The kingpin of the LockBit ransomware is named and sanctioned, a cybersecurity consultant is charged with a $1.5 million extortion, and a romance fraudster stole £80,000 from women he met on Tinder.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by “Ransomware Sommelier” Allan Liska.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Former Cybersecurity Consultant Arrested For $1.5 Million Extortion Scheme Against IT Company - US Department of Justice.
- United States vs Vincent Cannady (PDF) - US Department of Justice.
- LockBit leader unmasked and sanctioned - NCA.
- Romance fraudster defrauded women of £80,000 - BBC News.
- 15 of the Most Trustworthy Accents in the UK Revealed - Country Living.
- Omoton phone car mount - Omoton.
- Stories are weapons by Annalee Newitz - WW Norton.
- All the Beauty in the World: A Museum Guard's Adventures in Life, Loss and Art by Patrick Bringley - Penguin.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
CAROLE THERIAULT. Okay, sounds a bit like cuckoo.
GRAHAM CLULEY. Well, I think he might be. I don't know. I haven't got a doctor's note for him. I don't— I'm not medically qualified myself.
CAROLE THERIAULT. I doubt the doctor's note said cuckoo. Off for a month.
UNKNOWN. Smashing Security, episode 371: Unmasking LockBitSup, company extortion, and a Tinder fraudster with Carole Theriault. Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 371. My name's Graham Cluley.
CAROLE THERIAULT. And I'm Carole Theriault.
GRAHAM CLULEY. And Carole, we are joined this week by a special guest, someone who's been on the show before. It is the ransomware sommelier. It is Allan Liska. Hello, Allan.
ALLAN LISKA. Hey there, how you doing today?
CAROLE THERIAULT. Fantastic. You have the best title, honestly. Ransomware sommelier is the best.
GRAHAM CLULEY. Thank you.
CAROLE THERIAULT. I hope your business cards say that.
ALLAN LISKA. I don't have business cards anymore. I just, you know, people know me and I just say, look up Allan phishing and ransomware, and I'll be the guy. You know, I'm almost like Madonna at this point when it comes to ransomware.
CAROLE THERIAULT. You are Madonna. But before we kick off, let's thank this week's wonderful sponsors: Kolide, KiteWorks, and Vanta. It's their support that helps us give you this show for free. Now, coming up on today's show, Graham, what do you got?
GRAHAM CLULEY. I'm gonna talk about an offboarding disaster.
CAROLE THERIAULT. Very good. What about you, Allan?
ALLAN LISKA. I can't talk about anything but the extended Lockbit takedown that happened just before we went to recording. Woo!
CAROLE THERIAULT. And I'm gonna be telling the tale of Tinder scum. All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY. Now, chums chum. We are all, I don't know if you feel comfortable describing yourself as this, but compared to the average person in the street, we are cybersecurity experts. And I don't think we're going too far to suggest that we're the very best of humanity, aren't we?
CAROLE THERIAULT. You remember that I fell for a scam about 6 months ago, so.
GRAHAM CLULEY. Well, other than that, Carole, other than you screwing up on that occasion.
CAROLE THERIAULT. It was the first scam I ever fell for, but yeah.
GRAHAM CLULEY. Generally though, generally, we are really the very finest. We're dependable. We're trustworthy, we're salt of the earth, we're honest and sincere, stand-up good guys and gals. We're the very backbone of what has made this planet fantastic.
ALLAN LISKA. 100%. Cybersecurity are the saviors of humanity.
GRAHAM CLULEY. We are. We are. I think the world should be grateful for us existing at all. And when life throws us a curveball, and sometimes life does do that, we respond calmly. And thoughtfully, we pick ourselves up, dust ourselves down, and with good grace, we move on. We find something positive from a potentially negative experience. We don't hold any grudges.
CAROLE THERIAULT. Yes, that's exactly how I reacted when I got scammed. Yes, exactly.
GRAHAM CLULEY. Yeah, that's what we do. So imagine, for instance, you were doing some consultancy work for a big publicly traded IT infrastructure services company. Maybe looking for security holes and problems and vulnerabilities. Imagine if that company one day told you that your work was a little bit subpar and as a consequence, they're going to let you go. They've decided, no, we don't really need you anymore.
CAROLE THERIAULT. Like a redundancy thing or you're fired?
GRAHAM CLULEY. Well, yeah, it's a consultant. You know, you work for another company which has brought you into this company to do some work for them. So you've got a gig, the money's coming through eventually into your pocket, but you wouldn't throw a hissy fit, would you?
CAROLE THERIAULT. My work's rarely subpar. I'd own up to it if it was, but—
GRAHAM CLULEY. Modest, modest. So you wouldn't have a tantrum? You wouldn't steal some Post-it notes?
CAROLE THERIAULT. Oh, I'd probably steal Post-it notes. You know me.
GRAHAM CLULEY. Oh, okay, okay. So now we're talking. Now we're talking. So there are some things you'd be prepared to do. You'd steal Post-it notes. Would you?
CAROLE THERIAULT. Well, it's a security thing, right? Because they could just do the shading with the pencil and find out what I wrote before on the Post-it note. It's a security thing.
GRAHAM CLULEY. Oh, I see.
ALLAN LISKA. You're stealing just your pad of Post-it notes. You're not going to the office supply cabinet and moving a sweater with all of the Post-it notes. I think that's a bit of a different thing.
CAROLE THERIAULT. No, I've never gone shopping inside the cabinet.
GRAHAM CLULEY. Would you take a company chair, Carole? Maybe they've got a nice swivel chair. Would you keep that? A laptop or something like that. If they didn't ask for it back?
CAROLE THERIAULT. No, I've never done that.
GRAHAM CLULEY. You haven't done anything like that?
ALLAN LISKA. No.
CAROLE THERIAULT. Why are you asking Allan?
ALLAN LISKA. I have a standing desk only, so I don't have a need for a chair.
GRAHAM CLULEY. Okay. Would you threaten to publicly disclose the company's sensitive and confidential information unless you were paid $1.5 million?
ALLAN LISKA. Oh, I do that for my current company now.
GRAHAM CLULEY. Right, right.
CAROLE THERIAULT. Live on air.
