Listen early, and ad-free!

343: Four-legged girlfriends, LoveGPT, and a military intelligence failure

With , ,
October 12, 2023
Read the transcript

Dream girlfriends, AI love scams, and an alleged spy who is said to have made a series of blunders.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

Sponsored by:

  • Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
  • Devo – Register now to join Devo and other cybersecurity industry professionals on October 18 for sessions and panels focused on de-stressing, SOC career development, and more!
  • Moonlock — cybersecurity wing of MacPaw. Developers of the antimalware tech in CleanMyMac X — Moonlock Engine.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Transcript +

This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

GRAHAM CLULEY. Can I just underline for any incels who are listening to this and may have access to weaponry that these are the opinions of Thom Langford and not of the hosts of the Smashing Security podcast, just before anyone tracks us down.

THOM LANGFORD. Yeah, that's right. That's right.

UNKNOWN. Good. Smashing Security, episode 343: Four-Legged Girlfriends, LoveGPT, and a Military Intelligence Failure with Carole Theriault.

GRAHAM CLULEY. Hello, hello, and welcome to Smashing Security episode 343. My name's Graham Cluley.

CAROLE THERIAULT. And I'm Carole Theriault.

GRAHAM CLULEY. And Carole, this week we are joined by a returning guest, someone who's been on the show numerous times before. It's Thom Langford from Host Unknown. Hello, Thom.

THOM LANGFORD. Hello, hello, hello. Thank you very much for having me. It's always a pleasure to be on this podcast. You know, your voice sounds remarkably good considering you've just recovered from another bout of COVID.

Well, you know, unlike those other Muppets on the Host Unknown podcast, I'm the consummate professional. So I've been gargling with salt water and drinking honey and just trying to sound incredibly sort of soft and velvety for your gorgeous listeners.

GRAHAM CLULEY. Your tones are mellifluous. Well done. That's excellent.

THOM LANGFORD. Mellifluous. Oh, what a wonderful word.

CAROLE THERIAULT. I was going to say sonorific, but there you go.

THOM LANGFORD. Soporific.

CAROLE THERIAULT. That's what it is.

GRAHAM CLULEY. You don't sound like a sonar, no.

THOM LANGFORD. Three pings off the starboard bow.

CAROLE THERIAULT. Before we kick off, let's thank this week's wonderful sponsors, Kolide, Deevo, and Moonlock by MacPaw. It's their support that helps us give you this show for free. Now, coming up on today's show, Graham, what do you got?

GRAHAM CLULEY. I'm going to be telling a story of military intelligence.

CAROLE THERIAULT. Okay, what about you, Thom?

THOM LANGFORD. I've got a story about surprisingly familiar-looking four-legged girlfriends.

CAROLE THERIAULT. Okay, and my story is about, whoa, don't swipe right just yet. All this and much more coming up on this episode of Smashing Security.

GRAHAM CLULEY. Now, chums, chums, I want to take you to the streets of San Francisco, or rather the airport. At the end of last week, the authorities were lurking at San Francisco Airport. They're probably hiding behind the potted plants, waiting to leap out, lying in wait for the arrival of a plane from Hong Kong.

And the reason why they were doing that was that on board this particular plane was one Joseph Daniel Schmidt. A 29-year-old former US Army sergeant. Now, let me tell you about this chap Schmidt and what he'd been up to.

CAROLE THERIAULT. Okay.

GRAHAM CLULEY. A while ago, he left the US Army and he upped sticks and moved to mainland China and Hong Kong, which was an unusual thing to do, probably in early 2020, I suspect, to do something like that, you know, in the midst of a—

CAROLE THERIAULT. Yeah, that's when the COVID virus had already launched. So, yeah. Was he looking for a place in Wuhan and had trouble getting in?

THOM LANGFORD. He's going to mainline it from the source.

GRAHAM CLULEY. Anyway, so he went off to China. And he's been mostly hanging out there ever since, out of reach of US law enforcement. And you may be thinking, well, why did he go?

Why did he go to China? Well, it turns out he'd always had an interest in the Chinese language. While he'd been a soldier, he had studied Mandarin. And in fact, he worked for a while as a translator for the US Army. And during his service, sometimes he'd taken personal leave for a trip to China, right? He'd gone on the slow boat to China, or the rather quicker plane.

CAROLE THERIAULT. And nothing unusual in that, right?

GRAHAM CLULEY. Nothing unusual in that. Of course, you have to fill out a visa if you're going to spend some time over there.

THOM LANGFORD. Yeah.

CAROLE THERIAULT. I know loads of people, by the way, that have been to China, right?

GRAHAM CLULEY. Yeah. I've been to China.

CAROLE THERIAULT. There you go.

GRAHAM CLULEY. Anyway, he wrote on his visa, "I plan to travel to China every New Year to learn about Chinese culture." He said, "I'd like to travel to China many times over the course of the next 10 years." And he planned a couple of trips.

Fair enough. Because everyone needs a break, don't they? Everyone needs occasionally a bit of relaxation, a bit of R&R, I believe they call it. I certainly do from my job. Carole, I'm sure you like to put your feet up.

CAROLE THERIAULT. Annually, I go to Croatia, right?

GRAHAM CLULEY. Right.

CAROLE THERIAULT. See my buds.

GRAHAM CLULEY. Yeah. Thom, I mean, you've got a very, very important CISO job, but occasionally you like to take a little break, don't you, and put your feet up at home and relax or, you know, get up to all kinds of mischief, I'm sure. But everyone needs a break.

THOM LANGFORD. Wherever possible.

