Why are Zoom and Twitter making some people disappear? How are Counter-Strike: Global Offensive cheats getting their just desserts? And the founder of a anti cyber-fraud firm is charged with fraud.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Hi everybody, Carole Theriault here. I just want to introduce you to a handful of beautiful people. These superstars are Patreon supporters of Smashing Security.
This week, shout out goes to Chefkat Ajaz, Darren Wolf, Alwin Karuvilla, Vartan Andreev, Rafael Santiago, Kristen M, Michael Kebdi, Mark Luxton, Erwin Coy, and Jason.
Thank you all for your support. It means the world to us.
If you are not a supporter but would like to be and want to join this amazing community, you can find out all about it on smashingsecurity.com/patreon. It's pretty simple, right?
SmashingSecurity.com/patreon. Okay, on with the show.
This week, shout out goes to Chefkat Ajaz, Darren Wolf, Alwin Karuvilla, Vartan Andreev, Rafael Santiago, Kristen M, Michael Kebdi, Mark Luxton, Erwin Coy, and Jason.
Thank you all for your support. It means the world to us.
If you are not a supporter but would like to be and want to join this amazing community, you can find out all about it on smashingsecurity.com/patreon. It's pretty simple, right?
SmashingSecurity.com/patreon. Okay, on with the show.
But would you expect antivirus software, for instance, to detect these? Should we be protecting the cheaters?
Are you trying to open a market to get AV onto consoles?
I think that's a really interesting question because I'm not sure I would expect AV to detect— I don't think we need to name names here.
Smashing Security, episode 197: Greedy Bosses: Game Cheats. Ransomware, phishing, malware, LastPass, and virtual beheadings with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 197. My name's Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 197. My name's Graham Cluley.
I'm Carole Theriault.
And Carole, we are joined this week by returning guest, it's Mark Stockley. Hello, Mark.
Hello.
Welcome, Mark.
Oh, thanks.
Welcome back. We're so pleased that you weren't out and about doing something. Well, you can't be now anyway under British rules, can you?
Well, there's an announcement coming later today for the UK.
No, it's come out, it's come out, Carole.
Oh, has it?
Yeah. Yep.
Although there's probably one after the podcast as well. I'm a bit concerned. I haven't looked for 5 minutes. So I'm not sure I'm fully up to date. I think—
Are we back in lockdown or not yet?
We're in, we're out, we're shaking it all about.
Okay, great.
Yeah.
As long as you do it with a mask on, I don't care.
But we have a podcast for you, don't we, Carole? What's coming up this week?
Well, first, let's thank this week's sponsors, LastPass and Immersive Labs. Their support help us give you this show for free.
Now coming up on today's show, Carole visits the world of video game cheats.
Mark looks into a virtual beheading on Twitter, and I'll introduce you to a very brazen but exceptionally dull IT security CEO.
All this and much more coming up on this episode of Smashing Security.
Now coming up on today's show, Carole visits the world of video game cheats.
Mark looks into a virtual beheading on Twitter, and I'll introduce you to a very brazen but exceptionally dull IT security CEO.
All this and much more coming up on this episode of Smashing Security.
Now, chums, chums, do you love games? Do you love playing games, online games? Yeah. What kind of games do you like, Mark?
I have just discovered, 10 years after it came out, World of Tanks.
Oh!
Which is— that's good for me. Normally I'm about 20 years out of date on the games I play, but I'm now only 10 years out of date. I'm completely hooked.
And I've succeeded in getting my son hooked as well.
And I've succeeded in getting my son hooked as well.
Yes, my son plays this as well.
It's called World of Tanks?
World of Tanks.
It's a multiplayer— you're driving tanks around on terrain and— tanks. Shocked.
Yeah, I was thinking the title maybe gave it away there.
World of Trucks is a much, much more boring game.
Did I say trucks?
It never really took off.
Yeah. Oh my goodness.
It's exactly as deep and thoughtful and thought-provoking as you would imagine from a title like World of Tanks. It is literally a world full of tanks.
And there's no World of Trucks or World of Milk Floats or anything else which—
There may be. I don't think the marketing budget for those is as big. There's a World of Warships. And there's a World of Warplanes, I think. You can see a theme developing here.
Oh, okay. Ah, yes. Now, how important is it for you or indeed your son to win these games? Is that something that really matters to you?
I would say it's massively important to both of us. Which is why it's good that we're playing other people.
Do you play together?
Not yet. I think that's coming. We've only— we've literally just got into this.
Would you cheat? Oh no. No, you—
Well, not unless I was playing my son. Obviously then, you know, whatever works.
What about you, Carole? Would you cheat at a game?
No, never, Graham.
Funny, because I wanted to remind you about a time when you came round to my house.
I think it was— Well, it must have been a million years ago, as you came round to my house, and we were playing a game called Rapido. Not online, obviously.
I think it was— Well, it must have been a million years ago, as you came round to my house, and we were playing a game called Rapido. Not online, obviously.
Excuse me, excuse me. Is this about online games?
I was talking about online games, but now I'm talking about whether you are prepared to cheat at games. And in my experience, you are prepared to cheat.
Okay, I have a question for you. Do I admit it right away? As soon as I've won? Don't I then say, "I won and I cheated!" That isn't right away. Yeah, but it is right away.
That's a little bit like killing someone, isn't it? And then say, "Oh yeah, it was me." It's like, it doesn't really undo the fact that you've ruined something.
Okay, so you've been harbouring this for 15 years?
Yeah, about that. Anyway, I just wanted to find out where you stand, because there is, of course, a lot of cheating which goes on. In online games.
My son has discovered Fortnite during lockdown when he wasn't going to school, and all the time, if the game's going badly, he'll go, "Cheater!" He'll say, "Cheater!" Or he'll say, "It's an aimbot!
It's an aimbot! There's a hacker, Dad! There's a hacker in the game!" Because he can't understand how someone managed to beat him.
And there are, it seems, there is an active cheating community and people who write hacks for these games, particularly PUBG games. Are you familiar with PUBG?
