The FBI is hoping that its hunt for Capitol rioters will go viral, a cryptocurrency con lets its perpetrator live the high life... for a while, and just what does Facebook have against cows and a team of cricketers?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BBC technology correspondent Zoe Kleinman.
Visit https://www.smashingsecurity.com/215 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Zoe Kleinman.
Sponsored By:
- 1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.
- Recorded Future: Recorded Future's podcast, Inside Security Intelligence, takes a deep dive into the world of cyber threat intelligence
- They share stories from the trenches and the operations floor, giving you the lowdown on established and emerging adversaries
- Whether it's the SolarWinds breach, 5G conspiracy theories, or Russian election interference, Inside Security Intelligence gives you a fresh take from a variety of industry experts
Links:
- The FBI Wants You To Make These Photos Of Capitol Insurrectionists Go Viral — Huffington Post.
- Capitol Violence — FBI.
- Sedition Hunters.
- Boston Bombing: The Anatomy of a Misinformation Disaster — The Atlantic.
- Iced Earth’s singer and bassist quit band "in response to recent events and circumstances" — NME.
- Capitol Insurrection: More Than 230 People Charged And What We Know About Them — NPR.
- 'Overtly sexual' cow blocked as Facebook ad — BBC News.
- What is Stefan Qin’s edge in crypto? Fraud, says the SEC — Digital Finance.
- Founder Of $90 Million Cryptocurrency Hedge Fund Charged With Securities Fraud And Pleads Guilty In Federal Court — Department of Justice.
- A crypto kid had a $23,000-a-month condo. Then the feds came — Fortune.
- Radio Garden — Explore live radio by rotating the globe.
- Dodow.
- On Her Majesty's Secret Service mind control scene — YouTube.
- Mark Kermode's Secrets of Cinema — BBC.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
CAROLE THERIAULT. I'm sorry? What? Yes, look at it, look at it. Squitch. This is what you do as an artist. Squitch your eyes. Squitch your eyes. Squitch. Doesn't it look like an armless woman, maybe, walking towards you? Nude. Nude. Headless, I mean. Not armless. What am I saying? Headless. Graham, over to you.
GRAHAM CLULEY. Smashing Security episode 215 Sexy Cows Band on Facebook With Carole Theriault and Graham Cluley Hello hello and welcome to Smashing Security episode 215 My name's Graham Cluley And I'm Carole Theriault And we're joined this week by returning guest it's senior BBC tech reporter Zoe Kleinman Hello Zoe
ZOE KLEINMAN. Hello again Thank you for being here Zoe Oh, thanks for having me back.
CAROLE. It's great when you're on. I love it.
ZOE. What have you been up to, Zoe? What have I been up to? Oh, I've got engaged. That's my big news. Huzzah. Did you get engaged on Valentine's Day? No. No, I didn't actually. Two weeks beforehand, which is going to make it impossible to remember, isn't it? We'll look back and say, when did we do it again? I don't know. I can see why couples pick a memorable date now.
CAROLE. Let's thank this week's sponsors OnePassword and Recorded Future their support helps us give you this show for free so coming up on today's Smashing Security Graham what do you have?
GRAHAM. I'm going to be telling you how the FBI have been trying to identify criminals such as the bad hair bandit.
ZOE. I'm going to be telling you about some sexy cows.
CAROLE. And my story is all around cryptocurrency. All this and much more coming up on this episode of Smashing Security.
GRAHAM. Now, chums, chums, when you think of the FBI, what do you think of?
CAROLE. What a weird question. What does that even mean? You want to start every story with some kind of weird, you know.
GRAHAM. It's what I do, Carole. This is the format of the show. Do you think of wiki wiki wow wow Will Smith and Tommy Lee Jones and the Men in Black? Or do you think of an agile, state-of-the-art crime-fighting machine using the latest technology?
CAROLE. Yeah, absolutely. Yeah, I don't think about the FBI. So I'm sorry, I can't play with this one.
GRAHAM. I mean, maybe you do, right? You're just thinking there they are in their, oh yeah, they'll be there in their little hideout. You know, spying upon people, gathering information about criminals, pressing buttons to enhance CCTV footage to work out who somebody is. No, you're mixing it up with CSI instead. But what you may find is actually they're not completely stagnant. They're not completely sitting on their laurels and not using new technology. Because if you go to the FBI website right now, you will find that they have revamped it. Normally, when you go to the FBI website, you're faced with thumbnails of the most wanted bad guys. So you can check out, for instance, the most wanted cyber criminals around the world, many of whom appear to be wearing the uniforms of the Chinese military in their snapshots.
CAROLE. That lives on their homepage, right? The most wanted bad guys.
GRAHAM. That's right. Yeah. And you can drill down into different kinds of badness, which they may have done. And ultimately, you end up opening up PDF documents on each one, which they call posters, as though people were going to print them out and put them on their wall.
CAROLE. It feels so Wild West, doesn't it?
GRAHAM. It does. Yeah, yeah. But what they've realized is that hasn't really been working terribly well. And it's maybe not the best approach in order to deal with the hundreds, if not thousands of people who are persons of interest to do with the January 6th storming of the US Capitol building. Right. So they've recognised that, you know, it's going to be a bit complicated rounding all these people up because suddenly you have this huge influx of thousands of thousands of people around this building. Many of whom weren't based in Washington, D.C. Many of whom were wearing baseball caps or other items of clothing. Weren't wearing masks.
