This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

---

---

GRAHAM CLULEY. Like Snapchat, any images uploaded were meant to be automatically deleted after a short time, right? So there was that reassurance.

---

RON EDDINGS. Define deleted.

---

UNKNOWN. Well, define automatically. Smashing Security, episode 211. 19 hacking and bitcoin balls Ups with Carole Theriault and Graham Cluley. Hello. Hello and welcome to smashing security episode 211. My name's Graham Cluley.

---

CAROLE THERIAULT. And I'm Carole Theriault.

---

GRAHAM CLULEY. And Carole, we're joined this week by a special guest. First time on the show, but friend of the show, Ron Eddins from the Hacker Valley Studio podcast. Hello, Ron.

---

CAROLE THERIAULT. Hey.

---

RON EDDINGS. Hey. Thank you so much for bringing me on the podcast.

---

CAROLE THERIAULT. Welcome, Ron, to the Smashing Security world.

---

RON EDDINGS. Thank you. It is a pleasure to be here.

---

GRAHAM CLULEY. Well, it's great to have you here. And of course, you are calling in from America. Quite a big week for America.

---

RON EDDINGS. A lot going on. Yes. We have some transitions.

---

GRAHAM CLULEY. We're recording this on Tuesday and the inauguration is scheduled for Wednesday, isn't it?

---

CAROLE THERIAULT. Yeah, tomorrow.

---

RON EDDINGS. Yeah.

---

GRAHAM CLULEY. And so by the time people hear this, they'll know whether that has successfully worked out or whether—

---

CAROLE THERIAULT. Do you know what? Every single toe and fingers are crossed. I think most of us We just need a fricking break, right? It's just been insane for 3 years.

---

GRAHAM CLULEY. Martial law might have been imposed by the time this podcast comes out. No, no, no. Nuclear wasteland. I'm sure it'd go very smoothly. Sure there won't be any hiccups.

---

RON EDDINGS. It will. There's a moving company called— it's going to be a nice, quick, swift move out.

---

CAROLE THERIAULT. So Hacker Valley Studio Podcast, that's going super well, isn't it?

---

RON EDDINGS. Yes, we've had the honor to have you two both on twice to the show.

---

CAROLE THERIAULT. Oh my goodness. Ooh, Graham, I didn't know that you also got invited on. No, I'm kidding.

---

RON EDDINGS. Like if Graham was there, I wouldn't have come on.

---

CAROLE THERIAULT. Exactly.

---

GRAHAM CLULEY. Now what's coming up on our show this week, Carole?

---

CAROLE THERIAULT. Well, first let's thank this week's sponsors, 1Password and Recorded Future. Their support helps us give you this show for free. Now coming up on today's show, Graham, what are you looking into?

---

GRAHAM CLULEY. I'm gonna be getting down with the kids. Seeing how cool you two are as well.

---

CAROLE THERIAULT. Okay, Ron, what's your topic this week?

---

RON EDDINGS. My topic for this week is hackers steal, alter, and leak COVID-19 vaccine data.

---

CAROLE THERIAULT. Ooh, this is the serious bit. And I am going to bitcoin world where the currency is sky-high once again. So let's see who the losers are. So all this and much more coming up on this episode of Smashing Security.

---

GRAHAM CLULEY. Now, chums, chums, I felt it's been a while since we've had a quiz.

---

CAROLE THERIAULT. What, 7 days?

---

GRAHAM CLULEY. Did we not have one last week? And so I thought it was probably time that we did another one. Are you both ready to shout out if you know the answer?

---

CAROLE THERIAULT. Yes.

---

GRAHAM CLULEY. So, Ron, you practice making a buzzing sound.

---

RON EDDINGS. Beep.

---

GRAHAM CLULEY. Okay, Kroll, will you practice making a burble of some type? That'll do.

---

CAROLE THERIAULT. I can't do that again. Boops.

---

GRAHAM CLULEY. Okay, so I'm going to say a word and you're going to tell me what it means. And these are all examples of young people's slang. So Ron may have an advantage over you, Carole, just saying.

---

CAROLE THERIAULT. Why? Is Ron younger?

---

GRAHAM CLULEY. I would think so.

---

RON EDDINGS. I just had a birthday.

---

CAROLE THERIAULT. Oh, have you? Can we ask what the first number of your birthday is?

---

RON EDDINGS. It is a, well, it's finally a 3, so that gives it away.

---

CAROLE THERIAULT. We're about the same age, Graham.

---

GRAHAM CLULEY. What's your problem?

---

CAROLE THERIAULT. We're like, yeah, we are.

---

GRAHAM CLULEY. We are. All right. Quiz time. Quiz time. So first up, hundo P. Hundo P. What does hundo P mean?

---

CAROLE THERIAULT. I have no idea.

---

RON EDDINGS. I saw that in the document. I was like, what is that?

---

CAROLE THERIAULT. I have no idea.

---

GRAHAM CLULEY. No. Any guesses? Want to guess? Either of you? None of you buzzed. This is for a point.

---

RON EDDINGS. 100,000.

---

GRAHAM CLULEY. Oh, close. It's actually short for 100% or absolutely right on. You go, oh yeah, hundo P, man. Hundo P, bruh.

---

CAROLE THERIAULT. Okay, so basically you are, you're in this vernacular, you're hiding your support from the common person to someone else.

---

GRAHAM CLULEY. No, I think you're just communicating with another young person, Carole.

---

CAROLE THERIAULT. This is how you communicate. Yeah, no one can hear you support them.

---

GRAHAM CLULEY. Rather than saying gear or groovy, you say hundo P. Okay. Now here's an interesting one because of course the name of our podcast is Smashing Security.

---

CAROLE THERIAULT. For those that don't know.

---

GRAHAM CLULEY. Yeah. So what does smash mean? Smash?

---

CAROLE THERIAULT. What, like hit it? Like get it 100%?

---

GRAHAM CLULEY. Bullseye? I didn't hear your beep or buzz, Graham.

---

CAROLE THERIAULT. Oh, for God's sake.

---

RON EDDINGS. Oh, hello.

