A hospital gets hacked because of an ex-employee’s grudge, robocalls are on the rise, and we share a scary story about the future of facial recognition.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Michael Hucks.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
This is something I flippantly recorded. It is probably going to be the most famous video that I'll ever make in my life.
Sod all that. How much is the dog getting? What percentage is the dog getting? And did you ask the dog's permission before uploading it to the internet? What about facial recognition?
There's a lot of similar looking dogs out there.
There's a lot of similar looking dogs out there.
Oh, I didn't even think to ask.
Smashing Security, episode 162. Robocalls, health hacks, and facial recognition fears. With Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 162. My name's Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 162. My name's Graham Cluley.
And I'm Carole Theriault.
And we're joined this week by an old guest. Well, he's not old in years, but he was last on the show a couple of years ago. It's Michael Hucks from PC Matic. Hello, Michael.
Hello, everyone. Good to be here.
Thanks for coming back on the show.
It's my pleasure. It's been way too long.
So, Carole, I've got a funny thing happened on the sofa last night. What do you—
Do I want to know? I don't know. I want to know.
I'm not sure I should tell you or not, right? Because—
Maybe you shouldn't.
Well, maybe I shouldn't share all the details with you.
I mean, is it about me? Is it about me?
Oh, see, this is the thing. It does touch upon you. So, my wife and I, we were watching a TV show on the old Netflix.
Right.
And so, the main female character in the show, right? I say to my wife, I shouldn't really be telling you this at all, Carole. Let's just move on.
You know what, was she really cool, smart, sassy, fun?
No, I said she was kind of irritating. And my wife laughed and she said, "That's funny because she really reminds me of Carole."
And then you both died laughing. And you went, "Oh my God, you're right." No, no, no, I didn't say that, obviously.
But I thought you'd be interested in hearing that. So, I guess—
You know, I'm actually hurt.
And if anyone else wants to try this out— Oh yeah, who is it?
Who is it?
Who is it?
Are we gonna know who this mystery person is?
I can't even believe that didn't occur to me.
It's not anyone famous. Her name is Victoria Pedretti, and she is in the second season of You, which is all about a guy who stalks women in order that they fall in love with him.
I am also watching that show right now. I'm on episode 10 of the first season. So no giveaways here, but I'm in.
So yeah, so this is the second series.
Okay, so you've watched it. So this is what the girlfriend in You—
I don't believe I've made it to this person being a part of the show yet. I'm still in season 1.
The main woman in the main woman in series 2, her character's name is Love Quinn, which is a fairly ridiculous name, especially when you find out that her brother is called Forty.
I imagine her parents were fans of tennis or something. So you have love and 40.
But anyway, so— But the actress, I'm sure she's a lovely actress, but I find her extremely irritating.
I imagine her parents were fans of tennis or something. So you have love and 40.
But anyway, so— But the actress, I'm sure she's a lovely actress, but I find her extremely irritating.
And like me.
No, no, I didn't say— Do you agree though? We don't have enough time to discuss this tittle-tattle in detail. Tell us what's coming up on the show this week.
Well, yeah, no, yeah, here. Here's a little insult and now go do your job.
Yeah, what a—
Go cut a cheese sandwich.
Just move right past that.
Play the music, play the music.
Well, first we should thank this week's sponsors, DomainTools and LastPass. Their support helps us give you this show for free.
Now Graham dives into the murky case of a hospital hacker. Mikey waxes lyrical about his absolute love for robocalls.
And I'm sharing a crazy scary story about a secret facial recognition tool. All this and oh so much more coming up on this episode of Smashing Security.
Now Graham dives into the murky case of a hospital hacker. Mikey waxes lyrical about his absolute love for robocalls.
And I'm sharing a crazy scary story about a secret facial recognition tool. All this and oh so much more coming up on this episode of Smashing Security.
Now, chums, chums, I want to talk to you today about grudges. Have you ever had a grudge, Carole?
I do now.
Yeah.
Yeah.
Maybe.
Three years of my life.
Taken a dislike to someone. Well, I'll tell you about someone who has a grudge.
His name is Daniel Mooney, and he was an administrator at a hospital in Great Britain, and he lost his job three years ago because he'd been caught remotely accessing the internal network of the heart and lung department where he worked of the Royal Stoke Hospital from his home computer.
And he was accessing that network, of course, without authorization. Whoa. Yeah, so naughty.
His name is Daniel Mooney, and he was an administrator at a hospital in Great Britain, and he lost his job three years ago because he'd been caught remotely accessing the internal network of the heart and lung department where he worked of the Royal Stoke Hospital from his home computer.
And he was accessing that network, of course, without authorization. Whoa. Yeah, so naughty.
Well, that's just not just naughty. How the heck could he get in and do that?
Well, you know, username and password, I guess.
Right.
And it's the NHS network, and I imagine there weren't sufficient defenses in place to prevent people from logging in from remote IP addresses.
Well, the hospital came down on him hard, and he lost his job, and he was also cautioned by the police.
And as part of his caution, he agreed that he would not access any of the hospital's IT systems in future, and he would not even enter the hospital unless he was unwell or visiting a patient.
Well, the hospital came down on him hard, and he lost his job, and he was also cautioned by the police.
And as part of his caution, he agreed that he would not access any of the hospital's IT systems in future, and he would not even enter the hospital unless he was unwell or visiting a patient.
Well, okay. Yeah, it seems like—
Yeah, no, you mean he can't come to the café and grab a sandwich?
Well, you know, he might get a job, you know, serving sandwiches, or maybe he's a painter and decorator is his new job, and he has a big commission at the hospital.
Anyway, he's not allowed to come to the hospital unless he's got a broken leg or a splinter or something like that, or has a friend who has, and not have any contact with hospital staff unless asked to by the HR department.
So I guess HR were thinking, well, if he has any knowledge or if he knows any passwords or if—
Anyway, he's not allowed to come to the hospital unless he's got a broken leg or a splinter or something like that, or has a friend who has, and not have any contact with hospital staff unless asked to by the HR department.
So I guess HR were thinking, well, if he has any knowledge or if he knows any passwords or if—
Yeah, but the HR department is not his HR department if he doesn't work there anymore.
Well, this was the deal. This was— he was given the caution and he agreed to these terms, right? And so the police didn't take any further action.
Okay. Okay, I have a lot of questions here, but fine.
Well, you may have even more questions when you find out this, because it turned out that when he had accessed the network, he hadn't actually accessed any sensitive data.
So what he got fired for, he hadn't actually done what he wanted to do.
He had connected, but he hadn't accessed any sensitive data, right? And he was really peeved about this, right? Imagine someone who's very annoyed.
So he's annoyed that he's being treated like a criminal even though he did nothing wrong in his mind.
Well, in his mind, he might have thought it was. I mean, it's very strange, this case, because a bit of me thinks, was he actually testing the systems? To see if it was possible.
And certainly if I was in his shoes, maybe I would've used that kind of defense.
And certainly if I was in his shoes, maybe I would've used that kind of defense.
Sure, or was he doing work? I mean, if he wasn't accessing sensitive data, do they know why he was accessing the system?
Right, because sometimes you might log in from home to a corporate network and think, well, I can do a little bit of work. It's easier this than me driving into the office.
And some organizations have got problems with that, quite understandably, and others are much more lax about it.
And some organizations have got problems with that, quite understandably, and others are much more lax about it.
So he's feeling a bit righteous. He's like, okay, I did something a little bit maybe naughty, a tiny bit, but certainly not something that deserves me losing my job.
And not being allowed to go to the hospital unless he was on leave.
Yeah, 'cause I really want a sandwich. I love those egg sandwiches.
They have really good sandwiches.
They actually, they do. I've been to some fantastic little shops in hospitals.
And wouldn't it also support the Hospital Trust more if you were to go and frequent those stores rather than the high street?
And wouldn't it also support the Hospital Trust more if you were to go and frequent those stores rather than the high street?
I don't know.
