This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

---

GRAHAM CLULEY. It is claimed that he hasn't been able to hand over his WhatsApp messages because he can't remember the PIN code on his phone.

---

CAROLE THERIAULT. Perfect. How long did it take he and his lawyers to come up with that one? He just gives it to one of his lawyers and says, change my PIN code, change it now. I don't know what it is. They could put me in a lie detector test. Let's go.

---

UNKNOWN. Smashing Security, episode 331: Boris Johnson's WhatsApps. And sextorting party girls with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 331. My name's Graham Cluley.

---

CAROLE THERIAULT. And I'm Carole Theriault.

---

GRAHAM CLULEY. Carole, here we are yet again. This time I'm at a mystery location.

---

CAROLE THERIAULT. Yes, you got your feet up and having a holiday, but Smashing Security keeps going every week.

---

GRAHAM CLULEY. Going, I'm somewhere, somewhere in Southern Europe. In the middle of a heat storm. I've never heard of heat storms before, but this is a heat storm that I am in. And it, yeah, it's a bit clammy. It's a bit hot.

---

CAROLE THERIAULT. Boo-hoo-hoo. You're on holiday in a hot Southern European— Should we just get the show on the road so you can go back to your virgin margaritas?

---

GRAHAM CLULEY. Go on then. Go ahead.

---

CAROLE THERIAULT. Okay. Before we kick off, let's thank this week's wonderful sponsors, Collide and Drata. It's their support that helps us give you this show for free.

Now, coming up in today's show, Graham, what do you got?

---

GRAHAM CLULEY. I'm going to be talking telephones.

---

CAROLE THERIAULT. Telephones. And I'm going to see how a seemingly lucky happenstance turns into an utter nightmare. All this and much more coming up on this episode of Smashing Security.

---

GRAHAM CLULEY. Now, chums, in the United Kingdom, where I'm not speaking to you from—

---

CAROLE THERIAULT. Chum chum.

---

GRAHAM CLULEY. Oh, okay. Chum chum. Excuse me. In the United Kingdom right now, there is an independent public inquiry going on into how this wonderful country responded to the COVID-19 pandemic and any lessons that we maybe could learn for the future from that.

---

CAROLE THERIAULT. We were amazing. We suffered lockdown with a brave British face. No one complained.

---

GRAHAM CLULEY. No, no, there was no trouble at all.

---

CAROLE THERIAULT. No one broke the rules.

---

GRAHAM CLULEY. No one broke the rules at all. Apart from the people in power. Yes, apart from the Prime Minister and some others.

---

CAROLE THERIAULT. They just had a little party. Come on, they need to let their hair down.

---

GRAHAM CLULEY. Anyway, this inquiry, which was first announced by the then Prime Minister Boris Johnson in May 2021, if listeners have heard of him, it's now reached the public hearing stage. So they're now taking evidence in public from, well, politicians and experts, public figures. Some of these sessions have been televised and it's making for lots of newspaper headlines.

And, you know, basically we're trying to answer questions about what happened, when and why, and how we might be able to learn more in the future. But behind the scenes, there's been a bit of a hoo-ha, largely because of the inquiry's attempts to gather information from the government about how it made its decisions and how it was communicating internally.

Specifically, I think they're really interested in decisions about the 3 national lockdowns which we had in the United Kingdom and how those decisions were made and various other things as well. And the inquiry wants information, the communications which have been obviously going on inside the government between government officials.

---

CAROLE THERIAULT. And give me your emails.

---

GRAHAM CLULEY. Well, yeah, not just emails actually, also you know, could be instant messages, could be WhatsApps, for instance, which are being communicated. Because surprisingly, a lot of MPs, a lot of government officials use WhatsApp. Hopefully they're not using TikTok so much. They seem to be very against TikTok, but they seem comfortable using WhatsApp to communicate.

And some of the information which they're trying to get hold of, it belongs to the former Prime Minister himself, Boris Johnson. They're after his unredacted notebooks, diaries and WhatsApp messages from his time in Downing Street.

