GRAHAM CLULEY
You're not allowed to put live people on a stamp.
CAROLE THERIAULT
Is that true?
GRAHAM CLULEY
Yeah, because otherwise if you put a live person on, they might do something naughty later.
CAROLE THERIAULT
Exactly.
GRAHAM CLULEY
Yeah, exactly.
Unknown
You don't want to be licking the backside of— Smashing Security, episode 330, deepfake Martin Lewis and a deadly jog in the park with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security. Episode 330. My name's Graham Cluley.
CAROLE THERIAULT
And I'm Carole Theriault.
GRAHAM CLULEY
Hi, Carole. How are you doing?
CAROLE THERIAULT
I'm great. More to the point, how are you?
GRAHAM CLULEY
Well, it's been a crazy few days. A number of things have occurred. The first is that I've moved house.
I'm literally surrounded by boxes full of leads, as if my life isn't always surrounded by boxes full of leads and technology.
CAROLE THERIAULT
I was going to say.
GRAHAM CLULEY
Yes, things I don't understand, things that— why have I kept that? What am I doing with this?
And also I've had huge, huge internet problems because I thought I'd organized for the internet to be here, but it turned out I hadn't.
CAROLE THERIAULT
And that is why we are recording just mere hours before we go live.
GRAHAM CLULEY
Just hours.
CAROLE THERIAULT
And we had to say no to our guest this week because you had to change the times from the recording because of your internet woes.
GRAHAM CLULEY
Don't remind me. Sorry, guest. Sorry, guest. We'll have you back on another time.
CAROLE THERIAULT
Very soon, because she's great. How do you feel about getting the show on the road?
GRAHAM CLULEY
Let's do it.
CAROLE THERIAULT
But before we kick off, let's thank this week's wonderful sponsors. We have Collide, Sysdig, and Drata. It's their support that helps us give you this show for free.
Now coming up in today's show, Graham, what do you got?
GRAHAM CLULEY
Well, going for a jog can be bad for your privacy, but even worse for your health. Okay.
CAROLE THERIAULT
And I'm gonna look at the bamboozling and deeply convincing deepfakes. All of this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY
Now, Chum Chum, I am indebted this week to one of our friends on Reddit. Frightenstein is his or her name.
And they pointed me towards this story, which comes from the Kyiv Post all the way in Ukraine. And interesting story.
So there is this chap, his name is— and I apologise to anyone listening who has a better understanding of names from that sort of general part of the world than myself— Stanislav Ryzitskiy.
And Stanislav Ryzitskiy, he likes to keep fit. I mean, don't we all?
CAROLE THERIAULT
Maybe we could just call him Stan. We can call him Stan. Or Slav. Stanislav.
GRAHAM CLULEY
Stanislav. Stanislav. Anyway, so he likes to keep fit, right? Stanislav, he likes to keep fit. And on Monday, Monday of this week, in fact, he went out for a jog as normal.
Just went out for a jog. Likes to keep fit. You and I, Carole, we know we love a bit of fitness, love running around the park, you know, improving our PB, our personal best.
You get on your rowing machine.
CAROLE THERIAULT
I'm very fit, Graham.
GRAHAM CLULEY
I know you are. You are— Oh, you're a piece of pink steel, aren't you? You are just all sinew and— aren't you? That's all you are.
CAROLE THERIAULT
So rude. One would think you're jealous.
GRAHAM CLULEY
Stanislav. He went out for a jog as normal around his local park in the city of Krasnodar, which is in southern Russia.
GRAHAM CLULEY
Have you ever been into jogging?
CAROLE THERIAULT
We had a little stint of jogging, you and I, once long ago.
GRAHAM CLULEY
We did, didn't we? We did pretty well. And it wasn't just once, was it? We used to go out every lunchtime, going for a little jog. Hurts the knees eventually, I found, but—
CAROLE THERIAULT
Oh, you're a little older than I am, though.
GRAHAM CLULEY
Now, Stanislav, he won't be going out jogging anymore. He's not going to be doing that. Not because he hated the jog, not because his knees hurt or something like that.
CAROLE THERIAULT
What happened?
GRAHAM CLULEY
Because someone shot him dead.
CAROLE THERIAULT
Well, I was wondering, is he— it's kind of a war area. I didn't know if people would go jogging. I don't know. I don't know anything about war.