But anyway, he, as a result of this, of being peeved, he launched an appeal against the police caution saying, you know, this is just, this is overkill.
And that appeal was unsuccessful.
And that appeal was unsuccessful.
Okay.
And you know what that meant?
He's even more peeved.
Yeah, now he's got the hump, right?
Of course he does. He looks like a camel.
He looks like Quasimodo. He thought, oh, and he believed he wasn't the only person who had been remotely accessing the hospital network.
Oh, so he thought, I mustn't be the only person, but I'm taking the fall. I'm the fall guy for everybody else.
He's the fall guy. He's like Lee Majors. He's taken the brunt of all of this, whereas maybe other people should have been as well.
And the mistake he then made was to allow that grievance to grow inside him and take over all of his feelings.
And in December 2017, months after Mooney had been dismissed, the hospital's head of cybersecurity noticed something a little bit strange.
And the mistake he then made was to allow that grievance to grow inside him and take over all of his feelings.
And in December 2017, months after Mooney had been dismissed, the hospital's head of cybersecurity noticed something a little bit strange.
Okay.
They discovered that there was an unauthorized user with admin rights to the server. They thought, this is a little bit suspicious. Why is this extra user with all of these rights?
Who could that be?
Who could that be?
Was it Mooney?
Well, yeah. As the police searched Mooney's home, they found two disk drives containing documents related to the disciplinary process that had been through.
Remember, he got dismissed, right?
And he had all these internal documents, documents which hadn't been shared with him about what was going to happen with Mooney and what the process was and the communications between the managers.
He'd managed to get hold of that.
And furthermore, he'd also accessed 600 staff-related documents, 150 management documents, and almost 9,000 medical images of heart scans, sort of cardiac-related stuff from his department.
Remember, he got dismissed, right?
And he had all these internal documents, documents which hadn't been shared with him about what was going to happen with Mooney and what the process was and the communications between the managers.
He'd managed to get hold of that.
And furthermore, he'd also accessed 600 staff-related documents, 150 management documents, and almost 9,000 medical images of heart scans, sort of cardiac-related stuff from his department.
Okay, so was he just grabbing everything he could get his hands on?
Well, I don't know. I mean, it seems a strange thing to collect, doesn't it? I mean, some people have got foot fetishes, right? I was waiting for one of you to say yes.
Oh yeah, look at that X-ray.
What would you call those people?
People into X-ray. Well, you know.
That's X-ray-ted. I'll see myself out.
So was he potentially, was he trying to maybe build an app and he needed that information? Was he that kind of guy?
Or was it a porn site for X-ray fetishists? I mean, there are fetishes for everything, Graham.
We could speculate very— yes.
That's a thing.
Maybe he was thinking if he just comes in and grabs as much as he can possibly grab, and just to get off the system quickly, and then he can scan through it in his own private home rather than spending hours and hours and hours on the system.
Maybe he was thinking if he just comes in and grabs as much as he can possibly grab, and just to get off the system quickly, and then he can scan through it in his own private home rather than spending hours and hours and hours on the system.
I don't know why he grabbed all this data, including the medical data.
One theory I would have would be maybe he's grabbing all this data to go back to them and say, "Aha, look, you've got security issues. Aren't I a hero?
Maybe you should reinstate me in your IT department because I can fix these kind of problems." I mean, foolhardy as that was, particularly as he'd already had a police caution, maybe that was incentive to do it.
One theory I would have would be maybe he's grabbing all this data to go back to them and say, "Aha, look, you've got security issues. Aren't I a hero?
Maybe you should reinstate me in your IT department because I can fix these kind of problems." I mean, foolhardy as that was, particularly as he'd already had a police caution, maybe that was incentive to do it.
Oh yeah, yeah, he's obviously knitting with one needle, right?
Well, he admitted an offence this last week under the Computer Misuse Act. And I wonder if you agree with this or not, he avoided jail. He has not been jailed.
Do you think he should have been jailed? Bearing in mind he's been warned before.
Do you think he should have been jailed? Bearing in mind he's been warned before.
So he's stolen this stuff.
Yep.
But he hasn't done anything with it. He hasn't demanded ransoms. He didn't post them on the web somewhere.
Right.
Or we don't know, I suppose.
Well, as far as we know, that didn't happen, but it was being stored on his computer at home instead.
Yeah, I don't think he should go to jail.
Maybe not jail. I feel he was warned. He did have an agreement that he wasn't going to do this. It's not it just kind of came out of nowhere.
He should have aggression management courses. You know, how not to hold a grudge, how to forgive and forget. You know, how to make friends.
I think there's a lot of people who need to know how not to hold a grudge.
Yeah.
True.
Yeah.
But some of us have a reason to there, Sunshine. And I don't think 15 minutes is long enough.
Instead of being given a jail sentence, he got a 12-month community order, which includes 160 hours unpaid work.
Not at the hospital.
And don't take comfort there. And he must pay £2,000 in prosecution costs as well. So, I mean, it's—
You see, England is great. That would be unheard of in the States, right, Mikey?
I think so. Yeah, you'd go to jail.
Really?
Yeah, of course you would. People go to jail for crazy, tiny things. Yeah.
Yeah. I'm actually doing this podcast from jail right now.
Great Wi-Fi.
Yeah, it's really not bad.
So this does raise a few questions. First of all, should the patients be notified that their personal heart scans have been breached in this way?
If the information is identifiable in any way, I would say yes. Right. But if they have a heart scan, if someone had a picture of my, you know, I don't know.
If it could be identified.
Anything that identifies anybody. If someone is at risk that their information had been downloaded without authorization, it would be the right thing to do to tell those people.
Right. And the other thing which of course it raises is this whole issue of what should you do when someone leaves your employment, particularly if they leave on the cloud?
Kill them. Kill the other business. That's what they do in the States, isn't it?
Kill them. Kill the other business. That's what they do in the States, isn't it?
There's no other option.
Isn't that what you do in America?
Yeah, that's true. This is true. That's the only reason I'm still working here, really. I'm very, very afraid. If anything happens to me, you know where to look.
Even if you don't leave under a cloud, passwords should be changed.
But it's not easy if you're an organization as sprawling as the National Health Service, which have got legacy systems and they hardly have staff lolling around, you know, drinking martinis.
You know, it's not like they haven't got enough work to do already. So make it part of your HR offboarding process.
Just like when people come into your company, you set them up with an account and give them a computer, there needs to be some sort of tick list of this person's leaving.
But it's not always easy, particularly when people are getting fired.
From the personnel point of view, you have to speak to an IT guy to remove someone else's passwords, and you don't want them blabbing if they haven't quite left the building yet.
But it's not easy if you're an organization as sprawling as the National Health Service, which have got legacy systems and they hardly have staff lolling around, you know, drinking martinis.
You know, it's not like they haven't got enough work to do already. So make it part of your HR offboarding process.
Just like when people come into your company, you set them up with an account and give them a computer, there needs to be some sort of tick list of this person's leaving.
But it's not always easy, particularly when people are getting fired.
From the personnel point of view, you have to speak to an IT guy to remove someone else's passwords, and you don't want them blabbing if they haven't quite left the building yet.
Do you know what I find annoying though about this?
Is this is the NHS, and the NHS are known, certainly in my anecdotal experience and many others, but they have a reputation for having a pretty solid checklist so that they don't leave scissors inside you, or they don't cut off the wrong leg, right?
There's a lot of procedures and papers that need to be signed and agreed with the patient at every single stage to make sure those things don't happen.
Now sure, they might happen occasionally, but it's rare. So surely that kind of system, wouldn't that be good to do for their IT system?
I don't know why they can't port that over to make sure, how could they sit there and go, "Oh wow, we have an admin guy here that we have no idea has access to the systems.
How long's he been there?" How does that happen?
Is this is the NHS, and the NHS are known, certainly in my anecdotal experience and many others, but they have a reputation for having a pretty solid checklist so that they don't leave scissors inside you, or they don't cut off the wrong leg, right?