---

CAROLE THERIAULT. That's so weird. You know, I worked for a CEO once who wrote everything down, didn't use computers, even though we worked in a technology firm. And I was teasing him one day and I said, show me one of those books, show me one of those books. He goes, grab any one you want. And I opened it up and I couldn't read anything. It was gibberish because he had his own code.

---

GRAHAM CLULEY. What?

---

CAROLE THERIAULT. Wasn't shorthand. He had his own code.

---

GRAHAM CLULEY. He was writing things down in real time in his own code?

---

CAROLE THERIAULT. In his own kind of weird Morse code, whatever, gibberish, Pig Latin, whatever combination of weird stuff he knew how to do that I, at a quick glance, couldn't suss, right? But the idea was to keep it super, super locked down. So I wonder if Boris Johnson did that in his little book.

---

GRAHAM CLULEY. You may be crediting him with too much. I wonder, he probably was doing doodles rather than actually making notes, I suspect. Sort of adolescent drawings instead.

---

CAROLE THERIAULT. That's what I do. Well, anyway, I suppose I'm not Prime Minister though, so yeah.

---

GRAHAM CLULEY. I'm a big doodler, and heavens, if I were ever Prime Minister, what a disaster I'd make of the job, to be honest.

---

CAROLE THERIAULT. I'd export myself.

---

GRAHAM CLULEY. Right. Anyway, so there have been concerns about whether this information should be handed over to the inquiry, because obviously there's private communications which may happen which may be embarrassing to the figures concerned.

---

CAROLE THERIAULT. No, I'm sure there isn't. Come on.

---

GRAHAM CLULEY. Can you imagine? I mean, Boris Johnson's WhatsApps, which he may have been sending to all manner of different people, which he wouldn't necessarily want public. I think the thing is that even if they were handed unredacted over to the inquiry, it doesn't mean necessarily that they will then be made public. I would imagine things would then be redacted before they were made public if they weren't relevant, or if they felt that they didn't add anything to the inquiry.

---

CAROLE THERIAULT. I'm guessing they would just have the WhatsApp group, not all of his WhatsApp chats around, you know, with everybody. It's not like they want to know what he and his 13 wives or whatever, how many ex-wives and children he has, but—

---

GRAHAM CLULEY. And mistresses. Yes, I mean, I think it's not just the WhatsApp groups they're interested in. There would be one-on-one communications because sometimes he might want to— I remember there was the leaking of WhatsApp communications between Boris Johnson and James Dyson, the entrepreneur who makes those hoovers and was claiming he could— I don't know this.

Oh yes, he was claiming he could make ventilators to help with COVID and they sort of came out into the press. And again, you know, sort of questions as to were these really authorised channels?

And I think it's very important for politicians if they're communicating to avoid the image of maybe being underhand, it's important all these things get documented so there's transparency, so you avoid any possible interpretation of wrongdoing which might be happening. But of course, if you're using an unofficial communication system such as WhatsApp rather than government-supplied email addresses, for instance, there could be all manner of things going on.

Anyway, anyway, anyway. So thereafter, Boris Johnson's notebooks, his diaries, and his WhatsApp messages— his WhatsApp messages which I'm interested in— and the government itself— so this is the current government— they took the issue to court and they tried to block the inquiry from gathering these WhatsApp messages from Boris Johnson.

Now, my guess is they were actually worried about the precedent which would be set, because if they had to give the communications from a former prime minister, in the future the current prime minister may have to share his private WhatsApp messages as well. And they've—

---

CAROLE THERIAULT. How does your mind, man. That would never occur to me.

---

GRAHAM CLULEY. Well, that's probably why you're not Prime Minister, Carole.

---

CAROLE THERIAULT. Right.

---

GRAHAM CLULEY. So recently, the High Court actually compelled them. They ordered them to comply, and they gave them a deadline of earlier this month to cough up all the data.

And the UK government's been kicking up a stink about this. Then Boris Johnson said, well, I'm happy sharing all of my information.

Because I think Boris Johnson, and again, maybe you'll think I'm being too political about this, I think Boris Johnson was thinking, if I hand over all of my information, that's going to derail the current Prime Minister. It's not that Johnson can do any worse damage to his image, but he could maybe scupper that of Rishi Sunak by saying, well, I'm going to hand over my information.

