Amazon staff are being bribed to delete negative reviews and leak data, deepfakes are getting more dangerous, an update on John McAfee’s bitcoin bet, and our guest gets a shock…
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week (for a while at least) by David Bisson.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
I mean, imagine, for example, Ice Road Truckers, right? And you're trying to train them for their first journey out on the ice up north.
Yes, yes.
And you would have a nice calm scene as they're kind of simulating the drive along the mountain, and suddenly hit them with a huge storm!
Piers Morgan!
Piers Morgan's in the middle of the road!
Will you avoid him or not?
No, you're going to hit him! Oh, what a shame!
Smashing Security, Episode 96. Bribing Amazon staff and blinking deepfakes with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 96.
My name is Graham Cluley.
My name is Graham Cluley.
96. I'm Carole Theriault, but I'm not 96.
Oh, right. I see what you mean. Yeah, 96. We're almost at number 100. I wonder what we're going to do for that.
Oh, it's going to be very exciting, whatever we do.
Which might just be a regular episode, of course. But it depends if we pull our finger out. And we are joined this week by someone who has pulled his finger out.
Have you pulled your finger out, David Bisson?
Have you pulled your finger out, David Bisson?
I don't even know what that means. Is that British?
Yes, it's very much British.
Oh, okay.
It sounds quite rude to the North American ear.
It sure does. It actually isn't rude. Anyway, David, thank you for joining us.
You're welcome, Smashing Security.
You are a security writer supremo. Of course, you've been on the show a number of times before. And always keeping your thumb on the pulse of what's going on out there.
You and your thumbs, Graham.
That I am doing.
Well, if you put your thumb on your pulse, you get two pulses.
So that's a—
You're definitely not a medical person.
Oh, there you are. So some medical advice from Smashing Security this week. That's good.
I think we should go to our sponsors.
Hey, Graham. Hello. Hello.
I need some advice. I need some advice. I use a cloud service. I put all my files and data up there, and I'm kind of nervous about prying eyes looking at it. Any advice?
Yeah, you've got to encrypt it. Before I load it up?
Well, I would recommend so, because any file which you put on Dropbox or Google Drive or OneDrive or those other cloud services, it could be accessed by that company or indeed law enforcement or any hacker who broke into your account.
So what I would recommend is use a piece of software like Boxcryptor.
It's what I run on my computer, and any file before it gets uploaded to those cloud services gets encrypted with my own keys, which I control.
Oh, the cloud service itself can't see the contents of the files which I'm putting on the cloud drive. It's all encrypted. Cool, I'll check it out.
Go to Boxcryptor.com, and thanks to Boxcryptor for supporting the show this week.
Well, chaps, an interesting security story arrived on my desk this week, which was from the Wall Street Journal, which is reporting that Amazon employees are being bribed to do naughty, naughty things like leaking sensitive corporate data.
And they're doing it. Well, I've just said they're bribed, aren't they?
Well, I would recommend so, because any file which you put on Dropbox or Google Drive or OneDrive or those other cloud services, it could be accessed by that company or indeed law enforcement or any hacker who broke into your account.
So what I would recommend is use a piece of software like Boxcryptor.
It's what I run on my computer, and any file before it gets uploaded to those cloud services gets encrypted with my own keys, which I control.
Oh, the cloud service itself can't see the contents of the files which I'm putting on the cloud drive. It's all encrypted. Cool, I'll check it out.
Go to Boxcryptor.com, and thanks to Boxcryptor for supporting the show this week.
Well, chaps, an interesting security story arrived on my desk this week, which was from the Wall Street Journal, which is reporting that Amazon employees are being bribed to do naughty, naughty things like leaking sensitive corporate data.
And they're doing it. Well, I've just said they're bribed, aren't they?
I am very happy that you're covering the story because I've read the headlines on this, but I didn't get into the weeds.
And so I'm very excited to learn about what exactly— I want to know how they're being bribed. Yes.
And so I'm very excited to learn about what exactly— I want to know how they're being bribed. Yes.
Enlighten us. Well, pull up your sports slacks and I will take you into the weeds right now and tell you what is going on, Carole.
Amazon staff, particularly in China, are alleged to have been selling user information and other confidential material to independent merchants on the platform.
So what this is, is there are around about 2 million independent companies who are selling their stuff via Amazon because the whole world goes to Amazon to buy absolutely everything.
So lots of companies think, well, we will get on Amazon's bus, and we will sell stuff via it, right?
Now, Amazon workers are said to have been offering to delete negative reviews and restore banned accounts in exchange for cash.
Amazon staff, particularly in China, are alleged to have been selling user information and other confidential material to independent merchants on the platform.
So what this is, is there are around about 2 million independent companies who are selling their stuff via Amazon because the whole world goes to Amazon to buy absolutely everything.
So lots of companies think, well, we will get on Amazon's bus, and we will sell stuff via it, right?
Now, Amazon workers are said to have been offering to delete negative reviews and restore banned accounts in exchange for cash.
What, calling them up and going, "Hey, hey, Johnny, Johnny, hey, hey, Johnny, Johnny, give me 2 grand and I'll wipe that out. I'll wipe it out completely. No more negative review."
