Israeli TV’s Eurovision webcast hijacked by hackers. Hamas blamed

And I recorded a video of it. Not just the video. I even saved all your passwords, contact lists and everything. I did all of this when you were in the bathroom trying to clean yourself. So, a few things here. Firstly, why didn't you ask Ran to read this out?

Smashing Security, episode 127. I do love the Dutch, with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, episode 127. My name is Graham Cluley. I'm Carole Theriault. Hello, Carole. Hello, Graham. Hello. And we are joined this week by someone new to the show, a bit of a podcast star in his native country of Israel. It is Ran Levy, star of the Malicious Life podcast. Hello, Ran. Hi, hi. Great to be here. We are super

stoked to have you here. It's awesome. Thank you.

I am super stoked myself.

Now, Ran, I'm sure lots of our listeners will already have checked out the Malicious Life podcast because, well, why don't you explain what it is and why people might enjoy it?

Okay, so my personal hobby is malware research and the history of malware. And Malicious Life is a podcast about the history of malware where we talk every other week about some obscure episode from the past of cybersecurity. Lots of interesting stories. I mean, some of them were rather famous back in the day, like the famous Morris Worm from the 1980s. And, of course, you, Graham, are a star of our show. I mean, I've interviewed you at least twice, I think, for the show. Oh,

is this why he asked you to describe the show? Because he knew he'd get a plug? Oh, God. It works. Yes, it works. He's a master. But you've had some proper experts on the show as well, talking about computer security.

episode, you've got experts talking about very interesting stories. Lots of human stories. The human side of cybersecurity. Well, I have quite a few stories about Graham. Real ones. No time for that. No time for that.

We have a fab story lineup for you guys today. Thanks to the support from our sponsors, Gartner, Metacompliance and LastPass. Graham is going to talk turkey about intercourse. What? I just said this is a fab lineup and you hit us with intercourse.

I wouldn't say hit you with intercourse. The verb I would use.

Right, it's going to educate us on modern asymmetrical cyber warfare. That's more like it. Yeah, because it's happening in my backyard. And I've actually solved a global problem. And I'm going to run my theory past all of you to test it out. All this and much more coming up on this episode of Smashing Security. So

chaps, chaps, imagine you have received an email, not that unusual obviously. Carole, I've shared with you the text of an email so maybe you can read it out to me and we will discuss it as though it just appeared in my inbox. Okay.

I do know it has intercourse in it because I had to introduce the show so I'm a little surprised. I have yet another surprise for you. Our intercourse

video. There you go. Intercourse. So this is the first thing which surprises me, right? You'd remember making it, no? Well, exactly. So here's someone who sent me an email saying, I've got a surprise for you. Here is our, not hers, not theirs. This is our intercourse. And who calls it an intercourse video? They mean a sex video, I imagine, right? Yeah. I wouldn't necessarily call it an intercourse video. But anyway, let's hear more. Yes, you read it right. We had

intercourse quite a long time back. Quite the sexy talker there. I recorded a video of it. Not just the video. I even saved all your passwords, contact lists and everything. I did all of this when you were in the bathroom trying to clean yourself. So, a few things here.

Why didn't you ask Ran to read this out? Firstly, what the fuck? How come better? No, when you read it. So, imagine you were having intercourse, as it's called. If you were having sex with someone, wouldn't you notice as they set up the lights and, you know, the microphones and all the rest of it to make this video? But secondly, they say that they've also grabbed our passwords and contacts list and everything. And they actually write, I did all of this while you were in the bathroom, trying to clean yourself. It's like, how dirty did you get? And what is that dirt you're trying to scrape off? And how long does it take you in the bathroom to sort yourself out? Like this other person's like, oh, just download all their passwords.

I would safely assume that the person who wrote that email didn't have intercourse yet. Ever in their lives?

