This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

---

ZOE ROSE. It had only two photos. It was explicit. Well, the main photo was a bottom. A very lovely bottom, I will say, but not really my interest.

---

GRAHAM CLULEY. Male or female? Do we know what sort of bottom it was?

---

ZOE ROSE. Both of them, both of them were female.

---

GRAHAM CLULEY. Her suit?

---

CAROLE THERIAULT. Or—

---

UNKNOWN. Okay, right, yes, probably not then. Smashing Security, episode 381, Trump shooting conspiracy, Squarespace account hijack, and the butt stops here with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 381. My name's Graham Cluley.

---

CAROLE THERIAULT. And I'm Carole Theriault.

---

GRAHAM CLULEY. And Carole, we're joined this week by a special guest, someone who hasn't been on the show for a while. It is, I'm delighted to say, Zoe Rose. Hello, Zoe, welcome back.

---

ZOE ROSE. Hello, it's lovely to be back.

---

GRAHAM CLULEY. Terrific to have you.

---

CAROLE THERIAULT. Welcome. How you doing, Zoe?

---

ZOE ROSE. I am wonderful. It's been a while since I've been on, so it's nice to catch up again.

---

GRAHAM CLULEY. Lovely to hear your voice too.

---

CAROLE THERIAULT. Let's thank this week's wonderful sponsors, 1Password, Vanta, and the M-WISE Conference 2024. It's their support that help us give you this show for free. Now, coming up on today's show, Graham, what do you got?

---

GRAHAM CLULEY. I'm going to be telling a story from the worldwide what the heck?

---

CAROLE THERIAULT. Okay, what about you, Zoe?

---

ZOE ROSE. I'm going to be talking about a personal story about Instagram and bottoms.

---

CAROLE THERIAULT. Ooh, okay, you win this week. And I'm going to chat about what 12% of all social media traffic referenced on this past Sunday. All this and much more coming up on this episode of Smashing Security.

---

GRAHAM CLULEY. Now, chums, chums, great news. I can report that everything is going just splendidly in the world of cybersecurity and cryptocurrency. So that's a first. That's great news, right? Absolutely. Everything's going really, really well. There definitely aren't any problems. None at all. No breaches occurring. We can all relax, take it easy.

---

CAROLE THERIAULT. Everything's tickety-boo.

---

GRAHAM CLULEY. Enjoy the summer break. Go and grab the deck chair, sit by the pool, come back in September to see if there's anything that needs fixing. Probably won't be. We've pretty much solved the whole problem. Well, is that true? Because I suppose there have been a few little problems which have occurred if you really want to nitpick.

---

CAROLE THERIAULT. And you love doing that.

---

GRAHAM CLULEY. What, nitpicking?

---

CAROLE THERIAULT. Yeah, it's what you do almost every week.

---

GRAHAM CLULEY. Like, I have nits.

---

ZOE ROSE. Where does that term come from?

---

CAROLE THERIAULT. Picking nits.

---

ZOE ROSE. You know how they're monkeys and they're picking bugs out of people's hairs or something? Yeah. That's what it means.

---

GRAHAM CLULEY. You sort of sift through the hair and you find a little beetle, a little bug or something, go, "There it is. Eee, me, me." And you squash it and maybe chew it if you're hungry.

---

ZOE ROSE. I feel like the topic that you're covering now is going to be a very large bug. Sorry, my brain works very weirdly. Carry on.

---

GRAHAM CLULEY. Well, I'm going to talk to you about Squarespace. You ever heard of Squarespace?

---

CAROLE THERIAULT. Yes.

---

ZOE ROSE. Yes, I have, yeah.

---

CAROLE THERIAULT. I know a number of people with websites on Squarespace.

---

GRAHAM CLULEY. Oh, okay. Interesting. So people, of course, use Squarespace to build and host their websites, but it's much more than that. These days, because last year Squarespace did a deal with Google. Squarepace, Square, I can't even say it, Squarepace.

---

CAROLE THERIAULT. Squarespace.

---

GRAHAM CLULEY. Squarespace.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. Said that it was acquiring from Google its Google Domains assets and customers. Now, if you haven't heard of Google Domains, it was launched around about 10 years ago. It was a domain name registrar and domain management service where you could set up your website, buy your domains if you wanted to, and configure how they were going to operate. And many other things that Google starts, it got a bit bored with it because Google really hasn't got very much patience. You know, plays with a toy for a while and then goes, oh, need something else now.

---

CAROLE THERIAULT. They can do that because they make money somewhere else, right? In their business model.

---

GRAHAM CLULEY. Well, they do. There are so many. There's actually a website where you can find out all the different projects that Google has killed off over the years. Everything from Google Wave and Google Hangouts and Google Buzz and Google Reader, Google Dodgeball. Do you remember that?

---

CAROLE THERIAULT. No, I do remember Google Reader though, and I used to use it. So that's—

---

GRAHAM CLULEY. Google Reader was brilliant. Google Reader was great. People are still very, very upset Google Reader was killed off as a way to read their RSS feeds. Google Aardvark. Oh! That was a social search service that connected users with their friends or friends of friends that are able to answer their questions so that these, you know, they've tried all kinds of things. But Google Domains, thankfully, didn't just kill it stone dead because obviously there are a lot of people using it. Instead, Google decided to sell it lock, stock and barrel, everything that was basically Google Domains to Squarespace.

---

CAROLE THERIAULT. Right.

---

GRAHAM CLULEY. And that meant 10 million domains. So by domain, I mean the URL. Basically, so smashingsecurity.com or carole.wtf. If you had purchased that via Google Domains, if you were administering it via Google Domains, now Squarespace are running it for you instead.

---

CAROLE THERIAULT. And very clearly said, Graham Cluley. Well done.

---

GRAHAM CLULEY. Thank you very much. You're welcome. And what these services do is they act like a telephone directory because if you didn't have domain registrars and management services. In order to visit a website, you would have to type in an IP address. So it'd be 192.168 blah blah blah blah blah blah. You know, you'd have to type in a number with dots in it rather than typing in smashingsecurity.com or whatever it is, amazon.com or whatever the website is. So it's really, really handy, these services. But now Squarespace is in charge of all of those users, of all of those websites. What could possibly go wrong?

