Jack Rhysider from the "Darknet Diaries" podcast joins us to chat about his interview with the elusive Hacker Giraffe, how a death is preventing cryptocurrency investors from reaching their money, and how 'beauty camera' apps are redirecting users to phishing websites and stealing their selfies.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jack Rhysider of the "Darknet Diaries" podcast.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Jack Rhysider.
Sponsored By:
- Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.
- "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.
- Download it for free at smashingsecurity.com/intelligence
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- This hypnotist helps people recover lost bitcoin passwords — CNBC.
- Good News! You Are a Bitcoin Millionaire. Bad News! You Forgot Your Password — Wall Street Journal.
- Quadriga CX announces the death of their CEO Gerald Cotten — Facebook.
- Set Up and Manage Emergency Access — LastPass.
- What is the Emergency feature and how to use it? — Dashlane.
- Inactive Account Manager — Google.
- Banks Hate Crypto In Canada: QuadrigaCX Exchange Sees $28M Frozen — NewsBTC.
- QuadrigaCX Owes Customers $190 Million, Court Filing Shows — Coindesk.
- John Darwin ("Canoe man") disappearance case — Wikipedia.
- Is it ever acceptable for a journalist to hack into somebody else’s email? — Naked Security.
- Hacker Giraffe — Darknet Diaries podcast.
- The PewDiePie Hackers: Could hacking printers ruin your life? — BBC News.
- Smashing Security on Hacker Giraffe's printer hacking exploits.
- Behind the apps: Why we want to look different online — BBC News.
- Various Google Play 'Beauty Camera' Apps Send Users Pornographic Content, Redirect Them to Phishing Websites and Collect Their Pictures — Trend Micro.
- Mr. Puzzle — YouTube.
- Dawn of the Code War: America's Battle Against Russia, China, and the Rising Global Cyber Threat — Amazon.
- Everything That Will Kill You... From A to Z — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
CAROLE THERIAULT. I think he should just apologize to the people that he either freaked out or really gave a headache to.
JACK RHYSIDER. Yeah, and he did an apology audio thing on Twitter.
ROBOT. Oh, he didn't send it to people's printers though. Come on, Jack, lots of people won't have seen it. Smashing Security, Episode 114: Darknet Diaries: Death and Bitcoin. Ransomware and Phishing Beauty Apps with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 114. My name is Graham Cluley.
CAROLE THERIAULT. God, you sound proud. I'm Carole Theriault.
GRAHAM CLULEY. I am proud. And we are joined today by a special guest, someone who hasn't been on the show before. It's Jack Rhysider, host of the Darknet Diaries podcast, no less. Hello, Jack.
JACK RHYSIDER. Hey guys, really excited to be here.
CAROLE THERIAULT. So exciting to have you on.
GRAHAM CLULEY. I love it.
JACK RHYSIDER. Yeah, it's a trip because I spent years doing security myself and consuming your content. Content, Graham, and bringing it into my own world and like learning from you and stuff. And then here we are together. So stop.
CAROLE THERIAULT. Yeah, please do stop it.
GRAHAM CLULEY. Digesting my content. You can imagine you kind of eaten it all, but of course, you know what happens to it afterwards. So anyway, great to have you on the show. And during the course of the podcast, we'll talk a little bit more about the Darknet Diaries as well, because probably a lot of listeners will be interested if they're not already listening to it. But what have we got coming up on the show this week, Carole?
CAROLE THERIAULT. So this week we have you, Cluley, telling us about missing crypto millions. Jack, you are delving into the world of hackers, giraffes, and YouTube atrocities. PewDiePie. And I'm visiting the world of fake beauty apps feeding off the kids' love for digital surgery. All this and more coming up on episode 114 of Smashing Security.
GRAHAM CLULEY. Recorded Future provides deep, detailed insight into emerging threats by automatically collecting and analyzing billions of data points from the web. Every security team can benefit from that kind of threat intelligence. Grab yourself a copy of Recorded Future's free handbook, which explains why threat intelligence is an essential part of every organization's defense against the latest cyberattacks. Go and get it at smashingsecurity.com/intelligence. And thanks to Recorded Future for supporting the show.
CAROLE THERIAULT. Hey, what's your password for your email? Do you even know it? I don't. I trust LastPass Enterprise to remember it for me because it's so long, so complex, and so unique. I couldn't possibly remember all my passwords for all my accounts. Let LastPass Enterprise do the hard work for you because they take security seriously and they're really responsive. Check out LastPass Enterprise at lastpass.com/smashing. I'm on the show.
GRAHAM CLULEY. Well, chaps, news has reached us from the chilly tundras of Canada.
CAROLE THERIAULT. Tundras.
GRAHAM CLULEY. One of the— one of the— it's very cold there at the moment, you know. And one of the country's bitcoin exchanges, QuadrigaCX, has found itself in a right old pickle.
CAROLE THERIAULT. That's a catchy name. Well, QuadrigaCX.
GRAHAM CLULEY. I guess if you're new to the internet and creating cryptocurrency exchanges and things like that, you may have to be slightly imaginative when it comes to your domain name in order to grab it.
CAROLE THERIAULT. Yeah, well, they've certainly excelled on that one.
GRAHAM CLULEY. Well, it is claimed that approximately $250 million Canadian dollars— what's that, Carole? About £4.50?
CAROLE THERIAULT. I was just going to say £20. That's awful.
GRAHAM CLULEY. Well, no, apparently it's actually $190 million US dollars.
CAROLE THERIAULT. Bula.
GRAHAM CLULEY. Is said to be stored in cold storage as opposed to a hot wallet. Now that's normally quite a sensible thing to do, right? If you've got loads and loads of cryptocurrency.
JACK RHYSIDER. Who owns the cryptocurrency? Is it the, is it the users or?
GRAHAM CLULEY. Well, yes, it's the users. So I think this is stuff which they've sort of safely borrowed away onto the cryptocurrency exchange and it's been stored away by these fellows who are looking after it. And they've put it in cold storage with the thought that it's going to be hard for the hackers to access it. It'll be offline hopefully and protected by a hard to crack password, strong encryption, you know.
CAROLE THERIAULT. Well, all the stuff you'd expect from a bank, I guess.
GRAHAM CLULEY. Yeah, sounds kind of sensible that any funds which they're storing, they're going to look after properly. But things aren't so good, are they, if you can't remember the password?
CAROLE THERIAULT. Oh, shut up.