GRAHAM CLULEY
So, well, he's in Krasnodar, which is in Russia.
GRAHAM CLULEY
He's not in Ukraine. But it is true to say that he is the deputy chief. He is a military man. He's the deputy chief of the Department for Mobilisation in Krasnodar.
And he has commanded a submarine in Russia's Black Sea Fleet. A submarine which is said to have been used to launch deadly missile attacks against Ukrainian cities.
So he is involved in the conflict out there.
CAROLE THERIAULT
Yeah, I would call that involved.
GRAHAM CLULEY
Yes, absolutely. Quite involved.
CAROLE THERIAULT
Understatement of the year, but yeah.
GRAHAM CLULEY
But presumably he felt safe jogging around Krasnodar in Russia.
And according to TASS, which is the Russian state news agency, they say that local police are reporting that he was shot 4 times while he was out jogging.
Police are investigating, blah, blah, blah. Now, it hasn't been confirmed who actually killed Stanislav Ryzhitsky.
But what happened as well on Monday was that Ukraine's Defence Intelligence Agency, who are called HUR, the H-U-R, they say, well, they seem to know quite a bit about the shooting.
And they filled in some of the details when they posted on Telegram about it. According to them, Stanislav, he loved to have a little run early in the morning.
They say he was out jogging in the Krasnodar Park of Culture and Recreation. Have you ever heard a more Russian name for a park than the Park of Culture and Recreation?
Anyway, he was out at roundabout 6 AM. And they say that 7 shots fired out at Stanislav from a Makarov pistol. Now, I find that it's how would they know what kind of pistol was used?
Peculiar, doesn't it? How would they know? Anyway, they say it was from a Makarov pistol. And as a result, Ryzhitsky, they say, died on the spot.
And they share some other information as well about the weather. Which is always important. Everyone's interested.
They say, "Due to heavy rain, the park was deserted, so there were no witnesses who could provide details or identify the attacker." And this is Ukraine.
CAROLE THERIAULT
Because no one was around except for the guy who decided to go for a run in the rain.
CAROLE THERIAULT
At 6 AM. He's hardcore, yeah.
GRAHAM CLULEY
Yeah, he's hardcore. He's taking this seriously. So they were fairly confident the shooter had got away unseen. That was their opinion, was that, you know, been mentioned.
Now, the FSB, Russia's secret service, they later issued a press release saying that a 64-year-old man had been arrested in relation to the killing.
So the question— well, there's a few questions here.
First of all, how did Ukraine's Defence Intelligence Agency appear to know so much about this if they weren't involved themselves?
But also, how did the shooter know that Ryzhitsky— if he was being specifically targeted, how did they know where he was going to be and when.
CAROLE THERIAULT
Well, okay, often I would say runners would normally take the similar route. So if you were spying on this person, you might go, oh, he runs every day at this time in this place.
GRAHAM CLULEY
Yeah, yeah, that sounds possible.
CAROLE THERIAULT
But I'm guessing, because this is Smashing Security, there is going to be some smart tech involved.
GRAHAM CLULEY
There is. Or maybe not so smart tech. Perhaps.
CAROLE THERIAULT
Yeah, dumb tech, asshole tech.
GRAHAM CLULEY
Just tech. I mean, Miko says if it's smart, it's stupid, doesn't he? So anything which is called smart is normally dumb or dangerous.
Well, we don't know for sure, but what we do know is that there is a Strava profile for someone calling themselves Stanislav Ryzitskiy.
And that, of course, Strava, of course, is the app which records runs, shares them with other online users.
And we've spoken before about the privacy risks associated with Strava even including military and information about military bases, which has been seemingly spilt online via Strava.
But I don't think we've ever heard about blood being spilt before as a result of maybe things being posted on Strava.
CAROLE THERIAULT
It's interesting because people on YouTube or whatever, or commenters and that kind of ilk, will often have a username that doesn't necessarily identify them to their real identity.
And yet with Strava, because probably there's a show-off element to it, like, hey, look what I did today. I actually exercised. You know, I'm top of the leaderboard. I'm the best.
You know, I do run every day. Here's proof. So maybe there's that weird show-offy thing that makes people put in their real names because, why wouldn't you just have a username?