---

GRAHAM CLULEY. Here we got Ron. Ron's come in. What do you think smash means?

---

RON EDDINGS. Smash is something that I will not say on the podcast, but it's an act of some kind, right? Is it sexing?

---

GRAHAM CLULEY. It's not sexting, Carole.

---

CAROLE THERIAULT. No, no, sexing, sexing. Without the T. Like in real life.

---

GRAHAM CLULEY. Apparently, yes. Apparently it's to have casual sex.

---

CAROLE THERIAULT. Yeah, smash together. I didn't know that one, actually.

---

GRAHAM CLULEY. Oh, you didn't know that? Okay.

---

CAROLE THERIAULT. But I didn't know hundo pee. I'd never, yeah.

---

GRAHAM CLULEY. Okay, so curious that we chose that name. And the final one is fleek. Fleek.

---

CAROLE THERIAULT. Do you know what fleek is? I know that one.

---

GRAHAM CLULEY. Really?

---

CAROLE THERIAULT. Yes.

---

GRAHAM CLULEY. Oh, you haven't buzzed though.

---

CAROLE THERIAULT. Yeah, I'm not playing the game. Okay, go, go, go, Rod, go!

---

RON EDDINGS. Fleek is like— really good, on point, spectacular.

---

GRAHAM CLULEY. Right.

---

RON EDDINGS. And if it's ongoing, then you use the word fleeky. Ooh.

---

CAROLE THERIAULT. Fleeky.

---

GRAHAM CLULEY. Okay. Well, Ron—

---

RON EDDINGS. My niece taught me that.

---

CAROLE THERIAULT. Ron, as we're in the same generation, can you give us one more young people slang? I just can't think of any right now, but can you give us one that's not on the list?

---

RON EDDINGS. What about fire?

---

CAROLE THERIAULT. Ooh, I don't know what that means.

---

GRAHAM CLULEY. Fire?

---

CAROLE THERIAULT. Use it in a sentence.

---

RON EDDINGS. Like the Smashing Security podcast is fire. Like check it out.

---

GRAHAM CLULEY. It's hot. Yeah, hot.

---

CAROLE THERIAULT. You definitely don't want to add on fire, right?

---

RON EDDINGS. No.

---

CAROLE THERIAULT. Yeah. Yeah. Okay.

---

GRAHAM CLULEY. So Carole, would you say you're on— are you on fleek?

---

CAROLE THERIAULT. Always on fleek, man.

---

GRAHAM CLULEY. Oh, really? Interesting. So would you say your eyebrows are on fleek?

---

CAROLE THERIAULT. I would say I've got excellent eyebrows. So yes, they are.

---

GRAHAM CLULEY. Would you say any other part of your body is on fleek?

---

CAROLE THERIAULT. I don't know, Graham. That's getting a bit rude.

---

GRAHAM CLULEY. The reason why I'm asking is because fleek is not just a young person's slang for, you know, being on point or being super duper. It's actually a social media app.

---

CAROLE THERIAULT. Yeah, isn't it? Snapchat's answer to TikTok? Is that right?

---

GRAHAM CLULEY. Oh, you're close. You're close. So Snapchat has a feature called Campus Stories.

---

CAROLE THERIAULT. Okay, I don't know that one.

---

GRAHAM CLULEY. Apparently with Campus Stories, if you've got a phone and you've been on certain college campuses or were there in the last 24 hours, you are able to post to that college's campus story, which means that you're able to share photos and things like this. Now, Fleek was very much in that vein, but it was uncensored and X-rated, and it became really popular with students.

---

CAROLE THERIAULT. What do you mean? Okay, whoa, whoa. Do you mean like it was porn or it's just that maybe it was a bit more edgy in its pictures and not safe for kids?

---

GRAHAM CLULEY. Well, it was beloved by students who wanted to share particular photographs, which maybe they didn't want to put on more family-friendly social networks.

---

CAROLE THERIAULT. So if I'd photocopied my butt at the work photocopier.

---

GRAHAM CLULEY. I don't think anyone would want to see that.

---

CAROLE THERIAULT. You're outrageous. But if I did do that, I would put it on this, on Fleek, not on my typical Instagram or whatever, where my mom and grandma follow me.

---

GRAHAM CLULEY. And then I'd be calling the photocopier repairman. That's absolutely correct.

---

CAROLE THERIAULT. Yes.

---

GRAHAM CLULEY. Maybe some kids and some disinfectant as well. So yes, so if you didn't want your parents and future employers to see something, you might post it on Fleek. And people were posting pictures of themselves engaged in sexual activity, maybe a bit of smashing—

---

RON EDDINGS. Smashing Security.

---

GRAHAM CLULEY. —going on. They were embarrassing themselves. They were taking drugs. And—

---

CAROLE THERIAULT. Drugs, you say?

---

GRAHAM CLULEY. Yes, indeed. Not just aspirin. And so there you would go if you wanted to watch that kind of thing or check that kind of thing out on Fleek. You know, my mum thought you were really grubby last week. Well, hopefully she will now see that I'm a paragon of virtue, and it is her daughter who claims to be on fleek. Now, like— like— hello, Karen. Like Snapchat, any images uploaded to Fleek were meant to be automatically deleted after a short time, right? So there was that reassurance. Right.

---

CAROLE THERIAULT. So if you took a picture of your junk, You would know that after a certain amount of time it would be gone and no one else would see it except for the intended.

---

RON EDDINGS. Yes. Define deleted.

---

GRAHAM CLULEY. Well, define automatically. Because it turns out that Fleek's developers weren't automatically deleting all the images uploaded to the app by their users. In fact, what they were doing was they continued to store them.

---

CAROLE THERIAULT. Well, the particularly delicious ones.

---

GRAHAM CLULEY. Well, I don't know quite what their criteria was, but they continued to store them even after the app itself completely shut down. And so these were being stored on the company's servers out there in cyberspace.

---

CAROLE THERIAULT. Who owns Fleek? Is Fleek like a standalone social media?