Yeah, I did say they were in China, didn't I?
But anyway, you seem to be doing some sort of accent. Hey, hey, Jimmy Blue Eyes, right? You're doing that kind of way. Hey, Freddy Fingers, what are you doing here?
But anyway, yes, so what's happening is there are intermediaries, there are bad guys out there, right, who are approaching Amazon staff and saying, "Oh, we could put you in touch with some people who can give you some money because of the special access which you have." And Amazon employees in China, surprise, surprise, have relatively small salaries, and so they might be rather tempted to take the risk.
I think a lot of people would argue that everyone who works at Amazon doesn't have a very big salary, except for those at the very, very top.
Geoff Bezos, not doing too badly, is he?
Well, in exchange for payments ranging from about $80 to more than $2,000, these brokers in Shenzhen, China are offering internal sales metrics.
So you can find out how your competitors are doing.
So if you are selling, for instance, a pet fountain to keep your cat watered, you might think, "Oh, you know, we're not selling as well as that other deluxe model over there." Well, you can get the details of exactly how many it's selling and indeed the email addresses of people who've left these reviews.
Well, in exchange for payments ranging from about $80 to more than $2,000, these brokers in Shenzhen, China are offering internal sales metrics.
So you can find out how your competitors are doing.
So if you are selling, for instance, a pet fountain to keep your cat watered, you might think, "Oh, you know, we're not selling as well as that other deluxe model over there." Well, you can get the details of exactly how many it's selling and indeed the email addresses of people who've left these reviews.
Email addresses? So you could basically troll them?
Right, so you could contact them and say, "Hey, I saw that you wrote this very nice review of this competing pet water fountain. Wouldn't you prefer to do one for us?
And we will give you a pet water fountain." You can never have enough.
And we will give you a pet water fountain." You can never have enough.
I would love to have many pet fountains in my house. Exactly.
So you can say, "Look, we'll give this to you for free." And they're also offering to delete negative reviews as well.
Amazon says that this is obviously very, very naughty indeed and is against their terms of employment, and they will take action against any staff who they catch doing this.
Amazon says that this is obviously very, very naughty indeed and is against their terms of employment, and they will take action against any staff who they catch doing this.
Is it really, really naughty or is it kind of in that grey zone? Because it's not they're putting said item to the top of the list or forcing people to see it first.
Well, if they start to share information about how different products are performing on Amazon, and if you start to game the review system, it may be that all those bogus reviews would push you higher up in the charts and you would sell more.
Certainly, when I go to Amazon, quite often I will think, well, I don't know which of these to buy.
I will sort by the number of reviews and see, oh look, this one's got loads and loads of 5-star reviews, for instance.
Therefore it has to be good because on the internet you trust people who are complete strangers, right? It's bizarre, this bizarre phenomenon.
Certainly, when I go to Amazon, quite often I will think, well, I don't know which of these to buy.
I will sort by the number of reviews and see, oh look, this one's got loads and loads of 5-star reviews, for instance.
Therefore it has to be good because on the internet you trust people who are complete strangers, right? It's bizarre, this bizarre phenomenon.
I guess you're right. It is a kind of misinformation, isn't it? You're manipulating the information that should be out there naturally.
Now, Amazon, of course, says that this sort of behaviour is completely against their terms of employment.
If they catch anyone who's doing anything like this, well, it's going to be a disciplinary matter, isn't it?
I mean, they're going to kick them out and potentially take legal action against them as well.
And if they determine that any merchants are trying to game the system, they could find themselves permanently banned, which, you know, I think for many businesses, that would be pretty damaging to no longer be able to use Amazon to sell their products.
If they catch anyone who's doing anything like this, well, it's going to be a disciplinary matter, isn't it?
I mean, they're going to kick them out and potentially take legal action against them as well.
And if they determine that any merchants are trying to game the system, they could find themselves permanently banned, which, you know, I think for many businesses, that would be pretty damaging to no longer be able to use Amazon to sell their products.
I suppose. But isn't it? It's these brokers, right? There's these— it seems there's brokers that work for Amazon employees. So what, this is like a whole underground business?
Yeah, I think there are people who've seen this opportunity and are basically putting these two groups together, the merchants and the people who actually work in Amazon, because one group have some money and the other group have information and data.
So there's a transaction which will take place and the brokers obviously will get their percentage and presumably are doing quite well out of it as well.
Where's the security angle in all this? Well, there's obviously a data leak which is going on.
And by the way, I need to stress, this is not regular Amazon users who are losing their data. I had someone contact me saying, oh, you know, I'm really worried about this.
Has Amazon lost all my information? Has it lost my credit card details? No, no, no, no, no. It's not that kind of data which has come out. It's more metrics.
It's more details about the reviews and potentially the messing around with the reviews as well.
But it's a good reminder for all of us that not all data leaks occur because a hacker has broken into your business.
Quite often a data breach can occur not because of an external hacker, but because of internal staff.
It's these people you've already granted access to your sensitive data, to the people you're actually trusting, you've given accounts to, so they don't need to phish for passwords, for instance.
They might be tempted to exploit their access to that data for financial gain.