GRAHAM CLULEY. Now, passwords have often been a predicament when it comes to storing cryptocurrencies. And it's been a real problem in the last couple of years as well. If you remember during 2017, the price of bitcoin absolutely exploded. It rocketed, didn't it? An extraordinary rate. Until the end of the year. I think it got up to about $20,000 per Bitcoin.
CAROLE THERIAULT. Even more, I think. Yeah.
GRAHAM CLULEY. Even more, was it? And then it suffered that really rapid fall as well, which is making John McAfee's bet that I think— was he predicting that Bitcoin would be worth $2 million or something by the end of 2020? I can't remember.
CAROLE THERIAULT. Or he would do what?
GRAHAM CLULEY. Oh, do we have to really go into that?
CAROLE THERIAULT. And I seem to remember we disagreed on what actually that meant.
GRAHAM CLULEY. Yeah, well, he said he'd eat his dick on TV or something, didn't he?
CAROLE THERIAULT. And Graham took that literally, Jack.
GRAHAM CLULEY. I'm not kidding.
JACK RHYSIDER. Why are you even reading this? Reading his tweets or anything.
CAROLE THERIAULT. I know, exactly.
JACK RHYSIDER. Thank you.
GRAHAM CLULEY. Yeah, it's a good question. Why does the media pay attention?
CAROLE THERIAULT. No, why do you?
GRAHAM CLULEY. Why do I? Because I'm just fascinated by these— having been there at the early days of antivirus, I'm fascinated by these enormous characters.
CAROLE THERIAULT. Do you see yourself in him?
GRAHAM CLULEY. No, I don't see myself.
CAROLE THERIAULT. Do you admire him?
GRAHAM CLULEY. No, of course not.
CAROLE THERIAULT. What would you like?
GRAHAM CLULEY. Anyway, listen, it's been a problem. The point I'm making is that because Bitcoin's exploded in their price, lots of people who had Bitcoin investments— maybe people just sort of made a punt and they spent $300, right, years and years ago on buying some Bitcoin. Suddenly they found out, oh my goodness, it's worth $300,000. How can I get hold of that money? But they couldn't remember their passwords and they couldn't get their bitcoin.
CAROLE THERIAULT. Yeah, yeah, we've heard that.
GRAHAM CLULEY. Yeah, right. And some were so desperate they turned to, you know, really unusual directions to determine what their password might be. I was reading about this South Carolina hypnotist who was actually offering his services helping people recall. No, for real. His name is Jason Miller, and he was charging 1 bitcoin plus 5% of the amount recovered. If he managed to hypnotize the password out of you.
CAROLE THERIAULT. Oh my God.
GRAHAM CLULEY. He said he had this great technique. I mean, you could have sort of tried to brute force it, I suppose, or use other techniques. But, but yeah, that's what he was trying to— that's what he was trying to sell to people. Some people would turn to things like this.
JACK RHYSIDER. Yeah. I've also heard where someone threw away a hard drive which had bitcoin on it, and then years later they went back to the dump with like an excavator and tried to find their hard drive.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. There's a guy in Wales doing that right now. I don't think he's found it yet.
GRAHAM CLULEY. That's right. And he's been trying to crowdfund it because it's Cost him quite a lot of money, and I think the council aren't letting him—
CAROLE THERIAULT. Are charging him for searching.
GRAHAM CLULEY. Are they?
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. We shouldn't laugh. If it was us, it would just be tragic.
CAROLE THERIAULT. I know, it's awful. It would be tragic.
GRAHAM CLULEY. But in the case of QuadrigaCX—
CAROLE THERIAULT. Oh, sorry, what company? What name?
GRAHAM CLULEY. Oh, do I have to keep on saying it? In the case of QuadrigaCX, the Canadian cryptocurrency exchange, the problem wasn't so much that the password couldn't be remembered, But the only person who knew the password had died.
CAROLE THERIAULT. Oh. Yeah.
GRAHAM CLULEY. Now, on the 14th of January, Quadriga announced on their Facebook page that their CEO and co-founder Gerald Cotten had died in India. And they posted this message saying, with a heavy heart, we announce the sudden passing of Gerald Cotten, a visionary leader. He died due to complications of Crohn's disease. In December, he was in India. He was opening an orphanage, helping kids in need, giving them safe refuge. You think, oh my goodness, how terrible.
CAROLE THERIAULT. It's a good obituary.
GRAHAM CLULEY. So yeah, you feel very sorry. And this was signed off by his partner who was sort of assuming control of the company. Now, so far, that's quite sad, right? But they haven't said anything about passwords. The thing about the password was only revealed at the end of January, the end of last month, when they revealed that Gerald Cotten was the only person who knew the password to Quadriga's cold storage, meaning that its clients' $190 million worth of holdings couldn't be repaid to them.
CAROLE THERIAULT. Thank you, blockchain.
GRAHAM CLULEY. And if you—
JACK RHYSIDER. I wonder if we could spend like a million dollars to research a technology to pull memories out of a dead person's brain and we'd still be up $90 million at the end of this.
CAROLE THERIAULT. Right.
GRAHAM CLULEY. Yeah, I mean, you know, it's amazing what CSI can do, isn't it? With a bit of technology, I'm sure it could be possible. Maybe magnify, enhance the picture, going to analyze his brain, plug a couple of jump leads into the cerebellum. It'd be fantastic, wouldn't it? Now, all of that makes me wonder, was it really sensible for them not to have written down the password or put it somewhere securely? Because we tell people all the time, be very, very careful with your passwords, right? And maybe you shouldn't write them down, but what's going to happen if you die? Shouldn't we be thinking more about our digital legacy, about our accounts after we've gone? And we kind of think—
CAROLE THERIAULT. Well, especially if you're managing $190 million worth of other people's money.
GRAHAM CLULEY. It's not that easy a question though. If you're really keen to secure your clients' cash, you might be very nervous about sharing that password with one of your colleagues who might go rogue. It's $190 million, for goodness' sake, Will.
CAROLE THERIAULT. Isn't it a cybersecurity practice to always have two people that know part of the password? So they need to get together. And isn't that the most secure way that is recommended?
GRAHAM CLULEY. Well, that's, that's not going to be—
CAROLE THERIAULT. it's not going to help very much if one of them dies.
GRAHAM CLULEY. You've just got half a password. I mean, you may have Mary had a little and you think, well, I don't know what the end is. Going through, I don't know, rhubarb and custard trifle.
CAROLE THERIAULT. I would put unicorn just to screw with them.