---

GRAHAM CLULEY. Yeah. So Fleek isn't part of Facebook, isn't part of any of the well-known— it was owned by a company called Squid Inc. Which is quite a clever name really, isn't it? Squid Ink, if you think about it. I thought it was clever because ink, Crow, incorporate ink. You know, squids and ink. Yes.

---

CAROLE THERIAULT. Oh, you mean squid like incorporated. It's not like called Squid Ink Incorporated.

---

GRAHAM CLULEY. You claim to be the same generation as Ron. I think so. I am. You've proven yourself to be quite a lot slower. Now, it wasn't just pictures that were being stored because obviously they wanted people to use the site, and they also quite like to monetize it. So what they did was they tried to entice male users into paying for access to the chat room. And what they appear to have done is that Fleek created fake bot accounts using photographs of young women that they'd scraped up from the internet. Sounds very Ashley Madison to me.

---

CAROLE THERIAULT. It does, doesn't it?

---

GRAHAM CLULEY. The fembots of Ashley Madison. And then they sent messages to men, invited them to chat, and the only way that men could view those messages was to pay Fleek a small fee.

---

CAROLE THERIAULT. But what would those messages say, do you think? Hey, hottie, hot, hot.

---

GRAHAM CLULEY. Fancy a smash with your fleek eyebrows?

---

CAROLE THERIAULT. How many men would actually understand what that means?

---

GRAHAM CLULEY. Your hundo pe— Yes, but it's not aimed at people like you and me, Carole.

---

CAROLE THERIAULT. Well, I'm asking Ron in case he's— Yeah, let's speak to Ron.

---

GRAHAM CLULEY. Let's speak to Ron.

---

RON EDDINGS. They paid $5.99 to start that chat. So they're like, hey, I paid to talk.

---

CAROLE THERIAULT. I don't know. Yeah, but like for $6, right? For $6 or however, I don't know how much it costs. Must cost something like that, right? It's the price of coffee. So their expectation might be quite low. It's like a coffee date. Okay, so these guys have paid money. They've like paid cash and they're talking to robots.

---

RON EDDINGS. Why didn't they use the pictures that they didn't delete instead of scraped images?

---

CAROLE THERIAULT. Wow. Wow. Ethical, Ron. Geez. True.

---

GRAHAM CLULEY. Anyway, the app you will be sorry to hear closed down in 2018. 2019. Ah. Newsworthy as always. I love it. Well, you would think that'd be the end of it, but no, no, no, because there is a news angle. Security researchers at VPN Mentor have just revealed that they stumbled across an Amazon Web Bucket containing pictures and chat logs belonging to Fleek.

---

CAROLE THERIAULT. I love that word stumbled, like been looking, looking nonstop for months, uh, trying to find an open Amazon Web Bucket so they could go out and dox Good news on. Okay. But they found— So they stumbled across an Amazon Web Bucket.

---

GRAHAM CLULEY. No password required. Anyone in the world could access. And of course, umpteen opportunities for blackmail. Not just pictures, but chat logs as well.

---

CAROLE THERIAULT. Oh, so these were the pictures that they said they had deleted. Correct. And the chats they said they had deleted. Correct.

---

GRAHAM CLULEY. And the app no longer exists, right? So it's not like you had the option. To go in and delete your account or—

---

CAROLE THERIAULT. And go to Fleek and go, yo, yo.

---

GRAHAM CLULEY. Right. Very good. But no, I'm showing how street I am. 100p. Now, the researchers, they managed to access 377,000 files, 32 gigabytes of data, data which had been uploaded to Fleek between 2016 and 2019, the app no longer exists. And they tried to contact Squid Ink to, you know, to say, can you do something about this? And because Fleek doesn't exist anymore, they couldn't get ahold of them. So they had to go straight to Amazon instead to shut down the bucket.

---

RON EDDINGS. 2016 to 2019, that's a long time to learn to realize you're talking to a bot.

---

CAROLE THERIAULT. Yeah, totally. Yeah. So, okay, so, So Amazon have closed this down. They have now. And thank God it was found by someone as reputable as VPN Mentor and not some ne'er-do-well that wanted to slap it all over.

---

GRAHAM CLULEY. Who knows who else might have accessed the data in the meantime and could potentially have grabbed it? Because if it was possible for their researchers to find it, possible for other ne'er-do-wells to do the same too. But here's the problem. Here's the thing which I think people need to think about is that you may join a site, you may share information with the site, You may even trust its privacy policies, which I'm sure would have said that they were deleting data and not storing it, which clearly they abused. But what happens when the site goes defunct? Yeah. And you have no means of ensuring your data's been wiped.

---

RON EDDINGS. And who was paying for that storage in the meantime? It sounds like someone didn't want to delete that data still.

---

GRAHAM CLULEY. It's a bit odd, that one, isn't it? You do imagine that Amazon would have been policing that and spotted if someone hadn't been paying.

---

CAROLE THERIAULT. Somebody was paying. Yeah, but maybe, maybe they So they blocked access but kept the data?

---

GRAHAM CLULEY. What, in case they came back? I don't know. These are all excellent questions. No, no, we're not trying to find answers.

---

CAROLE THERIAULT. I'm not trying to show that you haven't done your homework. I think it's actually a really important issue because think of how many apps we give info to. Yeah. I mean, everyone now, I'm sure, under the age of 40 has probably either entered an insurance kind of comparison website information or a dating site where they ask tons and tons of questions, or social media. Like, there's tons of websites out there with our info. That's true. Kind of scary to think about when they die. They just kind of basically like a mall in the States, you know, when they, they kind of just have these, these kind of ghost malls, right? Like that where no one— there's no businesses there at all. It's just this empty, huge mall that just sits there. And it's kind of like that with all this kind of stuff inside it.

---

GRAHAM CLULEY. No one's looking after it. It's a nightmare vision, Carole.

---

CAROLE THERIAULT. There's a lot of them in the States, Ron. You've seen, you know what I'm talking about.

---

RON EDDINGS. Ghost malls.

---

CAROLE THERIAULT. You don't know what I mean?

---

RON EDDINGS. Sounds like free land to me. Those get— at least here in Austin, Texas, that ghost mall would be gone in a few weeks.

