
It makes me think of the old mafia movie stereotype, I'm sure based in some reality, of the guy showing up at your business going, you know, we provide protection on this street and you got to pay up, otherwise, you know, we're just going to make life very difficult for you.
And then I'm imagining the grocer turning around to their landlord going, I need— or their insurance company going, can I have money to pay the mafia protection please?
I mean, did that ever happen? Maybe it did, maybe some listeners like, actually, that was a totally thing that happened, I don't know.
GRAHAM CLULEY
So Marcus Willett is saying that new laws are needed to establish disincentives to pay ransoms. And I was wondering, can you think of any disincentives that could be put in place?
MARIA VARMAZIS
Yeah, like you get fined a fucktonne, more so than just what the ransomware is asking.
GRAHAM CLULEY
Maybe that'd just get added on to the insurance though, would it? You know, it could just be increased, couldn't it, to cover the fine as well, I don't know.
MARIA VARMAZIS
Yeah, I think some companies, if they've got deep enough pockets, will say, well, cost of doing business. Of course, the little guys will get screwed, yeah.
GRAHAM CLULEY
So I've thought of some disincentives.
I've tried to work out, you know, if the government were to follow the advice of these former bigwigs involved in the UK's cybersecurity, well, how could they do that?
So companies are paying ransoms because they think it's quicker and cheaper than the alternative of not paying ransoms, right?
MARIA VARMAZIS
And in some cases it is, yeah.
GRAHAM CLULEY
So maybe we need to make it more expensive to pay the ransom. Maybe the government should introduce a ransomware tax, just as it has on taxes on tobacco or vehicle fuel.
So yes, you can pay your ransom, but you've also got to pay money to the government when you make that payment.
CAROLE THERIAULT
So what, you pay the mafia, you pay the mafia, and then pay the government?
MARIA VARMAZIS
Yeah, thank you very much.
GRAHAM CLULEY
This could get us out of lockdown. This could get us out of all Brexit mess, we could collect money from the ransomware business.
CAROLE THERIAULT
It's incredible to me. It's incredible to me that you are not a lead policymaker.
GRAHAM CLULEY
It is to me too.
MARIA VARMAZIS
Wow, just, I'm in awe of that suggestion, Graham.
GRAHAM CLULEY
I thought all that money ends up in a big pot, right?
Which could then be divvied out to the ransomware gangs themselves as protection money saying, hey, hey, leave the UK alone and we'll keep this coming to you, go and hit some other countries instead.
MARIA VARMAZIS
Oh yeah, the internet totally works that way.
CAROLE THERIAULT
Yeah, I've got a much better one. You get caught paying a ransom, you and everyone that works for you has to wear clown shoes for an entire month.
GRAHAM CLULEY
That is pretty good, right?
CAROLE THERIAULT
Because it'll be irritating and, you know.
GRAHAM CLULEY
Oh, what if you were forced to change your corporate logo to show that you'd caved in?
GRAHAM CLULEY
Imagine a fat face with a giant clucking chicken on the front of their store. I was going, "Bok, bok, bok, bok, bok, bok, we paid." That'd be pretty bad for the brand, wouldn't it?
You just had to do that.
MARIA VARMAZIS
You have no sympathy for these guys. I feel really bad for these folks that have to pay the ransomware, in a lot of cases, they really feel like they have no choice.
GRAHAM CLULEY
Spoken like a real mum.
MARIA VARMAZIS
No, I just feel— A heart. I feel really bad for the smaller companies, the bigger ones, a little less sympathy, but you know, shit can happen to anybody. But for all—
CAROLE THERIAULT
Yeah, the mom-and-pop shops that get stung by this stuff and get hit hard and maybe have to close the business as a result suck. It sucks, right?
GRAHAM CLULEY
Yeah, yeah.
MARIA VARMAZIS
Because every day that they're not doing business, they're hemorrhaging all that money.
And you know, how long do they have before it becomes a 'we do one or the other, we're screwed either way'?
CAROLE THERIAULT
Yeah, but it's the equivalent of Ashley Madison got hit by ransomware.
MARIA VARMAZIS
I mean, okay, if I was working for them, maybe I wouldn't feel that way. Yeah, there but for the grace of God go we. I mean, this whole situation just sucks.
GRAHAM CLULEY
So in his article, Marcus, by the way, his article, you can't read it in a web browser.
You have to download a PDF in order to read his article, which I have to say, when I thought I was being socially engineered into— I thought this is going to hit me.
But anyway, I'll put a link in the show notes and people can decide if they want to download it themselves or not.
But he does make some good points about the need to take security more seriously, security awareness, better measures against phishing, you know, keep on top of patching and protection and all those sort of things.
But what he hasn't done is explain how he's going to disincentivize or de-incentivize the paying of ransoms.
CAROLE THERIAULT
I don't know.
GRAHAM CLULEY
Because it feels to me that a whole lot of—
CAROLE THERIAULT
Oh yeah, it's super easy, Graham, as I think we've discovered during the length of your show.
GRAHAM CLULEY
Well, yeah, but I think we need to, you know, before you say, oh, this is what we should do, but not actually give any methods of doing it.
At least I came up with a couple of methods, and you came up with clown shoes.
CAROLE THERIAULT
I think I said legislation. I think at minute 3, I said legislation, but anyway.