So there's a transaction which will take place and the brokers obviously will get their percentage and presumably are doing quite well out of it as well.
Where's the security angle in all this? Well, there's obviously a data leak which is going on.
And by the way, I need to stress, this is not regular Amazon users who are losing their data. I had someone contact me saying, oh, you know, I'm really worried about this.
Has Amazon lost all my information? Has it lost my credit card details? No, no, no, no, no. It's not that kind of data which has come out. It's more metrics.
It's more details about the reviews and potentially the messing around with the reviews as well.
But it's a good reminder for all of us that not all data leaks occur because a hacker has broken into your business.
Quite often a data breach can occur not because of an external hacker, but because of internal staff.
It's these people you've already granted access to your sensitive data, to the people you're actually trusting, you've given accounts to, so they don't need to phish for passwords, for instance.
They might be tempted to exploit their access to that data for financial gain.
Yeah.
So, you know, if you don't pay your employees well or you don't treat them well, surely they're more motivated to find out some more sneaky ways to— It's certainly going to be tempting, isn't it?
So, you know, if you don't pay your employees well or you don't treat them well, surely they're more motivated to find out some more sneaky ways to— It's certainly going to be tempting, isn't it?
And yeah, it all comes down to trust, whether you can trust your employees or not to behave appropriately, as well as having internal controls in place as well, as to what's being accessed.
Another interesting thing though, should you trust any Amazon reviews? When I look at items on Amazon, they're nearly all 5-star or they're 1-star, right?
You don't sort of get any in-between reviews.
Another interesting thing though, should you trust any Amazon reviews? When I look at items on Amazon, they're nearly all 5-star or they're 1-star, right?
You don't sort of get any in-between reviews.
Yeah. Because if something's okay, you're not motivated to go to the site. You're only going to the site unless you're going, it's brilliant, or my God, it's so crap.
Yeah, I think you're right. And there is clearly quite a market going on. There's quite an underground sort of activity in terms of creating fake reviews.
And earlier this month, the Mail on Sunday, a British newspaper, talked to— needs no introduction. Yes, exactly.
They described a Facebook group, which they had found called Amazon UK Reviews, which offers 10,000 items to its 8,000 members on Facebook.
So using that Facebook group, the newspaper posed as a buyer, and they contacted a seller advertising some aviator-style sunglasses for about £20.
And the merchant asked the Mail on Sunday reporter to order a pair on Amazon, and they said, "You will get a full refund after you've given us a 5-star review." And they even offered to pay the £2 post and packing as well.
So nice way to get some free sunglasses.
And it appears that thousands and thousands of people are making use of this service, not just for sunglasses, but thousands and thousands of other items.
And earlier this month, the Mail on Sunday, a British newspaper, talked to— needs no introduction. Yes, exactly.
They described a Facebook group, which they had found called Amazon UK Reviews, which offers 10,000 items to its 8,000 members on Facebook.
So using that Facebook group, the newspaper posed as a buyer, and they contacted a seller advertising some aviator-style sunglasses for about £20.
And the merchant asked the Mail on Sunday reporter to order a pair on Amazon, and they said, "You will get a full refund after you've given us a 5-star review." And they even offered to pay the £2 post and packing as well.
So nice way to get some free sunglasses.
And it appears that thousands and thousands of people are making use of this service, not just for sunglasses, but thousands and thousands of other items.
You don't know that they're being financially motivated to do this. Oh no, you don't realise it.
I mean, I think if you are given a free item and then review it, you're supposed to say, I got this item for free on the basis of providing an independent, unbiased review or something like that.
But I'm sure lots of people don't do that. Another seller in China asked the reporter to plant a question about the noise produced by their pet water fountain.
Now you know why I was mentioning it.
And it was sort of a leading question, obviously, because they wanted to answer it and say, "Oh yes, of all the pet water fountains on Amazon, ours is the quietest and the most soothing." And there was another firm which said, "Look, we'll sell you a £21 snorkel, but we'll give it to you for free if you post up a positive review and include a photograph of yourself with the snorkel to make it look more authentic." So there are lots of fake reviews, it seems.
So Amazon says that less than 1% of the reviews on its site are fake.
But I'm sure lots of people don't do that. Another seller in China asked the reporter to plant a question about the noise produced by their pet water fountain.
Now you know why I was mentioning it.
And it was sort of a leading question, obviously, because they wanted to answer it and say, "Oh yes, of all the pet water fountains on Amazon, ours is the quietest and the most soothing." And there was another firm which said, "Look, we'll sell you a £21 snorkel, but we'll give it to you for free if you post up a positive review and include a photograph of yourself with the snorkel to make it look more authentic." So there are lots of fake reviews, it seems.
So Amazon says that less than 1% of the reviews on its site are fake.
1%? So 1 in 100.
That's what Amazon says, but how would Amazon know whether they are fake? There is an organisation called ReviewMeta. They have a website which analyses the authenticity of reviews.
Again, I'm not sure quite how they determine it, and they say that some products have got thousands of fabricated bogus comments.
Again, I'm not sure quite how they determine it, and they say that some products have got thousands of fabricated bogus comments.
