Why are Zoom and Twitter making some people disappear? How are Counter-Strike: Global Offensive cheats getting their just desserts? And the founder of a anti cyber-fraud firm is charged with fraud.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
Visit https://www.smashingsecurity.com/197 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Mark Stockley.
Sponsored By:
- Immersive Labs: Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats.
- Check out their free ebook all about the MITRE ATT&CK framework, and how you can use it as part of your cyber skills strategy and improve your security posture by identifying weaknesses.
- Go to immersivelabs.com/smashing
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Package Thief vs. Glitter Bomb Trap — YouTube.
- CSGO Cheaters trolled by fake cheat software — YouTube.
- This Hacker Creates Fake Cheats That Make Cheaters Jump Off Buildings In-Game — Vice.
- Tweet by Colin Madland.
- Which will the Twitter algorithm pick: Mitch McConnell or Barack Obama? — Tweet by @bascule.
- GrahamOrCarole? — Twitter.
- Founder And CEO Of Cyberfraud Prevention Company Arrested And Charged With Securities Fraud Scheme — Department of Justice press release.
- Founder of Anti Cyber Fraud Company Charged With Fraud — Vice.
- Founder of cyber fraud startup ironically facing fraud charges — Gizmodo.
- Interview with NS8's Adam Rogas — YouTube.
- Mission to the Unknown Recreation - Doctor Who — YouTube.
- The making-of Mission to the Unknown — YouTube.
- Trillion Trees.
- Criminal: UK — Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
CAROLE THERIAULT. Hi everybody, Carole Theriault here. I just want to introduce you to a handful of beautiful people. These superstars are Patreon supporters of Smashing Security. This week, shout out goes to Chefkat Ajaz, Darren Wolf, Alwin Karuvilla, Vartan Andreev, Rafael Santiago, Kristen M, Michael Kebdi, Mark Luxton, Erwin Coy, and Jason. Thank you all for your support. It means the world to us. If you are not a supporter but would like to be and want to join this amazing community, you can find out all about it on smashingsecurity.com/patreon. It's pretty simple, right? SmashingSecurity.com/patreon. Okay, on with the show.
GRAHAM CLULEY. But would you expect antivirus software, for instance, to detect these? Should we be protecting the cheaters?
CAROLE THERIAULT. Are you trying to open a market to get AV onto consoles?
MARK STOCKLEY. I think that's a really interesting question because I'm not sure I would expect AV to detect— I don't think we need to name names here.
UNKNOWN. Smashing Security, episode 197: Greedy Bosses: Game Cheats. Ransomware, phishing, malware, LastPass, and virtual beheadings with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 197. My name's Graham Cluley.
CAROLE THERIAULT. I'm Carole Theriault.
GRAHAM CLULEY. And Carole, we are joined this week by returning guest, it's Mark Stockley. Hello, Mark.
MARK STOCKLEY. Hello.
CAROLE THERIAULT. Welcome, Mark.
MARK STOCKLEY. Oh, thanks.
GRAHAM CLULEY. Welcome back. We're so pleased that you weren't out and about doing something. Well, you can't be now anyway under British rules, can you?
CAROLE THERIAULT. Well, there's an announcement coming later today for the UK.
GRAHAM CLULEY. No, it's come out, it's come out, Carole.
MARK STOCKLEY. Oh, has it?
GRAHAM CLULEY. Yeah. Yep.
MARK STOCKLEY. Although there's probably one after the podcast as well. I'm a bit concerned. I haven't looked for 5 minutes. So I'm not sure I'm fully up to date. I think—
CAROLE THERIAULT. Are we back in lockdown or not yet?
GRAHAM CLULEY. We're in, we're out, we're shaking it all about.
CAROLE THERIAULT. Okay, great.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. As long as you do it with a mask on, I don't care.
GRAHAM CLULEY. But we have a podcast for you, don't we, Carole? What's coming up this week?
CAROLE THERIAULT. Well, first, let's thank this week's sponsors, LastPass and Immersive Labs. Their support help us give you this show for free. Now coming up on today's show, cranes visits the world of video game cheats. Mark looks into a virtual beheading on Twitter, and I'll introduce you to a very brazen but exceptionally dull IT security CEO. All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY. Now, chums, chums, do you love games? Do you love playing games, online games? Yeah. What kind of games do you like, Mark?
MARK STOCKLEY. I have just discovered, 10 years after it came out, World of Tanks.
CAROLE THERIAULT. Oh!
MARK STOCKLEY. Which is— that's good for me. Normally I'm about 20 years out of date on the games I play, but I'm now only 10 years out of date. I'm completely hooked. And I've succeeded in getting my son hooked as well.
GRAHAM CLULEY. Yes, my son plays this as well.
CAROLE THERIAULT. It's called World of Tanks?
MARK STOCKLEY. World of Tanks.
GRAHAM CLULEY. It's like a multiplayer— you're driving trucks around on terrain and— Tanks. Shocked.
CAROLE THERIAULT. Yeah, I was thinking the title maybe gave it away there.
MARK STOCKLEY. World of Trucks is a much, much more boring game.
GRAHAM CLULEY. Did I say trucks?
MARK STOCKLEY. It never really took off.
GRAHAM CLULEY. Yeah. Oh my goodness.
MARK STOCKLEY. It's exactly as deep and thoughtful and thought-provoking as you would imagine from a title like World of Tanks. It is literally a world full of tanks.
GRAHAM CLULEY. And there's no World of Trucks or World of Milk Floats or anything else which—
MARK STOCKLEY. There may be. I don't think the marketing budget for those is as big. There's a World of Warships. And there's a World of Warplanes, I think. You can see a theme developing here.
GRAHAM CLULEY. Oh, okay. Ah, yes. Now, how important is it for you or indeed your son to win these games? Is that something that really matters to you?
MARK STOCKLEY. I would say it's massively important to both of us. Which is why it's good that we're playing other people.
CAROLE THERIAULT. Do you play together?
MARK STOCKLEY. Not yet. I think that's coming. We've only— we've literally just got into this.
GRAHAM CLULEY. Would you cheat? Oh no. No, you—
MARK STOCKLEY. Well, not unless I was playing my son. Obviously then, you know, whatever works.
GRAHAM CLULEY. What about you, Carole? Would you cheat at a game?
CAROLE THERIAULT. No, never, Graham.
GRAHAM CLULEY. Funny, because I wanted to remind you about a time when you came round to my house. I think it was— Well, it must have been a million years ago, as you came round to my house, and we were playing a game called Rapido. Not online, obviously.
CAROLE THERIAULT. Excuse me, excuse me. Is this about online games?
GRAHAM CLULEY. I was talking about online games, but now I'm talking about whether you are prepared to cheat at games. And in my experience, you are prepared to cheat.
CAROLE THERIAULT. Okay, I have a question for you. Do I admit it right away? As soon as I've won? Don't I then say, "I won and I cheated!" That isn't right away. Yeah, but it is right away.