---

GRAHAM CLULEY. Okay, Ron, what have you got for us this week?

---

RON EDDINGS. This week I have hackers steal, alter, and leak COVID-19 vaccine data. So the story behind all of this is last month there were reports that hackers stole confidential documents that Pfizer and a company called BioNTech had submitted to European Medicines Agency, acronymed EMA. But Friday, word emerged that the hackers leaked and falsified the information that were in the documents. Okay. Whoa.

---

CAROLE THERIAULT. So So let me just make sure I understand. So they, they not only put out all the information they gathered, but they kind of tweaked it so it wasn't bona fide data?

---

RON EDDINGS. Exactly. And I'm not sure about you two or the listeners, but this is a true testament to what my parents always say, not to believe everything you read on the internet.

---

GRAHAM CLULEY. And that's what happened here. So you're telling me that criminals who hacked into an organization and stole data can't actually be trusted to give you the data without having tampered with it.

---

RON EDDINGS. We shouldn't trust these guys. So untrusted that each source didn't even believe them. And I think it was due to a bit of a lack, lack of creativity. And my biggest gripe is the name of the file that was online in the darkweb. You think it would have been COVID-19 exposed or The truth about Pfizer and BioNTech. But the name of the file was boringoldema_leaks.zip. Oh, interesting. It's unimaginative, isn't it?

---

CAROLE THERIAULT. See, that makes me think it's an inside job because, you know, when you're inside a company, you live in that micro world and you kind of think that everyone lives in that micro world as well. So you kind of assume everyone understands the acronyms you use and you speak to people outside that world and like, I don't know what you're talking about. Right? Right. So yeah, because the fact that they use EMA.

---

GRAHAM CLULEY. Anyway, can I just say— I don't know, Krow. I think I take a slightly different view on this. Because I think— Unusual? If they'd said, 'The truth exposed about COVID-19 vaccines,' or something like that, you might be more likely to think that—

---

CAROLE THERIAULT. You might have felt clickjacked?

---

GRAHAM CLULEY. Well, yeah, or you might feel that this is something which has been deliberately put together with some kind of agenda. And so maybe you'd think it more likely that the data has been tampered with. Where is it? Oh, so shit headlines.

---

CAROLE THERIAULT. Shit headlines give you more credibility.

---

GRAHAM CLULEY. Well, no, I'm just saying the file name. If you simply say, here is the EMA data which has leaked out, and then people open it and they find for themselves, ooh, juicy stuff here, they might think because—

---

CAROLE THERIAULT. Yeah, leaks is, don't you think that's a weird word to put into a file name?

---

RON EDDINGS. Like you'd think EMA secrets. Right. EMA Confidential. Yes. Like, ooh, I need to click this. And it was a zip file. So that means there's files within it. You're going to have to go through them to find the juicy data. You might as well give it a juicy file name.

---

GRAHAM CLULEY. Well, I appreciate that you're giving hackers more ideas.

---

RON EDDINGS. This is good. Excellent. Exactly. And within this leak, there was some information about EMA conversations between the staff. And also about the vaccine production, they really wanted to discount the efficacy of the COVID-19 vaccines produced by Pfizer and BioNTech.

---

GRAHAM CLULEY. Huh. So the intention is to basically sow distrust, do you think, and maybe make people think that they can't trust the vaccines because of the secrets which have, quote, leaked out?

---

RON EDDINGS. And this is where Carole Theriault could have been correct about it being an insider job because they discredited one vaccine by Pfizer, not the other one that was done by Moderna. Oh. Hmm, interesting.

---

CAROLE THERIAULT. So it's a disinformation campaign, right? That's basically what it feels like to me.

---

RON EDDINGS. That's what it seems like.

---

GRAHAM CLULEY. Yeah. So who would be behind this?

---

CAROLE THERIAULT. Well, who's been behind it for the last 5, 10 years, Graham?

---

GRAHAM CLULEY. You're not saying the Belgians again, are you?

---

CAROLE THERIAULT. It's always the Belgians. We know about you guys. We know. We don't talk about it, but we know.

---

RON EDDINGS. A few of the sources did also say, um, hate to just point the finger, I'm not pointing any fingers, but no, no, the leak was in Russian. Like, the conversation on the darkweb was in Russian. So they're like, maybe it was someone over there.

---

CAROLE THERIAULT. Yeah, but like, anyone would do that, right? Right. Like, even a Canadian, right? If they wanted to hide, you'd buy that, just make it, put it in Russian.

---

RON EDDINGS. No, they're too nice. They are.

---

CAROLE THERIAULT. We are. We are.

---

GRAHAM CLULEY. Fro, what's your story for us this week?

---

CAROLE THERIAULT. Well, I love when my two pod passions intersect in a natural way. So today I have the next installment of a UK bitcoin fiasco we talked about years ago on Smashing Security. And a number of sticky pickles have surfaced in this little shit show. TM. And the question is, what would you do? TM. So let's talk bitcoin. Plug those here.

---

GRAHAM CLULEY. Unbelievable. Unbelievable.

---

CAROLE THERIAULT. Now, are you guys no-coiners or are you dabbling in the digital currency that is known as bitcoin?

---

GRAHAM CLULEY. I have a small cryptocurrency investment. But it is quite small and I'm not very active with it. It's just hidden away, hidden away for a rainy day. Mm-hmm. Or not, as the case may be.

---

CAROLE THERIAULT. Ron, care to come clean?

---

RON EDDINGS. I am a dabbler. I don't have like, I'm not really too invested in bitcoin or crypto, but like, uh, Graham said, you know, it's always nice to have a little bit just in case you feel a little FOMO or the FOMO comes to fruition.

---

CAROLE THERIAULT. Interesting. We talk about FOMO. That's coming up. Excellent. Well, I, you know, I'm kind of jealous 'cause I'm a nocorn. Right? And currently it's a whopping $36,000 per bitcoin, which is not the highest it has been, but that's still a serious chunk of change. And the reason it's so high is because people are buying a lot of it right now. And any ideas, what would you guys say that the reason is? Do you wish to put it down to troubling times or do you think there's something a-go-go?