GRAHAM CLULEY
I think that's very true. You don't call yourself sort of, you know, Sausage Dog or something like that. You call yourself—
CAROLE THERIAULT
Well, you could, Graham. I think maybe, you know.
GRAHAM CLULEY
Yeah, maybe I should be a sausage dog.
No, not only is there an account on Strava in Stanislav Razitsky's name, there are also photos posted on the account which do apparently bear more than a passing resemblance to the Russian commander as well.
And there's a cycle ride which was recorded on the hills outside the city of Krasnodar in the weekend before he was shot dead.
And indeed, the last run which was taken shows him at the location of the shooting.
So it appears that this guy had recorded on Strava, because that's the way it works, Carole, is if you have something on Strava, it doesn't sort of livestream it to Strava.
At the end of your run, you then say, oh yeah, send that to Strava, please. That's one I'm proud of.
CAROLE THERIAULT
And then it uploads it and says, this is the time, here's the route you took, this is how long.
GRAHAM CLULEY
Right. So it wouldn't necessarily be the case that the run he did, which he, you know, obviously came to a sticky end on, that one was uploaded, but his previous run is there.
So was someone watching his runs? Well, we don't know for sure, but here's the really weird thing.
If you look him up on Strava, if you look at his last recorded run, which was at the location where the shooting took place, it has been liked by other people.
4 other people have liked his run. And one of the people who has liked his previous last run is a guy called Kirillov Budanov. And he is a major general.
Major General Kirillov Budanov, head of Ukraine's military intelligence. Now, I put it to you that possibly they are not running buddies. These two guys.
CAROLE THERIAULT
Or I put it to you, I put it to you that maybe one or both of these—
GRAHAM CLULEY
I put it to you.
CAROLE THERIAULT
There's a lot of conjecture here, right?
CAROLE THERIAULT
And as we've just said, maybe Major General Kirillov Budanov is actually not Major General Kirillov Budanov, but a fake Strava username. It could be in someone else's name.
To mix everything else.
GRAHAM CLULEY
Yeah, that'd be an interesting thing to do actually, wouldn't it?
If you wanted Russian assassins to go after the wrong people, you could hack other people's Strava accounts and use the names of senior Ukrainian military intelligence.
CAROLE THERIAULT
Graham, I never knew what a military strategist you were.
GRAHAM CLULEY
Or maybe just tie a Fitbit to a dog and have it run round the clock.
CAROLE THERIAULT
Yeah, that would not be— he spent a lot of time in this hall. He spent a lot of time here.
GRAHAM CLULEY
Anyway, Ukraine say these reports have no basis.
Budanov himself says, "I don't know what they're talking about," although he has previously admitted that Ukraine has successfully targeted prominent Russian propagandists who've been killed or wounded on Russian territory.
But once again, guys and gals, if you are using Strava, be really careful. Either don't use your real name.
CAROLE THERIAULT
It's a pretty extreme case.
GRAHAM CLULEY
Well, it is.
CAROLE THERIAULT
Yeah, I know. But it sounds a bit like we're scaring the poop out of everybody that has Strava.
So I would say if you use Strava, maybe check your settings to make sure you're not broadcasting more than you want to be, right?
And know that these things change their settings with all, you know, the times you have to update your Strava.
A lot of the times they're changing settings and they may default them to something that they think is easiest for you or most likely to be wanted by most, but it might be leaking more data than you wish it were.
Is that fair?
GRAHAM CLULEY
Yes, and you certainly can also sort of slightly anonymise your start and end points on your run to hide where your home might be, things you can do like that.
But I think also be very careful about who you friend on the app. Don't automatically accept friend requests because then you might be revealing details of your life.
CAROLE THERIAULT
But do you think Stanislav and Budanov, they did that?
GRAHAM CLULEY
Well, I don't know what the security was on Stanislav's account, but I would to think that he had some measures in place. But yeah, maybe they weren't actually running buddies.
But yeah, so Strava security appears to have resulted in someone's death. Am I saying too much saying that?
CAROLE THERIAULT
I think this is a completely inappropriate story for us at Smashing Security. A little bit too serious, but thank you very much. Told very well, I hope.
GRAHAM CLULEY
Oh, thank you very much. Fingers crossed. Carole, what have you got for us this week?
CAROLE THERIAULT
Well, we are gonna talk about Martin Lewis.