---

CAROLE THERIAULT. Okay, before we answer that, I don't know about you, Zoe, but I would say from my echo chamber, I would understand Squarespace to have a good marketing—

---

ZOE ROSE. Squarespace?

---

CAROLE THERIAULT. Squarespace. What did I say?

---

GRAHAM CLULEY. Squarepace. I don't know where you got that idea from.

---

ZOE ROSE. Did I?

---

GRAHAM CLULEY. Oh God.

---

CAROLE THERIAULT. Squarespace. They appear a lot on ads, in podcasts and stuff and on YouTube and all these kind of places. On telly even. They have a big marketing budget. They've been around a while. I think they would know their game. I would feel okay about that, hearing it peripherally. You know, I'd be, oh, sounds like a good idea.

---

GRAHAM CLULEY. Well, yeah, it's a legit company, right? It's a well-known company. They've never sponsored us, and I suspect they never will. Uh-oh. I just have a slight feeling about that. So as I said, what could possibly go wrong with Squarespace now taking over those 10 million Google purchased domains.

---

ZOE ROSE. An organization taking over a lot of data, having an issue. I can't imagine, but they must have had a lot of data already.

---

CAROLE THERIAULT. You know, they must have had millions of users.

---

ZOE ROSE. Yeah, but my trust in organizations and being able to handle data— I mean, I do work in security, so we're all cynics.

---

CAROLE THERIAULT. My—

---

ZOE ROSE. Yeah, my trust is very low.

---

GRAHAM CLULEY. Yeah. Well, in the last couple of weeks, a number of websites have been hijacked. I'm not talking about the kind of websites set up by your Auntie Flo or your Uncle Bob, but ones run by organizations, in particular ones related to cryptocurrency.

So what is happening is these websites have suffered DNS hijacking attacks. That's a Domain Name Service hijacking attack. So as I said, when you are with a registrar, with a domain registrar and a domain management service managing your domain, you decide what IP address your website is actually at. So you can point it from the name to the actual server address, which will be that hard-to-remember number.

---

CAROLE THERIAULT. Like I choose a name and then my host says, okay, this is your IP address based on—

---

GRAHAM CLULEY. Yes, and people will remember you're at carole.wtf to see your art. But they wouldn't remember the actual number of your website.

---

CAROLE THERIAULT. Of course.

---

GRAHAM CLULEY. Because, you know, the human brain doesn't work that way, right?

---

CAROLE THERIAULT. Gotcha.

---

GRAHAM CLULEY. So what the hackers can do is if they manage to break into your DNS records, they can modify those records to redirect a legitimate website to a malicious website, such as a phishing page.

---

CAROLE THERIAULT. So, carole.wtf would go actually to a phishing site, not to my art.

---

GRAHAM CLULEY. Or a porn site, or who knows what site.

---

CAROLE THERIAULT. I wouldn't like that.

---

GRAHAM CLULEY. I know. Imagine—

---

ZOE ROSE. VPN.

---

CAROLE THERIAULT. Okay.

---

GRAHAM CLULEY. There's so many things I could say at this point, I'm not going to say.

---

CAROLE THERIAULT. Good.

---

GRAHAM CLULEY. So here's the scenario. You visit your favourite cryptocurrency website. Maybe it's your cryptocurrency exchange or where you have your cryptocurrency wallet of all your investments, where you store your NFTs or something like that, and you access it the normal way. You type in its URL, you get the URL correct.

You aren't clicking on someone else's link. You are typing in the URL, you get it absolutely correct, or you use your bookmarks where it really is the URL to that website.

---

ZOE ROSE. So your password manager is going to recognize this is legitimate and—

---

GRAHAM CLULEY. As well, absolutely, yeah.

---

ZOE ROSE. Which is an important part because I do know a lot of advice when it comes to security with phishing is, make sure it's the right URL and your password manager won't recommend the password if it's not the right URL.

---

CAROLE THERIAULT. Right.

---

ZOE ROSE. But in this case, it would be legitimate. So it'd be very difficult for somebody to recognize it.

---

GRAHAM CLULEY. And if they've made a lookalike page which appears to be asking for your credentials, so it looks just like the real site and you are at the real URL, albeit not at the right IP address, which you wouldn't know anyway, you've just handed your credentials over to identity thieves, fraudsters. It could be trying to steal your cryptocurrency, could try and grab your NFTs from any connected cryptocurrency wallets which you have. So actually, it'd be great news if you went to a porn site.

---

ZOE ROSE. That would actually be better.

---

GRAHAM CLULEY. Of course it would be better rather than having all your cryptocurrency stolen. So these kind of DNS hijacks are not unheard of. These have been happening for years.

It doesn't mean the website itself has been actually hacked or defaced, but it's more the telephone directory, if you like, has been altered.

---

CAROLE THERIAULT. It's like I'm trying to call you, and I get rerouted to someone who looks like you and sounds like you, but isn't you.

---

GRAHAM CLULEY. Can you imagine?

---

CAROLE THERIAULT. Only in my nightmares.

---

GRAHAM CLULEY. So I remember, for instance, just to give you an example, The Sun newspaper's website, it got DNS hijacked by the LulzSec hacking gang. And if you went to The Sun on that particular day, the front page story was that Rupert Murdoch had died in his front garden.

He'd tripped over some shrubbery and inhaled some palladium. And people would go there and believe the story to be true, 'cause they were at The Sun.

---

ZOE ROSE. Of course they were, yeah.

---

GRAHAM CLULEY. So, that's how convincing these things can be.

---

CAROLE THERIAULT. A very reputable paper.

---

ZOE ROSE. Well, and considering when it comes to the number one motivator for a malicious actor is financial gain. So—

---

GRAHAM CLULEY. Yes.

---

ZOE ROSE. Being able to steal the credentials of people's cryptocurrency wallets, that's lucrative. And how are they gonna be tracked?

And you know, there's lots of benefits there for a malicious actor.

---

GRAHAM CLULEY. So these websites which were experiencing this problem, as I said, they were cryptocurrency websites in the main. And the one thing they had in common is they were originally registered with Google Domains and have now been switched to Squarespace looking after their domain name registration and their records.

So, questions: Have the website owners been careless in their choice of passwords? No, they haven't. Did they fail to set up proper multifactor authentication when they set up their domains at Google Domains? No, they didn't.

