Mamma Mia! A major hacking scandal in Italy has expanded to include alleged involvement from Israel and the Vatican, and just why are companies advertising jobs that don't exist?
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Massive hack-for-hire scandal rocks Italian political elites - Politico.
- Dossieraggi, i contatti con il Mossad e i dati passati al Vaticano. “Aiutiamo la Chiesa contro la Russia o no?” - La Repubblica.
- That position you just applied for might be a 'ghost job' that'll never be filled - The Register.
- Ghost jobs: why do 40% of companies advertise positions that don’t exist? - The Guardian.
- Job boards are still rife with 'ghost jobs'. What's the point? - BBC.
- How To Spot Ghost Jobs And Make Your Job Search More Efficient - Forbes.
- What Are Ghost Jobs and How Can You Avoid Them? - Tech.co
- That job you applied for might not exist. Here's what's behind a boom in "ghost jobs." - CBS News.
- The Coming Storm - BBC Radio 4.
- Things fell apart - BBC Sounds.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
- Flashpoint - Access the industry’s best threat data and intelligence.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
GRAHAM CLULEY. Amongst the many people they're alleged to have spied upon and stolen information from include details of staff at a pasta manufacturer.
CAROLE THERIAULT. Okay, not the recipe, but yeah, the staff, right?
UNKNOWN. Smashing Security, episode 392: Pasta Spies and Private Eyes. And are you applying for a ghost Ransomware and Phishing Job with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 392. My name is Graham Cluley.
CAROLE THERIAULT. And I'm Carole Theriault.
GRAHAM CLULEY. Now, Carole, it's a very special day, the day of recording, isn't it?
CAROLE THERIAULT. Scary day.
GRAHAM CLULEY. Scary day? Oh, because it's November 5th. Bonfire night. Isn't that the reason why everyone is thinking about November 5th this year?
CAROLE THERIAULT. Yes, that's why.
GRAHAM CLULEY. No other reason, right?
CAROLE THERIAULT. Yes, the world's going up in flames. Yes, that's exactly what we're worried about. I don't want to talk about it.
I want to kick off this show. But first, I want to thank our wonderful sponsors: 1Password, Vanta, and Flashpoint.
GRAHAM CLULEY. It's their support that helps us give you this show for free. Now, coming up on today's show, Graham, what do you got?
CAROLE THERIAULT. I'm gonna be talking about a snooping scandal which is taking place in Italy.
GRAHAM CLULEY. Okay, and I'm gonna delve into the world of ghost jobs. God, I should have done this last week when it was Halloween.
All this and much more coming up on this episode of Smashing Security.
CAROLE THERIAULT. Now, chums, chums, let me take you to the beautiful land of Italy. We all love Italy.
Fantastic food, fantastic architecture, fantastic people, fantastic weather. It's one of the best countries in the world.
GRAHAM CLULEY. Beautiful coastline.
CAROLE THERIAULT. Yeah, it's lovely. Looks like a boot. What else can we say about Italy?
GRAHAM CLULEY. You don't really appreciate that when you go and see it though.
CAROLE THERIAULT. No, you can't really tell. It's not that easy to tell from it. You have to zoom out.
GRAHAM CLULEY. Gotta jump up really high.
CAROLE THERIAULT. Well, bad news, I'm afraid, because hackers are alleged to have been stealing confidential data related to some of the country's most prominent figures, including politicians. They're even said to have accessed the contents of the email account of Italian President Sergio Mattarella.
GRAHAM CLULEY. Okay, nightmare.
CAROLE THERIAULT. So, police have arrested 4 people as part of a major probe into this snooping and hacking scandal. People they've arrested include a former supercop, Carmine Gallo.
GRAHAM CLULEY. What's a supercop?
CAROLE THERIAULT. A supercop is a very important policeman. In this case, Signor Gallo is remembered for his courageous investigations into mafia gangs, his success in rescuing kidnap victims. So he was a top cop.