---

CAROLE THERIAULT. Why would he want to do that?

---

GRAHAM CLULEY. Because he hates Rishi Sunak. Because he blames Rishi Sunak and some others for his downfall. That's why.

---

CAROLE THERIAULT. You have to remember some of our listeners don't live in the UK.

---

GRAHAM CLULEY. That's true. That's true. That's true.

---

CAROLE THERIAULT. Don't know all these things.

---

GRAHAM CLULEY. So anyway, this is my theory anyway. So, despite Johnson's promises of handing over the WhatsApp messages, he still didn't share his WhatsApp messages.

And why was that, you're wondering, Carole?

---

CAROLE THERIAULT. Probably because he's completely inappropriate about 5 out of 6 times.

---

GRAHAM CLULEY. Probably.

---

CAROLE THERIAULT. Probably reads more entertainingly than the Private Eye little vignettes that they do. Yeah.

---

GRAHAM CLULEY. Oh, can you imagine? Because of course, Matt Hancock, who was the Health Secretary who ended up losing his job because he broke COVID rules by having an extramarital entanglement.

---

CAROLE THERIAULT. Outrageous. Yeah.

---

GRAHAM CLULEY. His biographer, the person who was writing his COVID diaries, he gave this person all of his WhatsApp messages and she then leaks them to the papers. You know, it's the woman he'd written this book with, which has done lots of damage to his reputation as well.

Anyway, yes, lots of reasons why Johnson may not want his messages leaking out. For instance, how many times has he posted a happy birthday from dad message to one of his children?

That'd be very useful to know how many of those messages there were a year, because then you'd know how many kids he had. But so there's all sorts of reasons.

The reason it is claimed that he hasn't been able to hand over his WhatsApp messages is because he can't remember the PIN code on his phone.

---

CAROLE THERIAULT. Perfect. Perfect.

How long did it take he and his lawyers to come up with that one? He just gives it to one of his lawyers and says, change my PIN code.

Change it now. Change it to something else. I don't know what it is.

They could put me in a lie detector test. Let's go. I'm ready.

---

GRAHAM CLULEY. What a buffoon. So, the central thing, central device in this case is Johnson's smartphone, or rather his old smartphone, because in May 2021, he changed his smartphone after it was discovered that he, Boris Johnson, at the time the Prime Minister, he had left his phone number, his personal mobile phone number in the public domain on the end of a press release he issued 15 years earlier.

For 15 years, his phone number was available to read on the web. And this was discovered by Pop Bitch, which is a salacious email newsletter which I subscribe to for my celebrity gossip.

They found it. So he'd posted this when he was MP for Henley.

Anyone could call him up. Anyone could add Boris Johnson, the Prime Minister, to a WhatsApp group.

Anyone could send him a WhatsApp message, which leads to all kinds of potential problems. Not only allegations of corruption and so forth, and why have you been speaking to so-and-so, and all those sort of situations which clearly have bedeviled him over the years.

But also, what about state-sponsored hacking, where we know groups for instance, the Saudi regime have sent messages to people's smartphones, to other leading people's smartphones, in order to infect them and to spy upon them. And bloody Boris Johnson's mobile number— I can't believe that the intelligence services didn't insist he changed his mobile number when he became Foreign Secretary or Prime Minister.

---

CAROLE THERIAULT. It is surprising, that, isn't it? But I guess you're, look, I know a lot of people.

I'm in a lot of people's contact lists.

---

GRAHAM CLULEY. Well, of course. I mean, but again, Carole, you're not Prime Minister, right?

You're not Foreign Secretary. And maybe the intelligence services should do something about this because you know, it's astonishing intelligence services didn't insist on that.

---

CAROLE THERIAULT. Can you imagine if you're, you know, in the intelligence services and he's your prime minister and you have to try and wrangle him in? Think about it.

Come on.

---

GRAHAM CLULEY. Oh, it would have been difficult, without a doubt. Yeah.