GRAHAM CLULEY. Right, exactly. But, you know, I think people do need to think about the digital legacy. We're advocates on this show, of course, of password managers and making sure that they're securely held that way. But how many of us honestly think about the situation of what we're going to do with our passwords once we've popped our clogs, like this guy Gerald Cotten, the CEO of Quadriga, does?
CAROLE THERIAULT. I don't think you care very much, maybe. Do you care?
GRAHAM CLULEY. Well, you maybe should do.
CAROLE THERIAULT. If it's not yours.
GRAHAM CLULEY. But in all of our personal situations, shouldn't we be prepared to share that with our partners? Or, you know, you don't know what they might need to log into and how inconvenient it's going to be. If they can't access accounts. Yeah.
JACK RHYSIDER. So traditionally, right, your partner could handle the mortgage and bank account because you can easily get someone to help you with that, a financial advisor or something. But, you know, if you have a bunch of Ledger wallets or bitcoin around and something happens to you, is your partner able to understand that technology or, or your family or whatever to be able to know this is supposed to go to them? This, you know, you need to do something with that. So I think I'm glad you brought this back around to us, make it more relatable to us, Graham, because I think it is a good practice to find someone you trust to somehow make them the tender of your digital world after your passing, because you give it to someone you can trust and they can take care of it for your family for you or whatever, because your family may not know how to work the password vault or log into all those accounts or something. And that's a really good question.
GRAHAM CLULEY. And even if they are able, if someone in your family dies and you're reliant upon them as a breadwinner, even if you know, oh, in 6 months' time, I'll get all this paperwork sorted and I'll be able to access that. I'm thinking of things like investments. That may be a critical length of time. It may be that you actually want access sooner than that because you're basically in a real pickle as well as having your head befuddled by what's happened.
CAROLE THERIAULT. Yeah, but all that is moot because the main guy of the place where your money is being stored doesn't remember the password.
GRAHAM CLULEY. He's dead.
CAROLE THERIAULT. Exactly. He doesn't remember anything.
GRAHAM CLULEY. Yes, but if it's stored in a password manager or in some kind of vault.
CAROLE THERIAULT. For God's sake, do you want someone who's running that much money storing it in, you know, really—
GRAHAM CLULEY. I'm not saying inside a password-protected Word document, Carole.
CAROLE THERIAULT. Right.
GRAHAM CLULEY. I'm suggesting something a little bit stronger than that. Now, if you look at some of the most popular password managers, things like LastPass, things like Dashlane, they have emergency access features. And the way in which they work is you can, before you die, you can nominate someone who you trust and you can say, if this person needs emergency access, give it to them. And the way it works is they apply for emergency access, it then emails you, the deceased person, and if you don't respond within a certain time frame, right, then it will assume that you are granting them permission. So you have the ability to say no, no, no. What on earth are they doing?
CAROLE THERIAULT. Is this your pitch to get your hands on my money when I die? Is that what you're doing?
GRAHAM CLULEY. I can't believe you've nominated me. And you can also do this, by the way, it was a past Pick of the Week, something called the Google Inactive Account Manager. You can also do this with Google too. And you can say, look, if you don't hear back from them for a week or two, you can choose what the time is, then the account access will be granted to this other person. Anyway, so that's the kind of thing they should have considered. And that would normally have been the end of my story, but there is an additional wrinkle in the story of QuadrigaCX, because I discovered that in October 2018, October last year, It was reported that Canadian Imperial Bank of Commerce had frozen a number of accounts linked to the cryptocurrency exchange's payment processor and its owner, Mr. Cotten. In all, they froze $28 million because they were a bit suspicious about goings-on at the company. Oh. And that left hundreds of the platform's customers stranded and strapped for cash.
CAROLE THERIAULT. And then people still didn't remove their money from this exchange.
GRAHAM CLULEY. Well, for months, months, a lot of people had concerns about this particular exchange and whether it had quite as much money as it was claiming. There is a researcher and data analyst, his name is Crypto Medication, which is a rather strange name. Mr. and Mrs. Medication decided to call their son Crypto, and he has conducted an in-depth analysis of Quadriga's bitcoin holdings. And his claim is that they never actually lost access to their bitcoin holdings. And the number of bitcoins which is being held is substantially less than is now being claimed by the widow of the allegedly deceased CEO.
CAROLE THERIAULT. And what would be in their best interest? That insurance would pay out? Is that the game?
GRAHAM CLULEY. Well, I think the argument is, and we have to put lots of allegedlys in here.
CAROLE THERIAULT. Yeah, yeah. Right, right. We think we might.
GRAHAM CLULEY. I think that the Theorem might be that maybe this cryptocurrency exchange is claiming that it can't access an awful lot of money, and maybe the money it does have is being squirreled away in another direction. Who knows?
JACK RHYSIDER. I mean, isn't there like a paper trail through the blockchain that you could see if something moves out of that account, then obviously someone has access to it.
GRAHAM CLULEY. You would think so, wouldn't you? That would be the obvious sort of alarm bell which would go off.
CAROLE THERIAULT. It's recorded, right?
GRAHAM CLULEY. Certainly right now they are claiming that they can't pay up some of the money which maybe the Imperial Bank is demanding they pay up for questionable activities in the past. There's a rival crypto exchange called Kraken, and its CEO Jesse Powell has— another name— he's very suspicious of the whole thing, and he's even questioned the validity of the death certificate issued in India. So there's another crazy theory: is this man really dead at all?
CAROLE THERIAULT. Do you remember that story, that guy in the UK That pretended to die, but he didn't die. And he was living in the walls of his house.
GRAHAM CLULEY. Canoe Man.
JACK RHYSIDER. Canoe Man.
CAROLE THERIAULT. And he was living in the walls of his house, collecting the insurance money and pretending to be dead, even to his kids.
GRAHAM CLULEY. And then he went off to live in Panama with his wife and he came back because obviously you miss Britain if you're in Panama. Got caught. And because the weather's so good. But yeah.
CAROLE THERIAULT. Put a link in the show notes. That's such a good story.
GRAHAM CLULEY. Well, to get completely off track, Sky News actually hacked into Canoe Man's email account because he came, he came back, didn't he, claiming to have lost his memory and have been found himself in Britain again.
JACK RHYSIDER. And anyway, my conspiracy hat's on now.
GRAHAM CLULEY. Good, good. That's why you're here, Jack. We got you here to be the conspiracy guy. We love that guy.
JACK RHYSIDER. Yeah, it's a little-known fact that I'm an amateur conspiracy theorist. I'm not a professional.
GRAHAM CLULEY. You are, wouldn't you? That's exactly what a professional— I knew it, I knew that's what you were.