I'm not talking about an irritating chap I worked with yonks ago, but the very popular journo— I think I can say, unless you've spent significant time in the UK, I doubt you would know him, but in the UK he's pretty well known.
GRAHAM CLULEY
Yeah, he's the money-saving expert guy, isn't he?
CAROLE THERIAULT
That's right, that's right.
GRAHAM CLULEY
He's often on TV and I have recently seen him. He's actually been sort of anchoring TV shows as well.
You know, he's taken the place of Piers Morgan on Good Morning Britain or whatever it's called. He sometimes does sort of general news now, such is his celebrity.
CAROLE THERIAULT
Yeah, he's quite interesting. I did a little mild research on Wikipedia on him, right?
And it says Lewis created and ran the website Money Saving Expert back in February 2003 when he launched it. And apparently he created the site for just £100.
Nine years later, sold the website to moneysupermarket.com for $87 million, but remained editor-in-chief.
The deal saw Lewis receive $35 million in cash upfront, in addition to some $20 million in shares in the moneysupermarket.com and $27 million in future payments.
But he simultaneously announced his intention to give $10 million to charity and $1 million would go to Citizens Advice.
GRAHAM CLULEY
He seems like a good guy. He seems like a champion for people who are hard up.
He often is out there having a go at the government or lobbying for things to improve and helping people get money off their energy bills. And yeah, he seems like a decent chap.
CAROLE THERIAULT
Yeah, maybe he should be on a stamp or something because, you know, he's trusted. People like him. He seems to be doing the right things. He always seems above board and trustworthy.
GRAHAM CLULEY
You're not allowed to put live people on a stamp.
CAROLE THERIAULT
Is that true? You only put dead people? Why? Because if you put a live person, they do something crappy.
GRAHAM CLULEY
The only live people allowed on stamps are the Queen or the King, you know, or it's like the Regent. Otherwise, yeah.
Because otherwise, if you put a live person on, they might do something naughty later.
CAROLE THERIAULT
Exactly. Yeah, exactly.
GRAHAM CLULEY
And you don't want to be licking the backside of—
CAROLE THERIAULT
You do give all kinds of royal awards to people that are still alive, like CBEs and all these kind of things.
GRAHAM CLULEY
That's an interesting idea. Maybe we should only do posthumous awards.
CAROLE THERIAULT
Exactly. That way, just make sure we get the whole story before we decide, here you go.
GRAHAM CLULEY
Right. Don't reward them in their lifetime for what they've done. Just say, you'll be rewarded once you're dead.
CAROLE THERIAULT
Just a little bit more here on Martin Lewis that's worth mentioning here for this story is in 2018, Lewis started legal action against Facebook for defamation over fake adverts using his face and name.
CAROLE THERIAULT
Mostly promoting things like bitcoin and investment, investing.
CAROLE THERIAULT
And he actually ended up later dropping the action after Facebook agreed to fund an anti-scam project.
GRAHAM CLULEY
That's right. I think because Martin Lewis is someone in the UK that people trust, they use him in some bitcoin scams and his image and things.
Whereas the rest of the world gets Elon Musk as someone you don't trust.
CAROLE THERIAULT
Very interesting you bring him up. Oh, okay. Yes. Right? Okay. Because this whole legal action was in 2018. That's five years ago.
And what do you know, the scammers never let up using his credibility to dupe, mostly on social media ads.
And now they're at it once again, but this time they upped their game and deepfaked a video featuring a deepfake of Martin Lewis.
GRAHAM CLULEY
They didn't do the Mission: Impossible thing of just wearing a mask and pretending to be Martin Lewis. They've actually deepfaked him.
I guess because there's lots of video and audio of him in existence.
CAROLE THERIAULT
Exactly. So go take a look, Graham. Take a look. I've just put it in the show notes.
GRAHAM CLULEY
Oh, okay. Let's have a look. Elon Musk presented his new project, in which he has already invested more than $3 billion.
Musk's new project opens up great investment opportunities for British citizens. No project has ever given such opportunities to residents of the UK. It's pretty good, isn't it?
It is actually. At first, I thought this seems a little bit stilted. It looks a little bit like he's on a Zoom call or something.
CAROLE THERIAULT
Lots of people do Zoom calls.
GRAHAM CLULEY
You can believe he's just doing this down his webcam. And it does sound like him, and it looks like him. It's the sort of way he may well speak. It's wow.