GRAHAM CLULEY. Live on air. So, there is a chap. He's a 57-year-old cybersecurity expert. His name is Vincent Kennedy. And he's alleged to have done just that. Rather than updating his resume when he got the boot from this little contracting gig, he's said to have taken the concept of securing data a bit too far. Okay. By copying it from his ex-employer's cloud drive to his own personal system and then threatened to share it with the world if his demands weren't met. Now, in some ways, that's great. You know, it's very positive thinking. It's very forward-thinking of him, thinking, oh, you know, I should make a backup of this in case they ever lose their data. That'd be really handy. It's a bit like the ransomware gangs, the great work they do backing up people's data when it hasn't been properly secured, in some cases encrypting it as well. So other bad guys can't do anything with it in the future. In some ways, that's good. So here is what is said to have happened. June last year, this company, we don't know the name of it. Although you can go on LinkedIn and see who Vincent Kennedy has worked for in the past. So you might be able to work it out.
CAROLE THERIAULT. Can we just call him Vinnie?
GRAHAM CLULEY. Okay, Vinnie. Okay. Vinnie. Vinnie Kennedy. Alright. So he has his contract terminated. And the company terminating his contract says, you know, your performance has been a bit poor, I'm afraid.
CAROLE THERIAULT. Subpar.
GRAHAM CLULEY. Yeah, subpar. But you can have two weeks' severance pay. Which isn't phenomenally generous, to be honest, is it?
CAROLE THERIAULT. That's a US typical rate though, I think.
GRAHAM CLULEY. Is it?
CAROLE THERIAULT. Yeah, I think so.
ALLAN LISKA. Yeah, that's about right.
CAROLE THERIAULT. Two weeks.
GRAHAM CLULEY. Really?
CAROLE THERIAULT. If you're lucky.
GRAHAM CLULEY. Seems a bit stingy to us Europeans, but you know, we're often given all the luxury treatment over here. Anyway, in return to being told that he's been let go, he sent this company an email and he said, as a final thank you for the company, I'm going to produce a report on your company's security. And he attached his resume again, and he wished— he gave them heartfelt wishes that he wanted to work with the company again once more in the future.
And he noted that he loved his job, and it's really hurtful not being able to do his job anymore for this particular company.
CAROLE THERIAULT. Hurtful?
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. That's a weird word.
GRAHAM CLULEY. Well, as you'll discover, he's someone who can be quite— he's got quite sensitive emotions. He's emotional.
He is emotional. She is emotional. An emo.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. And so, 3 days afterwards, 3 days after getting fired, this chap Kennedy is said to have turned on his company laptop, which hadn't been taken off him, and he downloaded this treasure trove of confidential data, server blueprints, trade secrets, details of potential vulnerabilities, copying it to his own personal cloud account, presumably to create this report.
CAROLE THERIAULT. How did he have access to all this stuff?
GRAHAM CLULEY. Well, because he had access when he was working there.
CAROLE THERIAULT. Yeah, but you don't have access to everything. This is big stuff.
ALLAN LISKA. I've been a consultant before. You do. You shouldn't, but you do have access to everything.
CAROLE THERIAULT. Okay, okay. You see, I drink the Kool-Aid. I just think everything is beautiful out there.
GRAHAM CLULEY. So according to the company in question and the FBI who got involved in this, they say he didn't have permission to do that. When he started working for the company way back when, when the contract began, he had agreed, when you leave employment, you have to return all the material and property, not disclose any information to third parties.
Standard sort of thing.
CAROLE THERIAULT. Yeah, and he signed to that.
GRAHAM CLULEY. Yeah, of course you do, 'cause you want a job, right? You just sign anything. Yes, of course you can have my firstborn child.
CAROLE THERIAULT. Well, I read the Ts and Cs, as we all know, but—
GRAHAM CLULEY. Right. Now, normally when you leave a company, your colleagues might have a little whip around. I remember sometimes being involved in some of those, or a leaving speech or something at companies I've worked in the past.
You might have a nice card bought for you. You may even get taken out for lunch down the pub on your final day, just to say cheerio from your colleagues.
CAROLE THERIAULT. Well, Vincent Kennedy, Vinnie if you prefer, Carole, he must have been pretty upset. That wasn't arranged for him. Nothing nice like that as a leaving present.
So what he did was he disabled the company's remote access to his laptop, the one he still had in his possession, preventing them from disabling it remotely. Ooh. Bold choice, I think you'd probably say.
CAROLE THERIAULT. Yeah, I think that's a very beautiful way of putting it. Bold choice. Very brave.
GRAHAM CLULEY. Courageous decision, yes. Very brave. And so the company got in touch with him and they said, we've noticed that you seem to have shared a whole bunch of our files in our cloud storage directory with your personal private cloud storage account.
And this is the actual wording they sent to him. They said, as a result, as part of our normal procedure, we'd like to understand why this has happened. And we wanted to be sure you're going to protect and delete all the company data that has been shared. Please let us know when we can discuss this matter to better understand why this occurred and when you can delete all the data and confirm that it has been all deleted. Which, you know, is quite polite of them really, isn't it? Yeah.
CAROLE THERIAULT. Instead of listen, fuck up.
GRAHAM CLULEY. So what do you think Vinnie's reply to that was? What his response was?
CAROLE THERIAULT. No.
GRAHAM CLULEY. Sorry.
CAROLE THERIAULT. Don't know what you're talking about. You know, feign ignorance.
GRAHAM CLULEY. Well, not so much ignorance. He said that he was being discriminated against.
He said, "This is unfair. You're discriminating against me, and no, I cannot attend a meeting to discuss this. I can't talk to you due to my health for at least one month." Discriminated against on what grounds?
CAROLE THERIAULT. He doesn't say.
GRAHAM CLULEY. He doesn't say. He just says that I'm being discriminated against.
ALLAN LISKA. The company doesn't like Vinnies. I think that's the problem.
GRAHAM CLULEY. Yep. So two weeks pass, the company tries again.
It emphasises that there's some urgency now to arrange this meeting so that files could be confirmed to be deleted. And they also said, oh, could you send us a doctor's note for your mysterious health issue as well, which you're using as a fig leaf to protect you at the moment?
CAROLE THERIAULT. I wouldn't send my doctor's note over. Would you?
GRAHAM CLULEY. Well, if you're using it as an excuse why you can't confirm that you've done things which you said you would do for the company upon leaving the company. I don't know.