CAROLE. No, no. Weren't wearing masks. Not that kind of mask. Not the kind of mask that you'd hope they'd be wearing, no.
GRAHAM. So there's now a section on the FBI website specifically dealing with it. They call it the capital violence section, where you can see a photo collage of people of interest. Sometimes many photos of the same person with an indication of what they wanted for, whether it was an attack on a federal officer or a member of the media. And they're asking people for their help, of course. Now, we've spoken before about social media folks getting involved in a manhunt and how that can go wrong.
CAROLE. Yeah, yeah. The Boston Marathon, for example.
GRAHAM. The Boston Marathon bombing, yeah, exactly, where the wrong person was identified. And so that's something which I think you have to be quite cautious of. But of course, there's a lot of people who are very, very keen for these people to be identified and dealt with. And so there have been a number of social media accounts which have been built up specifically now trying to identify people. Now, when I first heard about this, I thought, well, that doesn't sound like a very good idea because...
If they get it wrong.
CAROLE. Yeah, exactly. And what about the doppelgangers, right? No, but I worry about them, right? Little, you know, say Martha, who just runs a little flower shop down in Nantucket, happens to look like one of the people on the page and then gets totally...
GRAHAM. Totally. Do you think everyone has a doppelganger?
CAROLE. Yeah. Yeah, I do.
GRAHAM. Yeah? Do you have a doppelganger, Zoe?
ZOE. I do. Yeah. And I discovered this a couple of years ago when she was on Bake Off. And my phone blew up with people going, oh, my God, are you watching Bake Off? Because you are on Bake Off.
I can't bake for toffee, so it's just as well I was not on Bake Off. It's not Paul Hollywood, is it? He does nothing like you. Wow. Wow. That's the aspiration. That's how you get treated as
CAROLE. a guest on our show.
ZOE. I'm ashamed I can't remember what her name was, but so many people said it to me. And in the end, I tweeted her and said, apparently we are doppelgangers and you need to do tech news and I need to do baking. And we had a little laugh about it. But yeah, so there you go. I do have one.
GRAHAM. Carole, do you have a doppelganger?
CAROLE. Well, I'm sure I do. I don't know. I don't have one that I've already. I've got a long list for you. Do you? Good. Good. Let's save that. Let's save that.
ZOE. Well, I've got another one. Can I tell you about my other one?
Yeah, please do. Nearly got me into trouble at work a few years ago. Apparently there's a lady I don't know who she is she does voiceovers you know advertising stuff yeah and one day I got hauled into my boss's office and he shut the door behind me and said you know Zoe I've got to have a word with you. I know that you're saving up and you want to do some extra work you've got to be picky about what you choose. I said I don't know what you're talking about what are you talking about and it turned out that this woman who sounds like me was the voice of Sun Bingo, which being a BBC reporter did not go down very well, but it wasn't me. Oh, my God.
GRAHAM. I think it'd be quite fun to be a voiceover person, wouldn't it? If you could do that.
ZOE. You'd probably be good at it, actually.
GRAHAM. Oh, you're such a charmer, especially after my Paul Hollywood comment.
ZOE. Well, you're not going to like this, but apparently the people who do best at voiceovers are people who have a very affable, calm, you know, fairly sort of normal, straight voice. So your big kind of character people who are very distinctive find it harder to get work than your kind of, you know, just straight, professional, friendly voice. So there you go.
CAROLE. Yeah, you just blend in the background, Graham. It wasn't quite
GRAHAM. the compliment you thought. Exactly. Good. The FBI have had different methods of getting people interested in criminals before and identifying criminals. Quite often, for instance, with bank robberies, they will come up with a nickname to reference the robber's physical appearance, right? Rather than just saying a man walked in and he was 34 years old, they will call him the Geezer Bandit or the Grandma Bandit or the Plain... What? Yeah, just give them that kind of cachet? Well, no, no, because then they get people talking about it. It's like we're on the hunt for the Plain Jane Bandit or the Too Tall. There's one called Too Tall Bandit. Yeah,
CAROLE. this is what you want antivirus writers to do, right? Get cool with their names.
GRAHAM. There's some incredible names the FBI have used for robbers in the past, such as the Undead Bandit. It's like, well, what's that? Because he looked like a zombie from The Walking Dead. Bandit? The Top Heavy Bandit. Well, yes, clearly in the Wild West of America. And the Bad Wig Bandit. And the one I particularly like, the Fake Hair Don't Care Bandit. Ooh, someone was having a fun day then.
ZOE. You want to be that bandit, don't you?
GRAHAM. Yeah. And sometimes they would even make fun of people. So there was, for instance, a robber who handed over a cash demand to the bank teller, but he couldn't spell robbery correctly. And so they called him the spelling bee bandit. So it's almost like they're trying to mock them into saying, oh, actually, my spelling's great. Oh, I shouldn't have put my hand up about that. So, OK, the FBI, they're not choosing nicknames for the capital attackers yet, but other groups are. So we've got the FBI have created and revamped their website to make it easier to hunt for particular people and find out more information about them. But we've also got groups like Sedition Hunters. Now, Sedition Hunters, they've got a presence on Twitter or on Instagram and Facebook, as well as a website where they are posting up pictures and they're creating viral little graphics, which they're encouraging people to share, of individuals who've been caught on camera. Viral little graphics? Yes. Little graphics which you, not viralizing. It's just during a pandemic. I just don't think you've chosen your words properly. Just graphics which people might want to share.
