This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

---

GRAHAM CLULEY. Is it really very wise to cover an electricity plant with tin foil or whatever it is?

---

CAROLE THERIAULT. Look, I'm leaving it to the experts. It's just an idea. I'm just spitballing.

---

UNKNOWN. Smashing Security, Episode 384: A Room with a View, AI Music Shenanigans, and a Cocaine Bear with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 384. My name's Graham Cluley.

---

CAROLE THERIAULT. And I'm Carole Theriault.

---

GRAHAM CLULEY. Carole, the excitement continues.

---

CAROLE THERIAULT. Before we kick off, let's thank this week's wonderful sponsors: 1Password, Vanta, and Sysdig. Now, coming up in today's show, Graham, what do you got?

---

GRAHAM CLULEY. I'm going to be taking a look through the lens of property hunting in Ukraine.

---

CAROLE THERIAULT. Okay, and I'm going to be talking about zygotic wash stands. All this and much more coming up on this episode of Smashing Security.

---

GRAHAM CLULEY. Now, Carole, do you ever find yourself watching property programs on TV? Do you enjoy those? Are there any particular ones you really love?

---

CAROLE THERIAULT. No, I like lots of them over time. Right. I loved when, you know, you had that one where the neighbors would come over and do up your living room for $300.

---

GRAHAM CLULEY. Changing Rooms.

---

CAROLE THERIAULT. Changing Rooms. Love that one.

---

GRAHAM CLULEY. That's from the '90s with Carole Smiley. Location, Location, Location. Grand Designs.

---

CAROLE THERIAULT. Yep. Oh yeah. Grand Designs. Very good.

---

GRAHAM CLULEY. Selling Sunset.

---

CAROLE THERIAULT. You know them. Yeah, yeah, yeah. I like all that. I think it's my favourite type of porn is property porn.

---

GRAHAM CLULEY. Oh, okay. Yes. Right. Yes. Lovely worktops. That sort of thing. Well, many of us can only dream, can't we, about one day escaping to the country or buying a little place in the sun or a bijou hideaway in the bright lights of the city. What would be your dream pad, or what would you really desire property-wise one day? What sort of property would you have?

---

CAROLE THERIAULT. I would probably have a small cabin in a big wood, and it would have a lake and maybe a waterfall somewhere, all overgrown and beautiful and mine, with lots of animals running around.

---

GRAHAM CLULEY. It sounds a little bit remote to me though, Carole. Are you going to have broadband? Are you going to have all the amenities which you may want?

---

CAROLE THERIAULT. I don't need a lot of amenities, right? I do yoga, I paint, I do podcasts. As long as I get those things done, I'm all right.

---

GRAHAM CLULEY. You need a supermarket as well. Don't forget that. You need some facilities.

---

CAROLE THERIAULT. There's deliveries, there's drones.

---

GRAHAM CLULEY. Well, they might not deliver to the middle of your— oh, by drone. Well, perhaps, I suppose. I think there's things which people look for when they're buying a property. I mean, price is obviously a big factor, right?

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. Size can be an issue. You've got a big yeti who you live with. Can you fit your grand piano in? If you were buying a penthouse apartment, sounds like you're not, but I'm guessing you'd care about the views as well if you got something like that. So maybe you'd be after a city skyline that could be spectacular or a lovely waterfront to look at or a historical landmark or perhaps a Ukrainian energy plant.

---

CAROLE THERIAULT. Well, I have looked at an old waterworks building that had gone up for sale as a domestic residence. I was very swoony about it. So I can understand that whole industrial chic.

---

GRAHAM CLULEY. I think Victorian waterworks, that's really another term for disused sewage centre, isn't it? I mean, that's right.

---

CAROLE THERIAULT. Very well built, turns out. They really wanted to keep the shit in.

---

GRAHAM CLULEY. Certainly could have a certain ambiance. But anyway, so I think a view of a Ukrainian energy plant, that could be interesting. It seems some people are indeed snapping up high-rise apartments with views of critical infrastructure in that particular war-torn country.