GRAHAM CLULEY
Yes, well done.
MARIA VARMAZIS
The idea of just punishing people that are stuck paying ransomware just feels just mean. Really, I mean, we're, God.
GRAHAM CLULEY
And how does it work multinationally anyway? Because everyone would have to agree, this is what we're going to do, so no one will ever pay. I think it's a good start.
CAROLE THERIAULT
Yeah, so, okay, what about if you had a standard, right?
So if people meet a specific standard for their website or for their company in terms of security, which is, I guess, you know, if you're meeting certain... what are they called?
What is it called?
GRAHAM CLULEY
You mean like cybersecurity essentials?
CAROLE THERIAULT
Yeah, compliance, compliance, right?
MARIA VARMAZIS
Yeah, that's going so well so far.
CAROLE THERIAULT
If you meet compliance, government stipulated compliance, and you're like, check, check, check, check, check, and we've got the signed seal of approval of this, then you get stuck by ransomware, maybe you're given a pass because that situation might have been—
GRAHAM CLULEY
The bar is so low to pass these things. Oh my God.
CAROLE THERIAULT
You guys, I've read these things. They're pretty intense.
MARIA VARMAZIS
You don't think people fudge that stuff so much and just go by the absolute bare minimum to get the check box?
CAROLE THERIAULT
If they fudge, they do not get— but same as insurance, right? You fudge your insurance, you fudge your health insurance, good luck getting a payout.
GRAHAM CLULEY
The irony is now that we saw a company, we mentioned it a couple of weeks ago, CNA Hardy.
So some of these cyber insurance companies are themselves getting hacked so that the hackers can identify who's got insurance.
MARIA VARMAZIS
Oh my God, of course they are.
GRAHAM CLULEY
Yeah, of course. They hack those customers and then they hack the insurance company and hit them with ransomware as well.
MARIA VARMAZIS
Yeah, the solution is to just disconnect your company entirely from the internet. Yes, really, that's the only way. Exactly. Yeah, just get off the internet completely.
Go back to the little paper things for credit cards.
CAROLE THERIAULT
And if anyone wants a CD-ROM of this episode, just let us know.
MARIA VARMAZIS
We only do paper copies now. This is actually transcribed.
CAROLE THERIAULT
We'll fax it to you.
GRAHAM CLULEY
Maria, over to you. What have you got for us?
MARIA VARMAZIS
Well, my story is actually potentially ransomware related, but let me take you to the glamorous world of car inspections. So, wow.
CAROLE THERIAULT
Words I never thought I'd hear together.
MARIA VARMAZIS
Yeah, it's a segue, right? So I'm going to just explain you're 5 years old what a car inspection is, because I don't know how globally this is known.
And I know we have listeners in all corners of the world.
GRAHAM CLULEY
Thank you so much, Maria. I really appreciate this.
MARIA VARMAZIS
Yeah. Yeah, at least one corner, right?
So at least here in the States, we have to do maybe every two years, or at least here in Massachusetts every year, a car inspection to make sure your car is roadworthy, safe to drive, and not emitting terrible extra levels of pollution from the tailpipe.
So here in the States, it varies from state to state, but generally you get a little sticker on your car's windshield with a month on it saying that's the month you have to get your car inspected, and the color changes every year.
And the cops love to pull people over whose car inspection has lapsed, and you get slapped with a moving violation and your insurance rates go up if you don't get your car inspected.
So you gotta do it, and it costs a little bit of money, but it's an important part of owning a vehicle.
Except here in 8 states in the United States, including the one I'm in, Massachusetts, car inspections have not been happening since about March 30th.
CAROLE THERIAULT
Because of the 'rona, I'm guessing?
MARIA VARMAZIS
Not because of the 'rona, no. It's because of malware. Oh, so here in Mass, they're still not expected to resume until April 17th at the earliest.
And so that's over 2 weeks of no car inspections happening. And so that's about 15,000 cars a day in this state alone that aren't getting inspected.
And these inspections happen at generally tiny little mom-and-pop auto shops that really depend on the income that these inspections bring in because it's a flat fee and auto shops get the bulk of it.
So there's a company in Wisconsin called A+ and they run an emissions technology business and they are the vendor that these 8 states officially use and are contracted to, to do the emissions test.
So they hook up a pipe to a computer to the car's tailpipe and A+'s technology basically goes, this car is clean or it's not clean.
So your car cannot pass inspection without that test. So A+ got hit with some kind of malware, and they're not telling us what.
But because this malware attack of undisclosed nature—
GRAHAM CLULEY
It was ransomware, wasn't it? Let's be honest, it was almost certainly ransomware.
MARIA VARMAZIS
Almost certainly ransomware. Because it's so gnarly that all of these inspections across all these states have shut down.
And again, as of right now, two weeks later, they're still not happening.
CAROLE THERIAULT
That's 8 states. That's not— that's not— that's 20% of the states almost.
MARIA VARMAZIS
And these are also big states. This is Massachusetts, New York, Texas.
GRAHAM CLULEY
Oh, these are states which people live in, as opposed to some of your American states.
MARIA VARMAZIS
Yeah, it's not just like Wyoming and North Dakota, it's like the states with lots of people.
CAROLE THERIAULT
I thought it was a state of mind for a second.
