This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

---

---

CAROLE THERIAULT. Are these guys 12? Are they 12 years old?

---

GRAHAM CLULEY. You don't have the balls to talk to me. Stop hiding behind your computer screen, you fuck. Your fat husband needs to be put in line.

---

CAROLE THERIAULT. I think we've got it.

---

ROBOT. I think we've got it. You got the— Yeah. Thank you. Smashing Security, episode 292, Trusturflux. Ransomware and eBay Stalking with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 292. My name is Graham Cluley.

---

CAROLE THERIAULT. And I'm Carole Theriault.

---

GRAHAM CLULEY. And Kroll, this week in the hot seat, who've we got joining us?

---

CAROLE THERIAULT. Oh, a very lucky person, Mr. Nobody.

---

GRAHAM CLULEY. Mr. Nobody. And there's a good reason why we don't have a guest this week, isn't there?

---

CAROLE THERIAULT. Well, things have got complicated, yeah.

---

GRAHAM CLULEY. Complicated, yeah. Go on then, tell them.

---

CAROLE THERIAULT. No, no, you go on, you go on, you tell them.

---

GRAHAM CLULEY. Well, first of all, We are speaking at NISC, which is a security conference happening up in the north of England or Midlands this week. And so we have to dash off for that, which means a little bit less.

---

CAROLE THERIAULT. Well, it's not just that we were speaking there. We were actually going to do a live Smashing Security show.

---

GRAHAM CLULEY. That's right. We're going to perform live Smashing Security on the stage for the lucky attendees there. And so that was the plan. But then something else happened.

---

CAROLE THERIAULT. Yep, we got it all ready. We got it all ready, dotted the i's, crossed the t's. And yesterday my husband came down with COVID So he is locked in the bedroom feeling pretty poorly. And I'm nursemaid.

---

GRAHAM CLULEY. You are nursemaid.

---

CAROLE THERIAULT. And quarantined.

---

GRAHAM CLULEY. So you don't have COVID yet as far as we know.

---

CAROLE THERIAULT. As far as we know, I'm okay. Yeah.

---

GRAHAM CLULEY. But. There's always a chance you could be carrying. So you're not going to be going to NISC. I'll go to NISC.

---

CAROLE THERIAULT. Yes.

---

GRAHAM CLULEY. And maybe you can join us virtually if we can.

---

CAROLE THERIAULT. That's what the plan is. We'll see if we pull it off.

---

GRAHAM CLULEY. We'll see if we manage that.

---

CAROLE THERIAULT. But that doesn't mean that we can't do this fantastic show, right?

---

GRAHAM CLULEY. Correct.

---

CAROLE THERIAULT. So let's kick off by thanking this week's sponsors, Bitwarden, Kolide, and Akamai. It's their support that help us give you this show for free. Now, coming up on today's show, Graham, what do you got? I'm going to be talking about company need loyalty. Ah, and I am going to be talking about whether or not it's cool to have Liz Truss on speed dial. All this and much more on this episode of Smashing Security.

---

GRAHAM CLULEY. Now, chum chum, I, I've got a question for you. Have you ever been part of a group that really means something? Have you felt really loyal to it? Have you had a sense of belonging, a sense of purpose?

---

CAROLE THERIAULT. What, like a company, you mean?

---

GRAHAM CLULEY. It could be a company, could be a scout group or a cult or a swimming group or, you know, whatever.

---

CAROLE THERIAULT. Yeah, no, maybe. Yeah, yeah, I was a big athlete, right? So when I was a kid, yeah, probably as a swimmer, my swim team. I was probably, yeah, I would definitely say I was very identified with that.

---

GRAHAM CLULEY. Would you do anything to defend your fellow members, you know, make sure that the group wasn't damaged or harmed in some way. You'd feel a sense of—

---

CAROLE THERIAULT. I was 12. So, yes.

---

GRAHAM CLULEY. Yeah. So I imagine raging hormones.

---

CAROLE THERIAULT. You don't need to talk about my fucking raging hormones. Thanks though.

---

GRAHAM CLULEY. Well, I want to tell you today about a group that had loyal members and, you know, they had a sense of belonging. But one day they realised that they had enemies, people they didn't like, people who weren't fans of their particular group.

---

CAROLE THERIAULT. Okay.

---

GRAHAM CLULEY. People who needed to be silenced. And word came down from the top of this group that the leaders of the group were displeased.

---

CAROLE THERIAULT. Sorry, sorry, when you say silenced, do you mean like go swim with the fishies? Or—

---

GRAHAM CLULEY. Well, yeah, that kind of message. So the message which came down from on high was, I want to see ashes as long as it takes, whatever it takes. I can manage any fallout if the plan goes south. Doesn't matter. But we need to stop them. So word has come down that somebody has to be stopped.

---

CAROLE THERIAULT. Okay. If someone texted me that, I would be like, WTF?