GRAHAM CLULEY. Top cop. That's how the English would put it.
CAROLE THERIAULT. Yeah, and he's now been arrested, as has another chap.
GRAHAM CLULEY. Wow.
CAROLE THERIAULT. Called Nunzio Samuele Calamucci. The wonderful names they have in Italy.
And he's been previously linked to the Anonymous movement. He's claimed to have hacked the Pentagon in the past.
GRAHAM CLULEY. Anyway, the leaders of this hacking gang, they are suspected of compiling dossiers, compiling dossiers to order, no less.
CAROLE THERIAULT. All right, like a paper play.
GRAHAM CLULEY. Yeah, people come along and say, "Could you gather us some information?" "Oh yeah, we can do that for you."
So they've been illegally harvesting data from highly sensitive national security databases at the requests of their clients.
CAROLE THERIAULT. Yeah, they're not trying to find out what kind of cigar he prefers, you know, for a Christmas present.
GRAHAM CLULEY. It's not that kind of hacking. Yeah, that would be rather extreme, wouldn't it, to actually commit a crime to find out what to buy someone for Christmas rather than just asking them, or maybe could intercept Santa's email to see what people have put on their Christmas list, perhaps. So, there is a private investigations company called Equalize.
And that is run by the former supercop, Carmine Gallo. That company is said to be at the heart of the scandal. It's said to have illegally accessed the government's national security databases. This private investigation company accessed those databases from 2019 until earlier this year.
CAROLE THERIAULT. Are you kidding me?
GRAHAM CLULEY. 5 years?
CAROLE THERIAULT. Sitting there in the quiet, just hoovering up everything that goes by.
GRAHAM CLULEY. In police wiretaps, Nunzio Calamucci is alleged to have boasted of having hacked the information of 800,000 people while working, it seems, for this PI company.
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. And it's been described as one of the largest and most alarming breaches of government data in recent history. So you may be thinking, Well, how did they manage to gain access to those highly sensitive security databases?
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. You are wondering that, aren't you?
CAROLE THERIAULT. Yes, yes, I'm playing ball. That's exactly what I'm wondering.
GRAHAM CLULEY. Okay, okay, I'm going to tell you, otherwise it would be rather a dull podcast. According to Politico, who broke the story on this, during the day, Calamucci's team of programmers, they were creating and maintaining the databases.
For the Interior Ministry under the guise of Equalize. They said, yo, yo, we can sort that out for you. But when night fell, they were allegedly downloading troves of private information on thousands of Italians, including the president, including the ex-prime minister Matteo Renzi as well.
CAROLE THERIAULT. And what, wipe the logs as well so no one could see any of this happening?
GRAHAM CLULEY. According to Calamucci, he was recorded on these wiretaps, and the database had been designed by his staff. He said by the boys from Colchester. These are my lads who've set this all up. They've got it on physical servers in Turin, and we have a RAT. Meaning a Remote Access Trojan.
CAROLE THERIAULT. Yeah. So, it's a huge conspiracy. Yeah, okay. Yep.
GRAHAM CLULEY. Amongst the many people they're alleged to have spied upon and stolen information from include details of staff at a pasta manufacturer.
CAROLE THERIAULT. Okay, not the recipe, but yeah, the staff, right.
GRAHAM CLULEY. They haven't stolen the recipe. An Italian energy company, ERG.
CAROLE THERIAULT. Oh, jeez.
GRAHAM CLULEY. Journalists at 3 of Italy's leading newspapers, and a pop singer.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. And this data was then sold to clients. So people who said, "Have you got some data?" Or used to blackmail, it is alleged, entrepreneurs and politicians since at least 2019. And they're supposed to have made millions and millions in euros.
CAROLE THERIAULT. Of hush money. Basically, "I know that you did blah blah because I have the email. Give me 50 grand," kind of thing.
GRAHAM CLULEY. Yeah, or whether they got paid by the people who wanted the data as well.
CAROLE THERIAULT. Mm.