I'm not surprised by that. I don't think anyone is going to be really surprised by that. I don't think anyone goes to Amazon and thinks these are all true.
Well, perhaps not, but certainly I put my hand up, I am influenced by the number of reviews and the average rating of a product when I decide what to buy.
And I'm sure many other people are as well. You do tend to go in and go, just show me the 5 stars. Yeah, and show me, in your case, the most expensive.
Now, this got me thinking, Carole, because it's always nice to have reviews of the podcast, isn't it? Do you think any of our reviews are fake?
Absolutely not. Have you paid anyone for a review?
Well, I might have twisted the arm of some relatives occasionally. People down the pub or at the chess club say, look, maybe you could review this podcast.
But in your case, it's commitment to the cause?
I just think it's for the greater good, Carole. The ends, yes.
What is it? The ends justify the means?
Thank you. Yes, that's exactly it.
That's what a lot of shady people say.
But I'm not offering money yet. Not offering money.
Oh, because you're too tight. Who have I partnered with?
David, what's your story for us this week?
What's that? Did you hear that?
Yes. That was crazy.
Are you okay, David?
David, are you all right? He did say the weather was a bit bad out there to me earlier on. David? Where'd he go? I think we've lost him.
I hope he— Okay, so let's— Slightly worrying.
I hope he— Okay, so let's— Slightly worrying.
Okay, we'll be back in a moment.
Due to weather conditions where David is based, I'm afraid we have to interrupt his broadcast at this point and carry on a deux.
Yes, he is all right, everybody at home, but his internet connection, not so good.
Thank God he wasn't in, you know, North Massachusetts, one of the exploding houses.
What's that?
Oh, read about it. It's just a gas failure where houses were actually exploding.
Oh, crikey. Okay. Well, on that bombshell, I suppose without David for the rest of the show, I guess we've never had half a guest before.
I guess, Carole, what's your story for us this week?
I guess, Carole, what's your story for us this week?
So my story is a confession rather than a story, actually.
Oh, good, fine. This is what I wanted to hear.
Excellent. So I'm deeply, deeply uncomfortable with this whole concept of deepfakes.
In case some of our listeners are not up to speed on this AI-powered manipulation, please allow me. The best way to think about deepfakes is fake news but turned up to 11.
And it's a really new phenomenon. It only started in late 2017 where people began buzzing online about using deep learning algorithms to swap faces in videos.
I think Maria spoke about this in one of our early episodes on Smashing Security.
In case some of our listeners are not up to speed on this AI-powered manipulation, please allow me. The best way to think about deepfakes is fake news but turned up to 11.
And it's a really new phenomenon. It only started in late 2017 where people began buzzing online about using deep learning algorithms to swap faces in videos.
I think Maria spoke about this in one of our early episodes on Smashing Security.
She did. It's really convincing, isn't it? Some of these videos when they swap the faces or swap the voices.
Well, that was quite a while ago and things have come on leaps and bounds since then. So we're talking really realistic face swapping here. It's hard to detect it isn't real.
People are agog at how eerily accurate the lip-syncing was. So, for example, you could take someone Dorothy in Wizard of Oz and replace her with Donald's mug and quiff.
But then, you know, but she, I guess he'd have really tiny, soft little hands, wouldn't he?
People are agog at how eerily accurate the lip-syncing was. So, for example, you could take someone Dorothy in Wizard of Oz and replace her with Donald's mug and quiff.
But then, you know, but she, I guess he'd have really tiny, soft little hands, wouldn't he?
I think you'll find, Carole, that Donald Trump is already in The Wizard of Oz, but he's playing the part of the Cowardly Lion. They do look quite similar.
I don't know if you've ever noticed that, but there is a thing.
I don't know if you've ever noticed that, but there is a thing.
No, the Cowardly Lion is a lovely, lovely person who just is a bit insecure, not some— Well, dot, dot, dot.
I don't know if the Cowardly Lion has bone spurs and that prevented him from going to the Vietnam War about 30 years after the movie was made.
Wizard of Oz. What? Okay, I'm just thinking, what would the Cowardly Lion do in a war?
Probably hide in Iowa or something that, I would think. Upstate New York. I don't know, where would he have—
The Cowardly Lion would never be in a war. No, but he might be—
They might try and conscript him.
Yeah, okay, true, true, true. However, you digress. Oh, pardon me.
So people started kind of doing these face swapping thing, and as with everything on the internet, it kind of started going a bit too far, in a crazy serious way where people were actually face swapping celebrities and replacing porn actor faces while they were doing their thingy on the films, if you can call them that.
Now, this caused all kinds of shame and confusion, and this is all in the name of shock and giggles, right? But not everyone found it funny.
Even Reddit decided to get rid of its deepfake subreddit, classifying it as a form of involuntary pornography, and even updated the rules on explicit imagery and consent.
So people started kind of doing these face swapping thing, and as with everything on the internet, it kind of started going a bit too far, in a crazy serious way where people were actually face swapping celebrities and replacing porn actor faces while they were doing their thingy on the films, if you can call them that.
Now, this caused all kinds of shame and confusion, and this is all in the name of shock and giggles, right? But not everyone found it funny.