MARIA VARMAZIS
Oh my God. Okay, so the A+ basically said they got hit with some kind of malware attack and they found out about it on March 30th of this year. So right at that month changeover.
So whoever hit them was clever about the timing.
We know that the attackers may have been able to steal bank account and other sensitive financial data, not from the car owners but from the tiny mom-and-pop auto shops.
So, oh yeah, so basically A+ as a vendor that helps with the emissions testing, they get a tiny cut of every single inspection done.
And it sounds like they get paid directly by ACH through the auto shop's business checking accounts.
So it sounds like the breach was able to potentially pull the actual banking checking account information from every single one of these mom-and-pop shops.
GRAHAM CLULEY
Oh, that's terrible.
GRAHAM CLULEY
You know, I do know someone who runs a little garage in America, 'cause I used to watch the Dukes of Hazzard and Cooter, who—
CAROLE THERIAULT
Okay, that wonderfully sensitive show.
GRAHAM CLULEY
Yeah. Wow. Cooter used to—
CAROLE THERIAULT
He was the very appropriate Daisy Duke and Roscoe Sweeting.
MARIA VARMAZIS
Yeah, I know him. He lives down the street. I know. We all know everybody.
CAROLE THERIAULT
Did you always dream of being the big boss, Graham? Is that what you're trying to tell us? Boss hog. Ransomware.
GRAHAM CLULEY
I was more Roscoe 'Bee' Coltrane. That's who I want to be.
GRAHAM CLULEY
Yeah, yeah, he was cool. He was cool.
MARIA VARMAZIS
So what was the point you were trying to get to about—
GRAHAM CLULEY
No, well, I was just saying, because you've— this whole image of tiny mom-and-pop little auto, you know, it's not big businesses necessarily who are going to be hugely impacted through no fault of their own cybersecurity.
CAROLE THERIAULT
Correct.
GRAHAM CLULEY
Or of Cooter.
MARIA VARMAZIS
Don't get me wrong, there are definitely bigger auto places or car dealers that are also affected, but I mean, I live near a lot of places that are just tiny and the inspections really are the vast majority of their business.
So not being able to do these for more than two weeks now is, is in the pandemic still, is killing them. So I'm sure as you could imagine, the fix is on and it's rather urgent.
So what does it look like to fix a security problem with a car emissions tester was the question that I had.
CAROLE THERIAULT
Oh, oh, I can answer that.
MARIA VARMAZIS
Do you, a quick rollout over, you know, the cloud?
CAROLE THERIAULT
What do you think it looks like? No idea. I'm kidding.
MARIA VARMAZIS
Oh my God. I was really, really excited for you to tell me what it looked like.
So apparently it requires shipping USB sticks with the software to nearly 2,000 auto shops in this state alone. What?
And then walking each and every one of the auto shops over the phone through the reimaging and rebooting process for these industrial machines.
CAROLE THERIAULT
Oh my God. This is the IoT nightmare. Nightmare. This is it, people.
GRAHAM CLULEY
And they won't necessarily be that tech savvy, will they? Because it's just they've always used the computer in one particular way. So they're booting up Windows—
CAROLE THERIAULT
Windows 95, if they have a computer.
MARIA VARMAZIS
Yeah, I mean, there's a place that I take my car to that's right down the block from me. It's this old Armenian family. They speak a little English, and I love them.
And there is not a single computer in their entire building except for this tailpipe thing. I mean, this place is going back in time 50 years. I love it.
And I'm just trying to imagine them walking through this process.
CAROLE THERIAULT
You better go over there and help them.
MARIA VARMAZIS
I don't speak Armenian.
GRAHAM CLULEY
Well, Maria, if you really liked them, you'd learn how to speak Armenian.
CAROLE THERIAULT
That's true.
MARIA VARMAZIS
That was my dad's argument for learning Greek. It sounds very familiar.
GRAHAM CLULEY
Carole, tell us what have you got for us this week?
CAROLE THERIAULT
So we're hitting the boozer, kids. Has your alcohol consumption gone up at all during this pandemic?
GRAHAM CLULEY
I have started to drink tea.
CAROLE THERIAULT
Yeah, I'm suspecting actually from this little group of three, it's going to just be me, huh?
MARIA VARMAZIS
Yeah, yeah, I was gonna say, I actually kind of stopped drinking alcohol entirely.
CAROLE THERIAULT
Interesting.
MARIA VARMAZIS
Yeah, yeah.
CAROLE THERIAULT
Okay, so, but I know in this little crew I'm alone, right? I get it. But in the broader crew of the world, I am not. I know that. That's true.
MARIA VARMAZIS
That's true.
GRAHAM CLULEY
That's what you keep telling yourself. Yeah. You're not alone getting sloshed.
CAROLE THERIAULT
Well, okay, so I thought I'd go check this out, right?
Because I heard a number of people telling me just colloquially, oh yeah, I'm drinking way more, something this, or worrying about their drinking.
So first off, I went to Statista and they said the impact of COVID-19 on alcohol consumption in the UK 2020, right?
So they said almost half of the consumers surveyed in the UK said their alcohol consumption habits were not affected.
GRAHAM CLULEY
Yeah, 'cause the ones who were pissed couldn't fill out the form. They couldn't fill out the survey. Right? Ridiculous survey.