I mean, it's getting your CEO to change his behavior.

---

CAROLE THERIAULT. I think they probably tried. I'm just going to give them the benefit of the doubt here.

---

GRAHAM CLULEY. And he refused.

---

CAROLE THERIAULT. And he just acted a fucking buffoon. Probably didn't remember his— oh, I don't know where I live.

---

GRAHAM CLULEY. I think the one thing we can be certain of is he hopefully does know where he lives if he's Prime Minister. If not, then we've really got trouble, right?

That address is one even I know, so it should be something that's—

---

CAROLE THERIAULT. You could ask anyone in the street. Exactly.

---

GRAHAM CLULEY. The UK's intelligence agency should have had a real problem there. Other countries' intelligence agencies were probably absolutely fine with it. They loved it that they had this number.

I'm not saying that there weren't ways for them to find it out otherwise, but it seems bizarre to keep the same phone number for that length of time. So at the time when Popbitch revealed his phone number, May 2021, Johnson reportedly turned off his phone, switched numbers, got a new phone.

It became a security issue, even though the government at the time said, oh, it's not that much of a problem. He now says he doesn't remember the number, the PIN code, with, quote, 100% confidence.

And so because he's not able to say confidently, this is the PIN code on my phone, as if it's not the one he uses on his current phone as well— I'm sure he uses the same PIN code— because he doesn't have that confidence, the authorities have been nervous of unlocking his phone in case the entire phone gets wiped if they make the mistake too long. Or imagine if they said to Boris, right, Boris, could you just unlock your phone?

And there he is deliberately putting in the wrong number. In order to delete the data.

---

CAROLE THERIAULT. You see, yeah, okay. I don't have a problem with deleting data. I would just be like, okay, bye WhatsApp, later.

---

GRAHAM CLULEY. Well, yeah, but this is pertinent communications by—

---

CAROLE THERIAULT. Yeah, but he's not Prime Minister anymore.

---

GRAHAM CLULEY. No, not anymore, but these are communications from when he was Prime Minister.

---

CAROLE THERIAULT. He shouldn't have access to them, should he?

---

GRAHAM CLULEY. Oh, that's an interesting point. They should have had a— I mean, what, did they not have a backup of this phone as well?

I mean, was WhatsApp not doing a backup? I don't know, all kinds of questions.

Anyway, COVID-bereaved campaigners, they describe this as a complete joke. They've been saying, look, surely security officials can break into this bloody phone.

Surely there's a backup. Surely there's some way of finding out the PIN.

And now it's claimed a source close to the government says the government has found, quote, its own version of the PIN. They're now saying they can unlock this phone.

I don't know what their own version of this PIN, of the PIN, means. I mean, surely it is the PIN or it isn't the PIN.

But they're saying now they have got a version of the PIN. Which means they are able to open the messages.

---

CAROLE THERIAULT. A version?

---

GRAHAM CLULEY. Yes. I don't understand it either, Carole.

---

CAROLE THERIAULT. It's a master key. That sounds like a master key, doesn't it?

---

GRAHAM CLULEY. It does sound like MI5, maybe.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. Have found some other way of getting in. I'm not sure.

But anyway, they say that they can get in. So it does appear as though maybe the messages could be handed over to the inquiry.

Now, curiously, the other little sort of addendum to this whole story is that Times is saying, but actually the device was last accessed in December 2021. Do you remember when Boris Johnson and his wife Carrie, they were in trouble about the funding of the refurbishment of their flat?

They'd got some extremely expensive wallpaper.

---

CAROLE THERIAULT. Yes. Yeah, or curtains or something. Yes.

---

GRAHAM CLULEY. And so there was an investigation into that. And so at the time, Johnson had said, well, you know, go and check my WhatsApp messages as to what I asked for and what the quality of wallpaper was.

So apparently it was accessed then. So whether he temporarily remembered the PIN code with 100% confidence or not is unclear or not.

So a little bit of a niggle.

---

CAROLE THERIAULT. Or he hadn't changed his PIN code, just like he hadn't changed his phone number.