---

GRAHAM CLULEY. Well, maybe you would, Carole. Maybe you would. But maybe you're just disloyal. Maybe you don't feel like a proper member of the team. Someone has to be silenced is the message which has come down from the top of this group. Right. And maybe the person who you are targeting is on Twitter. And so maybe you'll do what this particular group did, which is it created a phony Twitter handle and it started posting threats telling the people they were targeting to stop reporting about their organization.

---

CAROLE THERIAULT. Creating a phony Twitter handle is— yeah, I don't know if I would say that's above board.

---

GRAHAM CLULEY. It's slightly cowardly, isn't it? I can understand why some people might want to remain anonymous, but in this particular instance, it sounds like you're using it for nefarious purposes. I mean, That's the sort of lead-in, isn't it? If you're making threats, yeah, it doesn't sound cool. What also doesn't sound cool would be to do other things. Now, this is a list of things which this group may have done to the people they were targeting, and you have to say which one of these you think they did and which ones they didn't. So I'll just read out a few of them. What if I would send you some live spiders and fly larvae? Okay. What if I were to send you cockroaches?

---

CAROLE THERIAULT. Whoa, okay. Couldn't you just feed the larvae and the cockroaches to the spiders?

---

GRAHAM CLULEY. A book entitled Grief Diaries: Surviving the Loss of a Spouse. Maybe you received that through your door.

---

CAROLE THERIAULT. Jeez. Do they send me a horse's head?

---

GRAHAM CLULEY. Well, no.

---

CAROLE THERIAULT. Okay.

---

GRAHAM CLULEY. But what they did send, maybe, is a preserved fetid pig's head. 'Which costs $59.99 plus $15 post and packing.' So which of those do you think I've made up?

---

CAROLE THERIAULT. Cockroaches.

---

GRAHAM CLULEY. No, they did do the cockroaches. Guess again.

---

CAROLE THERIAULT. They've done them all. That's what I'm going to guess. They did them all, didn't they?

---

GRAHAM CLULEY. Correct. Oh my God. Correct. They did all of them. Yes, they did all of them.

---

CAROLE THERIAULT. They're obviously not saying loves and kisses from this organisation.

---

GRAHAM CLULEY. No, they didn't say that. No. These were being sent anonymously to these people who they had a beef against. And they also— sent simultaneous Twitter messages from their phony account. Messages like, "Do I have your attention now, cunt?" Oh! "I guess I'm gonna have to get your attention another way, bitch." Are these guys 12?

---

CAROLE THERIAULT. Are they 12 years old?

---

GRAHAM CLULEY. "You don't have the balls to talk to me. Stop hiding behind your computer screen, you fucking cunt." "Your fat fucking husband needs to be put in line, cunt." I think we've got it.

---

CAROLE THERIAULT. I think we've got it.

---

GRAHAM CLULEY. You got the—

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. Thank you. 'When you hurt our business, you hurt our families. People will do anything to protect family.' That kind of thing. So not very pleasant, those messages, I think. Not very pleasant for you to edit, I imagine, either, with all those beeps. And they also signed up these people for newsletters about pornography, bondage, animal sex.

---

CAROLE THERIAULT. So they're basically the highest order of troll.

---

GRAHAM CLULEY. Well, yes. I mean, it's worse. I mean, it's not just like online troll. Doing things in real life.

---

CAROLE THERIAULT. Well, what, like sending things in the post?

---

GRAHAM CLULEY. Pretty scary. Oh, and they're not just sending things to the people they're targeting. They're also sending parcels to their neighbours, but addressed to their intended victims. Do you see what I mean? So the neighbours receive pornography or Hustler, barely legal magazines and jazz mags. So, not good.

---

CAROLE THERIAULT. Yep.

---

GRAHAM CLULEY. Okay. Now, the people who were launching this campaign decided it hadn't really gone far enough. They thought, we have to amp things up a little bit.

---

CAROLE THERIAULT. Okay.

---

GRAHAM CLULEY. So after several days of the initial campaign, what they did was they travelled 3,000 miles from California all the way across the United States to Massachusetts. So they could stalk their intended victims up close.

---

CAROLE THERIAULT. Oh, great.

---

GRAHAM CLULEY. They got a black—

---

CAROLE THERIAULT. Great. This is fantastic. So—

---

GRAHAM CLULEY. They got themselves a blacked-out van. Rental vehicle. They repeatedly circled the block. They tracked their victims' every move. They tried to break into their victim's garage to plant a GPS tracking device.

---

CAROLE THERIAULT. You better know who these people are by the end of this. This is crazy. Is this a movie?

---

GRAHAM CLULEY. Is this a movie? They changed their Twitter avatar to be a skull and began publicly posting the home address of their victims along with the death threats.

---

CAROLE THERIAULT. Kit, this is ridiculous.

---

GRAHAM CLULEY. It's ridiculous.

---

CAROLE THERIAULT. And illegal, presumably. So presumably—

---

GRAHAM CLULEY. I imagine so, Carole.