CAROLE THERIAULT
Almost 20% up their drinking, okay, according to— and while 30% are drinking less or stopped completely. Okay.
You have to understand this is research based on what people say they do, not necessarily what they actually do.
GRAHAM CLULEY
That's true.
CAROLE THERIAULT
So I thought, why not go check out the sales, right? So Nielsen is a big researcher in the domain de booze.
And they reported a 54% increase in UK sales of alcohol for the week ending March 21, 2020, compared to a year before, it was an online sales increase of 262%.
GRAHAM CLULEY
Okay, can I be nerdy for a second?
GRAHAM CLULEY
I have heard some people, in fact, I know of at least one person who has been buying alcohol in order to sanitize their post when it arrives, and they've been spraying their parcels With, Pinot Grigio?
Because— because they've been worried.
CAROLE THERIAULT
So interesting you've just said that.
CAROLE THERIAULT
Yeah, tell me, go on.
GRAHAM CLULEY
They believed that it would help protect them from COVID-19, and they also—
GRAHAM CLULEY
I think they got some special lights. Was it infrared or something?
MARIA VARMAZIS
UV lights.
GRAHAM CLULEY
UV lights, absolutely right. It was UV lights. Although a lot which you buy online claim to be effective but actually don't emit the right level of UV.
MARIA VARMAZIS
Right. They're just sort of— they're just sort of black lights. Yeah. Yep, yep, yep.
CAROLE THERIAULT
Okay. So interesting, because when I saw the 262 rise on the first week of March, I was like, oh my God, people are panic buying, right? They're worried booze would run out.
They didn't know how they'd cope. So they bought 15 cases instead of their normal whatever, whatever.
But apparently there was a rumor that started saying alcohol would protect against COVID, right?
MARIA VARMAZIS
Yeah, I remember that.
CAROLE THERIAULT
So, yes.
So in fact, in April last year, the WHO, the World Health Organization, warned that alcohol use during the pandemic may potentially exacerbate health concerns and risk-taking behaviors.
So a quote from the release says, fear and misinformation have generated a dangerous myth that consuming high-strength alcohol can kill the COVID-19 virus.
GRAHAM CLULEY
Oh, these were people who were actually trying to pickle themselves, pickle their bloodstream.
MARIA VARMAZIS
Yes, to prevent the infection.
GRAHAM CLULEY
Oh, not another pickle.
CAROLE THERIAULT
You see, it's such a good name.
MARIA VARMAZIS
We need a bell every time we say it. We do.
CAROLE THERIAULT
Yeah. Anyway, so, so, okay, so why am I talking about booze on a technology podcast?
Because with the booze at home market glowing with a new renewed financial resiliency, thanks to the pandemic, the drinking realm has seemed to have piqued the interest of scammers.
So according to Recorded Future and Area 1 Security, they did some research they saw a rise in Zoom-related booze-based communions, if you will.
CAROLE THERIAULT
Like so wine—
MARIA VARMAZIS
Sorry, wine, wine and communion. Yeah. Yes.
CAROLE THERIAULT
Zoom-related booze-based communions on Sundays specifically, or religious community. Well, no, like you commune with people, you know, like you get together, right?
MARIA VARMAZIS
Like, OK, OK. Yeah.
CAROLE THERIAULT
OK. So wine tastings, dates, catch up with old friends. Right. People, you know, go to grab the old bottle of whatever. Chablis or Chardonnay and have a little laugh.
MARIA VARMAZIS
The body and blood of Christ.
CAROLE THERIAULT
Yeah, okay, exactly. Okay, no, I get it. My God, I'm so slow. You did? Yes! Oh my God, I was so focused on my story, I missed the joke. I'm sorry. Oh my God.
MARIA VARMAZIS
Okay, wow.
CAROLE THERIAULT
So Recorded Future noted a super significant increase in the number of new wine-themed domains being registered at the start of April 2020.
And it's continued through at least to March 2021, just passed.
CAROLE THERIAULT
So they looked for these types of words like domain registrations containing one or more of the following, right?
So wine, vino, champagne, Bordeaux, Burgundy, Merlot, Cabernet Sauvignon, and Pinot. And like, I'm reading this list, I'm like, they forgot a few.
Like, what about plonk, gut rot, juice? You know? But then the next paragraph they said, oh no, no, we intentionally left out certain terms to avoid false positives.
So I suppose juice and gut rot would be difficult to parse.
GRAHAM CLULEY
Burgundy could be Ron Burgundy as well. There's a few of those which, yeah.
CAROLE THERIAULT
That's right. Okay, so what do these guys see?
So back in March 2020, right, the wine-themed domain registrations, these are people that are registering domains to kind of basically pretend or, you know, just, or legitimately to sell wine or to be in that industry market.
So they'd see 3,000 to 4,000 new wine-themed domains being registered every month. Okay. Yeah, that's what I thought. Now in March 2020, it climbed up to 5,500.
Okay, that's quite a big climb. Then in April went up to 7,200. In May, 12,400. So it kind of screamed up. So that's 3 times what it was at the beginning of March.
GRAHAM CLULEY
And the reason why they're grabbing these— what is it, because people are buying wine online and they're hoping that—
CAROLE THERIAULT
Yeah, people aren't going to boozers anymore. They're not going to pubs to have a drink, right?
