Believing they would be paid a fortune for having sex with women, hundreds of Indian men scammed out of cash

The thing which really convinced me that it couldn't be for real was when the Prime Minister Rishi Sunak says that his government has generously decided to make this all tax-free.

Yes, that's the part I bought that as well. Right now I know it's not true. Exactly. Smashing Security, episode 355: Phishy Rishi, 23andMe, and the labor of love with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 355. My name's Graham Cluley.

And I'm Carole Theriault.

And Carole, it's time to roll out some of the old guests once again. We've dusted him off.

I thought it was going to be red carpet. I'm like, is he worth it?

We've brought him out on his bath chair.

Scrape the barrel.

Thom Langford. Hello, Thom.

Hello. Hello, everybody.

Welcome back, Thom.

Why, thank you. It's been so long. I thought you'd forgotten about me.

We tried.

We tried.

First, let's thank this week's wonderful sponsors, Collide and Vanta. It's their support that helps us give you this show for free. Now, coming up in today's show, Graham, what do you got?

I'm going to be talking about something fishy about Rishi.

Why wouldn't you say something fishy about Sunak Rishi?

Because his name isn't Sunak Rishi. His name is Rishi Sunak.

Yeah, but okay. What about you, Thom?

Well, firstly, if I'd known we were rhyming, I would have put some more thought into this. Let's just say I'm going to be talking about victim blaming.

And I'm going to share how you can become a better man by screwing for coin. All this and much more coming up on this episode of Smashing Security.

Now, chums, chums, we've had Christmas, we've had New Year. I wonder, over Christmas, did you see that little video skit put out by the British Prime Minister, Mr. Rishi Sunak? Did you see him being home alone at Downing Street? Oh, how we laughed. It was a sort of 'what Rishi Sunak gets up to over Christmas' video, which they put out on the social media. Did you see that?

No. What was in it?

Tell us.

Oh, it was— did you see it, Thom?

I didn't. I try and avoid that awful man at all cost.

Well, it tried to be humorous. It was all about him saying, "Oh, am I the only one here?" in an empty office.

Am I the only one here?

He was seen bowling against stacked cans of Coca-Cola or pouring syrup on spaghetti while watching the movie Elf. And Larry the Cat, he made an appearance as well.

Is he a bit like Schwarzenegger? Does he have a penchant for acting? Is he any— is he good at it?

I think many of them are used to pretending to be something they're not.

He's just desperate. Well, he's not.

He's loaded, isn't he?

Oh, he is loaded.

Oh, he's loaded. He's just desperate to carry on being Prime Minister. He'll do anything.

He's the richest Prime Minister we've ever had. He's got about, I think it's £800 or £900 million in the bank, he and his wife.

Come on, Churchill must have been richer than him.

No, no, no. He's taken it to a whole new level, Rishi Sunak. And anyway, if you saw this video, how we laughed and laughed as we wondered how much money had been spent filming it for his own personal ego, pushing it out on social media. He thought, oh, that's good, that's great that they're doing that. It's not as though we're having some sort of constantly—

Do you not think it's nice that a prime minister or president sends out a, hey, happy Christmas to everybody? Or happy holidays.

No, I don't mind if they want to produce a Christmas card. I don't think you need a full video production. Do you remember when Boris Johnson riffed off Love Actually? Remember that horrendous scene in Love Actually when the guy turns up on Keira Knightley's doorstep claiming to be carole singers? Boris Johnson did something like that, and you just thought, for fuck's sake.

It's just embarrassing, frankly.

I think you guys are jealous. I think you're jealous.

Well, one, I think if it's done well, if it's done properly and if it's done in the right spirit, you know, I can cope with it. I used to work for a very large company where the CEO used to do a funny Christmas message every year and it was very well produced and very high quality production, very well written. But these are just cheap gags. It's cynical and I dislike it and I dislike him and I dislike them. Absolutely.

Well, it's a lot of opinion we're getting on the show this year.

Feels I'm on the Grumpy Old Men show. Okay.

Well, you woke me up from my afternoon nap. Not just my afternoon nap, from my, what do you call it? What bears do when they go to sleep?

Hibernation.

Hibernation. There you go. Yeah.

You can't even remember.

It's the menopause. It's not far off, actually. Not far off.