---

CAROLE THERIAULT. Yeah, right? So isn't the organization targeted if they reported this? Are they just sitting there taking this and, you know, quaking in their boots?

---

GRAHAM CLULEY. Oh, no, no, no, no, no. They are petrified. They've installed CCTV cameras. They're even sleeping in separate bedrooms. So if one of them is attacked in the middle of the night, the other one can hopefully escape and go get help.

---

CAROLE THERIAULT. Are they lovers or is this just business partners?

---

GRAHAM CLULEY. It's a husband and wife. Okay, okay, good. So maybe not that unusual for them to sleep in different bedrooms. But the stalkers have got a police scanner. They're listening in to what the police are saying on their walkie-talkies. And so they know their victims are petrified and are calling the cops every 10 minutes. And meanwhile, the stalkers have posted the victim's address on Craigslist and other websites. Inviting strangers to the home for sex parties.

---

CAROLE THERIAULT. Okay, why? Okay, so who is the organisation? Who— what's going on?

---

GRAHAM CLULEY. What's going on? That's— yeah, exactly. What you're wondering, what have the victims done to upset the stalkers? And have you got any theories?

---

CAROLE THERIAULT. No, no, I have no theory.

---

GRAHAM CLULEY. You mentioned a cult. A cult is possible because that would be sort of feverish loyalty, wouldn't it? Or if you were a member of a demonised political party.

---

CAROLE THERIAULT. Demonised? Like what?

---

GRAHAM CLULEY. You know, there are political factions out there who some people think, "Mm, you're a little bit too fervent." You know, it's a— but they're not members of a political party. They're not members of a cult. What they are are eBay employees.

---

CAROLE THERIAULT. You really buried the lead here. Okay, carry on.

---

GRAHAM CLULEY. So the people who launched this campaign against this couple were working in fairly senior positions inside eBay.

---

CAROLE THERIAULT. Okay.

---

GRAHAM CLULEY. So eBay has been a frequent topic of reporting by a fairly small newsletter and website called eCommerceBytes, run by a husband and wife team in Massachusetts.

---

CAROLE THERIAULT. Okay. So this is a site where they talk about e-commerce dramas.

---

GRAHAM CLULEY. But there's lots of eBay discussion on it because obviously eBay is the big one.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. Right. But they talk about other things. And in the early days, relations between eBay and the website eCommerceBytes is fairly cordial. Over 50 eBay executives are signed up for their newsletter. In the early days, eCommerceBytes was invited to interview eBay's management team. You know, everything's going well, but things took a bit of a turn for the worse about 10 years ago when eBay falsely accused and reported eCommerceBytes as a phishing site. Wah, wah.

---

CAROLE THERIAULT. Okay.

---

GRAHAM CLULEY. Right. And that was a mistake. That shouldn't have happened. They retracted their report later, but that's around about when the relationship sort of fouled up a little bit. There was a feeling that maybe eBay didn't particularly like some of the things eCommerceBytes was reporting.

---

CAROLE THERIAULT. Okay.

---

GRAHAM CLULEY. For instance, there was an article in eCommerceBytes which just observed casually that eBay's then-CEO had received $18 million worth of compensation, which they helpfully pointed out was 152 times more than the average eBay employee. And of course, if a story gets out like that, the CEO might feel rather uncomfortable going and chatting to, you know, Marge behind reception.

---

CAROLE THERIAULT. Again, it depends how many people are reading this article, right? If this was on BBC News, that's a big difference from it being on a, say, you know, a site with 1,000 readers.

---

GRAHAM CLULEY. You can pass round these sort of things, can't they? Oh, well, yes, articles can be shared. I mean, maybe it'd be much easier if it was flagged as a phishing site and so people didn't go there. I don't know. But anyway, one eBay executive said about the eCommerceBytes website, he said it gives him ulcers. It harms employee morale and trickles into everything about our brand. I genuinely believe these people are acting out of malice and anything, in caps, we can do to solve it should be explored. Somewhere at some point, someone chose to let this slide. It has grown to a point that is absolutely unacceptable.

---

CAROLE THERIAULT. This is crazy.

---

GRAHAM CLULEY. It's the blind eye toward graffiti that turns into mayhem syndrome. And I'm sick about it. Whatever it takes. They put a full stop behind each, after each word there.

---

CAROLE THERIAULT. Okay. Just, it's not just that you're stuttering. Okay. So, so.

---

GRAHAM CLULEY. And so some of the members of staff at eBay decided to take it upon themselves to sort of ramp up their opposition to e-commerce bikes.

---

CAROLE THERIAULT. Oh my gosh.

---

GRAHAM CLULEY. And—

---

CAROLE THERIAULT. Were they getting bonuses if they managed to come back with their heads?