So there's a decline in alcohol being sold in that market because pubs aren't buying, right?
MARIA VARMAZIS
Online shopping.
CAROLE THERIAULT
Yeah, exactly. People are buying at home. And so they're getting targeted with maybe malware, phishing.
So what they found from their tests is at its peak, 7% of the total wine domains that were being tracked were malicious. So that's almost 1 in 10.
CAROLE THERIAULT
Right? Are we thinking, oh, who cares? I think that's pretty big because as a wine drinker, I would worry.
GRAHAM CLULEY
And I would think if you're a little bit sozzled, then you may be less careful about the website which you end up on. Right?
CAROLE THERIAULT
I don't know if people tend to buy booze when they're, when they're a little tipsy. Is that what happens?
GRAHAM CLULEY
Some people are permanently tipsy, Carole, aren't they?
MARIA VARMAZIS
I'm sort of chewing on this one a little bit because the times that I did buy some alcohol over the course of the last year, it was from my local liquor store that I know well that does deliver.
I mean, I was never going — I mean, I'm just thinking through me, I wasn't going through a brewery.
CAROLE THERIAULT
But what if you got an email from said place saying, hey, we've got a special deal, and then you click on the link and you end up on a phishing site that looks exactly the same as your local site?
So a lot of people were buying things online, certainly in the UK, online purchasing was huge. I don't know if you guys can buy alcohol online in the States.
MARIA VARMAZIS
It varies from state to state. Yeah, it really varies.
CAROLE THERIAULT
I reached out to the senior security analyst behind this research, Allan Liska.
I did that this morning and I was kind of saying, look, because the research is really good and the piece is really well written, so I recommend you guys go read it.
But I had a little chat with him and I asked him what surprised him in it.
And he said it was the staying power of these new domains, because often in these kind of situations, domains kind of come and go really quickly if they're spoofing.
And these ones are just kind of sticking around. So that's kind of interesting. And, you know, maybe few people are looking at it as a potential phishing vector.
It's the first time I've ever heard of it.
MARIA VARMAZIS
So yeah, that maybe that's why I'm sort of stumped by this one because I'm just not what I would expect, but maybe that's what makes it work so well.
CAROLE THERIAULT
Yeah. Because he said, what's the growth about? Is that because they're really making a ton of cash or is that because they're just following suit?
And he said he couldn't say for sure, but he said that malicious actors are not always that smart. So sometimes one gets a good idea and then all the others follow suit.
MARIA VARMAZIS
I mean, registering domain names in bulk is not exactly expensive.
GRAHAM CLULEY
Had they seen similar behavior in regards to toilet paper?
CAROLE THERIAULT
Oh, I didn't ask him that one.
MARIA VARMAZIS
Yeah, that would be— yeah, that I'd— yeah, I'd be very curious to hear that.
CAROLE THERIAULT
The takeaway here is I know that there are going to be a few of you out there that are drinkers, unlike my two fellow wonderful mates here.
MARIA VARMAZIS
I drink, I just didn't up my consumption. Yeah, just to be clear, there's no judgment.
CAROLE THERIAULT
I'm jealous.
GRAHAM CLULEY
I do drink, I just don't swallow any of it.
MARIA VARMAZIS
Yeah, there you go.
CAROLE THERIAULT
Oh nice, you just spit it across the room. Nice, like a connoisseur.
But to my fellow Lushers out there, don't be duped by an unexpected communiqué offering you a great deal on wine or vino, right?
Because do like Maria, go to your local shop, right? Be embarrassed.
MARIA VARMAZIS
I'm here again.
CAROLE THERIAULT
Hi, it's me, Frank. If you want to learn more, there's a load of links in the show notes for you, including the research done by Recorded Future and Area 1 Security.
Oh yeah, you know what? Alanis said something else super important. He said he loved the show. Oh, he also said that I was definitely his number one favorite.
GRAHAM CLULEY
Oh, well, obviously you asked him, didn't you? Oh, okay.
CAROLE THERIAULT
I'm lying about one of these things. I'm lying about one of them.
MARIA VARMAZIS
He hates the show, but he loves Carole. Gotcha.
GRAHAM CLULEY
Using a password manager like 1Password can help increase productivity and save you money. How does it do that?
Well, a password generator tool creates strong, unique passwords that are saved and filled in automatically.
Features like Watchtower alert you to any issues with your employees' accounts, giving you oversight and more security control.
And you can get notified immediately when a breach occurs with domain breach reports. Find out more. Check out 1Password for yourself at 1Password.com.
And thanks to 1Password for supporting the show.
CAROLE THERIAULT
Protect your workforce with simple, powerful access security from Duo, powered by Cisco. The rapid expansion of remote working has presented challenges for all of us.
At Duo Security, it's their mission to make application access more secure for organizations of all sizes.
Its modern access security is designed to safeguard all users, devices, and applications so you can stay focused on what you do best.
So, want to proactively reduce the risk of a data breach, verify users' identities, gain visibility into every device, and enforce policies to secure access to every single application?
Thought you would. Why not give your organization the peace of mind that only complete device visibility can bring? Visit Duo.com to sign up for a 30-day trial. That's Duo.com.
I mean, how easy is that to remember?