Trust me, I can fuck up your life if I want to. I'm not an evil individual. It's just that I need some money and I'm certain you can help me with it. Help you with a few things. Yeah. OK, carry on. So here's the non-negotiable deal. You send me 1500 bucks and I will delete everything I have about you. You will not ever, ever hear

from me. And then they give a Bitcoin address. And so this is in many ways a fairly standard sextortion email, right? But there's this unusual angle which is not that they've hacked into your webcam or detected that you've been visiting porn sites and secretly videoed you as you sort of, you know what, what word can I say? Yeah, as they enjoyed watching these videos I have a

thought here, right? Okay, so let's say they spam this out to, let's just say random number, 20,000 people. Okay. And let's say what, 1% of them are people that might go, possible? It's possible. Maybe. I remember cleaning myself or trying to. It did take me a long time in the shower. I was there a while. So, and if those 1% respond and panic, or 1% of 1%, they're still quids in.

Yeah, exactly. So there will be some people who think, well, I did have the intercourse a long time back. I don't remember who, but there was that strange situation. I mean, I remember, I've personally been secretly filmed. I think I may have mentioned this on the show before. Not while... Really? Yes. Not while having sex, to the best of my knowledge. It'd be a short movie at that. But no, I've been secretly filmed while on the lavatory inside a restaurant. Oh, delicious. A camera came under the cubicle door and started pointing at me. So I've had that experience. So if I'd received an email saying we filmed you while you were in the bathroom trying to clean yourself up or something like that, then I might have found it more plausible. But I think it's quite unlikely this particular thing. So they are threatening. They're saying unless you pay so many bitcoins within one day, as though the average user can find out how to buy bitcoins and arrange all of that within a day. They're saying they will send the video or the intercourse video, as they call it, to all of your contacts. They will leave the DVD with your neighbors. They say, we know where you live. So they're going to pop around with a DVD, put it through the letterbox.

Who has a DVD player now? Yeah, I guess.

Can't they just stream it on Netflix instead? That'd be so much more convenient.

You can put it between a Miami Vice season three and Miami Vice season four DVDs.

You know, I might just wait for somebody to send me the actual video because then I'll have bragging rights at least. Yeah, exactly. Mum, mum, I finally had sex.

I'm a film star. I mean, there'd be a lot of techie people. They would never believe this for a second, would they? Because they would simply think, you know, the only time I have had sex with myself, there's no one else present in the room. Just

last week, Graham, you were talking about people that can be duped by certain scams that maybe techie people may not fall for. But there seems to be a lot of people out there that do.

Yeah, and I think you're right, Carole, when you said that if this was sent to a huge number of people, there might be one or two unwary or vulnerable people. They read the first line and freak out. Or people who are just very, very sleazy and slutty. You think, well, it's a fair cop. It might have happened. And so the cost to the bad guy emailing a lot of people is practically zero, right? Exactly. But the rewards... But it

is... I mean, would it be more logical to assume that if you claim to have, you know, videoed someone who masturbated on, you know, on some porn site, you'd get much more potential hits than somebody who was filmed during intercourse with somebody who just sent him an email. I mean, this is a new area we haven't explored on the show. Yeah.

And it's for that reason we're now going to survey our listeners. So if you... Well, the only thing... Send us your videos and we'll do some research. I suppose the intent of this email is to make it appear that you are being more specifically targeted. They know where you live. They might know your family situation. They may have a personal grudge against you. I mean, yes, it does seem implausible. Well, there's

one dead giveaway that they don't. What's that? There's nothing specific in any of the email. Right. Show me this video that you talk of.

If you remember, there was a very, very serious attempt at that very thing when – how was that adultery site called? Oh, Ashley Madison. Ashley Madison, exactly. And after the Ashley Madison hack, people sent out mails to probably the people who were in the database that was siphoned away. Yes. and claiming that either they pay and here was their actual details because it was in the database. And I understand that there were lots of people who did pay. And there were some

people who sadly ended up committing suicide. And, you know, obviously families will have broken up. It's absolutely horrific. I'm feeling as if I'm bringing your show down. Sorry. Just wait to your story. Yeah. And we haven't even started yet. So, Ran, what story have you got for us this week?