Well, maybe Rishi Sunak needs to hire a new social media team because what we do know is that not only was the quality questionable of the humour, but also

Well, colour me surprised.

other people are having much more success sharing videos of him on social media without forcing him to spend any time away from his job or using up taxpayers' money to make the darn thing. Because there have been over 100 deepfake video ads impersonating PM Rishi Sunak on Facebook and Instagram in the last month, and they've been seen by over 400,000 people despite explicitly breaking some of Meta's ad policies. So more people are seeing the scam ones than the real one. Now, I managed to—

Was he able to share the video, you know, on official channels?

Who, the scammers?

No, no, no. Rishi Sunak, when he did his Christmas video. Right, right. So he really punked it out and no one looked at it, but 400,000 people looked at the fakes.

Well, no, his little skit probably got about 250,000 views.

Good God.

On Facebook. But 400,000 people, over 400,000 people have seen these deepfake versions instead.

Well, I think it just tells me that his SEO team and his social media team is not doing a very good job, generally speaking. But it also raises up Meta's incompetence about combating deepfake, you know, and—

Yeah, you'd think there's one person that you would try not to piss off, it might be the president or prime minister of a country, right?

So, I want to talk about one of these deepfake videos. So, in one of these, a BBC presenter, I think it's Sarah Campbell, she appears to announce some breaking news. And she says that people up and down the country are outraged to discover that for several months, Rishi Sunak has secretly been earning colossal sums of money from an app that was initially intended for ordinary citizens of the United Kingdom.

People are outraged to learn that for several consecutive months, Rishi Sunak has secretly been earning colossal sums from a project that was initially intended for ordinary citizens.

Ordinary. I love it. Ordinary. And in fact, we all know he's earning lots of money anyway through his missus and all of his other interests.

So, well, the claim is that Elon Musk— oh, we love Elon Musk. Elon Musk.

Oh God, don't get me started.

He has launched an app for the British people, which autonomously, using AI, conducts stock market transactions. So it will invest money for you, it will get money out, so you can make a lot of money. And so—

Just give us your money and we'll make you lots of money.

And so the argument is that what's been claimed is that Rishi Sunak has been using this for months. He hasn't given it to the British people despite lovely Elon writing this thing. And so the news report crosses to Rishi Sunak, who's making an apology, a deepfaked apology. "I want to assure you that we simply decided to test how this application works on ourselves in order to avoid risking the money of ordinary citizens. Now, I personally can vouch for the reliability of this investment platform and express gratitude to Elon Musk for choosing our country as the first one where this application will operate. Yes, indeed, I and my surroundings have been earning through this application on our mobile phones for several months, but I assure you, that was the plan all along. We needed to thoroughly test everything because we had no moral right to conduct testing on our citizens. What if things didn't work out, and people lost their money? Then the blame would fall on me and my team, and I really didn't want that. As for the application itself, I am pleased to announce that starting this month, access to it is literally open to all citizens of Britain."

You see, you told us they were deepfakes before, but watching that video, you can kind of see some fuzzy action going on around the mouth. Right?

Can you? Yeah.

Little bit. And he slurs one of his words as well.

Yes.

Although that could just be the Christmas tipple.

I certainly think this is a lot better than that. Do you remember that Volodymyr Zelenskyy deepfake which came out?

Oh, yeah. Oh, it is. It's very good quality. It is. It's certainly up there. But the content gives it away, not so much the visual and the audio quality.

But she's also deepfaked, right?

Yes, the BBC presenter is deepfaked as well. The thing which really convinced me that it couldn't be for real was when the Prime Minister, Rishi Sunak, says that his government has generously decided to make this all tax-free.

Yes, that's the part I thought that as well. Right now I know it's not true. Exactly.

It has to be a con. There's no way they're not going to try and claw back some money from this. Yeah. So, but it does, you know, the format is a bit like a breaking news bulletin. It appears like it's an apology from Rishi Sunak. And you can well believe, you can well believe he's been caught out again, or Conservative Party have been caught with their pants down.

I mean, they are Tories.

Screwing money out of somebody.

Yeah.