GRAHAM CLULEY
And welcome back. And you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week.
CAROLE THERIAULT
Pick of the Week.
MARIA VARMAZIS
Pick of the Week.
GRAHAM CLULEY
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security-related necessarily.
CAROLE THERIAULT
I hope it's not.
GRAHAM CLULEY
Well, my pick of the week this week is not security-related.
As many of you will know from recent picks of the week over the last year, I have chosen many computer games trying to keep my son entertained and me as well.
A lot of computer games which we play and video games I'm rather rubbish at. So I quite like to sort of locate myself on the sofa and oversee and occasionally chip in with advice.
And that doesn't work with the likes of Fortnite and games like that, but it does work remarkably well with the old point-and-click adventure games.
MARIA VARMAZIS
Oh, those are great. Yeah.
GRAHAM CLULEY
I love adventure games.
GRAHAM CLULEY
And I think it's good for the kids as well.
They get to read and, you know, they get to use their brain a bit and think about what's going on with characters and listen and pay attention.
MARIA VARMAZIS
Some of them are stupendously hard too.
GRAHAM CLULEY
Some of them are very tricky. Some of them are a bit buggy.
MARIA VARMAZIS
And/or annoying. Yeah. Yeah.
GRAHAM CLULEY
So you have to go onto the internet and think, "I know what to do, it just doesn't—" Doesn't work.
MARIA VARMAZIS
Yeah, yes, same, yep.
GRAHAM CLULEY
I have been playing a game called The Raven Remastered, which first came out a few years ago. It's London, it's 1964, and an ancient ruby has been stolen from the British Museum.
All that's left at the crime scene is a raven feather. Could the Raven have come back from the grave? He was killed years before.
Has he returned, or is someone else posing as the legendary master thief? And on your investigation, you will find yourself— I'm gripped.
You will find yourself on the Orient Express going through the Swiss Alps. You'll find yourself in Venice, and you'll find yourself on a cruise ship going to Cairo.
CAROLE THERIAULT
What are the graphics like? Is it like—
GRAHAM CLULEY
The graphics are great, yeah.
CAROLE THERIAULT
Oh, are they?
GRAHAM CLULEY
Yeah, it's not—
CAROLE THERIAULT
Compare it to Zelda.
MARIA VARMAZIS
Which one? Yeah, good.
GRAHAM CLULEY
Thank you, thank you. That's— shut her up.
CAROLE THERIAULT
I don't know, I don't know, I don't know, game nerd.
GRAHAM CLULEY
The graphics are great. The voice acting is terrific as well.
But what I really loved are the twists and turns in the plot, because at one point I thought, "Oh, we've nearly finished this game." Oh no, we had not.
CAROLE THERIAULT
You were happy about that, or were you like, "Oh God, that's not what I was—"
GRAHAM CLULEY
I was very happy. I was very happy that it was so inspired by Agatha Christie. In fact, there was a character in the game— the main lead character is clearly a ripoff of Poirot.
MARIA VARMAZIS
I was wondering if that was just my imagination with the upturned moustache thing. Yes, yeah, okay.
GRAHAM CLULEY
And there's also character who writes murder mysteries, an elderly lady who's observing everybody, who's clearly based on Christie as well. Super subtle, yes.
But it's inspired by Death on the Nile and Orient Express, and it's really good fun.
It is available on the PlayStation, Xbox, PC, Mac, and we have been playing it on the Nintendo Switch.
And The Raven Remastered gets the thumbs up from me, which is why it's my pick of the week.
CAROLE THERIAULT
What's your son think?
GRAHAM CLULEY
He's loving it. He's really enjoying it.
CAROLE THERIAULT
Okay, I trust him more than I trust you.
GRAHAM CLULEY
We haven't quite finished it yet, but we're probably about— I think we're over two-thirds of the way through. But yeah, it's some real good twists in the tail.
It's clever, it's a clever game.
CAROLE THERIAULT
Well, for you. Yeah, it's all relative, Graham. Oh, for goodness' sake.
GRAHAM CLULEY
Maria, what's your pick of the week? That's rude.
MARIA VARMAZIS
Okay, so my pick of the week is a show that is not new, but it is still ongoing.
And I searched Smashing Security archives because I could not believe nobody's recommended this before. So may I be the first person to announce for pick of the week Westworld?
Have you heard of it?
GRAHAM CLULEY
The TV show, not the movie with Yul Brynner?
MARIA VARMAZIS
The TV— the TV show, the TV show. Yeah, I know, I know that's based on a book and there's been other things, yep.
GRAHAM CLULEY
I heard it's a bit sexy. I've never seen it. Is it sexy? 'Cause that could get me to—
CAROLE THERIAULT
Is it like Firefly?
MARIA VARMAZIS
No, oh God, no.
GRAHAM CLULEY
Okay, it's like cowboys and robots, isn't it?
MARIA VARMAZIS
Caveat that I've only seen season 1, and I know that it changes a lot in the subsequent seasons. But the Wild West part is just a part of it.
The larger, broader story is way bigger than that, and it's not in the Wild West.
It is very much about the nature of what it means to be a conscious living being, and it involves robots. And it is super, super fascinating.
A lot of moral quandaries, the nature of creation, what does it mean to be human, what does it mean when our human creations like robots start to become self-aware, what kind of rights does that confer.