---

ZOE ROSE. Well, they could have, but that doesn't necessarily— In this case, it wasn't related.

---

GRAHAM CLULEY. It wasn't related. So how did the hackers change the DNS settings for these websites, which are now being run by Squarespace.

And that is really the crux of this question. It looks like there's been an almighty screw-up when the domains were passed from Google Domains to Squarespace.

---

GRAHAM CLULEY. The exact method of the hack is unclear because Squarespace, quite frankly, isn't saying anything at the moment. At the time of recording, I'm just on their website right now.

---

CAROLE THERIAULT. I'm not seeing anything.

---

GRAHAM CLULEY. Right.

---

ZOE ROSE. I wonder if they're going to blame an intern.

---

GRAHAM CLULEY. Maybe it's that, or maybe they're just so desperately scrabbling around trying to work out a form of words to apologise or to fix all the people who've got problems. But it appears that there's been a security issue with the account recreation, because obviously they took these accounts which were at Google and they had to recreate the accounts at Squarespace when they transferred the domains.

And what appears to have happened is that Squarespace assumed people logging into their accounts on Squarespace would use the social sign-up options from Google, for instance, or Apple. You know how you can actually log in with another account to some of these things and log in, which I've always hated.

---

GRAHAM CLULEY. No, I don't really warm to that.

---

ZOE ROSE. I don't either. No.

---

GRAHAM CLULEY. But there is also an option to do it with an email address. And it looks like Squarespace— so difficult to say— looks like Squarespace assumed people would use those sort of third-party authentications rather than asking for an email address.

And what was found was that hackers were able to go to the login page having worked out what the likely email address would be of a particular website, enter the email address, and it wouldn't ask for any password authentication. Because Squarespace—

---

CAROLE THERIAULT. Oh my God.

---

GRAHAM CLULEY. Has already half-created those accounts when it moved them over. Because it's like, well, you kind of are an account because you have a domain here.

---

ZOE ROSE. I know.

---

GRAHAM CLULEY. And it didn't send any verification to the email address saying, is this really you logging in?

---

ZOE ROSE. Oh my goodness.

---

GRAHAM CLULEY. And even if you had multifactor authentication enabled on your Google Domains account back when it was Google Domains, that wasn't transferred to your account at Squarespace. So it's pretty easy, it appears, for those websites.

Let me remind you, 10 million websites which have been transferred over, and it looks like it's been fairly easy for people to compromise these websites and change their settings, provided they got there before the genuine users to sort of start off the sequence with Squarespace. So if they went there, which is quite plausible that they would.

---

CAROLE THERIAULT. While you have been talking, I've been flirting around their website, right?

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. To see if there's anything in a blog or buried somewhere off the main page. And I can't find anything.

---

GRAHAM CLULEY. Yeah. It's all news reports at the moment.

And there's a great piece, actually, by a group called Security Alliance. Some security researchers have been looking into this. They've written a very in-depth piece, which I'll link to in the show notes. All about how they think this has happened and what steps you should take if your domains are some of those which have been transferred from Google Domains to Squarespace.

In a nutshell, turn on multifactor authentication immediately. Make sure you don't have any other users associated with your account because potentially they won't have created a Squarespace account yet. So even if you sort out your account, other members of your team—

---

CAROLE THERIAULT. Yeah, so the first thing to do is review your account, right?

---

GRAHAM CLULEY. Do that. Turn on two-factor authentication.

See who else has access. But other than that, you might actually want to reconsider where your domain names are actually being managed from because maybe you need a more secure option because it doesn't look like there's any audit trails. It doesn't look like they were notifying people when changes were being made to their—

---

CAROLE THERIAULT. There's no information on their website. How many people must have been impacted and gone in and gone, oh God, oh God.

---

ZOE ROSE. Well, and also when it comes to a security breach, it's very hard to quantify it. So the part that you're talking about, oh, they might want to switch because they're not doing best practice.

The reality is they made a mistake. Yeah, they made an assumption, which we know what that— we know what that stands for. But also, you don't trust them anymore, right? So an organization that's impacted by that, their customers may not trust them anymore, even though they didn't make any mistake. So it's a multi-layer issue there. And also, I really like the idea that they just really, really messed up. Like, I was thinking it was going to be something complex, but no.

---

GRAHAM CLULEY. It does seem some silly assumptions were made. Now, it's not all bad news for Squarespace.

They can rebuild their reputation. In fact, I think they should start that right now. I think if they were to get into bed with some popular cybersecurity podcasts and sponsor them. In fact, for an increased rate, we could even completely edit out this story. So it'll be removed from our archive.

---

CAROLE THERIAULT. No?

---

GRAHAM CLULEY. Zoe, what have you got for us this week?

---

ZOE ROSE. I'm actually going to talk about Instagram. So I have an Instagram account, or I had an Instagram account.

I guess I technically still do, but it's disabled. But anyway. If you've heard people in the past complain about, oh, Instagram shows you such inappropriate photos on your feed, and everybody knows that those people complaining, they're seeing those inappropriate photos because those are the photos they look at. That's how the algorithm works. It wants to encourage you to stay on the platform, and so it suggests photos based on your viewing habits.

---

GRAHAM CLULEY. Yeah, it's learned what you like over time, hasn't it? Exactly.

---

ZOE ROSE. It doesn't want you to go off.

---

CAROLE THERIAULT. When I dyed my hair pink, I looked for a lot of pictures of people with pink hair, and then I had a lot of pictures being fed to me with people with pink hair.

---

ZOE ROSE. Exactly, exactly.

---

CAROLE THERIAULT. It's really clever stuff.

---

ZOE ROSE. Well, I mean, it wants to keep you on there, so it makes sense, right? It's creating that addiction. I need more pink hair.

My feed is less exciting. I typically look at plants and children's games, and I don't remember what else — cooking. I take a lot of recipes off Instagram. I don't know why, it's very weird.

But children's games, plants, and some other random stuff. Sometimes my child likes to look at fish, and so I've got aquariums on there.

That's the type of content. It's generally quite bland.

Oh, and books. I read a lot of books. I'm very nerdy, if you don't know.

I read a lot, and so I get a lot of recommendations and book recommendations. None of that relates to pornography.

I'm not a super exciting person, so I don't really look at Instagram for explicit photos. I'm sure people do. All the power to them. I don't.