My son has discovered Fortnite during lockdown when he wasn't going to school, and all the time, if the game's going badly, he'll go, "Cheater!" He'll say, "Cheater!" Or he'll say, "It's an aimbot!
It's an aimbot! There's a hacker, Dad! There's a hacker in the game!" Because he can't understand how someone managed to beat him.
And there are, it seems, there is an active cheating community and people who write hacks for these games, particularly PUBG games. Are you familiar with PUBG?
No.
PUBG, I think it stands for, oh, Player Unknown Battlegrounds. These are games like Fortnite where a whole bunch of people are thrown into an arena, which might be like an island.
And over time, the perimeter gets smaller and smaller as people get killed off. And it's like a survival of the fittest sort of thing.
And these are often sort of first, sort of, what are they called? First-player shooter or something?
And over time, the perimeter gets smaller and smaller as people get killed off. And it's like a survival of the fittest sort of thing.
And these are often sort of first, sort of, what are they called? First-player shooter or something?
First-person shooter.
Thank you very much.
You're really immersed in this world.
I know, I'm glad he did so much research, you know?
But there's all kinds of cheats which occur, right? So there are, for instance, aimbots. So these aimbottery is where you, it will automatically—
Can I just ask a question? So how hard is it to write these cheats? So presumably this game, it's a closed game, right?
It's not like it's got an open-source forum for people to create cheats.
It's not like it's got an open-source forum for people to create cheats.
Yeah, and I think cheats are written for particular platforms as well.
I think you're more likely to get the cheat on, for instance, if you're running a Windows PC than if you're running it on a sort of more closed system like a video games console.
I think you're more likely to get the cheat on, for instance, if you're running a Windows PC than if you're running it on a sort of more closed system like a video games console.
So a cheat is different from figuring out a tweak in the algorithm. So if you do something 14 times, this happens.
That's right. So it's an additional piece of code which might get injected into the game.
So is this a binary patch?
Yes.
You choose to do this. You say, I want this, 'cause I want—
That's right.
Whatever. Okay, gotcha.
So, for instance, automatically align your gun sights with someone's head, right? 'Cause headshots get you more points.
Oh, that's nice. Yeah, good. Love that. Love that.
Where can I get that one?
Not in real life. Not in real life, Mark. No, I meant World of Tanks. There's spamming or speed hacks, right?
Which are where you automatically open fire as soon as someone walks into your line of sight.
Which are where you automatically open fire as soon as someone walks into your line of sight.
That's a total cheat.
Well, some of these you can actually turn on within the games if you want to. So my son and his friend quite like me to play Fortnite with them because I'm terrible at Fortnite.
And so we go into this creative mode and because I can't even work out how to fire the gun, and I just can about walk around.
They say, look, look, look, what we'll do is we'll turn on automatic firing. So when you're pointing in a particular direction at something, it will fire.
The only problem is I get stuck in the game and they will say things like, follow me, Graham, right? And then I turn to them and I shoot them in the head. So I actually—
And so we go into this creative mode and because I can't even work out how to fire the gun, and I just can about walk around.
They say, look, look, look, what we'll do is we'll turn on automatic firing. So when you're pointing in a particular direction at something, it will fire.
The only problem is I get stuck in the game and they will say things like, follow me, Graham, right? And then I turn to them and I shoot them in the head. So I actually—
What, you shoot them in the head?
Not deliberately. Not deliberately.
In the game, you mean?
In the game.
In the game, yes.
So far it's only happened in the game.
What I'm most amused by is the fact that your son calls you Graham.
Oh. There was a whole period of time when he— Yeah, he did do that.
Do you shake hands when you see him in the morning?
And there are other things as well, like seeing through walls. So a hack might mean that you can see through walls and people can't hide away from you anymore, right?
And do the makers of these games? Are they pissed off about these changes?
Oh, yes. Oh, I think they're not very keen on it.
There's a whole new world for me. I don't really—
Because of course, these kind of cheats and hacks are used against legitimate players.
Yeah.
And who follow the rules. And in some games these days, obviously there's big money to be made, right? Through esports and leagues which you can join.
And it's quite extraordinary, right? So they don't want people installing these cheats. And so—
And it's quite extraordinary, right? So they don't want people installing these cheats. And so—
Yeah, they're basically acting like Lance Armstrongs, aren't they?
Yes, exactly.
Okay.
I'm just trying to understand it in my own frame of mind.
Yeah, they don't have to date Shania Twain. Was it Shania? No, it wasn't Shania Twain, was it? What was the one she ended up with?
Sheryl Crow.
Sheryl Crow. Sheryl Crow. Sheryl Crow, Shania Twain. I can't tell them apart.
One's Canadian.
Okay, well, that helps. Okay, so people don't like cheats, right? Cheating in online games, not a cool thing.
And some people have tried to do something about it, including a chap called ScriptKid. He doesn't like cheaters, or as he calls them, cheaters.
He says he was inspired by a YouTuber called Mark Rober who created the famous glitter bomb viral video. Did you ever see that? There was a video that came out by this chap.
It may be the same guy who did the squirrel assault course. I'm not sure. But he created this package which he left on his doorstep because he was fed up of people stealing packages.
And he booby-trapped it with a glitter bomb.
And some people have tried to do something about it, including a chap called ScriptKid. He doesn't like cheaters, or as he calls them, cheaters.
He says he was inspired by a YouTuber called Mark Rober who created the famous glitter bomb viral video. Did you ever see that? There was a video that came out by this chap.
It may be the same guy who did the squirrel assault course. I'm not sure. But he created this package which he left on his doorstep because he was fed up of people stealing packages.
And he booby-trapped it with a glitter bomb.
That sounds like a missed opportunity to me.
What, you think they should have used nails or something?
Yeah, or a Doberman or something. Whoa!
Okay.
You can't put a glitter bomb inside a Doberman.
Mark's been inside I haven't seen this slide in a long time. Okay.
Anyway, so what ScriptKid thought was, well, wouldn't it be fun to get our own back at these cheats?