---

GRAHAM CLULEY. Well, you know, if the boss wants something done, if he wants a problem gone away, he may not ask for the details. He just wants it to be fixed, right? He doesn't need to worry about the details. He's got enough problems. You know, maybe he's hoping to purchase a Furby, a rare one or something on eBay. So he's busy waiting for that to click through. He's like, you just deal with the problem. I'm going to snipe in at the last second and get this baseball card or whatever it is.

---

CAROLE THERIAULT. It doesn't make sense to me. Like eBay is one of the top 10 websites in the world.

---

GRAHAM CLULEY. Mm-hmm.

---

CAROLE THERIAULT. And they are obsessed with a mom-and-pop media outlet.

---

GRAHAM CLULEY. Right. And so some of eBay's staff began to conspire. And at the meetings, one of the things they did was they played a clip from a movie called Johnny Be Good. And in Johnny Be Good, two of the characters arranged for a delivery to their football coach's home, a delivery of unwanted items, $283 worth of pizza, an elephant, a male stripper, and Hare Krishna missionaries. So they watched this video and they thought, we could do that, we'll do something similar. We'll start— but although they used fetid pigs' heads and they didn't send any Hare Krishna around, as far as I know.

---

CAROLE THERIAULT. So you're saying these employees had a meeting, made a plan to terrorize these people because they didn't like what they were writing, and then actually instigated it and did these things. And they got caught. Okay, I just want to know how this got out.

---

GRAHAM CLULEY. When the police began to investigate this, because obviously these two people who have been harassed and had their garage broken into, I said, who might your enemies be? It was like, well, there's some people really upset with us who appear to be— don't want us to report on eBay anymore.

---

CAROLE THERIAULT. What, said, hey, eBay's after us, do something.

---

GRAHAM CLULEY. So all kinds of craziness was going on at eBay. They played clips from Meet the Fockers, telling people about the circle of trust, encouraging people not to remember anything if the police came asking questions. They even went so far, one of the guys there, to have all the employees' personal belongings stripped from their lockers and dumped into trash bags. And they were told, So you're saying these employees had a meeting, made a plan to terrorize these people because they didn't like what they were writing and then actually instigated it and did these things and they got caught.

---

CAROLE THERIAULT. Okay, I just want to know how this got out.

---

GRAHAM CLULEY. The police began to investigate this because obviously these two people who have been harassed and had their garage broke into. I said, who might your enemies be? And as a result of all this, James Boar, who was eBay's senior director of safety and security, he has now been sent to prison for 57 months. His co-conspirator David Harville, the company's director of global resiliency, he's been jailed for two years and also been asked to pay a $20,000 fine. There's round about six other employees at eBay who've also pleaded guilty for their part in the cyberstalking plot, one of whom has already been sentenced as well to 18 months in prison. So they're getting prison time for this. But it is extra— what are they putting into their Kool-Aid to make employees at eBay so incredibly loyal? And where can we get some?

---

CAROLE THERIAULT. Oh no, or maybe they're just a band of crazy, crazy employees that got together. This is insane. This is— I don't—

---

GRAHAM CLULEY. When this story first came out, the CEO did leave very promptly afterwards. The one who'd initially said he wanted something to be done to silence these people because of disagreements with the rest of the board. He, as far as I know, has not been charged with anything in connection with this. But it does sound like incredible loyalty to your boss, all because of an online critic. So don't always think it's a nutter in a back bedroom who's doing it. It could be a nutter inside a company with a team of other nutters.

---

CAROLE THERIAULT. And if your boss sends you an email saying, I want anything to shut these people up, just kind of go, whoa, whoa, calm down.

---

GRAHAM CLULEY. I want to know if they gave eBay feedback on that fetid pig's head. Lovely quality. Would order again. A-plus. Top seller. Krowe, what have you got for us this week?

---

CAROLE THERIAULT. It's bad news, I'm afraid. UK as a nation is not a shiny beacon of how a state should be run at the moment. I think we're in a bit of a pickle. We're in a bit of a sticky pickle.

---

GRAHAM CLULEY. It's what I call a Truster-fluck, I think is the phrase.

---

CAROLE THERIAULT. Interesting, because we're talking about Liz Truss coming up.

---

GRAHAM CLULEY. So our glorious new leader. Yes.

---

CAROLE THERIAULT. But before we get to her, let's just set the scene. So we have the price of electricity going through the roof, yet petroleum companies are boasting about huge bonuses. We have hospitals with too few beds. We don't have enough teachers, doctors, nurses, or mental health professionals. Inflation is looming and food prices are soaring. Hey, did you know that supermarkets are now offering loans to people so they can eat?

---

GRAHAM CLULEY. No, I didn't know that. No.

---

CAROLE THERIAULT. 60,000 people have applied for Iceland's microloans in a two-week period, and credit providers say the loans could total $3 million if approved. Did I mention the climate disaster?

---

GRAHAM CLULEY. Is that still going on? Is that still a problem?