You know, so in the past, we've seen deepfake ads spread via social networks claiming to be other BBC newsreaders, Sophie Raworth and Ros Atkins. And they focused on an app which promised a fix to inflation. Now, all of these are pointing to a scam investment platform called Quantum AI. And this is one of these websites you go to it and it claims to be a BBC News report, but actually it's a promotion for this thing, Quantum AI. This is a platform which pressures you to invest money, to deposit money, says you're going to generate lots of money and it tells you, "Oh yes, you're doing really well. You make more and more money." But of course, when you come to try and withdraw it, you find "Oh, that facility is currently disabled or not working at the moment. Come back later." But this is just going to get worse and worse as this deepfake technology gets better. It's already cheap and easy to use, this voice and face cloning technology.

Mm-hmm. It's scary.

Well, the money-saving expert Martin Lewis, he's been sort of pushing back against this because he's a trusted voice in this space. You know, a lot of people who go through, who are going through financial hardship or are struggling, you know, struggling to pay bills or whatever, they listen to him. And he's a staunch advocate for consumer rights and all that sort of thing. So when they copy him, when they deepfake him, it can sound like he's actually helping you out because he comes up with some amazing, you know, workarounds and loopholes and stuff like that to save you a few quid.

He's trustworthy. It's very strange that they should use politicians to try to—

I know. But it's also crazy, right? Because you're using a prime minister, you're using people like Elon Musk, and these are powerful dudes, right? They're way more powerful than the likes of you and me. And if they can't get them off the socials, who can?

And what's Meta? What's Zuckerberg doing about this?

It's Zuckerberg, it's Meta who should be dealing with this. Yeah, they should be. It should never have stayed up for more than a couple of hours, you know, because all it should take is one person to report it. A human looks at it and goes, well, unless they decided to invest £200, of course, but, you know, just looks at it and go, this is obviously fake. This is obviously wrong. But they're not doing it. They're just not. They're too busy taking the scammers' money.

And it's even easier on Twitter for these paid deepfake videos to be successful because, of course, Twitter's so strapped for cash, it will take advertising dollar from anybody at the moment, which is why

Exactly.

all our timelines are filled up with scams or Nazis or whatever other ghastliness it is at the moment. Hey, Nazi money's as good as anybody else's money, says the Swiss bank Thom Langford LLC. Thom, what have you got for us this week?

So I've got this interesting take on blame the victim. So in our world of information and security, we are often told about all of these stories of companies being hacked and individuals being hacked. And very often the companies attacked for not doing the right thing and individuals are attacked for not doing the right thing, etc., etc. And we all pile on. And then there's another resurgence of don't blame the victim, they're all criminals here, blah, blah, blah. So this is an interesting one because it's related to a company that was hacked and has been hacked a number of times, but it was hacked fairly recently. It's 23andMe. I think it's one of Kroll's favorite companies because it's a company that keeps your DNA on file and, you know, allows you—

Not just yours. Not just your DNA, but everyone else's.

No, not just mine. No, no.

Thom's would be useful for paternity suits. Is there a specific one for Thom?

Yeah, I crowdsource mine. So it has been breached in the past. Well, there was a recent case. And the attack was basically focused around password spraying. So there was some credentials found on the internet and they were used by the attackers. October 2023, 7 million customers' information was accessed, including a significant number of files containing information about some users' genealogy, such as their ethnicity and ancestry. But the hackers initially accessed around 14,000 accounts via the credential stuffing campaign. So basically they had credentials and they just sprayed them at the site and saw what stuck. 23andMe have come back and said, it's not our fault, it's not our fault. Our systems were not compromised because of a weakness in our systems. They were compromised because people and our users have been reusing their passwords elsewhere on the internet, and they've been used to gain access to the site. And then the attackers used that information to access the personal data of 6.9 million other users who had opted into 23andMe's DNA Relatives feature, which basically allows customers to share their DNA results with anybody on the site to find out, you know, where your long-lost brother was, etc., etc.

And that was the thing, wasn't it? So if you broke into someone's account, you didn't just find out about them, right. You could find out about their, quote, DNA relatives, other people.

That's right.

So those other people may have had completely unique passwords.

Yes. Although they would also have had to have opted in as well.

Yeah, they opted in as well to DNA relatives.

That's right.

This feature. But maybe they had their accounts secured and weren't reusing passwords and all these other things which 23andMe seemed to be blaming people for having done.

So 23andMe's point is that it was technically a valid access of the accounts, you know, of those 14,000 accounts that were accessed, they were all valid logins because they were the correct username and the correct password. And they said, and we've also offered two-factor authentication, but you haven't taken it up. You've, you know, a second factor of authentication, you can enable it. But in this instance, these people did not use it.