Which seems to me a bit of an odd choice. Do you really want to be near critical infrastructure if Vladimir Putin is lobbing a whole load of missiles and drones towards it?

---

CAROLE THERIAULT. I'm trying to figure out why they would want to do it.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. Maybe to make sure they have energy, you know, the closest served.

---

GRAHAM CLULEY. Oh, if the power cuts out, you can just get a USB cable, plug in.

---

CAROLE THERIAULT. Yeah, a really long extension lead. Just go plug in.

---

GRAHAM CLULEY. Well, we've just seen a man arrested by Ukraine's secret service, the SBU, because he was renting several apartments in high-rise buildings with glamorous views over local energy facilities. According to intelligence agencies, authorities in Ukraine, the man decided to rent out the apartments after being offered what was euphemistically called easy money via Telegram.

---

CAROLE THERIAULT. What's that mean, easy money?

---

GRAHAM CLULEY. It means there's a way you can make a bit of money here. Here I am on this sort of slightly dodgy messaging app. Would you like to earn some money? All you've got to do for us is a little bit of a—

---

CAROLE THERIAULT. No, okay. Okay. Whoa, whoa, whoa. Most people who buy apartments in the view of renting them out will go on some site and say, hey, do you want it?

---

GRAHAM CLULEY. Perhaps so. I don't know if you'd necessarily go on Telegram and accept easy money. You'd think maybe there'd be some sort of strings attached.

Apparently, the people contacting him via Telegram were Russia's military intelligence service, the GRU. And they recruited the man to install cameras in his apartment.

---

CAROLE THERIAULT. Aha.

---

GRAHAM CLULEY. Do you remember the early days of the internet when there wasn't much to look at?

---

CAROLE THERIAULT. I was very young.

---

GRAHAM CLULEY. You probably weren't even existing in the early days. I remember when there was a main list about cryogenic suspension.

There was a coffee pot at the University of Cambridge you could check on to see what it was up to. And after a few years, you began to hear about sites like Jennycam.

And Jenny was the world's first cam girl. She had a webcam, which was quite an unusual thing to own in those days, in her dormitory at Dickinson College.

And it automatically took a photograph of whatever was going on in her room every few minutes and broadcast it.

---

CAROLE THERIAULT. I seem to remember you when I was a bit hard up for cash in the early days of our friendship, you kept saying to me, quote, webcam your house, as though that was the best solution I could do.

---

GRAHAM CLULEY. I thought there was a market for it.

---

CAROLE THERIAULT. I'm sure there was a market for it.

---

GRAHAM CLULEY. I wasn't suggesting you do anything sexy.

---

CAROLE THERIAULT. You were basically saying sell your soul to the internet if you want to pay rent easily.

---

GRAHAM CLULEY. I thought some good passive income— don't make me sound like some kind of Andrew Tate character.

---

CAROLE THERIAULT. I'm not making you sound— did you or did you not say that?

---

GRAHAM CLULEY. Right, I did, but I wasn't saying do anything sexy. That's the thing.

These days, if you hear about webcam girls, you imagine it's something else entirely. But in those days, I think people were just looking for anything on the internet.

It was a bit, I imagine, like watching Big Brother. You watch the TV show and you would watch them 24 hours a day as they were scratching their bottom or whatever, or organising dinner.

---

CAROLE THERIAULT. You're really, really down some weird rabbit hole right now. I just want you to know that.

---

GRAHAM CLULEY. Anyway, this JennyCam girl, she became an internet sensation. She was even famous enough to appear on David Letterman in 1998 alongside Samuel L. Jackson. Now, no one else ever subsequently ever had the thought again of live streaming cameras in women's bedrooms.

That definitely isn't a thing, and it wasn't something I suggested to you. At least it wasn't suggested to you in a pervy way or anything like that.

I just simply thought— anyway, the thing is, it hasn't become a phenomenon. But if you were approached by Russian military intelligence and they asked you if you could put some cameras in your apartment, you might think it was maybe to boost the morale of their troops on the front lines.