---

CAROLE THERIAULT. Yes, yeah, yeah, that hasn't gone. It's still, it's still, okay, yeah, it's still headline news. So, so meanwhile, so this is a huge kind of cluster of garbage, and meanwhile we have Boris Johnson leaving for lying, basically finally gets the boot in the, in the behind, and we are gifted with Liz Truss. She's not the winner of a general election, right? She was chosen by nearly 200,000 probably extremely wealthy Conservative party.

---

GRAHAM CLULEY. My dad, apparently. My dad.

---

CAROLE THERIAULT. Oh, well, there you go. Well, you can thank him. Thank you very much. Yeah. High five to Graham Cluley for that.

---

GRAHAM CLULEY. He's a member of that particular club.

---

CAROLE THERIAULT. So we should have a different word for a prime minister if they're elected versus selected.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. Don't you think? Yeah. Anywho, Liz Truss is a bit of a controversial choice. I know you're not a massive fan of Jonathan Pye, but he has recently put together a New York Times opinion and he said, quote, if you take the social awkwardness of Theresa May, cross with Boris Johnson's wild-eyed incompetence, add a sprinkling of Maggie Thatcher's hatred of the working classes, and wipe off any residual charisma with a damp cloth, you're kind of halfway there. So would you agree with that?

---

GRAHAM CLULEY. I'm not very impressed by Liz Truss. No, she's a bit weird.

---

CAROLE THERIAULT. Um, yeah, she is a bit weird. The things that are controversial that I've seen in the press is that she doesn't like the idea of taxing the rich to help those in need with social benefits. And she has vowed a red tape bonfire on EU regulations. This is the title in the Express. People are worried that this means bye-bye to environmental and privacy and societal protection laws.

---

GRAHAM CLULEY. And weirdly, about 20-odd years ago, when she used to be a Liberal Democrat, when she was a member of a different political party, she really wanted to do away with the monarchy. And of course, She did have a meeting with the Queen just two days before. Anyway, it's awful. Yeah, I'm not— no conspiracy theory there, but I'm just saying, funny old thing, isn't it?

---

CAROLE THERIAULT. So why am I talking about our newest unelected Prime Minister of the United Kingdom, Liz Truss? Well, according to the Mail on Sunday, the Prime Minister's mobile phone number was found to be available online for the big old price of £6.49. So about 2 cents in US dollars at the moment. And this data trove did not only have the phone number of the PM, it also had her personal information like email and passwords.

---

GRAHAM CLULEY. To be fair, Carole Theriault, though, I know what Liz Truss's address is. I don't have to look it up on the internet.

---

CAROLE THERIAULT. So the data also included stolen info on 25 other cabinet ministers. Now, you read a lot about politics, don't you?

---

GRAHAM CLULEY. A little bit.

---

CAROLE THERIAULT. So you're going to show off right now. We're going to put you on the spot, okay? What is the name of the Chancellor?

---

GRAHAM CLULEY. Oh, oh, Kwasi. Kwasi Kwarteng. Yes.

---

CAROLE THERIAULT. Kwarteng, yeah. Okay, Defence Secretary?

---

GRAHAM CLULEY. Oh no, it was Ben— I don't know who they put.

---

CAROLE THERIAULT. Yes, Ben Wallace.

---

GRAHAM CLULEY. Okay. Oh, was it still Ben Wallace? I thought they'd got rid of him.

---

CAROLE THERIAULT. Yeah. Foreign Secretary?

---

GRAHAM CLULEY. They didn't give it to Suella Braverman, did they?

---

CAROLE THERIAULT. No, she's Home Secretary. Home Secretary. Foreign Secretary is James— Cleverley?

---

GRAHAM CLULEY. Oh yes, James Cleverley, yes.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. They've only had the job about a week, haven't they? I mean, it's hard to— they keep on turning them around so quickly.

---

CAROLE THERIAULT. And of course, we have the opposition leader.

---

GRAHAM CLULEY. Yes, Sakhir Starmer.

---

CAROLE THERIAULT. There we go. Very good. So this website described only as shady, but not named by The Sunday Paper, boasts data stolen in cyberattacks going back more than a decade. And this site claims to have more than 14 billion files of compromised assets, on this searchable database. So the Mail on Sunday, after paying for £6.49p or $0.02 US, got access to the site for a week, and it took them seconds to find the Prime Minister's personal mobile number, they write. And the Cabinet Office said that it was investigating, that some of the information was old, but the data haul reportedly contained 26 current phone numbers for the cabinet, including Mrs. Truss. And now this is what I found interesting.

---

GRAHAM CLULEY. Oh, so it's still her working phone number, is it?

---

CAROLE THERIAULT. This is my big point. So apparently Mrs. Truss has used the same number since 2011.

---

GRAHAM CLULEY. Oh my goodness. What's going on at MI5? You can't be allowing this. If someone's become Prime Minister, change their bloody phone number. Yes. Even though they probably won't want it, because otherwise you get Uri—

---

CAROLE THERIAULT. Yes.