CAROLE THERIAULT
Exactly. And isn't it funny that you brought up Elon Musk?
Because this fake likeness of Lewis is encouraging people to sign up for what is claimed to be an Elon Musk-backed project, calling it legit and a great investment.
CAROLE THERIAULT
And if you were looking at this on your phone as you're scrolling through social media and you see this guy you trusted, right? And you weren't as familiar about these scams.
GRAHAM CLULEY
This is scandalous.
CAROLE THERIAULT
It's scandalous. Now, of course, this is not the first time that synthetic media has been used. That's another word for deepfakes.
Synthetic media has been used both to entertain and to bamboozle.
But it's interesting to hear from those whose identities have been nabbed by miscreants because Martin Lewis did not take this sitting down.
GRAHAM CLULEY
My face and name have been the subject of scam adverts for the last 6 or 7 years. I get countless reports every day.
Now they have video and audio technology that is absolutely replicating my face and my voice. These people are trying to pervert and destroy my reputation.
In order to steal people off, steal money off vulnerable people.
And frankly, it is disgraceful, and people are going to lose money, and people's mental health is going to be affected.
CAROLE THERIAULT
And he says, I have had friends of mine get in touch with me saying, hey, I've just put some money into that investment scheme you're advertising. Oh, come on, advertise, he says.
GRAHAM CLULEY
Come on, have they really? Friends of his, he says, have actually got the money.
CAROLE THERIAULT
I thought that too, but then I thought, you know what, he's such a nice guy, he probably has people who he's helped with in the past, right, who are in his email list, you know, all these people with different skills, perhaps not techies.
GRAHAM CLULEY
Yeah, yeah, yeah. Okay, okay, all right.
CAROLE THERIAULT
He's not alone, of course. There's even stars. Now, I'd be interested in seeing if you think this is a star being taken advantage of or not.
So months ago, ITVX put out a show called Deepfake Neighbor Wars. Have you heard of this?
GRAHAM CLULEY
I think I've seen a bit this.
CAROLE THERIAULT
Yes. Okay, good, good, good, because I didn't know about this until research. So it features the celebrities, or deepfake celebrities, as roommates. Okay.
And it spoofs the long-running New Zealand TV format Neighbours at War, and that's still going strong.
GRAHAM CLULEY
Oh, it's totally a joke. Yes.
Because it sort of puts them in sort of suburban settings and things and has them say that the main thing about that show is it's really astonishingly non-amusing.
It's like they've got all the tech, but they haven't got any jokes. But so it's clever deepfakery, but it's just, oh, this is so dull.
CAROLE THERIAULT
And right now in the UK, we have a bit of a little media storm about a BBC presenter that may or may not have gotten up to shenanigans. And there's a whole war going on.
But I shared with you a potentially deepfake image that kind of suggested who the BBC presenter might have been in a compromising position.
GRAHAM CLULEY
Oh, yes. Oh, thank you. Yes. Thank you for sending that to me, Carole, by the way. You know, not that I'd asked for it. But actually sending me that image.
CAROLE THERIAULT
What was my question? I sent it to you to say, is this, do you think this is a deepfake? Because I was asked by somebody.
CAROLE THERIAULT
So I think absolutely it was. And I sent it to you thinking, what do you think? And really, you know, neither of us are sure.
GRAHAM CLULEY
What were you expecting me to do? I couldn't take a fingerprint of it, maybe a bum print. There was a picture of a man with his trousers around his ankles.
I wasn't sure how you expected me to identify whether it was well known.
CAROLE THERIAULT
The person's face was in it as well, Graham.
GRAHAM CLULEY
Just did the beloved BBC news anchor.
CAROLE THERIAULT
But I'm just saying these things make the rounds and go to convince certain people one way or another as to what to believe. And it's pretty fricking scary.
GRAHAM CLULEY
Well, it is. This is the whole problem, isn't it, with deepfakes, is that so much fake stuff can be made.
And also when something genuinely dodgy does happen, that people will begin, I think this has already begun to happen.
I've heard reports of when politicians have been in a spot of bother in other countries and they've said, well, that must have been deepfaked.
CAROLE THERIAULT
Totally. There's even one of Boris Johnson. Yeah. And but, you know, it's even bigger than this.