There's a lot of procedures and papers that need to be signed and agreed with the patient at every single stage to make sure those things don't happen.
Now sure, they might happen occasionally, but it's rare. So surely that kind of system, wouldn't that be good to do for their IT system?
I don't know why they can't port that over to make sure, how could they sit there and go, "Oh wow, we have an admin guy here that we have no idea has access to the systems.
How long's he been there?" How does that happen?
It's probably, I mean, I'd imagine it has something to do with an issue of priority. I mean, how many IT guys leave on a daily basis where they have to go through this thing?
It's probably not nearly as much as how many times they have to make sure they're not leaving scissors inside of someone, so.
It's probably not nearly as much as how many times they have to make sure they're not leaving scissors inside of someone, so.
Another thing you can do is use technology, of course, because obviously humans make mistakes.
But you should have layers of protection such as checking whether it's an external IP address which is accessing your internal system and maybe blocking those or going in and restricting.
But you should have layers of protection such as checking whether it's an external IP address which is accessing your internal system and maybe blocking those or going in and restricting.
Oh yeah, because no one has any remote workers these days.
Well, what I'm saying is that certain users may not be able to access certain systems from outside.
Oh, totally, agreed.
Certainly ones which have sensitive medical information on them as well. You may question whether that's really necessary.
What's crazy about this story is he gets caught once, and then, as you said, gets the hump and then goes for it again.
Yeah.
He must have really thought he was untouchable or that no one was smart enough to spot him.
I want to hear the story from this guy's perspective. Daniel, if you're listening, come on the podcast.
Yeah. Yes.
I'm sure he's an avid listener. Who isn't?
Yeah, you should get him on the show, Graham. I wouldn't mind having someone who also has a grudge so I could talk about my grudge with him.
He's obviously an expert in grudges, and he could give me some pointers and how I can channel this negative energy I feel.
He's obviously an expert in grudges, and he could give me some pointers and how I can channel this negative energy I feel.
Michael, what's your story for us this week?
My story this week is about robocalls. I have a personal grudge against this. I was telling Carole the other day, I get more robocalls on a daily basis than I get real calls.
And I would say I get a fair amount.
And I would say I get a fair amount.
What's that? Does that mean one a day? What do you mean? I think I get— put it in some context.
On a bad day, I get 6 or 7 robocalls in a day.
'Cause I get none of these calls at all, right? No, nor do I. I never get any. Maybe it's 'cause I'm British, I don't know. And they just have a common decency not to ring. Not to ring.
So is it a robot which is doing the calling and then you get to speak to a human?
Or is it a recorded voice saying, "Hello, Michael, I wonder if you—" Well, what is the actual, what happens?
So is it a robot which is doing the calling and then you get to speak to a human?
Or is it a recorded voice saying, "Hello, Michael, I wonder if you—" Well, what is the actual, what happens?
There are actually— What is a robocall? It's all of those things. And I think it really depends on who it is.
I mean, I've had ones before that are just, a straight-up robot voice that asked me to either press 1 to be connected with someone or press 2 to be removed from the call list.
Of course, that is after a full minute of this thing going on and on about the new law that it wants to tell me about or whatever it is. And then, I tried for a while.
I would actually wait for the thing to finish its message and then I would press 2 to be removed from the thing.
And then, sometimes not even an hour later, I get a call from the exact same number with the exact same message, and it's just relentless.
I mean, I've had ones before that are just, a straight-up robot voice that asked me to either press 1 to be connected with someone or press 2 to be removed from the call list.
Of course, that is after a full minute of this thing going on and on about the new law that it wants to tell me about or whatever it is. And then, I tried for a while.
I would actually wait for the thing to finish its message and then I would press 2 to be removed from the thing.
And then, sometimes not even an hour later, I get a call from the exact same number with the exact same message, and it's just relentless.
Are you suggesting that opting out of spam sometimes doesn't work? Oh, yeah. Just unsubscribing, they actually ignore that. Well, what a shock.
And you know what annoys me about that is that in doing that, in trying to unsubscribe, you're also validating your phone number, the fact that it's active and that someone's answered the call.
So you're a live prize lion suddenly.
So you're a live prize lion suddenly.
Yes.
Yes, and I've heard— I mean, I don't know how much of this is just speculation, but I've heard that even just answering the phone call at all puts you on some kind of list that says, oh, even if they're not responding the way we want them to, this person will answer the call.
And so you could even get called more. There was a thing in the past where if you wanted to opt out of real telemarketing calls, yeah, you could be added to the do not call list.
And there was a law here in the United States that you had to be added to this list. The thing is, with these robocalls, I mean, most of these are scams.
I don't think they really care about the law, clearly. No. And so that's the problem now, is that it's not only gotten worse, it's gotten worse a lot.
So according to the 2018 report by global communications platform First Orion, spam phone calls accounted for 29.2% of all mobile phone calls in the US in 2018. Wow.
And it was only 3.7% in 2017. That's astonishing.
Yes, and I've heard— I mean, I don't know how much of this is just speculation, but I've heard that even just answering the phone call at all puts you on some kind of list that says, oh, even if they're not responding the way we want them to, this person will answer the call.
And so you could even get called more. There was a thing in the past where if you wanted to opt out of real telemarketing calls, yeah, you could be added to the do not call list.
And there was a law here in the United States that you had to be added to this list. The thing is, with these robocalls, I mean, most of these are scams.
I don't think they really care about the law, clearly. No. And so that's the problem now, is that it's not only gotten worse, it's gotten worse a lot.
So according to the 2018 report by global communications platform First Orion, spam phone calls accounted for 29.2% of all mobile phone calls in the US in 2018. Wow.
And it was only 3.7% in 2017. That's astonishing.
So almost a third of all calls, mobile calls in 2018 were spam or robocalls of some nature. Yes.
That's like, yeah, it's 1 in 3, right?
And it's grown that fast. It must be, could be over half by now, couldn't it? Yeah.
I mean, that's really, I mean, does it not get to the point where you just think, well, I don't actually need a phone number because I can communicate with all of my pals via instant messaging services, whichever one you choose to use.
And you can even call them that way as well. I wonder if it's possible to live without a phone number.
I mean, that's really, I mean, does it not get to the point where you just think, well, I don't actually need a phone number because I can communicate with all of my pals via instant messaging services, whichever one you choose to use.
And you can even call them that way as well. I wonder if it's possible to live without a phone number.
Imagine you're a small business owner or even just you're a freelancer or a person who does contract work.
You're probably getting phone calls fairly regularly from numbers that you don't recognize.
And these are new people who've gotten your number somehow and you want to be able to answer the phone.
And this is the problem now, is that it's saying that people are just not answering phone calls anymore that they don't recognize, which I totally understand.
But, you know, what if it is the hospital calling to say that one of your family members is in— I guess they'll leave a message. I don't know. Okay.
Just to add to the kind of insanity of the statistics of this, we do have some statistics from 2019.
And according to YouMail, which is a tracking company, it said about 5 billion robocalls were placed in November of 2019 alone.
Which is more than 160 million phone calls a day, averaging 15.3 calls per American. Jeez.
So I suddenly— when I read this, I started feeling a little bit better about my 6 or 7 robocalls a day. I was like, okay, maybe that's not so bad.
I mean, somebody in America is getting more than 15 phone calls a day. I can't even imagine. It makes your phone unusable.
You're probably getting phone calls fairly regularly from numbers that you don't recognize.
And these are new people who've gotten your number somehow and you want to be able to answer the phone.
And this is the problem now, is that it's saying that people are just not answering phone calls anymore that they don't recognize, which I totally understand.
But, you know, what if it is the hospital calling to say that one of your family members is in— I guess they'll leave a message. I don't know. Okay.
Just to add to the kind of insanity of the statistics of this, we do have some statistics from 2019.
And according to YouMail, which is a tracking company, it said about 5 billion robocalls were placed in November of 2019 alone.