A meme. Oh, yes. A meme-y. A meme-y. Lovely meme-y. Meme-y. Is what's being used. So, for instance, they posted one about the tricorn traitor. He looks a bit like a pirate. He's got one of those three-pointed hats on. There's another young, fresh-faced attacker who's called the Capital Boy Band, or hashtag Captain Adolphe or Pee-wee. Whoa! Well, he's got a funny moustache, this chap. Pee-wee grey man, for instance, I think, who's meant to be based on Pee-wee. I'm
ZOE. losing the thread of this slightly. What century are we in again? Yeah. Look, I'm falling in. Who's writing these things? Anyone that was born in the last hundred years? There are millions of people stuck
CAROLE. at home, right? Doing nothing.
GRAHAM. I think some of these are quite creative because when you look at hashtag Pee Wee Grey Man, for instance, who's one of the people wanting, he does look... I mean, that
ZOE. well-known hashtag that we've always used. But
GRAHAM. he does look quite like Pee Wee Herman. Yeah, and you don't want to look like Pee Wee Herman. No. Surely if you look like Pee
ZOE. Wee Herman, you're pretty distinctive. I mean, do you need your own hashtag? Hey, everybody!
GRAHAM. As you go into a porn club in the middle of the day. There's another one called the Turtleneck Trumper. Oh, you'd like this one, Carole. Luigi Stash Camo. So he's got a great big plumber's moustache and that one I don't understand just called Scallops I don't know why that is I wish he'd provided us pictures of these people and then we
CAROLE. could have played the game.
GRAHAM. All you have to do is go to the Sedition Hunters website and you will see pictures of all of these chaps like I have and you can check them out. How come they're not on the FBI website? Well the pictures are but the FBI aren't yet using these names. I suspect they can't really go around calling someone a traitor before he's been found guilty.
CAROLE. Why not? They call the fake hair don't care, Bandit. That's pretty personal. It's like, A, you're telling everyone I'm wearing a wig, and B, I care.
GRAHAM. So it looks like people are having fun. Now, what I'm impressed with with the sedition hunters is they are saying on every graphic, don't, goodness gracious, hold your horses for heaven's sake. Don't name this person if you know them. Don't reply with their name. Contact the FBI directly. Here's the website. So it doesn't appear that there's too much craziness going on, because, of course, it would only require one person to say, Luigi Stash Camo looks rather like that plumber who came round the other day.
One person I want to tell you about is a chap called John Schaffer. Now, I'm sure you are both fans of the heavy metal band Iced Earth. It goes without saying. You know Iced Earth, of course. Nothing wrong with heavy metal. Yeah, you remember their albums, Night of the Storm Rider? Remind me. Crucible of Man, Plagues of Babylon. Well, their founder, of course, is John Schaffer, who's been doing it probably since the 80s. He was at the Capitol. He allegedly sprayed police with bear spray while wearing a vest which had a picture of Trump. Jesus God. He photoshopped onto the Terminator 2 bicycle. Oh, my God. Wow. His subsequent arrest has not gone down well with his bandmates. And it looks like they were quite a successful band. You know, they were doing big gigs and they've got a following. His bandmates have left the band in disgust. So they no longer have a vocalist and a bassist anymore. And they've said it's all because of what John did at the Capitol. So it's just him and a drummer now. And his Kickstarter is having some problems, too. So folks be very careful maybe we could play a little bit of their music oh no maybe we shouldn't we shouldn't support them should we I don't think no it's called the
CAROLE. copyright refrigerant oh yes that's
GRAHAM. the reason why we do yes that's a good point Zoe what have you got for us this week
ZOE. Right well I feel like I'm going to lower the tone slightly because we've gone from an incredibly worthy story about catching criminals in America. We're going to go now to Sexy Cows.
This was a story that I did last week that went a bit viral, which is quite exciting when you're old like me and you don't sort of do viral stuff very often deliberately anymore. Anyway, this guy called Mike Hall runs a small digital photo gallery, right? And he takes pictures mainly of landscapes and the beach and the sea and, you know, the odd bit of wildlife. And he decides that he wants to start advertising on Facebook. So he puts a load of his pictures up on his gallery page and then he picks a few of them and decides to run them as ads. And thinks nothing more of it. You know, he's prepared to spend a couple of hundred quid. You know, this is not a big thing. Right. And then he finds that all of his pictures have been blocked by Facebook. And at one point, his entire account was blocked by Facebook. Because they said his images contained overtly sexual content.
What were his mountain landscapes looking like a big pile of boobies? Well, the offending photo was a picture of two cows in a field. What? Nowhere near each other. Looking a little bit pensive, one might say, but I can't. I mean, I have looked at this story quite a lot now and I can't see any sort of compromising position between these two cows. Oh, my God. I need to see this. Apparently, I've put it in the show notes. You can have a look at the page. Apparently, they are too sexy for Facebook.
Also too sexy for Facebook was a picture of the England cricket team in a huddle.
GRAHAM. Oh, well, that is very sexy.
ZOE. A high-rise office building, also too sexy. Ripples on a pond. He had a picture of like, you know, throwing a stone in a pond and there's ripples coming out. Apparently, that was selling adult products. That was also banned, which I can't quite get. Rippled for your pleasure. And also, he had a picture of the skyline of Hong Kong, a sort of cityscape. And Facebook wouldn't let him use that because they said there was nothing for sale in the photograph itself. So because he wasn't actually selling Hong Kong, he couldn't sell a photo of Hong Kong.