---

CAROLE THERIAULT. No, I think 99.99% of the people who would ever be approached by the GRU in this situation would be bricking it. This is not a very fun situation for anyone to find themselves in.

---

GRAHAM CLULEY. It wasn't because the Russian military wanted to watch this particular chap.

---

CAROLE THERIAULT. Of course.

---

GRAHAM CLULEY. The cameras, they weren't pointing inwards, as you've guessed, Carole, because—

---

CAROLE THERIAULT. Right.

---

GRAHAM CLULEY. Yeah, that's because you're smart, Carole. That's because you have worked it out.

---

CAROLE THERIAULT. So are all our listeners. We all understand that the Russians were interested in the energy facilities nearby.

I think we're all with you, Graham.

---

GRAHAM CLULEY. That's right. From the high-rise apartments, that's what they were looking at.

And in a statement posted on Telegram, Ukrainian law enforcement have announced they've arrested this alleged Russian spy in Kyiv and that he had installed video cameras with remote access software allowing Russia to monitor Ukraine's critical infrastructure in real time. And the reason for this, of course, is that the Russian forces wanted to be able to assess the impact of recent airstrikes by accessing the footage and identify anti-aircraft defense systems put in place by Ukraine.

---

CAROLE THERIAULT. Not good stuff for Ukraine, you know, ultimately.

---

GRAHAM CLULEY. Well, I think there's a lot of not good stuff happening for Ukraine right now. Yes.

---

CAROLE THERIAULT. I'm not arguing that point. I'm just I can understand why the Ukrainian authorities decided to detain this guy.

---

GRAHAM CLULEY. And when they got him, they actually caught him in the act of allegedly setting up one of these new CCTV cameras to record an airstrike on the city. They also seized his phones and video cameras, which contained evidence of what they called intelligence and subversive activities for Russia.

If convicted, let's face it, it's quite likely he will be, if convicted, he faces life imprisonment. And his cameras and phone being confiscated.

Now, I'm not— I think I've got a good idea as to which one's going to bother him more. But all of this makes me think, we've often worried about CCTV and webcams being hacked by perverts or sextortionists, or hackers exploiting baby cams to spook children.

But surveillance cameras can clearly be abused in other ways as well.

---

CAROLE THERIAULT. Yes, everyone should worry now about geopolitical terrorism information that'd be taken from your webcams and your Ring outside your door?

---

GRAHAM CLULEY. Well, maybe not my Ring doorbell. I'm not sure that's pointing anything too critical. But clearly, sometimes these surveillance cameras are being installed intentionally close to places where there is critical infrastructure.

I mean, that's the point, right? If you've got critical infrastructure to protect, you're probably going to have security cameras. So you better darn well make sure that they can't be hacked, they can't be accessed remotely, that you've got them properly locked down.

And sometimes these things can actually be technology which has been made in other countries, maybe has vulnerabilities, maybe your government has cut a few corners when it's budgeted for this and hasn't got them properly locked down and hasn't got them properly secured.

---

CAROLE THERIAULT. I have a solution. I've got a solution.

---

GRAHAM CLULEY. Go on then.

---

CAROLE THERIAULT. You just— there's that— remember that artist? I don't remember his name, but there's this artist that used to cover buildings in swaths of material.

---

GRAHAM CLULEY. Tony Temple?

---

CAROLE THERIAULT. No, no, no. Big, big buildings. He did one I know in Germany.

He did a bridge, I think. So he covers the whole thing. I'll find it and put it in the show notes, listeners.

---

GRAHAM CLULEY. Right.

---

CAROLE THERIAULT. So you just need to hire some guy and they can do some really artsy thing and basically cloak the entire building under these sheets of cloth. And then no one knows what's going on inside.

---

GRAHAM CLULEY. Is it really very wise to cover an electricity plant with tinfoil or whatever it is?

---

CAROLE THERIAULT. Look, I'm leaving it to the experts. It's just an idea, I'm just spitballing.