Okay, so two days ago, Israel released a video. You know the kind of generic videos, black and white videos, where you see a bomb hitting a building and it explodes. You've seen probably hundreds of those from Iraq, whatever. And it turns out this specific building is claimed to be the cyber headquarters of Hamas in Gaza. So I think this needs a bit of an outline of what we're talking about. So very, very briefly, Israel and the Palestinians have been at odds for like the last, what year is it? What century is it? What millennium is it? It's a rather old conflict, to say the least. And in 2005, Israel pulled out of Gaza, and a short time later, Hamas took control of Gaza. And ever since then, people probably heard on the news, occasional conflicts, missiles, etc. And in the background of that military conflict, there's also some sort of cyber warfare conflict going on. Except that in that case, Israel is a major superpower in cybersecurity. And Hamas is basically amateurs. So I mean, it's as asymmetrical as it gets, really. And Israel has used every conceivable technology against Hamas from advanced malware, spyware, tracking cell phones, whatever. But it's very interesting to see, from my perspective, I'm not talking here as an Israeli who's got a stake in this, but somebody who follows cybersecurity. It's very interesting to see how Hamas is kind of adapting to this reality of being I would say the David in that specific conflict. Not in the political sense mind you, just in the more order of magnitudes in terms of capacity and they're trying interesting stuff over the years.

The thing isn't it with cyber attacks is that all you need is a computer and an internet connection at the very basic level. That's much easier for me or someone else to get hold of than it is to get hold of a tank or a fighter jet.

Exactly. And you know what? I mean, most media outlets I saw that referenced that strike two days ago against the Hamas headquarters, the actual building, were claiming that, I mean, they were trying to paint that bombing as if it's maybe a new phase in cyber warfare, that there's kind of kinetic warfare after a cyber strike or something like that. And I call bullshit on that because really the way I see it, Israel probably was aiming to take down that specific building for years. And just we had the opportunity right now because we are in the middle of an actual live conflict with missiles flying in every direction. So it doesn't have anything to do with retaliation against any cyber attack from Hamas, as some people probably claimed. And it's, I think, more of a publicity stunt from Israel because, as you said, Graham, I mean, everybody with a computer can actually plan some sort of an attack from their home. So actually taking down a building, which is, quote-unquote, a cyber headquarter in Gaza, it was probably empty, if you ask me. They probably fled the building a long time prior.

I don't know. But I mean, Israel's defense force, they are the ones who've managed to get lots of attention for themselves because they tweeted out an image and then later a video was released as well where they painted it very much as... They did paint it as a response to a cyber attack, didn't they? They said there had been an attack against Israel. But no details. They haven't given any details. So there was a cyber attack against Israeli targets, as they've said. They said that it was thwarted and so they managed to actually deflect it, whatever it was, maybe in a denial of service. And bomb the headquarters. It sounds good, right?

No, I don't think it does. For me, cyber warfare is, whilst there's loads of pains associated with it from all kinds of points of view, it is not actual physical violence, right? Where people are actually dying. And there seems to be some kind of evolution involved from moving from, you know, kind of beating someone on the head to being able to do it digitally. So it's a sad day. We actually have to respond in a kind of such a crude way.

Yeah, I mean, if you look at what the actual cyber attacks that Hamas did over the last three, four years, you can see that these are not really cyber attacks in maybe the way...

So what have they been doing?