GRAHAM CLULEY. In one conversation which was alleged to have been recorded, this supercop, or former supercop, he said that he had videos showing Silvio Berlusconi. Do you remember the Bunga Bunga parties?
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. Ruby the Heartstealer was the dancer he had a particular eye for. Who he met when she was just 17.
CAROLE THERIAULT. Mm.
GRAHAM CLULEY. Carmine Gallo, the former supercop, is recorded claiming to have had videos of Berlusconi up to no good with her.
CAROLE THERIAULT. So he had him on a short leash.
GRAHAM CLULEY. Geez. One of those people who's been arrested is a chap called Massimiliano Campanovo. Easy for me to say.
Now, he's either a private investigator or a hacker. Depends on which newspaper reports you read. Maybe it's the same thing these days.
CAROLE THERIAULT. Mm.
GRAHAM CLULEY. And he told the judge who's handling this case that he fears for his safety and that of his family because he says, "I received a lot of data and compiled reports on behalf of Equalize, and I may have enemies in high places or maybe low places." Who knows?
But anyway, he's worried as a consequence.
CAROLE THERIAULT. Geez, yeah, yeah, yeah. You would be though, right? Because you're messing with—
GRAHAM CLULEY. Of course.
CAROLE THERIAULT. Yeah, yeah.
GRAHAM CLULEY. You're messing with a lot of powerful people. Yeah, and now you're going, "Oh, actually, maybe I shouldn't have done that."
And not just the people you've taken the data from, but the people who asked for the data, right? Who are the people who are paying this private investigations company to dig up dirt on people?
CAROLE THERIAULT. No, but it's bigger than that, right? The 800,000 people.
GRAHAM CLULEY. So if they're getting troves of emails, other records, yeah, financial records, all kinds of information which could be embarrassing. So far there have been 60 people linked to this breach, so there may well be more arrests, not just in Italy.
As I mentioned, there were programmers allegedly working for this gang in Colchester, of all places, as well. So if the prosecutors are right, we have a private investigations company stealing highly sensitive information from government databases about politicians, entrepreneurs, Olympic athletes, pop stars, to order.
CAROLE THERIAULT. And energy companies.
GRAHAM CLULEY. And energy companies. Pasta manufacturers. Let's not forget them.
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. Who are they doing it for, Carole? Who do you think?
CAROLE THERIAULT. No idea.
GRAHAM CLULEY. Do you have any suspicions?
CAROLE THERIAULT. No, I'm sorry. Okay, the aliens. They're doing it for aliens.
GRAHAM CLULEY. Well, no. Strangely, no suggestion of that so far.
CAROLE THERIAULT. Okay, okay. Phew.
GRAHAM CLULEY. But wiretaps, which have been leaked to the Italian media. Clearly everyone's leaking everything out in Italy.
So, the Italian press are getting lots of leaks from the police of wiretaps and things. Suggests that Equalize's clients included Mossad, the Israeli intelligence agency.
And you may not be that surprised. I mean, I'm frankly not that surprised about that, them being clients, but—
CAROLE THERIAULT. No, me neither.
GRAHAM CLULEY. There was another client who's been mentioned. The Vatican.
CAROLE THERIAULT. What?
GRAHAM CLULEY. The Vatican.
CAROLE THERIAULT. Well, you know, okay.
GRAHAM CLULEY. Wow.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. So, hmm, interesting.
CAROLE THERIAULT. Did they comment?
GRAHAM CLULEY. Well, Politico did request a comment from the Vatican.
CAROLE THERIAULT. Good for them.
GRAHAM CLULEY. Apparently they made a written request. I don't know if that means they put it in a letter or something.
I don't know if the Vatican's answering emails these days.
CAROLE THERIAULT. I think they're getting email if they're asking for troves of data. They're not going to be putting it in stone.
GRAHAM CLULEY. The Vatican hasn't responded.
CAROLE THERIAULT. Okay, yep, yep.