JACK RHYSIDER. So if you, if you did give your, your digital world to someone upon your death, and, and they, they, they got it, right? So this guy's, you know, actually dead, right? Now the next person got a hold of, you know, that password. Yeah, they have a big decision to make on whether to take the money and run. Yeah, or give it back to the company and whoever else it owns. So who could it have gone to? It could have gone to the co-founder. It could have gone to the wife.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. Oh, yeah. So maybe we believe he is dead. Maybe it hasn't gone to the wife. Maybe it's gone to someone else who's just keeping— tumpty tum. Don't look at me. No, I haven't received any emails.
JACK RHYSIDER. I mean, and then there's another option of he was killed because he had the only access to $194 million.
CAROLE THERIAULT. He was tortured and he gave away his password in his dying breath. That could have happened.
GRAHAM CLULEY. I love it. Well, I think we got the movie script written. Okay, so this is a Rhysider, Terry O'Cluley production. We'll put it into operation immediately. Sell the rights to Hollywood. Fantastic. Thank you very much. TM, TM. Don't steal it, listeners. We'll edit all this out. We don't want the listeners to hear this bit. Jack, what are you here to talk to us about today?
JACK RHYSIDER. I'm gonna talk about Hacker Giraffe. All right, so imagine you're on the internet and you're clicking around and you find that 50,000 printers are exposed to the internet in a way they shouldn't be, and you have the ability to print whatever you want to 50,000 printers. What would you do in that situation?
GRAHAM CLULEY. Would you print something?
JACK RHYSIDER. Would you report it to someone?
GRAHAM CLULEY. I honestly don't think that I would care enough to do anything. I would just move on with my day.
CAROLE THERIAULT. Oh, I barely have anything I would like to say to 300 people on Facebook, let alone send out a message to 50,000 people. I think it's unethical to use somebody else's equipment without their permission. Maybe I'd put it in the hands of the media.
JACK RHYSIDER. Knowing as little as I do about the whole thing, probably what I would do from a moral standpoint is I would send something to each one of those printers saying, you know, this is not secure and you probably want to do something about it. So would you print something? No. Why not? I think I would not print anything because that seems kind of weird and maybe a misuse of resources. And I really like trees and that's a lot of paper.
CAROLE THERIAULT. So.
JACK RHYSIDER. Well, first I would print a bunch of obnoxious memes to every printer on there and then I'd report it. You've heard of this person, Hacker Giraffe. The thing is that some people think that this person is one of the goofiest hackers because what he's done is hacked printers to promote PewDiePie.
CAROLE THERIAULT. He also has a goofy name.
JACK RHYSIDER. The Hacker Giraffe.
CAROLE THERIAULT. It's a bit of a goofy name, don't you think?
JACK RHYSIDER. Yeah. I don't know if he's on the savanna or on a safari or something. But the thing is that the media has just ran with the story that printers are being hacked for PewDiePie propaganda and such like that. But I think let's put all that aside for a second, the PewDiePie part, and let's talk about the security issues here. The printers that he was able to access—
GRAHAM CLULEY. the—
JACK RHYSIDER. this has been such an easy thing where he looked up port 9100 on Shodan, found 50,000 printers, and then used a script off of GitHub to print something to 50,000 printers. It's possible because of poorly configured UPnP settings on home devices.
CAROLE THERIAULT. So there's this huge flaw that shouldn't be there, and he spots it.
JACK RHYSIDER. Yes.
CAROLE THERIAULT. And what are you supposed to do with that information, right?
JACK RHYSIDER. Yeah, I mean, is it the printer's fault for requesting this port open? Is it the router's fault for saying, "We're gonna open it to the world"? Or is it the user's fault for not knowing what to do with their settings.
GRAHAM CLULEY. Because this was the thing, I think, was that even if you received this message on your printer telling you to sort out the security because your printer's opened the internet for anyone to send a print job to it effectively, or potentially worse than just sending a print job, most people wouldn't have a clue as to what to do next, would they?
CAROLE THERIAULT. I wouldn't.
JACK RHYSIDER. Right. A lot of people think that there's some sort of magical hacking going on, like, oh, it's— this is way above what I'm under— what I'm capable of understanding. So I don't even know where to go. There's hackers on my system. Let's burn everything down. That's a scary situation to be in when somebody gets in your stuff. But if you recognize that it's as simple as like, "Oh, my router was exposing that port and I didn't even know that was happening," then you can get control of this pretty quick.
CAROLE THERIAULT. So this, Jack, is on your latest episode on Darknet Diaries, and you actually speak to Hacker Giraffe.
GRAHAM CLULEY. The very first tweet I saw was a woman saying that their local police station printed this paper out of the ticket counter. And I was like, what? I had zero concerns whatsoever about any consequences. I was so into it. I was like, yes, this is working. This is so cool. I got to tell everybody that this is working.
CAROLE THERIAULT. Now, how did you find him?
JACK RHYSIDER. So I reached out to him when, um, when he did this, he leaned into the whole thing and created a Twitter account and started taking credit for it. And pretty much that first day I was in contact with him, pretty much advising him like, this is not a good idea to, uh, to lean into this. But he was just, he was on cloud nine. He loved the attention. He loved all this stuff going on. All those news was reaching out to him and the stories were coming out like crazy. And it just fueled this. Excitement for him. And so I've been following him and trying to get together with him, but, um, you know, scheduling guests is a very difficult thing. Yeah, we never quite aligned with our schedules until it was all over and he, he went completely dark. And he reached back out to me then and said, hey, give me a bit of limelight, baby. Yeah, like, well, not so much that, but like, hey, look, all this is over. Do you want to Do you want to cover it from the beginning to the end now? And that's the best story that I think is worth telling is the news is that first draft of history. But once everything is over and we can see from the beginning all the way to the end what happened.
GRAHAM CLULEY. Because that was the thing, wasn't it, with this particular story? For those people who don't remember it, and we spoke about it in an earlier podcast as well, so we can link back to that and some of the news stories about this as well. It got the media's attention on a massive scale because the message which was sent to all of those insecure printers was, well, part of it was subscribe to PewDiePie's channel because PewDiePie was in a subscriber war effectively with T-Series and Indian music.
CAROLE THERIAULT. Oh, stop acting like you know what you're talking about for any other reason other than you did research.
GRAHAM CLULEY. Well, we spoke about it on our other podcast. That's why I know about it. I know. But, but, you know, but it got huge coverage, largely, I think, because the PewDiePie thing was, was part of it, though. I still think that if it just sent out 'ASCII art of the Pink Panther' or something like that. That would have got lots of coverage as well.