Even Reddit decided to get rid of its deepfake subreddit, classifying it as a form of involuntary pornography, and even updated the rules on explicit imagery and consent.
And you know something has become particularly tasteless when Reddit bans it from its site, don't you? You really know that you've stepped over the line at that point.
Well, yes, I would agree with that.
Now, researchers, however, said that there was one problem, there was one flaw in deepfakes that even the average person would be able to notice and pick up, and that is the lack of blinking.
And honestly, when I heard that, I was totally relieved because then at least there was a tell, right, that I could spot and go, oh, okay, look, he hasn't blinked in four hours.
Must be, you know, must be a fake.
Now, researchers, however, said that there was one problem, there was one flaw in deepfakes that even the average person would be able to notice and pick up, and that is the lack of blinking.
And honestly, when I heard that, I was totally relieved because then at least there was a tell, right, that I could spot and go, oh, okay, look, he hasn't blinked in four hours.
Must be, you know, must be a fake.
But they could probably swap the face of a celebrity wearing sunglasses, and then you wouldn't know if—
Ah, you see, you see that? But I would be on to that.
I'd be like, I can't see his eyes, I can't see her eyes. So it seems already though, that's now yesterday's problem.
Over the summer, two pieces of research, one a collaboration from Stanford and Bath universities, shows that anyone could be the source actor and have their facial expressions transferred onto another person's video.
It would be like a video you, Graham, with the expression of, say, Piers Morgan mashed into your digital self?
Over the summer, two pieces of research, one a collaboration from Stanford and Bath universities, shows that anyone could be the source actor and have their facial expressions transferred onto another person's video.
It would be like a video you, Graham, with the expression of, say, Piers Morgan mashed into your digital self?
Oh, the thought of Piers Morgan being mashed into me, that is quite vile, I have to say.
Yes, I don't think anyone wants to see that, and I certainly don't want to be present when it happens.
Yes, I don't think anyone wants to see that, and I certainly don't want to be present when it happens.
And you know, it even gets worse than that. Researchers from—
No, it can't get worse than that.
Wait, wait.
Researchers from Carnegie Mellon seem to have figured out a way to automatically transfer the style of a person to another, all without input alignment or manual supervision, which is basically tech talk to say they have made it a bit easier to do this.
Now look, I have a video and you can talk us through it if you want, Clue.
Now look, I have a video and you can talk us through it if you want, Clue.
You want me to click on the link?
Am I about to get Rickrolled? No Rickroll, I promise.
Okay, okay, I'm clicking on it here. I'm seeing— oh, it's John Oliver and Stephen Colbert. And they seem to be making the same facial movements.
They're saying the same thing at the same time.
They're saying the same thing at the same time.
John Oliver on the left is the real one. Stephen Colbert is just mimicking him completely.
Oh, here we've got Martin Luther King and Barack Obama.
And have you noticed something that I mentioned already? They're blinking. They're blinking.
They are blinking. Very, very lifelike. Extraordinarily. I know.
And apparently, you know, the thing that I keep worrying about here is, again, why is it that seemingly smart and good people representing big good institutions are working on things like this?
Who's funding this research?
Who's funding this research?
Well, yeah, I mean, what is the actual point?
What is the point of doing this, right? Yeah, there are researchers and students or whoever who's working on this, professors, and millions of pounds. Is there a function for this?
Is there some positive outcome? Is this to make movies better in Hollywood, or what's the— I don't know.
Is there some positive outcome? Is this to make movies better in Hollywood, or what's the— I don't know.
That seems to be one of the big plugs for this, right?
So, in one exercise, for example, the Carnegie researchers collected the video data of various wind and cloud conditions, right? So, like a calm day or a windy day.
And then they converted a calm day into a windy day and a windy day into a calm day using their approach without modifying the aesthetics of the place.
And they were able to do this with sunsets. So in other words, you can digitally manipulate the weather, which could prove useful for things like movies or maybe training, right?
I was trying to think what else would be good for, like schooling. So, you know, training drivers or mountaineers or weather forecasters.
So, in one exercise, for example, the Carnegie researchers collected the video data of various wind and cloud conditions, right? So, like a calm day or a windy day.
And then they converted a calm day into a windy day and a windy day into a calm day using their approach without modifying the aesthetics of the place.
And they were able to do this with sunsets. So in other words, you can digitally manipulate the weather, which could prove useful for things like movies or maybe training, right?
I was trying to think what else would be good for, like schooling. So, you know, training drivers or mountaineers or weather forecasters.
Oh, okay.
Like if you're in a simulator, just to stress what you're describing is some way of making it appear to be something in a movie or in some sort of digital, you're not actually changing the weather, are you?
Because that would be cool. That would be the kind of thing that I think they should be doing research into.
Like if you're in a simulator, just to stress what you're describing is some way of making it appear to be something in a movie or in some sort of digital, you're not actually changing the weather, are you?
Because that would be cool. That would be the kind of thing that I think they should be doing research into.
I mean, imagine, for example, someone is responsible for a huge— like Ice Road Truckers, right?