GRAHAM CLULEY. That's a little bit like killing someone, isn't it? And then say, "Oh yeah, it was me." It's like, it doesn't really undo the fact that you've ruined something.
CAROLE THERIAULT. Okay, so you've been harbouring this for 15 years?
GRAHAM CLULEY. Yeah, about that. Anyway, I just wanted to find out where you stand, because there is, of course, a lot of cheating which goes on. In online games. My son has discovered Fortnite during lockdown when he wasn't going to school, and all the time, if the game's going badly, he'll go, "Cheater!" He'll say, "Cheater!" Or he'll say, "It's an aimbot! It's an aimbot! There's a hacker, Dad! There's a hacker in the game!" Because he can't understand how someone managed to beat him. And there are, it seems, there is an active cheating community and people who write hacks for these games, particularly PUBG games. Are you familiar with PUBG?
CAROLE THERIAULT. No.
GRAHAM CLULEY. PUBG, I think it stands for, oh, Player Unknown Battlegrounds. These are games like Fortnite where a whole bunch of people are thrown into an arena, which might be like an island. And over time, the perimeter gets smaller and smaller as people get killed off. And it's like a survival of the fittest sort of thing. And these are often sort of first, sort of, what are they called? First-player shooter or something?
MARK STOCKLEY. First-person shooter.
GRAHAM CLULEY. Thank you very much.
MARK STOCKLEY. You're really immersed in this world.
CAROLE THERIAULT. I know, I'm glad he did so much research, you know?
GRAHAM CLULEY. But there's all kinds of cheats which occur, right? So there are, for instance, aimbots. So these aimbottery is where you, it will automatically—
CAROLE THERIAULT. Can I just ask a question? So how hard is it to write these cheats? So presumably this game, it's a closed game, right? It's not like it's got an open-source forum for people to create cheats.
GRAHAM CLULEY. Yeah, and I think cheats are written for particular platforms as well. I think you're more likely to get the cheat on, for instance, if you're running a Windows PC than if you're running it on a sort of more closed system like a video games console.
CAROLE THERIAULT. So a cheat is different from figuring out like a tweak in the algorithm. So like, you know, if you do something 14 times, this happens.
GRAHAM CLULEY. That's right. So it's like an additional piece of code which might get injected into the game.
MARK STOCKLEY. So is this like a binary patch?
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. You choose to do this. You say, I want this, 'cause I wanna—
GRAHAM CLULEY. That's right.
CAROLE THERIAULT. Whatever. Okay, gotcha.
GRAHAM CLULEY. So, for instance, automatically align your gun sights with someone's head, right? 'Cause headshots get you more points.
CAROLE THERIAULT. Oh, that's nice. Yeah, good. Love that. Love that.
MARK STOCKLEY. Where can I get that one?
GRAHAM CLULEY. Not in real life. Not in real life, Mark. No, I meant World of Tanks. There's like spamming or speed hacks, right? Which are where you automatically open fire as soon as someone walks into your line of sight.
CAROLE THERIAULT. That's a total cheat.
GRAHAM CLULEY. Well, some of these you can actually turn on within the games if you want to. So my son and his friend quite like me to play Fortnite with them because I'm terrible at Fortnite. And so we go into this creative mode and because I can't even work out how to fire the gun, and I just can just about walk around. They sit up, say, look, look, look, what we'll do is we'll turn on automatic firing. So when you're pointing in a particular direction at something, it will fire. The only problem is I get stuck in the game and they will say things like, follow me, Graham, right? And then I turn to them and I shoot them in the head. So I actually—
CAROLE THERIAULT. What, you shoot them in the head?
GRAHAM CLULEY. Not deliberately. Not deliberately.
CAROLE THERIAULT. In the game, you mean?
GRAHAM CLULEY. In the game.
CAROLE THERIAULT. In the game, yes.
GRAHAM CLULEY. So far it's only happened in the game.
MARK STOCKLEY. What I'm most amused by is the fact that your son calls he calls you Graham.
GRAHAM CLULEY. Oh. There was a whole period of time when he— Yeah, he did do that.
MARK STOCKLEY. Do you shake hands when you see him in the morning?
GRAHAM CLULEY. And there are other things as well, like seeing through walls. So a hack might mean that you can see through walls and people can't hide away from you anymore, right?
CAROLE THERIAULT. And do you like the makers of these games? Are they pissed off about these changes?
GRAHAM CLULEY. Oh, yes. Okay. Oh, I think they're not very keen on it.
CAROLE THERIAULT. There's a whole new world for me. I don't really—
GRAHAM CLULEY. Because of course, these kind of cheats and hacks are used against legitimate players.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. And who follow the rules. And in some games these days, obviously there's big money to be made, right? Oh yeah. Through esports and leagues which you can join. And it's quite extraordinary, right? So they don't want people installing these cheats. And so—
CAROLE THERIAULT. Yeah, they're basically acting like Lance Armstrongs, aren't they?
GRAHAM CLULEY. Yes, exactly.
MARK STOCKLEY. Okay.
CAROLE THERIAULT. I'm just trying to understand it in my own frame of mind.
GRAHAM CLULEY. Yeah, they don't have to date Shania Twain. Was it Shania? No, it wasn't Shania Twain, was it? What was the one she ended up with?
MARK STOCKLEY. Sheryl Crow.
GRAHAM CLULEY. Sheryl Crow. Sheryl Crow. Sheryl Crow, Shania Twain. I can't tell them apart.
CAROLE THERIAULT. One's Canadian.
GRAHAM CLULEY. Okay, well, that helps. Okay, so— So people don't like cheats, right? Cheating in online games, not a cool thing. And some people have tried to do something about it, including a chap called ScriptKid. He doesn't like cheaters, or as he calls them, cheaters. He says he was inspired by a YouTuber called Mark Rober. Who created the famous glitter bomb viral video. Did you ever see that? There was a video came out by this chap. It may be the same guy who did the squirrel assault course. I'm not sure. But he created this package which he left on his doorstep because he was fed up of people stealing packages. And he booby-trapped it with a glitter bomb.
MARK STOCKLEY. That sounds like a missed opportunity to me.
GRAHAM CLULEY. What, you think they should have used nails or something?
MARK STOCKLEY. Yeah, or a Doberman or something. Whoa!
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. You can't put a glitter bomb inside of Doberman.
CAROLE THERIAULT. Mark's been inside I haven't seen this slide in a long time. Okay.
GRAHAM CLULEY. Anyway, so what Scriptkid thought was, well, wouldn't it be fun to get our own back at these cheats? So what he did was he created some cheats for PUBG games and specifically a game called Counter-Strike: Global Offensive, known as CS:GO. And you might think, why is he creating cheats if he's against cheaters? And I'll tell you why, because his cheats did something that the cheaters were not expecting. So his cheats, fortunately, didn't do anything malicious in sort of malwarey way, like stealing information or damage the cheater's computer.
MARK STOCKLEY. Did they release a Doberman?