GRAHAM CLULEY. Especially you would want a break if you have a very stressful job working at the 109th Military Intelligence Battalion in the States and have top secret security clearance. That's going to be a lot of stress, isn't it?

THOM LANGFORD. And it does explain why he's learned Mandarin and why he's got an interest in China. You know, you got to— you get engrossed in these things, right?

GRAHAM CLULEY. So it's no surprise that he flew in January 2020 to Beijing for a few days. He hung out there, then he went on a short break to Istanbul.

As you do. And it was while he was in Istanbul that he contacted the Chinese embassy, like you do. I mean, I imagine he was asking, you know, do you know any lovely tourist spots I should visit in China on my next visit? Maybe, you know, is there anything in particular I might be able to see?

And according to a court affidavit, which has now become public, when he dropped this email to the Chinese embassy, it followed a number of Google searches which he'd made. So he'd been Googling and he'd been searching for things like "soldier defection", "countries that don't extradite to the United States", "Russian visa costs", "where's the Chinese embassy in Istanbul".

CAROLE THERIAULT. It's the old don't think Google doesn't have a log of your searches.

GRAHAM CLULEY. Right. Innocent things. "Can you be extradited for treason?"

THOM LANGFORD. Is this story sponsored by DuckDuckGo, by any chance?

GRAHAM CLULEY. So he was looking for all kinds of information. "Countries with the most negative relations with the United States" was one thing he looked for. "Top 10 countries that hate America the most." He was looking for countries which weren't very keen on America while he was out of the country.

And he even went on Reddit and he was looking for—

CAROLE THERIAULT. He's probably writing a novel. And that's why he's doing these searches.

GRAHAM CLULEY. Probably doing research. That's right. He was looking for a subreddit about spying.

CAROLE THERIAULT. Exactly. Where else are you going to get your information, right?

GRAHAM CLULEY. And then he created, allegedly, a Word document entitled "Important Information to Share with Chinese Government." And I guess that would be information about this is how you could market your beautiful locations, your tourist traps a little bit better, that kind of helpful stuff. And why not? That's all good.

And around about then, he also emailed his sister, Mary. And he said, "Hey, Mary, there's something I need to tell you. The reason I left America is because of disagreement with American policy. I don't talk about it often, but I learned some really terrible things about the American government." As if there are terrible things about the American government.

CAROLE THERIAULT. Come, come.

GRAHAM CLULEY. Exactly. While I was working in the army, I learned these things. I no longer feel safe living in America, and I don't want to support the American government anymore. He says, I don't plan on coming back anytime, except maybe once to sell my house.

CAROLE THERIAULT. This sounds so weird. That sounds like a little bait. So, I don't know. That sounds odd. Okay.

GRAHAM CLULEY. He said to her, I'm going off the map for a long time. But I'll communicate occasionally by email. So don't worry.

CAROLE THERIAULT. He's dead. Well, I'm just trying to guess what's going on. Okay, carry on.

GRAHAM CLULEY. His internet searches apparently continued. And he's visiting Reddit boards with titles like, what do real spies do? How are they recruited?

CAROLE THERIAULT. How do they spend their day all day? Because I'm eating cornflakes, you know.

GRAHAM CLULEY. Now, I suspect real spies don't go on Reddit and don't search in Google and create Word documents saying, here's the information I want to share with the Chinese government, or how do I get recruited?

THOM LANGFORD. I would also imagine real spies don't defect to China in Istanbul, having just come back from China.

CAROLE THERIAULT. Yeah, neither of you are spies. You don't know anything about double bluffing or triple bluffing or quadruple bluffing.

THOM LANGFORD. I think I know the basic principles of defection, though.

GRAHAM CLULEY. Yeah, if anyone's an expert on defects, it's Thom.

THOM LANGFORD. Yeah, absolutely. Absolutely. So many.

GRAHAM CLULEY. So, you know, I mean, well, I mean, maybe the first time he arrived in Beijing, he found it difficult to get around the city, couldn't find, you know, because what do you do? Do you knock on the door? Are they going to take you seriously? He needed to convince them he was serious.

So another Word document he created, according to the US authorities, discussed aspects of US Army intelligence collection, dissemination, training, intelligence reports, methods of conducting interrogations, human intelligence, all kinds of things, because this is what he was doing. Apparently, he was involved in the interrogation of people from the region for the US authorities. And the US authorities went into his iCloud account and they found Google Maps screenshots revealing he'd been just around the corner from China's Ministry of State Security.

THOM LANGFORD. What?

GRAHAM CLULEY. So I would argue that he hasn't been very successful at hiding his tracks. It wasn't very good.

CAROLE THERIAULT. It's so weird. Who is this guy?

GRAHAM CLULEY. Well, he's a top secret clearance troll. He's creating Word documents called high-level secrets. He's sending emails saying, if you read this, please make sure the Chinese State Security Bureau receive it, because this is really important for the Chinese people.

He even created a 28-slide PowerPoint presentation.

CAROLE THERIAULT. That's not that impressive. I've seen, you know, your decks are better.

GRAHAM CLULEY. I'm not saying it's impressive, the number of slides, Kroll. We've all sat through— and I regularly do presentations which are half an hour long with about 98 slides. So we've all done that.

But this was called Use of Technology in Military Source Operations and Interrogations. So he was allegedly, because he's now been arrested, it's all going to appear in court.

The US authorities have got all this evidence which they claim suggests he's been up to no good. And that's why you got nabbed at San Francisco Airport.

It's unclear if Schmidt ever managed to meet up with Chinese spymasters or not, or whether he failed, whether they couldn't take him seriously. But as we know, there was a recent president of the United States.