---

GRAHAM CLULEY. I mean, seriously, it's going to be 1, 2, 3, 4 or something, isn't it? It's not going to be a complicated one.

---

CAROLE THERIAULT. Oh no, it's going to be 69. 69, of course.

---

GRAHAM CLULEY. Oh God. Carole, what's your story for us this week?

---

CAROLE THERIAULT. Well, you know that we're old, right?

---

GRAHAM CLULEY. Speak for yourself.

---

CAROLE THERIAULT. And I'm going to tell you how I know we are old. Because when I see young women walking around with spray tans and lip fillers and enough slap that you could ice a cake with, I kind of shudder, right?

For me, it's just too much. It freaks me out. But maybe that's the point, because it's not supposed to be appealing to me because I'm of a completely different generation. Do you know what I mean? Do you know the look I mean?

---

GRAHAM CLULEY. Well, it's a fashion thing, isn't it? I mean, back in the 1700s, men wore lots of slap and a great big curly wig.

---

CAROLE THERIAULT. Sure, sure. But I'm still alive. I'm still alive, right? I'm still here, right?

---

GRAHAM CLULEY. Yes, just about, girl, just about.

---

CAROLE THERIAULT. So look, I've put a picture in the show notes of the kind of look.

---

GRAHAM CLULEY. Yes, yes, ah, yes, it's a bit Kardashian or a Katie Price-Jordan thing, isn't it? Yeah, big lips and a lot of makeup. And yeah, okay, I get you. Yeah, well, you know, if they like it, if they like it, I say go ahead.

---

CAROLE THERIAULT. Sure, totally do your thing. I'm just saying it's not for me. And this is how the Times reported that two beautiful young and, you know, Aberdeen hip to present themselves when they go out in the town.

---

GRAHAM CLULEY. And Aberdeen hip?

---

CAROLE THERIAULT. Yeah, because they're from Aberdeen, right?

---

GRAHAM CLULEY. So they're, you know, oh, okay, okay. Yeah, right.

---

CAROLE THERIAULT. These girls lavish it up something fierce. So they have expensive handbags. They hold parties at Aberdeen's swankiest hotel in the massive suite, footing the bar tab and even recreational drugs.

Okay, this is Miss Lynch and Miss Rattray. They were indeed rocking a high roller lifestyle, okay, by anyone's account. But the thing is, as far as I know, these two young women didn't have high-powered jobs or come from dizzying amounts of money.

So they're 20-something, funding all the lipstick and the handbags and the glitz that you could dream of, which I know can be—

---

GRAHAM CLULEY. It can be very expensive. It can be. Yeah.

---

CAROLE THERIAULT. Yes. So how are they doing that? Let me put you out of your misery. Of course it's a scam, because this is Smashing Security and we love to unthread a scam, right?

So this is how it rolled, okay? They would hunt targets on the socials and find men that met their, you know, quote requirements. One of their targets, for example, was a serving soldier, said the Times.

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. And it might start off with one of the targets saying online that it's my birthday today. And then one of these two women would reach out saying happy birthday. And then, you know, it would just go from there.

And if things got a little fun and steamy, these girls might even send this guy some explicit pics.

---

GRAHAM CLULEY. Ooh, okay.

---

CAROLE THERIAULT. And that's not illegal, right? I mean, there's nothing wrong with one consenting adult sending another consenting adult a nudie pic, right?

---

GRAHAM CLULEY. Yeah. If they're both adults, I suppose. I suppose that's—

---

CAROLE THERIAULT. Yeah, right. And they decide to do that and who cares? Oh, I forgot to say that one of their tactics is that they then would tell the target, oh, by the way, I'm 15 years of age.

Oh, I'm unclear at this moment, right, whether they introduce themselves, say they're 15, and then say, hey, do you want to see some pics of me?

---

GRAHAM CLULEY. Right.

---

CAROLE THERIAULT. Or if they're having a chat with someone and offer to say pics, and the guy says, "Yeah, yeah, I'd love to see them," and after they ooh and ahh, they say, "Oh, by the way, I'm 15."