---

GRAHAM CLULEY. So Russia is also aware of this threat. Last month, it warned people living in areas at risk from Ukraine's counter-offensive to stop using surveillance cameras altogether.

They said turn them all off, cover them up, as they feared they could be exploited to gather information by Ukraine's forces. And earlier this year in Ukraine, they found surveillance cameras on residential buildings in Kyiv.

They took them down because they had allegedly been hacked by Russia to spy on air defense forces, critical infrastructure.

---

CAROLE THERIAULT. That's very interesting, though, you know, because you have a lot of people are, oh, you know, authorities want you to film everything because it makes everyone's job easier. You know exactly where who was, where, what they did.

Yeah, police love them. And it's great within a geography until that geography is at war or having fights with someone else, because then obviously it could be hacked. It's just an interesting weakness I've never thought of, actually.

---

GRAHAM CLULEY. Even if you're just watching the road, I mean, you may be able to monitor troop movements. In this case, at these residential buildings in Kyiv, the cameras had initially been put there to monitor the surrounding area, the parking lot, but the hackers, after gaining access, changed the viewing angles and set them up to stream footage live to YouTube.

Again, probably trying to help direct drone attacks and missiles en route to Kyiv. So, there you go, Carole. Are you going to get a video camera on your doorbell?

Are you going to put one up in your bedroom? I know I suggested it 30 years ago, but—

---

CAROLE THERIAULT. Yeah, maybe now I'll think it's a great idea. Yeah, I'm going to webcam my house, Graham.

---

GRAHAM CLULEY. Carole, what's your story for us this week?

---

CAROLE THERIAULT. Okay, zygotic washstands. Doesn't that sound beautiful?

---

GRAHAM CLULEY. Ah, fantastic.

---

CAROLE THERIAULT. Our story today focuses on the music industry. Now, we all know that the moneymaker, or one key moneymaker for musicians and songwriters and the like, is royalty payments. There are different types of royalties out there.

I didn't know this. So in the US, you have mechanical royalties, and that's whenever the song is streamed or downloaded online.

You have performance royalties. This is where the music's publicly performed, on radio or in venues.

You have sync royalties or synchronization royalties. This is where the music is used in visual media, films or TV commercials, video games, YouTube, that sort of thing.

And then you've got print royalties, where it's the sheet music that's sold.

---

GRAHAM CLULEY. Is that still happening? I know that used to be huge.

---

CAROLE THERIAULT. Of course it's still happening. People learn how to play music all the time, right?

You get an instrument and then you go get, "I want to play Paul Simon's best song" or whatever, right? So basically, the more downloads or more streams or plays or sales or whatever, the more moolah the royalty holder gets.

And Graham, remember, we used to talk — this is ages ago, but we used to talk about writing a Christmas hit. Because our thinking was, you know, if it gets picked up and becomes a classic, we can rest on our rich asses for the rest of our days.

---

GRAHAM CLULEY. I actually remember my song which I wrote for that purpose.

---

CAROLE THERIAULT. Oh, okay. Do you want to sing it now?

---

GRAHAM CLULEY. I could sing it now, but I'm a little bit worried it might get ripped off. I don't—

---

CAROLE THERIAULT. No, don't worry.

---

GRAHAM CLULEY. It was called Sausage Dog. If anyone encounters me, I will sing it to them in person, but I'm not sure I should put it on the podcast.

---

CAROLE THERIAULT. So this was your Christmas—

---

GRAHAM CLULEY. It was a Christmas novelty song called Sausage Dog.

---

CAROLE THERIAULT. Yeah. I remember it. Don't worry, Graham, no one's going to steal that from you.

Because I don't think either of us had enough musical talent to do any crooning. And everyone on the planet has the idea of "Oh, if we only wrote a Christmas song, it'd be amazing."

But it seems as if you do have the talent, and maybe a dash of luck and a sprinkling of magic, you can make some serious cash in the music industry, our man of the moment here, Michael Smith. So this 50-ish, your age, Graham, right?

A North Carolinian. He's been living this dream literally, because songs that he's published are getting an enviable glut of listens across all the platforms.