I love this stuff.
In terms of is it sexy, I mean, yeah, the robots themselves when they are not, spoiler alert, at the Wild West themed theme park that they're employed in, not employed, enslaved in really, when they're not there, they walk around totally naked.
So you will see, just like, oh, penises. Goodness gracious.
Yeah, that—it is what separates them from their human keepers, is that the human keepers are always fully clothed, and you'll just see the robots just sitting around naked and talking about stuff that happened to them.
CAROLE THERIAULT
Yeah, I was wondering if they bypassed the Garden of Eden. Is that the story thread? So they're—
MARIA VARMAZIS
Well, they're unshamed. My argument would be that the entire first season is about them trying to escape the Garden of Eden.
This theme park that they're in is basically the walled garden. Yeah.
And there's like an Adam and Eve robot pair, and it's, it's the religious overtones with like reincarnation and the nature of suffering and Adam and Eve and Genesis and all stuff is very overt.
So I'm not being super deep about this. I think most people with a passing knowledge of major religions of the world would understand the metaphors. It's not hard to understand.
I think the storyline is super fascinating. I would heartily recommend it for people who like cerebral shows.
GRAHAM CLULEY
Yeah, but also looking at naked people.
MARIA VARMAZIS
And also naked people. And also naked people in various states of, from the extremely sexy Hollywood actor body type to regular folk. Like, they're all in there.
CAROLE THERIAULT
So wasn't there a show, Naked Attraction, on Channel 4 or something, where basically this person would be standing in some kind of weird pill-like vessel and this screen would come up from their feet and you'd judge them based on their knees down, and then it would go up to their bits down and you judge them.
Yeah. And then it would go up to halfway up their chest and then the whole thing, and you decide if you would package you wanted of the 5 naked boys you were looking at, or girls.
That sounds like hell on Earth. Yep.
GRAHAM CLULEY
My God, it is hell on Earth.
CAROLE THERIAULT
Yeah, probably watched it 20 times each episode. I'm just—I just find it—no, it's like car crash TV to me. It's just, it's almost like watching The Office. It's just terrific.
GRAHAM CLULEY
They decide who to date based on their dong or doodle or whatever.
MARIA VARMAZIS
Yes. Yeah, yeah. I haven't watched this.
CAROLE THERIAULT
This sounds right up my street, but because it's on Sky and I don't have Sky, so I don't get to see any of the HBO programs.
MARIA VARMAZIS
Yeah, I was trying to figure out how to watch this outside of the US, and I—the only thing I could find was you got to use a VPN. So that is a bummer. It is.
Yeah, it's a—I tried watching it when it first started, and for some reason I couldn't get into it.
I don't know if thanks to the pandemic I have more capacity to concentrate on a TV show now, but I—and now on this second attempt of watching it, I've been Oh, it's—
GRAHAM CLULEY
It is on Amazon Prime. You may have to pay, yeah, like £20 for the season or something, but it is on Amazon Prime.
MARIA VARMAZIS
Yeah, okay, give it a shot, give it a shot.
CAROLE THERIAULT
Okay, thanks, I like it.
MARIA VARMAZIS
Yeah, yeah, good pick of the week.
CAROLE THERIAULT
What's your problem?
MARIA VARMAZIS
Well, I just, you know, cold naked people.
CAROLE THERIAULT
Oh right, oh yeah, we're back to the boobs. I forgot. Exactly.
GRAHAM CLULEY
Well, and besides Carole, what's your pick of the week?
CAROLE THERIAULT
What is your weather like if you guys look out a window at the moment? Is it nice, gorgeous, sunny day, or overcast? It is gorgeous. Okay, so Maria, close your eyes.
Graham, look out the window. It's a beautiful sunny day. Birds are tweeting, bees are humming, and you're thinking it's time for a barbecue.
And you're excited, but you're a little nervous because, you know, cooking, you know, sausages and burgers on the barbecue, you want to make darn sure that they're cooked correctly, right?
GRAHAM CLULEY
If I was a Westworld robot, I definitely would not want to cook on the barbecue in case I might broil my sausage too much.
CAROLE THERIAULT
You know, I really get tired sometimes of—
GRAHAM CLULEY
It's Maria who brought all this smut to the episode.
CAROLE THERIAULT
I know, she did not. She just said nude people. That was you that went running with it. I'm sorry. That's very okay, Graham. I expect nothing less.
Okay, so see, I've lost my train of thought now. For your fucking pathetic joke.
MARIA VARMAZIS
And that's it for Pick of the Week.
CAROLE THERIAULT
Yeah, that's it. Well done, Drew. So a lot of people, when they're excited about a barbecue, they're nervous about being the actual cook of the barbecue, right?
Because you have to cook these sausages and burgers and stuff, and you want to make sure they're cooked correctly. You don't want little burnt bits, pucks.
You don't want raw things, and you don't want to give people bouts of tummy trouble.
Like, I actually know people that cook everything beforehand in an oven, and then bring it and just kind of grill it for 5 seconds on a barbecue and just go, hey, I put some barbecue sauce.
Yes, because they're so worried about having flamed food. Oh gosh, no. Well, I have a gadget.