GRAHAM CLULEY. No, did nothing like that. No.
CAROLE THERIAULT. I feel like I'm on Planet Tron right now.
GRAHAM CLULEY. So he didn't want to ruin, you know, he thought just ruining the cheater's game was enough, right? So what he did was he wrote cheat code and he promoted it through Google Ads. He spent hundreds of dollars on Google Ads. So if you searched for public—
CAROLE THERIAULT. Okay, so he's like probably a 62-year-old script kid. He obviously has a lot of money.
GRAHAM CLULEY. Well, I think he probably makes quite a lot of money from his YouTube channel, Kroll, because he now has a quite astonishing number of followers. He has 200,000 subscribers and 8 million views after only publishing 4 videos.
CAROLE THERIAULT. Does he put his face on these?
MARK STOCKLEY. Oh, he cheats.
GRAHAM CLULEY. No, no, he doesn't.
CAROLE THERIAULT. No, no, it's like he's anonymous. He's anonymous script kid.
GRAHAM CLULEY. He wears Yes, he wears a Warner Brothers Anonymous kind of—
MARK STOCKLEY. Hoodie?
GRAHAM CLULEY. Yes, face mask. V for Vendetta style. I love, by the way, that all those people who wear those Anonymous masks, because those are all copyright Warner Brothers. It's them. It's a great big multinational which is making all the money out of selling those masks. It's like, have Anonymous not thought this through? Really? Anyway, so he created these cheat codes, right? And the stuff for people to download. And it turned out thousands of people did. And his cheats did sneaky things. Like, for instance, they would randomly show a great big huge crosshair on your screen, obscuring your view, right? Fairly obvious. You'd think, saying, what was going up there? But there were other tricks they did. Like, for instance, it would suddenly drop grenades, which you're carrying, at your own feet, and then stop you from running away. So you sort of blew up your legs. Burnt to death. Or randomly change the direction that you're running in.
CAROLE THERIAULT. Okay, I have way more— I have way more questions here. Is it illegal to use these cheats?
GRAHAM CLULEY. It might be against the terms and conditions.
CAROLE THERIAULT. Like slap on the wristy bad.
GRAHAM CLULEY. Well, no, it might be against the terms and conditions of the video game producer. They may have in their terms and conditions you shouldn't run a cheat.
CAROLE THERIAULT. So Fortnite dudes won't care if you use a cheat and ruined your whole play?
GRAHAM CLULEY. I don't think they're gonna care if people shoot their own feet off.
CAROLE THERIAULT. No, exactly, okay.
GRAHAM CLULEY. But they won't like it if you are using what's, let's call it a legitimate cheat, to get an advantage or to make other people's play less fun.
CAROLE THERIAULT. No, no, I understand that. I might be pissed off, right? If I downloaded this cheat and—
GRAHAM CLULEY. Of course you would! Some of these cheats, Krow—
CAROLE THERIAULT. I'm just trying to get my question across.
GRAHAM CLULEY. You leap off tall buildings—
CAROLE THERIAULT. Stop talking for one second. Just stop talking.
GRAHAM CLULEY. Invisible tripwires.
CAROLE THERIAULT. Just stop talking. So I am— I'm your son, okay? I want to use these cheats. I download the cheats.
GRAHAM CLULEY. This is disastrous. Yes.
CAROLE THERIAULT. I download the cheats, right? I have like a game with like loads and loads of points and blah, blah, blah. And somehow I screw everything up and lose my character. And it's almost the end of the world, right? And I get set back tons. And I'm like, boo-hoo-hoo, you know, my character. God, this is awful. There's no one I can go to, right, to complain because it's basically my fault.
MARK STOCKLEY. Because you can't walk because your feet have been blown off.
CAROLE THERIAULT. Yeah, but no one wants to hear my lament, right? And no, all All I'm saying is ScriptKid's quite smart because who's gonna—
GRAHAM CLULEY. Yeah, I don't think because he's not doing anything to people's data and they're willingly doing it. See, it's an interesting question. Is this a Trojan horse or not? 'Cause it's doing something—
CAROLE THERIAULT. Absolutely.
GRAHAM CLULEY. —users weren't expecting. Yeah. But would you expect antivirus software, for instance, to detect these? Should we be protecting the cheaters or cheaters?
CAROLE THERIAULT. Are you trying to open a market to get AV onto consoles?
MARK STOCKLEY. I think that's a really interesting question because I'm not sure I would expect it to detect— I don't think we need to name names here because I don't think you would expect it necessarily to detect that the software is malicious because is it really malicious? But I think if you have software and it's changed and it's changed in a way the original manufacturer didn't intend, you know, it's a bit like, you know, you can get, you can get micro patches for software that's got holes in it, which isn't produced by the original manufacturer. Right. And there's a big question mark about should you install those? Because they might protect you, but they might do that at the expense of your warranty.
GRAHAM CLULEY. So these traps, which ScriptKid is planting during cheaters' gameplay, some of them are really quite nasty, right? You know, it has people jumping off buildings and things. He's not planting them, people are installing them. That's right, they're installing them. And what happens is the cheat then also sends the footage of the video gameplay to ScriptKid, who then edits it into videos to put up on YouTube. So he gets a good laugh out of it. Ooh.
MARK STOCKLEY. Is it okay that he's capturing screengrabs of people's screens?
GRAHAM CLULEY. Well, it's capturing the gameplay. It's not the entire screen. So I don't think there's any personal information. Mm-hmm. You can find out more about ScriptKid and his activities in a profile on Vice Motherboard written by Lorenzo Franceschi Bicierega. Carole Theriault. So go and check it out there, and we will put links in the show notes.
CAROLE THERIAULT. I don't understand how he can carry on. Surely everyone will go, "Oh, don't download the game things from ScriptKid, 'cause he's a dick." I don't think he announces, "I'm ScriptKid." I don't think he is. He doesn't say, "Hey, here's a free cheat from your buddies at ScriptKid." "Hey, I've won.
MARK STOCKLEY. I cheated." I just don't get it.
CAROLE THERIAULT. I don't get any of this. This is a whole world I I don't understand. don't care about.
GRAHAM CLULEY. Next! Mark, what have you got for us this week?
MARK STOCKLEY. Well, I'm going to talk to you about a virtual beheading.
GRAHAM CLULEY. Oh, nice.
MARK STOCKLEY. Yeah.
CAROLE THERIAULT. You know this is a comedy show.
MARK STOCKLEY. So my story starts, as many do these days, with a tweet, which I bumped into on Sunday morning. And it was a tweet by someone I don't know, a very well-educated chap called Colin Madland. And it turns out Colin has got a friend who keeps getting beheaded virtually on Zoom calls.
CAROLE THERIAULT. What do you mean beheaded virtually?
MARK STOCKLEY. Well, you know what a body looks like?
CAROLE THERIAULT. Yeah. Okay, yeah, it's a trick question.