So you've got Amazon Music, Apple Music, Spotify, YouTube, and all these listens translate into royalties.

---

GRAHAM CLULEY. Hang on, his name is Michael Smith. Should I know him?

I don't recognize his name. Is he famous?

---

CAROLE THERIAULT. See, I don't recognize his name either. But get this, right?

Why would you? Loads of people put music out and we never hear of them.

But this guy, this guy, he's not just getting a tiny bit of royalty. This guy's making it to the tune of $10 million.

---

GRAHAM CLULEY. Well, that's doing very well.

---

CAROLE THERIAULT. Mon Dieu, you know? I mean, you got to get a lot of listens to get that much money in royalties.

---

GRAHAM CLULEY. Well, yeah, it's not selling records. I mean, the number of listens you'd have to get on Spotify, for instance, to earn that sort of money would be astronomical, I'd expect.

---

CAROLE THERIAULT. I mean, that's enough to buy you a McMansion or a belt with a gold buckle. Your own podcast.

---

GRAHAM CLULEY. I can see your priorities lie.

---

CAROLE THERIAULT. So how come we haven't heard of this guy, Michael Smith, right? Because you'd think even the mainstream press would be piqued by a guy with such musical talent and business acumen as to make that much cash. It turns out that Michael Smith has published a lot of music. So it's not like one song has gone viral and everyone's listening to it.

It's more his royalties are spread across his music catalog. I mean, fair enough, right? That's a bit Bob Dylan, right? He gets royalties for Mr. Tambourine Man, and then he also gets them for All Along the Watchtower and whatever else, you know, he's prolific. He has 40 studio albums.

That's crazy. But Michael Smith is even more prolific than our Bob. Okay, because Michael Smith has created hundreds of thousands of songs, Graham. Hundreds of thousands.

---

GRAHAM CLULEY. Come on. Hundreds of thousands.

---

CAROLE THERIAULT. How the flip does Michael do that? AI to the rescue. So our Michael is actually a big fat scammer who has been aiming to game the musical industry since 2018. Here's how he did it.

Here's a rough outline of the game.

---

GRAHAM CLULEY. Okay, I'm making notes. This sounds good.

---

CAROLE THERIAULT. I think you'll this. So in 2018, Smith, he begins working with a CEO of an AI music company. Okay, this is early days in the world and a music promoter to create a lot of songs using AI.

And the music company took it seriously and soon began providing Smith with thousands of songs. Each week that he could upload to streaming platforms.

---

GRAHAM CLULEY. Right.

---

CAROLE THERIAULT. And those thousands of songs over time turned into hundreds of thousands of AI songs. And these AI songs don't have catchy names I'm Sexy or, you know, whatever.

---

GRAHAM CLULEY. Loving your imagination there, Carole.

---

CAROLE THERIAULT. Yes. 'How Will I Know,' that kind of thing. No, they're more N_7A2B2D74- blah, blah, blah, blah.

---

GRAHAM CLULEY. Oh, it's a really good AI system if it's coming up with song names that. That's—

---

CAROLE THERIAULT. So these files are being delivered to Smith, and Smith, you know, he's not an idiot. He's, no one's going to listen to N-5-7A7B2D74.

---

GRAHAM CLULEY. Oh, okay, right. Yeah.

---

CAROLE THERIAULT. So he randomly generates song titles and artist names for the audio files so they wouldn't look they'd been created by AI, but by maybe a real artist with perhaps poor taste. You be the judge. So instead of having N_782B2D, you have Zygotines, Zygoats, Zygotik, Zygotiklanies, Zygotik Washstands.

And that is my favorite. Zygotik Washstands.

---

GRAHAM CLULEY. Has he possibly only downloaded one letter from the alphabet when generating these names?

---

CAROLE THERIAULT. This was an example given to us by the wonderful FBI that put out a little press release a few days ago.

---

GRAHAM CLULEY. Oh, the FBI are onto this? They're fans?