I've had this gadget for 5 years, but it is indispensable to me, and I'm going to share it with you. It's called a ThermoPen. I have that! Right? How great is it?
MARIA VARMAZIS
How great is it? It's amazing. Highly recommend as well. Yep. Yep. Totally.
CAROLE THERIAULT
So I use all of— Hang on, for those of us who aren't you or Maria, what's a ThermoPen?
So it's a needle that you stick into whatever you're cooking and you get a battery-operated, non-smart, okay, no IoT to be seen, instant reading of the internal temperature of whatever you're cooking in either Celsius or Fahrenheit.
So, you know, if you've hit the old 160°F, you're all right for your, you know, to take it off the barbecue or whatever. You can use it for anything. And it's great.
I use it for baking all the time. Side bread should be 200.
GRAHAM CLULEY
And you just make sure. Could it also be used as a personal thermometer?
CAROLE THERIAULT
If you wanted to stick that up your ass? Yeah, it's very pointy. It's pointy, Graham.
MARIA VARMAZIS
And you might puncture something. It is pointy and a very long needle. It's going to go too far. You're going to go too far. I don't know what you're into.
CAROLE THERIAULT
I don't even want to judge, but it wouldn't be my— There are better things than this. I think we can both recommend not doing that.
And they are pretty, but they are pretty rugged, Graham, so you could have a crack at it. Because I drop mine all the time.
Although I did, I would recommend, Maria, you can, I don't know what you did, but I bought a silicone sleeve for mine for a couple quid.
MARIA VARMAZIS
I have not done that. Washable.
CAROLE THERIAULT
The classic super fast ThermoPen. Runs about $80 or about 50 quid, £60 maybe in the UK. Yeah, I have it in my kitchen drawer.
I use it probably daily, more than once, and I think it's an amazing thing. Links in the show notes at thermoworks.com.
You can learn all the other stuff at the online shop, but I am a big fan of the ThermoPen. It's way better than Thom Langford's, you know, keep my tea hot gizmo.
MARIA VARMAZIS
Can I make a supplemental recommendation? Because I also love their stuff.
They make this thing called the Smoke which for people who are smokers— sorry, this is smokers, barbecue smoke, American-style barbecue, slow barbecue.
It allows— it has these probes that hook up to this relay station. So basically if you're doing US-style barbecue, real low and slow, you can be smoking something for 12+ hours.
I have this for when I smoke pork or stuff like that, and it's awesome if you can get accurate temperatures.
And it tells me I don't have to go outside and keep checking it all the damn time. It's great.
CAROLE THERIAULT
So that all of that is incredible because it is my 10-year anniversary, wedding anniversary is coming up and I am going to buy him that.
He doesn't listen to the show, so he will not know. Don't tell him if you know him.
MARIA VARMAZIS
I bought a cheaper knockoff version of it and it lasted maybe one or two smokes and then it just crapped out.
This thing, I've had it, the ThermoWorks Smoke, for years and it's awesome.
CAROLE THERIAULT
There you go. A twofer from me and Maria because we're such a good team. So my pick of the week is the ThermoPen. Brilliant.
GRAHAM CLULEY
Well, on that culinary catch-up corner, we've just about wrapped up the show for this week. Maria, I'm sure lots of our listeners would love to follow you online.
What's the best way for folks to do that?
MARIA VARMAZIS
Honestly, listen to me on Sticky Pickles. StickyPickles.com. Like and subscribe. Unbelievable.
GRAHAM CLULEY
And you can follow us on Twitter at Smashing Security, no G. Twitter must have a G. And we're also up on Reddit as well.
And don't forget, if you want to never miss another episode, follow Smashing Security in your favorite podcast app, such as Google Podcasts, Spotify, and Apple Podcasts.
CAROLE THERIAULT
And huge thank you to this episode's sponsors, Duo Security and 1Password, and to our wonderful Patreon community. It's thanks to them all that the show is free.
For episode show notes, sponsorship information, guest list, and the entire back catalog of more than 222 episodes, check out smashingsecurity.com. Until then.
GRAHAM CLULEY
Cheerio, bye-bye. Why are you talking so weird?
CAROLE THERIAULT
I don't know, it's like David Caruso has just walked into the room.
MARIA VARMAZIS
I thought my connection was bugging again or something. Everybody's pausing, giving their best William Shatner impressions. Bye.
CAROLE THERIAULT
Do you know, I just read, I think William Shatner is 90? Yes, he is.
GRAHAM CLULEY
Picture yourself on a boat, on a river.
CAROLE THERIAULT
He could still crank those tunes out though. See, he's a smart guy. He's a smart guy. He went for the long play. We should get him on the show. Good fucking luck.
MARIA VARMAZIS
Yeah, okay. If that happens, I want to be the fourth supplemental guest.
GRAHAM CLULEY
We've got Crichton from Red Dwarf. I know you did!
MARIA VARMAZIS
That's so amazing.
GRAHAM CLULEY
Is that such a big jump to get TJ Hooker on?
CAROLE THERIAULT
Exactly, Graham, with your clout and personality and charm.
MARIA VARMAZIS
You are verified on Twitter, after all. Oh, yeah. You have that in common with the chat.
CAROLE THERIAULT
Yeah. Monsieur Chat to you. Oh, well. He's Canadian.
MARIA VARMAZIS
This is true.
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.