Although, on, I think it was Sunday, maybe Saturday, I opened Instagram and the first photo that came up was quite explicit.

---

CAROLE THERIAULT. Was this in your feed?

---

ZOE ROSE. Yes, it was in my homepage. So I'm thinking, what is this? Was one of my friends' accounts hacked or something?

No, it's an account I've never seen before. I'm thinking, was my account compromised? No, what is going on?

And I clicked through the account that showed me this inappropriate photo, and it was clearly a sock account of some sort. It had only two photos. It was explicit.

Well, the main photo was a bottom. A very lovely bottom, I will say, but not really my interest.

---

GRAHAM CLULEY. Male or female? Do we know?

---

ZOE ROSE. Both of them were female.

---

GRAHAM CLULEY. Her suit, or — okay, right, yes, probably not then.

---

ZOE ROSE. As I said, she had a lovely bottom, if it was even hers. I mean, I think the account was just a fake account, but regardless, I was thinking, this is very weird.

And historically, I do get requests — I have a private account, and I do get requests from probably people going to send me malware where they are, you know, follow me or look at this cam or whatever, those kind of requests on Instagram. Obviously I block them all because again, I'm not interested, but I was thinking, how did this show up in my feed?

And so I blocked the account, and then I got another one. It wasn't bloody. Another one.

---

GRAHAM CLULEY. A bleeding bottom.

---

ZOE ROSE. This one wasn't bleeding. That would have been interesting.

But it was another one, and I'm thinking, okay, I have children, and as I said, sometimes my children like to look at fish, and I really don't want them seeing some image of somebody's bottom doing extracurricular activities. Don't really want them to see that. They're not ready.

---

CAROLE THERIAULT. They're not ready. No. And that's totally legit.

You're a mom and you share your Instagram sparingly with your kid and you don't want to have some kind of sexy, sexy hubba hubba something come up, especially when you don't follow that shit.

---

ZOE ROSE. Exactly. Exactly. And I was looking at it, I was thinking, how the heck does this show up on my feed?

Because I don't look at anything inappropriate on there. I even have the safe filters setting, so it blocks anything explicit. Talk about the most boring Instagram you could get. That's what I have.

So I'm thinking, why in the world does this show up? And I was trying to figure it out, and I realized it's ads.

---

CAROLE THERIAULT. How do you mean?

---

ZOE ROSE. I'm getting ads on my Instagram for inappropriate photos.

---

GRAHAM CLULEY. So someone is spending money to send you pictures of bottoms, right?

---

ZOE ROSE. Like, what a weird thing. I imagine it's one of those same approaches as usual where you try and get people to add your account and you're pretending to be this sexy lady and they click on your malicious link or download some malicious file, whatever.

I'm assuming it's the same kind of use case, I guess.

---

GRAHAM CLULEY. Chances are they're not spending their own money, they're spending someone else's money. Maybe compromised an account to try and drive traffic somewhere.

---

ZOE ROSE. Yeah, maybe the account is from your story where they got access to some crypto, have some money to spend, and they're trying to get people to click it.

---

CAROLE THERIAULT. Or maybe they get paid for every instance of viewing.

---

ZOE ROSE. Maybe, I don't know, right?

---

CAROLE THERIAULT. So I don't know, so they just spill it around.

---

ZOE ROSE. Yeah.

---

CAROLE THERIAULT. All over the internet and say, oh look, 10 million people saw your pictures.

---

ZOE ROSE. Look at this bottom, it's very sexy.

---

GRAHAM CLULEY. And the butt stops here.

---

CAROLE THERIAULT. Yeah, but it's like you're the butt of all jokes.

---

ZOE ROSE. But from my perspective, Meta, do you really need to mess up this badly? Like, okay, my children are not old enough to be on Instagram yet, thankfully.

I use it sparingly. I share photos of my children to my specific audience, you know, I'm very careful. Careful, yeah, that's the word. And it's frustrating because now I've disabled my account because there's no reason for me to be on there anymore, really, because I don't feel comfortable having that there in case if I ever do open it and my children are there, I don't want them to see that.

---

GRAHAM CLULEY. That's a bit of a shame for you though, isn't it? Because if you want to share photographs and things with your family and friends about your young children, for instance, or things that you're up to, you can't do that anymore, can you?

---

CAROLE THERIAULT. Good old PDF attachment.

---

GRAHAM CLULEY. Come on, there must be an easier way to do this. I'm going to put out the call to our listeners.

---

CAROLE THERIAULT. Yeah, the Bat Phone.

---

GRAHAM CLULEY. Yeah, that's right. We're going to put the sign in the sky, the Bat Signal, right now for Zoe Rose.

Listeners, Zoe needs a way to share photos privately with her family and friends. I imagine you want this end-to-end encrypted or something as well, right?

---

ZOE ROSE. Yeah, that would be the preference.

---

GRAHAM CLULEY. Because you don't want some big advertising firm or tech firm scooping up your data and doing God knows what, or training their AI from it or anything like that.

---

ZOE ROSE. Let's be honest, it is Meta that owns Instagram. Meta, the company that is responsible for 50% of all GDPR fines at this point.

So, you know, it's almost like I can only get better at this point. I was never comfortable using Meta anyway, because I don't like Facebook. I don't like Instagram, but I don't know of another alternative. I guess I'm just getting old. I don't know what's hip.

---

GRAHAM CLULEY. So we want something that's secure. Are you prepared to pay?

---

ZOE ROSE. I am prepared to pay at this point.

---

CAROLE THERIAULT. Mm-hmm.

---

GRAHAM CLULEY. Okay, listeners, we want to hear your suggestions. You can email us at , or you can also tweet us @SmashInSecurity, no G, Twitter won't allow us to have a G, and we will pass on your recommendations to Zoe.

Hmm.

---

CAROLE THERIAULT. I can't wait to see them as well.

---

ZOE ROSE. I will say, please don't recommend Flickr. Flickr does not have MFA.

---

CAROLE THERIAULT. Mm-hmm. There you go.

---

GRAHAM CLULEY. Oh, okay. Yep. Need MFA.

---

ZOE ROSE. All right. Definitely.

---

CAROLE THERIAULT. Back to the drawing board, people.

---

GRAHAM CLULEY. Don't send us any links which point to butts, for God's sake.