Ars Technica says we all need to be careful because in large hacks, right, which maybe your details are somewhere in a third party, an insurer's or a cloud service.
And baddies get in and get away with a glut of personal information like your driver's license, social insurance, health, pension information.
CAROLE THERIAULT
This was the case when Progress Corp got hacked. The Massachusetts-based maker of business software revealed that its file transfer system had been compromised.
GRAHAM CLULEY
Right. Yeah.
CAROLE THERIAULT
And the article goes on that the California Public Employees Retirement System, the— is it Clop or C-L-O-P hackers?
GRAHAM CLULEY
Clop, yes. Clop, yes.
CAROLE THERIAULT
Yeah. Clop, yeah. Clop made off with the personal data of about almost 1 million retired members and their survivors.
The data of recently deceased Americans is particularly valuable on the underground markets because you open a credit card in a dead man's or dead woman's name, take out the loans, redirect Social Security payments, sign up for food benefits.
Who's going to ring the alarm?
GRAHAM CLULEY
Yeah, good point. Yeah, you can't be protected from the scammers even after you're dead.
CAROLE THERIAULT
No, and of course the problem is, is many state and federal agencies use information stolen in hacks to verify identities of people.
So if you've got your date of birth and photographs and names and home address and Social Security numbers—
GRAHAM CLULEY
It's horrendous, isn't it?
CAROLE THERIAULT
It is. So, you're a security boffin. You know everything. Yes, I do. Right? What would you do?
What would you do if suddenly on the social media rounds there was a deepfake Graham Cluley telling people to do incredibly stupid non-security stuff?
GRAHAM CLULEY
Well, like the things I spout on the podcast. Well, I don't know. I mean, what can you do?
I suppose you can tell people that if it's authorized and it's really from me, it will be on my real website, grahamcluley.com. You could do something like that, I suppose.
But even that obviously could be hacked one day.
CAROLE THERIAULT
Okay, well, what if you were on holiday, right?
I knew you were on holiday and I get a phone call from you, a deepfake you saying, "Oh my God, oh my God, help me, help me, I need help." Do I just laugh and say, "Hahaha, nice try"?
GRAHAM CLULEY
Normally you would, yes. Would I?
CAROLE THERIAULT
That is the thing.
GRAHAM CLULEY
No, you wouldn't. You wouldn't. You wouldn't. You'd probably ask me a deeply embarrassing personal question, which only you and I knew the answer to.
CAROLE THERIAULT
And we never talked about in the podcast. You see, that's the problem. We talk about a lot of things in the podcast.
GRAHAM CLULEY
There's a couple of things we never have though, Carole.
CAROLE THERIAULT
That's true.
GRAHAM CLULEY
A couple of things which we reserve for those situations. There's not much we haven't discussed. By just a couple of little things.
Feeling like you have too many alerts, overwhelmed by vulnerabilities, and at the end of the day not deploying apps as quickly as you'd like?
Well, Sysdig delivers the industry's only complete consolidated cloud-native application protection platform, CNAPP, powered by Runtime Insights.
To prioritize critical risks and stay ahead of unknown threats.
With Runtime Insights, you can level up your cloud visibility, shift left the right way and start scanning for vulnerabilities earlier, shield right to protect your production environment, and keep dev teams innovating securely at cloud speed.
Now is the time to transform your cloud security. So visit sysdig.com/cloudsecurity sysdig.com/smashing to learn more. That's sysdig.com/smashing.
CAROLE THERIAULT
If you work in security or IT and your company has Okta, this message is for you.
For the past few years, the majority of data breaches and hacks you read about have something in common. It's employees.
Hackers absolutely love exploiting vulnerable employee devices and credentials. But imagine a world where only secure devices can access your cloud apps.
Here, credentials are useless to hackers, and you can manage every OS, even Linux, from a single dashboard.
Best of all, you can get employees to fix their own device security issues without creating more work for IT. The good news is you don't have to imagine this world.
You can just start using Kolide. Kolide is a device trust solution for companies with Okta.
And it makes sure that if a device is not trusted or secure, it can't log into your cloud apps. Visit kolide.com/smashing to watch a demo and see how it works.
That's k-o-l-i-d-e.com/smashing.
GRAHAM CLULEY
Any company can say they're trustworthy, but with this week's sponsor, Drata, you can prove it.