They found out as well there are laws against the retention of national defense material, whether you then give them to other countries or not.

THOM LANGFORD. So there are so many questions.

GRAHAM CLULEY. Well—

CAROLE THERIAULT. Shoot, shoot. Graham has all the answers. He's done some deep, deep research.

THOM LANGFORD. One, this is either the worst stitch-up or the dumbest member of military intelligence, which I know is an oxymoron in of itself anyway.

GRAHAM CLULEY. Yeah.

THOM LANGFORD. This sounds like a 14-year-old's school essay about someone defecting. This is dreadful.

On every level, it's either a dire comment on the state of America's educational system, a dire comment on the state of American intelligence, a dire comment on some countries' abilities to stitch up a US citizen. Overall, nobody looks good in this at all.

GRAHAM CLULEY. Oh, I think they do.

THOM LANGFORD. Oh, really?

GRAHAM CLULEY. I think the Chinese look really smart because if you had someone who was this much of a Muppet contacting them offering to be a spy? You'd keep them at arm's length, wouldn't you?

THOM LANGFORD. Well, true.

GRAHAM CLULEY. You'd just think, no, we're not going to let you in the building. Yeah. We're not going to trust any information you give us because you're clearly highly unreliable. You're probably a complete fantasist.

THOM LANGFORD. You're clearly paddling at the shallow end of the gene pool. Yeah.

CAROLE THERIAULT. Yeah, it makes you wonder how many borderline nut jobs are outside embassies going, I can help you. I know.

THOM LANGFORD. It's also a very poor indictment of America's mental health care capabilities. Well, we all know about that.

GRAHAM CLULEY. Do you really think he's been stitched up, Thom?

THOM LANGFORD. Well, it's just so incompetent that it makes me think he is.

GRAHAM CLULEY. That is a great defence, isn't it?

THOM LANGFORD. Do you think I am that incompetent that I would make all of these mistakes? I think is a fair defence in this.

GRAHAM CLULEY. In your case, Thom.

THOM LANGFORD. Well, yeah, probably not the best defence for me.

GRAHAM CLULEY. No, no, it's a brilliant defence. I'd say, yep, absolutely.

Yep. It could— I've heard your podcast. Anyway, Thom, what have you got for us this week?

THOM LANGFORD. All right, so I've got a particularly weird story. Now, the other day, in fact, I think it was while we were on our podcast with you, Graham, I think it was either you or Javad called me an incel.

Wow, do you remember that? I vaguely—

GRAHAM CLULEY. I'm pretty sure that was Javad.

THOM LANGFORD. I said it was almost certainly Javad.

GRAHAM CLULEY. I would not have said that.

CAROLE THERIAULT. No.

THOM LANGFORD. Yeah, absolutely. And you know, for those of you who don't know what an incel is, it's effective— I don't even know what it—

GRAHAM CLULEY. Involuntarily celibate.

THOM LANGFORD. That's it, that's it.

CAROLE THERIAULT. And it's all involuntary—

GRAHAM CLULEY. Oh, I know, people who want to have sex but opportunities never arise because otherwise known as recently divorced men.

THOM LANGFORD. But the sort of key attribute of it is that they all effectively do is they sit behind their computer and moan about feminism and blah blah blah blah blah, and then watch copious amounts of porn or get involved in all sorts of dubious crypto schemes or whatever.

CAROLE THERIAULT. Sounds so fun.

THOM LANGFORD. It does. It does.

I mean, it sounds—

GRAHAM CLULEY. I mean, I put it as a hobby on my recent CV, but can I just underline for any incels who are listening to this and may have access to weaponry that these are the opinions of Thom Langford and not of the hosts of the Smashing Security podcast, just before anyone tracks us down.

THOM LANGFORD. Yeah, that's right. That's right.

Good. Now, the thing with this is there are many, many services out there that help said people, one of them being a website called Dream GF, which is an AI service that offers an artificially intelligent generated girlfriend for you that you are able to look at and chat to presumably one-handed whilst you're doing other activities.

GRAHAM CLULEY. Okay.

CAROLE THERIAULT. I was wondering what country.gf was, but then you said girlfriend and it all—

THOM LANGFORD. Yeah, I think it's probably dreamgf.ai.

GRAHAM CLULEY. I've just visited the site and it's an 18+ site.

THOM LANGFORD. Oh, yes.

GRAHAM CLULEY. And it's—

THOM LANGFORD. Absolutely.

GRAHAM CLULEY. It's off— Yes, it's— Oh, I see. There's lots of— Well, they look like young women.

THOM LANGFORD. They look like young women. They actually are pure figments of the AI's imagination.

They are artificially generated. And there's also a chat function as well.

So not only when you join and hand over your hard-earned cash to these people in inverted commas, a girlfriend is generated for you and you are then able to chat to them. And I know, I know, right?

It's like Weird Science. Remember that old '80s film with Kelly?

Is it Kelly? Brock, I think it is.

GRAHAM CLULEY. It was one full movie.

THOM LANGFORD. Yeah, it is a very good movie. But so, you know, all well and good.

You know, everybody's got to have a hobby. And if this is your hobby, well, fine.

There's a number of concerning facts going on here. So firstly, it found— researchers found that it was creating a disproportionate number of girlfriends based upon the images of people like Margot Robbie, Jennifer Lopez, Taylor Swift, etc.

So it was gathering lots and lots of pictures of people, and a lot of these girlfriends looked like these famous folks. Now, obviously, in many, many countries, the use and the gathering of images like this, so countries like UK, France, and Germany— this is almost like a non-consensual image-based abuse, and it's a crime, you know.