CAROLE. Okay, I'm going to bring you guys, go to the cow picture.
GRAHAM. Yeah, I'm looking at the cow picture. I've got a theory on this.
CAROLE. Have I missed something? I've named it for, can I go first? Yeah, you go. Call it, call it. The second cow in the back, okay? You see women's legs. You can see a little vag there and then tits. I'm sorry, what? Yes, look at it. Look at it. Squint. This is what you do is not a squint your eyes. Squint. Squint. Okay. Doesn't it look like a woman, an armless woman, maybe, walking towards you? Nude. Nude. Headless, I mean, not armless. What am I saying? Headless. Graham, over to you.
GRAHAM. I'm squinting like mad. No, I thought it was the cow in the front of the image. It sort of has a bit of a come-hither look in its eye.
CAROLE. That's not going to get banned on Facebook, darling.
GRAHAM. That doesn't look like it's winking at me. It's kind of saying, hey.
You're just weird, Carole.
CAROLE. No, no, I think I'm right. Listeners, go check it out. Go check out Zoe's story. It's at the top of her story. The headless nude woman at the back. I can see it. Squint your eyes, people. Squint your eyes.
ZOE. Well, I'll have to redo this whole story now and say, yeah, Facebook is absolutely right. Is it armless as well?
GRAHAM. Is it armless as well? Where are its arms?
CAROLE. I think it's wearing a shawl. It's just headless. It's not, oh, sorry. It's, you know, it's a lady.
GRAHAM. Okay. So the England cricket team, they've been huddling up. So that's like a mass orgy sort of picture, albeit very kinkily dressed up in cricketing gear.
ZOE. It's too sexy. High rise office building also too sexy. Firework display promoting weapons. A set of tram lines in France goes against Facebook's ticket sales policy.
So the poor guy absolutely everything he was putting up was just getting knocked back and then in despair in the end he came to me and said what's going on so I sort of took it up and it was all very swiftly resolved. Facebook said it was a mistake and it apologized for any inconvenience and now all of his sexy photos are back online where they should be.
CAROLE. There you go. Well guys you can go check out the cow.
GRAHAM. So the answer to any tech problem is to go to Zoe and just sort it out.
ZOE. This is a slight cautionary tale. Once you start doing these sorts of stories you do tend to hear from anyone who ever has a problem with a particular platform given that there are what two billion users of Facebook. That's quite a few people.
GRAHAM. You'll say put it on a medium heat for 25 minutes, gas mark seven, watch out for your soggy bottom. But did Facebook give any explanation at all for this? I mean, other than if they'd maybe employed someone like Carole to think that this cow was somehow sexual.
CAROLE. An algorithm would think that. Just think that she's a bit bushy, you know.
ZOE. Maybe. I mean, no, funnily enough, they didn't give any explanation. They just apologized. They said they were investigating it. It took them a little while to come back. And then eventually they just apologized.
I suspect you might be right, Carole, that it was some sort of algorithm fail. But I guess, you know, this comes back to this thing with these enormous faceless companies. When you hit that wall, there's absolutely nothing you can do about it. You can't phone anyone. You can't, you know, talk to anyone. You just sort of appeal and then you get an auto reply saying, well, no, you've been blocked. And that's the end of the discussion.
And you can see why Facebook does that. But also it must be phenomenally frustrating. And the poor cow, they've been labelled a slut.
Well, the cow's been slut shamed, yeah.
GRAHAM. Did you go to the cow for comments?
ZOE. No. She moved over, didn't want to know anything. Moved. Very good. The cow didn't want to comment.
GRAHAM. An overtly sexual high-rise office building. Yeah.
CAROLE. There was a show on Channel 5 once, about people that were basically objectophiles. Yeah, objectophiles. They were really into buildings in a sexy way and did kind of disgusting things to the Eiffel Tower and such things.
People marry buildings, don't they? Yeah, they got married, I think. I think that's what the name of the show, So I Married the Eiffel Tower or something. Channel 5. You've got to love them.
Well, excellent. We learn a lot on Smashing Security. Yeah, good. Thank you, Zoe.
There you are. You're welcome. You've missed me, haven't you? Yes, 100%. Love it. Good God, after Graham's story. We need a bit of a giggle.
Carole, what have you got for us? Sadly, not headless sexy women.
So this is the story of Stéphane Heckin. Okay. An Australian lad with barely a whisper of shadow on his upper lip, but really, really, really good at maths.
So this guy's in uni in Australia, and he wants to become a physicist, but he falls in love with the crypto industry, right? Wants to make it his vocation.
So he goes and takes an internship in China with OKCoin right where he builds a platform between two venues so one in China and one in the U.S. and this was to kind of allow the firm take advantage of price fluctuations between crypto coin exchanges. Okay so basically you have different exchanges and the same coin can be sold for different prices at different exchanges.
Oh, I see. And he realizes, ha ha, if I pay attention, I can buy from the right places. And this could be a really good business unto itself.
Like, are kids smarter now? Like, this guy at this stage is 19. This is 2017. And at that age, I think I was looking for my pants under someone's bed. You know? It's like, listen, I wasn't sitting there.
GRAHAM. Your teenage years are not something we should get into, I think, around the podcast.