---

CAROLE THERIAULT. Well, actually, no, I'm really good friends with this Michael Smith. He's told me it all on the down low. So the question now is, okay, so he's putting out all this music.

Great, great, great. Hundreds of thousands of songs are going out there. Who the hell's listening to this crap? Who would listen to it?

It must sound garbage. Of course it's bots. Of course it's non-human.

AI tunes are out there for non-human bots because maybe, hey, bots need entertainment too. And it seems that thousands and thousands of bot accounts allegedly created by our very own Michael Smith. Oh my God.

They were programmed to go and listen to Michael Smith songs, AI songs, as much as possible. And listen, they did.

---

GRAHAM CLULEY. That's very clever.

---

CAROLE THERIAULT. To the tune of $10 million or so in royalties. Like, this is billions and billions and billions of bot listens.

---

GRAHAM CLULEY. And he's been doing this since 2018, did you say?

---

CAROLE THERIAULT. And all this was to avoid detection by the authorities. Because if he had put out one song and had all the bots listen to that one song, people would be like, who is this new Taylor Swift? But no. So he had lots and lots and lots of bots listen to lots and lots, lots of songs a little at a time and tried to stay under the radar. Because of course it's not legal to push out AI music and declare that as human-made or to create fake bots to pretend to be human listeners.

---

GRAHAM CLULEY. Yeah, I think that's— I mean, it's probably all right to put out music that's AI-generated.

---

CAROLE THERIAULT. Sure. As long as you say this is AI.

---

GRAHAM CLULEY. Oh, do you really have to? I don't know. Well, we've got an AI-generated tune on the AI Fix podcast.

---

CAROLE THERIAULT. I haven't heard that.

---

GRAHAM CLULEY. Cheeky. I can understand why it would be fraud to have a bot listening to the music, because obviously that's taking money from someone. That's taking money from the music companies, isn't it? Or the streaming service.

---

CAROLE THERIAULT. Well, surely it's taking money from somebody, and it's real money he's getting, not fake digital bot money.

---

GRAHAM CLULEY. Yeah, that's naughty.

---

CAROLE THERIAULT. But as we said, yeah, his plan has been foiled. So Smith, aged 52, has just been charged with all kinds of wire fraud and money laundering conspiracies and is looking at decades in the clink. Of course, this is— these are all allegations at this point, and Smith is presumed innocent until proven guilty. The biggest question for me, I think, is what's going to happen to Zygotik Washstands as a name? Does he own the TM for that?

---

GRAHAM CLULEY. Are they still out there? Have you managed to find any of their music? Is it still lurking somewhere online?

---

CAROLE THERIAULT. No. I would love one of our listeners to maybe put something up on YouTube. This is the channel name: Zygotik Washstands. Show us what you got and we may play it on an upcoming show.

---

GRAHAM CLULEY. It reminds me of a scam I heard about. Now, I don't know if this is apocryphal. I don't know if this really happened or not. But I heard there was a group who called themselves Local Radio. That was their name. And they managed to generate money for themselves because whenever people would say to their Alexa, Alexa, play the local radio, it would play that band instead. And so they got all these accidental plays. And it helped them make money. Isn't it a great— I think it's a really lovely idea.

---

CAROLE THERIAULT. See, I knew you'd like this. You like little sneaky things like this. Says a lot about your character.

---

GRAHAM CLULEY. Quick question. Do your end users always, and I mean always without exception, work on company-owned devices and IT-approved apps? I didn't think so. So my next question is, how do you keep your company's data safe when it's sitting on all of those unmanaged apps and devices?

Well, 1Password has an answer to this question, and it's called Extended Access Management. 1Password Extended Access Management helps you secure every sign-in for every app on every device because it solves the problems traditional IAM and MDM can't.

Go and check it out for yourself at 1password.com/smashing. That's 1password.com/smashing. And thanks to the folks at 1Password for supporting the show.

Modern threat actors have weaponized cloud automation to accelerate, taking only 10 minutes to fully execute an attack in the cloud. As organizations continue to shift into larger and more complex cloud estates, legacy detection and response frameworks are no longer sufficient at stopping cloud attacks.