CAROLE THERIAULT. See, that's the one question. Like, I don't think he's wrong that the mention of PewDiePie did probably kind of launch him from tech press to mainstream press. And it was a goal that he seemed to want from listening to your show, Jack. Do you agree with that? Or did I—
JACK RHYSIDER. Yeah, he says that. And he was working with another person who both say, actually, this had nothing to do with PewDiePie. We just used his name to get the message to spread further. And we like PewDiePie, so we'll help him out, but that wasn't the goal here. The goal was to expose this in such a— in the biggest way possible to get the most attention possible.
GRAHAM CLULEY. But what was fascinating about this was initially he had this huge rush and excitement about, "Oh my goodness, look at the impact which I'm having." But then it really turned sour, didn't it? And that's what comes across in the interview you did with him.
JACK RHYSIDER. Yeah, that's the thing I think I'm most fascinated with on my show, Darknet Diaries, is the human factor behind all of these breaches and hacks. Doxxing stuff. I want to know what was that feeling like when you had to call the FBI or you had to call your executive to tell them the breach is happening? Because that's the most scary, spine-chilling moment. And here I have access. I was able to interview him for 2 hours with telling me all of the emotional experiences that he had gone through, like the decision to push that button, to hit enter, and then all of the depression that hit because you have this, this distant, this difference between the popularity of being online and the loneliness of being in the real world. And it's like the more popular he got, the more depressed he got because he couldn't match that in the real world. And I just think that that's such a fascinating aspect to pretty much all hacker stories. I'm sure they— I'm sure all big hackers have gone through this when they've done something big. They can't take credit for it and they have this isolation. They can't tell other people. And so there's this loneliness. And it's so fascinating.
GRAHAM CLULEY. Do you experience that, Carole Theriault? Because you're very popular on the podcast, but in real life?
CAROLE THERIAULT. Not so much. Is that what you're suggesting?
GRAHAM CLULEY. Not so much.
CAROLE THERIAULT. You don't know. You don't hang out with me and my bud buds. Now, I'll tell you something that I felt felt off. So I felt that Hacker Giraffe kind of had that Robin Hood kind of feel, right? Like I'm doing something a little bit bad. I know it, but I'm doing it for the greater good because I've signed off and said, hey, you're vulnerable. But then all the guys and girls who actually follow the rules and try to do responsible disclosure and try and go through that whole horrendous bureaucracy of trying to get a hold of the right person to say there's a problem. And like, you know, they ring and ring and ring and there's no one home. I just, I feel frustrated for them, right?
JACK RHYSIDER. Yeah. Some people are saying responsible disclosure is harder than— Oh, it is. Harder now than it has been before.
CAROLE THERIAULT. So yeah, I don't doubt that actually.
GRAHAM CLULEY. And particularly with something like this, who do you call? Yeah, right.
CAROLE THERIAULT. It's not Ghostbusters.
GRAHAM CLULEY. It's not. It's, it's— who you gonna call?
JACK RHYSIDER. I mean, technically, when you're looking at Showdown, it's going to tell you maybe it's Lexmark or something is the one that's open the most. But, but still, whose fault is it? It's kind of like, I always think of it like, who's, who's in charge of making the roads safe? Is it the drivers? Is it the people who make the roads so it's not too curvy or fast? Or is it the police that need to drive by faster to check and make sure everyone's following the rules.
CAROLE THERIAULT. I kind of want him to go out on some channel and say, look, dudes, all the people that got yelled at by their bosses because the printer was spurting out paper. He also did that playing YouTube through the Chromecast. Right. Later on in your podcast, you cover that as well. He did two of these events, right? Like, I think he should just apologize to the people that he either freaked out or really gave a headache to. Yeah.
JACK RHYSIDER. And he did an apology of audio thing on Twitter. He didn't send it to people's printers, though.
CAROLE THERIAULT. Come on, Jack.
GRAHAM CLULEY. Lots of people won't have seen it.
CAROLE THERIAULT. They were then fixed, so he couldn't.
GRAHAM CLULEY. He should have sent out a sorry message and then a follow-up saying, sorry for sending the sorry message. And, you know, we could have had something recursive going on there instead. Does he think what he did was wrong?
CAROLE THERIAULT. Okay, no, the question, you know what the question would be? The question would be, would you be surprised, Jack, if you saw him in the headlines doing something like this in the future?
JACK RHYSIDER. I think he learned his lesson the hard way. I think, I think he— I mean, I really hope that he has learned his lesson and that he doesn't, because it sounds to me like as I'm talking to him, it sounds like he's a good guy with a bright career and future ahead of him. And he's not a hoodlum trying to, like, make a ruckus out there, cause destruction. He really— a couple other factors here. The tool that he used could have given him command line access to those printers. It's possible to send a malicious PDF to a printer and get command line to it. He didn't take that step. The tool he used could have made him a botnet of 50,000 or 800,000 nodes and taken down something bigger. He didn't do that. Like, all he did was just send a print job to it and he took, you know, extra steps to not cause this kind of disruption. And, you know, that's what kind of makes me think he's probably, you know, good deep down.
CAROLE THERIAULT. Yeah. But he made some bad decisions, I would say.
JACK RHYSIDER. Yeah. And so I also want to talk about that Chromecast hack he did as well, because what he was able to do was figure out that there was certain ports that the Chromecast was telling the router, open this up, and the router was doing. So that's again UPnP, and these are API endpoints. And so when those ports are open, they were open to the whole world, and we're talking like over 100,000 Chromecasts were exposed in this way, which means that people can play videos or take control of your Chromecast from around the world. But not only that, while he was doing that, he also discovered that some Google Home devices were also listening in on that same port, and he could connect to the Google Home device and see how much noise level the mic was picking up. He couldn't listen to what the mic was picking up, but he could see the, you know, the bar, the volume unit, to say, oh, there's a lot of noise here, or no, no noise at all. And that, that alone is a kind of a scary point that a lot of this media doesn't cover. They're just all PewDiePie, PewDiePie, but it's like, wait a minute, why? Why are thousands of Google Home devices letting people listen to the noise level remotely? This is a huge story.
CAROLE THERIAULT. And arguably, both these hacks that he did have, because of what's happened, have made the world a tiny bit safer, which is kind of a cool goal.
GRAHAM CLULEY. He shouldn't probably have done it, but the outcome was more printers are probably secured. But the risk at the same time is that maybe there are more people now who are aware of this kind of exploitation. So you could see copycats and, you know, will no one think of the trees? You know, the amount of paper and the—
CAROLE THERIAULT. Walk away, kids. Walk away.