---

GRAHAM CLULEY. St. Peter's Square.

---

CAROLE THERIAULT. Yes.

---

GRAHAM CLULEY. Sending through some dodgy zero-day to infect her phone, weren't they? And get inside her WhatsApp.

---

CAROLE THERIAULT. You just would think that you would do a review, right? A government security group would do a review to make sure your digital stance is secure, or maybe look at how it could be improved. Like, do you think Meghan Markle has the same phone number she had before she got married to Harry?

---

GRAHAM CLULEY. But you know what? This is actually the problem. Is that there's no one in charge of these people. So people can make recommendations. People can come along and say, "Uh, I think you want to be a bit more careful." But if you've managed to bubble up, float up, as it were, to this high in the political world, you think like Kwasi Kwarteng that you're some kind of genius. But in fact, you've got arrogance coming out of your ear holes because of your Eton upbringing and all the rest of it. And so you think, "Well, I know best. No, I don't want to change my phone number because that's how all the hedge fund managers get in touch with me." So it'll be really inconvenient. So don't think I'm stupid enough to click on a dodgy link or believe a text message. This is one of the many troubles with politicians is they can be quite arrogant and sometimes a bit weird and dim.

---

CAROLE THERIAULT. I've known a number of CEOs pull this prank as well. So, just saying, just saying, it's not only politicians. So the paper came out on Sunday, tried to track down the owners of the shady website. The address was registered in a kind of down-and-out part of Las Vegas, and they went down there and it was a front. They found, quote, scruffy prefab used as a service address for hundreds of companies.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. So what could go wrong? What could go wrong with people being able to buy very important people in the UK's personal contact details? A former British intelligence officer and cyber expert said the amount of business that is done by ministers and opposition leaders on WhatsApp groups and other phone apps means that mobile phones are a weak point of entry for Britain's enemies. What? Is this true? This is the best we've got?

---

GRAHAM CLULEY. Yeah, there's a lot of political hobnobbing which goes on via things like WhatsApp, which also has a problem of these messages not necessarily being stored, whereas you might have rules in place to archive communications which are going on via email or telephone and the rest of it. But you can have disappearing messages on messaging systems. But yeah, absolutely, it is a target.

---

CAROLE THERIAULT. Right.

---

GRAHAM CLULEY. And could be highly embarrassing.

---

CAROLE THERIAULT. Well, exactly. So the thing is, is you have all this kind of stuff, right? And I mean, we all remember Pegasus. So if you can get access to the phone without the owner knowing, you literally know everything about them, where they are, what they're doing on their phone, everything. But of course, don't worry, because a Cabinet Office spokesman said, we take cybersecurity extremely seriously.

---

GRAHAM CLULEY. Ah, that's a good line. Someone else should use that.

---

CAROLE THERIAULT. And they say that ministers receive regular security briefings and advice, including advice on protecting their personal data and mitigating cyber threats.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. So, um, I don't know, I just think maybe we need to think sometimes about refreshing our digital footprint. Like, I've, you know, people have had the same email addresses for decades and decades.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. And we do that because of this treasure trove of crap that we don't really want anyone to get their hands on, except how often do we dig in there to get something? Couldn't we put it on a backup drive that's not connected to the internet at all times, perhaps?

---

GRAHAM CLULEY. Yeah. Yep. Well, certainly there should be some sort of onboarding process, shouldn't there, for leading politicians? Some, you know, maybe put them through some kind of device.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. To say, you will now change your vote. Because this is what they do in America, isn't it? They didn't let Barack Obama keep his favorite smartphone. You know, you get a locked-down device.

---

CAROLE THERIAULT. Didn't Trump have his own device, though?

---

GRAHAM CLULEY. Was he really ever president, or did I just dream that? I was wondering if I had a nightmare for a few years. Ah! Oh my God, it was true. If you're considering a third-party audit like SOC 2 or ISO 27001, then you should be prepared to answer some tough questions about endpoint security. Auditors want to know that you have a system in place to monitor and maintain compliance across your fleet, which means showing that your staff are using things like disk encryption, screen locks, password managers. If you're not quite sure how you'd go about proving all that, then you need Collide. Collide's an endpoint security tool for Mac, Windows, and Linux devices that gives you the visibility you need to meet your third-party and internal compliance goals. Best of all, Kolide doesn't resort to spying on workers or locking down devices. Instead, it works with end users to resolve issues and relies on their cooperation and informed consent. You can meet your security goals and pass your audit without compromising on privacy. Visit kolide.com/smashing to find out how. If you follow that link, they'll also give you a goodie bag just for activating a free trial. That's K-O-L-I-D-E dot com. Bitdefender.com/smashing.