Which is more than 160 million phone calls a day, averaging 15.3 calls per American. Jeez.
So I suddenly— when I read this, I started feeling a little bit better about my 6 or 7 robocalls a day. I was like, okay, maybe that's not so bad.
I mean, somebody in America is getting more than 15 phone calls a day. I can't even imagine. It makes your phone unusable.
Well, look, I have to tell you, now that you've been on the show again reminding everybody that you exist, right, and that you pick up, you might go up.
Uh, 555. Yeah, actually, I don't want to read Carole Theriault's number back to you real quick.
I have a question. Have you ever received any robocall with political messages in it? Because you guys are up for an election this year. Does that ever happen to you?
I have not.
I feel like it'd just be a bad move because everyone is so annoyed with the robocalls that if somebody— even if there was some political candidate that I liked, if they started blowing my phone up every day being like, don't forget to vote for me, I'd be like, okay, this guy is definitely not getting my vote through this ad.
I feel like it'd just be a bad move because everyone is so annoyed with the robocalls that if somebody— even if there was some political candidate that I liked, if they started blowing my phone up every day being like, don't forget to vote for me, I'd be like, okay, this guy is definitely not getting my vote through this ad.
That's the problem if there was a candidate that any of us liked. We have the same problem over here in the UK.
But there is this thing, isn't there, where someone could do what's called a Joe job, where they start a campaign, a robocall campaign promoting the opponent.
I was just gonna say that.
But there is this thing, isn't there, where someone could do what's called a Joe job, where they start a campaign, a robocall campaign promoting the opponent.
I was just gonna say that.
Right. I love, yeah.
You knew I had the same idea in mind, yeah.
Not bad. You're devious, Carole. Don't trust you. Just like that character on the TV show. Don't trust them.
Wasn't there a law that was brought in that they would be charged for every robocall or something like this?
Yeah, this year President Trump signed this anti-robocall bill into law, which it's supposed to allow officials to fine companies $10,000 for each illegally placed call.
Hey, $5 billion a month, ka-ching!
Yeah, exactly. And who's getting that money, by the way?
I think I should get paid for every single one of the calls that I've had to put up with, but maybe there's more time for that later.
But the thing I'm wondering about with that is if they're spoofing numbers and they're using this voice over IP, we don't really know where these things are coming from or who's doing it.
Is this going to be that effective to try and charge the people? Are they charging the companies or are they charging the actual phone service providers?
I'm not sure which one it is.
I think I should get paid for every single one of the calls that I've had to put up with, but maybe there's more time for that later.
But the thing I'm wondering about with that is if they're spoofing numbers and they're using this voice over IP, we don't really know where these things are coming from or who's doing it.
Is this going to be that effective to try and charge the people? Are they charging the companies or are they charging the actual phone service providers?
I'm not sure which one it is.
And it makes sense that people just do not pick up their phone unless they recognize the number. I mean, honestly, I'm guilty of that.
If I don't recognize the number, I don't pick up. And I wait for the—
If I don't recognize the number, I don't pick up. And I wait for the—
Sometimes, Carole, if I do recognize the number, I don't pick up.
You know what? You're not being very nice to me today.
No, I'm not. What am I waiting for?
You know, you don't like me. And now you say you get my calls.
You're just kind of sensitive. You know what?
I'm not gonna— Yeah, well, I'm not gonna be calling you anymore. Don't you even worry about it.
I'll get my robot to call.
You can call me anytime, Mikey.
Carole, what's your story for us this week?
So we're talking facial recognition.
Now, I don't know if you guys saw in the press, but the big boys, Google and Microsoft, can't seem to agree on how to approach this issue of facial recognition.
You've got Google CEO Sundar Pichai. He's expressed support for Europe's proposal to temporarily ban facial recognition.
But Microsoft's top lawyer, Brad Smith, has cautioned against using a meat cleaver for what should be a surgical operation. So he wants a more soft-touch approach. Okay.
So while these two big dudes are duking it out in their public forum here, a little seemingly insignificant mouse entered the space and created an ethical quagmire that takes total advantage of the lack of regulation in this space.
Okay, sounds interesting. All right, go on. It was the New York Times that did this big exposé on this. And it's kind of stuff that makes my teeth rattle a bit.
And I want to know if it makes yours rattle or if you think, Carole, calm down. I don't even like you. I'm so irritated by your story. Okay, so the story starts with a Mr.
Juan Thom Vat. That's his name. Juan Thom Vat. Juan Thom Vat. Yeah. And he's an Australian-born techie and one-time model. Right. So a little bit of a looker.
Now, I don't know if you guys saw in the press, but the big boys, Google and Microsoft, can't seem to agree on how to approach this issue of facial recognition.
You've got Google CEO Sundar Pichai. He's expressed support for Europe's proposal to temporarily ban facial recognition.
But Microsoft's top lawyer, Brad Smith, has cautioned against using a meat cleaver for what should be a surgical operation. So he wants a more soft-touch approach. Okay.
So while these two big dudes are duking it out in their public forum here, a little seemingly insignificant mouse entered the space and created an ethical quagmire that takes total advantage of the lack of regulation in this space.
Okay, sounds interesting. All right, go on. It was the New York Times that did this big exposé on this. And it's kind of stuff that makes my teeth rattle a bit.
And I want to know if it makes yours rattle or if you think, Carole, calm down. I don't even like you. I'm so irritated by your story. Okay, so the story starts with a Mr.
Juan Thom Vat. That's his name. Juan Thom Vat. Juan Thom Vat. Yeah. And he's an Australian-born techie and one-time model. Right. So a little bit of a looker.
He got one modeling gig or?
One-time model means you turned up for a modeling gig and they said, "You're not that attractive. We're never gonna hire you again."
Yeah, I should have put quotes from that. That was the word they used in New York Times.
He looks great, but he just is terrible to work with.
Okay, but anyway, this guy, Juan Thom Vat, moved to San Francisco to make it big in the tech world.
Now, during his rise to power, he created an obscure game and he also created a really useful app that lets people put Donald Trump's piss yellow wig onto their pics.
That was one of his creations.
Now, during his rise to power, he created an obscure game and he also created a really useful app that lets people put Donald Trump's piss yellow wig onto their pics.
That was one of his creations.
I don't think it is actually a wig. Oh. I mean, it is fascinating, but I think—
Wisp, then wisps. Yes.
Collection of wisps. I think it's all the more fascinating because it's not a wig. If it was a wig, you'd want your money back.
Especially if it was made out of piss, you're suggesting.
Especially if it was made out of piss, you're suggesting.
You've got to pay good money to have that kind of style.
But then, okay, so he's created these little games. But then Mr. Juan Thom Vat, got together with a Mr. Schwartz. Now, Mr. Schwartz, yep, he worked alongside Rudy Giuliani in the '90s.
Okay. And these two hatched a plan to create a facial recognition tool, which they called Clearview AI.
Okay. And these two hatched a plan to create a facial recognition tool, which they called Clearview AI.
Okay. So Vat and Schwartz, not Giuliani. Thom Vat and Schwartz. Yeah. Right. Okay. They're producing a facial recognition thing.
Thom Voight was going to be the developer, make the thing work, and Mr. Swartz is going to sell it because he had a lot of contacts. So in 2016, they recruit a couple of engineers.
One helps them design a program that automatically collects images of people's faces from across the internet, such as employment sites like LinkedIn, news sites, education sites, social networks including Facebook, YouTube, Twitter, Instagram, and Venmo.
Effectively, these guys were scraping the web and building a massive ginormous database under Clearview AI's control.
Now they also hired another engineer and this guy was hired to perfect the facial recognition algorithm. They describe this system now as quote, state-of-the-art neural net.
And basically, it converts all the images into mathematical formulas and vectors based on the facial geometry. So how small a person's eyes are, Graham.
One helps them design a program that automatically collects images of people's faces from across the internet, such as employment sites like LinkedIn, news sites, education sites, social networks including Facebook, YouTube, Twitter, Instagram, and Venmo.