So what he did was he created some cheats for PUBG games and specifically a game called Counter-Strike: Global Offensive, known as CS:GO.
And you might think, why is he creating cheats if he's against cheaters? And I'll tell you why, because his cheats did something that the cheaters were not expecting.
So his cheats, fortunately, didn't do anything malicious in sort of malwarey way, like stealing information or damage the cheater's computer.
So what he did was he created some cheats for PUBG games and specifically a game called Counter-Strike: Global Offensive, known as CS:GO.
And you might think, why is he creating cheats if he's against cheaters? And I'll tell you why, because his cheats did something that the cheaters were not expecting.
So his cheats, fortunately, didn't do anything malicious in sort of malwarey way, like stealing information or damage the cheater's computer.
Did they release a Doberman?
No, did nothing like that. No.
I feel like I'm on Planet Tron right now.
So he didn't want to ruin, you know, he thought just ruining the cheater's game was enough, right? So what he did was he wrote cheat code and he promoted it through Google Ads.
He spent hundreds of dollars on Google Ads.
He spent hundreds of dollars on Google Ads.
Okay, so he's probably a 62-year-old script kid. He obviously has a lot of money.
Well, I think he probably makes quite a lot of money from his YouTube channel, Carole, because he now has a quite astonishing number of followers.
He has 200,000 subscribers and 8 million views after only publishing 4 videos.
He has 200,000 subscribers and 8 million views after only publishing 4 videos.
Does he put his face on these?
Oh, he cheats.
No, no, he doesn't.
No, no, it's like he's anonymous. He's anonymous script kid.
Yes, he wears a Warner Brothers Anonymous kind of—
Hoodie?
Yes, face mask. V for Vendetta style. I love, by the way, that all those people who wear those Anonymous masks, because those are all copyright Warner Brothers. It's them.
It's a great big multinational which is making all the money out of selling those masks. It's like, have Anonymous not thought this through? Really?
Anyway, so he created these cheat codes, right? And the stuff for people to download. And it turned out thousands of people did. And his cheats did sneaky things.
Like, for instance, they would randomly show a great big huge crosshair on your screen, obscuring your view, right? Fairly obvious. You'd think, saying, what was going on there?
But there were other tricks they did. Like, for instance, it would suddenly drop grenades, which you're carrying, at your own feet, and then stop you from running away.
So you sort of blew up your legs. Burnt to death. Or randomly change the direction that you're running in.
It's a great big multinational which is making all the money out of selling those masks. It's like, have Anonymous not thought this through? Really?
Anyway, so he created these cheat codes, right? And the stuff for people to download. And it turned out thousands of people did. And his cheats did sneaky things.
Like, for instance, they would randomly show a great big huge crosshair on your screen, obscuring your view, right? Fairly obvious. You'd think, saying, what was going on there?
But there were other tricks they did. Like, for instance, it would suddenly drop grenades, which you're carrying, at your own feet, and then stop you from running away.
So you sort of blew up your legs. Burnt to death. Or randomly change the direction that you're running in.
Okay, I have way more questions here. Is it illegal to use these cheats?
It might be against the terms and conditions.
Like slap on the wrist bad.
Well, no, it might be against the terms and conditions of the video game producer. They may have in their terms and conditions you shouldn't run a cheat.
So Fortnite dudes won't care if you use a cheat and ruined your whole play?
I don't think they're gonna care if people shoot their own feet off.
No, exactly, okay.
But they won't like it if you are using what's, let's call it a legitimate cheat, to get an advantage or to make other people's play less fun.
No, no, I understand that. I might be pissed off, right? If I downloaded this cheat and—
Of course you would! Some of these cheats, Krow—
I'm just trying to get my question across.
You leap off tall buildings—
Stop talking for one second. Just stop talking.
Invisible tripwires.
Just stop talking. So I am— I'm your son, okay? I want to use these cheats. I download the cheats.
This is disastrous. Yes.
I download the cheats, right? I have a game with loads and loads of points and blah, blah, blah. And somehow I screw everything up and lose my character.
And it's almost the end of the world, right? And I get set back tons. And I'm like, boo-hoo-hoo, you know, my character. God, this is awful.
There's no one I can go to, right, to complain because it's basically my fault.
And it's almost the end of the world, right? And I get set back tons. And I'm like, boo-hoo-hoo, you know, my character. God, this is awful.
There's no one I can go to, right, to complain because it's basically my fault.
Because you can't walk because your feet have been blown off.
Yeah, but no one wants to hear my lament, right? All I'm saying is ScriptKid's quite smart because who's gonna—
Yeah, I don't think because he's not doing anything to people's data and they're willingly doing it. See, it's an interesting question. Is this a Trojan horse or not?
'Cause it's doing something—
'Cause it's doing something—
Absolutely.
—users weren't expecting. Yeah. But would you expect antivirus software, for instance, to detect these? Should we be protecting the cheaters?
Are you trying to open a market to get AV onto consoles?
I think that's a really interesting question because I'm not sure I would expect it to detect— I don't think we need to name names here because I don't think you would expect it necessarily to detect that the software is malicious because is it really malicious?
But I think if you have software and it's changed and it's changed in a way the original manufacturer didn't intend, you know, it's a bit you can get micro patches for software that's got holes in it, which isn't produced by the original manufacturer.
Right. And there's a big question mark about should you install those? Because they might protect you, but they might do that at the expense of your warranty.
But I think if you have software and it's changed and it's changed in a way the original manufacturer didn't intend, you know, it's a bit you can get micro patches for software that's got holes in it, which isn't produced by the original manufacturer.
Right. And there's a big question mark about should you install those? Because they might protect you, but they might do that at the expense of your warranty.
So these traps, which ScriptKid is planting during cheaters' gameplay, some of them are really quite nasty, right? You know, it has people jumping off buildings and things.
He's not planting them, people are installing them. That's right, they're installing them.
And what happens is the cheat then also sends the footage of the video gameplay to ScriptKid, who then edits it into videos to put up on YouTube. So he gets a good laugh out of it.