Now, why wouldn't you make it the default?

Well, exactly.

Make it mandatory.

Yeah, exactly. So here's the thing. So on the one hand, you got 23andMe making actually a fairly good point, although they're kind of shouting into the void rather, because the number of people out there who reuse passwords is quite high. And I know a number of people who do that. But secondly, they really should be doing the utmost to protect their users' data. The reason they don't switch on two-factor authentication is because it puts people off from logging in and therefore not spending money that they might have been spending with 23andMe. So effectively, it's a financial decision to ensure that people will continue to carry out logins and to spend more money and to have more tests done or offer tests to other people. So it's quite a cynical move really, right?

Totally. It's basically saying, look, because we have a few idiots on this site that ruined it for themselves, they're at fault.

But I have to say, and I am getting splinters from sitting on this fence. I have, to be perfectly honest...

Why are you sitting on a fence? Cheap thrills.

So I don't think people know, though, that people don't think about it that way. People don't work in this industry. They don't consider any of that.

Well, precisely. Yeah, absolutely. So 23andMe need to do a much better job of securing this data. They need to enforce the two-factor authentication. But it wouldn't surprise me if there's a number of people out there saying, literally sort of spluttering and pointing at the screen when they hear this and saying, that's exactly it. You know, it's not always down to the individual.

There is an element of shared responsibility here, but yes, don't blame your customer seems to be a good one.

Okay, I'm going to be devil's advocate now. I'm going to agree with 23andMe. I think if I'd worked in their comms division, what I would have done is, I said, look, we need to be quite aggressive with this. We need to push back. Because clearly, DNA data, really sensitive. It could have information about your predisposition to specific diseases. It could be data which is stolen, used later for unauthorized research, or sold to third parties. There could be the emotional impact of finding out you're related to Thom Langford.

Oh, no!

Something deeply distressing like that, right? And so I think 23andMe should say to all of their users, you're bloody idiots. What are you doing giving your DNA to some corporation who you know are going to be reckless, if not now, but they will be in the future?

Some two-bit company. Exactly. A stupid company like us.

I would agree with you if when you signed up for an account and you put...

You ticked a box and I'm a bloody idiot.

Yeah.

Yeah.

They would say, alert, alert, like the banks would. Can you make this seriously, seriously, seriously good password, please?

Yeah.

And very unique and in big red bold letters, 'cause this is really, you know, a big fucking deal.

I do also think there is a huge opportunity here because we've now got the DNA of people who don't switch on two-factor authentication. Let's find out what's unique about them. Let's find out the gene that makes them dumb enough to not switch on two-factor authentication. Oh, stop it. And reuse passwords. I bet you there's a common strain there. I bet you.

Yeah, I don't agree. Thom, blame the user. Shame.

And then we round them up.

Call yourself a CISO.

Have a Venn diagram with listeners to the Host Unknown podcast.

Yes, right.

Perfect circle.

But the research possibilities here are endless.

Carole, what's your topic for us this week?

Well, why don't we open with what would be your dream job if you're not already doing it, Graham? Finally, what would be your dream job? Something you'd be good at, feel proud about, maybe make a bit of green?

My dream job actually, Carole, probably correlates quite well with yours because I would love to be a modern artist.

I was gonna say, I always thought you were a piss artist, so it's pretty similar.

I would love to be able to just spaff on a wall or you can dribble some paint. I'd just love to make a mess on a piece of paper and go to the Saatchi brothers and say, come on then, how many million are you going to give me for this? I just thought that would be fantastic.

Literally, some modern artists have literally just shat on the floor, right? Called it modern art. So I think you can do that. Even you.

Here's my unmade bed. Here's my unmade bed.

Your unmade bed would probably look everyone else's made bed, in fairness.

That's what I would love to do.

Thom, what about you? What would be your dream job?

Do you know what, right now I think it would be maybe a photographer, a portraits photographer or something that.

And you're working on that. You're a great photographer.

I think I'd to go down, but not have to rely on it for money, if I'm perfectly honest.

Right, I know. Yeah, tell me.

An independently wealthy photographer.

Totally. Yeah, that sounds fantastic. Well, what if I offered you the job of being a female impregnator? Your job, should you choose to do it, would be to service a company's client. And in this case, that's a woman who wants a baby but doesn't have a man to do the job.