Okay, so think about it from the perspective of somebody in Hamas trying to strike one of the most sophisticated armies in the world in terms of cybersecurity. They can't really hack anything. I mean, not military installations or military systems and stuff. They are pretty amateurs in that regard. But what can they do? They can target the actual soldiers, the servicemen and women in the military and try to get intelligence. And what they did in the last few years is use social engineering to try and get young servicemen and women to install compromised applications and use those applications to spy inside military installations around Gaza. So the typical scenario would be, say, you're a young soldier, a 20-year-old guy, and you're getting a messenger message, Facebook messenger, or a WhatsApp conversation from some, you know, lovely lady presenting herself as a young immigrant new to Israel. And she's really excited because she got your phone number from her girlfriend or whatever and you're a brave soldier whatever I mean yeah and you're lonely and you hate yeah and

She saw the intercourse video which is going around as well that's been making the rounds and she thought that looks quite good you know yeah

Yeah why not why not I mean I was in the Israeli military and I've got to tell you from personal experience the minute somebody puts your uniform on you become hungry, tired, and horny. Not in that specific order. I think now you're 43, Ran. You should Really take the uniform off. I think you're pushing it a bit to still be strutting around.

And I understand the attraction of that specific attack. I mean, there were probably hundreds of soldiers who installed these spyware applications. And the applications themselves were related to stuff that interests young people like soccer, World Cup, dating, fitness, whatever. I mean, it was used in generic tools that anybody can create simple applications. It's not that difficult. And once the victim installed that application, now Hamas could turn on cameras, microphones, whatever, inside military installation. It probably gave some sort of intelligence. It's a rather good idea.

So it seems like cyber training is required for the actual young personnel upon entry to the military to help deflect this kind of stuff?

Exactly. So in response, the military started a public campaign to raise awareness in soldiers, and it was called Operation Broken Heart. They gave good names. Yeah, good names. So that's one aspect of what Hamas is doing. And the other aspect is more enlisting help from sympathizers from around the world. Many of them kind of fuzzily related to the anonymous movement. And each year around, actually this time of the year, they commence some sort of coordinated attacks against Israeli websites, you know, governmental websites, media outlets, whatever. DDoSing, defacements. Actually, there was just a few days back, early this month, we had one of these attacks. It was called Operation Jerusalem. And I think the attackers defaced around a million web pages in Israel. Quite a lot. And it was really smartly done. They targeted an accessibility plugin that is used by many Israeli websites. And the hackers broke into the DNS record of the company which makes the plugin. And since it is one single plugin and it injects JavaScript code into almost every major website in Israel, the attackers were able to deface tens of thousands of websites. So the hackers only had

To compromise one piece of code, which was being used by many, many websites. It's effectively a supply chain attack.

Exactly. So smart. I mean, this is really smart. Actually, the real objective of that attack was not defacement, but was installing ransomware on all the visitors of the websites. And imagine to yourself for a second, if that attack really came through and they were able to inject ransomware code into tens of thousands of websites in Israel. I mean, half the population's PC computers would probably be ransomed in some way, you know, except that they had a bug in the code. There was some broken if condition somewhere and it didn't work. But it was rather daring. I mean, if it did go through, it could have been a very annoying

Attack. If it had happened, can you imagine? Can you just imagine how smug all those Apple Mac users would have been? That would have been vile, wouldn't it? Exactly.

They would all put on their turtlenecks, get their flat whites out. Yeah. No, we've moved on now. It's flat whites.

Fantastic. Carole, what's your story for us this week?