And you're trying to train them for their first journey out on the ice up north, and you would have a nice calm scene as they're kind of simulating the drive along the mountain, and suddenly hit them with a huge storm.
And you're trying to train them for their first journey out on the ice up north, and you would have a nice calm scene as they're kind of simulating the drive along the mountain, and suddenly hit them with a huge storm.
Piers Morgan's in the middle of the road. Will you avoid him or not?
No, you're gonna hit him. Oh, what a shame. So I don't know.
I don't know if it bugs me more today because, of course, the US midterms are almost upon us and candidates are heating up their campaigns, right?
And the idea of realistic deepfakes, as well as fake news, just to try and spread more misinformation at a time where people are trying to decide how to vote is deeply troubling.
And the idea of realistic deepfakes, as well as fake news, just to try and spread more misinformation at a time where people are trying to decide how to vote is deeply troubling.
Yes, because people are so uncertain as to what to believe right now. If you see it with your own eyes, you know, you say that he said this or that.
But if someone, I mean, sort of a James Bond plot really, isn't it?
But if someone was to take a video of a top politician and use deepfake technology to have them saying something which they never said or doing something which they never did.
But if someone, I mean, sort of a James Bond plot really, isn't it?
But if someone was to take a video of a top politician and use deepfake technology to have them saying something which they never said or doing something which they never did.
Exactly. And who's going to believe the media that's saying, no, no, it's a fake, it's a fake, when you have loads of media going, no, it's real.
Or if the movie footage was real, then that politician might say, well, it's a fake. Obviously, it's a deepfake. Obviously, isn't it? It's extraordinary.
You know what, you know, soon deepfakes may be so realistic that we may have to depend on AI to detect the deepfakes. Oh, for goodness.
And in the meantime, though, we need to adapt to the idea that the lines between reality and the fake are completely blurred. Like seeing is no longer believing.
Okay, my brain hurts now. It does.
And in the meantime, though, we need to adapt to the idea that the lines between reality and the fake are completely blurred. Like seeing is no longer believing.
Okay, my brain hurts now. It does.
My brain hurts. My heart hurts. Carole, this is horrendous. The whole world's going to hell.
I wonder if millennials and, you know, Gen Z would kind of think, well, I don't trust anything anyway. You'd be crazy to trust anything.
Maybe we're the last generation who had any kind of real trust in things outside our circle.
Maybe we're the last generation who had any kind of real trust in things outside our circle.
All right.
Okay, well, let's not have it said that Smashing Security is not educational.
Graham, one more thing. You mentioned Boxcryptor earlier. Yes, yes. What about price? Is it super expensive?
Oh no, it's free for non-commercial use.
And if you have a company and want to take advantage of some of the enterprise features, then obviously you spend a little bit of money, but they have licenses as well.
It's encrypted before it reaches the cloud, works with lots of cloud services, and it's cloud security made in Germany. That's cool, isn't it? Boxcryptor. Boxcryptor.com.
Go and check it out. And welcome back. Can you join us on our favorite time of the show? Part of the show that we like to call Pick of the Week.
And if you have a company and want to take advantage of some of the enterprise features, then obviously you spend a little bit of money, but they have licenses as well.
It's encrypted before it reaches the cloud, works with lots of cloud services, and it's cloud security made in Germany. That's cool, isn't it? Boxcryptor. Boxcryptor.com.
Go and check it out. And welcome back. Can you join us on our favorite time of the show? Part of the show that we like to call Pick of the Week.
Pick of the Week. Pick of the Week.
I'm just playing to be David.
Pick of the Week is the part of the show where everyone chooses something they like.
It could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website. Or an app, whatever they like.
It doesn't have to be security-related necessarily.
It could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website. Or an app, whatever they like.
It doesn't have to be security-related necessarily.
It definitely should not be security-related.
Well, mine is tangentially security-related, but not really.
Okay, go for it.
My pick of the week is the Bitcoin price prediction tracker. And this hangs out at a website called burrcoin. Bircoin.top.
And the reason why it's called bircoin rather than bitcoin, by the way, is because it is all about a tweet which John McAfee made a while ago where he misspelled bitcoin and called it bircoin instead.
John McAfee, back on July 17th, 2017, made a bet, and he said that one single bitcoin would be worth $500,000 within 3 years.
And he later revised that bet saying that one bitcoin would actually be worth $1 million by the end of 2020.
And he said if it isn't worth $1 million by then, he would, quote, eat his dick on live TV.
And the reason why it's called bircoin rather than bitcoin, by the way, is because it is all about a tweet which John McAfee made a while ago where he misspelled bitcoin and called it bircoin instead.
John McAfee, back on July 17th, 2017, made a bet, and he said that one single bitcoin would be worth $500,000 within 3 years.
And he later revised that bet saying that one bitcoin would actually be worth $1 million by the end of 2020.
And he said if it isn't worth $1 million by then, he would, quote, eat his dick on live TV.
Wow. Charming. He must be quite well endowed to be able to do that.
I think he would chop it off first, Carole. Oh my God.
I don't think— Oh, I was— okay. Yeah. Wow. I don't think he meant that.
Some of us would probably think it'd be— what?