Do you know what I mean? I've done it twice and it was really expensive. I'm still paying.

I'll be terrible at this because I have had the snip, so I think they're not going to pay me very much.

Don't tell them that though, Graham.

You don't tell them that. Just say, oh, don't tell them, try again.

So our friend here, Mangesh Kumar, okay, from India, he in December was perusing the popular platform known as Faceplant or Facebook, and he comes across this video, All India Pregnant Job Service. Now, Mr. Kumar here is not a rich man, okay? He has two boys and he admits he's desperately in need for some cash. And these guys are profesh, according to Mr. Kumar, 10 minutes after he'd clicked on the video, his phone rang and the man asked him to pay 800 rupees if he wanted to register for the job. This is what Mr. Kumar told the BBC.

And the job is to make someone pregnant, make some babies.

Yeah, apparently the caller said that Mr. Kumar would be working for a Mumbai-based company. And once all—

Oh, I thought you're going to say working from home.

And once all signed up, he will be sent the details the woman he would be responsible for impregnating. And the service fee is sweet. Okay, so ₹500,000 for sex, and then a further ₹800,000 if the lady actually conceives. So in UK money, that's £5k for shagging and another £7,500 if it's a bullseye.

That's more than I normally charge. That's very good.

It's not bad for a few minutes of action, right?

Hit the target bonus.

Exactly. Hit the target bonus. Now, question. You know, would you take a turkey baster with you on one of these just in case? No, 'cause I wanna have another shot. I mean, is it what, 3 strikes and you're out?

Is there any guarantee you're going to be— Let me, how do I put this delicately? Not so much make them pregnant, but be able to initiate the process. Oh, you're worried about man problems, you mean? Shyness? If you don't know the lady in question, you might be somewhat shy.

You might get shy.

Yeah, maybe doesn't blondes or something.

You might need a fluffer. You have to split the cash with somebody. So, so, so Mr. Kumar says he's keen, right? Because he may not have a huge academic background, but, you know, he knows how to do the business.

He does have a penis.

He has a penis. So he gets this official-looking agreement, a document entitled Baby Birth Agreement, and it sports Mr. Kumar's name, his photo, and the photo of someone in a police uniform. And the fine print below reads pregnancy verification form. So he does all that. Now he's working for this Mumbai firm, and this company is sending Mr. Kumar photos of 78 women asking him to choose the one he would to impregnate.

I thought you're saying 78-year-old women when you said—

No, no, they can't get pregnant. Very easily, Graham.

Okay, well, exactly, you know.

And also, given he's taken, you know, he's got all of the equipment that he needs, can he get a tax relief on that work?

Very interesting that you bring that up. So the plan, it seems, is the company would book a hotel room for him in the town, in his town, in Mr. Kumar's town.

Lovely.

Make it convenient, right? All he's going to do is bop down there, do his business, collect the... But this is where things start going wrong. I don't know if you guys were predicting this.

No, I really— I know it was all sounding so promising up till now.

Perfect. Over the next couple of weeks, Mr. Kumar is asked to fork out more than ₹16,000, right, to obtain some court documents. There's a safety deposit. There's some GST to pay ahead of time.

Hours. Dinner.

And this is all based on the money that he is going to get once he starts shagging, shagging, shagging.

Yeah.

And Mr. Kumar is like, "Okay, I'm fronting up a lot of cash, but now I'm kind of getting super desperate because I didn't have money to begin with, which is why I'm here. And now I am seriously in need for cash." So what does the company do? They send him a receipt saying they've credited his bank account with ₹500,000 and change. Yeah, but the money is on hold and would be paid after he paid the income tax due on that money to them, of course. But of course, Mr. Kumar has no money, so he tries to back out. He says, "Look, can I just get a refund on all this, please? 'Cause this is sounding not very good for me." I'm starting to get suspicious. Well, not everybody, as I've said, Thom, not everybody has your access to all this information. This is a poor guy, right? By his own admission. So the fake company scares the shit out of him by saying, "Hey, look, since the bank account shows a credit of 500,000 rupees and change, the income tax authorities are going to raid your home and arrest you." He does exactly what I would do in this situation. What do you think that is?

Panic.

Hide under the bed.

Basically, he turns his phone off for 10 days.

Yeah, exactly, that sounds like you.

But what a scam. And unfortunately, of course, Mr. Kumar is not the only person that has fallen for it. The good news is that there's been some police action. So Deputy Superintendent—

Well, they got involved too.