CAROLE. Yeah, 19, come on. Anyway, this guy drops out of university from Australia, moves to New York, right? Full of piss and vinegar and he launches a crypto hedge fund called Virgil Sigma Fund. And his pared down pitch is this: he's like, "Look, I can make money. I've got a trading algorithm that I've built and I look for the price differences between cryptocurrencies like Bitcoin and tons of others and I'm looking at 40 different exchanges around the world and this is going to make a shit ton of money for all of us."
And the pitch works. In a mere year or two, he goes from nothing because he just started the company to an estimated $90 million. Okay, 90 million? Nine zero million. Huge moolah. And this is like dozens and dozens of investors are in this. And he was on the ball—he prepped monthly statements for investors, he provided all the spreadsheets for them, explained where the exchanges were making money, which weren't, which were the cryptos that he was focusing on.
GRAHAM. And all you've got to do is mention the words "cryptocurrency" or maybe "blockchain powered" or something like that and people will just open their pockets and open their wallets at the drop of a hat.
CAROLE. Well yeah, I mean, he had 500% returns in 2017. Okay, Wall Street Journal totally impressed, profiled him. And he was yakking on CNBC saying, "Look at this." And they even tweeted—I saw this tweet from them saying, "Virgil Capital is the 21-year-old hedge fund manager who's got a way of making money on Bitcoin, whether it goes up, down or nowhere at all." Okay, that's a tweet they did in 2018.
So because he's featured on Wall Street Journal and he's featured on CNBC, new investors come knocking on the door, want to get into bed with the crypto king or kin. And see, good joke, not—
GRAHAM. Queen, because his surname is Kin, right? Yeah, good.
CAROLE. Okay, fast forward to 2020. Okay, he's doing so well, he decides to launch another crypto hedge fund called VQR. And he's the sole owner, but you know, he's not managing the day to day operations. But soon, because his name's attached to it, it's got 20 plus million from investors—similar kind of crypto investment hedge fund thing.
So this is the Australian dream success story, right? At this stage, he's 23, 24 and he's got two incredibly successful hedge fund firms and he's riding the crypto wave at the right time. This is fantastic. So fade to black.
GRAHAM. What could possibly go wrong?
CAROLE. Is there a twist in the tail? Is there a twist in the tail?
GRAHAM. Tell me, Carole, is there a twist in the tail?
CAROLE. Yes, there's a twist. The twist turns out that Kin was just a big, fat, scammy liar feet face, unbelievably so. Okay? So he's tap dancing in front of all these investors saying business is booming, but meanwhile, he's stuffing his own pockets with their cash and spending on a rather high roller lifestyle.
So for example, he signed a lease for an apartment in 50 West, New York. Okay, this was in a 64-story luxury condo building. Okay, I want you to price what you think this might be, Graham.
GRAHAM. Oh, okay, yes, go ahead.
CAROLE. On 50 West, 64 luxury condo building, financial district, expansive views of lower Manhattan. There's a pool, there's a sauna, there's a steam room, there's a hot tub.
GRAHAM. Is there a trouser press?
CAROLE. There is probably a trouser press. There's something better than that—there's actually a golf simulator. That's what you should have asked me about. Yes, there is a golf simulator.
ZOE. Is there a spare room?
CAROLE. No, come on, Zoe, it's New York. 23 grand a month. That's a lot, huh? Okay. And because he was spending all his money on these type of fripperies, right, and his cars and all this blah, blah, he could not pay the investors, the original investors.
And he started tap dancing even harder, like a Looney Tune cartoon, trying to buy time, you know, saying, "Oh, the money's tied up" or "I'm investing in brand new stuff." Or at one point, he even blamed loan sharks in China for his troubles because he's getting really scared. And then he started the second company—he basically tells the people that were running the second company, "Close shop, close shop, give me all the money," because he wants to take that money to pay off the original investors.
Just a week before he was nabbed by a New York district attorney, he did an interview where he was continuing to boast about his company's successes and trying to lure in new investments, obviously driven by the need to pay up, right? He's lost that $90 million—it's gone, all of it, all of it is gone.
So at the ripe old age of 24, Kin is facing 20 years in prison. Now, a prison cell is probably a little bit smaller than his $23,000 apartment. No trouser press. Yeah, no trouser press—maybe your cellmate enjoys spitting on it and pulling it or something. But pretty dumb for a smart guy or just greedy.
ZOE. I just think crypto brings out the worst in people, doesn't it?
GRAHAM. On both sides—on both the investors and the people who are running the companies, you know, because they sort of go, "Oh—"
ZOE. Yeah, that gravy train is irresistible and people just don't listen or heed the warnings. You know, people like me spend our lives going, "It's really risky, by the way," and into the ether. And nobody listens, do they?
CAROLE. I was trying to do a little research on this, but I didn't really have time. But as far as I could understand is that in order to be a hedge fund manager or owner or something, you have to be accredited. And somehow basically by law, right, you're kind of a accredited investor. There's a certified investor. There's a word that they use. And you're thinking okay so I don't know if this is the case where this was there was a lack of legislation in crypto world that would mean that any old cowboy can jump on the wagon if they have a bit of cash and you know.
GRAHAM. Yeah so I wonder if that only applies if it's actual real money as opposed to pretend digital tokens.
CAROLE. He's pled guilty to all this. He's "oh yeah, maybe I was a bit of a greedy dumbass." I'm paraphrasing. But apparently they've kind of agreed to a plea deal that is suggesting between 150 to 180 months. So that's a long time. And a fine of $350,000.