So what it's saying is it's gathering these images of people and generating them in sexually provocative poses, clothing, if clothing is even involved at all. So there's that.

That's one concern straight away. The other concern was the chat feature as well was not the best.

One guy said, I get a good chat going. The AI is set up properly.

Very good start, ten messages in or so. But then suddenly the AI decides I should just come and then end it all.

Which seems a little harsh, right? I mean—

GRAHAM CLULEY. Oh, you mean— Right. I'm sorry.

I misunderstood what you meant there, but okay.

THOM LANGFORD. Yeah. Not just—

GRAHAM CLULEY. When you say end it all, you didn't mean commit suicide or something?

THOM LANGFORD. Well, maybe that's what it was suggesting. Who knows?

Right.

CAROLE THERIAULT. Maybe the relationship, though.

THOM LANGFORD. Well, exactly. I mean, you'd think a little bit of post-nut clarity would stop you from doing that anyway, but nonetheless. But this person's biggest complaint was, the thing is that the sex part hasn't even started yet.

So it's kind of like, you know, chatting away, we didn't even get to the sexy time, and then it just told me to come. So there's apparently this Dream GF site has a team of about 20 to 25 developers in Bulgaria.

They previously worked at an NFT company, which kind of tells you everything you need I know, right? And, you know, they're involved in a whole bunch of these things.

And their CEO is saying, look, we're still a new company. So I think that's the challenge of any new tech.

We're trying to work these things out, blah, blah, blah. Perhaps the most disturbing part of this, though, and, you know, we've talked about this 2023 in the past being the year, the inflection point of AI and chat and artificial image generation.

Is the number of grotesqueries that are generated. And so if you link in the show notes, some of the lovely ladies that are presented might at very cursory glance look, you know, as you'd imagine, except their bodies are the wrong way round or their arms suddenly turn into feet or their legs actually split into two underneath the knee.

Or there are no legs at all and a very odd-looking tongue, or it's kind of a giveaway, isn't it?

CAROLE THERIAULT. It's just kind of a giveaway that something's going on.

THOM LANGFORD. It is. Exactly.

And you just kind of think, wow, I know this is the inflection point. I know this is all very early.

It's just a little bit low quality, low rent. And yet they're still making enough money to stay in business and hire 25 developers.

GRAHAM CLULEY. So Thom, is your issue that you've paid for a subscription of this, and you're just not satisfied with the quality you're receiving?

CAROLE THERIAULT. You didn't like the four-legged supermodel that you chose?

THOM LANGFORD. When I asked for a handjob, I didn't expect there to be four hands, I guess was probably what it was. But nonetheless, it was just—

CAROLE THERIAULT. When we say explicit—

GRAHAM CLULEY. Yeah, we've got the tag turned on, I think. Sorry, sponsors.

THOM LANGFORD. Oh dear. You know, it's, you know, well, I think my issue here is technology can do such wonderful things, and we're just wasting our time on stuff like this.

It's really, really frustrating.

CAROLE THERIAULT. Like love and scams?

THOM LANGFORD. Love and scams. Love is good.

Scams are not good.

CAROLE THERIAULT. And I agree.

THOM LANGFORD. And I think this skirting on the illegal side of things and the gathering of real people's images and reusing them, you know, even if it's a mistake in coding. But the fact that it's reusing them to generate money, I, I, it's just horrible, frankly.

I really, yeah, it's not nice at all. It's quite funny to look at as well, don't get me wrong, because some of them really are quite scary.

CAROLE THERIAULT. Can you imagine though if it were your face?

GRAHAM CLULEY. Well, that's the thing, they're not just training it on Margot Robbie and Jennifer Aniston, are they? They're going to—

THOM LANGFORD. It's everybody out there.

CAROLE THERIAULT. Why can't we use people that have been dead for like—

GRAHAM CLULEY. Diana Rigg.

THOM LANGFORD. Diana Rigg.

CAROLE THERIAULT. Yeah. No, no, they're too soon.

I was thinking like you'd need at least a 50-year buffer or something.

THOM LANGFORD. Uh-huh. Well, they'd all be black and white for a start.

CAROLE THERIAULT. Like copyright. Like copyright, basically.

You copyright your face and your everything until—

THOM LANGFORD. 70 years after death.

CAROLE THERIAULT. There you go.

GRAHAM CLULEY. So we could have Queen Victoria up there. Boadicea.

CAROLE THERIAULT. We, one day, we will be doing some great stuff in 70 years.

GRAHAM CLULEY. I mean, it's quite a professional looking website, isn't it?

THOM LANGFORD. Yeah.

GRAHAM CLULEY. I mean, they've obviously put a bit of effort into it, but—

CAROLE THERIAULT. Yep, that's just a really good web developer. What does that mean?

GRAHAM CLULEY. Well, it's just professionally presented. There are so many websites you go to, Carole, which are a complete mess and don't work on your mobile phone.

CAROLE THERIAULT. Well, yeah, that doesn't mean that they're scammy websites either. It just means maybe—

GRAHAM CLULEY. No, no, but I'm just saying. I'm just saying that it's—

CAROLE THERIAULT. They know what they're doing. They were in the NFT world.

GRAHAM CLULEY. They must be making some money.

THOM LANGFORD. They've got to be making coin. Well, I mean, let's face it. It says here, if you want to make a girlfriend wear high heels, you have to be part of the bronze plan. If you want to make your girlfriend wear Daisy Duke shorts, you've got to be part of the silver plan.

CAROLE THERIAULT. Oh, for God's sake.

THOM LANGFORD. I know, right? I know.

