So a few days ago, the news on Twitter broke that one of the absolute massivest games publishers, EA Games, was hacked. You want to know how they did it? How the hackers got the source code? So any guesses?

Did they go up arrow, down arrow, left twice?

They did not Konami code into the server. I know.

Smashing Security. Episode 232, Zoom Olympics and Language Matters with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 232. My name's Graham Cluley.

And I'm Carole Theriault.

And we're joined this week by an old favorite, Maria Varmazis.

She's not old. You're not even middle-aged. You're young as they come.

I'm a middle-aged favorite.

Compared to you, Carole, she's young, yeah.

Morally compared to you, sir.

I don't even know what to say to this, but hi.

Hi.

Glad to be here.

Nice to speak to you again.

I know, long time no speak. 3 days since we last talked.

What, what, what? Have you guys been talking to each other between episodes of Smashing Security?

Yeah.

Where have you been doing that?

Oh, just on this little show, Maria. Maybe you can tell them about it.

I don't know if you've heard of it, Graham, but it's called Sticky Pickles.

Which was nominated for a best security podcast award or something, wasn't it? Or most entertaining or something that, wasn't it?

It is very entertaining. I'm probably not supposed to laugh at that, right? I'm supposed to be grateful? Yeah, a whole week.

But just to let anyone know who's thinking of listening to Sticky Pickles, don't worry. There's no security content.

There's no security in it at all.

There is occasionally.

Is there?

Very lightly.

We had a career pickle where we touched on social engineering for a millisecond. I think that's about as security as we got.

And that almost got you an award.

I know, that millisecond, it gave us the cred we needed to be a security podcast. I don't know, I don't know.

But I'm going to save you all. Let's thank this week's sponsors: 1Password, Deep Secure, and JumpCloud. It's their support that helps us give you this show for free. Now coming up in today's show, Graham, what do you got?

I've got a quiz. I've got a quiz.

Oh, great.

Uh-huh.

Talking about how EA got really badly hacked.

Okay. And I'm heading to Tokyo to find out what's going on with the Olympics. All this and much more coming up on this episode of Smashing Security.

Now, chums, chums, I think it's time we had another quiz. The quizzes are so popular, and I'm gonna—

You're just missing Alec Trebek because he died recently. The god of—

He did?

Yes.

No, I'm kidding.

I knew that.

Okay, sorry. Who is—

That's old news, but that's the Whose name is not Quebec? first time that's ever happened. Yeah, there's one of my Pick of the Weeks where you can see every single question he's ever asked. And it's just, just a travesty

That was actually a very bad comparison. I'm sorry.

Anyway, I'm going to pit you two against each other in this quiz, right? This is a quiz to do with languages and words. I'm going to say some words, real words from foreign languages, and some of them are from our native tongue.

I've updated you on something. that you don't know who he is.

For the purposes of this, Maria and Carole, we're going to consider you English. Okay? Oh no. So that's the language which— we're not doing any Greek.

And Maria, what about you?

I wouldn't pass that, don't worry. It's not my native language either.

Can you tell which are English words and which are words from other languages? Okey-dokey, are you ready? And if you can give me the definitions as well, that would be even better. Maria, you first.

Oh my God, I'm sweating.

Are you speaking as though there's a music track underneath you?

Yes.

It sounds as though you are. Yeah, okay, okay. I'm literally in a flop sweat right now. You've got me I'm freaked out. All right, all right, all right, all right, all right.

Maria, Maria.

Yes, yes, yes, yes, yes.

Thunderplump. Thunderplump. Is that English or a different language?

What am I meant to do with that? Okay, thunder, thunder, thunderplump. Thunderplump. Thunderplump.

Thunderplump.

Yes.

I can't even hear what he's saying.

Thunder plump.

All one word.

Is this plump like P-L-U-M-P?

Yes. Is this like thunder pants?

Well, but with a plump instead of a pants. Trebek.

Can you use it in a sentence for me?

I seem to be called—

This is going great. This is going great.

Maria, just say, is it English or a different language?

Oh yes. Good. Yell out your guess.

He's Stephen Fry but Canadian. Sure, it's English.

Absolutely correct. Well done, Maria.

Wow.

And I think what you were meant to say is that it's a heavy, thundery shower that comes from nowhere and soaks you in seconds. So if you've been caught in a thunderplump, that's what happened.

Sure.

Carole, Carole. Okay, so Maria, 1 point. Carole. Slagroom. Slagroom.

I have no idea what game this is.

Is it English or another language? Slagroom.

How dare you, sir? You're a slagger.

It sounds like English, Graham.

Oh, what a shame. It's actually Dutch, and it means whipped cream. Slagroom. Okay, Maria.

Oh, slag. Schlag.

Oh, now you recognise it, do you?

Teamwork, my friends. Well, you said slagroom.

No, I said slagroom. Why don't you just clear out your earlobes? Right.

My earlobes?

Oh right, your ear rolls.

Your ear rolls! Yellow card.

I care a lot.

Maria, Maria. Yes, yes, yes. Lovely Maria. Clatterfart. Clatterfart.