He's not planting them, people are installing them. That's right, they're installing them.
And what happens is the cheat then also sends the footage of the video gameplay to ScriptKid, who then edits it into videos to put up on YouTube. So he gets a good laugh out of it.
Is it okay that he's capturing screengrabs of people's screens?
Well, it's capturing the gameplay. It's not the entire screen. So I don't think there's any personal information.
You can find out more about ScriptKid and his activities in a profile on Vice Motherboard written by Lorenzo Franceschi-Bicchierai.
So go and check it out there, and we will put links in the show notes.
You can find out more about ScriptKid and his activities in a profile on Vice Motherboard written by Lorenzo Franceschi-Bicchierai.
So go and check it out there, and we will put links in the show notes.
I don't understand how he can carry on.
Surely everyone will go, "Oh, don't download the game things from ScriptKid, 'cause he's a dick." I don't think he announces, "I'm ScriptKid." I don't think he is.
He doesn't say, "Hey, here's a free cheat from your buddies at ScriptKid." "Hey, I've won.
Surely everyone will go, "Oh, don't download the game things from ScriptKid, 'cause he's a dick." I don't think he announces, "I'm ScriptKid." I don't think he is.
He doesn't say, "Hey, here's a free cheat from your buddies at ScriptKid." "Hey, I've won.
I cheated." I just don't get it.
I don't get any of this. This is a whole world I don't understand. I don't care about.
Next! Mark, what have you got for us this week?
Well, I'm going to talk to you about a virtual beheading.
Oh, nice.
Yeah.
You know this is a comedy show.
So my story starts, as many do these days, with a tweet, which I bumped into on Sunday morning.
And it was a tweet by someone I don't know, a very well-educated chap called Colin Madland.
And it turns out Colin has got a friend who keeps getting beheaded virtually on Zoom calls.
And it was a tweet by someone I don't know, a very well-educated chap called Colin Madland.
And it turns out Colin has got a friend who keeps getting beheaded virtually on Zoom calls.
What do you mean beheaded virtually?
Well, you know what a body looks like?
Yeah. Okay, yeah, it's a trick question.
Now, if you remove the head—
So basically it's just showing the background.
Does he just not know how to angle his webcam? Is that what's going on?
I tell you what. I hope you enjoyed my story. In case— Shall I read you the tweet? Yes, please do.
So, tweet said, "A faculty member has been asking how to stop Zoom from removing his head when he uses a virtual background." Oh!
"We suggested the usual plain background, good lighting, etc., but it didn't work.
I was in a meeting with him today and I realised why this is happening." Now, we should just talk very briefly about virtual backgrounds.
I imagine you both know what a virtual background is.
So, tweet said, "A faculty member has been asking how to stop Zoom from removing his head when he uses a virtual background." Oh!
"We suggested the usual plain background, good lighting, etc., but it didn't work.
I was in a meeting with him today and I realised why this is happening." Now, we should just talk very briefly about virtual backgrounds.
I imagine you both know what a virtual background is.
I think anyone listening to this show has had to deal with it.
Yes, a green screen. Yeah. Is he from Venus or something?
It's not quite a green screen. Oh, okay.
You tell me then.
When you're using Zoom or something like that, you can choose a picture.
Basically, you choose a picture of a place you would rather people thought you lived than the place you actually live. And then Zoom will insert that behind you.
Now, of course, the interesting part of that is Zoom has to work out where you are. And then from that, it can work out what's behind you.
Basically, you choose a picture of a place you would rather people thought you lived than the place you actually live. And then Zoom will insert that behind you.
Now, of course, the interesting part of that is Zoom has to work out where you are. And then from that, it can work out what's behind you.
I've rarely seen this thing work, to be fair.
Oh, so it does this when you don't have a green screen? It can do this. It can work it out. Yes, exactly. Yes. Very clever.
Yeah. No, no, no. Yeah, you can do it. You can do— anyone can do it, Graham. You can do it on your next Zoom call.
And they have pre-settings like beach or cityscape or something like this.
And they have pre-settings like beach or cityscape or something like this.
Baby Yoda.
You know, and you can probably download loads of them. It's not great. You know, if you don't stay super still, you know, they kind of tend to disappear into the background.
I see. I see. And sometimes lose limbs, you know.
Can I just say it had never occurred to me that I would be on a podcast with somebody who didn't know what a virtual background was.
He's not coming back. Smug little shit. Yeah, shit. What a thing to say on our fucking podcast. Carole, what's your story this week?
Keep going, Mark. Ignore him.
Okay, so with a green screen, obviously what the software is doing is it's saying, right, replace all the green bits with the background.
Zoom can't do that because there isn't green behind you. It could be anything, could be a very jumbled scene. So what it has to do is it has to say, where is the person?
And obviously with a Zoom call, that's quite often a person's face, and then it can put the background on everything that's not the person.
So what was happening in this case is that Zoom's face recognition algorithm was looking at the friend and it was saying, nope, there are no faces in this picture, and then just covering the friend's face with the virtual background.
Hence beheading. Now, it wasn't doing it to Colin.
Zoom can't do that because there isn't green behind you. It could be anything, could be a very jumbled scene. So what it has to do is it has to say, where is the person?
And obviously with a Zoom call, that's quite often a person's face, and then it can put the background on everything that's not the person.
So what was happening in this case is that Zoom's face recognition algorithm was looking at the friend and it was saying, nope, there are no faces in this picture, and then just covering the friend's face with the virtual background.
Hence beheading. Now, it wasn't doing it to Colin.
Okay, does this guy have a very, very small head? Could that have been the problem?
Pinhead. He was really far away.
Yeah, he was sitting in the kitchen.
It wasn't doing it to Colin. And the obvious difference between them is that Colin's friend is dark-skinned. And Colin is basically as white as alabaster.
Now, that was just the beginning. It actually got worse. So Colin has discovered what he thinks is a racial bias problem with Zoom, in that it can't recognize dark-skinned faces.
Now, there's good reason for him to be suspicious of this.