The Deputy Superintendent of Police who heads up the cyber cell in Bihar's Nawanda District, he told BBC there were hundreds of victims of an elaborate scam where gullible men were lured to part with their cash on the promise of a huge payday and a night in a hotel with a childless woman.

You know, they call them gullible. I think desperate is really the word, isn't it?

Oh, totally. Yes, totally. Yeah, well, financially desperate. And also they're targeting the one thing that, you know, men are really good at, which is thinking through their dicks. And secondly, they're also targeting the one thing that people tend not to report because they're deeply embarrassed by it.

Exactly. How likely are people to actually go to the police and say, "I've just been tricked into this"?

So all jokes aside, this guy is, you know, hands down to him for actually going to the police and saying he got scammed this, because yeah, the vast majority of people wouldn't. And you know, it's— yeah, jokes aside, this is— it's horrible.

And I love how they kind of, you know, they say, "Look, we need you to fuck for money, and you can do good by giving a woman a child," right? It has this kind of I could father the world, you know.

You're virile. You are a virile man. Proving how much of a man you are by siring lots of children, blah, blah, blah.

I thought Elon Musk was doing this. Couldn't he sire a few more kids and he wouldn't need the cash? He could do it for free.

Dear God, no. Please.

You don't need more of them.

He's already paddling at the shallow end of that gene pool anyway.

They've already arrested 8 men, seized mobile phones and a printer.

And a printer.

And they're still searching.

Sorry, why the emphasis on the printer, Thom? Oh, and a printer.

I don't know. It was in the BBC article and I thought it was so cute.

How do you think they could get the invoices? I mean, the printer's culpable.

It's in on it.

We know that they're sentient because they refuse to work when you absolutely need them to the most. So, you know, it probably is probably the ringleader.

If it's an HP printer, which is telling you that you need to order specific ink supplies, then it probably is slightly evil anyway. Isn't it?

Yeah, exactly. Either that or it needed the money because it needed genuine ink supplies.

And I forgot the best bit. Let me just put the document in the show notes for you. So this is the document you get where you have the pictures of, you know, our friend Kumar, and then the official and the police document and all this, and it's signed.

And if—

Look at the signature there. Look at the signature right there and tell me if you can read what that says or what you think it is. You know, if you read it, it's like it says Oprah Oprah Winfrey.

So Oprah Winfrey has signed this contract?

Yes.

See, she's endorsed this as well, and I trust her way more than Elon Musk.

So you mean you don't get that rich from just selling books and being a chat show host?

And a baby for you, and a baby for you, and for you, and for you, and for you.

This episode of Smashing Security is sponsored by Kolide. Wouldn't it be great if a device which lacked compliance or lacked security was denied access to your organization's SaaS apps and other resources? Because this would mean that the hackers who had nabbed the unlucky employee's credentials, for example, could not gain access to your assets. It would effectively lock them out. Welcome to Kolide, a world where access is only given to approved secure devices. As the administrator, you can manage every operating system, even Linux, from a single dashboard. Another bonus of Kolide: employees can often fix their own problems without involving IT support, meaning less resources are needed to effectively operate a more secure environment. Kolide is the device trust solution for companies with Okta. Kolide ensures that if a device is not trusted or it's insecure, it is denied access to your cloud apps. Learn more at kolide.com/smashing. That's k-o-l-i-d-e.com/smashing. And huge thank you to Kolide for sponsoring the show.

Shortcut compliance without shortchanging security. That's what Vanta can bring your company. Expanding the scope of your security program with Vanta's market-leading compliance automation, saving your business time and money. Vanta has over 5,000 customers around the globe who are saving over 300 hours in manual work and up to 85% of their cost for SOC 2, ISO 27001, HIPAA, GDPR, custom frameworks, and more. And with Vanta's 200+ integrations, you can easily monitor and secure the tools your business relies on. From the most in-demand frameworks to third-party risk management and security questionnaires, Vanta gives SaaS businesses of all sizes one place to manage risk and prove security in real time. And as a special bonus, Smashing Security listeners can get a stonking 20% off Vanta. Just go to vanta.com/smashing to claim your discount. That's vanta.com/smashing. And thanks to Vanta for supporting the show. And welcome back, and you join us at our favorite part of the show, the part of the show that we called Pick of the Week.