With over 14 frameworks including SOC 2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business.
Automated controls, over 75 integrations, and 24-hour monitoring keeps your company in compliance without manual work.
And with a new open API and plenty of customization, you can build your program your way. With over 360 5-star reviews, Drata is the highest-rated cloud compliance platform on G2.
Countless security professionals from companies like Notion, Lemonade, and BambooHR have shared how crucial it's been to have Drata as their trusted compliance partner.
So listeners of Smashing Security, you can get 10% off Drata and waived implementation fees at smashingsecurity.com/drata. That's smashingsecurity.com/drata. And welcome back.
Can you join us at our favorite part of the show? The part of the show that we like to call Pick of the Week.
CAROLE THERIAULT
Pick of the Week. Pick of the Week.
GRAHAM CLULEY
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website. Or an app, whatever they wish.
It doesn't have to be security-related necessarily.
CAROLE THERIAULT
Better not be.
GRAHAM CLULEY
Well, my pick of the week this week is not security-related. I watched the other night a program on BBC iPlayer. Now, Carole, it is a documentary. You know I love documentaries.
CAROLE THERIAULT
I'm just— yeah, I know. You just mix it up a bit. Mix it up. Mix it up.
GRAHAM CLULEY
Hey, you quite often—
CAROLE THERIAULT
Okay, I'm doing a podcast as well, so you're fine.
GRAHAM CLULEY
Oh, you— right. Okay. So there you go then. So, this is a documentary called My Old School. And My Old School tells the tale of the curious case of Brandon Lee.
Have you heard of Brandon Lee?
CAROLE THERIAULT
Yes, but remind me.
GRAHAM CLULEY
Well, the famous Brandon Lee is the son of Bruce Lee, who died on the set of The Crow. I think he got shot or something, didn't he?
CAROLE THERIAULT
'Kah kah, fuck, you're dead.' That was a line. That was a line from the movie.
GRAHAM CLULEY
What? Really?
CAROLE THERIAULT
I wrote a newspaper article on it in college. Yeah.
GRAHAM CLULEY
All right. I've never seen it. Is it a good movie? The Crow?
CAROLE THERIAULT
Yes, it is. I slated it at the time.
GRAHAM CLULEY
Right. This has nothing to do with that Brandon Lee. This is a different Brandon Lee.
And in 1993, so 30 years ago, a boy named Brandon Lee enrolled at the Beardsden Academy Secondary School in Glasgow.
And over time, it was revealed that Brandon Lee was not who he seemed. So this 16, 15-year-old, 16-year-old boy joined the school.
And in fact, the truth is he was actually a 30-year-old man who joined the school. No, no, it gets more bonkers than that.
CAROLE THERIAULT
Shut up! He was 30 pretending to be 16?
GRAHAM CLULEY
Correct.
But you know what's particularly extraordinary is that he had actually been a student at the same school years before, and he ended up having some of the same teachers teaching him who didn't—
CAROLE THERIAULT
And then no one noticed.
GRAHAM CLULEY
No one noticed. Now, some people said, you know, oh, he did look a bit older than the rest of us, and they thought it was just premature aging or something.
Once almost rumbled because he told a friend he remembered the day Elvis Presley had died, which was supposed to be in the year he was actually born.
CAROLE THERIAULT
Yeah, so he wouldn't have remembered that anyway. In 1977.
GRAHAM CLULEY
No, no, exactly at that age. But also sometimes people wondered about him. And he posed as a Canadian. He claimed to be Canadian.
CAROLE THERIAULT
And of course he did.
GRAHAM CLULEY
The Scottish students said, "Well, maybe Canadian students mature more quickly than British students." And that way he seems more grown up and knows an awful lot more.
CAROLE THERIAULT
It's all that fresh air and trees and clean lakes.
GRAHAM CLULEY
But he wasn't Canadian at all. He completely fooled them. He went on to college because he passed his exams.
CAROLE THERIAULT
His high school exams.
GRAHAM CLULEY
Yeah, that's right. And he went on to go and study medicine. And the whole reason was that he had previously wanted to become a doctor, but he'd goofed up on his first time around.
And then he was too old to do the medical training. So what he decided to do was pretend to be a kid again and go through the process again. So it is an extraordinary documentary.