GRAHAM CLULEY. But, you know, this is a story which is just breaking now. There's more investigation to be done. It looks huge, and it's interesting to me because this is something which is largely quite localized, and you could sort of ignore it in a way, but I wonder what other countries something similar may be occurring in, and which government agencies may have farmed out the administration of some of their databases to people who might, allegedly, be accessing that data out of hours and maybe monetizing it in other fashions.
CAROLE THERIAULT. Okay, this is outrageous, I'm gonna say this. The Vatican requesting this information somehow feels to me—
GRAHAM CLULEY. Is it against one of the Ten Commandments, are you thinking? Is that what you're thinking?
CAROLE THERIAULT. No, it just feels somehow less dangerous.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. To me in this day and age than, say, a political enemy getting that information.
GRAHAM CLULEY. You're a lovely person, Carole, and possibly very, very innocent, but I think any powerful organization has the ability to do terrible things sometimes. I mean, you have to wonder what they were going to do with it. And maybe they won't go and collar you in a dark alley, but—
CAROLE THERIAULT. No, no, I suspect they were probably going, "Do you really want us to do that? Let me just review the tapes. Let me show you this." A little kind of gentle coercion.
GRAHAM CLULEY. "So you want to be Pope, do you? You want to be an archbishop? Interesting. We've got this little bit of information on you." So Italian politicians are understandably up in arms, which is the Italian gesture, if you think about it. They always have their arms up.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. It's a mega hack for hire. And those who've been arrested so far, they're refusing to answer questions from the judge in charge of the case. It'll be interesting to see how this develops, because as the charges become more serious, I think the pressure will be on them to maybe reveal a little bit about what has been really going on and who for.
CAROLE THERIAULT. Wow.
GRAHAM CLULEY. Carole, what's your topic for us this week?
CAROLE THERIAULT. This week I'm going to talk about ghost job postings. Have you heard of this?
GRAHAM CLULEY. Is this where you advertise jobs at your company which don't really exist?
CAROLE THERIAULT. Yes, you're very close.
GRAHAM CLULEY. Okay. Why would you do that?
CAROLE THERIAULT. I had no real idea because, you know, I guess I haven't been cruising for a full-time job for a while and I don't spend my time on LinkedIn. But there does seem to me to be a serious lack of good vibes. And I want your opinion. Okay, so for those who don't know, as Graham suggested, a ghost job is a job listing that an organization publishes, except the job either does not exist or has already been filled.
So think we have an imaginary friend called Clive who's found the perfect job and spends all his time polishing his CV and detailing his experiences and writing a cover letter to increase his chances of getting a look.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. All the while, he's just spinning his little wheels because there's effectively no job to be had.
GRAHAM CLULEY. It's a waste of time for him, isn't it?
CAROLE THERIAULT. Yeah, it's a complete waste of time.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. And, you know, if that was happening to me, I would feel frustration, right? I would feel a little annoyed.
GRAHAM CLULEY. There are companies who advertise jobs because, oh, we have to advertise the job, but they've actually got someone internally in the company already. So they— I don't know if there's a legal requirement to advertise it, but they actually know who they want to shoehorn in there already. And that's annoying when that happens. But this is something different from that, is it?
CAROLE THERIAULT. It seems to be. And I was thinking this is gonna be niche, right? This is gonna be pretty niche. It's not so niche, Graham.
GRAHAM CLULEY. No.
CAROLE THERIAULT. My Perfect Resume, so they published research recently saying 81% of recruiters, 81, admitted to posting ghost jobs.
GRAHAM CLULEY. 81. Why? To show that they're really, really popular recruitment agencies.
CAROLE THERIAULT. I'm going to get to that. You start thinking in your head reasons why.
GRAHAM CLULEY. Okay. All right.
CAROLE THERIAULT. Resume Builder. Okay. They say 40% of companies admitted to posting fake jobs in 2024. So almost half.
GRAHAM CLULEY. Okay. I've got another theory now as to why they might do this.