I know that's not English. I know that is not English.

Do you want a second go on that?

A clatterfart?

Yeah.

I'm pretty sure that's German, isn't it?

It might be derived from German, but I think for the purpose of this quiz, you are going to answer—

I'm still maintaining it's not English.

Maria, Maria, you're right. It's not standard English, it's Tudor English. It comes from Tudor times. So I think technically you do win a point for that. And it is— clatterfart is a gossip or someone who can't keep a secret. For instance, hey, I really shouldn't tell you this, but what the hell, I'm a complete clatterfart. I can't keep it to myself.

We need to bring that one back, actually.

That makes perfect Valley accents in Tudor times in England. Yeah.

So I wasn't too far off when I said it was German because it's heavily Germanic.

Oh, they—

Okay. A little etymology and semantics for our listeners.

Okay, I'm gonna say 2-0 at the moment to Maria. 2-0.

None of this is research, listeners. Please don't listen to anybody.

Where's the security angle on this story?

Yeah, yeah, I'm going on a play. I'm on strike. I want some security. Crow.

Crow.

Fock. Fock.

Can you spell it? Because I don't really understand how you speak.

Very good, very good. P-H-O— Q-U-E. Folk.

Vietnamese.

Really?

I have no idea. No, it's French for seal.

Absolutely correct, girl.

Well done. Okay, I do speak French. What is— thanks for the—

Well, yeah, but you did get it wrong because you initially said Vietnamese, so technically it's still 2-0 to Maria. I can't give you points for your second guess.

Really? I think she nailed that one.

I'm donating all my wins to Maria. Maria, Maria, I'll of your wins.

Yeah, final round for both of you. Final round for both of you. Maria?

Yes.

Herkle Derkling. Herkle Derkling. I can spell it if you wish. Herkle Derkling.

I want to hear you spell that. Yes.

H-U-R-K-L-E hyphen D-U-R-K-L-I-N-G. Herkle Derkling. Well, you know what, technically it's Scottish, but I'm going to give it to you anyway because I like you. It is Scottish for lounging around in bed long after it's time to get moving. That is herkulderkling.

You do that a lot, Graham.

Carole, final one, final one. Cock. Cock.

Spell?

C-O-Q.

Okay, so French rooster?

Yes.

Absolutely. And that is what we're talking about today.

Oh my God, it's like going to the quarter shop around the M25. That's what this was.

Was about cocks?

It's about cocks. He just tried— he's really padding it out this week.

Cock, C-O-Q, as well as being a French rooster, is a programming language for proving theorems.

Oh, for fuck's sake, Graham, really?

First released more than 30 years ago.

Really?

Now, it was named— it was named for a number of reasons. One is that stood for Calculus of Constructions.

C-O-C. We do work, you know. We prepare for our stories.

I'm just— Also—

Astounding.

It's principal developer. His name was Thierry Coconne. Right?

I'm just saying the burying of the lead on this one is record books. I mean—

Everything will become clear. It will all become clear.

Okay.

So the language, this programming language, adopted the French name for and the image of a rooster. Well done, Carole. Well done, Maria did, however, win. Now, according to the folks who run the Coq's Home on GitHub, the time has come to find a new name. Because apparently— Carole, you're gonna suffer a penalty

What, like a company name?

in a moment and have points Well, a new name for Coq.

Or a name for the language.

Yes. Because some people are mixing up Coq with cock.

Graham, is this seriously your story for the podcast?

taken away. Okay, yellow card. Yeah.

This is what he came up with. This is— yeah.

No, look, this is serious. This is serious. I'm sure—

Oh my god. The award wins.

I'm sure both of you, both of you are familiar with cock, right? As in to cock your head, the firing lever of a gun. You know, you cock your pistol or something. If you handle it carelessly, it might go off in your hand.

What is happening?

When do brains start deteriorating? Yeah, when does that happen? Like, is there an age?

I'm making a very serious point here. If you just let me get to it.

I feel like this should be a sticky pickle when you're invited on a podcast and the host just goes off the rails completely.

What do you do? Exactly.

Now, the COC programming group, they've issued a statement and they've said that they are looking for a new name because the similarity which exists between COC and—

This is not how you get more female listeners, by the way.

Well, this is the point, Carole. This is the point, right? They say—

Did they get canceled over COC?

The similarity has already led to some women turning away from cock and others getting harassed when they say they were working on cock, it says.

I—

They started their own, their new language.

And so, and so apparently it makes some English conversations about cock with what they call laypeople simply more difficult. So they are running a competition to come up with a new name for cock.

I've got one.

Okay, let's hear it.

Clit.

Hmm.

Clit. I think it's time.

I think you've put your finger on it, Carole.

Oh my God. What am I doing on this podcast?

Warming up for our next recording.

Oh my Lord. I love it. I mean, to be clear, I love this.

One suggestion that's been made is to pronounce it Coke, right? Let's start calling it Coke instead of cock, but that has problems as well. Like you could say, oh, these lines of high-quality Coke have really made me happy, right? Or, and some people saying, we can't be affiliated with the drinks company and we don't want to be, you know, the hardcore drugs.