MARK STOCKLEY. Now, if you remove the head—
CAROLE THERIAULT. So basically it's just showing the background.
GRAHAM CLULEY. Does he just not know how to angle his webcam? Is that what's going on?
MARK STOCKLEY. I tell you what. I hope you enjoyed my story. In case— Shall I read you the tweet? Yes, please do. So, tweet said, "A faculty member has been asking how to stop Zoom from removing his head when he uses a virtual background." Oh! "We suggested the usual plain background, good lighting, etc., but it didn't work. I was in a meeting with him today and I realised why this is happening." Now, we should just talk very briefly about virtual backgrounds. I imagine you both know what a virtual background is.
CAROLE THERIAULT. I think anyone listening to this show has had to deal with it.
GRAHAM CLULEY. Yes, a green screen. Yeah. Is he from Venus or something?
MARK STOCKLEY. It's not quite a green screen. Oh, okay.
GRAHAM CLULEY. You tell me then.
MARK STOCKLEY. When you're using Zoom or something like that, you can choose a picture. Basically, you choose a picture of a place you would rather people thought you lived than the place you actually live. And then Zoom will insert that behind you. Now, of course, the interesting part of that is Zoom has to work out where you are. And then from that, it can work out what's behind you.
CAROLE THERIAULT. I've rarely seen this thing work, to be fair.
GRAHAM CLULEY. Oh, so it does this when you don't have a green screen? It can do this. It can work it out. Yes, exactly. Yes. Very clever.
CAROLE THERIAULT. Yeah. No, no, no. Yeah, you can do it. You can do— anyone can do it, Graham. You can do it on your next Zoom call. And they have like pre-settings like beach or like cityscape or something like this.
MARK STOCKLEY. Baby Yoda.
CAROLE THERIAULT. You know, and you can probably download loads of them. It's not great. You know, if you don't stay super still, you know, they kind of tend to disappear into the background.
GRAHAM CLULEY. I see. I see. And sometimes lose limbs, you know.
MARK STOCKLEY. Can I just say it had never occurred to me that I would be on a podcast with somebody who didn't know what a virtual background was.
GRAHAM CLULEY. He's not coming back. Smug little shit. Yeah, shit. What a thing to say on our fucking podcast. Carole, what's your story this week?
CAROLE THERIAULT. Keep going, Mark. Ignore him.
MARK STOCKLEY. Okay, so with a green screen, obviously what the software is doing is it's saying, right, replace all the green bits. Yes. With the background. Zoom can't do that because there isn't green behind you. It could be anything, could be a very jumbled scene. So what it has to do is it has to say, where is the person? And obviously with a Zoom call, that's quite often a person's face, and then it can put the background on everything that's not the person. So what was happening in this case is that Zoom's face recognition algorithm was looking at the friend and it was saying, nope, there are no faces in this picture, and then just covering the friend's face with the virtual background. How weird. Oh. Okay? Hence beheading. Aha. Now, it wasn't doing it to Colin.
CAROLE THERIAULT. Okay, does this guy have a very, very small head? Could that have been the problem?
MARK STOCKLEY. Pinhead. Pinhead. He was really far away.
CAROLE THERIAULT. Yeah, he was sitting in the kitchen.
MARK STOCKLEY. It wasn't doing it to Colin. Yeah. Okay. And the obvious difference between them is that Colin's friend is dark-skinned. And Colin is basically as white as alabaster. Uh-huh. Now, that was just the beginning. It actually got worse. So Colin has discovered what he thinks is a racial bias problem with Zoom, in that it can't recognize dark-skinned faces. Really? Now, there's good reason for him to be suspicious of this. I mean, you know, one data point does not make a trend, but there's reason for him to be suspicious because actually racial bias in face recognition is a very, very well-documented and well-understood problem that has a lot of people worried. Yeah. But as I said, it actually got worse than that because Colin decided he was going to tell the world. And as I said, I found this out through a tweet. So he thought he would tell the world by tweeting about this, and he illustrated the problem.
GRAHAM CLULEY. Oh no, he didn't black himself out?
MARK STOCKLEY. No, he didn't. We would not be telling the story today if he had done. Okay. My eyes are just— they just grew about 50 times. So Carole, what have you got for us?
GRAHAM CLULEY. He didn't use a picture of Justin Trudeau, did he? Oh gosh, Graham!
CAROLE THERIAULT. No, I'm wondering what horror has happened. The one thing, the one thing that he did that was a bit uncouth.
GRAHAM CLULEY. There are other bad things Justin Trudeau has done. Oh really?
CAROLE THERIAULT. Yes. Would you prefer him to your current leader?
MARK STOCKLEY. Hey, he is criminally handsome. Yes. Good. Well, I don't—
CAROLE THERIAULT. actually, he's quite— I don't find him interesting in the least.
MARK STOCKLEY. Again, would you rather, or the current Prime Minister, or the President of the USA right now?
CAROLE THERIAULT. Exactly. Moving on.
GRAHAM CLULEY. Yes, come on. Back to Zoom.
MARK STOCKLEY. So, as I was saying, Colin took to Twitter to make his point. And he decided to illustrate the problem with a side-by-side picture. And on one side of the picture, it had his friend's zoom screen. So, sort of screen rectangle. And then on the other side, it had his own screen. Yeah. And then he looked at his own tweet. So he tweeted this picture, and then he looked at his own tweet on his mobile phone, and he saw something odd. Because the picture was just him. And because the picture was quite wide, Twitter had had to crop it. And it turns out that Twitter tries to work out which part of a photograph is the most interesting. And then it crops with that in the middle. Oh!
GRAHAM CLULEY. So I didn't know Twitter did that. It's quite clever that it does that, isn't it? That it tries to choose what— I mean, as long as they get it right. Rather than just auto—
MARK STOCKLEY. No, tell us how great Twitter is, Graham. You're absolutely on brand for this story.
GRAHAM CLULEY. Rather than just taking the middle of the image, it's trying to make an intelligent guess. But in this case, it's taken—
CAROLE THERIAULT. Graham, why don't you take a full selfie in the buff, Right? Full body selfie. Slap it up on Twitter and we'll see which bit of your body it decides to focus on.
GRAHAM CLULEY. Okay. Which bit most looks like a middle-aged man, you mean? Interesting.
MARK STOCKLEY. Knowing what I know about Graham, I think I know which part of the picture it would centre on.
GRAHAM CLULEY. Please. Increase your resolution. Right. Carry on. It wasn't that bit.
MARK STOCKLEY. Anyway, so. A picture, two Zoom screens, one with the friend, one with Colin in it. And Twitter crops to Colin. Right. So he thinks, "Well, I was on the right-hand side. That's a bit odd. Surely it would crop from the left." Right. So he flipped the picture and put himself on the left and the friend on the right. And he got exactly the same result. A picture of himself. Oh, Twitter. Zoom, Twitter, you guys. Now, as you can imagine, this is Twitter. So—
GRAHAM CLULEY. Graham, why don't we try it? They handled this really well.