CAROLE THERIAULT. Good, good. Jot them down. Okay. They also found that 30% of companies were currently, currently advertising for roles that were not even real.
GRAHAM CLULEY. Right. Okay.
CAROLE THERIAULT. Why would a company do this? Over to you, Graham. Take a stab.
GRAHAM CLULEY. Is it the recruitment agency that's doing it or the company that is actually—
CAROLE THERIAULT. Both. Often HR or senior staff like the CEO and the C-level and the VPs will be behind it if it's straight up with the company or recruitment agencies. Okay.
GRAHAM CLULEY. A few theories.
CAROLE THERIAULT. Right? Okay.
GRAHAM CLULEY. Number one.
CAROLE THERIAULT. I'm all ears.
GRAHAM CLULEY. Number one, you've got a horrendous chief executive officer, right? He's a complete maniac like most CEOs are. And you've got to convince him that you're busy, right? You don't want to get fired. You don't want him walking into HR and saying, what are you guys doing? You're just sitting around picking your toenails. So what you do is you start advertising for loads of jobs and you keep on trying to convince the CEO that the company's doing really well and we're hiring, hiring, hiring, hiring, hiring. 'Can't find the right people. Oh my God.' Yeah. You know, but we're active. At least we're doing something, boss. So there's that theory.
CAROLE THERIAULT. Okay, that's a good theory.
GRAHAM CLULEY. Good theory. I suspect that's not it.
CAROLE THERIAULT. It's not on my list. No, there's lots of them on my list. That one is not on my list. Okay.
GRAHAM CLULEY. Another theory. You are an agency which wants to say, 'We're the people with all the jobs,' and therefore you're creating fake jobs.
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. So it's that you're trying to get more people to sign up for your books and give you their credentials. So that they can spam you in future with real job adverts, but they're making up attractive phony jobs in the meantime.
CAROLE THERIAULT. Okay, that's pretty close. That's pretty close. So, okay, here's a few to add to that.
GRAHAM CLULEY. I've got some more theories.
CAROLE THERIAULT. Yeah, okay. Let me give a few, and then we'll come back to you.
GRAHAM CLULEY. Okay. Okay. Okay.
CAROLE THERIAULT. So, one of them is to build a pool of applicants in case of turnover, right?
GRAHAM CLULEY. Oh, right. Okay. So someone takes the job, then quits after a week and a half.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. I can't believe they don't let me eat donuts in the office. I'm going to leave here and you storm out.
CAROLE THERIAULT. Also collect CVs, do a bit of data mining.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. To gauge the market to see if specific skill sets are available or not. So you might be going, how many Linux programmers do we have available? And also understand salary expectations, hey, do you want this job for 60 grand a year? And then maybe you put it back out again, $70 grand, $72, to create an impression of growth.
This is basically what you're getting to, to perhaps attract investors or maintain a positive public image or to look very active even if you're suffering from a hiring freeze.
GRAHAM CLULEY. It seems daft though, doesn't it?
CAROLE THERIAULT. Yes, but there's two more that kind of shocked me.
GRAHAM CLULEY. Okay, go ahead.
CAROLE THERIAULT. So on a level 1 to 10, we want to know how shocked you are. You may not be shocked at all. You're cooler fish than me.
To convince an employee that additional resources are on the way without ever having the intention to fill the role. Do you want to know how many surveyed said they did this?
GRAHAM CLULEY. No way.
CAROLE THERIAULT. 6 out of 10. 60%. I think it was 61%. So over 60% do this for that reason.
GRAHAM CLULEY. Yeah, maybe you used to have a colleague, they fired the colleague and they said, oh, could you just cover for your colleague as well? We are hiring, we are hiring. You just keep on doing the job.
Yeah, of course you're now doing the work of two people, but don't worry, we are hiring.
CAROLE THERIAULT. We'll review you in a year and review your salary package. Keep doing the work.