It's reasonable enough if he's using it as— I mean, I think it's quite kind of them actually to say, yeah, hey, if you've got a doctor's note, then we'll be a little bit more sympathetic. I think it's reasonable enough, isn't it?
CAROLE THERIAULT. Well, they already are being sympathetic. I read the email you read sounded pretty gentle.
GRAHAM CLULEY. Well, it stops being quite so gentle.
CAROLE THERIAULT. Ah.
GRAHAM CLULEY. They then said, you've got to delete the files pronto, Vinnie, and you're going to do it in a supervised setting. Someone is going to watch you do it and make sure that everything has been destroyed.
Vinnie, meanwhile, and he CC'd some journalists when he did this, he said, your legal threats are not sufficient to make me delete the files. You have to cough up some money. I'm going to keep these files. They're going to be used as part of my defense because you're now threatening legal action against me. And he also said to the journalists who had copied it, and he said, I've got a great business news story for you guys to share with your editors.
CAROLE THERIAULT. Okay, he sounds a bit cuckoo.
GRAHAM CLULEY. Well, I think maybe Vinnie might be. I don't know.
I haven't got a doctor's note for him. I'm not medically qualified myself.
CAROLE THERIAULT. He didn't get a doctor's note that said cuckoo.
GRAHAM CLULEY. No.
CAROLE THERIAULT. Off for a month.
GRAHAM CLULEY. So months and months pass, and the matter isn't settled. Kennedy asks for 5 years' worth of salary from the staffing company that placed him in the position.
And he asked for another 10 years' worth of salary for the emotional distress from the IT infrastructure firm, which has sent him these emails, asking him to delete the emails. So, he's basically arguing he worked very hard for this company, and they've hurt his feelings. Oh my god. He says, you've got $1.5 million to pay up, and you have 14 days to pay it.
CAROLE THERIAULT. Or else what?
GRAHAM CLULEY. Or else he's going to share this with journalists. He's going to write his report.
In fact, what he says is he says he has got— he reckons he could make between $300,000 and $400,000 on a book deal revealing the vulnerabilities. And he also says he could get a job on CNN or ABC News.
CAROLE THERIAULT. I'd say knock yourself out, dude. Go, go, go. Let's see what happens.
GRAHAM CLULEY. Oh my God. As a result of all the information he's going to expose. So he says, I've worked very hard for you. You shouldn't have colluded to fire me after all the hard work I did for you. And now you're lying.
CAROLE THERIAULT. We pay you every two weeks.
GRAHAM CLULEY. Now you say my work's substandard, and that's— now I'm going to sue you all because of this. And then you'll see me on CNN. And the company is saying, look, we just want to have a representative there to see you delete the files.
He says, well, I'll do it over a Zoom call, but only after you've paid me the $1.5 million.
CAROLE THERIAULT. This is kind of like ransomware, but in a different—
GRAHAM CLULEY. You know, exactly.
ALLAN LISKA. I mean, it is ransomware.
CAROLE THERIAULT. Yeah, but internal.
GRAHAM CLULEY. And of course, no attempt to disguise who's behind this because this guy was, you know, was being paid. He actually ends up telling the company's legal counsel because this just goes on and on and on.
You can read all about it. I am a cybersecurity forensic expert. I've been working in IT for over 29 years.
CAROLE THERIAULT. He could have said almost 30.
GRAHAM CLULEY. If your client had proper offboarding, then we would not be talking right now. And in fact, I moaned at the management that their offboarding policy was too lax for proper cybersecurity standards.
So he's complaining. He says, I moaned that this could happen because they don't properly get rid of people inside this company and allow them access to drives. And so I've exploited that access in order to try and then extort the company.
CAROLE THERIAULT. Yeah. So would you call this like gray-hatting?
GRAHAM CLULEY. This is—
ALLAN LISKA. I mean, this is straight up black hatting. This is— yeah, you know, I mean, you know, what you're doing is illegal.
And yes, it sucks that you were let go, but come on.
GRAHAM CLULEY. Yeah.
ALLAN LISKA. Yeah. Well, you know, you didn't have the author's— first of all, you didn't have the authorization to back up the data to your personal hard drive, especially not after being let go.
GRAHAM CLULEY. Mm-hmm. So this chap could face up to 20 years in prison. The case continues.
But from the sound of things, it's just bonkers, isn't it? I mean, there's no attempt to hide his identity whatsoever. Seems to feel that he's in the right, but he's dug himself deeper and deeper and deeper into a big hole.
CAROLE THERIAULT. His feelings are hurt, Graham.
GRAHAM CLULEY. Well, yes, I've got hurt feelings. Tears of a rapper. Allan, tell us what's going on in the world of ransomware this week.
ALLAN LISKA. So what's going on in the world this morning of ransomware is I'd like you all to meet Dmitry Yuryevich Khorosov. You may not be familiar with that name, but you're likely familiar with his other alias, LockbitSup, the man behind Lockbit.
Yeah, that is the big news this morning. That NCA, in their ongoing diops campaign against LockbitSup, has revealed his name. And along with that, there's an indictment and sanctions and just a whole bunch of now security researchers combing through every forum post, every email address associated with him, trying to find every bit of history they can on this guy.
CAROLE THERIAULT. So we have a name and we have a photo and we— NCA in their usual fashion, it's the dorkiest photo possible of the guy.
ALLAN LISKA. I'm just looking at it right now. And yeah, the way he's posed, big elbow, big elbow on one side.
CAROLE THERIAULT. For me, the AirPods being askew is driving me a little nuts. But this is the guy.
ALLAN LISKA. I was on a Twitter Spaces earlier today and somebody pointed out that this is the guy that claimed that he was on a yacht with all the women in the world. And no, no, you weren't, man.
CAROLE THERIAULT. I wasn't there.
ALLAN LISKA. You were in your mom's basement. We know where you were.
GRAHAM CLULEY. So for anyone who doesn't know, obviously Lockbit, notorious ransomware gang. They've been very outspoken in the past. They've had big victims and they've had this leak site that was hijacked effectively by law enforcement, wasn't it? Who've been trolling the LockBit Gang now for, what, a couple of months or something like that, I think?
ALLAN LISKA. So February 20th is when law enforcement, 17 law enforcement agencies led by the NCA, that's the National Crime Smashing Security, something in the UK.