I mean, you know, one data point does not make a trend, but there's reason for him to be suspicious because actually racial bias in face recognition is a very, very well-documented and well-understood problem that has a lot of people worried.
But as I said, it actually got worse than that because Colin decided he was going to tell the world. And as I said, I found this out through a tweet.
So he thought he would tell the world by tweeting about this, and he illustrated the problem.
Now, that was just the beginning. It actually got worse. So Colin has discovered what he thinks is a racial bias problem with Zoom, in that it can't recognize dark-skinned faces.
Now, there's good reason for him to be suspicious of this.
I mean, you know, one data point does not make a trend, but there's reason for him to be suspicious because actually racial bias in face recognition is a very, very well-documented and well-understood problem that has a lot of people worried.
But as I said, it actually got worse than that because Colin decided he was going to tell the world. And as I said, I found this out through a tweet.
So he thought he would tell the world by tweeting about this, and he illustrated the problem.
Oh no, he didn't black himself out?
No, he didn't. We would not be telling the story today if he had done. My eyes are just— they just grew about 50 times. So Carole, what have you got for us?
He didn't use a picture of Justin Trudeau, did he? Oh gosh, Graham!
No, I'm wondering what horror has happened. The one thing, the one thing that he did that was a bit uncouth.
There are other bad things Justin Trudeau has done. Oh really?
Yes. Would you prefer him to your current leader?
Hey, he is criminally handsome. Well, I don't—
Actually, he's quite— I don't find him interesting in the least.
Again, would you rather, or the current Prime Minister, or the President of the USA right now?
Exactly. Moving on.
Yes, come on. Back to Zoom.
So, as I was saying, Colin took to Twitter to make his point. And he decided to illustrate the problem with a side-by-side picture.
And on one side of the picture, it had his friend's Zoom screen. So, sort of screen rectangle. And then on the other side, it had his own screen. And then he looked at his own tweet.
So he tweeted this picture, and then he looked at his own tweet on his mobile phone, and he saw something odd. Because the picture was just him.
And because the picture was quite wide, Twitter had had to crop it. And it turns out that Twitter tries to work out which part of a photograph is the most interesting.
And then it crops with that in the middle.
And on one side of the picture, it had his friend's Zoom screen. So, sort of screen rectangle. And then on the other side, it had his own screen. And then he looked at his own tweet.
So he tweeted this picture, and then he looked at his own tweet on his mobile phone, and he saw something odd. Because the picture was just him.
And because the picture was quite wide, Twitter had had to crop it. And it turns out that Twitter tries to work out which part of a photograph is the most interesting.
And then it crops with that in the middle.
So I didn't know Twitter did that. It's quite clever that it does that, isn't it? That it tries to choose what— I mean, as long as they get it right. Rather than just auto—
No, tell us how great Twitter is, Graham. You're absolutely on brand for this story.
Rather than just taking the middle of the image, it's trying to make an intelligent guess. But in this case, it's taken—
Graham, why don't you take a full selfie in the buff? Full body selfie. Slap it up on Twitter and we'll see which bit of your body it decides to focus on.
Which bit most looks like a middle-aged man, you mean? Interesting.
Knowing what I know about Graham, I think I know which part of the picture it would centre on.
Please, increase your resolution. It wasn't that bit.
Anyway, so a picture, two Zoom screens, one with the friend, one with Colin in it. And Twitter crops to Colin. So he thinks, "Well, I was on the right-hand side. That's a bit odd.
Surely it would crop from the left." So he flipped the picture and put himself on the left and the friend on the right. And he got exactly the same result—a picture of himself.
Twitter handled this really well.
Surely it would crop from the left." So he flipped the picture and put himself on the left and the friend on the right. And he got exactly the same result—a picture of himself.
Twitter handled this really well.
Why don't you and me do it? We'll do a side-by-side headshot.
Maybe there's a sex thing.
Yeah, we'll see if there's a sex thing, yeah.
It's funny you should mention that, because if you go to twitter.com/GrahamOrCarole—
Okay.
I have already done that for you.
But there's an account called GrahamOrCarole? Oh my god, Mark! Graham or Carole? There's Nelson Mandela there as well. No followers.
So who will Twitter prefer—Graham Cluley or Nelson Mandela?
So who will Twitter prefer—Graham Cluley or Nelson Mandela?
So, as I was saying, this is just Colin who's done this.
And he says, "I think I've detected a racial bias in the face recognition used by Zoom, and in talking about that on Twitter, I think I've also detected the same problem on Twitter." Now, this is Twitter, so there were lots of people who disagreed with him, lots and lots of unsolicited advice about lighting rigs and "what about this?" and "clearly it's this thing," but also lots of people trying to reproduce the experiment.
And actually lots of people doing it with some success. Now, we don't know if they showed us the ones that weren't successful.
It's not a real scientific experiment, but what they were doing is they were creating very wide or very tall photographs.
So imagine a long, thin white rectangle with a photograph of a person at each end. And I thought that looked rather fun.
So I thought we ought to find out who Twitter preferred—does it prefer Graham or Carole? And I thought also, we should mix a dark-skinned face in there.
And I couldn't think of anybody that I wanted to include more than Nelson Mandela, who is probably the best candidate for sort of president of the world, if we had one.
And he says, "I think I've detected a racial bias in the face recognition used by Zoom, and in talking about that on Twitter, I think I've also detected the same problem on Twitter." Now, this is Twitter, so there were lots of people who disagreed with him, lots and lots of unsolicited advice about lighting rigs and "what about this?" and "clearly it's this thing," but also lots of people trying to reproduce the experiment.
And actually lots of people doing it with some success. Now, we don't know if they showed us the ones that weren't successful.
It's not a real scientific experiment, but what they were doing is they were creating very wide or very tall photographs.
So imagine a long, thin white rectangle with a photograph of a person at each end. And I thought that looked rather fun.
So I thought we ought to find out who Twitter preferred—does it prefer Graham or Carole? And I thought also, we should mix a dark-skinned face in there.