I couldn't have wished for a better handover, Ran. This is, of course, an equally terrifying and upsetting story, especially for those of you out there who are not inclusive or welcoming of our brothers and sisters afflicted with Tourette's. Fucking seriously, get woke, people. Actually, it's an even bigger problem than that. This could be seen as a veritable nightmare for any technophile clean freak who is not very cozy with swearing fulminations, profanities, or expletives. Now, as the self-appointed CEO of the body advocating lewd language and signs, I swear a lot in this show. We all know that. And I think, you know, we could say that I do fight intolerance to colorful castigations, right? And I want us to abandon this dogmatic and outdated mindset. Screw the swearing naysayers I say. So have you swallowed a thesaurus? What's going on here? I propose that this young hacker I'm going to introduce him in a second, oh yes, may just have stumbled upon an exquisitely simple solution that resolves this global pandemic of no swearing allowed. So this young hacker is an internet celeb-ish guy who seems to hack devices in fun ways for the pure entertainment of his followers. Now his channel, Michael Reeves, has well over 1.5 million subscribers and he has 120,000 followers on Twitter and his banner on Twitter says, I like to hack things. So I'm just giving you a kind of, you know, a visual here. So no small potatoes, right? He's got some followers. Yeah yeah and on his channel he has videos like a robot that picks tomatoes out of your salad, only tomatoes. Yeah if you want to take a quick look at that link I've even timed it for you so you can just see it in action for 10 seconds. Okay.

Let's just check this out. Sounds very useful for some people. If you hate them, I love them. So okay, he's not one for me. Oh there is a little bit of collateral damage isn't there of course by this thing.

Yeah. He has another video, which is a robot that shoots an energy drink at you when you get tired. And I've also lined that one up appropriately for you guys if you want to

Take a look. Oh, my goodness. That's a bit... He's rather young, this guy. A bit like having a visit from the Israeli army, that actually, isn't it?

See, that's what I was saying. Equally terrifying.

He's got a lot of time on his hands.

So his videos are around 10 minutes long. So, you know, shortish. And they tend to show a little about how he hacks said device to make his wacky inventions, right? And people seem to love it. Now, personally, I've watched a few of his videos, and I find his on-screen persona incredibly annoying and smug. And the thing is, like you say, Ran, he is just a kid. One that thought it was clever to use an old Tide pod container. Did you notice that in that energy drink video? He's actually using an old Tide pod container to hold the fizzy energy drink. So, ha, fucking ha.

I don't get that. What does that mean?

About a few years ago, kids were actually daring each other to chew the pod. The challenge. The Tide pod challenge. And that's

Like washing machine. Yeah, the washing thing. Yeah. Okay. Anyway,

He was making a reference to a very uncool meme as far as I'm concerned. Anyway, in a video that he uploaded on the weekend, Mike Reeves decides to hack a Roomba. Those little, you know, automated vacuum-y things. And using a Raspberry Pi, a Bluetooth speaker, and some voice recordings, he does a little jiggery pokery so that the Roomba, while it's doing its cleaning things and bumping into things as it does, like a table leg or a sofa or wall, it swears its butt off. Now, in a corollary video, he tests out this hacked Roomba in a kind of dinner setting. So let me set the scene. You got three roommates. They're all eating together while the Roomba crashes around their feet, howling expletives. Take a listen. This is hilarious. Today, Tuesday on the day of recording, there's a few select tech media that have picked up and reported on this, guys. You've got Next Web, Fast Company, those kind of guys. And I expect by the time we publish on Wednesday at midnight, this will be a much bigger story. It has all the hallmarks of going viral. Anyway, back to me and my idea.

I want that Roomba. I want that Roomba. I'll buy it.

Right? Listen to my theory. All right, let's hear it. As CEO of the BALLS, let me explain. Sorry? What? Body Advocating Lewd Language and Signs.

Oh, okay. All right. Yeah?

Let me explain how this will help me finally end the resistance to swearing. So there's this German expert. I can't remember his name. But he showed that one way to get people over serious aversions that they suffer from is to basically lock them in with it for as long as possible until the panic and the fear subsides completely. Say you were afraid of birds, like crazy afraid. This guy would cure you by locking you in an aviary for hours on end. And you would scream and freak out and panic and probably have one, two, ten panic attacks. But then your body would realize that your "I am dying" panic can't be trusted, right? So it stops panicking. Boom.

So you're either healed or you go nuts.

Yep. 50-50.

My wife has a friend who has an aversion to canned sauces. So she, yeah, so I mean, her idea of being locked in a pantry or something would be.