GRAHAM CLULEY. Agency. Agency. Agency.
ALLAN LISKA. Thank you. That makes sense. In the UK really led this operation and I feel like they did it the most British way possible, just constantly poking at them because they didn't just seize the site, they made a copy of it and then they, where you would normally have the victims posted, they posted what the different law enforcement agencies were doing. So they seized crypto wallets. They had some initial indictments, but now they've added more indictments to it and of course revealed Lockbit's name.
So they're just basically harassing and haranguing him the way Lockbit has through thousands of victims over the last few years.
CAROLE THERIAULT. I wonder if that's a recruitment campaign, you know, because it'd be much more fun for people that know all about this to work for the NCA if they can have a bit of fun while they do their jobs.
GRAHAM CLULEY. Potentially not as financially rewarding.
CAROLE THERIAULT. Potentially. Yeah, that's why fun's important, you know.
ALLAN LISKA. But that's interesting that you say that, because if you look at the indictment that was released today, apparently something like 60% of Lockbit's affiliates never made any money. And so, you know, we've often compared ransomware as a service to multilevel marketing. But I've always made the caveat, except that everybody makes money.
It turns out it's exactly like multilevel marketing where most of the affiliates never made a dime. So yeah, Lockbit made a lot of money and a couple of the early affiliates made a lot of money, but most of them turned out, at least according to what law enforcement was able to track with cryptocurrency transactions, didn't make a dime from any of their victims.
GRAHAM CLULEY. So LockbitSup, he's the kingpin of Lockbit, isn't he? We believe he's the Mr. Big.
ALLAN LISKA. Exactly right. So he is the one who started the ransomware as a service, but he's recently— he's not an actual ransomware operator. He just administers the whole program and rents out his infrastructure to all of these people who give him money to sign up for his program.
CAROLE THERIAULT. Wow. So he's scamming the scammers as well.
ALLAN LISKA. I mean, he hasn't been scamming them. It's just if nobody pays you, nobody pays you. There's not a whole lot you can do about it.
CAROLE THERIAULT. Yeah, but pay your bills.
ALLAN LISKA. Right.
GRAHAM CLULEY. And he claims, he claims that he's been living the high life. You know, he's been having a fantastic time. He's been sort of chortling away at the law enforcement's claims that they were on his trail. I think he even offered $10 million at one point. He said, if there's anyone out there who can work out my identity, let me know how, produce the evidence, and I'll give you $10 million.
CAROLE THERIAULT. I'm not going to tell you what currency.
GRAHAM CLULEY. Well, but this is going to curb his social life considerably because presumably he's not going to be able to fly internationally, is he? At least not to many countries.
ALLAN LISKA. That's correct. He's going to be very limited to where he can go.
CAROLE THERIAULT. Yeah. So where is he based? Do we know?
ALLAN LISKA. Oh, some Twitter sleuthing already this morning and they found several businesses registered with the email addresses that were listed by the DOJ in St. Petersburg, which has been where he's been rumored to be located in the past. So it makes sense. You know, and we'll find out more as this continues to go.
Somebody thinks they even found his LinkedIn profile, but we're not sure if it's the same person. A lot of Dimitris in Russia.
CAROLE THERIAULT. Are you looking for those AirPods being a scheme?
GRAHAM CLULEY. Right. If I remember correctly, the NCA previously, they claimed that they knew all kinds of information about him, including what kind of car he drove or something, wasn't it? I think it was they were saying, oh, he's got a Mercedes car or something. And there's been a big bounty offered in the past, hasn't there, for information regarding the people behind LockBit?
$15 million bounty. Do you think that someone may have claimed that bounty, may have provided information to law enforcement to help them unravel who's behind LockBit.
ALLAN LISKA. They did not share whether or not a ransom has been paid out. Not a ransom.
GRAHAM CLULEY. I'm sorry.
ALLAN LISKA. Whether a reward has been paid out. I've got ransom on the brain now. There is a $10 million reward for him specifically. So now they have by name he is— he's got a $10 million reward.
So now it's not just information about LockBit. It's specific information about him. And I the fact that, you know, the FBI taking cues from the NCA here, they set up the signal address to reach them to collect the reward as FBI Sup.
CAROLE THERIAULT. Wow.
GRAHAM CLULEY. Just Lockbit Sup.
CAROLE THERIAULT. I can't believe the size of the reward though. Surely a million would do. $10 million. Is it what Nomi— was that a model? Nomi, I don't get out of bed for less than $10,000 a day.
Is that what we're talking about? It's now gone to $10 million?
GRAHAM CLULEY. Yeah. If you're a ransomware affiliate who hasn't been paid by LockBitSup and were expecting to make millions, then maybe it'd be quite tempting if you had information which might point towards what their identity was.
CAROLE THERIAULT. I understand, but you'd be tempted by $25 grand, maybe, or maybe not, but maybe $500 grand. I don't know. It seems a lot of change.
GRAHAM CLULEY. Think about it, right? These guys are serious criminals. If you upset them, if you poke them with too much of a long stick, they could potentially come after you.
CAROLE THERIAULT. Oh, you need disappear money.
GRAHAM CLULEY. Aha. You might want to think, oh, you know, I really need to disappear for a while if by any way it were to come out that you were the one who helped catch a big cybercriminal this.
ALLAN LISKA. Yeah, you definitely would want get out of Russia money and probably not get out of Russia from the normal legal methods. So, you know, I don't know that you need the full $10 million to do that, but it would certainly make it easier.
CAROLE THERIAULT. Yeah, you can have caviar when you arrive. Wherever you are going. Yeah.
ALLAN LISKA. Right.
GRAHAM CLULEY. Fantastic. Well, we will put some links in the show notes where people can read more about this, and also we will point them towards those bounties as well. So if any listeners have any information and fancy contacting the FBI via FBI SUP, they can do that. Krow, what's your story for us this week?
CAROLE THERIAULT. Well, we're hitting online dating. So let me start with this. So according to a Country Living article from a few years ago, there are more and less trusted UK accents. So the commission research asked more than 2,000 people to listen to 15 different regional UK accents to decide which one was the most trustworthy.
Now, I thought we'd have a little game.
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. You gotta go more trusted, less trusted, or average. Okay?