There are many, many words that mean two things that don't, you know, right.

So, but apparently female developers and other people who don't like cock or don't want to be associated with cock are put off by the name.

Create your own language, girls. Do it. I'm with you 100%.

Can I just say, this reminds me of— there's an underwriter for National Public Radio here in the States called Hiscox, and the whole thing is like, this story has been brought to you by Hiscox, and the announcer says it 20 times, and I don't know how they do it without cracking up because every time I hear it I'm just like Hiscox. There is legitimately a company called Hiscox. Hiscox. Hiscox. And they have to spell it and everything. It's amazing.

Do you want to hear some of the suggestions on alternative names? About Hiscox?

Okay. No. Other than Carole's? Oh, sure.

They're not gonna be as good.

So we've got LeCock, right? We've got Cockpit. We've got Peacock, which I'm not actually sure really helps. Someone has suggested the Latin word for rooster. Do you know what that is? It's Gallus, which sounds rather like— Yes, yes, right.

Well, I'm going to guess that is English, but I don't

No, it is, because there's a brand in France called Gallus, which I'm sure—

Well, and you're the, you're the Gauloise, aren't you? Are you— when you smoke gourmet—

When you smoke the Gauloise cigarettes? Yeah, I used to.

know what it means aside from something maybe with Steve Urkel

Yeah, so that must be it. Anyway, now I think language is pretty important, and the use of words—

and maybe a time machine or Family Matters.

Do you, Graham?

But I do.

I don't know if you drove that point home with the quiz at the beginning.

I think I feel I've made up words completely.

That's why you did so much research on coughs.

I've done quite a lot of research on the foreign word. Now, no less a body than the UK's National Cybersecurity Centre last year announced that it would be changing the wording it uses on its website. And they said that they were no longer going to use the terms whitelist and blacklist. Mm-hmm.

Yes.

Yeah. To describe what you might want to allow or block on your computers.

That's pretty standard now. A lot of orgs are moving away from that.

Yeah. A lot of them are, right? And they're suggesting, you know, rather than using whitelist and blacklist, use allowlist and—

And blacklist or denylist.

Blocklist or denylist, yeah, which are all— and when they did this, there was this furore on social media from, how can you do this? What's wrong with saying these terms? You know, you've all gone politically correct, gone mad, and all this sort of thing.

But it's two people get mad about it.

But there was lots of wringing of handkerchiefs over whether, you know, this should be right or not. And I thought, well, actually, no, this is a good thing. And I remember I went to my website and I did a little search and replace, and I had used terms whitelist and blacklist before.

Yeah.

I thought actually I—

So did, so did most people though.

Yeah. A lot of us did.

It was what, it was the term.

Yeah.

At the time.

Yeah.

So, and just master and slave.

Not defending it, but it was.

Yeah.

It's just, but there's still some of this going on, isn't there though? Because you still get, I mean, well, you tell me, there's still white hat hackers, aren't there? And there's black hat hackers and there's a huge hacking conference called Black Hat.

True.

Which goes on. Shouldn't that be renamed?

Well, you've got to offer, you know, a good argument here, Graham.

Well, I feel like I've crept up on you and turned this quite serious. I'm wondering, should that be renamed or are people going to get all upset?

Is the root of white hat and black hat the same though? Of the terminology? I actually don't remember off the top of my head where that comes from, but it's an interesting question.

I thought white hat and black hat came from cowboy movies. Where you had one gang versus another.

I think it actually comes from Christianity, actually. Angels and demons and they wore different hats.

No, no, but the angels known for wearing 10-gallon hats.

Yeah, yeah, yeah, 10-gallon. Hey, you're part—

I thought it was from the Spy vs. Spy MAD cartoons.

Oh wow, that's what I always thought. It was so great if it were.

That's what I thought it was from because you had the white hat spy and the black hat spy.

Yeah, yeah, I remember them.

But wherever it comes from, the black hats are the baddies, right? That's the way it's portrayed. And the white hats are the good guys.

Do you think we're going to handle this in this short podcast? I just don't know where we're going with it.

I wish we'd started with that instead of the quiz.

I know.

I feel my job here is done. I've planted the seed. People are now going to think about this some more. I think maybe we need to get away from using these kinds of difficult words. And if it's true that women are being driven away from using this programming language by its name, then maybe they should call it something different. Like you suggested, Carole.

So it sounds like you're saying we need to have a very thorough examination of the language that we use and how we intentionally use it. And I think that's a worthwhile discussion.

Yes. And I think, I do think it's going on as well. I don't think people are shying away from that.

I look forward to Black Hat being renamed ClitConf or whatever you were suggesting, Carole. Death cock as well, maybe we could have too.

There we go.

There it is.

There we go.

There we are. I was waiting for that shoe to drop.

All right. He made us get all guilty. He basically—

Yeah. He lured us in with the threat of actual smart discussion. Gaslit us.

Gaslit us. Got it all serious and then stole the punchline.