---

ZOE ROSE. Please don't.

---

GRAHAM CLULEY. None of that nonsense.

---

CAROLE THERIAULT. We've had enough butts around here.

---

ZOE ROSE. As I said, they're lovely bottoms. I'm happy for them to pursue their careers, but I do suspect that the people in the photo are not the people behind the account as well.

---

CAROLE THERIAULT. Look, some people with non-lovely butts might be offended right now because, you know—

---

GRAHAM CLULEY. Offended.

---

ZOE ROSE. Hey, I didn't specify what it looked like. Maybe I like not so lovely butts, right?

---

CAROLE THERIAULT. Good point.

---

GRAHAM CLULEY. Carole, what have you got for us this week? Follow that.

---

CAROLE THERIAULT. No, this is all a bit more serious, people. So last Saturday, July 13th, at a rally in Pennsylvania, the former U.S. president clutched his right ear before dropping quickly to ground.

And we all know what I'm talking about. Within seconds, members of the Secret Service surrounded him, and within a minute, the ex-president got up and pumped his fist towards the crowd as blood ran from his ear to his cheek.

Actually, if I were a Secret Service agent, you know, in that scene right then, and I'm trying to use my life to protect this asset, I'd be pretty annoyed that they pumped the air. I get they want to tell their fan club, hey, I'm okay.

But, you know, I'm a paid worker putting my life on the line. You know, just could you just, could you just cockroach out of here on the floor like a normal person?

Could you stop encouraging them from shooting again?

---

GRAHAM CLULEY. Because if I am made this time, please, God. Yeah.

---

CAROLE THERIAULT. Anyway, so this image of Trump standing bleeding from his ear, fist raised in front of the US flag, no less, is now known the world over, right? Loads of papers put on the cover the next day of their, I don't even know if they're newspapers.

And almost immediately after the incident, conspiracy theorists across the political spectrum began to speculate over the attempted assassination, causing this disinformation tsunami, right? And this is at a time when, you know, there's a highly politicized and divided America.

I think I can say that. And everyone wants to know what happened, who's behind it, and what happens next.

So what do you do? You go online.

---

GRAHAM CLULEY. Yeah, I want to know what Elon Musk is saying about it because surely he'll know what's happening.

---

CAROLE THERIAULT. I have a quote from him later in this segment, so you'll find out.

---

ZOE ROSE. Oh, do you?

---

GRAHAM CLULEY. Oh, what a surprise. What a surprise.

---

CAROLE THERIAULT. Now, quite a few of us hit the social for news in this situation. Can you guess how many US adults say they regularly get their news from socials?

This is according to Pew Research on this topic.

---

GRAHAM CLULEY. I would think these days it's going to be more than from newspapers or even television.

---

ZOE ROSE. I'm going to say 34.5%. Oh, that's very precise.

---

CAROLE THERIAULT. Holy moly, Zoe, you're on the ball. It's 3 out of 10.

Wow. So spot on, I'd say.

So 3 out of every 10 persons say, okay, that doesn't mean that they are doing it. I'm sure much more is going on, right?

They say, they admit to regularly getting their news from the socials. And we're talking here YouTube, Instagram, TikTok, X, and Reddit, right?

So first off, when you heard this news of the attempted assassination, did you have an initial thought on what might have happened? Did you have a narrative go through your head at all?

---

ZOE ROSE. I always have opinions, and my mind has many narratives going through it.

---

CAROLE THERIAULT. So I did too, right? And I'm going to share mine, but I wanted to know if you guys had any on your own.

---

GRAHAM CLULEY. Well, it was late night here in the UK. I was up and my phone bleeped with a BBC News alert saying that he'd been rushed off the stage. And at that point, they didn't say that he'd been shot. They just said rushed off the stage.

So I thought, well, maybe he'd had some sort of medical incident or fainted or something like that. But I thought I imagine there might be someone out there who doesn't like Donald Trump.

---

CAROLE THERIAULT. So you didn't go very deep.

---

GRAHAM CLULEY. And might have— Yeah, I know, I know. It's radical thinking. Yeah, well, is that the expert analysis you needed, Carole?

---

CAROLE THERIAULT. So I'm reading the headlines, the initial headlines. And I was concerned that maybe the whole thing was staged.

Oh. The reason I think I thought that was I'm thinking, this guy is wily, street smart, snubs bureaucratic governance, knows the power of martyrdom and all that. And I just thought, you know, and remember Bolsonaro, remember?

Yeah, in Brazil, right? There was an attempted assassination on him in 2018. He became the next country's president the year later.

---

GRAHAM CLULEY. Right. I think most people who are assassinated don't become the next president though, Carole, just for your information.

---

CAROLE THERIAULT. Attempted assassinations.

---

GRAHAM CLULEY. Oh, okay, okay.

---

CAROLE THERIAULT. But then I started reading, right? And so I hit news outlets like, you know, like Reuters and AP News, and I also went to PBS, I went to NPR, I went to Fox News, read a bunch of articles from them. And actually you can just go to our episode show notes actually, because all the sources are there.

So I wasn't alone in thinking that this whole thing might be staged, right? But the staging conspiracy was adopted by people regardless of political leaning. Right, though the message was kind of different.

So the whole keyword was staged. That was the keyword that was on the socials, right? So left-leaning conspiracy theorists seem to point the finger at the Republican Party.

Their supposed evidence was that there was no blood on Trump's face until he raised his hand to his cheek, although apparently this is difficult to confirm based on videos posted online. Nonetheless, they claim that Trump used a yellow squib to release fake blood.

---

GRAHAM CLULEY. Oh my goodness.

---

CAROLE THERIAULT. Like he was holding a little pellet, you know, and then he did a little Houdini and went, "Oh, my ear." Some said the photo was just too perfect, you know, with the flag in the background, the blood, the fist.

I think I thought that. I think that was my issue with it, that still was so powerful.

---

GRAHAM CLULEY. Yes, but do you remember Donald Trump's NFTs where they presented him as a superhero? Yes. And like—

---

CAROLE THERIAULT. Sadly, I do remember. Remember all those?

---

GRAHAM CLULEY. I mean, I mean, they were so badly constructed and so badly made and amateurish that I can't imagine that a picture that brilliant, as was the photograph of him on the stage— I don't think if they'd been responsible for it, it would've been anything like that good.