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. And I'm gonna help out by naming some stars from that place to help you, Allan, right? Because I know you're not from our corner of the world. So Welsh, okay?
So you got singer Thom Jones. He's Welsh.
GRAHAM CLULEY. Thom Jones, boy. Thom Jones.
CAROLE THERIAULT. Yeah, that's a very good impression, everyone. Would you say that's a trusted accent or less trusted?
GRAHAM CLULEY. Welsh, definitely trusted.
ALLAN LISKA. Yeah, I would have said less trusted, except now that Welcome to Wrexham has been a worldwide phenomenon, I wonder if it is more trusted.
CAROLE THERIAULT. It is quite trusted. It's in the top 5 at number 4.
GRAHAM CLULEY. It's a friendly accent.
CAROLE THERIAULT. Yeah, yeah. Okay, what about a Boltonian? People from Bolton, like comedian Peter Kay. Where would you put that?
GRAHAM CLULEY. Definitely trusted. The more north you go, the more we're likely to trust them.
CAROLE THERIAULT. Very interesting. He's number 6, so he's in the middle category. OK. What about Essex?
So Dermot O'Leary, that won't help you very much, Allan, but Dermot O'Leary, you'll know him, Graham.
GRAHAM CLULEY. Yeah, Essex is like what I'd call a Page Three girl voice. Whoa!
CAROLE THERIAULT. I don't think I am agreeing with that at all.
GRAHAM CLULEY. No, a lot of Page Three girls come from Essex, don't they?
CAROLE THERIAULT. I think millions of people live in Essex and have the accent. So—
GRAHAM CLULEY. I'm just trying to frame it in a context which Allan may recognise, if he knows the voices of both cities.
ALLAN LISKA. I'd have to say, less trusted then, just from that reference.
CAROLE THERIAULT. Well, it's in the medium, but the low end. It's number 10.
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. You've got the hometown of Ozzy Osbourne, Birmingham, or what we call Brummie over in these parts.
GRAHAM CLULEY. Oh, I don't know if I trust Ozzy Osbourne.
ALLAN LISKA. I definitely don't trust Ozzy Osbourne.
GRAHAM CLULEY. If he was my designated driver, or if I needed him to look after my pet, I wouldn't know.
ALLAN LISKA. I don't even know if I trust him on the same bus as me, much less the designated driver.
CAROLE THERIAULT. Well, that Brummie is the last one on the list, number 15.
GRAHAM CLULEY. Oh dear.
CAROLE THERIAULT. Okay, what about Glaswegian? You know, John Barrowman? People from Glasgow?
ALLAN LISKA. Oh yes. Very trusting.
CAROLE THERIAULT. What about that? No, not trusted at all. So Edinburgh is very trusted.
GRAHAM CLULEY. Edinburgh, yes.
CAROLE THERIAULT. Because it's a little more classy in terms of, you know, round vowels.
GRAHAM CLULEY. I don't know. Scottish listeners, it was Carole who said that, not me.
ALLAN LISKA. I have always preferred the Glasgow accent over Edinburgh, but I think it's because there are fewer steps in Glasgow. Like Edinburgh, every place you go, you have to walk up 100 steps to get there.
GRAHAM CLULEY. It's the Glasgow kiss, which slightly worries me. That's what I— I wouldn't want that happening.
CAROLE THERIAULT. I don't know what that is.
GRAHAM CLULEY. So when you get a headbutt, isn't that— isn't that Glasgow kiss? Yeah, yeah.
CAROLE THERIAULT. What about Yorkshire? Yorkies?
GRAHAM CLULEY. Very, very trusted. Yorkshire.
CAROLE THERIAULT. Dame Judi Dench comes from there. We all trust her as an actor. Yeah.
ALLAN LISKA. All right, I'll say trusted.
GRAHAM CLULEY. But yeah, very, very trusted.
CAROLE THERIAULT. Yeah. Well, you know what, it's number 1. It's number 1 with 60% of the people who took part in this placing it at number 1.
GRAHAM CLULEY. You haven't mentioned my accent yet. What's yours? Do you know what yours... You know, I would think, obviously Her Majesty is no longer with us, but I feel that I've picked up the reins.
CAROLE THERIAULT. Well, look, I think you probably fit in at number 2, and it's in this Country Living article. It's called Received Pronunciation. So dialect common to Hertfordshire, London, and Kent.
GRAHAM CLULEY. I think I'm a little bit more estuary, to be honest. I'm quite slovenly with my voice. I would love to be Received Pronunciation.
CAROLE THERIAULT. So Yorkshire came on top. And this may be why 35-year-old Peter Gray, hailing from West Yorkshire, found himself to be rather successful on the dating app Tinder. And while chatting to the ladies, he, I suppose, anyone else trying to find love online, attempts to show his best attributes, right? So he pummeled his matches with his loving, caring, and generous side.
I mean, listen to what one of his online dates known as Jessica, she had to say that she had just come out of a 6-year relationship, right, in 2018 and decided to hit Tinder to find her one true soulmate. And she met our West Yorkshire boy Peter. And after a few dates, she said Peter was a good listener, and that it was everything she needed at the time.
GRAHAM CLULEY. Perfect.
CAROLE THERIAULT. Yeah. And Hannah also landed dates with Peter and she said he was calming and reassuring. Must have been the accent. Because it turns out that Peter was so much more than what these women appreciated.
You see, Peter had a few tricks up his sleeve. On his third date with Jessica, he invited her to his house.
GRAHAM CLULEY. Ding dong.
CAROLE THERIAULT. And, you know, she goes in and maybe takes off her shoes and she puts her bag on the dining table and then goes chatting. And maybe she has to go to the loo at some point, or she slips outside for a moment or whatever. But when she's out of the room, Peter decides to go through her bag, taking pictures of her driving license and bank cards.
GRAHAM CLULEY. Someone from Yorkshire doing that?
CAROLE THERIAULT. Yes, the calm, reassuring Peter Gray then used all this info to take out a £9,000 loan in her name.
GRAHAM CLULEY. Mm.
CAROLE THERIAULT. Hannah, the other girl who he dated a few years after Jessica, learned what Peter was really up to after she broke it off with him because she received a letter saying her £20,000 loan application was accepted.
GRAHAM CLULEY. Oh boy.