CAROLE THERIAULT. Why don't you and me do it? We'll do a side-by-side headshot.
GRAHAM CLULEY. Ooh, maybe there's a sex thing.
CAROLE THERIAULT. Yeah, yeah, we'll see if there's a sex thing, yeah.
MARK STOCKLEY. It's funny you should mention that. Oh. Because if you go to twitter.com/GrahamOrCarole—
CAROLE THERIAULT. Okay.
MARK STOCKLEY. I have already done that for you. Well, hang on.
GRAHAM CLULEY. But there's an account called GrahamOrCarole. Yes. Oh my god, Marty. Graham or Carole? Okay, here we are. Oh my gosh! Oh, there's Nelson Mandela there as well. No followers. So who will Twitter prefer? Graham Cluley or Nelson Mandela? Right, okay.
MARK STOCKLEY. So, as I was saying, this is just, you know, so far, this is just Colin. 'Who's done this?' And he says, you know, 'I think I've detected a racial bias in the face recognition used by Zoom, and in talking about that on Twitter, I think I've also detected the same problem on Twitter.' Now, this is Twitter, so there were lots of people who disagreed with him, lots and lots and lots of unsolicited advice about lighting rigs and 'what about this?' and 'clearly it's this thing,' but also lots of people trying to reproduce the experiment. And actually lots of people doing it with some success. Now, we don't know if they showed us the ones that weren't successful. It's not a real scientific experiment, but what they were doing is they were creating very wide or very tall photographs. So imagine like a long, thin white rectangle with a photograph of a person at each end. And I thought that that looked rather fun. So I thought we ought to find out who Twitter preferred Does it prefer Graham or Carole? And I thought also, we should mix a dark-skinned face in there. And I couldn't think of anybody that I wanted to include more than Nelson Mandela, who is probably the best candidate for sort of president of the world, if we had one.
GRAHAM CLULEY. A person as well of similar stature to Carole and myself.
MARK STOCKLEY. So, what I've done— Right, yeah.
CAROLE THERIAULT. In the celeb realm.
MARK STOCKLEY. Yep, yep. Yeah, I mean— Yeah.
GRAHAM CLULEY. Doesn't have a podcast though, does he? Doesn't have a podcast. So I think that's one for us.
CAROLE THERIAULT. Doesn't have a heartbeat right now. So—
MARK STOCKLEY. If he had a podcast, I'd still listen to it. So I took photographs of you all and I sized them so that your eyes and your mouth and your chin were at about the same level and that your faces were roughly the same size. So in Graham's case, I had to reduce the photograph quite a lot. And I've created long thin photographs with Graham at one end and Carole at the other, and then flipped it so that Carole's at the left and Graham's on the right. And then pitted you against each other and then against Nelson Mandela. Right. To see if there's any sexual bias or racial bias in the Twitter algorithm. And I think what we can conclude from looking at it is, in the case of Graham versus Carole, it couldn't pick a winner. In a case of both of you against Nelson Mandela, Nelson Mandela, I am happy to say, won in every situation.
GRAHAM CLULEY. Yeah. Oh, he has. Well done, Nelson.
CAROLE THERIAULT. So you basically disproved any racism in Twitter with your— this test. Is that what you're saying?
MARK STOCKLEY. Yeah, that's exactly what I'm saying.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. Carole, what's your topic this week?
CAROLE THERIAULT. Okay, first, a challenge to you both. Yes. Okay, so there's a place where I thought, oh, this would be such a good joke, but I couldn't make it to myself because I made the line. So I'm going to give you the line. Okay. And you have to kind of try and reverse engineer and figure out where it goes. Okay? So the line you got to say is, hey, no fat jokes.
GRAHAM CLULEY. Hey, no fat jokes.
MARK STOCKLEY. Hey, no fat jokes.
CAROLE THERIAULT. A bit like Jeopardy, right? You're going to hear me come up with a line, and then you got to just jump in. Whoever jumps in first wins the prize.
GRAHAM CLULEY. All right. Okay.
CAROLE THERIAULT. Now, have you heard of Adam Rogas? Because Adam Rogas is a pretty important guy.
MARK STOCKLEY. Hey, no fat jokes. No, I haven't heard of him.
CAROLE THERIAULT. No, he has many responsibilities. He's a very, very important man. Okay. He's a founder. He's a CFO. He's a CEO. And he's a board member of a startup called NS8. Oh, yes. NS8. Like the number. Now NS8 is based in Las Vegas, Nevada, and it markets cyber prevention tools. So basically it says—
MARK STOCKLEY. Tools that prevent cyber.
GRAHAM CLULEY. Tools which stop the internet from working.
CAROLE THERIAULT. It's like, oh sorry, yeah, cyber fraud prevention tools.
GRAHAM CLULEY. Oh, okay, okay, okay.
CAROLE THERIAULT. I'm very sorry. I word dropped there. And it markets cyber fraud prevention tools. Basically they analyze user behavior and they weed out fraudulent and costly transactions. Among Adam's many, many corporate responsibilities at NS8, CEO, CFO, board member, et cetera, he was also chief fundraiser. And this really isn't unusual in the startup hustle, right? You mean the big guns have to present their vision and growth opportunities to onboard the financiers. Yes. Yeah. Okay. I mean, if you were looking for investment money, you wouldn't send out the person, the coffee guy, right? You'd go yourself, right?
GRAHAM CLULEY. It's funny you mentioned coffee because when you first said fundraiser, I imagined he was like, it was like a garden fete or something, and I only later twigged that you meant, oh, you mean getting some serious money in rather than—
MARK STOCKLEY. Yes, serious money. So he's raising money for his own—
CAROLE THERIAULT. Yeah, so, you know, he wants to get investors, so he does the circuit, right? He goes around going, we have some great offering, we do, we—
GRAHAM CLULEY. Yeah, yeah, yeah. Well, what's wrong with that?
CAROLE THERIAULT. Exactly, there's nothing wrong with that. Yeah. Okay, so yeah, so they want some investment money and in the fall of 2019 and all the way to the spring of 2020, NS8 engaged in fundraising rounds. They issued Series A preferred shares as the prize and they obtained an estimated $123 million in investor funds, which is nice. No, it's not chump change. This money, of course, and the exchange gets moved under NS8's control. This is NS8's investor cash. Probably earmarked to grow the startup, onboard customers with unprecedented haste. That's probably what the money's for.
MARK STOCKLEY. Yeah, also yachts. Yes. And bean chairs, pool tables.
GRAHAM CLULEY. And they are based in Vegas. I wonder if you should put it in the slots.