---

CAROLE THERIAULT. No, no, no.

---

GRAHAM CLULEY. Okay, yeah. So it didn't look on brand in a way.

---

ZOE ROSE. Yeah. I heard about it, but I didn't actually follow the whole story. Did anybody actually get hurt? Besides that?

---

CAROLE THERIAULT. Yes, yes, a person got killed, two people are severely injured in hospital, and the gunman was shot as well, wasn't he? Yep, he's 20 years old.

Yeah, they don't yet have a clear motive or reason yet, so at the time of recording they're still looking into that. There was also theories that the Secret Service allowed Trump to stand and pose as he was escorted off stage, so that was a whole show, that picture being so perfect.

---

ZOE ROSE. Yeah, but the thing that stands out to me is if you are shot or somebody attempts to shoot you, is the first thing you do stand up and say, I'm not hit? I don't know if you—

---

CAROLE THERIAULT. If everyone's relying on you.

---

ZOE ROSE. I've never been in that situation. I can't say what I would do. Piss yourself, maybe. I don't know. And the adrenaline might help, but I just find that very odd.

---

GRAHAM CLULEY. Yeah. There was a past presidential candidate, I think it may have been in the 1800s or something, who— he was shot.

---

ZOE ROSE. Yeah.

---

GRAHAM CLULEY. But after being shot, he carried on and gave his speech anyway. So, I don't think he was successful. I can't remember his name at the moment. But, so I think, you know, if you're driven—

---

ZOE ROSE. Fair enough.

---

GRAHAM CLULEY. Doesn't appear that Trump suffered a major wound, then he may well have thought, well, you know, I can carry on. I need to show that I'm the tough guy.

---

CAROLE THERIAULT. But remember, this is all happening in the first few hours, right? Before the FBI have even identified the person, right? We have also right-leaning theorists putting the blame at the feet of a number of people like Joe Biden, right? The president, or the U.S. Department of Justice, or other powerful actors.

---

GRAHAM CLULEY. I don't think it's Joe Biden who shot him. I don't think that's likely. I can't imagine him climbing up from a roof.

---

ZOE ROSE. I would also say I find those theories very strange. Like, if— I mean, maybe I'm out of touch, but I feel like if I'm going to assassinate someone, I wouldn't do it publicly.

---

CAROLE THERIAULT. Yeah, I don't know if you can get into the Trump compound or whatever, Trump Tower, wherever he hangs out these days. Mar-a-Lago, I don't know.

---

ZOE ROSE. Yeah, but if you're a nation-state actor, would it be that difficult?

---

CAROLE THERIAULT. I don't know. You're not asking the right person.

---

ZOE ROSE. I don't know.

---

CAROLE THERIAULT. I don't know.

---

ZOE ROSE. Anyway.

---

GRAHAM CLULEY. Come on, Carole, admit it. Admit it. You do know. You are a nation-state actor. Zoe's rumbled you.

---

CAROLE THERIAULT. So there are all these people online throwing all this stuff about, right? This muck about saying, this is what I think, this is what I think. But then you've also got powerful influencers, right? Fueling the fire or stirring the pot or however you want to put it. You have political advisors and Democratic donors. This guy urged supporters in an email late on Saturday to contemplate the, quote, possibility that this shooting was encouraged and maybe even staged so Trump could get photos and benefit from the buzz.

---

ZOE ROSE. Backlash.

---

CAROLE THERIAULT. Yeah, not one newspaper opinion leader in America is willing to openly consider the possibility that Trump and Putin staged this on purpose. Ask the question, people, he said. The next day he apologized, so I think he got, yeah, he was told to take that down. But Elon Musk apparently reposted multiple messages from an alt-right political activist asking how the shooter was able to crawl onto the closest roof to a presidential nominee, suggesting the Secret Service was intentionally remiss. One of these posts garnered some 91 million views so far.

---

GRAHAM CLULEY. So here we are now, right? It is 60 years since John F. Kennedy was assassinated. And there are still conspiracy theories swirling about that. There have been books and movies and all the rest of it and inquiries. Now, it's like that, but it's with petrol poured on top, isn't it? Because social media is inflaming these conspiracy theories.

---

CAROLE THERIAULT. Yeah, and you're right, references to these false assassination narratives amassed more than 100 million views in 24 hours on X alone, and that far exceeds the 35 million views for content related to false flag rumors and other conspiracy theories after school shooting in Uvalde, Texas in 2022.

---

ZOE ROSE. And I feel really bad for the person that was killed and the people injured, because they're just kind of not really important enough to be talked about.

---

CAROLE THERIAULT. I 100% agree, because it just goes to show how desensitized we might be becoming, because there was even bad taste memes in the first few hours. There was one, a bloodied ear becoming, for example, a reaction to hearing a new album by female singer Katy Perry, right?

So that was going around, and people are dead.

---

ZOE ROSE. Yeah.

---

CAROLE THERIAULT. So who's behind all this noise, right? And someone might argue that we all are, you know, because we're all vulnerable to wanting to figure out why something shocking's happened. And we only have a few puzzle pieces, and then we're given a bunch more and we have no idea if they're duds or if they're legit.

And then we make this whole viewpoint up and we share it online.

---

ZOE ROSE. Well, and I'd like to point out what you did, which I think is very important for people to recognize, is you looked at multiple sources, even the ones you might not agree with and the ones that you suspect are skewed in their opinion. I think that's really important.

When I used to do— I've never worked in intelligence, but I've worked beside intelligence, with the team, and I always make sure to look at multiple sources and consider somebody else's opinion that I don't agree with because it's really easy to create an echo chamber online.

---

CAROLE THERIAULT. Well, to that point, the social media analysis company Sciabra found that 45% of profiles on X, Facebook, Instagram, and TikTok spreading the theory that the shooting was orchestrated by Mr. Trump were fake accounts. And PeakMetrics, a firm that tracks online trends, said the conspiracy theories made up 12% of all social media traffic referenced the shooting at some point on Sunday.

---

GRAHAM CLULEY. So who's controlling those accounts and why?

---

CAROLE THERIAULT. And who's paying for it? So to Zoe's point, be careful where you get your information.

Double, triple check your sources before you start mouthing off. I really tried in this story.