CAROLE THERIAULT. And this is where that charming, trusting accent must come in because Peter somehow convinced Hannah after she discovered the successful loan application. She took him back a few months later.
GRAHAM CLULEY. Oh no.
CAROLE THERIAULT. But there were still too many red flags and inconsistencies for her to stay with him too long. However, she realized she was pregnant with his baby. Oh, I know. So another one of Gray's targets, she's known as Elizabeth, she matched with Gray on Tinder in 2020, and no surprise, he tried to pull off the same exact con.
And she started twigging that not all was sunshine, lollipops, and rainbows when she had her mortgage revoked two days before she was scheduled to move to a new home. Why? Gray had taken out a £10,000 loan using just her driving license. And she told the BBC, quote, "Red flags popped up, but I just kept thinking, stop being silly, you need to be going for a guy that treats you nice."
GRAHAM CLULEY. So, with a good Yorkshire accent.
CAROLE THERIAULT. Yes, if I could do it, I would, but there you are. So Gray was thankfully brought to justice after two of the women he scammed invoked the Domestic Violence Disclosure Scheme. This is also known as Clare's Law, which asks police to do background checks on partners.
GRAHAM CLULEY. What? Hang on, what's that?
CAROLE THERIAULT. So it's the Domestic Violence Disclosure Scheme. And it's known as Clare's Law.
GRAHAM CLULEY. Yeah, I'm writing this down. This could be useful for me.
CAROLE THERIAULT. So Clare's Law is C-L-A-R-E, right? Clare's Law. And this is where you can ask police to do background checks on potential partners that you're going to be dating or that you are dating.
GRAHAM CLULEY. And you can find out if they've been done for domestic violence.
CAROLE THERIAULT. Basically, you have the right to ask. And if the police checks show that your current or ex-partner has a record of violent or abusive behavior or if they believe that you may be at risk, they may decide to proactively share that information with you.
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. He ended up scamming $80,000 off the women he targeted on Tinder. He got nabbed and was sentenced to 56 months in prison this past February.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. And given restraining orders in relation to the victims.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. And this story is now hitting the headlines because these women have come forward speaking to the BBC to share their stories. The BBC also got a comment from Tinder. Now, Graham, we share a communications background back in the old days, so I'm looking forward to what you think of this particular statement Tinder spokesperson issued.
GRAHAM CLULEY. Okay, let's see what Tinder have to say.
CAROLE THERIAULT. Tinder acts to prevent and warn users of potential scams or fraud by using AI tools to detect words and phrases and proactively intervene. Do you feel safe?
ALLAN LISKA. No.
CAROLE THERIAULT. Right. AI tools, the key mot du jour, right?
GRAHAM CLULEY. Hang on, hang on. If he's from Yorkshire, what would he have been saying to these guys? He'd be like, "Hey up, love.
Do you want to go down to Chippy?" No, if he sounded like that, I don't think anyone would have dated him ever.
CAROLE THERIAULT. That's what I was going to say. What are they going to pick out? Anyway, a lot of his activity wasn't really happening on Tinder, was it?
GRAHAM CLULEY. Right.
CAROLE THERIAULT. Yeah. So is it fair to blame Tinder for this? That was just the initial contact point.
GRAHAM CLULEY. Yeah, but he kept hunting in Tinder all the time, right? That's where— that was his hunting grounds.
CAROLE THERIAULT. But isn't that what everyone on Tinder—
GRAHAM CLULEY. And he did this over a couple of years, right? This is over a period of years he did this. So I'm, you know, I'd love to know if these women had actually reported them to Tinder and whether Tinder just kind of ignored it or didn't say anything and he just got to carry on.
CAROLE THERIAULT. Right, I guess if you've had a relationship with someone who approached you on Tinder and something bad happened, maybe there should be a facility to warn the other people on Tinder. Yeah, watch out for him, he's a wrong'un.
GRAHAM CLULEY. Yeah, but it's bigger than this because few have summed up the core dilemma at the heart of, you know, all this stuff better than Margaret Atwood. Because, you know, she says, quote, men are afraid that women will laugh at them, women are afraid that men will kill them. So, you know, I think that's a very— what's worse? Yeah, what's worse? Guys, but this might be a step in the right direction for Tinder. Late last month, Tinder announced a new Share My Date feature, which will enable users to share their date plans with friends and loved ones straight from the app.
I'm not sure why from the app is better, but maybe it is because then everyone has the same log. This includes location of the date, time, and a photo of the match.
CAROLE THERIAULT. Well, that's all good. From the personal safety point of view, but it wouldn't have stopped these women falling foul of fraud, would it?
CAROLE THERIAULT. No. Other advice that might be worth considering that plays into these cases: take yourself to and from dates, always meet in a public place. It might be more difficult for him to take pictures of your license if you're sitting in a pub or in a cafe.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. Don't share any contact info until you feel safe. One of the victims started getting, you know, going, this is a bit weird, when Mr. Gray sent her flowers to her address when he shouldn't have known it at that time.
So I mean, I would have been like, oh. So don't share contact info until you feel safe, and report suspicious behavior to the dating app.
If nothing else, even if they do nothing, you have a record that you did that. I would do it in writing so that you have a record, and if they ignore it, at least you can say, well, look, I tried to tell you.
And if in the UK, report these scams to the Financial Conduct Authority and Citizens Advice. And most importantly, the most important thing of all: Don't assume someone's a good guy because of their accent, right?
GRAHAM CLULEY. Absolutely not. Absolutely not, it's a real problem, this.
CAROLE THERIAULT. Because I wouldn't watch my purse. I don't think I would be, you know, if I was on date 3 and the guy was all, you know, you're great, you're amazing, I'd be like, oh, finally someone sees my true qualities.
GRAHAM CLULEY. I don't think they'd be saying that.
CAROLE THERIAULT. I think they would, Graham. I think they would. I think they would.
GRAHAM CLULEY. I don't think they would. Legacy managed file transfer tools are dated.
They lack the security that today's remote workforce demands. Companies that continue relying on outdated technology put their sensitive data at risk.
Well, this podcast is sponsored by KiteWorks, who enable organizations to effectively manage risk in every send, share, receive, and save of sensitive content. To do that, they've created a platform that delivers content governance, compliance, and protection to customers, tracking, controlling, and securing sensitive content as it moves within, into, and out of organizations, all while ensuring regulatory compliance on all sensitive content communications.