GRAHAM CLULEY. So I started, while you were talking, I tried to create my AI girlfriend via the interface.

THOM LANGFORD. Oh yeah.

GRAHAM CLULEY. And I began to get a bit bored, you know, after I'd answered a few questions and I thought, oh, I'm not going to fill in all these other things.

THOM LANGFORD. I'm not that fussy, let's face it.

CAROLE THERIAULT. I don't care.

GRAHAM CLULEY. Yeah. And so I just said, just do it. And it said, well, no, no, no. It said, you can't do it until you've chosen some clothes for them. So I'd actually left off all the clothes. I hadn't got that far.

THOM LANGFORD. It's just so filthy, Graham.

CAROLE THERIAULT. You probably have a bronze plan for that.

THOM LANGFORD. Yeah, true. Or a gold plan for if you don't like it.

CAROLE THERIAULT. Gold plan, yeah, platinum. For, yeah, for— it's so ridiculous, AI-generated stuff, right?

THOM LANGFORD. There was another comment, one user said, actually I quite this, you know, the fact that they've got all these mistakes in because it proves that they are not real, they are artificially generated. I just— isn't there still a huge amount of objectification involved in this, which is really not healthy for anybody's psyche, let alone the person who's actively reaching into their wallet to pay for this sort of stuff.

CAROLE THERIAULT. Okay, moral police.

THOM LANGFORD. Yeah, damn straight. Someone has to bring this podcast out of the gutter.

GRAHAM CLULEY. Thom, we always appreciate you investigating these dark corners of the internet, the places we fear to tread. So thank you once again for doing that. Well done. Carole, what's your story for us this week?

CAROLE THERIAULT. Well, you know, I was just listening to Thom and I'm thinking, okay, so some people are obviously going down the route of maybe perhaps building their own girlfriend using images of live people like Graham just did. Yeah, yeah, right. But, but you guys actually— I happen to know that you both have online dated in the past, right? And I've been with my Yeti so long, you know, I've never had that experience.

THOM LANGFORD. Isn't, isn't a Yeti a thermos mug?

CAROLE THERIAULT. Yeah, or husband, or a beautiful hairy one. But when you're sitting there, you know, you have launched a dating profile into the world and you're getting your first hit, you know, your first match with another profile. What do you do first? Do you look through the pics that they provide, read the bio, check the requirements, match yours?

GRAHAM CLULEY. Politics. Oh my God, very quickly sift through and say, no way. 'Or did they vote for Brexit or not?' Again, it's just an instant— never going to happen.

THOM LANGFORD. I could appreciate that. I look at the photos, and if I can't see their nose, then it's a no, right? Because that means they've just put a really severe filter on.

CAROLE THERIAULT. So no non-pictures then? You don't even—

THOM LANGFORD. Or, you know, no pictures that have been so heavily filtered that you can't make out actual features. So there's that. If there's only one picture then I tend to say no because chances are that's also a scammer as well.

CAROLE THERIAULT. Wow. Okay, so you ever suspected that you were chatting online with a bot and not a person at all?

THOM LANGFORD. I don't know about a bot, but certainly scammers. I've had conversations with scammers, definitely.

GRAHAM CLULEY. Oh my goodness.

THOM LANGFORD. Absolutely. They follow the same kind of rule book, etc. They get to sex very, very quickly. And also when you meet up, you know, confirm your identity. Can you just check in on this website? And it asks for £25 to confirm your identity, you know, that sort of thing. So, okay.

CAROLE THERIAULT. Wow. I'm back in 2021 right here, right? Because, you know, I've seen accounts that bots compromise about half of web traffic and not all bots are malicious, but, you know, a good proportion are.

THOM LANGFORD. Yeah.

CAROLE THERIAULT. And in 2021, the dating world on Tinder wanted to know whether a photo they swiped right on was legit. Or, you know, was it a bot? And there were a few telltale signs. And you said, you know, they would start talking immediately, a nanosecond after you swipe, they're on.

GRAHAM CLULEY. Ah, right. Yeah.

CAROLE THERIAULT. And I mean, obviously, Thom would think they understand I'm a, you know, I'm all that. But maybe it was a bot, right?

GRAHAM CLULEY. Well, they know in Thom's case, they've got to move quickly because if they don't get in there, he'll have moved on.

THOM LANGFORD. These goods don't stay on the shelf for long.

GRAHAM CLULEY. In my case, I just look for women who've got guide dogs. That's—

THOM LANGFORD. Yeah, that's right. Increases the chances immensely.

GRAHAM CLULEY. And low self-esteem as well is also something I look for in a girlfriend. Someone who would just be prepared to put up with something quite rubbish. That's the kind of woman I'm looking for.

THOM LANGFORD. I thought that was called daddy issues, Graham.

CAROLE THERIAULT. And as you're talking, right, the answers come back almost instantaneously because they're already pre-scripted and triggered off by your response. According to LifeWork, once it's dispensed a few flirty small talk remarks, as you said, Thom, it delivers its payload, right? Usually asking you to visit a link that's either to deliver yours.

THOM LANGFORD. Yeah, absolutely.

CAROLE THERIAULT. Right. To deliver either a payload or, you know, get you to part with sensitive information.

THOM LANGFORD. DNA.

CAROLE THERIAULT. And the trick was that bots were kind of incapable of keeping up with real conversations. That's what I'm getting from all this, because the responses are pre-scripted. So I'm guessing you could ask off-the-wall questions, right? You know, so you might be what do you look like riding a unicycle?

GRAHAM CLULEY. Uncomfortable.

CAROLE THERIAULT. Or—

THOM LANGFORD. I can't think of a quicker way of being sort of, you know, left for dead.