You'd bring her to Tesco's. Right. Or Aldi or something.

All right. Yes. So you basically lock someone up with a great big hairy spider and then you say, look, you're over your spider phobia, arachnophobia, rather. My theory is this. We need to wire up some sweary Roombas, place them in the houses of all those intolerant folks out there. And the barrage of sweary insults will indeed, after a while, make them immune to swearing. They won't care anymore. And I've met my mission.

Yeah. We can make more versions of this Roomba, you know, Canadian version. When the robot hits something, it apologizes. Yeah, Quebecois.

So, Carole, when at the start of today's show, you said you were going to change the world for the better. Yeah. You are going to make people less intolerant of bad language by surrounding them with foul speaking Roombas.

And people with Tourette's and people that are afflicted with bad language as well. Right? Tolerance is a great thing. Wouldn't you agree, Ran?

Yeah. Actually, it reminds me of that robot in The Hitchhiker's Guide to the Galaxy. Marvin?

He's got this horrible pain down the diodes on his left-hand side.

Exactly, exactly. So now we've got that. I mean, science fiction is being realised, not in the exact ways we thought it will.

Exactly. Together, we can end the tyranny against swearing.

Frankly, who needs to fight climate change, right? Exactly. Who needs to do that? I think get your priorities right. We've got bigger issues at hand right now, people. It's massive, I'll tell you. All the big security vendors are going to be there. They're going to be talking about cyber attacks, artificial intelligence, blockchain, machine learning and much more. It's all taking place between June the 17th and 19th at the Gaylord National Convention Center in National Harbor, Maryland. So I'd really recommend that if you are a CISO, IT security and risk professional, you probably want to go to the Gartner Security and Risk Management Summit. And listen up, listeners. You can receive $350 off the registration fee by using the code SMASHING with a G. To learn more, visit smashingsecurity.com/gartner. We are also sponsored this week by our friends at LastPass. Now, Graham, isn't it something like 90% of security breaches involve stolen password or a poor password? Yeah, stolen passwords, poorly chosen passwords, reused passwords. Passwords are really the hinge pin of so many security attacks which happen, which means that you probably want an enterprise password manager like the one offered by LastPass.

Listeners can learn all about LastPass Enterprise at lastpass.com/smashing.

You don't have to say forward slash, by the way, Jan, just say slash.

And we are also sponsored by MetaCompliance. Now, MetaCompliance make this platform to help you train up all your employees and all things cybersecurity related.

That's right. You can simulate phishing attacks. You can teach them about password safety, all aspects of data security. Go and sign up right now at smashingsecurity.com/metacompliance. And you can save because you listen to this podcast. You're a listener to this podcast. Boom. And welcome back. And you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week. Pick of the Week.

Pick of the Week. Took me a time to get on the wagon. Yeah. Welcome aboard. It's the lag. It's the lag.

Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security-related necessarily. Well, it shouldn't be. It doesn't have to be. Now, my Pick of the Week is a website. Now, I'm sure listeners remember we talked about a website a little while ago called thispersondoesnotexist.com, an extraordinary website which used artificial intelligence to create random computer-generated photos of a fictional person. And these photos were in the main quite convincing. Sometimes they had an extra ear or a mouth in the middle of their forehead or something like that. But many of them didn't look like people who worked in tech support. Many of them actually looked remarkably believable. Some of them I even quite fancied and thought, oh, yeah, they were right. Actually, it was quite chilly to look at some of these pictures. I mean, they looked so real.

Yeah, yeah. It's just Second Life, you know, 3.0.

Well, now another site has taken a new spin on things. There is a site called havetheyfaked.me. And havetheyfaked.me asks you to upload your own real photo or point it to a photo on the web, and it will then compare your photo to its collection of over 400,000 fake photos. So you... You all right there, Carole?

Where are the privacy legalese? I'm looking on the website. I see nothing.