CAROLE THERIAULT. And titties. Yeah, boats and titties. Titties and slots, Chum. Moving on. And this is like just, we know this, but just a reminder, like investors are not all altruistic. You know, for the most part, they are happy to part with a piece of their cream pie, but only if they buy into the promise that they're going to get a reward of a truckload of cream pies in the not too distant future. So that's the game. However, funds went down a little differently at NSA. You see, as well as all the responsibilities we talked about for Adam, you know, founder, CEO, CFO, chief fundraiser, he also maintained control over the company bank account that accepted all the money paid in by customers. Okay. And Rogas also maintained control over the spreadsheets that purportedly tracked the customer's revenue, which were used to generate NS8's financial statements. So, you know, obviously a control freak. He's obviously a very, very smart guy. And, you know, a bit like Steve Jobs, doesn't like to share the reins. You know, he has a vision, he wants to get it done his way.
MARK STOCKLEY. So, so are you— so when the investor says, so, uh, about that money that I gave you. He produces his own spreadsheet.
CAROLE THERIAULT. No, no, no, no, no, Mark. Come, come. He just has all these responsibilities, and then he provides the information to his finance team. So he gives his finance team the numbers so they can create the financial reports for the investors and the rest of the board. Right?
MARK STOCKLEY. Right. All right.
CAROLE THERIAULT. Except Rogas altered the bank statements and the information before handing it over to finance. Plot twist.
GRAHAM CLULEY. This is a shock.
CAROLE THERIAULT. So between January '19 and February 2020, so 13 lucky or unlucky months, right, depending on which side you're on, it turns out that half to 95% of the total assets that were listed on the balance sheet were bogus BS. Up to 95%. Bullshit.
MARK STOCKLEY. What did he do with all that money in Vegas?
CAROLE THERIAULT. And the bank statements from those 13 months months recorded $40 million in fake revenue. I never knew that the secret to getting rich was just being a big fat fucking liar. Like, that just seems to be the way you do it.
GRAHAM CLULEY. Oh, whoa, whoa, hey, listen to the fat jokes! Hey, Graham! Mark wasn't listening.
CAROLE THERIAULT. Prize to you! Yeah! So Rogus, in trying to secure and keep the investor cash rolling in scratched out the less impressive numbers and penciled in a few zeros so the investors would be thrilled at the return possibilities and keep their money invested, dreaming that one day they would cash in big time.
GRAHAM CLULEY. Well, there is nothing really wrong with any of this. Oh, really?
CAROLE THERIAULT. No one do business with Graham ever.
GRAHAM CLULEY. No, I think there's nothing really wrong with this until— someone wants their money back. I think it's fine to tell them it's going all extremely well.
CAROLE THERIAULT. And give them fake balance sheets saying, look at all the money coming in.
GRAHAM CLULEY. It doesn't really matter, because it's all sort of pretend money anyway, isn't it? Hey, Steve! You've given it to somebody else.
MARK STOCKLEY. Is this why you haven't got any investors? Jesus! But if— It's got nothing to do with the moral high ground at all, is it? It's because they've clocked Graham.
GRAHAM CLULEY. But as long as he can, you know, just have a successful go around the roulette wheel.
CAROLE THERIAULT. Okay, okay, so, okay, imagine I'm trying to get you— okay, I'm trying to— you're an investor, I'm trying to get you in on my startup, right? So, uh, I take you out to a big fancy lunch place in Nevada, right, where I have fizzy bottled water, the, the Badwater, important.
GRAHAM CLULEY. Oh well, it doesn't cost that much. I've been to Las Vegas, you can get a free brunch and you can keep on going back to the trough as many times.
CAROLE THERIAULT. I would go somewhere fancy. Okay, I know, and I— poached fish and samphire, something like that. And I'd be all like, have as many sides as you'd like, Graham, save room for dessert. This lunch is on me because my company is raking in the moolah, baby. Have you seen the spready? Right. You know, and I might have my phone go off 3 or 4 times, then shake my head and shrug. Go, another wannabe investor who should have got in early like you, Graham. Right? I do all that, then you'd be like, wow, this guy is so great. Amazing. He was able to get $123 million doing that. My goodness. So at this point, right, Reading this, I was thinking, I wanna know what this guy's like. Like, how did he swindle all this cash out of everybody? Maybe I can find a video of him or something. So I did some digging and there's only one from SE Media. And it's on GDPR could expose smaller players to a higher liability, says NS8 Adam Rogas.
GRAHAM CLULEY. So this is a video about their security product or service.
CAROLE THERIAULT. By the guy, by this big dude who's— Yeah. And I don't know how to say this. Maybe actually, Huddle, everyone come in. I don't want to say it too loudly. He was boring as anything. I mean, literally, I would rather read the entire GDPR legislation, all 109 articles of it, than listen to this guy. Even the interviewer looks like he'd rather jam knitting needles into his eye sockets than listen to this guy. Blah, blah, blah. So is that his technique to getting all the money? He gets people for lunch and just goes— and the guy's just, shut up, just take what you want, shut up. Don't even— it's crazy. And did any of you spot the irony in this whole story? Did anyone spot the irony?
GRAHAM CLULEY. Oh, the irony.
CAROLE THERIAULT. Uh, um, yeah, do you know what it means? And can you spot it?
GRAHAM CLULEY. Yeah. Uh, what was it? Was it like rain on your wedding day? What was his company? Cyber fraud.
MARK STOCKLEY. Oh, oh, preventing the cyber. Uh-huh.
CAROLE THERIAULT. So this guy is being accused of committing wicked white-collar fraud, all while heading up a company that purports to mitigate fraud in transactions.
MARK STOCKLEY. It's like— So why are you saying people shouldn't buy this software?
CAROLE THERIAULT. So there's more. Okay. Mr. Rogas not only used the financial data to obtain all that, you know, millions and millions, he also used that information, you know, the bullshit numbers, to personally help himself to $17 $1.5 million of it in his personal account. But that's cool by you, right, Graham? That's all cool because, uh, you know, so what? A little slap, you know, a little bit of duck and dive, no problem.
MARK STOCKLEY. It's okay, I was cheating at the end.
CAROLE THERIAULT. Yeah, yeah, I'm not playing, I'm not playing, Mark. Well, the FBI arrested Adam Rogus last week, and I wonder if they knew how boring he was, because if they did, they wouldn't have gone in just wearing masks but earplugs. I'm telling you.
GRAHAM CLULEY. Did they give him money as well?
CAROLE THERIAULT. I'm telling you, jeez, they probably did. They probably said, "Just get out of here. Get out of here. We're dropping all the charges.
MARK STOCKLEY. Just leave." How did the FBI discover the fraud? And can I buy some of that instead of this product that he was selling?
CAROLE THERIAULT. So apparently his crimes were detected by his coworkers in, you guessed it, the finance department, who probably thought it was pretty fricking weird. They didn't have access to any of the accounts, but were getting these printouts from the boss.
GRAHAM CLULEY. They were probably thinking, how come this guy's so boring and he doesn't work in the finance department?