Effectively, these guys were scraping the web and building a massive ginormous database under Clearview AI's control.
Now they also hired another engineer and this guy was hired to perfect the facial recognition algorithm. They describe this system now as quote, state-of-the-art neural net.
And basically, it converts all the images into mathematical formulas and vectors based on the facial geometry. So how small a person's eyes are, Graham.
Or whatever. Or how big their feet are, Carole.
But not how nice their personalities are.
No, hard to tell. Hard to tell, isn't it?
And then Clearview created this vast directory that clustered photos of similar vectors.
So basically, everyone with tiny eyes, Graham, would be put into a little neighborhood, or everyone with big feet, Carole, would be put in their own neighborhood.
So basically, everyone with tiny eyes, Graham, would be put into a little neighborhood, or everyone with big feet, Carole, would be put in their own neighborhood.
Right. Okay.
So when a user uploads a photo into the Clearview AI, right, of a face, right, the Clearview system then converts the face and then it shows all the scraped photos that it has stored in that neighborhood.
So all the pictures that have similar vectors and similar algorithms matching along with the links to the sites from where these images came.
So all the pictures that have similar vectors and similar algorithms matching along with the links to the sites from where these images came.
Because it is surprising sometimes because there are people who can look very much like you.
I remember working at a place once where I had a lookalike and the slightly disturbing thing was that my lookalike— Is it the Polish guy? No, not the Polish guy.
That's another— No, the lookalike I'm thinking of was actually a woman. A woman who looked like me. And it was rather peculiar.
I remember working at a place once where I had a lookalike and the slightly disturbing thing was that my lookalike— Is it the Polish guy? No, not the Polish guy.
That's another— No, the lookalike I'm thinking of was actually a woman. A woman who looked like me. And it was rather peculiar.
I bet she was extremely fetching. I'm sure. Yes. Did she have your very, very bushy, bushy, bushy eyebrows?
Very. If you're just going to make this a very personal podcast. Get off your soapbox, mister.
Okay, tell us more about facial recognition.
So by the end of 2017, okay, year on, the company had what the New York Times describes as a formidable facial recognition tool, which they called SmartChecker.
Now this database is, get this, 3 billion images strong. It's right about 75% of the time, it claims.
And the one cool thing about it apparently is that the algorithm doesn't require photos of people looking directly at the camera.
You could be looking down or covering part of your face and still it can all work.
So by the end of 2017, okay, year on, the company had what the New York Times describes as a formidable facial recognition tool, which they called SmartChecker.
Now this database is, get this, 3 billion images strong. It's right about 75% of the time, it claims.
And the one cool thing about it apparently is that the algorithm doesn't require photos of people looking directly at the camera.
You could be looking down or covering part of your face and still it can all work.
Well, I'm not surprised at all that some enterprising technology company has gone and scooped gajillions of facial images from all the places that they can be grabbed, because why wouldn't they?
And people have given their data so willingly. So I'm not surprised about that at all, I'm afraid.
And people have given their data so willingly. So I'm not surprised about that at all, I'm afraid.
I'm not surprised either. I think I have more of a question than anything is what is the ultimate plan for using this?
I mean, obviously I can see a million ways that this could be useful, but it's not quite scary until I know why this is happening.
And I feel like it's going to be scary when I figure out the answer.
I mean, obviously I can see a million ways that this could be useful, but it's not quite scary until I know why this is happening.
And I feel like it's going to be scary when I figure out the answer.
My next question to you guys was going to be, because they were wondering the same thing, right? They're like, who's our first customer going to be? Right?
Can you guess who it might have been?
Can you guess who it might have been?
An obvious choice would be intelligence agencies, perhaps, if they wanted to identify people. So nation states who want to keep track of their citizens.
They want access to that kind of algorithm and that kind of database so that they can identify from CCTV who people are.
They want access to that kind of algorithm and that kind of database so that they can identify from CCTV who people are.
Well, you're not far off. The first people, the first customer according to Clearview was the Indiana State Police. And this is a typical example of how the software is used, right?
So they solved a case within 20 minutes of using the app. So the case was two men had gotten into a fight in a park and one shot the other in the stomach.
A bystander recorded the crime on a phone, so the police had a still of the gunman's face, and they ran that still through the Clearview app. They immediately got a match.
The man appeared in a video that someone had posted on social media, and his name was included in a caption on the video.
He did not have a driver's license and hadn't been arrested as an adult, so he wasn't in any government databases.
Right, this is what the Indiana State Police Captain said at the time. And then the man was arrested and charged. So there's numerous stories, right?
And Clearview is actively marketing this to police departments. And they are also spreading the word amongst themselves saying, "Guys, you should get this.
It's incredible." 600 law enforcement agencies have apparently started using this app in the past year.
The FBI, the Department of Homeland Security, and the Canadian law enforcement authorities are all trying it out, according to New York Times.
So they solved a case within 20 minutes of using the app. So the case was two men had gotten into a fight in a park and one shot the other in the stomach.
A bystander recorded the crime on a phone, so the police had a still of the gunman's face, and they ran that still through the Clearview app. They immediately got a match.
The man appeared in a video that someone had posted on social media, and his name was included in a caption on the video.
He did not have a driver's license and hadn't been arrested as an adult, so he wasn't in any government databases.
Right, this is what the Indiana State Police Captain said at the time. And then the man was arrested and charged. So there's numerous stories, right?
And Clearview is actively marketing this to police departments. And they are also spreading the word amongst themselves saying, "Guys, you should get this.
It's incredible." 600 law enforcement agencies have apparently started using this app in the past year.
The FBI, the Department of Homeland Security, and the Canadian law enforcement authorities are all trying it out, according to New York Times.
So where do we opt out of this? Great question.
Well, you can opt out by saying things, I don't want to share my pictures with anybody on your social media apps and everywhere. But if they've scraped it, it's in the database.
But do they even have the rights to scrape that image?
You may have given your permission to the social network, but they, the social network hasn't got a deal with this facial recognition company, do they?
You may have given your permission to the social network, but they, the social network hasn't got a deal with this facial recognition company, do they?
Correct. That is one of the big issues here.
They have scraped all these images onto their own databases and put them into a nice, I'm sure, easy-to-use UI that allows you to toggle all the things you want, within this area, da da da da da.
So the New York Times went and asked people, right? And Facebook was, well, we're going to look into this because we, you know, it's a big no-no to image scrape.
And also they may get their knickers in a twist about this because they're not getting any kickback on this. They're not getting any of the traffic or any of the money.
So they may not like this, particularly when they hear the word 3 billion images. So the other problem, Graham, you also alluded to earlier was the fact of doppelgangers.
The bigger the database, the more likely you are going to find people with very similar, if not virtually identical, facial symmetry and facial characteristics.
They have scraped all these images onto their own databases and put them into a nice, I'm sure, easy-to-use UI that allows you to toggle all the things you want, within this area, da da da da da.
So the New York Times went and asked people, right? And Facebook was, well, we're going to look into this because we, you know, it's a big no-no to image scrape.
And also they may get their knickers in a twist about this because they're not getting any kickback on this. They're not getting any of the traffic or any of the money.
So they may not like this, particularly when they hear the word 3 billion images. So the other problem, Graham, you also alluded to earlier was the fact of doppelgangers.
The bigger the database, the more likely you are going to find people with very similar, if not virtually identical, facial symmetry and facial characteristics.
And I remember that episode of Columbo where Leonard Nimoy was playing twin surgeons, and one of them was evil and one of them wasn't.
And it was all a case of which Leonard Nimoy, which Mr. Spock had committed the murder. My wife, my wife on the other end of the sofa. She says this woman is Carole.
She loves marmalade. My wife loves marmalade.
And it was all a case of which Leonard Nimoy, which Mr. Spock had committed the murder. My wife, my wife on the other end of the sofa. She says this woman is Carole.
She loves marmalade. My wife loves marmalade.