So you can find out if you have a lookalike fake...

I'm looking for a picture of you. I tested.

I haven't uploaded my photograph.

I'm putting your picture up right now.

Well, can you upload Ran's instead? Have you done it, Ran?

Yes, I did. I mean, I'm a serious guy. I do, I mean, try to be on the show, trying to prepare myself. And I've got nobody who looks like me in that database. I'm either too ugly to be faked or, I don't know, maybe probably too ugly.

Carole raises a quite reasonable concern, which is what the heck are they going to do with all of these photographs people are uploading? Because this could be conveyor belted into some other artificial intelligence machine or it could be going into some huge conglomerate.

Can we do a who is? Let's do a who is.

Oh, yes, that'll definitely answer it, won't it? They won't have thought of that one, Carole. Anyway.

They might not have. This is not looking that great so far.

Geoff Bezos registered this domain. Now, if you do look in the small print, they're obviously aware that people might be concerned. And they do say the website automatically deletes uploaded files three minutes after uploading and also removes additional information extracted from the photos for facial recognition. But, of course, you've only got their word for it, haven't you?

Whose word? Philip Wang.

Well, whoever's running the web, whoever you find on Whois crawl.

That's the name, by Philip Wang. That's all we have.

Is it Philip Wang? Okay.

I use the picture that is already... I mean, so my picture is all over the web. I don't care, I don't have any privacy at all. I don't care, I don't care. My privacy is gone 10 years ago it was gone already.

Anyway, listeners, over to you. You feel free to upload pictures of yourself or indeed...

Just one co-host here, Carole Theriault, recommends that you just ignore this Pick of the Week entirely. And on to Ran's Pick of the Week.

I thought it was interesting, at least. Ran, what is your pick of the week?

Okay, I'm going to recommend a very interesting YouTube channel called Drugs Lab. It is a Dutch official governmental channel, which is important for our story. Oh, is it run by the government? It is run by the government. And in it, there are, I think, three or four young guys in the mid-20s. And they are trying in front of the camera every conceivable drug there is from weed in the lowest extremity to cocaine, heroin, all sorts of mushrooms, whatever, in front of the camera. I love the Dutch. I do. And it's amazing. I mean, the Dutch government apparently has a policy of, I mean, some of the drugs that they are showing are illegal in Holland. So the policy is, okay, we know it's illegal.

No one would surely take illegal drugs, though.

There are so many legal drugs, but apparently people do. They must be pretty

serious, these illegal drugs, if they're illegal in Holland, I have to say. Anyway, sorry, carry on.

It's right. If you're going to be illegal in Holland, you're going to have to be a very risky drug. But it's very interesting. I haven't heard of some of these drugs. Kamagra? What is that? My goodness, Carole, you've

dropped the ball over the years. What's going on? I think the "gra" is a hint. It's probably something related to Viagra, don't you think? They actually do stuff while they're high with various drugs like have sex, visit museums. I love the touch. And they kind of let you see the real effects of drugs on real people and give you warnings. It's why it's, I mean why it's risky, how to do it properly if you're gonna try it. It's so refreshing to see somebody taking drugs not in the, you know, the approach of, don't do it, it's dangerous, but actually trying to explain what the risks are, why it's dangerous, why it can be used sometimes. I mean if you're using it, how to use it properly. And I think it's, I mean, my personal take is that it's probably more effective than just saying, no, don't use it. Because you trust it. You trust it. And that's why it's great.

at the views, guys. Look at the views. 100,000 views. Hey, listen, Theresa May, if you want to improve your standing in the UK, this is a seriously cool idea. So I've watched a couple of these videos. Now the videos that I watched were all in the Dutch language, so I didn't really understand what they were saying. But they have subtitles. And they were still quite entertaining. And they're very slickly produced and they're very sort of professional presenters. Do you think you get paid? You're like, look, you need to go on cocaine and we need you there for four hours and you have to do all this personal stuff. A tenner? Sounds good.