And if you screw up, most importantly, own it and apologize, remove the statement and move on. Don't leave it there to fester with no comment.

Because, you know, especially in the States, free speech includes the right to spout snake oil and horse poop and all the other synonyms you guys can come up with. Quackery.

---

GRAHAM CLULEY. Whether you're starting or scaling your company's security program, demonstrating top-notch security practices and establishing trust is more important than ever. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money while helping you build customer trust.

Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing trust center. All powered by Vanta AI.

Over 7,000 global companies like Atlassian, Flow Health, and Quora use Vanta to manage risk and improve security in real time. Get $1,000 off Vanta when you go to vanta.com/smashing.

That's vanta.com/smashing for $1,000 off.

---

CAROLE THERIAULT. Are you looking for a security conference where frontline practitioners get solutions to the toughest challenges they face? You're looking for M-WISE. Built by practitioners for practitioners, M-WISE is a unique intimate community where expert knowledge is shared in a non-competitive, non-commercial spirit, brought to you by Mandiant, now part of Google Cloud. It's a place where real talk and serious knowledge are shared generously, and where the focus is on the practical tactical solutions that make sense right now.

M-WISE is vendor-neutral and not sales-focused. Even better, you'll get ample opportunity to connect one-to-one, not only with your peers, but with the experts. And this year, they're taking it up a notch in Denver. So get ready for microbrews, killer views, and serious cyber. Join M-WISE from September 18th-19th in Denver. Get details at smashingsecurity.com/mwise. That's M-W-I-S-E. And thanks to M-WISE for sponsoring the show.

---

GRAHAM CLULEY. In a perfect world, end users would only work on managed devices with IT-approved apps. But every day, employees use personal devices and unapproved apps that aren't protected by MDM, IAM, or any other security tool. There's a giant gap between the security tools we have and the way we actually work. 1Password calls it the access trust gap, and they've also created the first-ever solution to fill it.

1Password Extended Access Management secures every sign-in for every app on every device. It includes the password manager that you know and love, and the device trust solution you've probably heard of on this podcast, back when it was called Collide. 1Password Extended Access Management cares about user experience and privacy, which means it can go places other tools can't, like personal and contractor devices. It ensures that every device is known and healthy, and every login is protected. So stop trying to ban BYOD or shadow IT and start protecting them with 1Password Extended Access Management. Check it out at 1password.com/smashingsecurity. And thanks to 1Password for supporting the show.

And welcome back. And you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.

---

CAROLE THERIAULT. Pick of the Week. Pick of the Week.

---

GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something. It could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish. It doesn't have to be security-related necessarily.

---

CAROLE THERIAULT. Better not be.

---

GRAHAM CLULEY. Well, my pick of the week this week is not security related. My pick of the week is a TV program which I watched, and I have to tell you, I had a rather interesting experience while watching it. I watched a show on ITV. First of all, that's a bit of a novelty, watching something on ITV, which is the independent channel here in the UK. It's called Douglas Is Cancelled. Have either of you seen this show?

---

CAROLE THERIAULT. No.

---

GRAHAM CLULEY. It's only just come out. You can watch it streaming on ITVX. It's the story about a middle-aged white TV news presenter played by Hugh Bonneville, who you may remember from Downton Abbey. And he's got a younger, attractive female sidekick played by Karen Gillan, who was in Guardians of the Galaxy and Doctor Who and things like that. And this TV presenter, Douglas, he is accused on Twitter of making an ill-advised sexist joke at a wedding. And social media begins to turn against him.

---

CAROLE THERIAULT. Okay.

---

GRAHAM CLULEY. And of course, you're wondering, what's the joke going to be? And you don't actually find out what the joke is all about until towards the end of the series.

It's in 4 parts, this show. So it's a bit of a mystery hanging in the air. And it's— that's not really the main reason to watch, though. And I'd read some good things about this. And so I said to my wife, I said, let's watch this on the telly. Okay, let's give it a try.

---

CAROLE THERIAULT. Listen to my wife just throwing it out there in all au naturel.

---

ZOE ROSE. I know, I was just gonna say.

---

GRAHAM CLULEY. She is my wife. And I said, you know, let's— And to be honest, the first couple of episodes left me pretty cold.

I wasn't very interested. I didn't really care.

---

CAROLE THERIAULT. I'm surprised.

---

GRAHAM CLULEY. I very nearly didn't watch anymore, but I read online that episode 3 was good. So I carried on, and I'm pleased I did.

Because it is one of the most uncomfortable, tense, and disturbing things I've ever seen on television.

---

CAROLE THERIAULT. What?

---

GRAHAM CLULEY. Episode 3 of this programme, yep. My wife and I were literally watching the TV with our eyes covered.

She actually told me at one point, you know, turn the sound off and you can watch the subtitles, because she didn't want to hear what was happening.

---

CAROLE THERIAULT. Yeah, I understand that. I get that. It's just I hide behind the sofa and go, I can't, I can't, I can't.

---

GRAHAM CLULEY. Yeah, it's I can't even hear what's happening. But for a seemingly benign TV programme to take such a dark, sudden, gut-wrenching twist was really, really alarming.

But it was also superb.

---

CAROLE THERIAULT. Cool.

---

GRAHAM CLULEY. So, I don't want to give anything away about what happens, but the final two episodes of Douglas Is Cancelled— I said, it's four episodes in total— make it must-see, thought-provoking TV. So, my pick of the week, I'd really recommend it, is Douglas Is Cancelled.

And I'd love to discuss it with people who've actually seen the programme. I don't want to give anything away to people who have yet to experience it. So that is Douglas Is Cancelled, my pick of the week.

---

CAROLE THERIAULT. Bold recommendation.

---

ZOE ROSE. I'm not gonna lie. I'm gonna be honest with you. This is a secret that nobody can share, obviously.

When I get really anxious about movies, or, well, more accurate, books, I read the end. And then I go back and read the rest.

---

GRAHAM CLULEY. Not a bad idea. Not a bad idea. Zoe, what's your pick of the week?

---

ZOE ROSE. Mine is definitely not technical because every time I'm on, Carole is you can't have it technical. So every time I try and think of something, I'm can't be technology, can't be technology.

So mine is child-related. I have two children now. Which is—

---

CAROLE THERIAULT. Congratulations.