Guys, I only just made that up. I made that up as I said it.

See, he's proud of himself.

So clever.

Happy accident.

So clever.

Happy accident. Oh, steady. Anyway.

Maria.

What have you got for us this week?

How can I possibly follow that story?

Oh, come, come.

I don't know how much either of you video game in terms of the huge, multi-billion-dollar video games out there, like the Call of Duty-type style of games.

I know nothing about it.

Yeah. I tend to prefer the little indie games.

I've noticed that with your picks of the week, that you're more of the indie gamer. I respect that. I am also not a huge mega gamer gamer, but do you know how much money is involved in these games?

A gazillion quizillion?

Yeah.

A metric shitload.

Metric shitload, like literal billions with a B dollars in these things. They are multi-billion dollar industries. So a few days ago, the news on Twitter broke that one of the absolute massivest games publishers, EA Games, was hacked.

They did Tiger Woods Golf. I used to do that.

They do a lot of—

I'm more of a Mac girl.

That's all I remember them. That's all I know them for. That's what I know them. Tiger Woods golf, circa 2000.

Oh, I think they did Ray Reardon snooker back in 1986, says Crowell.

Yes. Well, I don't know gaming.

Daley Thompson decathlon.

God almighty.

They do a lot of really, really big mega games. One of their biggest games is the FIFA actual football— yeah, soccer.

I didn't know that.

So they do the FIFA game, and hackers said that they stole 780 gigabytes of data, including the source code for the entire FIFA 21 game. God, yeah.

And you know, it's a big moneymaker for them.

It is, it's a huge one. And do you know how much money the hackers are asking for this amount of data?

Okay, okay, okay, let's guess, let's guess.

Yes. I'm very curious.

£14,000.

Okay, I'm gonna go a little bit higher than that. They can basically disrupt the entire EA game FIFA landscape. I'm gonna go £10 million.

They could, and they are asking for $28 million, these hackers. They've— they are making the source code available for sale on a bunch of underground darkweb hacking forums. And as of right now, or at least as of September, FIFA has over 9 million users and EA has 300 million registered players around the world. So right, people don't think that any user data was breached, but the potential to disrupt the market. This billion-dollar market is massive. And I don't know, $28 million actually sounds kind of modest to me.

Would it really disrupt the market?

Well, if you can crack the game really easily and start selling the cracks online like it's the '90s again, I suppose.

Yeah. Okay.

In the hands of somebody who knows what to do with the source code, you could do some very interesting things.

Yeah.

I mean, yeah, you not only could you crack the game, you could probably start making all sorts of fun exploits. You could make some cheats.

And a lot of these games are money makers because Could be nude, for example.

Nice bull control.

I mean, a lot of these games are often used in esports, right, where people— like, there's real money being made. So can you imagine?

Oh yes, that's huge, isn't it?

Yeah, yeah. Elon Musk could show up, right, and the game is talking about Dogecoin or something, or I don't know why.

Hey, I just bought more bitcoin.

I sold them. No, I bought them.

Sorry, sold them.

Sorry. So yeah, they're asking for $28 million, which actually to me, given that this is a multi-billion dollar industry, that kind of sounds low. But I'm not saying that hackers are lowballing themselves. You guys do whatever you want.

So is EA sitting there going, should we pay this, should we not? Are they being asked to pay?

Well, the money, it's not being held for ransom. It's not like their source code is locked up. These guys just stole— they just made a big copy of it, basically.

So it's fucked now.

Yeah, this information's just out in the world. So here's the thing that I find really interesting. Do you want to know how they did it? How the hackers got the source code? So any guesses?

Did they go up arrow, down arrow, left twice?

They did not Konami code into the server. No, they did not. I mean, because these companies employ hundreds of thousands of people, right? A lot of them are contractors. So you've got people that temporarily work for a company and then leave. There's a lot of crunch. You mentioned video games industry, so you've got people who work themselves to death and then are unceremoniously laid off. So I thought it was probably— my guess before I heard how it happened was that it was a really pissed off ex-employee who was "fuck you, I'm gonna steal your source code and make bazillions." The actual answer is the hackers bought a cookie for the EA Slack instance online for $10, which allowed them to log in.

Say it slower for me. Okay, they bought a cookie.

A cookie, the file, not the actual thing. Yeah, yeah.

Like Cookie Monster.

For $10, for $10, that allowed them to log into the official EA internal Slack. You know, Slack is the space where employees talk.

Where do you buy that?

The interwebs. Somebody had it on the dark web. On the dark web.

Do you have a problem with dark web?

Are we—

Just—

Oh, actually, that's another interesting one.

Oh my God, we'll come back to that next week. Put a pin in that one.

Part 2, Graham's Deep Insight.

Put a pin in it. So they logged into the official employee Slack and then messaged the official EA IT support and said, "hey, we lost our phone at a party last night. Can you give us a login token so we can get into the EA network and actually log in and do our work?" And they did it. Not only did it work, they did it twice successfully. They requested multifactor authentication, a token specifically from the EA IT support, and they were able to twice get into the EA corporate network that way. So yeah, I guess just being in the EA Slack was enough for the IT department to go, "yeah, you must be legit because how else would you be in here?" So basically they had no problem just snooping around and they were able to get into the developer service.