GRAHAM CLULEY. Yes. Very good for weeding out the bots, but also weeding out any other human.

CAROLE THERIAULT. You don't think I'd succeed on the online dating world? It's gonna be everyone's gonna be delete.

THOM LANGFORD. Yeah.

CAROLE THERIAULT. I was thinking about, you know, if you were a French fry, what would you wear?

GRAHAM CLULEY. Vinegar.

CAROLE THERIAULT. But this is all in 2021, right? In the days before ChatGPT and the like were a thing. Well, welcome to the new world where the language models are creeping into every corner of our online life, including that of dating.

So researchers at Avast have discovered that what they describe as a powerful tool designed to dupe wannabe daters, and it doesn't just have Tinder in its sights, but a whopping 13 different dating websites. So you've got all the big names there.

And they create fake accounts, interact with victims, bypass CAPTCHAs, and hide behind proxies. Okay, just name a few of the skill set within the tool.

And the researchers say that there seems to be experiments with ChatGPT with the hope of having more streamlined and believable text interactions. So they've dubbed this LoveGPT, which, you know, Graham, we know we comment on how researchers have non-memorable names for things that they find.

THOM LANGFORD. Yes.

CAROLE THERIAULT. LoveGPT is not bad, right?

GRAHAM CLULEY. Right. It's all right.

THOM LANGFORD. Yeah.

GRAHAM CLULEY. It sounds accurate.

CAROLE THERIAULT. And they say the tool itself is not new. It's been around for about a decade, but they keep introducing new functionality and improving it over time. And they think that the ChatGPT functionality was added around March 2023.

GRAHAM CLULEY. Right.

CAROLE THERIAULT. And it seems to be used in order to create fake profile descriptions. Okay, easy.

Read the inbox on the dating platform and reply to a message. Ask for a phone number, write a first contact message, and chat from a template.

And the main goal of the tool is to scrape data from the interactions with the users, including profile pictures, profile body text, you know, dates of communications, everything. But in order to do that right, the tool needs to feel real looking, right?

And it also needs to get through account creation. So it has to fake request fingerprints to reliably access the dating platforms.

Otherwise, the platforms could detect such weird activity, you know, it has to build all these fake profiles. So how does it do it?

And LoveGPT seems to have the capability to handle CAPTCHAs quietly, verify phone numbers, create fake email addresses, usernames and passwords. And all this is obviously performed by the tool seeking the most automated process, right?

And of course, if any of the automations fail, they also, you know, have built-in browsers that allow an operator to come in and do the steps manually.

GRAHAM CLULEY. But they're probably more successful at creating a dating account than the typical user who might be struggling, or as I found earlier when I tried to create my dream AI girlfriend, and I didn't fill in the boxes properly and I was getting error messages. So these things could actually be used to help you create an account, couldn't they?

CAROLE THERIAULT. Yeah.

THOM LANGFORD. Yeah.

GRAHAM CLULEY. Thom, automate the process.

THOM LANGFORD. Well, there's only so many times you want to type in the same stuff, right?

CAROLE THERIAULT. So basically the rules of what we relied on way back in 2021 may not be the same in six months' time.

GRAHAM CLULEY. Here's my thought. If the guys that have asked have found this tool for doing this, chances are there are other tools doing something similar as well.

CAROLE THERIAULT. Yeah, sure.

GRAHAM CLULEY. Is it possible that a lot of these dating sites are actually using them themselves? They're hosting conversations which are going on between two bots without either side realizing they could be neutralizing each other, having these pointless little conversations, age, sex, location, conversation, trying to lure the other one.

CAROLE THERIAULT. But how are they creating these accounts? They're doing it with stolen credentials, presumably, right? To pay for the accounts and whatnot.

GRAHAM CLULEY. Oh, I see.

THOM LANGFORD. No, no, many of them are free. So a lot of the sort of financial model of this is if you go on there and you don't pay for your stuff, what it means is that you can't see likes, you can't message somebody, etc.

But if you are— let's face it, many of these are pretending to be women looking for lonely men, etc. The men will be in there having paid for a full account and then will make a connection with this person, right?

The financial onus is on the receiving end, if you see what I mean.

CAROLE THERIAULT. Yeah.

GRAHAM CLULEY. So it's a bit like nightclubs where they let the women in for free and men have to pay.

THOM LANGFORD. Yes, that's it. That's a really good analogy. That's exactly it.

That is exactly it.

CAROLE THERIAULT. The world's going crazy. That's all I'm saying.

THOM LANGFORD. It's a minefield. But seriously, you know, any gentlemen out there looking at this, trust me, if it sounds— if she sounds too good to be true, chances are she is.

It's unfortunate.

CAROLE THERIAULT. There are a few cool cats like me out there.

THOM LANGFORD. There are many. Yeah, yeah, but you're not on the websites, and I know I've looked.

CAROLE THERIAULT. But thanks for verifying for me.

THOM LANGFORD. Yeah, exactly, exactly.

GRAHAM CLULEY. In a world where technology and human life are intertwined, cybersecurity is just, well, security. Keeping your memories and conversations safe shouldn't require cyber expertise.

Technology is for everyone. Cybersecurity should be too.

So if you're concerned that your iPhone is listening to you, want to know how to defend yourself from WhatsApp scams, ransomware awareness, or keep track of the latest Atomic macOS stealers, visit smashingsecurity.com/moonlock. At Moonlock, you'll find useful tips on how to stay safe and protect your loved ones in the technology-powered world.