This chap, Brandon Lee, his real name was Brian MacKinnon. He doesn't appear in the documentary, but a lot of his fellow students at the time did, and they talk about it.
There's some cartoon imagery and things. But what they do is they have an audio interview with this guy, and they have Alan Cumming. You know the Scottish actor Alan Cumming?
He's a bit camp.
CAROLE THERIAULT
Yeah, yeah, yeah.
GRAHAM CLULEY
Anyway, he is miming to Brandon Lee/Brian MacKinnon's words, so he plays the part. But other than that, it's just a regular kind of documentary.
CAROLE THERIAULT
Do you see pictures of him at 30?
GRAHAM CLULEY
Well, yes, you do, because he was actually even caught on video because they actually recruited him to play the lead in South Pacific in the musical.
So they have video of him singing, and also rather creepily, he kisses one of his fellow schoolgirls as part of the play.
GRAHAM CLULEY
Yeah. Yeah. And she feels a bit ooh about that now as well.
CAROLE THERIAULT
I bet she does.
GRAHAM CLULEY
Anyway, My Old School, interesting documentary about an extraordinary story, which is why it is my pick of the week.
CAROLE THERIAULT
Okay, I'll give you that one. Sounds good.
GRAHAM CLULEY
Carole, what's your pick of the week this week?
CAROLE THERIAULT
I was going to do an audio podcast, a fiction one, but since it's just the two of us, I've changed it up and grabbed something from my bag of tricks that I thought you would enjoy.
So, Graham, my pick of the week this week is a podcast, not an audio drama, but a satirical news show called Non-Censored with Rosie Holt. Have you heard of it?
GRAHAM CLULEY
I've been listening to it for months. No!
CAROLE THERIAULT
Oh, brilliant. Well, I didn't know that. And isn't that lovely? So, for our listeners, Rosie Holt is an emerging UK comedian.
She kind of rose to fame on YouTube during lockdown by playing a right-wing activist and conservative reacting to lockdown parliamentary shenanigans while people were locked in their houses and not being able to go to work or to funerals or to hospitals.
And she says she got angry during this whole fiasco with Parliament having parties. And she says when she gets angry, she likes to laugh at things that make her angry.
So she used existing footage with responses from actual parliamentarians from, you know, Good Morning Britain or all these kind of shows.
But she spliced herself in as the interviewer. And you guys can see these on YouTube, link in the show notes.
GRAHAM CLULEY
That's how I first came to know her, is I saw her on Twitter and Instagram with these little videos, which were quite funny.
But then, of course, I found out about the Non-Censored podcast, which I really enjoy.
CAROLE THERIAULT
Yes. So this podcast, Non-Censored with Rosie Holt, okay, she plays a right-wing conservative MP called Hillary Langley Swindon, which I love that she used the name Swindon.
So perfect. And she's ably assisted by her long-suffering producer, Martin, and provocative comedian, Ahsan Akbar.
And it's a topical podcast battling what Hillary, the protagonist here, calls the Wokies. It's scathing. It's hilarious.
And she does not shy away from the most outrageous situations and questions and jokes. It's cringy, man.
I've had to rip the headphones off my head occasionally because I'm just like, "Oh my God, I can't, I can't, I can't."
GRAHAM CLULEY
Yeah, I like it a lot. It's very fun.
CAROLE THERIAULT
So listeners, this is Non-Censored with Rosie Holt. It's a podcast. Find it wherever you get your podcasts. But warning, this is satire. Don't get your knickers all in a twist.
She's just being funny and being quite bravely funny. And that's my pick of the week.
GRAHAM CLULEY
Good one. And that just about wraps up the show for this week. You can follow us on Twitter @SmashInSecurity, no G, Twitter and Mastodon have G. And we also have a Mastodon account.
And you can look us up on the Smashing Security subreddit. Don't forget to make sure you never miss another episode.
Follow Smashing Security in your favorite podcast apps, such as Overcast, Apple Podcasts, and Spotify.
CAROLE THERIAULT
And massive shout out to this episode's sponsors, Drata, Kolide, and Sysdig. And of course, to our wonderful Patreon community. It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest lists, and the entire back catalog, of more than 329 episodes, check out smashingsecurity.com. 329. 329. Oh my God.
What have I been doing with my life?
GRAHAM CLULEY
Until next time, cheerio, bye-bye.
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.