Now the other one, the other cool thing about this is in the olden days, if you did something wrong and they were trying to search you and they had a witness to look at databases of people, all the pictures they'd be looking at were of felons or people that had been arrested for crimes.
Right, so now, and that was done for privacy. It's if you've done something naughty, your face goes into this database.
And now everyone's face is in that database, whether you've done it just because you've stepped outside or someone's taken a picture of you, posted your own picture online.
You know, when you come back to that argument between Google and Microsoft, I do think regulation is needed. It's Wild West out there, it's the Wild West.
Right, so now, and that was done for privacy. It's if you've done something naughty, your face goes into this database.
And now everyone's face is in that database, whether you've done it just because you've stepped outside or someone's taken a picture of you, posted your own picture online.
You know, when you come back to that argument between Google and Microsoft, I do think regulation is needed. It's Wild West out there, it's the Wild West.
We need regulation.
It is a worry because, I mean, if George Clooney, for instance, was to rob a bank, I don't want the police knocking on my door thinking that it's me who did it because of some error in face— and also not just the facial recognition, but also the name similarity.
It is a worry because, I mean, if George Clooney, for instance, was to rob a bank, I don't want the police knocking on my door thinking that it's me who did it because of some error in face— and also not just the facial recognition, but also the name similarity.
So let me just tell you one more thing before I bow out here, right?
Our journo— so the journo of the New York Times, he started looking into this way back in November, right, to do some digging.
And listen to his words here, quote: "When I began looking into the company in November, its website was a bare page showing a non-existent Manhattan address as its place of business." And he goes on, "For a month, people affiliated with the company would not return my emails or phone calls.
While the company was dodging me, it was also monitoring me. At my request, a number of police officers had run my photo through the Clearview app.
They soon received phone calls from Clearview AI reps asking if they were talking to the media, a sign that Clearview has the ability, and in this case, the appetite to monitor whom law enforcement is searching for." Holy cow.
So that— okay, and then remember, to use this app, how you use this app, right, how the cops are using this, is by feeding the monster.
They are putting in new pictures of new suspects all the time. Regulation time, I say. Can anyone use this? Can I use it? Very good question.
At the moment, they see this becoming ubiquitous in no time.
Our journo— so the journo of the New York Times, he started looking into this way back in November, right, to do some digging.
And listen to his words here, quote: "When I began looking into the company in November, its website was a bare page showing a non-existent Manhattan address as its place of business." And he goes on, "For a month, people affiliated with the company would not return my emails or phone calls.
While the company was dodging me, it was also monitoring me. At my request, a number of police officers had run my photo through the Clearview app.
They soon received phone calls from Clearview AI reps asking if they were talking to the media, a sign that Clearview has the ability, and in this case, the appetite to monitor whom law enforcement is searching for." Holy cow.
So that— okay, and then remember, to use this app, how you use this app, right, how the cops are using this, is by feeding the monster.
They are putting in new pictures of new suspects all the time. Regulation time, I say. Can anyone use this? Can I use it? Very good question.
At the moment, they see this becoming ubiquitous in no time.
So won't that be— I could always set up my own country and my own police force.
I had a really good quote on that somewhere.
Yeah, the final words of the New York Times article: "Police officers and Clearview's investors predict that the app will eventually be available to the public." What could go wrong, guys?
Yeah, the final words of the New York Times article: "Police officers and Clearview's investors predict that the app will eventually be available to the public." What could go wrong, guys?
Oh, so many things. So I would see a cute girl in a bar, and I'd take her photo, upload it to the app, and it was telling me what her name was.
Well, nothing is going to go wrong with that.
Well, nothing is going to go wrong with that.
Okay, this is how we get around this. I do have a solution.
It's time to hit the 3D printers and start making a number of realistic-looking rubber masks so that when you leave the house, you have a different face each time.
Think cosplay, but every day.
It's time to hit the 3D printers and start making a number of realistic-looking rubber masks so that when you leave the house, you have a different face each time.
Think cosplay, but every day.
Could get a bit sweaty under that.
You might get a little sweaty, but don't you use that special deodorant, Graham?
Yes. You know the face deodorant? I haven't been using it on my face, but my armpits are still pretty good, I have to say. What is that called again?
You should try it. Pick of the week. Former pick of the week. N-U-U-D.
I'm not a big sweaty person.
Let other people be the judge of that, Carole.
You never know.
I don't think you should. I'm mouthy, not sweaty.
This week's Smashing Security podcast is sponsored by DomainTools. DomainTools helps security analysts turn threat data into threat intelligence.
Its solutions give organizations the ability to use and create a forensic map of criminal activity, assess threats, and prevent future attacks. Nice.
Find out more about their cool products at DomainTools.com.
Now, they've got something very cool that I think you're going to like, a capture the flag competition, especially for Smashing Security listeners.
You can win a $100 Amazon gift card. If you want to join in all the fun, visit domaintools.com/smashing to enter the competition. And may the best geeky listener win.
Its solutions give organizations the ability to use and create a forensic map of criminal activity, assess threats, and prevent future attacks. Nice.
Find out more about their cool products at DomainTools.com.
Now, they've got something very cool that I think you're going to like, a capture the flag competition, especially for Smashing Security listeners.
You can win a $100 Amazon gift card. If you want to join in all the fun, visit domaintools.com/smashing to enter the competition. And may the best geeky listener win.
Hey, Graham. Yes. There are people out there with companies a little bit bigger than ours. And one of the issues that they face is visibility and oversight.
And when it comes to cybersecurity, that is super important. So listeners, listen up.
If you do not have a password manager in your organization, please check out LastPass Enterprise.
They offer centralized admin oversight and control, shared access and automated user management. All this stuff makes your life easier.
Plus, you can even use LastPass single sign-on to protect all your cloud apps and give seamless access to employees. Check it out at lastpass.com/smashing.
Let me try that again, folks. Check it out at lastpass.com/smashing.
And when it comes to cybersecurity, that is super important. So listeners, listen up.
If you do not have a password manager in your organization, please check out LastPass Enterprise.
They offer centralized admin oversight and control, shared access and automated user management. All this stuff makes your life easier.
Plus, you can even use LastPass single sign-on to protect all your cloud apps and give seamless access to employees. Check it out at lastpass.com/smashing.
Let me try that again, folks. Check it out at lastpass.com/smashing.
And welcome back. And you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week. Pick of the Week.
Mikey? Oh, Pick of the Week. Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security related necessarily.
Better not be.
Well, my Pick of the Week is not security related this week. Good. Instead, my Pick of the Week is a website, quite a fun website with an almost unpronounceable name.
The website is called eunoia.world, and eunoia is a Greek word. It's spelt E-U-N-O-I-A dot world. I'll put a link in the show notes.
The website is called eunoia.world, and eunoia is a Greek word. It's spelt E-U-N-O-I-A dot world. I'll put a link in the show notes.
And it's a Greek word. It means a well-mind or beautiful thinking in Greek. Oh, lovely.
And that website is a website of words that do not translate. 500+ untranslatable words in over 70 languages.
So if you've always thought, oh, you know, I love, you know, if you like a little bit of schadenfreude and you want to drop that into your conversation, or things where you thought, wouldn't it be wonderful if that word did exist, but it doesn't?
Well, maybe it does exist in Finnish or some other language. I'm going to have a little quiz, right? I am going to tell you 3 words and give you options as to what those words mean.
All right. We'll have a little bit of fun.
So if you've always thought, oh, you know, I love, you know, if you like a little bit of schadenfreude and you want to drop that into your conversation, or things where you thought, wouldn't it be wonderful if that word did exist, but it doesn't?
Well, maybe it does exist in Finnish or some other language. I'm going to have a little quiz, right? I am going to tell you 3 words and give you options as to what those words mean.
All right. We'll have a little bit of fun.
Woo! I love a quiz. I love a quiz.