GRAHAM CLULEY. Oh, we can't find the right person, but we are definitely hiring.
CAROLE THERIAULT. Okay, it gets worse. You ready?
GRAHAM CLULEY. Right.
CAROLE THERIAULT. 6 out of 10, so 60% plus survey also said this was to make employees feel replaceable. Double wow. Make your employees nervous. That's the secret to high employment retention.
GRAHAM CLULEY. Who knew? Don't get eyes above your station. Don't start asking for a raise because we're recruiting.
CAROLE THERIAULT. Yeah, we're recruiting right now. It's boss, why is my exact job on the job board? Just wondering.
So Resume Builder apparently said that posting ghost jobs had a positive impact on revenue, productivity, and surprisingly, they say employee morale. And I'm oh, really? When an overworked employee realizes there's no relief on the way, are they going to be oh, God, I love this guy. I love this company. I love everything about how they're treating me.
GRAHAM CLULEY. And when they read one of these surveys, because it sounds like all these companies are doing surveys about this, and they say, oh, hang on a minute, 60% of companies are doing this, they're not going to be feeling so great then, are they?
CAROLE THERIAULT. No, think about the candidates, right? So all these fake jobs, it's being on Ashley Madison and looking for the love of your life. They're spending serious time applying for positions that do not exist and are not going to be filled.
Can I just say 80% of companies surveyed admitted to doing this? And it's gross. But as gross as I might find it, it doesn't seem to be illegal.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. Okay, I get that it's complicated, especially in the States, for example, you've got state laws. But it is weird because the FTC Act prohibits unfair or deceptive acts or practices in commerce. So how can knowingly posting a ghost job not fall under this purview?
GRAHAM CLULEY. I suppose you could argue they are advertising a vacancy, aren't they?
CAROLE THERIAULT. But there's no vacancy.
GRAHAM CLULEY. No, I know, but it is an advert. It's an advert for something which you can't— mind you, I don't— yeah, how would you make it illegal?
CAROLE THERIAULT. In the UK, you know, the best place I could find would be maybe the Employment Agencies Act, which requires employment agencies to be transparent about their services and ban unfair practices. So, you know, to my mind, a big font in red saying fake job, do not apply might be helpful.
And I anecdotally, I heard this is a huge deal on LinkedIn. And then I was wondering, does LinkedIn care about this?
Right? Because is it in their, you know, do they have any way of reporting if something looks suspicious? And apparently they do.
Oh, but basically right now it's kind of the Wild West with one side holding all the cards and the lowly candidate being, you know, screwed around. What can you do about ghost jobs?
And there's not much you can. The advice I saw was look for vague descriptions.
So listings that lack specific details about responsibilities and qualifications may be ghost jobs. Maybe.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. Long posting durations. And I've heard this from other people as well.
So positions that have been posted for more than 30 days without updates are often considered ghost jobs.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. And repeated listings. So if a job appears frequently or has been reposted multiple times, it could be a sign that it's not actively being filled.
GRAHAM CLULEY. Doesn't this cost companies to repost these ads? I mean, do they care so much about their employees' morale that they are putting up these—
CAROLE THERIAULT. Well, they don't care about their employees' morale because they're, in some cases, they're trying to find replacements, fakely, just to make them feel nervous.
GRAHAM CLULEY. Oh.
CAROLE THERIAULT. Anyway, I don't think it's a very cool way to operate companies.
GRAHAM CLULEY. Oh, you don't? You don't think this is cool, Carole?
CAROLE THERIAULT. On the cool scale of 0 to 10, it's way closer to 0.
GRAHAM CLULEY. This episode of Smashing Security is brought to you by Flashpoint. 2024 has been a year like no other for security. Cyber threats, physical security concerns have continued to increase.
Now geopolitical instability is adding a new layer of risk and uncertainty. Last year there was a staggering 84% rise in ransomware attacks and a 34% jump in data breaches.
The result? Well, millions and millions of dollars in financial losses and threats to safety worldwide.