Moonlock by MacPaw, cybersecurity tech for humans. So go visit smashingsecurity.com/moonlock right now, and thanks to them for supporting the show.

CAROLE THERIAULT. And we thank DEVO for sponsoring the show. SOC analysts are often overworked and underappreciated.

In fact, many consider leaving their jobs or changing careers altogether. DEVO is hosting the 3rd annual SOC Analyst Appreciation Day.

This year's program includes presentations and discussions from some of the InfoSec community's most prolific thought leaders, including the likes of YouTube creator John Hammond, CISO Olivia Rose, and unpopular opinion guy Joss Copeland. This event will cover everything from real-life use cases to SOC automation, managing your mental well-being, and more.

You won't want to miss it. Join DEVO and other cybersecurity industry professionals on October 18th, 2023 for sessions and panels focused on destressing, SOC career development, and more.

Visit smashingsecurity.com/devo to register. That's smashingsecurity.com/devo.

If you work in security or IT and your company has Okta, this message is for you. For the past few years, the majority of data breaches and hacks you read about have something in common.

It's employees. Ransomware hackers absolutely love exploiting vulnerable employee devices and credentials.

But imagine a world where only secure devices can access your cloud apps. Here, credentials are useless to hackers, and you can manage every OS—even Linux—from a single dashboard.

Best of all, you can get employees to fix their own device security issues without creating more work for IT. The good news is you don't have to imagine this world.

You can just start using Kolide. Kolide is a device trust solution for companies with Okta, and it makes sure that if a device is not trusted or secure, it can't log in to your cloud apps.

Visit kolide.com/smashing to watch a demo and see how it works. That's k-o-l-i-d-e.com/smashing.

GRAHAM CLULEY. And welcome back. And you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.

THOM LANGFORD. Pick of the Week. Pick of the Week.

GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like. It doesn't have to be security related necessarily. Better not be.

So I had a Pick of the Week all set up for this week, and I was ready to wow you with it. And then I saw that on the day of recording today, it's World Mental Health Day. And I realized that a couple of days ago, I was speaking to my old friend Ali Hodges, and she's been having a horrible old time.

Ali is currently raising money for mental health charity Mind in memory of her teenage son, Josh, who took his life in rather tragic circumstances last year. And she's also been struggling— well, she's actually been succeeding, to be honest. Since the death of her son, she hasn't drunk, and she did have a big problem with alcohol, and it continues to be a struggle.

Now, many people will know Ali from her time at the Virus Bulletin Conference or when she was working at Sophos and in the world of cybersecurity. And so what she's doing is she's walking with her dog every day in October. I think something like 10,000 steps a day or something like that.

But she's beginning to get her life back together again. She's doing it in memory of her poor son. And I thought, well, what can I do to help other than give a bit of cash?

I could also mention this on the podcast because maybe some kind souls out there would care to support her. And if they do, it would mean a lot to Ali, and it would also mean a lot to me. So if you wanted to hear more about what Ali has been doing, you can go to smashingsecurity.com/ali.

That's A-L-I. And I know that any kind of support you can give to her and to Mind will really help enormously. And that is why it is my pick of the week.

THOM LANGFORD. Nice. And Ali, well done on the not drinking. Yeah. Cracking job.

CAROLE THERIAULT. And what you're doing is good for you and good for the world.

GRAHAM CLULEY. She's doing amazingly. I saw her just a few days ago, and it's basically been almost a year now. That's brilliant. So she's doing absolutely fabulously, really well.

So that was a bit glum, wasn't it?

CAROLE THERIAULT. Sometimes you need something real.

THOM LANGFORD. Good for you. Absolutely.

GRAHAM CLULEY. Thom, what's your pick of the week?

THOM LANGFORD. My pick of the week. Now, you know how much I love my technology and my toys and all that sort of stuff. But I thought I'd go old school this time, and I'm going to pick a book.

And the book is called The Last Action Heroes by Nick de Semlyen. And it's a book about the '80s and '90s Hollywood and the action heroes therein, such as Sylvester Stallone, Arnold Schwarzenegger, Chuck Norris, Dolph Lundgren, Jackie Chan, Steven Seagal, Jean-Claude Van Damme, Bruce Willis. And behind the scenes view of where they came from, how they got into Hollywood, what kept them going, and just as importantly, the bitter, bitter rivalries between them, just between Schwarzenegger and Stallone, for instance.

I didn't know about this.

CAROLE THERIAULT. Okay, so what are the VSs? What are the main ones?

GRAHAM CLULEY. Well, they must be competing for the same acting roles, you know, be up for the same jobs.

THOM LANGFORD. Yeah, exactly. So Schwarzenegger and Stallone, they always taking jabs at each other. In one of them, as you remember, Schwarzenegger initially was a major action star— Conan the Barbarian, all that sort of thing, right?

He made his move into comedy with the film Twins with Danny DeVito. Danny DeVito, an absolute classic.

Stallone— and I'm paraphrasing wildly here— Stallone saw this and thought, right, I really need to do this. He heard that Schwarzenegger was considering taking the lead role in another film very similar to it with another diminutive partner, 4'11" Estelle Getty from The Golden Girls.

And the film was known Stop or My Mom Will Shoot. And Stallone basically immediately said yes to it, got heavily involved in it, blah blah blah.

Turns out Schwarzenegger read the script, thought, this is awful, but if I pretend I'm going for it, Stallone will take it. And it bombed.

It wasn't— well, anybody who's seen it would bomb. But that's exactly the sort of thing that goes on to it.

And it's just all these lovely little stories in there. And did you know, for instance, that Jean-Claude Van Damme played the Predator in the Predator movies?