---

GRAHAM CLULEY. Yeah, so my guess would be that they hold back the 15 thing until there's been an exchange of photos, because then that would be extra leverage.

---

CAROLE THERIAULT. Exactly.

---

GRAHAM CLULEY. To scam someone, to say, "Unless you do this I'm going to report you," or "You're being the shit, mate."

---

CAROLE THERIAULT. Totally, totally, I guess. So anyway, the game plan was then to threaten to expose the target as a pedo or a cheater or whatever unless they coughed up some dosh, right? And remember that these guys hadn't viewed pictures of underage girls at all, right? Because these women are in their 20s, right?

But they certainly might have thought they had. So that picture I showed you earlier, these are our two women that are involved in this scam. I seem to have a picture here of one of the images they would send. Don't worry, listeners, this is not a dirty one. This is one of the more innocent ones, but you can see how they have made themselves look a lot younger than they do when they go out on the town. So they really try and youthify their pics.

---

GRAHAM CLULEY. Yeah. So it's a younger looking— I mean, the photograph you're showing me now, it could be of a 15-year-old girl, I suppose.

---

CAROLE THERIAULT. Yeah, yeah. But you know, the day when they go out, they certainly don't look like that. I'm just saying, there's a very big difference in the makeup happening here.

Yes, it ages them. Yes, I think you're right, because I'm guessing when the two girls came up with the scam, they decided that it would be unlikely to be reported or found out because the targets would be petrified at the repercussions. Yeah, it's all very Ashley Madison, isn't it? It's using shame as a driver to steal money.

---

GRAHAM CLULEY. Well, yeah. People don't want to get into trouble and people also don't want to be embarrassed. Don't want to be put in an awkward position with their employer or with their family. It's— yeah.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. Or the police.

---

CAROLE THERIAULT. Yeah, quite. And this was the fun, fun game that these two women played, netting them more than £120,000. And scaring the bejesus out of their targets. So different targets. £120,000?

---

GRAHAM CLULEY. Yep. Oh my goodness.

---

CAROLE THERIAULT. I think one of the girls had 8 charges against her and the other one had 5. So that's 13 targets, probably £120,000, so £10,000 a pop.

---

GRAHAM CLULEY. Wow. I mean, that's a huge amount.

---

CAROLE THERIAULT. That's my math here, but yeah, I agree. So, you know that there was a serving soldier I mentioned earlier, one of the targets, right? The Times reports that one of the women texted him saying that "The shit I've got can ruin your life. You're a pedo, mate. I will fuck you over." She told them that his army superiors would be informed if he didn't pay up. This is all according to The Times.

She also threatened to tell his family that he had been viewing pictures of underage girls. So he paid up, as many others did, to the tune of a few hundred K. According to the sheriff, in one of the instances, the impact was quote "catastrophic on the victim."

---

GRAHAM CLULEY. Oh my God.

---

CAROLE THERIAULT. Of course it was. This is such an insidious scam. But the clincher is this: there's apparently no money left. They didn't bank it. They spent it running up bar tabs or handbags.

Handbags, recreational drugs. One of the women was found to have £5K worth of cocaine in her flat when the cops did their thing.

---

GRAHAM CLULEY. I suppose he didn't have to dust the place then.

---

CAROLE THERIAULT. And loads of lipsticks. And here's my problem, right? These are two attractive-looking young women, right? They have no problem sending nudie pictures of themselves to people. So why don't they rock an OnlyFans account? But that's not illegal.

---

GRAHAM CLULEY. You know what, Carole? That's a very good point. They could have done, couldn't they? They could have legally sold pictures of themselves, admitted their own, their genuine adult age, and probably continued to make money.

But now, I mean, what's going to happen to them? Are they going to end up in jail, these people?

---

CAROLE THERIAULT. No, they haven't ended up in jail. They have a few hundred hours of community service. Yep.

---

GRAHAM CLULEY. Why aren't they in jail? They stole £120,000.

---

CAROLE THERIAULT. Yep. A few.