JACK RHYSIDER. Yes. So that's the kind of the problem here as well is it's one of those immune systems that makes it worse at first and then safer because I think what now that it's exposed, there's copycatters out there saying, oh, I could just do this. I will do this, and they're doing a lot worse situations, right? Now it's like, okay, well, we really actually need to stop focusing on PewDiePie and really do need to focus on this security issue, and at some point we'll get there.
CAROLE THERIAULT. What is it with that guy? What is it? You're younger, Jack, I think.
GRAHAM CLULEY. Oh, he's definitely younger than you, Chris.
JACK RHYSIDER. PewDiePie, I think gaming is a popular thing. People like watching gamers. He's a gamer. He likes to talk about the latest memes. And say funny things and do, you know, comedy sketches. Yeah, I mean, I am not a fan of him. And I did— I had to watch a lot of videos to understand this story. But yeah, it seems like it's targeting, I don't know, a younger audience or something.
GRAHAM CLULEY. For me, you've suffered enough, Jack. You've suffered enough watching all of those videos.
JACK RHYSIDER. I think there is a couple of videos that's like, if you laugh, you lose. And he tries to get you to laugh. Like showing you a bunch of memes. And I did laugh at some of them. So he did deliver on a few, but it was rare. And I got mad and I shut off the computer. I said, it's not fair. You won't win this round.
GRAHAM CLULEY. Carole, what's your story for us this week?
CAROLE THERIAULT. So we're going to go back back to when I was a teen growing up.
GRAHAM CLULEY. Oh, the '50s.
CAROLE THERIAULT. On the Ontario-Quebec border in Canada. No, Graham. Okay, this was like the late '80s. Now, during this time, you might have found me spending my hard-earned cash on mags like Bazaar or Vogue, and the worst of them all, Cosmopolitan. And here, for example, I've— I'm sending you guys a typical cover. Okay, this was from 1989. I mean, Just look at the headlines here.
GRAHAM CLULEY. The joy of sex with an older man. Well, I can, I can appreciate that. Well, not personally, I wouldn't want to anyway, but yes.
CAROLE THERIAULT. So they're all like, they're just outrageous, right? The hard realities of marriage, blah blah blah. My point is, this was during the supermodel era, and I literally would obsess about how flawless these women looked, right? And it really, this was just a thinly veiled pity party for one me because I was like sporting a mullet, right? A poodle perm. I had braces. So yeah, I had a long way to go.
GRAHAM CLULEY. You still look like a teenager to me from that description. I don't think you've changed that much at all.
CAROLE THERIAULT. So nice of you. So nice of you. But I remember the day when I finally freed myself from this bogus beauty shackle is when I found out that most of these model pics went through severe Photoshopping before they went to print. Right? And I thought, fuck that. It's like, what a sham. And that, from that day on, it was a complete lie to me. And how could I have predicted if we were to fast forward to today, it wouldn't just be top-tier models that go through this humiliation of being digitally scrubbed and buffed and polished and smooth, but a whole generation of girls that go out and do it to themselves in selfies of their own accord, and they often pay for the privilege.
GRAHAM CLULEY. Hmm. Yes.
CAROLE THERIAULT. No, it's just—
JACK RHYSIDER. The other thing is that the women of your generation had— I don't know where you learned how to do makeup. Your friends, your mom, but now you just pop up YouTube videos.
GRAHAM CLULEY. I think it's at the circus, isn't it, in the case of some people? Right, Carole?
CAROLE THERIAULT. Oh, Graham.
GRAHAM CLULEY. Oh, that's a bit low blow, low blow.
JACK RHYSIDER. Now you get to just pop on YouTube and see people doing it and social media teaching you how to do it. You get younger people also interested in how to do beauty tips.
CAROLE THERIAULT. Yeah, and it's like, see, now you can totally airbrush your acne or whiten your teeth or plump up your eyelashes or shrink your schnoz or make your eyes big and sparkly, right, Graham? And you know, it's dubbed, the whole thing is dubbed selfie surgery.
GRAHAM CLULEY. Is it? Yeah. Oh my goodness.
CAROLE THERIAULT. And there's like this one app called Facetune. It's one of the bigger legit players competing with Snapchat and Instagram in this space. And it's in the top 10 paid apps for Apple, right? It's been there for ages and most of the users are 21 to 34 and 70% are female. And it's currently at number 6 in the US in top paid apps.
GRAHAM CLULEY. So what does it do?
CAROLE THERIAULT. It does filters, it does photo filters. So it just makes you look prettier or, you know, you just—
GRAHAM CLULEY. Skinnier.
CAROLE THERIAULT. Yeah, you can shave your face, make it look pretty, whatever you need to do.
GRAHAM CLULEY. You've got a lot of girls shaving their faces. Okay.
JACK RHYSIDER. So you don't even need makeup anymore. You just need an app.
CAROLE THERIAULT. You just need a lot of apps. Yeah, apparently. Now, I haven't played with these myself, which is probably a disservice for the podcast. I'm sorry, listeners, because there's a lot of money in these kind of apps, right? Remember, number 6 in the US. We're not surprised that there are some internet ne'er-do-wells who thought this might be an ideal market to target.
GRAHAM CLULEY. Yep.
CAROLE THERIAULT. And according to security firm Trend Micro, 29 bogus beauty camera applications or apps, read photo filters, were found to be doing something rather naughty on the user's phone. Ooh. So of these 29 apps, some would display full-screen ads every time the user unlocked a device. And what was sneaky is it didn't tie it to the app. It kind of obfuscated its tie to the app. So you just see this thing pop up and you'd be like, oh, why is this ad here? But you wouldn't be able to figure out how to turn it off or where it was coming from.
GRAHAM CLULEY. That'd be irritating, yeah.
CAROLE THERIAULT. Wouldn't it? They would forward users to phishing sites, try and steal credentials. They had 'You've won a prize. Enter your phone number and email address here.' And some were even actually trying to steal photos. Okay, Trend believes these could be used on like fake social accounts.
GRAHAM CLULEY. So you would use this app to make yourself more beautiful, and the bad guys are stealing the photos as well for creating fake social accounts? Seems a little bizarre to me. It's not like there's a shortage of pictures of people on the internet.