And I couldn't think of anybody that I wanted to include more than Nelson Mandela, who is probably the best candidate for sort of president of the world, if we had one.
A person as well of similar stature to Carole and myself.
So, what I've done—
In the celeb realm.
Yep, yep.
Doesn't have a podcast though, does he? So I think that's one for us.
Doesn't have a heartbeat right now, so—
If he had a podcast, I'd still listen to it.
So I took photographs of you all and I sized them so that your eyes and your mouth and your chin were at about the same level and that your faces were roughly the same size.
So in Graham's case, I had to reduce the photograph quite a lot.
And I've created long thin photographs with Graham at one end and Carole at the other, and then flipped it so that Carole's at the left and Graham's on the right.
And then pitted you against each other and then against Nelson Mandela to see if there's any sexual bias or racial bias in the Twitter algorithm.
And I think what we can conclude from looking at it is, in the case of Graham versus Carole, it couldn't pick a winner.
In a case of both of you against Nelson Mandela, Nelson Mandela, I am happy to say, won in every situation.
So I took photographs of you all and I sized them so that your eyes and your mouth and your chin were at about the same level and that your faces were roughly the same size.
So in Graham's case, I had to reduce the photograph quite a lot.
And I've created long thin photographs with Graham at one end and Carole at the other, and then flipped it so that Carole's at the left and Graham's on the right.
And then pitted you against each other and then against Nelson Mandela to see if there's any sexual bias or racial bias in the Twitter algorithm.
And I think what we can conclude from looking at it is, in the case of Graham versus Carole, it couldn't pick a winner.
In a case of both of you against Nelson Mandela, Nelson Mandela, I am happy to say, won in every situation.
Yeah, oh, he has. Well done, Nelson.
So you basically disproved any racism in Twitter with this test. Is that what you're saying?
Yeah, that's exactly what I'm saying.
Okay.
Carole, what's your topic this week?
Okay, first, a challenge to you both. Okay, so there's a place where I thought, oh, this would be such a good joke, but I couldn't make it myself because I made the line.
So I'm going to give you the line and you have to try and reverse engineer and figure out where it goes. So the line you got to say is, hey, no fat jokes.
So I'm going to give you the line and you have to try and reverse engineer and figure out where it goes. So the line you got to say is, hey, no fat jokes.
Hey, no fat jokes.
Hey, no fat jokes.
A bit like Jeopardy, right? You're going to hear me come up with a line, and then you got to just jump in. Whoever jumps in first wins the prize.
All right, okay.
Now, have you heard of Adam Rogas? Because Adam Rogas is a pretty important guy.
Hey, no fat jokes. No, I haven't heard of him.
No, he has many responsibilities. He's a very, very important man. He's a founder, he's a CFO, he's a CEO, and he's a board member of a startup called NS8. NS8, like the number.
Now NS8 is based in Las Vegas, Nevada, and it markets cyber prevention tools. So basically it says—
Now NS8 is based in Las Vegas, Nevada, and it markets cyber prevention tools. So basically it says—
Tools that prevent cyber.
Tools which stop the internet from working.
Oh sorry, yeah, cyber fraud prevention tools.
Oh, okay, okay, okay.
I'm very sorry, I word dropped there. And it markets cyber fraud prevention tools. Basically they analyze user behavior and they weed out fraudulent and costly transactions.
Among Adam's many, many corporate responsibilities at NS8—CEO, CFO, board member, et cetera—he was also chief fundraiser.
And this really isn't unusual in the startup hustle, right? You need the big guns to present their vision and growth opportunities to onboard the financiers.
I mean, if you were looking for investment money, you wouldn't send out the coffee guy, right? You'd go yourself, right?
Among Adam's many, many corporate responsibilities at NS8—CEO, CFO, board member, et cetera—he was also chief fundraiser.
And this really isn't unusual in the startup hustle, right? You need the big guns to present their vision and growth opportunities to onboard the financiers.
I mean, if you were looking for investment money, you wouldn't send out the coffee guy, right? You'd go yourself, right?
It's funny you mentioned coffee because when you first said fundraiser, I imagined it was like a garden fête or something, and I only later twigged that you meant, oh, you mean getting some serious money in rather than—
Yes, serious money. So he's raising money for his own—
Yeah, so he wants to get investors, so he does the circuit, right? He goes around going, we have some great offering, we do, we—
Yeah, yeah, yeah. Well, what's wrong with that?
Exactly, there's nothing wrong with that.
Yeah, okay, so yeah, so they want some investment money and in the fall of 2019 and all the way to the spring of 2020, NS8 engaged in fundraising rounds.
They issued Series A preferred shares as the prize and they obtained an estimated $123 million in investor funds, which is nice. No, it's not chump change.
This money, of course, and the exchange gets moved under NS8's control. This is NS8's investor cash.
Probably earmarked to grow the startup, onboard customers with unprecedented haste. That's probably what the money's for.
Yeah, okay, so yeah, so they want some investment money and in the fall of 2019 and all the way to the spring of 2020, NS8 engaged in fundraising rounds.
They issued Series A preferred shares as the prize and they obtained an estimated $123 million in investor funds, which is nice. No, it's not chump change.
This money, of course, and the exchange gets moved under NS8's control. This is NS8's investor cash.
Probably earmarked to grow the startup, onboard customers with unprecedented haste. That's probably what the money's for.
Yeah, also yachts. Yes, and bean chairs, pool tables.
And they are based in Vegas. I wonder if you should put it in the slots.
And titties. Yeah, boats and titties. Titties and slots, chum. Moving on. And this is like just, we know this, but just a reminder, investors are not all altruistic.
You know, for the most part, they are happy to part with a piece of their cream pie, but only if they buy into the promise that they're going to get a reward of a truckload of cream pies in the not too distant future.
So that's the game. However, funds went down a little differently at NS8.
You see, as well as all the responsibilities we talked about for Adam, you know, founder, CEO, CFO, chief fundraiser, he also maintained control over the company bank account that accepted all the money paid in by customers.