Okay. The first word, the first word is "sphafolalia." Spha— Spha-la-lee-o-lee-ay-lee-ah. Okay. Based on that pronunciation— Spha— Spha-la-la-lee-ay-lee-ah.
Does that mean, is it a jungle of traffic signs? Is it flirtatious talk that leads nowhere? Or is it an ungrudging and overt expressed pride and happiness at other people's success?
Sphallolalia.
Does that mean, is it a jungle of traffic signs? Is it flirtatious talk that leads nowhere? Or is it an ungrudging and overt expressed pride and happiness at other people's success?
Sphallolalia.
Number 3.
I'm going with B, number 2.
Ah, Mike, you are correct. It's flirtatious talk that leads nowhere, which I feel like it's a very French expression.
What country's that from?
Oh, I should have made a note of that. Oh, I know. I do know. I do know that one is actually English. That one is— Oh, well, there you go. Crazy language of English.
And I presume it doesn't exist in other languages. So, yeah, you can check that. Okay, so another one. Next one. Next one. Solkat. Solkat.
Is solkat the glimmer that reflects the sunshine off a wristwatch? Is it the mark left on the table by a cold glass? Or is solkat a person of integrity and honour?
I'll tell you it's a Swedish word, if that helps.
And I presume it doesn't exist in other languages. So, yeah, you can check that. Okay, so another one. Next one. Next one. Solkat. Solkat.
Is solkat the glimmer that reflects the sunshine off a wristwatch? Is it the mark left on the table by a cold glass? Or is solkat a person of integrity and honour?
I'll tell you it's a Swedish word, if that helps.
I feel like I should have to go first since I got it correct last time.
I'm going to say that that is the glimmer off of a wristwatch, because it seems like there'd be words for those other things. So that's my guess.
I'm going to say that that is the glimmer off of a wristwatch, because it seems like there'd be words for those other things. So that's my guess.
Okay. Okay. Carole?
Okay. Just, I was heading toward that way, but I'll go number 2 just to—
Oh, the mark you want, the mark left on the table by a cold glass. Yep, yep, yep. Bing, bing, bing for Mike, who's now 2-nil up. So Mike was correct. It is the glimmer of a swatch.
And the final one, the final one is kusuku— I can't do this. Kusukusu. Okay, kusukusu. Oh, that's beautiful. Kusukusu.
And the final one, the final one is kusuku— I can't do this. Kusukusu. Okay, kusukusu. Oh, that's beautiful. Kusukusu.
Is that K-U-S-U, K-U-S-U? Kusukusu. Oh, cute.
It's Japanese. Is it? The Japanese for not bad or meh.
Is it a reason for being, the thing that gets you up in the morning, or is it the suppressed giggling and tittering of a group of women?
Is it a reason for being, the thing that gets you up in the morning, or is it the suppressed giggling and tittering of a group of women?
So I certainly would. Yeah, I'm going to go with that. I'm going to go with get me up in the morning.
Get me up in the morning.
I'm going with choice 3. Which was what? Suppressed giggles.
Mike, you are incredible at this. It's 3-0 to Mike. Mike, it's just been an absolute—
I'm going to bring that one into— it's such a cute word. I think I'm going to have to try and bring that into conversation.
Although I don't remember the last time I was talking about the suppressed giggles of a group of women. But if I ever do, it's kusukusu from now on.
Although I don't remember the last time I was talking about the suppressed giggles of a group of women. But if I ever do, it's kusukusu from now on.
Well, my website, you know, your world, we'll link to it. In the show notes so you can find it for yourself and have as much fun as I did. And that is my pick of the week.
Cute. Although I got zero. That's because I'm holding a grudge, isn't it? It might be it.
Sorry. It's interfering with your translation skills.
Are you sorry? Are you? Are you?
Mike, what's your pick of the week? Move on quick.
My pick of the week is, this is actually a personal one here for me. So something interesting happened to me about a little over a week ago.
Where I uploaded a little video of my cute little doggy.
Her and I were taking a nap on the couch and I had this— actually, I had this video on my phone for about a month before I just decided to post it onto Reddit.
And I woke up the next morning and it had exploded with gajillions of upvotes. And all of a sudden— What's a gajillion? It was within 5 hours, it had 80,000 upvotes. And 80,000.
And actually a few hours later it was the number one highest upvoted post on Reddit within across every subreddit. It was the number one highest upvoted post.
Where I uploaded a little video of my cute little doggy.
Her and I were taking a nap on the couch and I had this— actually, I had this video on my phone for about a month before I just decided to post it onto Reddit.
And I woke up the next morning and it had exploded with gajillions of upvotes. And all of a sudden— What's a gajillion? It was within 5 hours, it had 80,000 upvotes. And 80,000.
And actually a few hours later it was the number one highest upvoted post on Reddit within across every subreddit. It was the number one highest upvoted post.
And you just uploaded this to the cute dog subreddit or something.
It must be the most amazing video ever. Okay, we got to see this video. We have to watch it.
I will put the— yeah, the link is there. You should watch it.
Let's watch it now. Let's watch it now.
Yeah, let's watch it. Okay, so there's a dog. There's a dog and there's some kind of blanket. The dog's under the blanket lying on you. His tail's sticking outside.
And every time you show the dog's head, the dog's tail wags. That's very cute. Yeah. Every time it sees you, it wags its tail.
And every time you show the dog's head, the dog's tail wags. That's very cute. Yeah. Every time it sees you, it wags its tail.
Yeah. And then it stops whenever the blanket goes. I mean, it's cute. I think I was a little surprised. 80,000 views.
Well, it ended up, I mean, right now I think it was at like 130-something thousand. But that had happened within like 5 hours.
And so the interesting thing that happened because of this is that I had a few agencies that started reaching out to me that wanted to buy the license, the rights to license the video.
Well, it ended up, I mean, right now I think it was at like 130-something thousand. But that had happened within like 5 hours.
And so the interesting thing that happened because of this is that I had a few agencies that started reaching out to me that wanted to buy the license, the rights to license the video.
What? How long? So you post this up, it goes viral, like what, a week later?
This was within like 6 or 7 hours of me posting.
So I guess there's people who are just looking at this all the time and, you know, these different subreddits and what's getting uploaded and what's getting upvoted, I guess, more importantly.
And so within a few things, I didn't really know how this worked. I had obviously never had any experience with this.
And I kind of jokingly to one person, they asked if they could use it and they said they would give me credit. And I was like, well, what's your offer? Kind of jokingly.
And then all of a sudden all these offers started rolling in. I was like, oh wait, there's actual— there could be money in this.
So over the next 3 or 4 days, I kind of went back and forth with a few companies and then I ended up selling the rights to this video. Dead serious.
So now over time I get— I don't know if I'm allowed to share the exact thing, but I will get a percentage of whatever revenue this video makes.
I don't even know how it makes revenue exactly, but I'm waiting all the time for my check to come in the mail.
So I guess there's people who are just looking at this all the time and, you know, these different subreddits and what's getting uploaded and what's getting upvoted, I guess, more importantly.
And so within a few things, I didn't really know how this worked. I had obviously never had any experience with this.
And I kind of jokingly to one person, they asked if they could use it and they said they would give me credit. And I was like, well, what's your offer? Kind of jokingly.
And then all of a sudden all these offers started rolling in. I was like, oh wait, there's actual— there could be money in this.
So over the next 3 or 4 days, I kind of went back and forth with a few companies and then I ended up selling the rights to this video. Dead serious.
So now over time I get— I don't know if I'm allowed to share the exact thing, but I will get a percentage of whatever revenue this video makes.
I don't even know how it makes revenue exactly, but I'm waiting all the time for my check to come in the mail.
It just must be so frustrating. I mean, you're a musician, right? You work hard at your craft. You go out and you schlep and you market everything.
And then you take a cute little video of 20 seconds of you and your dog hanging out and her being cute. And that is going to be your door entry into fame.
And then you take a cute little video of 20 seconds of you and your dog hanging out and her being cute. And that is going to be your door entry into fame.