ZOE. Which presumably he hasn't got anymore.
CAROLE. Yeah, which presumably he doesn't have because he spent $90 million.
GRAHAM. I'm sure he could raise the money, though, fairly quickly. He'll find someone. I mean, it sounds like I had a clever idea. You know, I'll exploit the fact that the prices are different between different places and move it from this place to that place and sell them here and buy it here. You know, it sounds quite a cunning sort of plan. But obviously, he was more focused on the expensive apartment and other luxuries, maybe.
CAROLE. Yeah. And then he had to buy time. You know, then he had to. Yeah. Yeah, he had to kind of sit there and start tap dancing quite madly. Anyway, fascinating story. There's loads of links in the show notes if you want to go read more about it. I have no real moral of the story other than, you know, stop investing in stuff you don't know anything about. And you can't. I don't understand how people would throw millions at something because he's printed out a fucking spreadsheet. Is that all people rely on? It's "oh, the numbers look good."
GRAHAM. It's because cryptocurrency and this blockchain stuff, Carole, to us old people who might have money to invest, we don't really understand it all. So if some young whippersnapper comes up and does a nice PowerPoint presentation, you'll probably say, "well, I don't really understand all this."
ZOE. I'd be "on your bike!"
GRAHAM. Well, many sensible people would, Carole. But there's also all these investors who are fearful that they're not investing enough in this just in case. You know, it does take off. They don't want to be the ones who don't do it.
CAROLE. FOMO.
GRAHAM. Well, really, it is, isn't it? Yeah. In a way.
ZOE. I did a story about people's Bitcoin experiences, actually, a few days ago. And one of the people I spoke to, he had helped a man whose wallet had been compromised. And he'd lost 83 Bitcoin, which he'd been holding for years. And this is going back a couple of years. I think it was 2017. He said at the time, it was worth about half a million dollars. But, you know, the banks aren't going to help you. The financial authorities aren't going to help you. That money's gone. And it was a phishing attack as well. So he'd clicked a link that looked like his wallet link and wasn't. And they were able to sort of, you know, on the blockchain, they could kind of track where it was going, but they couldn't get to it. They couldn't get it back. Looking at what's going on with Bitcoin, it's probably worth even more than it was last week. But he said it would be worth 2.8 million pounds today, that Bitcoin. And he said he just has to try not to think about it. But, you know, I think that's what you forget, isn't it? If something happens with your bank, as awful as it is, your bank will help you. You know, you'll get support, but there's nothing. There's no safety net there. And I don't know if this is true, Graham, you might know this story. Somebody told me that most of the world's Bitcoin is held in a very, very small number of wallets because, you know, you've got your big, big people, haven't you, that have got hold of it all. And if one of them were to pull out, it would just send the whole thing into turmoil. Is that true? Have you heard that?
GRAHAM. Oh, I don't know. I don't know. I did hear that there's only a couple of hundred Bitcoin wallets who appear to be responsible for most of the laundering which goes on after sort of ransomware attacks and such like. So it's a relatively small number who are doing that. And of course, our good friend, friend of the show, Elon Musk.
CAROLE. Yeah, just bought 1.5 billion of them, didn't he? Just to rock and roll the market.
ZOE. He's moved on now, hasn't he? Oh, has he? He's moved on to Dogecoin now, hasn't he?
GRAHAM. I think he's just done it for giggles, hasn't he, really?
He just wants to get your attention. Well, he hasn't got it. It's his love call. He's actually banned from coming on the show, Elon Musk.
I don't think you can unilaterally decide that. Well, go to break.
Last week, more than three billion unique sets of login credentials were shared online in what's likely to be the largest data breach of all time. Even though it appears no new login details are exposed, the sharing of so much data increases the risk that previously exposed credentials could be used to gain access to your online accounts, particularly where passwords have been reused.
1Password's Watchtower feature can check for passwords that have been affected by breaches and tell you when a password has been reused. Don't wait for a data breach. Check out 1Password at 1Password.com. And thanks to them for supporting the show.
Recorded Future delivers the world's most technically advanced security intelligence to disrupt adversaries, empower defenders and protect organisations. Well, their podcast, Inside Security Intelligence, takes a deep dive into the world of cyber threat intelligence.
They share stories from the trenches and operations floor. They give you the lowdown on established and emerging adversaries.
Whether it's the SolarWinds breach, 5G conspiracy theories or Russian election interference, Inside Security Intelligence gives you a fresh take from a variety of industry experts. Search for the Inside Security Intelligence podcast in all good podcast apps. And thanks to Recorded Future for sponsoring the show.
And welcome back. And you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week. Pick of the Week. Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website or an app. Whatever they wish.
It doesn't have to be security related necessarily. Better not be.
Well, my Pick of the Week this week is not security related. I am a big lover of radio.
I spent all my formative years listening to radio late at night. I would fall asleep listening to radio. These days it's podcasts.
CAROLE. Is that because TVs weren't invented yet?
GRAHAM. No, no, no. It's because I'm a sensitive soul, Carole.
CAROLE. I've always thought that about you.
GRAHAM. I can't fall asleep without someone whispering soft nothings and sweet unmentionables into my ear. Otherwise I feel alone.
CAROLE. What radio station are you listening to? Erotica FM? 92.5.
GRAHAM. Don't think I'd fall asleep then. Well, maybe at this age. But anyway.