---

CAROLE THERIAULT. Smashing Security listeners, did you know that Bitwarden is the only open-source cross-platform password manager that can be used at home, on the go, or at work? Bitwarden's password manager securely stores credentials spanning across personal and business worlds. And every Bitwarden account begins with the creation of a personal vault, which allows you to store all your personal credentials. These are unique and secure passwords for every single account you access, and it's easy to set up. It's easy to use. I honestly love Bitwarden. I use it at home, use it at work, use it on the go. Get started with a free trial of a Teams or Enterprise plan at bitwarden.com/smashing, or you can even try it for free across devices as an individual user. Check it out at bitwarden.com/smashing. And thanks to Bitwarden for sponsoring the show.

---

GRAHAM CLULEY. Every day, billions of people around the world connect with their favorite brands online through shopping, gaming, banking, learning, and more. Every second, the internet gets more chaotic, more cyber threats. Securing entire ecosystems, clouds, apps, APIs, and users, that grows more complex, causing friction that slows innovation and hampers agility. With Akamai, cybersecurity can become an engine for innovation and growth. Whether you want to achieve unmatched security with Akamai's suite of app and API protection, or embrace a zero-trust architecture, Akamai can help. With insights from the world's most distributed compute platform, Akamai delivers unique security research on the latest attacks and trends on everything from ransomware as a service, gangs like Conti, DDoS attacks, phishing attacks, to help you protect your business. Where else can you take advantage of insights from 7 trillion DNS queries per day. Learn more about Akamai and their security research. Visit their website, akamai.com/smashing. That's A-K-A-M-A-I dot com slash smashing. And welcome back. And you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.

---

CAROLE THERIAULT. Pick of the Week. Pick of the Week.

---

GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like It can be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish. It doesn't have to be security related necessarily.

---

CAROLE THERIAULT. Better not be.

---

GRAHAM CLULEY. Now, my pick of the week this week is not security related.

---

CAROLE THERIAULT. Excellent.

---

GRAHAM CLULEY. In a surprising pivot, Carole, I'm going to take a leaf out of your book and I am going to recommend a recipe.

---

CAROLE THERIAULT. What? What?

---

GRAHAM CLULEY. I know, it's sort of thing that you do.

---

CAROLE THERIAULT. Is this one you've made?

---

GRAHAM CLULEY. This is something I have actually made. Now, when I say made—

---

CAROLE THERIAULT. You mean someone made it for you and you ate it?

---

GRAHAM CLULEY. No, no, I did it. So I've had requests from my son quite often for a soft-boiled egg with soldiers in the morning. And I've tried this on a number of occasions before taking him to school. And it's been disastrous because either the eggs are too hard or the eggs are all squishy.

---

CAROLE THERIAULT. I am so— Outraged? Surprised you didn't just call me up and go, "Carole, how do I boil an egg?" No, I know how to boil— No, no, soft boil an egg. I know exactly, like, anyway, carry on.

---

GRAHAM CLULEY. Well, I'm going to share my method for soft boiling an egg perfectly every time. I'm going to link to a YouTube video and I'm going to tell you how I'm doing it because so far it has worked perfectly every time. And maybe there are other people like me ex-programmers who are struggling with this and would benefit.

---

CAROLE THERIAULT. And don't have a really good friend who's an amazing cook.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. Okay. Crack on.

---

GRAHAM CLULEY. Get yourself a pot. Put about half an inch of water in it. Only half an inch. It's only a little bit of water in it. Right? Boil the water. Put your— so it's bubbling. That's what boiling means. Put your eggs in. Put a top on the pot. What's that called? A lid. A lid on the pot. It's still boiling. You wait 6 minutes. Don't wait 7 minutes. You wait 6 minutes. Quick, take it off the hob. Put them in cold water. Those, my friend, are soft-boiled eggs, which you can put your toast soldiers and dip them in. And I have a very happy son.

---

CAROLE THERIAULT. Okay, that's totally not how I do it. Isn't that funny?

---

GRAHAM CLULEY. So it's the steam which actually boils them. It's not the water. Okay, let's hear your method, which won't be as good as mine. Okay. My method works every time.

---

CAROLE THERIAULT. Grab eggs, put them in a pot.

---

GRAHAM CLULEY. I did that.

---

CAROLE THERIAULT. Add about an inch of water.

---

GRAHAM CLULEY. Mm-hmm. Too much.

---

CAROLE THERIAULT. Put the lid on.

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. Okay. It's cold. Everything's cold right now.

---

GRAHAM CLULEY. Oh, I'm not doing that.

---

CAROLE THERIAULT. Yes, I'm—

---

GRAHAM CLULEY. Carry on.

---

CAROLE THERIAULT. Can I?

---

GRAHAM CLULEY. Yes, carry on.

---

CAROLE THERIAULT. Put the heat on, bring it to a boil. Once it hits the boil, turn it off completely. There's a lid on as well, right? Turn it off completely, leave it for 3 minutes. Remove eggs, cold water if you're not gonna eat them right away, or slap them in your little egg holder and mummy, mummy, yum, yum, yum, yum, yum. Anyway, listeners, try your favorite. See what works better for you.