I didn't mean to be rude, but I think— what do you think? I don't think he literally meant it like Jeffrey Dahmer. Oh, I did. Okay.
I would not have thought that at all.
I imagined he'd be putting on a napkin and a knife and fork.
If you think of other genders and the elements that make those genders those genders, you could use that verb with certain elements.
So are we seriously talking about this during Pick of the Week? Can I get to my Pick of the Week, please?
Rather just— all right, it doesn't matter exactly how he's— because he's obviously not going to do it either way because he's John McAfee, right?
It's a load of old nonsense, right? Which he said. But the question on everybody's lips, as it were, is, is he losing his bet?
Well, the Bitcoin price prediction tracker can tell you, because if you go to that link, bircoin.top, it will show you whether he is losing his bet or not.
Because of course, to get up to $1 million by the end of 2020, you would expect it to be going somewhere along the route already.
And so what the website does is it tracks where you would expect the price of Bitcoin to be right now and where it actually is.
So according to his prediction, the price of bitcoin should currently be $17,692. Yeah, but at the time of recording, it's actually $6,377.
So he is 210 days currently behind schedule.
Rather just— all right, it doesn't matter exactly how he's— because he's obviously not going to do it either way because he's John McAfee, right?
It's a load of old nonsense, right? Which he said. But the question on everybody's lips, as it were, is, is he losing his bet?
Well, the Bitcoin price prediction tracker can tell you, because if you go to that link, bircoin.top, it will show you whether he is losing his bet or not.
Because of course, to get up to $1 million by the end of 2020, you would expect it to be going somewhere along the route already.
And so what the website does is it tracks where you would expect the price of Bitcoin to be right now and where it actually is.
So according to his prediction, the price of bitcoin should currently be $17,692. Yeah, but at the time of recording, it's actually $6,377.
So he is 210 days currently behind schedule.
And when— and how long does he have? He's got another 100 days or so, 140 days.
Oh no, he's got a bit longer than that. He's got until the end of 2020.
Okay, sorry. Yeah, to reach $1 million.
But frankly, he ain't doing too well at the moment.
No, no.
So I like to keep track of this because I like to set the TiVo in order to record the TV and make sure that in case I'm not in whenever this happens.
And I think this is a great use of the internet as well as a good way of seeing how the bitcoin price is going, which frankly isn't that good at the moment.
And I think this is a great use of the internet as well as a good way of seeing how the bitcoin price is going, which frankly isn't that good at the moment.
Why do you have— and that is why it is—
I do have some bitcoin. Yes. Although it turns out it's worth somewhat less than it was when I bought it.
But that is why it is my pick of the week.
Interesting pick of the week, TM.
Carole, what is your pick of the week?
Well, my pick of the week is for budding cooks, Graham Cluley. Oh yes. Even for advanced cooks, actually.
So I cook a lot and there's a million zillion websites out there that offer up recipes and some of them, a lot of them, if they're not gross, they're not great.
So I am going to offer a few websites that I've used a lot. I cook a lot. I know these are good sites. They got my seal of reliable food advice.
So I cook a lot and there's a million zillion websites out there that offer up recipes and some of them, a lot of them, if they're not gross, they're not great.
So I am going to offer a few websites that I've used a lot. I cook a lot. I know these are good sites. They got my seal of reliable food advice.
So these have actually been endorsed by one of the co-hosts of Smashing Security as being excellent recipe cooking websites? Well, this is fantastic.
So you got 3 of them, right?
All right, let's hear them. Let's hear them. Ready?
Number 1, it's called Serious Eats by Kenji López. This guy sharpened his knives at Cook's Illustrated and America's Test Kitchen. And he runs this food blog called Serious Eats.
And everything's really well researched, big on flavor. And he also has a book out called Food Lab, which I own, and I think is an excellent book.
And everything's really well researched, big on flavor. And he also has a book out called Food Lab, which I own, and I think is an excellent book.
Number 2. All right, number 2.
Number 2, Felicity Cloake's, How to Make the Perfect Whatever. This is for The Guardian newspaper.
She's an author of 6 cookbooks, won awards, food awards, such as a food journalist of the year.
And she carries this series in The Guardian of how to make the perfect X, so whatever it be, like a spanakopita or fish tacos.
And she researches loads of recipes first and mashes the best bits up with cooking smarts.
She's an author of 6 cookbooks, won awards, food awards, such as a food journalist of the year.
And she carries this series in The Guardian of how to make the perfect X, so whatever it be, like a spanakopita or fish tacos.
And she researches loads of recipes first and mashes the best bits up with cooking smarts.
Sorry, did you say spank utopia? Spanakopita.
What is that? It's a spinach dish with filo pastry on top. It's quite nice. It's Greek. It's very good.
Oh, yeah, I know what it is. I was just asking for our audience in case they didn't. Oh, really?
Really? You're just testing me, I think. And for those that like sweets, I think a great website is called The Joy of Baking. This is run by Stephanie Jaworski. She has been around.
She's been running the site since 1997. And she is a real home baker who knows her stuff. And she's got videos. She's the American Mary Berry, but I don't know. She's pretty cool.