ZOE. You don't get that in the World Service. I love this. NSFW.
GRAHAM. I quite like to, if I'm going to wake up, I like to have some sort of company, some human voice gently murmuring away. And so I'd often listen to the radio.
And hence, I was attracted to a website called Radio Garden. Radio.garden, in fact, is where you can find it. It's also available as an iOS and Android app.
And what it does is it presents to you, rather like Google Earth, the planet Earth of which we are all inhabiting. And on it are scattered across the earth thousands and thousands of green dots. And these are live radio stations.
And you can turn the world around or you can search for particular places and you can go and listen to what people are listening to right now anywhere in the world.
ZOE. Oh, that sounds wonderful.
GRAHAM. You can hear the radio shows. You can hear the plays. You can hear the music that they're playing. You'll be able to hear the talking. And it's a wonderful interface.
CAROLE. Oh, it's the interface, because you know you can do that on even Apple Music, right? There's radio.
GRAHAM. I know you can tune into internet radio and that sort of thing. Yeah, but isn't it rather more lovely to have an interface where you can actually sort of zoom in on Chile and go and check out what they're beaming to people and scientists in Antarctica to listen to or listen to their show.
I think it's... Don't knock it until you've tried it, all right?
CAROLE. I didn't know if you knew internet radio existed.
GRAHAM. I am aware of internet radio.
CAROLE. It's all about the interface. I was just checking.
GRAHAM. No, it is the presentation as well.
CAROLE. I can't believe you didn't see the headless, sexy nude woman. I'm just looking again, sorry.
GRAHAM. No headless nude woman I've ever seen looks like that, girl.
CAROLE. I can't believe you can't see it. The come hither look in the other cow's eye. That's what I'm surprised by. Anyway, Radio Garden.
GRAHAM. Why are we talking about this? Radio Garden is my pick of the week.
CAROLE. Excellent. I'm going to check it out. It sounds awesome. Thank you. Zoe, what's your pick of the week?
ZOE. So mine is a sleep aid that my partner and I tried out, especially for the show last night. Neither sleeps very well. And during lockdown, I'm just not sleeping very well at all, loads of people are saying. So I decided to have a go with this. Now, I literally spent some time trying to figure out how to pronounce this and I could not find a video in which they actually say it. So it's spelt D-O-D-O-W, which I'm going to say is Doudou, but I don't know, it's French.
Anyway, what it is is a little kind of circle, a bit sized an Amazon Echo Dot, you know, small ones. And you turn it on and it emits this kind of blue light a beam in a circle that projects up onto the ceiling right and the circle gets bigger and smaller and you're supposed to breathe in when the circle's getting bigger and breathe out when the circle gets smaller right and it's all about obviously kind of slowing down your brain so it's very simple that that is what it does there's two settings eight minutes and 20 minutes and we decided to give it a try last night so we're lying there and we finally sort of managed to get all the batteries in and work out what we're doing we're not gonna do 20 minutes that just feels an effort we're gonna go for the eight minute one press the thing first couple we missed because we were bickering about where was the best place to put the light and then we did a couple of them and then he goes oh I can't remember whether it was supposed to be breathing in or out and that made me laugh so we missed we missed the first couple that's just us messing about right and then we're laying there and we managed to sort of sort ourselves out and we're doing the breathing and actually it did kind of feel quite relaxing it was good it's not a really harsh blue light you know you get off your phone it's a sort of gentle non blue yes not that and I mean I didn't have my glasses on so to me it was a sort of puffy circle rather than a very clear circle I don't know whether that is actually the case but that was what it looked like to me And I was laying there thinking, yeah, I quite this, actually. This is interesting. And I was thinking, I've got to tell you guys about it. I can't wait to talk about this. And then thinking, why am I lying in bed with my partner, watching a blue light and thinking about Graham and Carole? This is really weird. Did we make you fall asleep? Well, I didn't. It didn't make me fall asleep, but my eyes got heavy. And I got to a point where I was I need to close my eyes. I can't look at it anymore. I'm tired. So I sort of curled up and closed my eyes. And I must have drifted off. I think because when I woke up, it wasn't on anymore. And I don't know when it stopped. But yeah, it was good. It was calming. It was relaxing. He fell asleep. And I, well, I said, I must have obviously drifted off or something. It's so simple, isn't it? I didn't have high expectations. I thought it would be, I thought it was worth a shot, but I didn't really have high expectations of it. But yeah, it was pretty good.
CAROLE. I think I have heard that one of the ways to try and fall asleep, I'm a total insomniac too, is to do really slow breathing, to do 10, 10 big, slow in and out breathings without losing focus or concentration. And I find it still impossible to do. It sounds so easy, but super impossible. So maybe an aid that would be really useful.
ZOE. I think at first your mind is just going, isn't it? You know, I was thinking about telling you about this and I was thinking about stuff I've got to do at work and my mind was just going. And one of the things they say is, you know, that's fine. Let it go. Don't stress about thinking yeah which I do you know your brain starts going let's think about that thing that happened earlier that wasn't very good and you're no I don't want to do that now but actually they say it's better to just let it happen and then it's gone and then you know you can just sort of get on with it
GRAHAM. I'm not sure I'm completely happy with this gadget no I remember do you remember the George Lazenby James Bond movie On Her Majesty's Secret Service where basically, what's his name? Oh, you know, who loves your baby? Telly Savalas, right? Right, Telly Savalas is the baddie, right? And he's brainwashing all his female assassins to go and kill leaders around the world. And he's sort of beaming messages into them while they sleep. And I would worry that something that, something Doudou, right, might lull you into some sort of status. Carole is really nice.