Pick of the Week.

Pick of the Week.

Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like. Doesn't have to be security-related necessarily.

Better not be.

Ah, deary me. Well, listen, my son, he's 12 years old.

We've talked about him a lot recently.

He's not my pick of the week, nor is he my—

He's going to listen to these shows one day. I'm just saying.

Oh, dude, you think—

How can he not be your pick of the week? That's callous, Graham.

He could be my nitpick of the week sometimes. But every young kid, you know, he loves superhero movies. He loves YouTube. He loves all that kind of nonsense and the Snapchat and all that bollocks. Can I get him to watch an old black and white movie? Pretty unlikely, quite difficult to do. But he does have a love of history. And what I introduced him to, and what he binged on because he enjoyed it so much, is a new Netflix series called World War II: From the Front Lines.

Oh!

And this is a documentary series. It's very sort of, you know, it's easy to digest. But what it's done is it's taken archive footage from the Second World War, and it's colorized it and enhanced it and obviously added sound and things when sound didn't exist. And so it comes across with— it's much more easy for him to relate to it because it's in colour and because of the way it's been edited. And it's rather good. And he's loved watching it. He's learned about the Second World War much more than he already knew, really enjoyed it, and it stoked his interest in history and maybe will prompt a deeper exploration for him and other people who are interested in the history of World War II. And I thought, well, they've done quite a good job doing this and making this accessible to the younger generation. So I thought I'm going to make this my pick of the week. So it's a Netflix series. It's called World War II: From the Front Lines.

I've got to say, I'm more impressed with this than percentages. So well done.

Thom, what's your pick of the week?

Okay, so I've got a thing called Spintronics, and I reckon your son would be into this as well. So what does every mother get her son who has everything for Christmas, she gets, in my case, a thing called Spintronics. I guess you could say it's an educational toy. It's aimed at kids and adults.

Right.

But what it does is it teaches you electronics. So if you've always wanted to get into electronics and understand how it works, but it's a little bit abstract, isn't it? The world of electronics. You know, you've got these tiny little components. You're not quite sure what they do and why they work and what they do. What this does is it translates it into mechanical objects. So you've got gears and wheels and, you know, a resistor which slows down current effectively is a gear that spins more slowly, right? For instance, a capacitor is a gear that stores up kinetic energy and then releases it in one go. So it's absolutely fascinating. You can tell it's sort of primarily aimed at kids. You know, the workbook is, you know, it's got a little sort of comic book story in it as well. But I was absolutely absorbed by it, I have to say. It's fascinating. I have a, you know, a basic understanding of electronics, but actually making it work, I think, was— it was really good. And it's also, it's a bit Lego in a sense. You have to build it, you have to, you know, construct it, etc. So it's great for taking your mind off things. It stops you thinking about the day job and all that sort of stuff, and you learn something as well. And it looks— it's quite sort of steampunk-esque, as it were, in its likes. So yeah, I'd check it out if I were you. And Graham, I reckon your boy would absolutely love something this as well.

Yeah, I love the look of it.

So your mum bought this for you, Thom?

Yes, she did. She did. The Duchess of Ladywell bought this for me.

That's very kind. What a lovely mum you've got. It's not cheap, is it? It's not. I mean—

Well, I don't know. I didn't look at the price.

Well, I think your mum must quite like you, Thom.

I think she— well, you know, I'm not a bad son.

Did she buy you the Epic Bundle?

I do. I've got all 3 boxes. Yes.

Oh blimey.

Oh, so £156.24.

No, no, Epic Bundle, £212.

So I know how much my mother loves me then, which is always good to know.

She put a number on it.

Yeah, absolutely.

Okay, what's your pick of the week?

Well, I'm gonna share my first knit pick. I think it's my first I think it is.

Is it a rant of the week?

It's kind of, it's just something that ticks me off and I want to know if you guys agree or disagree. So I've been on my own for the last few nights, okay? The Yeti's been away. And for some reason during late dinner time, I started watching reality TV. I know. I know. I know. So I started watching the new Traitors with Claudia Winkleman. It's on the BBC, I think.

Oh yeah.

It's basically what I, you know, it's the game Mafia. That's what I used to call it, or a murder game.

Game.