They had a fucking doorman basically that was, "oh, I'll show you. Oh, you having trouble getting access to that? Let me sort that out for you, sir. Let me roll out the red carpet."

Yeah, they basically were just able to log in and download the source code. They didn't have to do anything tricky. They didn't have to pivot and steal admin privileges or anything like that. They were just, "I'm logged in and here I am."

Oh my goodness, it was so easy.

I'm kind of in shock that it was that easy.

Yeah, I don't know if I am though, because most of them, something like 90% are passwords being stolen or a vulnerability that's unpatched.

Yeah, I mean,

A lot of actual real live modified malware seems to happen.

just ask, just ask, guys.

But Slack, that's a new one. Stop trying to break in. God, can you imagine the boardroom now? That's a new one.

Yeah, it's not like they can just whip up a brand new version of these things. Yeah, it seems to take years and years of work to make, so I don't know what they're gonna do.

I think maybe IT guy might get fired.

That's what I think. I think that's a little bit unfair, actually.

Well, yes, if you are commander of the world, I— yeah, I dread to think.

I mean, do you think EA might try to buy it back? Do you think they might go, we'll pay for it? I mean, $28 million is peanuts.

Might be chump change to them.

It's chicken feed, or as we call it, cock corn.

Oh my God.

Well, we don't call it that, Graham.

We don't. Who calls it anyway?

Graham calls it that. What?

Carole, what have you got for us this week?

Okay, so there's a little scrap going on. In fact, we should imagine you're watching a boxing fight, okay? And the crowd's cheering and booing, the lights are on, there's a center ring, and you hear, "Welcome to the fight dome!" And in the left corner, led by the mighty and powerful International Olympic Committee under the current president Thomas Bach of Germany.

Yeah. Oh yeah.

He's all enraged and flipping his cape and, you know, I don't know, loosening his shorts. I don't know what they do. And in the right corner is the outraged Japanese public. Oh right, or at least a strong representative group of the 126 million people that live there.

Yeah, not all of them.

Some report as high as 80%. Okay, right. So yeah, that'll become clear later in the story.

80% of Japanese people are in one corner of the ring, right?

And you got Tommy, Tommy, the king of the International Olympic Committee, on the other. And the issue at hand is the Olympics, because they were postponed last year. And they are currently still scheduled to begin in Tokyo on July 23rd. So in a month's time, and they go to August 8th, followed by the Paralympic Games.

What could possibly go wrong? Well, there's so many things that are going to go wrong. But first, I'm just going to throw this back at you because you put me through a quiz.

Carole, you're closer, but you're still under. Really?

153.

No, less. 33.

Huh, really? Is that it?

Competitions and 339 events.

Oh, okay. I should say it wasn't even just the source code for FIFA 21.

What's the difference between an event?

A competition would be running, right? And then you might have hurdles, you might have track and field 100, you might have 200 race, you might have— or swimming.

It was a whole bunch of other stuff like SDKs, API keys, a lot of proprietary frameworks.

Swimming is a competition and there'd be lots of events there.

If the question had been clearer, maybe I'd have done better.

Seems like a very pedantic question. I'm just saying.

It does. Thank you, Maria.

Yeah.

Well, that's what I felt about your quiz. Now, the problem with these Olympics is the 'rona. While many countries like Israel, UK, Canada, and the US might be thinking we're on the tail end of this pandemic, there is in fact many, many, many, many countries out there who are still in the nascent stages of rolling out the 'rona jabs. Japan is one of these. They only began vaccinating people in February.

And the rollout is so slow there too.

Yeah, and so far 6 million are fully vaccinated. So that's 5% of the population at the time of recording, a month out from the Olympics. Now on top of that, Japan is seeing a current surge in COVID-19 cases. Japan's been quite low compared to countries like the States or the UK in terms of number of cases, but they are seeing a spike at the moment in Greater Tokyo and Sapporo in Hokkaido. And this is where some football games and the marathon are supposed to be taking place, yet there is a state of emergency that has been put on these places thanks to the corona uptick. So kind of a big problem when you're thinking, hey, there's going to be 11,000 athletes here.

So when you say state of emergency, it's they're in lockdown there? They're not, but they are going to have a great big sporting event. Yeah, that's the plan, is it?

Now, fantastic.

So several towns set to host the athletes have reportedly pulled out over fears that it could spread COVID. Smart, I can understand that, right? The doctors union told government it was impossible to hold the games given the pandemic because of the pressure on the healthcare system. Makes sense.

Yep. No, absolutely not.

And I feel for the athletes though, right? You work so hard when you're an athlete. I was a baby athlete, right?

Really?

Could they not hold a virtual Olympics?

A Zoom Olympics?

Zoom Olympics.

Yes, Zoom Olympics.

Everybody's on a tiny little screen and helping each other.

With a running machine.

Maybe get Electronic Arts to help, you know.