CAROLE. Don't think bad things about Carole. Subscribe to Smashing Security.
ZOE. How much does this cost? It's about 50 quid. It's not a smart device. It doesn't connect to the internet. It's just battery powered. There's nothing complicated about it. And, yeah.
GRAHAM. Will you do it again tonight?
ZOE. I think we will. I might try not
GRAHAM. to think about you tonight. Will you do that as well? We'll see. We'll see.
ZOE. I'll try not to think about you, okay?
GRAHAM. Yeah. Very wise. Carole, what's your pick of the week?
CAROLE. Mine's pretty awesome. However, I'm worried that you've done it before now. I have a panicky feeling you might have done it. Well, this is one of the rules. Different series, different series, different series. It's not in the rules, actually. I listened to you carefully this week to see if it was actually. It is Mark Kermode's Secrets of Cinema. Have you done that before?
No, I haven't done that.
Ah, good. Okay. So good. So, so good. Okay. It's on iPlayer. The gist is he reveals filmmaking tricks and techniques behind classic movie genres. So each of the shows is a genre that they focus on, like rom-coms or heists or spy movies or superheroes or whatever. And it's just awesome. It's just like, what are all the ingredients for this genre that makes audiences keep coming back for more?
GRAHAM. Can you give us an example?
CAROLE. Yeah, yeah. So last night we were watching the horror episode. Like it starts off describing what a horror movie is, then lifts out and explains the key elements used by filmmakers, like what terrifies us, what horrifies us, and what grosses us out, apparently, are the three big pillars. And he talks about techniques like the jump scare, right? Or a scary place. Like, often these movies, they often happen in a scary place, like someone's entering a scary place. You're thinking, why are you doing that? Don't go there. Or they have to invite the monster into their house, like a vampire. You have an agency in getting into the shit, basically. Or you start losing your mind, right? So there's all these different techniques to show that.
Another one he did was on the heist. We watched that one recently. Apparently heist movies play on our sympathies encouraging us to identify with the characters that in normal life we would never want anything to do with. One of the cool things in it was he talks about that movie Rififi. Do you remember, do you ever see that?
GRAHAM. No idea.
CAROLE. Rififi, it's like a French burglary film. I can't remember donkey's old.
ZOE. Oh no, I think I've seen the—
CAROLE. Famous thing in it is this 20 minute long burglary scene, right, where they're trying to steal jewelry from a jewelry shop. Yeah, and there's no sound at all for this whole thing. Like no one talks, there's no music, nothing. And apparently they'd commissioned music for it and then when they listened to it all of them together they went, oh my god, it's way more powerful without music, even the composer, right? And since then loads of movies have done that kind of trick, like that Thom Cruise dangly from the ceiling one. What was that? Mission Impossible.
ZOE. Yes, Mission Impossible.
CAROLE. So apparently he has this big scene where he doesn't actually, there's no sound, like nobody dangles down, there's no music or anything.
GRAHAM. Right, because it makes it more tense for the audience, because they're sort of thinking, what's gone wrong? Why is there no music here? It makes you a little bit more anxious.
CAROLE. You would love this, Cluley, really, really, really. You would really love it. It's heads across. Yeah, yeah. And as long, I mean, I love Kermode. Not everyone does. He's, you know, he's Marmite to a lot of people, but I think he's a bright young thing. And I just, well, not so young anymore. Sorry if you're listening. But it's a great, great show. So check it out. Mark Kermode's Secrets of Cinema. It's on the BBC iPlayer. There's 11 episodes there at the moment when I just checked. So enjoy.
GRAHAM. That sounds fantastic.
CAROLE. It is. It's awesome. It's awesome. It's awesome.
GRAHAM. And that just about wraps it up for this week. Zoe, thank you so much for coming back on the show again. And I'm sure lots of our listeners would love to follow you online and hear what you've got to say about things. What's the best way for folks to do that?
ZOE. You can find me on Twitter at ZSK.
GRAHAM. Marvellous. And you can follow us on Twitter at Smash Insecurity. No G. Twitter wouldn't allow us to have a G. And we've also got a subreddit up on Reddit. So just look for Smash Insecurity there. And don't forget, if you want to ensure that you never miss another episode, subscribe in your favourite podcast apps, such as Apple Podcasts, Spotify and Google Podcasts.
CAROLE. A huge thank you this week's episode sponsors, 1Password and Recorded Future, and to our wonderful Patreon community. Thanks to them the show is free for all. And for episode show notes, sponsorship information, guest list and the entire back catalog of more than 200-ish episodes, check out smashingsecurity.com.
GRAHAM. Until next time, cheerio. Bye bye bye.
CAROLE. Bye bye. That was a very subdued episode, guys. We were chilling out. It felt like a cocktail hour. I liked it.
GRAHAM. Yeah, I felt quite, I feel quite subdued today.
CAROLE. Yeah, you're tired. I think you didn't have your normal jump in your step.
GRAHAM. I didn't sleep very well last night.
CAROLE. You didn't sleep? Well, you know what you need.
GRAHAM. Yeah, I need Blofeld to plant subliminal messages in my head.
-- TRANSCRIPT ENDS --