CAROLE THERIAULT. No, finance is exciting stuff. Come, come. Now, so they went out and checked the company accounts and it turned out it amounted to tens of thousands of dollars, not millions and millions of dollars as Rogas has been reporting. And he was confronted by the employees and he reassured them in a text. This is according to Vice. And he said, "On the phone with the bank. We are okay. Appears to be an issue with the sweep works and phone banking." So it doesn't really make sense, but that's what he wrote. And shortly after this exchange, right, according to this complaint by the DOJ, Rogas agreed to meet the finance employees in the Las Vegas area, didn't show up, then he resigns from NS8 in early September. So he gets the hell out of the Dodge.
MARK STOCKLEY. Can I just say that was the most finance department confrontation I've ever heard? When you said the finance department confronted him, I imagine they stormed into his office and formed a phalanx in front of his desk. And then you said, so he texted them, it's all fine. Way to confront.
CAROLE THERIAULT. He's been charged in Manhattan federal court with security fraud, fraud in the offer and sale of securities, and wire fraud. He's facing 20 years in the slammer. But worse, NSA just laid off 200 employees because, you know, how are they going to pay them? Them. Um, and these are the people you need to feel sorry for. These are the people that were probably— they're directly fucked over by his greedy antics because they had jobs. They probably had no idea he was just a greedy douche.
MARK STOCKLEY. They discovered the problem, or some of them did.
CAROLE THERIAULT. Well, yeah, the finance dudes, but everywhere else— there's not 200 in finance, I imagine. Well, no, but I mean, because they weren't doing much.
MARK STOCKLEY. They did themselves out of a job, didn't they?
CAROLE THERIAULT. He was wearing all the Hats. I've got another hat for him. Douche. There you go. So there's my story.
GRAHAM CLULEY. Fascinating though, eh? Very, very interesting.
CAROLE THERIAULT. Anyway, you don't have to be exciting to get the money, Graham, so don't worry. You could go on the investors round, is all I'm saying. You got this.
GRAHAM CLULEY. Are you gonna put a link to this boring video? Oh, I was gonna put it in.
CAROLE THERIAULT. I was gonna have it, you know, insert it into our show, but it's too dull. It's too dull. I'll put it—
GRAHAM CLULEY. I'll put it in the links, put it in the show notes, because some people like to listen to our podcast late at night and maybe help them sleep.
CAROLE THERIAULT. God. So many of us now working from home for the first time, IT administrators as well as employees. So you want to make everyone's life a little bit safer? Look into LastPass. For admins, you get a centralized dashboard to administer all the integrations and the policies and the reporting, plus you get a vault for every single user. And users, you have these cool functions like autosave and autofill, or organizing notes and documents, or helping you manage your work and personal life separately. Check it out at smashingsecurity.com/lastpass. And remember, home users, you can use it at home for free. More info at smashingsecurity.com/lastpass.
GRAHAM CLULEY. LastPass. Attacks and breaches are sadly a fact of life. They happen. What's most important is how well your organization responds, and technology isn't really enough. Your staff must be ready too. Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats. Check out their free ebook all about the MITRE ATT&CK framework and how you can use it as a part of your cybersecurity strategy. And improve your security posture by identifying weaknesses. Go to immersive-labs.com/smashing right now to download your free ebook. That's immersive-labs.com/smashing. And welcome back, and you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security-related necessarily. Better not be. Well, my Pick of the Week this week is not security-related. As I am sure all devotees of vintage television know, there are sadly many missing episodes of Doctor Who which were junked by the BBC. More shame on them. They did not keep copies of them.
CAROLE THERIAULT. Them. That is shameful, actually. It is shameful.
GRAHAM CLULEY. It's part of our cultural history, whether you love Doctor Who or not. There's other TV shows which have suffered as well, of course, such as The Avengers. Oh dear, old Diana Rigg died. I'm so upset. Anyway, it was very sad. Very sad for my 15-year-old self. There is one particular interesting episode of Doctor Who which is called Mission to the Unknown, which was broadcast in 1965. And what makes it unusual is it features neither the Doctor nor any of his companions. And it was an episode of Doctor Who which just had the Daleks. Oh, sorry.
CAROLE THERIAULT. Oh my God, really? Oh no!
GRAHAM CLULEY. What happened, Graham? Oh, well.
MARK STOCKLEY. And they decided to get rid of this episode.
GRAHAM CLULEY. No, that episode no longer exists, although an audio version.
MARK STOCKLEY. In a way, it never did though, because it didn't have the Doctor in it. It's not the same.
GRAHAM CLULEY. It was a prelude to The Daleks' Master Plan, which was a classic 12-part Doctor Who story which featured the Doctor and Peter Purvis and Jean Marsh and Nicholas Courtney and others. But what happened was a bunch of students at the University of Central Lancashire, they said to themselves, you know what, we're doing this TV media course, why don't we recreate the episode? And they did that. Oh, that's cute. And they did it with the same kind of black and white cameras, 4:3 screen size rather than widescreen. They made the sets, they looked at the original designs, and is a remarkable reconstruction. Did you sleep through it? It's only 25 minutes. Did you fall asleep through it? No, no, I have not slept through it. It's really very good.
MARK STOCKLEY. Do you watch it from the beginning to the end?
CAROLE THERIAULT. Did you hurry? Did you skip along at any point? Did you kind of go, oh, just skip this bit? Yeah, yeah, monster bit, monster bit, monster bit.
GRAHAM CLULEY. I've watched it and the making of documentary as well. Okay, um, it came out about a year ago, but I was just thinking, you know, that was a marvelous thing. And yeah, scraping the barrel here, scraping the barrel for something to put as my pick of the week this week. Um, but I thought, you know, what a tremendous thing. And so that is why Doctor Who: Mission to the Unknown— it's up on YouTube, we will put a link in the show notes— is my My Pick of the Week. Terrific.
CAROLE THERIAULT. Yeah. A show without the stars. Excellent.
GRAHAM CLULEY. Mark, what's your Pick of the Week? Ignore her.
MARK STOCKLEY. What did you say the categories were again? What can my Pick of the Week be? You said an app or a—
GRAHAM CLULEY. Pick of the Week. Funny story, a book that you've read, a TV show, a movie, a record, a podcast, a website, or an app.
MARK STOCKLEY. Whatever you like. Okay, well, I'm not interested in any of those things. No. I've had enough of that. I've had enough of apps and TV shows and all that kind of— We don't need more TV shows cybers and apps and all stuff like that. What we need is more trees. So, my Pick of the Week this week is trees. Because I think—
CAROLE THERIAULT. Can I just say that has been my Pick of the Week before.
GRAHAM CLULEY. We have had trees as Pick of the Week before.
CAROLE THERIAULT. But you can have it. You can have it. This is our first double. This is our first, yeah.
MARK STOCKLEY. I think trees is a fantastic— Because, you know, they don't get a great press. They don't have their own podcast. But they are quite useful. I think they're quite nice to look at, and I think we're going to need quite a lot of trees. In fact, we need about a trillion of them. And that isn't just me saying that. There's actually, you know, UN-commissioned scientific research says we're down by about a trillion trees.