Well, Sysdig delivers fast and effective multi-cloud detection and response, or CDR, capabilities to empower analysts against these accelerated and complex cloud threats. Powered by Falco, analysts gain the visibility, context, and real-time security capabilities traditional EDR on-prem tooling fail to deliver.

Learn more about how to stop advanced attacks at cloud speed. Visit smashingsecurity.com/sysdig for more information. That's smashingsecurity.com/sysdig. And thanks to Sysdig for supporting the show.

Whether you're starting or scaling your company's security program, demonstrating top-notch security practices and establishing trust is more important than ever. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money while helping you build customer trust.

Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing trust center, all powered by Vanta AI. Over 7,000 global companies like Atlassian, FlowHealth, and Quora use Vanta to manage risk and prove security in real time.

Get $1,000 off Vanta when you go to vanta.com/smashing. That's vanta.com/smashing for $1,000 off.

And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.

---

CAROLE THERIAULT. Pick of the Week. Pick of the Week.

---

GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like. It doesn't have to be security related necessarily.

---

CAROLE THERIAULT. Better not be.

---

GRAHAM CLULEY. Well, Carole, my Pick of the Week this week is not security related. My Pick of the Week actually owes some thanks to you.

---

CAROLE THERIAULT. Oh.

---

GRAHAM CLULEY. Because back in episode 358, February 2024, you recommended libraries.

---

CAROLE THERIAULT. Yes, I did.

---

GRAHAM CLULEY. Which wasn't that novel in itself. I mean, that wasn't, oh, I've never heard of a library before. But you also mentioned an app.

---

CAROLE THERIAULT. The Libby app.

---

GRAHAM CLULEY. The Libby app. Exactly.

---

CAROLE THERIAULT. Which I still love and use every day. Love it, love it, love it.

---

GRAHAM CLULEY. Well, I obviously am not allowed under the rules of Pick of the Week to recommend the Libby app again. But I have recently dug out my old Kindle and I've been reading ebooks and enjoying them.

And I remembered you talking about this Libby app because I'm a member of the library and I thought, oh, I don't really want to spend loads of money. So I thought maybe there's some ebooks I can read for free. Now, in America, I believe via Libby, you can send an ebook which you borrow from your library to your Kindle device.

And what I found is that for some reason, that doesn't work in the UK. You can't send your Libby-borrowed book from the library to your UK-based Kindle.

So I went and bought myself another e-reader. So my old aging e-reader has been consigned to someone else.

And now I have the Kobo Clara BW, which is a Kindle, really.

---

CAROLE THERIAULT. Very interesting user interface I've had to tangle with.

---

GRAHAM CLULEY. Oh, have you?

---

CAROLE THERIAULT. I have a parent who owns one.

---

GRAHAM CLULEY. Oh, right. Okay, I don't find it that different from the Amazon Kindle myself, but the beauty is that it's all integrated with the Libby app by something called OverDrive, which means that I can now take out from my local library from the comfort of my e-reader.

And the wonderful thing about this e-reader for me compared to my old one is it has a night mode. So when I'm reading in bed, and the lights are out, I can actually read.

I don't have to have a great big bright screen in front of me.

---

CAROLE THERIAULT. Jesus Christ, you just discovered backlit Kindle?

---

GRAHAM CLULEY. No, no, not black. No, no, no, because my old one had a backlight, but it was black writing on a white background.

Right. It was very, very bright for me.

Now I get white writing on a black background at night. You with me?

---

CAROLE THERIAULT. The crowd's so wild. Yeah, the crowd's gone wild.

It's cool.

---

GRAHAM CLULEY. Anyway, I love it. It's cheap and affordable, does the job.

Don't get the colour version. Everything I've read says the colour version is not as good as the black and white version.

So I have got the Kobo Clara BW, and that is my pick of the week. And thank you, Carole, for recommending the Libby app all those months ago.

---

CAROLE THERIAULT. Yeah, it's great. Love the Libbys.