---

GRAHAM CLULEY. I think people are buying bitcoin because they think the price is gonna go higher. I don't know. I'm not sure if there's really any other reason to buy bitcoin. It's not like you're likely to make many purchases with bitcoin in my experience. I know there's some things you can buy with bitcoin for privacy reasons, but—

---

CAROLE THERIAULT. Illegal stuff mostly in our country, but—

---

GRAHAM CLULEY. Well, not just illegal, but it's— But I think it's primarily in the hope that the price triples.

---

RON EDDINGS. There was this story where I saw an NFL player, first time ever, took his salary in bitcoin. Wow. But I'm not sure about you all. I'm— I've made a few transactions in bitcoin just from like wallet to wallet. It's $10 per transaction.

---

CAROLE THERIAULT. Very high fee. Graham, you might remember you mentioned way back in episode 58 with Vanja Svajcer, who used to be on the show a lot. And there was this— it was a pick of the week. And you talked about the Bitcoin FOMO club.

---

GRAHAM CLULEY. Bitcoins have skyrocketed from, you know, $7,000 or whatever to almost $20,000. They're bordering on that, aren't they, at the moment? There have been countless people doing their maths on their missed opportunity. And he brought my attention to a website where you can find out how much you have lost out by not investing in Bitcoin earlier. All you have to do, and I'll put the link in the show notes, is go to a website called Bitcoin FOMO, FOMO.club. FOMO stands for fear of missing out. And you tell it, oh, I would have invested maybe $1,000 in Bitcoin on this particular date, and it'll tell you what it would have been worth today. So I've just done it. Have you just done it? It's, it's, it's scary, isn't it?

---

CAROLE THERIAULT. Right, so just to give you guys an idea, right? So if I had $100, if I had $100 and I put in $100 into bitcoin, or bought $100 worth of bitcoin in January 2019, right, what would you think I would be worth now?

---

GRAHAM CLULEY. Oh yeah, $100. Um, I'm going to say it's now worth $350. You're shy. $1,000, about $1,000.

---

CAROLE THERIAULT. Yeah, okay, so 10-time return in a year. That's not bad.

---

GRAHAM CLULEY. That's pretty impressive, isn't it? I may have to go and— can I— I might leave the podcast for a minute, go and sell some bitcoin.

---

CAROLE THERIAULT. And had you done it in January 2016, your $100—

---

RON EDDINGS. oh, oh, $100,000? No, $9,000. Oh, okay.

---

CAROLE THERIAULT. Even then, so January 2016 has been pretty high in terms of value, but had you done it in 2011 almost 12 million. Oh, don't— so there's a big difference there. Now, over the past decade, we've heard countless stories of the poor folk who have lost their bitcoin because they lost access to their digital wallets that was holding their precious, precious bitcoins. It's apparently— it's believed that, uh, 20% of bitcoin is lost or inaccessible. 20% of the bitcoin. Really? And I believe that because only 1% of companies have invested in bitcoin, right? So this is individuals investing in this stuff.

---

GRAHAM CLULEY. And people have forgotten how to access it or lost their keys, lost the machine.

---

CAROLE THERIAULT. They didn't know what kind of wallet they had, they forgot the password, whatever. Like, you might remember in episode 167 with Anna, Anna Braden, she told us about how Clifton held his bitcoin keys in his a phishing rod. And at the time of recording, that fortune was worth $60 million. And that's like a lot of Big Macs you forfeit.

---

GRAHAM CLULEY. To be honest, I think once you've had $60 million worth of Big Macs, you're not going to worry too much about it could now be $70 million worth of Big Macs.

---

CAROLE THERIAULT. New York Times last week reported that Stefan Thomas, he's a German-born programmer, right? And who lives now in San Francisco. He 2 guesses left to figure out his password that's worth $220+ million. Yeah.

---

RON EDDINGS. And how frequently do you, like, take that chance? Do you wait a few weeks or you wait a few months?

---

CAROLE THERIAULT. That's the worst. That's the worst, the guessing, because you can only, you know, you only got 2. That's— I just don't understand how, like, you wouldn't crowdsource that, right? In his situation, why wouldn't you get the best minds on it You know, say you'll split the, you'll split the spoils or give them a cut or whatever and seriously just figure it out.

---

RON EDDINGS. He needs to call Elon Musk and use the Neuralink. That's a great use case for it, right? What was your password years ago?

---

CAROLE THERIAULT. Okay, now I really want your opinion on this last one. Okay, so this is the case of the infamous James Howell. Okay, I don't know, you probably don't know this story, Ron, but in the UK it's a big story. So this is this Welsh Bitcoin snafu. So this is back in 2013, this guy acts accidentally tossed out his old hard drive. Oh, and the problem was that it held all the authorizations to his Bitcoin wallet holding 7,500 bitcoin. Wow. Okay, yeah, like a serious chunk of change. Now, uh, according to CNN, he first discovered the hard drive was missing when his bitcoin was worth around $9 million, and, uh, today it's worth $273 million. Oh my goodness. So serious money here. Though the reason he lost it, the reason, the way it happened is apparently he had two identical hard drives and he threw out the wrong one. And he says, quote, I have to laugh about it now. And I'm like, laugh? Bet you cry a lot, James.

---

RON EDDINGS. He tells everyone that story like, you know how much I'm really worth if I find my hard drive?

---

GRAHAM CLULEY. Did you say $219 million?

---

CAROLE THERIAULT. Is that what you said? $273 million.

---

GRAHAM CLULEY. $273 million. He could basically buy all of Wales for that. He could be the King of Wales.

---

CAROLE THERIAULT. Graham, very interesting you say that. So back in 2017, he offered around $7 million to the council, right? To let them have a rummage in the dump because they're convinced it's in the dump, in the Newport City dump. Because bitcoin's been skyrocketing, he's obviously getting itchy, right? It's even worse now. He's upped the offer to the city. It's quoted here in The Guardian saying, I offer to donate 25% or $70 million to the city of Newport in order to distribute to all local residents who live in Newport should I find and recover the bitcoins.