Clothes horse in the middle of the running machine so you could kind of pretend to do the jumps.

Yeah, it just seems more sensible to me.

I mean, just make everybody an avatar within the FIFA thing and just have them play virtually.

What about all the sponsors of the Olympics? Why isn't pressure being put on them, right?

So there was no protocol

You're going to have these huge multinationals who've spent billions to get their name plastered all over the Tokyo Olympics. Why doesn't the world and Japanese people moan at them and say, what the bloody hell are you doing?

That is a very interesting question because let me tell you one more point. to confirm your name, confirm your IP. The people of Japan are not concerned about foreigners wandering around town and spreading germies because the games are closed to all of us outsiders.

That's right, right.

So we're not going to get swaths and swaths of people flying in from all over.

Okay.

And not only that, but organizers are waiting until the state of emergency in Tokyo ends on the 19th of June, so in a few days. That'll be the day after this show goes out, or a few days after.

Yep.

To decide whether local fans can even attend. So the question I have is, without all these foreigners to watch the games, and potentially without any local fans watching the games, why is the IOC, the Olympic Committee, working so hard to make sure the games happen?

Money. Yeah, it makes them an F-ton of money.

Yeah, the IOC is

It's thought to make around 70% of its money from broadcast rights. And 18% from sponsorship. So if the games don't go ahead, it could severely damage its finances and the future of the Olympics, they say. You know, the country's president, Seiko Hashimoto, has said he's 100% certain the games are going to go ahead, despite the fact that many Japanese people are kind of going, "What? We don't want this." So now, if this weren't enough to deal with, hackers have made away with data from the computers of the organizing committee of Tokyo Olympics. So this is not the IOC. Whenever these Olympics happen, you have two mega groups. You have the IOC and then you have the National Olympic Committee that the city or the town puts together.

all about money.

So they do all the staging of the Olympics. Now it looks like this consortium was using SaaS from Fujitsu, so software as a service. Yeah, the very same SaaS software that was infiltrated by unidentified hackers about a month ago. This software was suspended by Fujitsu, who was investigating the breach, but this Tokyo Olympics Consortium lost names, business titles, affiliations of the participants belonging to about 90 organizations, including the organizing body of the Olympics, the Paralympics, the ministries, local governments, hosting venues, sponsors. Graham, sponsors as well, data's leaked on them, so they're going to not be best pleased now. That's a double whammy for them.

It's not great, no.

And so things aren't going very smoothly, and especially considering that athletes— I was just reading today that athletes at the Tokyo Olympics are going to be relying on computers automatically matching their face, so facial recognition, to make sure they're not late to the start line this summer, because they don't want to have a finger check because they don't want them to touch anything.

Hang on, hang on. Does the facial recognition work if you're wearing a mask? Has anyone checked that?

Yeah, well, it's not flawless, right? Oh boy.

Okay.

Oh dear. Well, they need to cancel it, don't they? Shall we officially, as Smashing Security, as we're quite influential and we have listeners in that part of the world, and I know the IOC do tune into us, shall we just say to them, look, just can the whole thing for goodness sake. We've shown you how to have fun. Organize a quiz instead, an online Zoom quiz or something. Pop quiz for the world.

You can tell 100% the way you're talking that you've never actually been an athlete. I'm sorry to hear you say it, but I feel for all of them.

What do you mean?

Because you don't know what it's like to spend 10,000 hours every—

I play chess.

Yeah, I play chess.

Yeah, strong hands, strong fingers, strong fingers. Chums, if you remember one thing from today's episode, it should be to check out the leading cloud directory platform, JumpCloud. JumpCloud's directory platform makes it easier to solve today's IT challenges by unifying device and user management through a single pane of glass. With JumpCloud securely managing your users and their devices, doing common things like onboarding and offboarding remote workers is easy. Try JumpCloud for free today at smashingsecurity.com/jumpcloud and help your organization move to a modern, secure hybrid work model. Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company's security, combat shadow IT, and help your employees stay both productive and secure wherever they are. 1Password makes the secure thing to do the easiest thing to do. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond rapidly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security. Find out more and try 1Password for free for 14 days at 1password.com. And thanks to 1Password for supporting the show.

And if you put yourself in that situation under these circumstances, would you want thousands of athletes from around the world congregating in your city and attracting people from all over to come them? Would you in Boston and Oxford? Would you want that? Yeah, a swimmer. Nothing, nothing. But I mean, the amount of work, the amount of swimming you have to do to get good is astounding, right? So to become an Olympian, and then to have those dreams taken away or delayed for a year... Deep Secure Threat Removal is a very cool product which takes incoming poisoned Word documents, booby-trapped PowerPoint slides, and the like, and creates brand new files with just the good stuff and none of the bad. It is a neat way of handling brand new threats coming into organizations via web, email, or file sharing, and it can run along your existing antivirus. But then the environment being what it is, it's just nasty. It's nasty. Threat Removal gives you the good stuff by delivering files that are 100% threat-free, fully functional, and fully revisable. Adding Threat Removal to your defense can help you reduce administrative costs as it doesn't require signature updates or security patches and reduces the time your security team spends on false positives and remediation. Anyway, I'm sorry for all of you out there. Visit deep-secure.com/smashingsecurity. That's deepsecure with a hyphen dot com smashing security for more information and to set up your free trial today. And deep thanks to Deep Secure for sponsoring the show.