---

GRAHAM CLULEY. Okay. All right. Let's have an online poll, maybe.

---

CAROLE THERIAULT. Yes.

---

GRAHAM CLULEY. Carole, what's your pick of the week?

---

CAROLE THERIAULT. Well, interesting, because I have a pick of the week for you, Graham, because mine is a list of what people say are cool Twitter bots. Okay. So I have a list of a few of them, and I wanted to check them out with you to see if you'd say, yes, that would be totally useful or not interested at all.

---

GRAHAM CLULEY. Okay. Go ahead.

---

CAROLE THERIAULT. Does that work? Okay, hold on. Dee dee dee. All right. Number 1, Thread Reader app.

---

GRAHAM CLULEY. Oh, I've heard of this. Yes. Yeah.

---

CAROLE THERIAULT. Yeah. So it's when a tweet has too many threads, you just reply with the Thread Reader app, unroll, and the bot will compile it into an easily readable blog-style format.

---

GRAHAM CLULEY. Yeah. It kind of puts it onto a page, doesn't it? The whole conversation. Yeah, that's cool. I don't use it, but I've heard of it. Yeah, I've seen it. Yeah.

---

CAROLE THERIAULT. Okay. Quoted replies. Do you want to know other people who have quoted a particular tweet? This is where quoted replies comes to the rescue. You just have to reply or, or quote the original tweet with @quoted replies, and then the bot provides you with a link and you can then tap it to view all the quotes that, that particular tweet where it's shown on Twitter.

---

GRAHAM CLULEY. Hmm. Don't see what the point of that is.

---

CAROLE THERIAULT. No. Okay. What about screenshots of old websites? So it's like a Wayback Machine, you know? So the—

---

GRAHAM CLULEY. And that uses Twitter somehow?

---

CAROLE THERIAULT. Yeah, so you kind of go @Wayback_Exe and it'll generate screenshots of old websites in old browsers and tweet them to you every 2 hours. That sounds really useful.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. Earthquake alerts. @earthquakebot.

---

GRAHAM CLULEY. Oh, I definitely need that here in Oxfordshire. Yes.

---

CAROLE THERIAULT. Well, maybe some friends live in places where there's a lot of earthquakes. And basically the bot tweets about any earthquake with an intensity of 5 or greater as they happen worldwide.

---

GRAHAM CLULEY. How does it get that information?

---

CAROLE THERIAULT. It uses data from the United States Geological Survey, Graham. And also it adds a Google Map link for each location it tweets about.

---

GRAHAM CLULEY. Can you say I'm only interested in earthquakes in a particular area rather than hearing about ones down here?

---

CAROLE THERIAULT. Do you think I know the answer to that?

---

GRAHAM CLULEY. Oh, okay. It doesn't matter.

---

CAROLE THERIAULT. Okay, last, last one. Tiny Care. Okay. A genuinely helpful Twitter bot that helps you practice self-care. So it sends you an hourly reminder to take a break from busy work life with gentle advice to take a deep breath or drink water or go listen to music or go out or do things that make you happy.

---

GRAHAM CLULEY. So what, it fills up your Twitter timeline with Every hour. Stand up, blow your nose. No. Cut your toenails.

---

CAROLE THERIAULT. No, it's much nicer. Please remember to take a second to take some deep breaths. Please remember to take a moment to take your meds.

---

GRAHAM CLULEY. I need that.

---

CAROLE THERIAULT. Anyway, so I have a link in the show notes to this list of pretty cute bots. You may know of better ones, so feel free to tweet them over to us. Well, that's my pick of the week.

---

GRAHAM CLULEY. Marvelous. Well, Carole, I think we have survived without a guest. Next week we'll have a guest and maybe we'll do a post-mortem on how the NISC Smashing Security live event went. That'd be good. Yes.

---

CAROLE THERIAULT. Fingers crossed for us people.

---

GRAHAM CLULEY. Folks, you can follow us on Twitter @SmashInSecurity, no G, Twitter won't allow us to have a G. And we're also on Reddit. Look for us on the Smashing Security subreddit and don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Google Podcasts.

---

CAROLE THERIAULT. And of course, a huge shout out to our episode sponsors, Akamai, Bitwarden, and Kolide. And of course, to our wonderful Patreon community. It's thanks to them all that this show is free. For episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 291 episodes, check out smashingsecurity.com.

---

GRAHAM CLULEY. Until next time, cheerio, bye-bye, bye.

---

CAROLE THERIAULT. 8 away from 300. Scary. Oh yeah, yeah, 8 more episodes. We're gonna have episode 300.

---

GRAHAM CLULEY. 300. When do we quit? When do we just call it a day? Do we? No? Just keep on going because the public want us to carry on. They love us. The roar of the crowd, the smell of grease paint, the sniff of the microphone.

---

CAROLE THERIAULT. The end of the episode. Bye everyone!

-- TRANSCRIPT ENDS --