Until he was fired 2 days into filming, for instance, because he thought he was being sold as the lead of the film. And then he was put in this big rubber suit where he couldn't do the splits.

And so it was kind of like, yeah, didn't work for anybody. All sorts of stuff like this.

Really, really, really good fun. And for anybody of a certain age, let's face it, who remembers these films, will really enjoy it.

CAROLE THERIAULT. Yeah, and Christmas is right around the corner. This is a perfect little gift for that, isn't it?

GRAHAM CLULEY. Oh yeah. Give us the name of the book again, Thom.

THOM LANGFORD. It's The Last Action Heroes. It's a play on the film by Arnold Schwarzenegger called Last Action Hero.

But Last Action Heroes by Nic de Semlyen. S-E-M-L-Y-E-N.

Fantastic. Carole, what's your pick of the week?

CAROLE THERIAULT. So for my pick of the week, I have a podcast that I've been dipping in and out of for years, and I don't think— I didn't check, but I don't think I've ever mentioned it as a pick of the week before. And that is the podcast from NPR called Life Kit.

The podcast strapline is, "Tools to help you keep it together." And they push out shows every few days.

Each episode's about less than half an hour, maybe 15 to 25 minutes. And the topics are diverse from why should you floss to how do you detect whether you're experiencing lifestyle creep or how do you ace a job interview or what do you do if you're wolfing down your meals or what to do to protect your hearing.

So all kinds of cute little nice things, and it just has a nice vibe, you know. Do you have shows like that in your little echo chamber?

GRAHAM CLULEY. No, I don't really. What sort of tips do you think you've heard on the podcast and you've been able to put into practice to improve your life?

CAROLE THERIAULT. Well, there was one recently where it was, when is it okay to lie?

GRAHAM CLULEY. Oh, and is it when someone asks you why you've emailed the Chinese Embassy?

CAROLE THERIAULT. Because they kind of basically say everybody lies. So basically when you get caught out in a lie, this is how you handle it so you don't look like a chump.

THOM LANGFORD. So it has a nice vibe, like she couldn't prove it anymore, you know.

CAROLE THERIAULT. They have experts that answer questions, they describe common issues and how to tackle them. I like it.

So if you have time in your daily schedule for a little insight and how to live a little bit better, I'd say check out Life Kit from NPR. It's my pick of the week.

GRAHAM CLULEY. And that just about wraps up the show for this week. Thom, I'm sure lots of our listeners would love to follow you online and find out what you're up to. What's the best way for folks to do that?

THOM LANGFORD. So I'm on all the socials as @ThomLangford. That's Thom with an H.

And also you can get us at hostunknown.tv, where you can find films, podcasts, and lots and lots of out-of-date posts. So yeah, find us there.

GRAHAM CLULEY. Terrific. And you can follow us on Twitter @SmashInSecurity, no G, Twitter doesn't allow us to have a G.

And you can also look up the Smashing Security subreddit and leave your comments there. And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app such as Apple Podcasts, Spotify, and Overcast.

CAROLE THERIAULT. And massive shout out to our episode sponsors, DEVO, Moonlock by Macpaw, and Kolide. And of course, to our wonderful Patreon community.

It's thanks to them all that this show is free. And as always, for episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 342 episodes, check out smashingsecurity.com.

GRAHAM CLULEY. Until next time, cheerio. Bye-bye.

Bye. Ta-ta.

We've received some correspondence since our last episode. Oh yeah, we did.

We've received an email from someone— well, let me just read some of this to you. Dear Mr. Graham, this is Thom Hanks.

Yes, the real Thom Hanks. I think you know why I'm writing.

And it seems that he's a little bit upset that we criticized his acting in The Polar Express.

CAROLE THERIAULT. You haven't figured out who it is yet?

GRAHAM CLULEY. I haven't, no. I don't know who was responsible for this.

CAROLE THERIAULT. Hand on heart, it was not me.

GRAHAM CLULEY. Was it your husband? Was it the Yeti?

CAROLE THERIAULT. Not that I know of. At all.

GRAHAM CLULEY. Because there are a lot of references in this to movies, and your husband is a big film buff.

CAROLE THERIAULT. He wouldn't use the word gotta.

GRAHAM CLULEY. Ah. Yeah, that's true.

CAROLE THERIAULT. Did you check for English spelling versus American spelling?

THOM LANGFORD. It's that Bitner, isn't it? Yes.

Oh, it could be—

GRAHAM CLULEY. Probably it's Bitner. It could be Bitner.

THOM LANGFORD. He's certainly got a lot of time on his hands. But also, checking for American spelling isn't gonna work, given that Thom Hanks is also American.

CAROLE THERIAULT. Yeah, but if it's English spelling, then, you know—

THOM LANGFORD. Oh, I see what you mean. I see what you're saying, yeah, yeah, yeah.

GRAHAM CLULEY. I'm gonna post a link to it in the show notes so listeners can read it for themselves and do an analysis. We want to know who this is.

It came from . Is that the real Thom Hanks?

CAROLE THERIAULT. Are you unleashing the hounds effectively here?

THOM LANGFORD. Is that what you're doing? We wanna dox this person.

We wanna know where they live. We're gonna swat them.

CAROLE THERIAULT. Jeez, I know you didn't like Thom Hanks, but this is taking it one step too far. Leave the man alone!

Don't like Thom Hanks?

THOM LANGFORD. What's wrong with you, man? Don't start this talk.

Has all your joy been sucked out of your life?

CAROLE THERIAULT. I'm turning us off. Bye, everybody.

Bye, love you, bye.

-- TRANSCRIPT ENDS --