---

GRAHAM CLULEY. That's just— so are those people who lost the money, are they gonna—

---

CAROLE THERIAULT. Well, I don't know. I— okay, yeah, it's a big area, jail, right? Whether people actually incarcerated, reform. Okay, you know, it's better that they have to sweep up cigarette butts off the street. I suppose that doesn't exist anymore. I have to pick up what— water bottles.

---

GRAHAM CLULEY. Feels like they knew what they were doing, though. I don't like it. I'm not happy, right? I'm not a happy camper.

---

CAROLE THERIAULT. Well, yeah, don't accept, you know, sex pictures. Don't ask for them, I think is the answer.

---

GRAHAM CLULEY. No, well, I don't want to see pictures of anybody. Jeez.

---

CAROLE THERIAULT. If you work in security or IT and your company has Okta, this message is for you. For the past few years, the majority of data breaches and hacks you read about have something in common. It's employees. Hackers absolutely love exploiting hiding vulnerable employee devices and credentials.

But imagine a world where only secure devices can access your cloud apps. Here, credentials are useless to hackers, and you can manage every OS—even Linux—from a single dashboard. Best of all, you can get employees to fix their own device security issues without creating more work for IT.

The good news is you don't have to imagine this world. You can just start using Kolide. Kolide is a device trust solution for companies with Okta, and it makes sure that if a device is not trusted or secure, it can't log into your cloud apps.

Visit kolide.com/smashing to watch a demo and see how it works. That's k-o-l-i-d-e.com/smashing.

---

GRAHAM CLULEY. Any company can say they're trustworthy, but with this week's sponsor, Drata, you can prove it. With over 14 frameworks including SOC 2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business.

Automated controls, over 75 integrations, and 24-hour monitoring keeps your company in compliance without manual work. And with a new open API and plenty of customization, you can build your program your way.

With over 360 5-star reviews, Drata is the highest-rated cloud compliance platform on G2. Countless security professionals from companies like Notion, Lemonade, and Bamboo HR have shared how crucial it's been to have Drata as their trusted compliance partner.

So listeners of Smashing Security, you can get 10% off Drata and waived implementation fees at smashingsecurity.com/drata. That's smashingsecurity.com/drata.

And welcome back, and you join us for our favorite part of the show, the part of the show that we like to call Pick of the Week.

---

CAROLE THERIAULT. Pick of the Week.

---

GRAHAM CLULEY. Pick of the Week. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security related necessarily.

Better not be. Well, my pick of the week this week is not security related. My pick of the week this week is music related. Or is it? Oh, okay. Interesting.

Because, Carole, I am going to direct you to some videos made by a chap called Mario. Now I'm going to pronounce his surname incorrectly, and I apologize for that. Mario Vinerov. Weinerreiver. Mario Weinerreiver.

Yeah, listeners, find the link in the show notes. Yeah, that'd probably be easiest. He has got a little channel where he has made a series of musicless music videos.

What? Presses mute? So no, no, no. He takes a music video, for instance, the classic Hello By Lionel Richie.

Oh, a favourite. Yeah. Absolutely. And what he does is he gets rid of the soundtrack and he adds his own sound effects as though it were the music video, but without any singing and without any music.

So there'll be the walking around or the creaking open of a door. Cute. Or a conversation or something like that.

So I find them quite amusing and spectacularly awkward. So there is, for instance, a live performance from 1964 on some TV show by the Rolling Stones where Mick Jagger is jumping around and going, woo, woo.

You know, you hear the occasional strum of, and the audience just watching in silence as they jiggle around trying to appear cool. And without the music, they just look like a bunch of twats.

Yeah. Which of course the Rolling Stones are. Hey! So, well, no, but you know, obviously, you know, really. Party boys. All right. Okay.

Anyway, so, Carole, check one out, see what you think.

---

CAROLE THERIAULT. I will. I will. I think it sounds fun. It's really good for a podcast too to be talking about this because— Well.

Okay, Lionel Richie. I'm watching it now. I'm watching it now. Oh, God. So the only word he says is hello, and everything else—

---

GRAHAM CLULEY. So you get all these sort of foley sound effects. This is good, Graham.

---

CAROLE THERIAULT. This is great. Listeners, run, run to your computers now.