Yeah, yeah. But only 3 shows are out. So, you know, I still had a few hours to kill. And then I started watching this new one on Netflix, or new to me, called Trust. Okay. And the premise is this: there's £250K on the table. And you've got, you know, if all the players— there's a dozen players or 10 players— and if they all play nice, everyone leaves with their equal share. So £20,000, £25,000 quid. But if contestants can also boot people off in order to grow their share of the pot, right? So split evenly or cut each other out to raise your take. So interesting premise, right? I'm thinking that's kind of cool. The scenario. Interesting. And this is my nitpick of the week because there's a huge but coming. Right. Let's hear your huge but. There's all these adult humans, right, that have requested to be on the show, presumably people you and me, if we were that inclined. But my question is why do they have to jump around acting overexcited and shrieky all the time? I mean, who does that?

I can answer this. So I know somebody who works in a production company, and I think it was one of the Channel 4 ones, Come Dine With Me.

Yeah, yeah, yeah.

And a friend of theirs said, oh, you should put me on Come Dine With Me because I'm a terrible cook and I think it'd be really, really funny. And this person said, oh yes, I'm sorry, but you're too— What? They choose these people.

You see?

They choose these unhinged people that should, you know, it's frankly an indictment for care in the community, but they choose these people because they are utterly off their rockers.

But it's just annoying because I kind of the premise. I kind of want to ogle at people who would choose to go do this and see what they do. I don't want—

You'd to go to a human zoo.

But that's what they're peddling, isn't it? Yeah, they're peddling that, except they're getting their freaking oars in there and going, let's make it more exciting and get freaks and make them shriek all the time.

And yeah, that's exactly what they're doing.

That's what it is. It is like a Victorian freak show, isn't it? It's like the carnival. They're just collecting people.

I don't like that.

Well, of course we don't like it. Well, okay, I'm just saying I spent some time in Realityville. I didn't like it. My nitpick of the week is it could be so much better.

Goggle?

Yeah, yeah, I like Gogglebox.

Oh, don't pretend you don't know what it is. No, I've never watched it, honestly. Well, I've watched five minutes, but really not my show. No, no, not all of them. I quite like Giles and Mary. They're lovely.

Are they the couple that drink?

No, but they're freakish in the sense that their relationship is very bizarre anyway, you know. But exactly, it's fascinating.

If we can watch people watching TV and find it entertaining, I just think these reality TV shows could just sit back and let it happen as opposed to trying to manipulate everything. And that is my nitpick of the week.

Didn't George Orwell say something about it being the end of society? You know, people watching other people degrade themselves.

He did have things to say about Big Brother, but I don't think he realized it would quite turn out the way it has. Well, on the bombshell that Thom Langford has been criticized for being too normal.

Oh no, it wasn't me.

Oh, it wasn't you. It wasn't you who's too normal. I found it hard to believe that, to be honest. But we just about wrap up our show for this week. Thom, I'm sure lots of our listeners would love to follow you online and find out what you're up to. What is the best way for folks to do that?

Oh, I am Thom Langford, Thom Langford with an H, because Twitter wouldn't let me have an H on Twitter X or Mastodon and also vaguely on Threads, but not so much. But hey, why not check out my website, ThomLangford.photography? Why not go there this time?

Working on his dream job.

Fancy.

And you can follow us on Twitter, Smashing Security, no H. Twitter allows no H. We also are on Mastodon, and don't forget to ensure you never miss another episode of the show. Follow Smashing Security in your favorite podcast apps such as Apple Podcasts, Spotify, and Overcast.

And a gazillion thank yous to our episode sponsors, Fanta and Kolide, and of course to our wonderful Patreon community. It's thanks to them all this show is free. For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 354 episodes, check out smashingsecurity.com. Duck Hub.

Until next time, cheerio, bye-bye, bye-bye, ta-ta.

Can I tell you something?

Yeah.

So a friend of mine was doing a long drive over the Christmas holidays, and they banged on Smashing Security on their— we just came up, I guess, maybe in their play queue or whatever. And he says to me, he was like, "You know, it's not a bad show. You guys are pretty professional." Surprised.

Surprised.

Surprised. So, thank you, Ollie.

Hang on.

Oh, Olly said that, did he?

Yes. Olly's been on the show.

He was a guest.

Oh, I know.

But about 20 years ago. Funny.

Thank you, Thom.

Thom, you're a rock star.

Absolute pleasure.

Appreciate you doing it. We know you're a busy fella.

It's always a joy. Always a joy.