KiteWorks provides the industry's first private content network for protecting risky third-party communications with secure email, secure file sharing, secure mobile, secure web forms, managed file transfer, and governed SFTP servers. Visit KiteWorks.com to get started today.
That's KiteWorks.com, and thanks to them for supporting the show.
CAROLE THERIAULT. If you're building a SaaS business, achieving compliance with ISO 27001, SOC 2, or other in-demand frameworks can unlock major growth for your company and establish customer trust. However, this process is often time-intensive and costly.
Vanta automates up to 90% of compliance work, getting you audit-ready quickly and saving you up to 85% of associated costs. And Vanta scales with your business with a market-leading trust management platform to help you continuously monitor compliance, unify risk management, and streamline security reviews.
GRAHAM CLULEY. Views.
CAROLE THERIAULT. Join 7,000 global companies like Atlassian, Flow Health, and Quora that use Vanta to build trust and prove security in real time. Watch Vanta's on-demand demo at vanta.com/smashing.
That's vanta.com/smashing. And thanks to Vanta for sponsoring the show.
GRAHAM CLULEY. You've probably heard us talk about Kolide before, but did you know Kolide was just acquired by 1Password? Well, that's pretty big news since these two companies are leading the industry in creating security solutions that put users first.
For over a year, Kolide Device Trust has helped companies with Okta ensure that only known and secure devices can access their data. And that's what they're still doing but now as part of 1Password.
So if you've got Okta and you've been meaning to check out Kolide, now's a great time. Kolide comes with a library of pre-built device posture checks, and you can write your own custom checks for just about anything you can think of.
Plus, you can use Kolide on devices without MDM, your Linux fleet, contractor devices, and every BYOD phone and laptop. Now that Kolide is part of 1Password, it's only going to get better.
Check it out at kolide.com/smashing to learn more and watch the demo today. That's k-o-l-i-d-e.com/smashing.
And thanks to them for supporting the show. And welcome back, and you join us at our favorite part of the show, the part of the show that what we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week.
ALLAN LISKA. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app.
Whatever they wish. It doesn't have to be security-related necessarily.
CAROLE THERIAULT. Better not be.
GRAHAM CLULEY. Well, my Pick of the Week this week is not security-related.
CAROLE THERIAULT. Good.
GRAHAM CLULEY. My Pick of the Week this week is a little gizmo which I have in my car.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. Because my partner and I use our smartphones to do the old sat-nav trick in the car. And we had this little car mount, and it was such a nuisance trying to get it in between the vice-like grip.
And my phone, which has a case on it, would fall out and fall on the ground all the time. And I said, oh, what we need is something which properly secures the phone and keeps it there, which is easy to put on and will work with both of our phones.
And I can tell you, I have found the ultimate car phone holder for your smartphone.
CAROLE THERIAULT. I'm actually quite interested because I have the same problem as you. My phone flies out every time I'm going around a roundabout if I haven't put it in absolutely securely, because sometimes you're in a rush.
It flies out and either hits me in the face or hits the passenger side.
GRAHAM CLULEY. I promise you, Carole, this will work. It is the Omoton MagSafe car phone holder.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. It both has the magnetic thing, because if you've got MagSafe, so you've got an iPhone, I happen to know, right? And I've got an iPhone as well.
And it's MagSafe compatible. And I think maybe some Android phones have that as well.
I have no idea. Anyway, so it works with an iPhone.
And so you have the magnet there holding. But what the Omoton MagSafe car phone holder also has is the most sucky sucker in the world.
So not only does the magnet go on, but the sucker goes— at the same time and completely secures your phone so it is rock solid in place.
CAROLE THERIAULT. Can you get your phone out again?
GRAHAM CLULEY. Well, well, there's a knack to it. I'm dealing with one problem at a time here.
No, you can. You can.
It's a flick of the wrist. It can be done.
It can be done. But—
CAROLE THERIAULT. This is because you've been doing box fit now. That's why you're saying that.
It's just—
GRAHAM CLULEY. Yeah, exactly. That's why.
That's why I'm so fit now. But yes, it will secure it, but then you go— and you can get it off again.
But the combination of sucker, suction pad and magnets, I have to say, it works really very well indeed.
CAROLE THERIAULT. I'm looking at this right now.
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. It's quite large.
GRAHAM CLULEY. No, it's not.
CAROLE THERIAULT. No? Do you have the one that sits on the top dashboard, or do you have the one that sits in the vents?
GRAHAM CLULEY. I have the one which plugs into your air vent.
CAROLE THERIAULT. Okay, yeah. Okay, that's not so big. Yeah, the other one with the telescopic arm looks a little bit bigger.
GRAHAM CLULEY. Oh, well, yeah, if you attach it to your windows, windscreen, or your dash— Yeah, I can understand. No, mine goes on the vent.
Now, there is a slight problem, which is that on my partner's car, when we use it, her vents— she's got— how can I put this delicately without insulting her? She does listen. She's got loose vents.
Her vents flap around quite a bit. And so although it is very securely in place on the holder, the actual holder does move when the vent goes because of the weight of the phone. So it does go left and right a bit.
Now, that's probably a problem with her particular car and her vent, but I can recommend as my pick of the week, the Omoton MagSafe car phone holder. And I'm not an affiliate. I'm not making any money out of this. Thank you very much.
CAROLE THERIAULT. I'd like to say that we never made money, a penny out of any Pick of the Weeks we've ever had, just for the record. In 371 episodes, unless Graham has been doing this on the sly.
GRAHAM CLULEY. Shh, shh, shh. Allan, what's your Pick of the Week?
ALLAN LISKA. So mine is, and I'm sorry, it is in fact security related.
CAROLE THERIAULT. Oh, that's okay. You're allowed. You're a guest.
GRAHAM CLULEY. Oh, he's allowed to do it.
CAROLE THERIAULT. Yeah, he's a guest. Okay.
ALLAN LISKA. Thank you. So I'm looking forward to Annalee Newitz's new book, Stories Are Weapons, which is coming out in the US on June 4th. And it's a book all about psyops campaigns.