CAROLE THERIAULT. I'm thinking vanity ransomware. That's my idea. You can get in touch with them and say, 'I have your pre-pics. Like, honey, oh, we'll show everyone what you truly look like. Now apparently, these apps were reportedly incredibly difficult to like catch out. So they were packed and compressed, the files were all obfuscated, the relationship with ads was all kind of hidden, so you wouldn't be able to tell where everything was coming from. And the apps have now been— you don't have to worry if you're into this kind of stuff, because the apps have been removed now from the Google Play Store. But as if there's not going to be more in there in the near future. How do people avoid being enslaved by these kind of malicious apps pretending to be something else?
GRAHAM CLULEY. Don't be so vain. Full stop. The end. Right. Thank you for listening to Smashing Security this week. Ridiculous. Just get over it.
CAROLE THERIAULT. Aren't you, Graham? I'm going to see if you're going to lie right now, but aren't you the person every time you saw yourself in the mirror, you would say you were gorgeous?
GRAHAM CLULEY. Yes, exactly. I didn't need an app to do that. I just had self-belief.
CAROLE THERIAULT. Okay, so you don't need an app to be vain. Is what you're saying. Just find it in yourself.
GRAHAM CLULEY. Every time someone asks you, how are you? You just say, I'm gorgeous. And eventually begin believing it. And other people begin believing it. This is my PR strategy.
CAROLE THERIAULT. Okay, so I have advice, right, to avoid this thing. So download discriminately, right? Look for apps that have been recommended by a trustworthy friend or site, right? Don't just go willy-nilly and go, that looks cool, and download it. Delete all accounts and apps you don't use, no longer want. And I follow this rule of thumb: if I haven't looked at it in 6 months, I don't need it. Get rid of it.
GRAHAM CLULEY. Yep. Here's my cryptocurrency app. I'll delete that. Don't need that one anymore. You know what?
CAROLE THERIAULT. I totally would. I totally would. That's why I never bought any. I totally would do exactly that.
GRAHAM CLULEY. Very sensible. Very sensible.
CAROLE THERIAULT. Review the settings of the apps you've installed on your device, of course, and turn off anything you don't use and read the fine print. I know I say this all the time, but you know, if they're legit, at least you have an idea of what they're gonna do with the information they're taking from you.
JACK RHYSIDER. And of course, watch the permissions you're giving them too, and don't give 'em extra info, you know, Totally.
CAROLE THERIAULT. That's a really good point. Yeah. All the settings that they turn on by default, they don't actually need.
GRAHAM CLULEY. But it's difficult, isn't it? If you're a vain 14-year-old and you want to compete with sexy Shirley in the other class and have an equally sultry picture, you're not going to think about permissions, are you? You just want to install the app.
CAROLE THERIAULT. Can I ask an inappropriate question?
GRAHAM CLULEY. Have you ever not?
CAROLE THERIAULT. Okay. So I did some research on sexting, right?
GRAHAM CLULEY. All right.
CAROLE THERIAULT. So 1 in 5 under 18 have sexted. So how many people do you think in that group are throwing their junk through filters first before they send them to intended recipients?
JACK RHYSIDER. I don't want to—
GRAHAM CLULEY. when you say junk, you mean—
CAROLE THERIAULT. you know what I mean.
GRAHAM CLULEY. Well, I certainly wouldn't add a slimming filter to it.
CAROLE THERIAULT. That wouldn't be a good idea. Okay, Jack, are you right? You surviving?
JACK RHYSIDER. Yes.
GRAHAM CLULEY. Jack's doing great.
CAROLE THERIAULT. I'm just checking in on him.
GRAHAM CLULEY. And welcome back. And you join us, our favorite part of the show, the part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week.
JACK RHYSIDER. Is that like my nose or—
CAROLE THERIAULT. Jack.
JACK RHYSIDER. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like. Doesn't have to be security related necessarily.
CAROLE THERIAULT. It should definitely not be.
GRAHAM CLULEY. It can be.
CAROLE THERIAULT. Shouldn't be.
GRAHAM CLULEY. But my one isn't this week. My pick of the week is a YouTube channel which is run by a German chap called Christian Eiloh, also known as Mr Puzzle. And Mr Puzzle has, at the time of broadcast, 632,000 subscribers, and I find him rather addictive. I've been watching him for about a year on and off. Can I ask you something? Yes.
CAROLE THERIAULT. Do you think most of our listeners are retired?
GRAHAM CLULEY. Why would you think this would only appeal to people who are retired?
CAROLE THERIAULT. He does puzzles?
GRAHAM CLULEY. Not jigsaw puzzles. By the way, there's nothing wrong with jigsaw puzzles either.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. No, he does things like locked boxes or things with keys or the sort of puzzles where, you know, do you remember when you were a kid, you'd sometimes get them at Christmas? You get some sort of logical puzzle which you'd have to sort of undo and unravel, and you're like, haha, I've worked out the combination. It's a bit like picking a safe, you know, and opening it up. And he's made a series of these videos of incredibly complicated puzzles. I watched one earlier today, which is the impossible Excalibur sword puzzle, which took him 23 minutes worth of fiddling before he was able to get the sword out. And he was hoping that everyone else would be able to follow it as well. And I find it rather lovely. First of all, I love his accent because he has a charming German accent and he has a lovely way about him. But these puzzles are terrific, and I, I would be quite tempted to buy some of these puzzles. And I noticed that some of the puzzles— there's this sort of homespun market where people are creating their own puzzles, and what they will do is they can sell you basically the blueprint of the puzzle, and then you make it for yourself on your 3D printer. So people who can't sell them commercially—
CAROLE THERIAULT. sell the plans.
GRAHAM CLULEY. Sell the plans and things. And I think it's kind of cool. Anyway, I would recommend the Mr Puzzle. Of all the things in the last week, this is what I would recommend.
CAROLE THERIAULT. Jack, there's one that's called the Amazing Jack Puzzle. I just see it here. Yeah.
JACK RHYSIDER. I'll have to check that out.
GRAHAM CLULEY. Anyway, I find it rather lovely. And I thought some of our listeners may enjoy Mr Puzzle as well. Anyway, there you go. Jack, what's your pick of the week?
JACK RHYSIDER. I've been digging into a book lately and I like it. It's called Dawn of the Code War and it's written by, I'm pretty sure, an ex-FBI agent. And so he goes over the, like, the history of security and hacks that have been against the nation or have been things like a nation-state level. And it's just really great to see to hear the stories from the FBI agent on what they saw and experienced during some of these big-time hacks. So one of the things that was really fascinating to me was, I think he calls it something like the 1,000 hacks that killed a company or something. And basically, Dyson, the vacuum cleaner company, was being hit with a lot of hacks from China that were just trying to steal intellectual property and so that they can make Dyson ripoff stuff or use the technology somehow. And the FBI was seeing a lot of this kind of stuff where a lot of intellectual property was being siphoned over to China through hacking in the last couple decades. And he just goes into great detail on how all this has affected world markets and changed how we do business online and all this stuff. And it's just a really great kind of catch-up on where we are in the security world today and how we got here. And all the things that have shaped it.