---

GRAHAM CLULEY. Very nice. And yeah, I'm enjoying doing this thing called reading.

---

CAROLE THERIAULT. Yeah. Yeah, you should try audiobooks.

There's no ads or anything. It's amazing.

---

GRAHAM CLULEY. That'll be the next step. That'll be the next step.

Carole, what's your pick of the week?

---

CAROLE THERIAULT. Okay, so it's earlier this week and it's pissing down with rain, howling with wind. And it was evening and I was chilling out with my cousin and we didn't want to go out because it was too gross.

So we do what we all do. We made some simple, cozy, you know, goopy food and perused some of the streaming channels.

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. And we were just deciding together what we should watch. You know how sometimes two people together come up with something that neither individual party would have watched on their own?

---

GRAHAM CLULEY. Yes, I do.

---

CAROLE THERIAULT. Right? You know what I'm talking about?

That does happen. You don't know how, but it happens.

Well, it happened to us because I ended up watching Cocaine Bear, which is my pick of the week. Please tell me it's not a finished show.

---

GRAHAM CLULEY. I have heard of it, but I haven't seen it.

---

CAROLE THERIAULT. Okay, great. So the premise of the story, for those who don't know about it, it's 1985. A drug smuggler wants to drop a shipment of cocaine by plane by parachuting out with a drug-filled duffel bag.

That's his plan, right? But somehow knocks himself out on the plane's doorframe on his exit and sadly falls to his death in Knoxville, Tennessee.

A black bear finds the cocaine, munches on it, goes insane, chasing and mauling folks in a rather grisly manner, all in the desperate need to get more of his fix. Of course, the drug dealers that are connected with the guy who died are also trying to find where the hell their cocaine has gone.

And did the guy do a runner? And what's going on?

And the cops are there and the rangers are there because they keep getting reports of missing people in the area.

---

GRAHAM CLULEY. Right.

---

CAROLE THERIAULT. So, it's fantastic. You've got TV stars like Keri Russell from The Americans, Isaiah Whitlock from The Wire, Margo Martindale from everything political in the world, and the late Ray Liotta is even in it.

It's just ridiculous. It's wonderful.

It's horrible. It's got a pinch of gore.

It's wildly entertaining. We both totally loved it.

And a weird factoid, it is loosely based on a true story. There was no murderous rampage by a bear in the true story, but investigators finally found the corpse of a 175-pound male bear and 3 to 4 grams of cocaine in his bloodstream.

And can you guess what the world nicknamed him? This big bear?

---

GRAHAM CLULEY. I don't know.

---

CAROLE THERIAULT. Pablo Escobear.

---

GRAHAM CLULEY. Oh, very clever. Very clever.

---

CAROLE THERIAULT. So this is Cocaine Bear. That's my pick of the week.

It's streaming on Netflix. Check it out, it's fantastic.

---

GRAHAM CLULEY. And that just about wraps up the show for this week. You can follow us on Twitter @SmashingSecurity.

No G. Twitter wouldn't allow us to have a G.

And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.

---

CAROLE THERIAULT. And huge, huge thank you to our episode sponsors, Sysdig, 1Password, and Vanta. And of course, to our wonderful Patreon community.

It's thanks to them all that this show is free. For episode show notes, sponsorship info, guest list, and the entire back catalog of more than 383 episodes, check out smashingsecurity.com.

---

GRAHAM CLULEY. Until next time, cheerio. Bye-bye.

---

CAROLE THERIAULT. Bye. Cocaine Bear.

Seriously, I recommend it because you will laugh and you will kind of get shocked.

---

GRAHAM CLULEY. You will go, "Ah!" Is it a TV series, is it, or a movie?

---

CAROLE THERIAULT. No, no, no, it's just a movie. It's just a movie.

Just a movie. 90 minutes of your life.

---

GRAHAM CLULEY. Okay.

---

CAROLE THERIAULT. You'll thank me.

---

GRAHAM CLULEY. Oh, yeah. Sounds good.

-- TRANSCRIPT ENDS --