Getting paid by the government as well. But it does. Would you do that kind of show? I would never do that. No. I mean, so dangerous. I don't drink more than one cup of tea a day. That's enough for me. I'm not going crazier than that. I don't

want to get a psychosis because I tried some weird South American mushroom. That's not part of my job description. I don't know. But it's a great channel. Well done, Holland.

Well, it's an interesting approach by the government over there as well, isn't it? I'm not

going to get the edit until tomorrow, Graham. I know what my evening's all about but I'm going to be learning some stuff.

You could be editing all night long, Carole. You'll be fully awake. Carole, what's your pick of the week? So my pick of the week found its way to me via Reddit. And I've been following this sub called Influence Advice for a few months. And I find it really useful and cool.

This sounds so dark side. Doesn't it? Doesn't it?

Well, I heard you were from Israel, so I thought this will appeal to you, Ran.

We're all on the dark side. Exactly.

Exactly. Manipulative individuals tend to use the fact that you may be blind to some aspects of life which you can benefit from. So for example, you may be really good at work, and I might not be doing so well. I might be feeling a little nervous that, Ran, you're doing so well in front of the boss. And so I encourage you to go take a holiday, you know, and think it'll be good for your health and you're looking tired. And I keep doing this because my end game is to get you out of the race so I can get a bit further ahead with the boss. But you might think, oh, this Carole's so caring. That's manipulation. That's smart.

What drew you towards this, Carole? That's evil.

No, no, it's not about becoming evil. You've been reading this for months? It's not about becoming evil. What are you working on? What are you plotting? An amazing audio drama one day, okay look that's one article. Other ones are why you should analyze live performances, why online anonymity should make you more positive, how to deliver bad news, how to entice people to hurry up.

Yeah, we've been recording for a while. Get a move on Carole.

I'm done, okay. Seriously check it out, it's a great resource. Collectiche.com website.

There's actually a great book called How to Make Friends and Gain Influence by Dale Carnegie which sounds as evil as maybe this kind of manipulation but it's actually quite helpful for people with social difficulties and tips for how to feel more natural in conversation. So it can help you if it's used properly.

Hey, I read it. Look at me now.

On that bombshell, I think we've just about wrapped it up. Ran, thank you so much for joining us today. I'm sure lots of our listeners would love to follow you online or find out more.

So probably the best site to go to is malicious.life. That's our podcast. Lots and lots of interesting episodes from the history of cyber security. My Twitter handle is at RanLevy. That's R-A-N-L-E-V-I.

Simples. And you can follow us on Twitter at Smash Insecurity. No G. Twitter wouldn't allow us to have a G. And we've got a community up on Reddit too. You go and join us there. Quickest way to find us is at smashingsecurity.com slash Reddit. And if you are after a sticker or a T-shirt or a mug, you can also go to our online store where we've got all kinds of goodies. Go to smashingsecurity.com slash store.

As always, we're hugely obliged to this week's Smashing Security sponsors, LastPass, Gartner, and Meta Compliance. Their support helps us give you this show for free. So be sure to check out their offers. And of course, fist bumps to all you listeners out there. Thank you for listening, supporting us and helping us spread the word.

Until next time. Cheerio. Bye bye. Bye bye. It's been great fun.

Bye. Yay. It has been fun. Do you normally laugh a lot every day in your day to day life?

Yeah, I do. I do. Excellent. You've got to, right? You've got to if you've got missiles overhead. You know, it always looks more terrifying from the outside. I mean, actually yesterday we had like a small event at the offices. I run a podcasting company in Israel. And we had an event on the roof. And we were kind of happy to be on the roof because then you could see missiles flying. There were actually missiles being fired from Gaza and, of course, back to Gaza.

Oh, my goodness.

So it was, I mean, we had great view. It sounds dark humor. Yes. You were saying. Yes. Very dark. Very dark.