That's where Flashpoint comes in. Flashpoint empowers organizations to make mission-critical decisions that will keep their people and assets safe.
How does it do that? By combining cutting-edge technology with the expertise of world-class analyst teams, and with Ignite, Flashpoint's award-winning threat intelligence platform, you get access to critical data, finished intelligence, alerts, and analytics all in one place.
It's no wonder Flashpoint is trusted by mission-critical businesses and governments worldwide. To access the industry's best threat data and intelligence, visit flashpoint.io today.
That's flashpoint.io. Whether you're starting or scaling your company's security program, demonstrating top-notch security practices and establishing trust is more important than ever.
Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money while helping you build customer trust. Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center, all powered by Vanta AI.
Over 7,000 global companies like Atlassian, Flow Health, and Quora use Vanta to manage risk and prove security in real time. Get $1,000 off Vanta when you go to vanta.com/smashing.
That's vanta.com/smashing for $1,000 off. Quick question: do your end users always, and I mean always without exception, work on company-owned devices and IT-approved apps?
I didn't... I don't think so. So my next question is, how do you keep your company's data safe when it's sitting on all of those unmanaged apps and devices?
Well, 1Password has an answer to this question, and it's called Extended Access Management. 1Password Extended Access Management helps you secure every sign-in for every app on every device because it solves the problems traditional IAM and MDM can't touch.
Go and check it out for yourself at 1password.com/smashing. That's 1password.com/smashing.
And thanks to the folks at 1Password for supporting the show. And welcome back.
You join us for our favourite part of the show, the part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, movie, a record, a podcast, a website, or an app.
Whatever they wish. It doesn't have to be security related necessarily.
CAROLE THERIAULT. Better not be.
GRAHAM CLULEY. Well, my Pick of the Week this week is not cybersecurity related.
CAROLE THERIAULT. Good.
GRAHAM CLULEY. So on the day of recording, America is going to the polls, Carole. It's not just Guy Fawkes Day.
CAROLE THERIAULT. Yes, I'm very aware.
GRAHAM CLULEY. Of course, folks will be listening to this in the future, won't they? They'll be listening to this after the polls have been decided and America is calm once again.
But if you want to remember the chaotic old days of 2020, 2021, and so forth, I've got a podcast which may be relevant. It is a podcast on BBC Sounds by BBC journalist Gabriel Gatehouse called The Coming Storm.
And I really like it.
CAROLE THERIAULT. Mm, yes.
GRAHAM CLULEY. Have you heard some of this?
CAROLE THERIAULT. Yeah, I've heard some of it. It's very good.
GRAHAM CLULEY. It's very good. So, it looks into the background of the January 6th insurrection in Washington. But it's not just a retread of QAnon conspiracy theories and unpleasant discussion forums on the internet.
He takes a bit of a broader view, looking into the past, goes back to the witchcraft trials of 500 years ago and yoga teachers and all the way to The Matrix and tech bros and insurrectionists running for Congress who want to abolish federal government. There's all these strands.
CAROLE THERIAULT. Yes, Gabriel Gatehouse. I listened to the first series of this. It's excellent. I don't know why I didn't make it my pick of the week. Damn you.
GRAHAM CLULEY. The second series is now out. I haven't heard the first series.
CAROLE THERIAULT. Oh, it's great.
GRAHAM CLULEY. I've been listening to series 2. He's got a great voice.
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. And it's very, very well produced. Like a lot of BBC Sounds podcasts are, to be honest.
So it's fascinating. It's serious. It's sometimes talking about the barmiest things imaginable. But I think it might be a good thing if more people listen to it.
It's not just a podcast, it's also a book, which I haven't read. I'd love to get my hands on it, but judging by the podcast, it'll be a great read.
Anyway, my recommendation is a podcast called The Coming Storm. Carole enjoyed it, I've enjoyed it. Go and listen to it. And that is my pick of the week. Carole, what's your pick of the week?