---

GRAHAM CLULEY. Ah, but yes, this is only if he manages to recover the hard drive and is able to access the data on the hard drive.

---

CAROLE THERIAULT. Exactly. Which again makes me think, if his story is worthy, why aren't investors kind of backing him and offering the money up to the council now so he can go have a rummage with his boys and girls that want to find it. Oh, but you—

---

GRAHAM CLULEY. I mean, this is ridiculous though, isn't it?

---

CAROLE THERIAULT. Because have you been to Wales? Yes, I've been to Wales. It's a very beautiful place. It is very beautiful.

---

GRAHAM CLULEY. It's super country. It's raining all the time, right? So that hard drive is not going to be in such a great condition.

---

CAROLE THERIAULT. Green, green grass of home.

---

GRAHAM CLULEY. That's why it's green, green grass. It's beautiful. It's— well, yes, obviously, but wet. And so I think rather than getting investors to try and ever increase the bribe to the council, maybe he needs to rally together the people of Newport. Maybe he needs an army to descend on the landfill with their spades and say— What the hell are you drinking right now?

---

CAROLE THERIAULT. There is enough nonsense going on in the world right now. We don't need people with pitchforks.

---

GRAHAM CLULEY. I didn't say pitchforks.

---

CAROLE THERIAULT. I said spades. Well, okay. You see, that's how misinformation happens.

---

RON EDDINGS. The real problem is it's at a dump. And who wants to do a search and rescue mission there? For a hard drive.

---

GRAHAM CLULEY. Ron, have you ever been to Wales? It's not that bad. They'll be able to cope.

---

CAROLE THERIAULT. Imagine you guys live in Wales. Okay, you guys are residents of Newport, Wales, right? And this guy, James, has worked out that if he's going to give you a cut of the money as a person who lives in the city, and it works out that you're going to get $140, £175. That is your cut of the 25% he's offering up.

---

GRAHAM CLULEY. I want more than that.

---

RON EDDINGS. I want more than that. Well, if you find the hard drive, just take it all for yourself.

---

GRAHAM CLULEY. Exactly. And how are we to say if he does manage to get the hard drive back and extract the key, you know, to access his bitcoins? Yeah. What's to say that he won't get cosmetic surgery, go on the run, you know, witness protection? I love it's cosmetic surgery.

---

CAROLE THERIAULT. I love that that's the first thing you think of.

---

GRAHAM CLULEY. Yeah, because he'll run off and you'll never get your share.

---

CAROLE THERIAULT. What about hair plugs?

---

GRAHAM CLULEY. I think this is a disastrous idea. And I think well done to the council for not allowing this nonsense to go ahead.

---

CAROLE THERIAULT. You want to hear his science?

---

GRAHAM CLULEY. Oh, okay. Go on then.

---

CAROLE THERIAULT. Quote, the plan is to dig a specific area of the landfill based on a grid reference system and recover the hard drive whilst adhering to all safety environmental standards.

---

GRAHAM CLULEY. Here's the science. Here's the science I want to know.

---

CAROLE THERIAULT. The drive would be then presented to data recovery specialists who can rebuild the drive from scratch new parts and attempt to recover the tiny piece of data that I need in order to access the bitcoins. That's his, that's his master plan.

---

RON EDDINGS. Graham, this relates back to your story. Like, you try to delete the data, but define delete as someone's gonna come up and they're gonna be like, hey, this is the Fleek data again.

---

GRAHAM CLULEY. He should have uploaded it to Fleek, shouldn't he? He should, that's what he should have taken a photo of his hard drive. Maybe if you analyze a photograph well enough, you can extract the data. Off the hard drive. How about get some—

---

CAROLE THERIAULT. Why do we care if this nutjob wants to go, you know, milling around in the dump?

---

GRAHAM CLULEY. I'll tell you why you want to care, because otherwise every other nutjob comes forward. So what? Well, what about my local—

---

CAROLE THERIAULT. And then they're gathered up in one place.

---

GRAHAM CLULEY. Right, right. Stop right there. Okay. Because what happens when my local dump, okay, suddenly has people going to it, even though there's no one claiming that there's a hard drive there? Chances are—

---

CAROLE THERIAULT. You've been out there very often.

---

GRAHAM CLULEY. Chances are there is a hard Well, sometimes I go to the dump and I take some rubbish and I don't want to fight back people with spades digging around for hard drives in the hope that there might be someone's bitcoin crypto wallet key on it. It's just insanity.

---

CAROLE THERIAULT. I personally could not care less if someone was rummaging through the dump trying to find something of value. Good for them. Recycle, reuse.

---

GRAHAM CLULEY. You're an irresponsible member of society. Imagine—

---

CAROLE THERIAULT. No, you are. Sorry, Ron, this is getting a little heated. What are your views on this?

---

RON EDDINGS. Whose side are you on? I say, I say, you know what, if he's offering $70 million, go for it.

---

GRAHAM CLULEY. Unbelievable.

---

CAROLE THERIAULT. I also think he's a little bit greedy. Surely he could offer 75% of the, you know, why does he have to keep $200 million for himself? True. Yeah, does he need $200 million? Who needs that?

---

RON EDDINGS. Well, is he part of the, the mission? Is he going to the dump also, or is he benefiting.

---

CAROLE THERIAULT. Is he— yeah, is he gonna do any of the work?

---

RON EDDINGS. If he's doing most of the work, then all right, I think 20% is okay. But if he's not, then yeah, totally 70%, maybe even more. You get 5%. How much—

---

GRAHAM CLULEY. how many hair plugs can you get for that kind of money?

---

CAROLE THERIAULT. Graham, you had a quiz. I've got a quiz for you. What can people do to stay safe online at home?

---

GRAHAM CLULEY. Go. Well, I'd recommend 1Password for families. Protect all your family with password management software. Okay, why? Well, you can share your logins with your family, passwords, credit cards, and you can do it safely. You'll get alerts if accounts are compromised, and it's really easy to set up.

---

CAROLE THERIAULT. Cool, where can I learn more?