And welcome back. And you join us for our favorite part of the show, the part of the show that we like to call Pick of the Week.

Pick of the Week.

Pick of the Week. Yes.

We were funny.

We were going up in octaves.

Is there a mouse? Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security-related necessarily.

Better not be.

Well, my pick of the week this week is not security-related. I live out in the countryside.

In fact, I live so far out in the countryside that you're almost up your own backside.

I don't have a telephone line. Can you imagine?

Haven't had one ever. Just kidding.

Well, I don't have broadband. I don't have broadband coming down my telephone line. I'm surrounded by sheep and a ruddy magpie on my roof. And so for the last 6, 7 months I've been living in this particular place, I've been struggling a little bit with my internet connection.

Yeah, they're the

You may have noticed.

Yeah, Carole certainly noticed.

worst. Yeah, I hate them.

And so I connect, everything is connected via 4G, but my 4G signal is not very good.

Okay.

Mm-hmm.

Yes, I can categorically agree that that is the situation at hand. Until recently.

Now, the thing which has revolutionised my life is that I have recently purchased a Poynting X-Pole One 5G omnidirectional cross-polarised LTE 2x2 MIMO outdoor antenna. Yes, I now have an outdoor antenna on my roof pointed in the vague direction of the cell tower.

All right, sorry, could you spell that one for me? I didn't catch it.

And I'm thinking, so you have something that's transferring all of your internet connectivity and you have no idea who the provider is or—

Yeah, it's Poynting.

Where are they from? What they do?

It doesn't matter. They've provided the hardware, and then I'm using those gits at Vodafone. Not very happy with them at the moment, who are providing the cell service. So I've got a SIM card from them, but it works. That's the important thing, and people assume that I've got broadband down a telephone line.

In fact, I haven't, and it's working jolly well. So if you, like me, are out in the sticks, you might want to get something like this. Yes, I agree. It's made a huge, huge difference, actually, Graham. Yes, jokes aside, it's improved our friendship.

It's improved our relationship and our professional relationship.

That's a good tip, honestly. I might be moving out to the country sometime soon, so that's good for me to know. Yeah, yeah, yeah.

It's worth checking out. I mean, it's a proper, you know, big meaty aerial thing, right?

Are we still— are we back to your topic of your initial story?

Maria, what's your pick of the week?

Mine is nothing like that. Mine's just a Twitter account that I really enjoy. If you're like me and you're very online, or maybe too online, the Twitter world can get very dark and gloomy and just too serious and boring. So I like having little sprinkles of fun nonsense to break things up a little bit.

Absolutely.

So this account is @MondoMascots, M-O-N-D-O-M-A-S-C-O-T-S. Mondo Mascots, and it is a visual log of all these really weird, wonderful mascots throughout Japan. So I don't know if you know this little thing about Japan that mascots are kind of a big deal.

I didn't know that.

Poynting. P-O-Y-N-T-I-N-G.

Oh right, so they have these

I don't know what country it comes from, Poynting. And my internet has dramatically improved.

guys dressed in suits that run Graham, we need one.

A Smashing Security.

Yes.

It's a furver's delight, I think. I've now got download rates of about 100 megabits per second, and I can go up, which is quite important when you're trying to do webinars, at about 30, 35 megabits per second.

around and try drum up some excitement. You don't have to get a furry suit.

Oh my goodness, I'm looking down. I'm scrolling down the Twitter account right now.

Isn't it amazing? Yes.

Well, yes, don't kink shame, Graham.

It's not a kink thing. No, Graham, I mean, for some people.

Rule of the internet, 34. You taught me that.

Excellent. Well done, Maria.

Thank you.

Thank you. Okay, it's more of a tip of the week this week.

Oh, a tip. Tip of the week.

A tip of the week. I have a garden, okay? Small but lush, right? And I've gotten into feeding birds. I have this birdbath thing, I've got various feeders, nuts, seeds, oats, soup balls, all kinds of stuff, right? Birds come, beautiful, exciting, lovely. A sure sign I'm getting old.

Yeah, you are.

I'm sitting with the doors wide open the other day, looking at everyone dancing around and eating and stuff. And then I see come out of the thorny and glorious rose patch I have about 3 feet from my house is a rat. Fat, happy rat mooching around, chomping up all the bird seed on the lawn that the birds, I think, are putting down for him. Literally, I think they're going, oh, I don't like that one, and he's just sitting there going—

Yeah, and there kind of can be mascots for just about anything. In my American head, I think of mascots as maybe a thing for maybe a sports game. Yeah, there's a mascot for a shopping street. And you're very sure that it was a rat and not— But looking through this account, there are mascots for like prefectures.

Oh yeah, I have a picture. I can send it over.

Nope, I'm good.