CAROLE THERIAULT. Graham, I don't know if this has ever happened before. I don't have the same pick of the week as you, but it's very similar.
GRAHAM CLULEY. Oh.
CAROLE THERIAULT. So I have a BBC podcast.
GRAHAM CLULEY. Oh, for goodness' sake. Are they sponsoring the show?
CAROLE THERIAULT. I wish. Hosted by Jon Ronson.
GRAHAM CLULEY. Oh, yes.
CAROLE THERIAULT. So he's—
GRAHAM CLULEY. Interesting.
CAROLE THERIAULT. Yeah, he's been a journalist and author for decades and has a penchant for dealing with culture wars in the digital age.
GRAHAM CLULEY. This is very similar, Crow. This is very similar.
CAROLE THERIAULT. I know. So if someone likes yours, they're going to like mine and vice versa.
And so my podcast is in the second season. It's standalone shows. You can dip in and out. And each episode deals with a hot topic or issue where well-meaning people become extremists in one way or another.
GRAHAM CLULEY. Oh, for goodness' sake.
CAROLE THERIAULT. So from Christian fundamentalism pro life, anti vaxxers, BLM protests, he touches all of them and he seems to be obsessed why people do the things they do and what led them to that decision. So a lot of the stories will have headlines that you might have read and he will fill in a backstory.
GRAHAM CLULEY. It's almost like we don't talk about what we're going to talk about in the show, Kroll, before we record the show.
CAROLE THERIAULT. Yeah, I know. It's very similar to yours, Graham. What can I say? And then, okay, this is also weird, Graham. I have this written in my notes. Jon Ronson, he has a weird voice.
GRAHAM CLULEY. That seems a little unfair. He has a distinctive voice.
CAROLE THERIAULT. Okay, fair enough. He has an unusual voice that I like, but I can imagine some people might not like, so—
GRAHAM CLULEY. There's other people who have distinctive voices, Carole, that people may not like.
CAROLE THERIAULT. Yes, there are, Graham.
GRAHAM CLULEY. Yes, there are, Carole.
CAROLE THERIAULT. So, stories are well-researched, told in a weirdly compelling voice, Graham. And if that sounds like your thing, you can check it out wherever you get your podcasts.
This is BBC's Things Fell Apart. And that is my pick of the week. How weird is that?
GRAHAM CLULEY. That is weird.
CAROLE THERIAULT. Mm.
GRAHAM CLULEY. Well, that just about wraps up the show for this week. You can follow us on Twitter @SmashingSecurity, no G, Twitter won't allow us to have a G.
And don't forget to ensure you never miss another episode, follow Smashing Security in your favorite podcast app. Such as Apple Podcasts, Spotify, and Pocket Casts.
CAROLE THERIAULT. And huge, huge thank you to our episode sponsors, Vanta, 1Password, and Flashpoint. And to our wonderful Patreon community, it's thanks to you all that this show is free.
For episode show notes, sponsorship info, guest list, and the entire back catalog of more than 391 episodes, check out smashingsecurity.com.
GRAHAM CLULEY. Until next time, cheerio, bye-bye.
CAROLE THERIAULT. Bye!
GRAHAM CLULEY. You can't call John Ronson's voice weird. He's never going to come on the podcast now, is he?
If he hears that, he's going to be all upset.
CAROLE THERIAULT. Weird does not have to be bad. You're weird.
GRAHAM CLULEY. What do you mean I'm weird?
CAROLE THERIAULT. You don't think you're weird? I'm weird.
GRAHAM CLULEY. Yes. I think that's what you should have said rather than I'm weird.
CAROLE THERIAULT. Yes. Okay.
You're the most normal person I've ever met, ever.
GRAHAM CLULEY. I appreciate that. Thank you very much.
CAROLE THERIAULT. You're very welcome.
GRAHAM CLULEY. We've got it all on tape.
CAROLE THERIAULT. Yes, we do. Goodbye.
-- TRANSCRIPT ENDS --