---

GRAHAM CLULEY. We can find out more at 1Password.com, and until March 31st, if you purchase a $50 gift card, you'll get $10 towards a YubiKey security key for strong two-factor authentication. Nice. Ooh. Find out more at 1password.com/giftcards. Smashing Security is sponsored this week by Recorded Future. They empower organizations revealing unknown threats before they impact a business, helping teams respond to alerts 10 times faster. Recorded Future does this by automatically collecting and analyzing intelligence from technical, open web, and darkweb sources. Well, you too can access the up-to-the-minute security intelligence that allows Recorded Future clients to make fast, confident security decisions by installing their free browser extension, Recorded Future Express. Go and grab it now at smashingsecurity.com/recordedfuture. That's smashingsecurity.com/recordedfuture. And welcome back. Can you join us on our Patreon? Favorite part of the show, the part of the show that we like to call Pick of the Week. Pick of the Week. Pick of the Week. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security related necessarily. Better not be. Well, my Pick of the Week is not security related this week. I want to take you back in time to 19— Oh, again.

---

CAROLE THERIAULT. It's not gonna happen one more, isn't it?

---

GRAHAM CLULEY. I like the old days. Yeah, I know, I know. And in particular, I like retro television. I'm a big fan of retro television. But I'm going to take you back to a show which I watched in 1987. And I remember seeing this— Have you watched it since then? Well, yes, because I've watched it in the last week. Hence, I'm recommending it to you now.

---

CAROLE THERIAULT. Okay, I just, I thought I was worried we were relying on your memory from way back then. I was going to be like, okay, sketchy.

---

GRAHAM CLULEY. You can watch this on YouTube, and I think it's quite a well-known piece of film. It was a little thing done by the BBC, which was a masterclass by Michael Caine about how to act in film.

---

RON EDDINGS. I don't know if I've ever seen this.

---

GRAHAM CLULEY. Have you never seen this? It is fascinating. So, 1987, Michael Caine, and he's got about 4 or 5 young actors with him, one of whom is actually, subsequently became relatively famous, Celia Imrie. So what Michael Caine does in this hour is he's chatting to these people and you're watching and he's explaining how to act in front of the camera and how to appear natural. And so what he does is he gets the actors to perform scenes from some of the movies that he's been in, things like Educating Rita, Alfie, and Death Trap. You may remember he was in with Christopher Reeve. And it's really good.

---

CAROLE THERIAULT. I wonder how many people watch this to try and act English, like literally just to kind of pretend to be English.

---

GRAHAM CLULEY. Well, it's Michael Caine, so it's not sort of like anyone for tennis acting. It's not sort of, "Eh, I say, oh jeez, you must know." I don't think that's the majority of Brits.

---

CAROLE THERIAULT. I don't know. I don't know where you live, but—

---

GRAHAM CLULEY. But it is an absolute masterclass, is the right word, in how to be still. And silent and rather dangerous.

---

CAROLE THERIAULT. You're very, very good at that, Graham.

---

GRAHAM CLULEY. In front of the television.

---

RON EDDINGS. He's taken the class.

---

CAROLE THERIAULT. Yeah, yeah, he is. Yeah, you always get a sense of danger when Graham's around. Threatening.

---

GRAHAM CLULEY. What you come out from watching this is not only— because he's given you real techniques in how to do this. And I'm not an actor, but I find it fascinating to watch the things he's doing. Because normally you see an actor on the screen, you think, well, what are they doing? They're just not bumping into the furniture and they're saying some lines. But oh no, no, no. When an actor is good, when an actor is— very natural in front of the camera. It's really impressive. And some of the young actors—

---

CAROLE THERIAULT. You really think acting is just doing that? Did you really think it was just a piece of whatever?

---

GRAHAM CLULEY. Sometimes. Sometimes. But when you see some of these young actors he's teaching, right? When you see them do a scene from Alfie, for instance, and they do it in such a theatrical way, and then he does it, and he picks them up and he says, "No, no, no, do it like this." So much of a difference. And it's fascinating. And that is why I'm recommending, and I'll put it in the show notes, a link to the Acting in Film Masterclass by Michael Caine. Great piece of TV from 1987. And I really enjoyed it this week, which is why it is my Pick of the Week. And breathe. That's called acting. That was a big finish.

---

CAROLE THERIAULT. I will watch this. I didn't like your Pick of the Week last week. I didn't dislike it. I just, whatever. This one I'm definitely going to check out. Tell me. Sounds awesome. It does. It's good.

---

RON EDDINGS. You always think you can act until you watch yourself back. It's like, do I sound like a robot? Really?

---

CAROLE THERIAULT. I don't know. I don't think I could act.

---

GRAHAM CLULEY. Ron, what is your pick of the week?

---

RON EDDINGS. My pick of the week is Damn Fine Story: Mastering the Tools of a Powerful Narrative by Chuck Wendig. It is a book. It is phenomenal. And I have a question for you two. Okay. Who answers first? Let's go Graham. Okay. Okay. What do Luke Skywalker, Graham Cluley, and Carole Theriault have in common?

---

CAROLE THERIAULT. The Force is with us. Bad hair?

---

GRAHAM CLULEY. Well, oh, hang on. Carole's married to a Wookiee.

---

CAROLE THERIAULT. I'm married to Chewbacca, actually.

---

GRAHAM CLULEY. Not any old Wookiee. Not any old Wookiee. I'm not sure. Is it that we all started a long, long time ago?

---

RON EDDINGS. You would never guess, but you two are storytellers. You're constantly telling stories on your podcast. We did the topics and our pick of the week, and they're all kind of done through a narrative that is interesting through a story. But the thing that you all have in common is you all are the characters that we care about. Each week, two archenemy best friend heroes unite and expose the truth while debunking myths. And that is you two. And the best part about a story is the characters are the problem. That's you two. You two are the problem each week. And the stories that you tell—

---

GRAHAM CLULEY. One of us is a very big problem. Us two are the problem.

---

RON EDDINGS. The stories that you tell are the solution. And that's what makes a great story is great characters along with the solution. That are presented to the characters.