CAROLE THERIAULT. Yeah, good thing they have drones that plant the seedlings now. Yes. And they just shoot them into the ground from a great height.
MARK STOCKLEY. Do you know what the really great thing about trees are? Tell me. They plant themselves. If you do absolutely nothing at all, you get trees. And I think actually the future is not firing seeds into the ground with drones, because you're limited by drones and seed guns and all those sorts of things. You're trying to—
CAROLE THERIAULT. you're going to change all of humanity is what you're planning to do. That's your approach. You're going to get all people to respect trees? Because I'm in, I'm in all the way. I love trees.
MARK STOCKLEY. It started here.
GRAHAM CLULEY. I think you've got to keep an eye on trees though, haven't you? They're not Triffids, Graham.
MARK STOCKLEY. You know, it's just—
CAROLE THERIAULT. Have you ever seen a tree, Graham?
GRAHAM CLULEY. Yes, yes, I have seen a tree. Yeah, and they're, you know, the ones I've seen have been all right, but it's just sometimes they get a little bit carried away.
MARK STOCKLEY. Did you know there's a very, very clever lady, I think in Canada, a scientist who who researches the exchange of information between trees. I love that. And she has established that trees will share nutrients using the mycelial network in the ground. And so there is an exchange of information between trees, trees of different species as well, but that mother trees will preferentially foster their seedlings over other trees. There's a lot more going on than we realize.
GRAHAM CLULEY. Yeah, that's what I'm saying. I'm saying we have to keep an eye on them because we don't know what they're up to.
CAROLE THERIAULT. Okay, no, I want to geek out with Mark for a second. So I have a bunch of plants in my front room, but they're all in pots, right? And I've read about all this and I worry about them being isolated, like I've got them in solitary confinement. But I've put them all close together and I've been watching them. And there is like a mama fern, a maiden fern, and she puts out all her little tentacles on everybody and holds them all together. Every— it doesn't matter where I remove them. As long as they're within reach, she'll find them and rest her hand on them. It's very cute. So anyway, you sure it is a tree?
GRAHAM CLULEY. It's not—
CAROLE THERIAULT. it's not a tree, it's a fern or spider or something.
GRAHAM CLULEY. Okay, okay.
MARK STOCKLEY. Anyway, so trees, trees, trees, trees rock. Yay. And trees don't— they obviously, they don't have hands, they can't make websites, but there is a website about trees which I'd like you to go to called Trillion Trees, which explains why we need a trillion trees and how we're gonna get them.
GRAHAM CLULEY. Cool. Trilliontrees.org.
CAROLE THERIAULT. Does that mean I have to stop using my log burner?
GRAHAM CLULEY. You've been killing trees.
MARK STOCKLEY. I'm glad you waited until the end of the podcast to mention this.
GRAHAM CLULEY. Jesus. Crow, what's your pick of the week?
CAROLE THERIAULT. Right. My pick of the week. So we're gonna hark back for a second to episode 149, which was called—
MARK STOCKLEY. Who can forget 149?
GRAHAM CLULEY. A golden oldie.
CAROLE THERIAULT. Oh my God, it was called Fall in Love with Fraudsters. That's so weird. Okay, this— I'm like a broken record. Okay, so my main story was about fraud, and the reason I mentioned 149 is because I'm actually echoing my pick of the week on that episode, which was the first series of a show called Criminal on Netflix.
GRAHAM CLULEY. And you accused me of scraping the barrel when it came to picks. You're just saying, I've done season 1, now I'm doing season 2. Geez, let me remind you about season 1.
CAROLE THERIAULT. Let me just do my padding, please.
GRAHAM CLULEY. Maybe I'll do a list of Doctor Who episodes.
CAROLE THERIAULT. First season, if you remember, was 12 episodes, 3 episodes each set in 4 countries. Do you remember? It was like Criminal France, Criminal Spain, Criminal Germany, Criminal UK, and each one has 3 shows, and all 12 of the shows are in the exact same set, so they all have their own actors, writers, directors, producers.
GRAHAM CLULEY. It was like an interrogation room.
CAROLE THERIAULT. Yes, in the confines of the interrogation room. And you're like in this HQ, this staged police HQ. And I love that. But the parameters are the same across all of it. And how each team tackled the project differently was just great. So Criminal season 2, the UK one, has just been released. And I hoovered up all 3 episodes over the weekend. And it's so great. The cast is impressive. You've got Game of Thrones star Kit Harington, And you've got Catastrophe actor Sharon Horgan, who I love. Oh, yeah. She's the best. Isn't she? Oh, my God. And she's amazing in this. She's so good. And Hotel Rwanda star Sophie Okonedo. Oh, yes. And Big— The Big Bang Theory, which I never watched. I know, shock, shock. Kunal Nayyar. And, of course, we're waiting now the other miniseries from the other countries so we can do that. So, all I can say is watch it. It's written amazing. There's all these twists and turns, superbly acted, superbly directed. It's one of those shows that you feel healthier for having consumed it rather than watching some crap and you feel like you've eaten 15 Big Macs. You know what I mean? You know what I mean? Like Wife Swap. I used to watch Wife Swap or Come Dine with Me, and you'd watch one of those or a few of those and you'd be like, oh God, I feel like I've just eaten like a whole 20 chicken McNuggets. You just feel shit. But this doesn't— you feel great after this. You just feel good. It's good. So I will put the link in the show notes. It's on Netflix. Criminal. If you haven't seen the first one, hey, guess what you gotta do. Yes. All right.
GRAHAM CLULEY. Sounds very cool. Very cool. Thank you for those picks of the week. And that just about wraps it up for this week, Mark. I'm sure lots of our listeners would love to follow you online and find out what experiments you're doing on Twitter. Where can they do that?
MARK STOCKLEY. Well, you can find me @MarkStockley on Twitter. You can find my chickens @InternetOfHens, and you can find Graham Graham and Carole duking it out at Graham or Carole.
GRAHAM CLULEY. I hope I win. And you can follow us on Twitter @SmashingSecurity, no G, Twitter won't allow us to have a G. And we also have a Smashing Security subreddit. And don't forget, if you want to be sure never to miss another episode, subscribe in your favorite podcast app such as Pocket Casts, Spotify, or Apple Podcasts.
CAROLE THERIAULT. Socially responsible smoochies to you all for listening, supporting the show via Patreon and sharing this podcast with your people. Also, thank you so much this week's Smashing Security sponsors, Immersive Labs and LastPass. Their support helps us give you the show for free. Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.
GRAHAM CLULEY. Until next time, cheerio, bye-bye, bye-bye, see you later, alligator. That's a bit lackluster, that bye, Mark.
MARK STOCKLEY. Oh, bye. Bye.
CAROLE THERIAULT. We had John Bentley on and he was like, oh, bye-bye.
GRAHAM CLULEY. Yes. Great. Yes. Oh, fantastic. Amazing. Oh, my goodness. Yes. He never listened to the show. We're fine saying whatever we like.
-- TRANSCRIPT ENDS --