She's been running the site since 1997. And she is a real home baker who knows her stuff. And she's got videos. She's the American Mary Berry, but I don't know. She's pretty cool.
Is she Gen X?
No, she's not Gen X. She'd be, she's, well, maybe she is.
Maybe that's unfair. Could be. Yeah, she could be Gen X.
Because you're almost 50, aren't you?
And on that bombshell, we just about wrap up this very special episode of Smashing Security.
We'll send a Red Cross food parcel to David Bisson to make sure that he's all right and survive in whatever bizarre weather system he's got out there.
And if you want to follow David, I do happen to know that you can follow him on Twitter @dmbisson, B-I-S-S-O-N, and you can follow the Smashing Security Show as well on Twitter @smashinsecurity, no G.
Twitter wouldn't allow us to have a G.
And you can also— it's a good idea, by the way, to follow us on Twitter because occasionally we tweet out special offers for our online store, such as 20% off vouchers.
We'll send a Red Cross food parcel to David Bisson to make sure that he's all right and survive in whatever bizarre weather system he's got out there.
And if you want to follow David, I do happen to know that you can follow him on Twitter @dmbisson, B-I-S-S-O-N, and you can follow the Smashing Security Show as well on Twitter @smashinsecurity, no G.
Twitter wouldn't allow us to have a G.
And you can also— it's a good idea, by the way, to follow us on Twitter because occasionally we tweet out special offers for our online store, such as 20% off vouchers.
Line up, guys, line up!
Because if you want mugs and t-shirts and stickers and things like that, which you almost certainly do, go to smashingsecurity.com/store where we give away everything at cost price.
We don't make a penny out of it. Thank you for tuning in.
We don't make a penny out of it. Thank you for tuning in.
Thank you for joining me, Carole. You're very welcome.
Thank you for having good weather at your place.
My pleasure. If you like the show, rate it on Apple Podcasts.
Please do. It makes such a difference to my day after having to do one of these.
And in fact, why not subscribe to the show so you never miss a future episode? It'll be downloaded to your device and we'll feel a warm glow inside our bellies.
Until next time, cheerio, bye-bye.
Until next time, cheerio, bye-bye.
Bye everyone.
I was just surprised you thought he was talking about fellatio. Yes, you think he means— I don't think he is. I've never read it like that.
But that doesn't mean that you're right.
Well, I don't know, maybe he is saying that. Maybe you're right. Maybe we should do a poll on Twitter.
Maybe we should ask what does he mean by eating a dick.
Is he going to cut it off? Will he be getting his napkin out?
So these are going to start doing some serious yoga.
Well, he is into yoga.
Well, there you go. I've got to run a yoga retreat.
Look, you guys are just fooled.
All he's going to do is show off and you're going to be totally—
Oh yeah, he's gonna be laughing his way. Well, he won't be laughing, I suppose, if he's busy. It could be dangerous.
Take your false teeth out first.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
David Bisson – @DMBisson
Show notes:
- 'Pull your finger out' – the phrase's meaning and origin
- Amazon Investigates Employees Leaking Data for Bribes – WSJ
- Amazon staff said to be taking bribes to leak data
- Crooked firms bribe customers with free gifts to leave fake reviews
- Smashing Security 063: Carole's back! (where Maria Varmazis discusses deepfakes)
- Carnegie Mellon Researchers Develop New Deepfake Method
- Transferring One Video Into the Style of Another – YouTube
- The Secret to Detecting Deep Fakes Is in the Eye Blinks
- Reddit bans ‘deepfakes’ AI porn communities
- Bitcoin Price Prediction Tracker
- Serious Eats: The Destination for Delicious
- JoyofBaking.com
- How to cook the perfect …
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsor: Boxcryptor
Boxcryptor encrypts your sensitive files and folders in Dropbox, Google Drive, OneDrive and many other cloud storages. It combines the benefits of the most user friendly cloud storage services with the highest security standards worldwide. Encrypt your data right on your device before syncing it to the cloud providers of your choice. Visit www.boxcryptor.com now.
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Hi Graham,
Thanks for all the work so far in bringing this information to the public, I was wondering/hoping that there is a possibility of a transcript of the podcasts (or a text version) that deaf people like myself could access as podcasts unfortunately excludes us that cannot hear.
Thanks
Hi Xander. Thanks for the question.
Unfortunately, at the moment we're not able to produce transcripts because of the cost and time involved. There are some cheaper automated systems that offer to produce transcripts but in our experience they do a pretty poor job, so we're not keen.
Maybe the automated systems will get better, or maybe we'll get a large enough audience that a proportion will be prepared to pay for a transcript for each episode. If either of those happen we'll definitely consider it!
Sorry, I know that's not the answer you're looking for. Hopefully the show notes will be a small comfort in the meantime.
I am not sure, if that helps! Why don't you consider outsourcing transcript to other countries like China, India, etc they will be more than willing to do so at affordable rates I guess…
I have no doubt some of the manual services already outsource the transcription to countries you mention. Unfortunately, for us, the result is either poor quality or cost prohibitive.
Maybe this is a service we'll be able to provide listeners in future – although it may come under some "membership" deal for listeners who want them (a few dollars a month) to cover the additional costs.