---

CAROLE THERIAULT. I think that's very true, Graham. I think you are the problem. And then when I tell my story, the solution shows itself and everything's great. That's really good, Ron. You're so insightful, man. Thank you.

---

RON EDDINGS. That's what I was going for. Sorry, Graham.

---

GRAHAM CLULEY. So it's called Damn Fine Story by Chuck Wendig.

---

RON EDDINGS. Yes, it's a great book. And it really breaks down some of the elements of a story that that regular storytellers might overlook. Like, we typically get so caught up in a story is a beginning, a middle, and an end, and it has a problem followed by a climax and resolution. But there's so much more depth that can be within a story. You can really tell a lot of things through the characters. Like, if you focus on the characters rather than the problem and the solution, there's a lot more interesting things that can happen. When I'm writing a story, I might write a story about cybersecurity, for instance. But what happens if cybersecurity was done on a remote island and it's dark, it's cold, and the only way to survive is by hacking others? You know, when you start to bring in those elements of a story, it's like, hmm, now my imagination starts to kind of be more exposed. I have to think harder. Yeah.

---

CAROLE THERIAULT. See, it doesn't always have to be smutty, Graham. Right? Be creative.

---

GRAHAM CLULEY. I'm just not rising to any of this, girl. Okay. All right, Carole, what's your pick of the week?

---

CAROLE THERIAULT. Okay, did you guys ever watch The Office? Yeah, of course. Yeah, right. Okay, I don't know if you saw the UK version, Ron. I never watched the, the US one. I know I saw a few episodes, but I didn't kind of watch the whole series. But I'm assuming it was the same in that it made you feel really uncomfortable, like the humor was just like—

---

GRAHAM CLULEY. it's good, it's different, it's a different show. But, but it— I think both of have their merits.

---

CAROLE THERIAULT. If they both have that discomfort thing, don't they? That, you know, that level when you're watching, you're like, oh my God, he's not going to do— oh my God, no, he is going to do that. He is doing that. He's doing that right now. I need to go hide behind the couch and not watch this. That kind of show. Well, if you like that sort of comedy and you don't mind swirling in a little bit of like dark mystery drama, uh, you might want to check out Back to Life, which is just currently on Netflix. This was a BBC production which aired on BBC One back in 2019. And it stars Daisy Haggard, and she's this woman called Miri Mattson. And she's like a 30-year-old-something who's just returned to her family home in Kent after serving 18 years in prison. And you just— it's like 6 episodes of her kind of coming out and wanting to find her old boyfriend that she used to date when she was 15 or 16. And he never came to visit her once inside. And when she finally meets, you know, she's kind of fantasizing about getting back together with him. And then you meet him. He's such a pillock, guys. He's so bad. Like, he's so vile. And then he has the secret that almost made me hurl. Like, I, I literally jumped out of the room. I could not stand what was happening on television in that The Office times a thousand moment. Um, and I just— I, I'm putting it out there for all listeners. If you think you can stand anything, I think this is where you— if you want to make a bit of cash, just do a bet with your partner saying, can you do it? Can you do it? Whoever doesn't walk out, okay, $10, and see what happens, because wow. So 25 minutes each episode, 6 episodes, not a huge investment, and best thing I've watched all year.

---

RON EDDINGS. How many episodes till you walk out?

---

CAROLE THERIAULT. Oh, oh, it happens pretty early. Episode 2. Episode 2, it happens, and I, uh, I was shocked. I was so shocked.

---

GRAHAM CLULEY. Is it a better use of my time than going to the local dump and digging around for hard drives?

---

CAROLE THERIAULT. Um, in my view, absolutely. Absolutely. The writing's awesome. Daisy Haggard is incredible. I loved it. So the show is called Back to Life. It's a BBC production. It's now available on Netflix. Check it out.

---

GRAHAM CLULEY. Fantastic. And that just about wraps it up for this week. Ron, thank you so much for joining us on the show. I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?

---

RON EDDINGS. The best place to follow me and all the things I'm working on is hacker valley.com. You can also catch me on Twitter at @RonaldEddings and same for LinkedIn. You could just search me by name.

---

GRAHAM CLULEY. Fantastic. And you can find us on Twitter at Smashing Security, no G, Twitter wouldn't allow us to have a G. And you can also join the Smashing Security subreddit as well. And don't forget to ensure that you never miss another episode of Smashing Security. Subscribe in your favorite podcast apps such as Apple Podcasts, Pocket Apple Podcasts, and Spotify.

---

CAROLE THERIAULT. And shout out to this episode's sponsors, 1Password and Recorded Future, and to our wonderful Patreon community. It's thanks to all of you that this show is free for everybody. Now you can all find details on past episodes, sponsorship information, guest lists, and the entire back catalog of more than 200 episodes. Oh my God, we're still alive, Graham. Check out smashingsecurity.com.

---

GRAHAM CLULEY. Until next time, cheerio, bye-bye. Bye-bye. Bye.

---

CAROLE THERIAULT. All right. That's a wrap. Awesome. Awesome.

---

GRAHAM CLULEY. Thanks very much, Ron.

---

RON EDDINGS. You know, it's pretty crazy to hear because I feel like I sound like I'm reading something sometimes when I have guests on, but like when you guys start and when you end, it almost sounds It sounds pre-recorded, it's so good. Really? Wow. I was like, wait, are they playing something?

---

CAROLE THERIAULT. Say more, say more, Ron. Say more. Who's better at it, you think? Can we stop the recording now?

---

GRAHAM CLULEY. Please just stop the recording.

---

CAROLE THERIAULT. No, no, no, no. I just want to hear.

---

GRAHAM CLULEY. I don't think we need to record anything else.

---

CAROLE THERIAULT. I think— Do you know I went on Hacker Valley Studio and interviewed Ron and Chris?

---

GRAHAM CLULEY. Oh, did you? Yeah.

---

RON EDDINGS. That episode, by the way, is going to be out tomorrow.

---

CAROLE THERIAULT. Is it? Fab. I can't wait to hear it.

-- TRANSCRIPT ENDS --