---

ZOE ROSE. Yeah, it's a big thing.

---

CAROLE THERIAULT. You get a lot of time off. I hear that you get a lot of time off during that time.

---

ZOE ROSE. So much. So I'm also a single mom, so it makes it even more time off. Obviously I have all the time in the world and tons of sleep. But the biggest problem I have is I have two children, and yes, I have two hands, but I also need to do other things.

And they're young enough that they both want to be carried. And buggies or prams, or what are they called otherwise?

Strollers. Yes, strollers are not the most useful things. Like, if you've got a single stroller or buggy or pram, then you have another child you're carrying.

If you've got a double, you run into it's really long and awkward, or it's really wide and awkward. And so, hello again, Instagram.

Now it's Instagram moms recommended, because in North America you see a lot of Instagram moms with wagons. They're like wagons for children, so they've got like seats.

So that's what inspired me to buy my pick of the week, which is literally a wagon. But it's a wagon that you push like a buggy.

It's the greatest thing in the entire world, and I absolutely adore... What's its brand? Pinolino.

---

GRAHAM CLULEY. Pinolino. And it's a klappbollerwagen.

---

CAROLE THERIAULT. Oh, I'm looking at it.

---

GRAHAM CLULEY. Yes.

---

ZOE ROSE. It's brilliant because I can walk with children and stuff. I could take it swimming.

I could take it to the shopping centre and buy stuff and fill it. Even today, I went, dropped the kids at crèche and then went to the shop and bought some food, and I filled it with food.

So it was amazing. I love it. Greatest thing ever.

So not technical, although I do call it my Cyber Wagon.

---

CAROLE THERIAULT. It looks amazing.

---

GRAHAM CLULEY. Yeah, right. And links in the show notes if anyone wants to go check it out.

---

ZOE ROSE. And if you don't have children, my colleagues have said it also would be great if you're coming home from the pub and one of your friends wants to push... Carole, what's your pick of the week?

---

CAROLE THERIAULT. Okay, so I have a new cat. I've adopted a stray young mum cat.

---

GRAHAM CLULEY. Hooray!

---

CAROLE THERIAULT. Yeah, and she's fab, but she's not microchipped or spayed or fully vaccinated yet, and that's coming next week. But I've needed to keep her indoors until I can get all this done.

And we're kind of midway through this process and it's been hard weeks. I know I'm bitching to a person who has a parent of two human children, but Kate, last week she got out and she came back in heat.

And then we had this tomcat stalking us outside for three days, meowing for her. And she's sitting there flirting at the window like a pervert.

And he's all like, "Ugh." It was disgusting. Anyway, so I needed a distraction.

Distraction, right? I needed a distraction. So I bought some toys and stuff.

Seems to... she prefers our sofa to any scratching post, but whatever. What do I do?

What do I do? What do I do to keep her entertained? The answer came to me.

Someone must have invented cat TV, right? If you can imagine it, must exist. Rule 34.

So people have put hours upon hours of TV featuring birds, and rodents and whatnot. And my little Wilmington Wilma loves it.

She watched for an hour last night while we had dinner.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. It's basically you have this cute setting, like maybe a little nature scene or a backyard or a deck, and someone's put some food in front of a high-def camera. And allons-y, right?

And then these birds come and chipmunks and all kinds of shit. And she tries to... it's all great except when she gets excited and jumps on the desk, hits the keyboard and kills the video.

And then she mews and like little servants, we come along and give her her fix. Anyway, so my pick of the week, Cat TV.

If you have a bored, irritated, annoyed cat because they really wanna be outside and they can't be yet, maybe this is for you. So links in the show notes of my preferred.

---

ZOE ROSE. Maybe that would work for children.

---

CAROLE THERIAULT. I think it would.

---

ZOE ROSE. My eldest does like to look at birds and I debated getting one of those feeders that have a camera. So maybe.

---

CAROLE THERIAULT. Okay, seriously, I will send you the link of my favorite bird one so far. It'll be in the show notes as well. Listeners, try it on your kid, let us know, because I bet they will love—

---

ZOE ROSE. Just don't judge me.

---

CAROLE THERIAULT. No, no judgment. God, where we can get peace, baby.

---

GRAHAM CLULEY. Brilliant. Well, that just about wraps up the show for this week. Zoe, I'm sure lots of our listeners would love to find out what you're up to and follow you online. What's the best way for folks to do?

---

ZOE ROSE. Well, so probably the best place would be my website, which is rosesec.com.

---

GRAHAM CLULEY. And you can follow us on Twitter at Smashing Security, no G, Twitter announced ever, Jean. Don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.

---

CAROLE THERIAULT. And huge, huge thank you to our episode sponsors, that's 1Password, Vanta, and the MYIS Conference 2024. And of course, to our wonderful Patreon community. It's thanks to them all that this show is free. For episode show notes, sponsorship info, guest list, and the entire back catalog, more than 380 episodes, check out smashingsecurity.com.

---

GRAHAM CLULEY. Until next time, cheerio, bye-bye. Bye.

---

ZOE ROSE. Cheers.

---

CAROLE THERIAULT. Yeah, how do you have 380 episodes?

---

ZOE ROSE. That's insanity.

---

GRAHAM CLULEY. That is the definition of insanity.

---

CAROLE THERIAULT. I think Graham and I passed that limit a while ago.

---

GRAHAM CLULEY. Episode 124, I think, was probably the— That's when sanity finished.

---

CAROLE THERIAULT. Yeah, that's when it all came undone.

---

ZOE ROSE. Who was on that episode? Were they the cause?

---

GRAHAM CLULEY. Hang on, let's see, shall we? Hang on, I'll tell you. Hang on. 124.

---

CAROLE THERIAULT. Let's see who it is.

---

GRAHAM CLULEY. Brian Honan from Ireland.

---

ZOE ROSE. Definitely the cause.

---

GRAHAM CLULEY. Yeah.

---

ZOE ROSE. Definitely. I worked for him. I'm gonna text him, you caused Graham and Carole to go crazy.

---

CAROLE THERIAULT. Thank you so much, Zoe, for coming on the show. We appreciate it so much, especially with your crazy, crazy relaxing schedule.

---

GRAHAM CLULEY. Yes, bottoms up to you.

-- TRANSCRIPT ENDS --