---

GRAHAM CLULEY. Musicless Music Videos by Mario Weinreuther is my pick of the week.

---

CAROLE THERIAULT. Carole, what's your pick of the week? So my pick of the week was gonna be a TV show because I was chopping up a bunch of veggies yesterday.

Okay. And I wanted something mindless to focus on. So I put on "Traitors," the Australian version, right?

I don't even know if that's what it's actually called because I couldn't watch it because the host made me feel literally unwell. Like I literally could not stand his manner so much that I couldn't even use it as background TV.

---

GRAHAM CLULEY. Traitors is like the TV version of the parlour game Mafia, isn't it, basically? Yeah. Right.

---

CAROLE THERIAULT. Yeah. And there's a US version, there's a UK version, and now there's an Australian version. And yes.

Yeah. So I'm not recommending that, but worry not, I have a podcast to recommend. Of course I do.

Oh, okay, good. Great. I think this would be up your street, Mr. Cluley. Once again, not an audio drama.

Okay. But an investigative piece from BBC Radio 4 podcast called Intrigue.

---

GRAHAM CLULEY. Oh, I haven't heard of this one.

---

CAROLE THERIAULT. Oh, it's good, it's good. So on the channel, if you search for Intrigue, you will see there's two seasons, right?

Each one focuses on a different story. They're about 10 episodes each.

The first season is called Mayday, and it's about this unbelievable misinformation campaign involving the war in Syria. Those trying to help the wounded.

Okay, incredible story, incredible reporting. And the second season is called Burning Sun, and it's how this seemingly super wholesome and lovely K-pop star, Jung Joon-young, kept quite a nasty, disgusting side of his from the public, and how a local journalist managed to expose him for what he really was.

Oh my goodness. It's like, it's pretty outrageous.

It's not for the faint-hearted, right? Okay, it was literally hard for me to listen to, but what a story and how well it was told, like intelligently, sensitively, amazingly.

It's done by the BBC journalist Chloe Hadjimatheou. So she does lots of kind of incredible feats of investigative journalism.

---

GRAHAM CLULEY. The BBC, the BBC are really knocking it out of the park with podcasts, aren't they? They've got some terrific podcasts.

---

CAROLE THERIAULT. Yeah, they're awesome.

---

GRAHAM CLULEY. It's not just what they put out on the air, it's yeah, it's a good trove to treasure.

---

CAROLE THERIAULT. Yes. So British listeners, you can find it at BBC Sounds.

You're looking for Intrigue. And of course, you can also find it wherever you get any of your podcasts.

But I think that the second one, what's it called? Burning Sun is now coming out week by week, but you can get the whole thing on BBC Sounds.

So there you go. That's my pick of the week.

---

GRAHAM CLULEY. Super. And that just about wraps up the show for this week.

You can follow us on Twitter @SmashingSecurity. No G, Twitter won't allow us to have a G.

And we also have a Mastodon account. And look up the Smashing Security subreddit on Reddit as well.

And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast apps such as Overcast, Spotify, and Apple Podcasts.

---

CAROLE THERIAULT. And huge thank you to this episode's sponsors, Kolide and Drata, and to our wonderful Patreon community. It's thanks to them all that this show is free.

For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 330 episodes, check out smashingsecurity.com. Until next time, cheerio.

---

GRAHAM CLULEY. Bye-bye. Bye.

---

CAROLE THERIAULT. Well, you go back to the sweltering glorious heat in your mystery location in South Europe.

---

GRAHAM CLULEY. I'm going to jump in the pool, I think.

---

CAROLE THERIAULT. Oh, la-di-da for you.

---

GRAHAM CLULEY. Yeah, yeah, I need to chill out. I'm going straight into the pool.

Well, not straight into the pool because it's bloody freezing there. They don't I think they put ice cubes in the pool, so you have to edge yourself in slowly, but it feels good once you're in.

---

CAROLE THERIAULT. Okay. All right.

Enjoy yourself.

---

GRAHAM CLULEY. I'll edit the show. Cheers.

Bye. Bye.

-- TRANSCRIPT ENDS --