CAROLE THERIAULT. And it's written well, like you can read it and you kind of roll it along. You don't kind of—
JACK RHYSIDER. Yeah.
CAROLE THERIAULT. Okay, that's nice. That's always nice.
JACK RHYSIDER. Yeah, the author is John Carlin, FBI agent.
GRAHAM CLULEY. I'm just reading about him. He apparently was the Assistant Attorney General under Barack Obama. So he was fairly sort of high up from the sound of things. So he would have had some visibility on these things.
JACK RHYSIDER. And so, you know, some of these I don't always agree with, you know, the reason that they have conducted or done some of their stuff, but it's fun to hear from the horse's mouth why, or, you know, like what they saw that you don't normally hear on the news cycles.
CAROLE THERIAULT. Oh, and he partnered with an award-winning journalist to write the book. So that's really nice as well. Garrett McGrath.
GRAHAM CLULEY. Are you saying this is as interesting as my YouTube channel about puzzles, Jack?
JACK RHYSIDER. It's about the context, okay? If I'm on a bored conference call where I just don't want to be on that call anymore, I'm going to get your puzzles out and I'm going to start solving your puzzles. And that's going to be so, so great to me. But if I'm flying on an airplane or I don't know, doing something where I need to, because this is an audiobook as well, you know, then I can use it there. So.
CAROLE THERIAULT. Where have you been all our lives? We've always needed a peacekeeper and we've never had one ever.
GRAHAM CLULEY. Carole, I'm surprised you're saying this because this is kind of security related, this pick of the week.
CAROLE THERIAULT. I don't mind.
GRAHAM CLULEY. And yet you're defending it.
CAROLE THERIAULT. Yeah, I don't care.
GRAHAM CLULEY. You were right about this week.
CAROLE THERIAULT. It's a book as well, which is always nice because, you know, not all of us read here, do we?
GRAHAM CLULEY. If only everyone would choose something like that, Krow, rather than some internet fliff-flaff and flim. Anyway, talking of which, what's your pick of the week, Krow?
CAROLE THERIAULT. Internet fliff-flaff. So, okay, it's an oldie, but it's a goodie. And do you remember the Dark Alphabet of Things That Can Kill You? Did you ever see that? Okay, take a look. Look, you can listen to a little snippet. Okay.
GRAHAM CLULEY. Just be careful, Jack. In the past, when she's given us a YouTube link, led to Rik Astley. So let's see what's going to happen this time.
CAROLE THERIAULT. Oh yeah, whatever.
GRAHAM CLULEY. In life, you have choices. They're healthy and not, and sometimes it's tricky to choose what you ought. So if you are—
CAROLE THERIAULT. So basically, it's a beautifully drawn Grim Reaper waxing poetic on all the things that can kill you from A to Z.
GRAHAM CLULEY. A is for alcohol, source of addiction. Liver diseases, and other afflictions. So how about water? That might be okay, but if it's in plastic, there's B, BPA.
CAROLE THERIAULT. And it's a reminder not to avoid life when living, right?
GRAHAM CLULEY. Okay, it's very cutely drawn.
CAROLE THERIAULT. Now the whole thing is only 3 minutes long, so it's very cute, it's really sweet, and it just basically says carpe diem. You crazy cats.
GRAHAM CLULEY. Perfect amounts and eating some things that you shouldn't consume cause dozens of dishes will lead to your doom.
CAROLE THERIAULT. So this is the thing to watch if you need a smile today. Link's in the show notes. And I recommend you all do it. Even if you've seen it before, it's worth it.
GRAHAM CLULEY. What, we do everything from A to Z?
CAROLE THERIAULT. Yes, do everything from A to Z and let me report back.
GRAHAM CLULEY. See crystal meth or whatever it is. You're saying just do that. Well, that's really responsible, Carole. Well, let's hope Apple don't remove us from the podcast library, all right?
CAROLE THERIAULT. I'm a very responsible podcast host.
GRAHAM CLULEY. Well, on that bombshell, I think we've just about wrapped up the show. Jack, for people who want to find out more about you and Darknet Diaries, what's the best way that they can do that?
JACK RHYSIDER. DarknetDiaries.com is the website. It's a podcast that's available in your favorite podcast player anywhere.
CAROLE THERIAULT. Subscribe to it, people. It's excellent.
GRAHAM CLULEY. Yeah, it's really good, everyone. If you're enjoying our show, you'll enjoy Darknet Diaries much, much more.
JACK RHYSIDER. And my favorite social media is Twitter, so if you catch me on there, I'll probably be really responsive as well.
CAROLE THERIAULT. Not LinkedIn.
JACK RHYSIDER. I'm on there, but wow.
CAROLE THERIAULT. I know, I'm kidding.
GRAHAM CLULEY. It's awful.
JACK RHYSIDER. When, when I get on a website and it turns up the fan on high on my, on my computer, I know it's a good website, you know, quality built.
GRAHAM CLULEY. Exactly. And you can follow us on Twitter at Smashing Security, no G. Twitter won't allow us to have G. And you can join us in discussing all of these topics on Reddit. The quickest way to find us is to search for Smashing Security, and you'll find our subreddit up there.
CAROLE THERIAULT. A huge hat tip to our sponsors this week, Recorded Future and LastPass. Now, these guys help us give you these episodes for free. If you want more fab guests like this on Smashing Security, help us boost our listenership in this world of podcasts. Download numbers talk. So high fives to everyone who listens to the show, who's taken a few minutes to give us a review, who recommend us to friends or salty coworkers, or who sends us a lovely spot of love by email, Reddit, or Twitter.
GRAHAM CLULEY. And you can check out past episodes on smashingsecurity.com as well. Until next week, cheerio, bye-bye. Bye. Bye.
CAROLE THERIAULT. Thank you, Jack.
GRAHAM CLULEY. Thank you, Jack.
JACK RHYSIDER. Oh, that was really fun.
CAROLE THERIAULT. Was it painful?
GRAHAM CLULEY. What are you saying about Jack's contribution?
CAROLE THERIAULT. Not his contribution, our contributions.
-- TRANSCRIPT ENDS --