Okay. And Rogas also maintained control over the spreadsheets that purportedly tracked the customer's revenue, which were used to generate NS8's financial statements.
So, you know, obviously a control freak. He's obviously a very, very smart guy. And, you know, a bit like Steve Jobs, doesn't like to share the reins.
You know, he has a vision, he wants to get it done his way.
You know, for the most part, they are happy to part with a piece of their cream pie, but only if they buy into the promise that they're going to get a reward of a truckload of cream pies in the not too distant future.
So that's the game. However, funds went down a little differently at NS8.
You see, as well as all the responsibilities we talked about for Adam, you know, founder, CEO, CFO, chief fundraiser, he also maintained control over the company bank account that accepted all the money paid in by customers.
Okay. And Rogas also maintained control over the spreadsheets that purportedly tracked the customer's revenue, which were used to generate NS8's financial statements.
So, you know, obviously a control freak. He's obviously a very, very smart guy. And, you know, a bit like Steve Jobs, doesn't like to share the reins.
You know, he has a vision, he wants to get it done his way.
So, so are you— so when the investor says, so, uh, about that money that I gave you. He produces his own spreadsheet.
No, no, no, no, no, Mark. Come, come. He just has all these responsibilities, and then he provides the information to his finance team.
So he gives his finance team the numbers so they can create the financial reports for the investors and the rest of the board. Right?
So he gives his finance team the numbers so they can create the financial reports for the investors and the rest of the board. Right?
Right. All right.
Except Rogas altered the bank statements and the information before handing it over to finance. Plot twist.
This is a shock.
So between January '19 and February 2020, so 13 lucky or unlucky months, right, depending on which side you're on, it turns out that half to 95% of the total assets that were listed on the balance sheet were bogus BS.
Up to 95%. Bullshit.
Up to 95%. Bullshit.
What did he do with all that money in Vegas?
And the bank statements from those 13 months recorded $40 million in fake revenue. I never knew that the secret to getting rich was just being a big fat fucking liar.
That just seems to be the way you do it.
That just seems to be the way you do it.
Oh, whoa, whoa, hey, listen to the fat jokes! Hey, Graham! Mark wasn't listening.
Prize to you! Yeah!
So Rogas, in trying to secure and keep the investor cash rolling in scratched out the less impressive numbers and penciled in a few zeros so the investors would be thrilled at the return possibilities and keep their money invested, dreaming that one day they would cash in big time.
So Rogas, in trying to secure and keep the investor cash rolling in scratched out the less impressive numbers and penciled in a few zeros so the investors would be thrilled at the return possibilities and keep their money invested, dreaming that one day they would cash in big time.
Well, there is nothing really wrong with any of this. Oh, really?
No one do business with Graham ever.
No, I think there's nothing really wrong with this until— someone wants their money back. I think it's fine to tell them it's going all extremely well.
And give them fake balance sheets saying, look at all the money coming in.
It doesn't really matter, because it's all sort of pretend money anyway, isn't it? Hey, Steve! You've given it to somebody else.
Is this why you haven't got any investors? Jesus! But if— It's got nothing to do with the moral high ground at all, is it? It's because they've clocked Graham.
But as long as he can, you know, just have a successful go around the roulette wheel.
Okay, okay, so, okay, imagine I'm trying to get you— okay, I'm trying to— you're an investor, I'm trying to get you in on my startup, right?
So I take you out to a big fancy lunch place in Nevada, right, where I have fizzy bottled water, the Badwater, important.
So I take you out to a big fancy lunch place in Nevada, right, where I have fizzy bottled water, the Badwater, important.
Oh well, it doesn't cost that much. I've been to Las Vegas, you can get a free brunch and you can keep on going back to the trough as many times.
I would go somewhere fancy. Okay, I know, and I— poached fish and samphire, something like that.
And I'd be all like, have as many sides as you'd like, Graham, save room for dessert. This lunch is on me because my company is raking in the moolah, baby. Have you seen the spready?
Right. You know, and I might have my phone go off 3 or 4 times, then shake my head and shrug. Go, another wannabe investor who should have got in early like you, Graham. Right?
I do all that, then you'd be like, wow, this guy is so great. Amazing. He was able to get $123 million doing that. My goodness.
So at this point, right, reading this, I was thinking, I wanna know what this guy's like. Like, how did he swindle all this cash out of everybody?
Maybe I can find a video of him or something. So I did some digging and there's only one from SE Media.
And it's on GDPR could expose smaller players to a higher liability, says NS8 Adam Rogas.
And I'd be all like, have as many sides as you'd like, Graham, save room for dessert. This lunch is on me because my company is raking in the moolah, baby. Have you seen the spready?
Right. You know, and I might have my phone go off 3 or 4 times, then shake my head and shrug. Go, another wannabe investor who should have got in early like you, Graham. Right?
I do all that, then you'd be like, wow, this guy is so great. Amazing. He was able to get $123 million doing that. My goodness.
So at this point, right, reading this, I was thinking, I wanna know what this guy's like. Like, how did he swindle all this cash out of everybody?
Maybe I can find a video of him or something. So I did some digging and there's only one from SE Media.
And it's on GDPR could expose smaller players to a higher liability, says NS8 Adam Rogas.
So this is a video about their security product or service.
By the guy, by this big dude who's— Yeah. And I don't know how to say this. Maybe actually, huddle, everyone come in. I don't want to say it too loudly. He was boring as anything.
I mean, literally, I would rather read the entire GDPR legislation, all 109 articles of it, than listen to this guy.
Even the interviewer looks like he'd rather jam knitting needles into his eye sockets than listen to this guy. Blah, blah, blah. So is that his technique to getting all the money?
He gets people for lunch and just goes— and the guy's just, shut up, just take what you want, shut up. Don't even— it's crazy.
And did any of you spot the irony in this whole story? Did anyone spot the irony?
I mean, literally, I would rather read the entire GDPR legislation, all 109 articles of it, than listen to this guy.