I am literally a video producer and have been for— and I've worked on— there's been videos that I've worked on for months and months and months at a time.
I've grueled over putting hours and hours into editing something. This is something I flippantly recorded.
It is probably gonna be the most famous video that I'll ever make in my life. And it's a little—
I've grueled over putting hours and hours into editing something. This is something I flippantly recorded.
It is probably gonna be the most famous video that I'll ever make in my life. And it's a little—
Sod all that. How much is the dog getting? What percentage is the dog getting? And did you ask the dog's permission before uploading it to the internet? What about facial recognition?
There's a lot of similar looking dogs out there.
There's a lot of similar looking dogs out there.
Oh, I didn't even think to ask. How rude of me. I did decide though that a portion of whatever earnings would be spent. I'm going to take the dog to the store.
I'm going to let her pick out some toys, maybe get her nails done, you know, give her a day at the spa. So we'll see. It's got to make money first though.
I'm going to let her pick out some toys, maybe get her nails done, you know, give her a day at the spa. So we'll see. It's got to make money first though.
Well, that's an amazing story. And thank you for sharing it as your pick of the week.
So yeah, and do share your affiliated link with us so that— I will do that. Any listener that wants to throw a penny or two your way—
Everyone, please. Go watch the video 1,000 times and that would be great.
Mike, Mike, we don't have to put this in the podcast, but the title of the YouTube video has got a spelling mistake. It says dog wagin' her tail.
I have informed the company of this and they decided to do nothing about it. So.
Carole, what's your pick of the week?
So my pick of the week is a book. It is called She Said, and it's written by New York Times journalists Jodi Kantor and Megan Twohey.
So this book basically explains all the steps they went through on exposing Harvey Weinstein after decades of being basically a misogynistic controlling pig.
And I followed that whole story, so they covered it in the paper, and they covered it on their podcast and I was listening to everything.
And so when the book came out, I snapped it up and hoovered it down.
And it's really interesting if you are the kind of person that likes to know more about how an investigative journalist team would chase such a story, especially when none of the victims want to talk about it or want to come forward.
So this book basically explains all the steps they went through on exposing Harvey Weinstein after decades of being basically a misogynistic controlling pig.
And I followed that whole story, so they covered it in the paper, and they covered it on their podcast and I was listening to everything.
And so when the book came out, I snapped it up and hoovered it down.
And it's really interesting if you are the kind of person that likes to know more about how an investigative journalist team would chase such a story, especially when none of the victims want to talk about it or want to come forward.
That was the thing, because he was so powerful, and people were worried that their careers would be put in jeopardy if they said anything.
But not only that, yeah, that, you know, he actually set some goons on them to follow these two journalists at one point.
Right, you know, he's got a lot of money and a lot of clout.
And the thing was, when I was reading it, I'm reading this and I'm thinking, okay, if this had happened to me, if he had been, you know, one of those stains in my life and these two journalists had called me up and said, look, we want to share your story.
Would I, you know, because look what's going on, his criminal cases are basically teetering at best at the moment. Because he's got a pretty powerful team.
Did you see him walking in with his walker?
Right, you know, he's got a lot of money and a lot of clout.
And the thing was, when I was reading it, I'm reading this and I'm thinking, okay, if this had happened to me, if he had been, you know, one of those stains in my life and these two journalists had called me up and said, look, we want to share your story.
Would I, you know, because look what's going on, his criminal cases are basically teetering at best at the moment. Because he's got a pretty powerful team.
Did you see him walking in with his walker?
My goodness. It does look pretty rough there.
Are we sure he's not wearing one of those 3D-printed masks to try and stop—
He's got a lot of little hair too. Exactly!
Yeah. I don't think you'll be able to sell very many Harvey Weinstein rubber masks, Carole. I don't think people want to disguise themselves as him.
That's what it's all—
Comes full circle.
Based on reading this book and, you know, following the story, I have just become a New York Times subscriber because I've been basically gulping down loads of their content.
So I'm adding it to my official news subscription. So there you go, so my pick of the week this week is take a read of She Said.
It's really fascinating about how they were able to nail down all the facts and got the ball rolling on the MeToo front.
Based on reading this book and, you know, following the story, I have just become a New York Times subscriber because I've been basically gulping down loads of their content.
So I'm adding it to my official news subscription. So there you go, so my pick of the week this week is take a read of She Said.
It's really fascinating about how they were able to nail down all the facts and got the ball rolling on the MeToo front.
Very interesting. Well, on that literary note, we've just about wrapped up the show for this week.
Mike, I'm sure lots of our listeners would love to follow you online or find out more about what you're up to. What's the best way for chaps to do that?
Mike, I'm sure lots of our listeners would love to follow you online or find out more about what you're up to. What's the best way for chaps to do that?
I would point them to that YouTube link if they— all they need to know is that's just what my dog looks like, and here's my blanket that I sleep with sometimes.
But yeah, start there, and then maybe some kind of facial recognition with the dog. You can— you'll find me, you'll find me. It's 2020, you'll figure it out.
But yeah, start there, and then maybe some kind of facial recognition with the dog. You can— you'll find me, you'll find me. It's 2020, you'll figure it out.
And you can follow us on Twitter @SmashingSecurity, no G. Twitter wouldn't allow us to have a G. And you can also continue the discussion with us on Reddit.
Go and find us on the Smashing Security subreddit. And don't forget to subscribe to Smashing Security in your favorite podcast app, such as Castbox.
Go and find us up there and you'll never miss another episode.
Go and find us on the Smashing Security subreddit. And don't forget to subscribe to Smashing Security in your favorite podcast app, such as Castbox.
Go and find us up there and you'll never miss another episode.
Yes, thank you to all of you for listening to us this week, supporting us on Patreon, and giving us wonderful reviews.
Also, a big shout out to this week's Smashing Security sponsors Domain Tools and LastPass. Their support helps us give you this show for free.
Check out smashingsecurity.com for past episodes, sponsorship details, and info on how to get in touch with us.
Also, a big shout out to this week's Smashing Security sponsors Domain Tools and LastPass. Their support helps us give you this show for free.
Check out smashingsecurity.com for past episodes, sponsorship details, and info on how to get in touch with us.
Until next time, cheerio, bye-bye, see you later, adios.
Well, there you go, my gentle friends. Well, one friend and the other guy.
And the other guy. It wasn't me. I just said I didn't like her.
And I'll just go drink my sorrows away. Thanks, Graham.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Michael Hucks
Show notes:
- YOU Season 2 Trailer — YouTube.
- Hospital administrator sacked for using NHS computer to download over 10,000 records is spared jail — Daily Mail.
- Robocalls: Americans got 58.5 billion in 2019, up 22% from last year — USA Today.
- Microsoft and Google just can't agree on proposed ban on facial recognition — ZDNet.
- Clearview – Technology to help solve the hardest crimes.
- The Secretive Company That Might End Privacy as We Know It — New York Times.
- Clearview FAQ (PDF).
- Episode review: Columbo Double Shock — Graham got it wrong. It was Martin Landau, not Leonard Nimoy, who played the twins. And they weren’t surgeons (but Nimoy did play an evil surgeon in a different Columbo episode that season)
- Eunoia: Words that Don't Translate.
- Dog wagging her tail every time she sees her owner — YouTube.
- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement — Amazon.com.
- Harvey Weinstein Paid Off Sexual Harassment Accusers for Decades — New York Times.
- ‘She Said’ Recounts How Two Times Reporters Broke the Harvey Weinstein Story — New York Times.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: LastPass
LastPass Enterprise makes password security effortless for your organization.
LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Sponsor: DomainTools
DomainTools helps security analysts turn threat data into threat intelligence. Its solutions give organizations the ability to use and create a forensic map of criminal activity, assess threats and prevent future attacks.
Learn more about their products at domaintools.com, or visit domaintools.com/smashing to enter their Capture The Flag competition and be in with a chance to win a $100 gift card.
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Castbox, Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