And I've been researching this because of what NCA has been doing with Lockbit, because it sparked a question for me, which is: Can you carry out a PSYOP campaign if you're just doing it out in the open like NCA has been doing with LockBit, where it's basically the government saying, yeah, we're messing with you and we're trying to get in your head, lolz. Does that count as PSYOPs?
And it turns out, yes, that's absolutely— the psy part is the important part of this, that, you know, it's psychological warfare. And I feel like this is what NCA has really been trying to do with this Lockbit takedown.
And so because of this, I've been trying to learn more about it. And there's a lot of really good books, but I love Annalee Newitz. Their writing is very good. And so I'm really looking forward to this book, Stories Are Weapons.
CAROLE THERIAULT. Cool. Yeah, I'm just looking at it now. It says a sharp and timely exploration of the dark art of manipulation through weaponized storytelling. Smashing Security. Very interesting.
GRAHAM CLULEY. Yeah, and it is interesting, this new frontier that we're seeing in the fight against cybercriminals, where some of the law enforcement agencies do seem to be spending a lot of time sort of trolling the criminals, don't they, and messing with their heads to try and disrupt them. Kind of like it.
ALLAN LISKA. Well, I mean, if we can't arrest them, you know, then that's the option that we have is to disrupt them psychologically that they can't continue carrying out attacks.
GRAHAM CLULEY. Yeah. Yeah. Hopefully a lot of the ransomware affiliates out there will be more nervous of doing business right now, having seen the success against groups like Lockbit. Yep. Carole, what's your pick of the week?
CAROLE THERIAULT. Well, mine is also a book. It is a book I'm recommending without exception. It's called All the Beauty in the World by first-time author Patrick Bringley. So Bringley spent 10 years working at the Met Metropolitan Museum of Art in New York.
It's a massive museum with a glut of gorgeous art. And you might think, "Oh, he must be a curator or an art historian," but he's not. He worked there as a guard for a decade. And he became a guard after his brother passed away at the tender age of just 26.
GRAHAM CLULEY. Ugh.
CAROLE THERIAULT. And he decided that he wanted to be surrounded by beauty, and he thought, "What is the most beautiful place I can think of?" And it was the Met in New York City. And in the book, it's kind of like an essay.
He recounts his interactions with other guards, the public, and of course, his take and his feelings in relation to specific artworks that he's protecting. So he moves from room to room throughout the book over 10 years. He looks after Picassos at some point.
He looks after Impressionists, and then he talks about those works. So there's a bit of learning in there too. But it's deeply, deeply moving.
It's very unpretentious. And you can also learn some stuff. And if you're me and you prefer to listen to your books, you have a treat because it is read by the author and his voice reveals more about the man behind the book.
And I'm not alone in loving this book. It was named 2023's Sunday Times Art Book of the Year, Financial Times Best Book of 2023. It is, in a word, as beautiful as the works he surrounds himself with.
So my pick of the week is All the Beauty in the World by Patrick Bringley. It's published by Vintage, and it's worth every penny. But actually, hey, if you're short on them, just hit up the library.
GRAHAM CLULEY. Fantastic. Carole, does this— does he touch upon the Met Gala thing at all? You know, where all these celebrities get together and they— because that's been in the news this week, hasn't it?
Did you see the photos of all those celebrities?
CAROLE THERIAULT. Yes, I did. I did see some of the dresses. There's a lot of nudes.
There's a lot of, yeah, it was a bit insane.
GRAHAM CLULEY. A bit insane.
CAROLE THERIAULT. I just love the— you know what I thought when I saw them? Because I saw about 5 pictures, right?
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. These women dressed fairly— not dressed, dressed. I don't know how you say it. And they must have all been pissed off each other.
"Fuck, that was my idea. What are you doing? It was my idea to be nude. God."
GRAHAM CLULEY. I felt sorry for Taika Waititi, who is the boyfriend of Rita Ora. Because—
CAROLE THERIAULT. Oh, he must have loved that job.
GRAHAM CLULEY. He's a very cool guy. He's made some great movies.
CAROLE THERIAULT. "Tommy, are you sure you want to wear that dress? Are you sure that's the best dress for this show? Are you sure?"
GRAHAM CLULEY. He wasn't really wearing a dress at all, as far as I could see. But anyway, he was sort of following after her, trying to pick up the breadcrumbs or whatever she was leaving behind her.
But anyway. Yeah, yeah, a little bit awkward. Well, that just about wraps up the show for this week.
Allan, thank you so much for joining us. I'm sure lots of our listeners would love to follow you online and find out what you're up to. What's the best way for folks to do that?
ALLAN LISKA. You can follow me on Twitter @uuallen. That's probably the best way to get in touch with me.
GRAHAM CLULEY. Terrific. And you can follow us on Twitter @SmashInSecurity, no G, Twitter allows to have a G. And don't forget to ensure you never miss another episode.
Follow Smashing Security in your favorite podcast apps such as Pocket Casts, Spotify, and Apple Podcasts.
CAROLE THERIAULT. And of course, thank you to our episode sponsors, Vanta, KiteWorks, and Collide. And of course, to our wonderful Patreon community.
It's thanks to them all that this show is free. For episode show notes, sponsorship info, guest list, and the entire back catalog of more than 370 episodes, check out smashingsecurity.com.
GRAHAM CLULEY. Until next time, cheerio, bye-bye.
CAROLE THERIAULT. Bye.
ALLAN LISKA. Bye.
CAROLE THERIAULT. Thanks, Allan.
GRAHAM CLULEY. Cheers, Allan.
ALLAN LISKA. Thank you.
CAROLE THERIAULT. This is pretty early for you if you're out in San Fran.
ALLAN LISKA. It's 8 AM, so it's not too bad.
CAROLE THERIAULT. Yeah, it's all right.
GRAHAM CLULEY. You poor chap. Well, look, enjoy the rest of the day. I hope there are plenty more revelations to come about Locke.
ALLAN LISKA. I'm sure there are, and hopefully we'll be back and we'll talk about them together again.
CAROLE THERIAULT. Brilliant.
GRAHAM CLULEY. Would love to do that.
CAROLE THERIAULT. Thank you again so much.
GRAHAM CLULEY. Cheers, mate. Bye.
CAROLE THERIAULT. Bye.
ALLAN LISKA. Bye-bye.
-- TRANSCRIPT ENDS --