The birds are feeding the rat.

There's a mascot for a TV station, there's There's a mascot here that I'm looking at called Taro, a hairy-legged fish inspired by a Bruegel etching, was the mascot for Babel, an exhibition of Renaissance art that toured in Japan, so they had a mascot for that.

Basically, that's what it looks like, right? And he sees me, he darts into the mess of thorny bushes, of roses, right? Which I totally utterly refuse to chop down in order to find this rat.

a mascot for— yes, baseball teams.

And I don't want to corner him because they might fight back, but I don't want him to have babies in my property because that's a big problem. So I don't know what to do, right? I'm not into rat poison.

Good, that's terrible. Yes.

Yeah, I don't really like traps because, you know, the other animals. And what are you going to do?

Did you dress up as a rat mascot?

Yes, that's exactly what I did. And then I walked him out the streets up to your place.

Like the Pied Piper.

Yeah, up to your place.

Sashaying your hips left and right.

Sashaying my hips.

Yep.

And then I dropped him off. I said, here's Clueless, here you go, this is your take, look at this great place.

Carole, what have

So my Wookiee man husband did some research. And this is my tip of the week, 'cause I've not seen the fat rat or any rat for 4 whole days, and I've been watching like a hawk.

you got as

Douse cotton balls in eucalyptus oil or peppermint oil or citronella oil, and then just dot them around the garden underneath stuff, at doors, everywhere, and any little crevice. I've probably got 20 now, tiny ones all around the garden. Rats? No.

a pick of the week?

Oh.

Cotton balls.

Okay.

There is one rat. I've not seen any evidence of more than one at this stage. So I'm listening as well. I don't hear any of the, you know, they're not talking at night or anything like that. But they talk to each other anyway. So I was telling my neighbor about this, right? And telling him to keep an eye out because of these rats. And he says, oh God, I just use snake poo. And I go, what? And he goes, yeah, I've got some crazy dangerous snakes upstairs and their poo warns off any rodent. So I'm getting a little baggie of snake poo as my secondary defense.

Oh my God. Wow.

So my pick of the week: be nice to your neighbors and get snake poo. Eucalyptus, all those oils seem to work well. So if any listener has better ideas, I am all ears. Find us on email or on Twitter. Please, please, please.

I have a rat story for you, but I'll tell you offline.

How do you know it's snake poo? Have you seen these snakes? Or are they really—

I've seen a picture. I think he's got— I don't want to say the name wrong because I'm no snake aficionado, but I think he has— I don't want to say it in case it's just too ridiculously wrong. I will find out what snakes he has and I will tell you next show.

If it's human-sized, be suspicious.

That's what I'm thinking.

Yeah, the neighbor could just be giving you his poos in a bag.

You don't mean the cat? You don't mean the snakes?

Gross. Oh man, it always comes back to poop.

That bombshell. We've just about wrapped up the show this week. Maria, I'm sure lots of our listeners would like to follow you online, especially now they know the kind of things you follow on Twitter. What's the best way for folks to do that?

Honestly, listen to Sticky Pickles. I don't really use my Twitter account anymore. So listen to the other podcast that I'm on if you're not sick of me on this one.

Exactly.

And you can follow us on Twitter at Smashing Security, no G, Twitter allows to have a G. And you can also join the Smashing Security subreddit. And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast apps, such as Apple Podcasts, Spotify, and Google Podcasts.

Thanks to this week's episode sponsors, 1Password, JumpCloud, and Deep Secure, and to our wonderful Patreon community. Thanks to them that the show is free for all. For episode show notes, sponsorship information, guest list, and the entire back catalog of more than 231 episodes, check out smashingsecurity.com.

Until next time, cheerio, bye-bye.

Bye-bye. Bye.

Oosh, there we go, kitties. Thanks for the quiz, Graham, by the way. Love a quiz. Can we maybe make a deal, you and I?

Never do that again.

Let's not have a quiz for a month. Okay. You okay with that?

It's just I felt the story was a little bit lightweight, so I thought adding a quiz—

It wasn't at all.

You could have just gone straight with that. I would have loved an in-depth discussion on language and insecurity because that's literally what my job was for years.

Yeah, Graham, but no, you had to lead with cocks.

I was like, I would love to talk about that cock-led story. It's probably more funny for the listeners to talk about cocks.

Hey everyone, Carole Theriault here. Now, before we get to our review of the week, I just wanted to share a few cool stats with you about Smashing Security. So did you know that we have more than 175 hours of recordings available to you? All for free. That means Graham and I probably spoke for 250 hours just to make these shows.

Wow!

In that time, we've had more than 6 million downloads. Can you believe it? That's pretty cool. And we wouldn't have been able to do that without you, the listener, you, the guest host, or you, the sponsor. So thank you. Now on to our review of the week. You see, sometimes reviews can be just short and sweet like this one. It comes from Mike C123 from Australia. And he writes, "Brilliant! 5 stars! Love these hosts!!!" And thanks for sharing. If you haven't reviewed yet, what are you waiting for? We're dying to hear what you think. Have a good week.