Even the interviewer looks like he'd rather jam knitting needles into his eye sockets than listen to this guy. Blah, blah, blah. So is that his technique to getting all the money?
He gets people for lunch and just goes— and the guy's just, shut up, just take what you want, shut up. Don't even— it's crazy.
And did any of you spot the irony in this whole story? Did anyone spot the irony?
Oh, the irony.
Yeah, do you know what it means? And can you spot it?
Yeah. What was it? Was it like rain on your wedding day? What was his company? Cyber fraud.
Oh, oh, preventing the cyber.
So this guy is being accused of committing wicked white-collar fraud, all while heading up a company that purports to mitigate fraud in transactions.
It's like— So why are you saying people shouldn't buy this software?
So there's more. Okay. Mr.
Rogas not only used the financial data to obtain all that, you know, millions and millions, he also used that information, you know, the bullshit numbers, to personally help himself to $17.5 million of it in his personal account.
But that's cool by you, right, Graham? That's all cool because, you know, so what? A little slap, you know, a little bit of duck and dive, no problem.
Rogas not only used the financial data to obtain all that, you know, millions and millions, he also used that information, you know, the bullshit numbers, to personally help himself to $17.5 million of it in his personal account.
But that's cool by you, right, Graham? That's all cool because, you know, so what? A little slap, you know, a little bit of duck and dive, no problem.
It's okay, I was cheating at the end.
Yeah, yeah, I'm not playing, I'm not playing, Mark.
Well, the FBI arrested Adam Rogas last week, and I wonder if they knew how boring he was, because if they did, they wouldn't have gone in just wearing masks but earplugs.
I'm telling you.
Well, the FBI arrested Adam Rogas last week, and I wonder if they knew how boring he was, because if they did, they wouldn't have gone in just wearing masks but earplugs.
I'm telling you.
Did they give him money as well?
I'm telling you, jeez, they probably did. They probably said, "Just get out of here. Get out of here. We're dropping all the charges."
Just leave." How did the FBI discover the fraud? And can I buy some of that instead of this product that he was selling?
So apparently his crimes were detected by his coworkers in, you guessed it, the finance department, who probably thought it was pretty fricking weird.
They didn't have access to any of the accounts, but were getting these printouts from the boss.
They didn't have access to any of the accounts, but were getting these printouts from the boss.
They were probably thinking, how come this guy's so boring and he doesn't work in the finance department?
No, finance is exciting stuff. Come, come.
Now, so they went out and checked the company accounts and it turned out it amounted to tens of thousands of dollars, not millions and millions of dollars as Rogas had been reporting.
And he was confronted by the employees and he reassured them in a text. This is according to Vice. And he said, "On the phone with the bank. We're okay.
Appears to be an issue with the sweep works and phone banking." So it doesn't really make sense, but that's what he wrote.
And shortly after this exchange, right, according to this complaint by the DOJ, Rogas agreed to meet the finance employees in the Las Vegas area, didn't show up, then he resigns from NS8 in early September.
So he gets the hell out of the Dodge.
Now, so they went out and checked the company accounts and it turned out it amounted to tens of thousands of dollars, not millions and millions of dollars as Rogas had been reporting.
And he was confronted by the employees and he reassured them in a text. This is according to Vice. And he said, "On the phone with the bank. We're okay.
Appears to be an issue with the sweep works and phone banking." So it doesn't really make sense, but that's what he wrote.
And shortly after this exchange, right, according to this complaint by the DOJ, Rogas agreed to meet the finance employees in the Las Vegas area, didn't show up, then he resigns from NS8 in early September.
So he gets the hell out of the Dodge.
Can I just say that was the most finance department confrontation I've ever heard?
When you said the finance department confronted him, I imagine they stormed into his office and formed a phalanx in front of his desk.
And then you said, so he texted them, it's all fine. Way to confront.
When you said the finance department confronted him, I imagine they stormed into his office and formed a phalanx in front of his desk.
And then you said, so he texted them, it's all fine. Way to confront.
He's been charged in Manhattan federal court with security fraud, fraud in the offer and sale of securities, and wire fraud. He's facing 20 years in the slammer.
But worse, NS8 just laid off 200 employees because, you know, how are they going to pay them? And these are the people you need to feel sorry for.
These are the people that were probably— they're directly fucked over by his greedy antics because they had jobs. They probably had no idea he was just a greedy douche.
But worse, NS8 just laid off 200 employees because, you know, how are they going to pay them? And these are the people you need to feel sorry for.
These are the people that were probably— they're directly fucked over by his greedy antics because they had jobs. They probably had no idea he was just a greedy douche.
They discovered the problem, or some of them did.
Well, yeah, the finance dudes, but everywhere else— there's not 200 in finance, I imagine. Well, no, but I mean, because they weren't doing much.
They did themselves out of a job, didn't they?
He was wearing all the hats. I've got another hat for him. Douche. There you go. So there's my story.
Fascinating though, eh? Very, very interesting.
Anyway, you don't have to be exciting to get the money, Graham, so don't worry. You could go on the investors round, is all I'm saying. You got this.
Are you going to put a link to this boring video? Oh, I was going to put it in.
I was going to have it, you know, insert it into our show, but it's too dull. It's too dull. I'll put it—
I'll put it in the links, put it in the show notes, because some people like to listen to our podcast late at night and maybe help them sleep.
God. So many of us now working from home for the first time, IT administrators as well as employees. So you want to make everyone's life a little bit safer? Look into LastPass.
For admins, you get a centralized dashboard to administer all the integrations and the policies and the reporting, plus you get a vault for every single user.
And users, you have these cool functions like autosave and autofill, or organizing notes and documents, or helping you manage your work and personal life separately.
Check it out at smashingsecurity.com/lastpass. And remember, home users, you can use it at home for free. More info at smashingsecurity.com/lastpass.
For admins, you get a centralized dashboard to administer all the integrations and the policies and the reporting, plus you get a vault for every single user.
And users, you have these cool functions like autosave and autofill, or organizing notes and documents, or helping you manage your work and personal life separately.
Check it out at smashingsecurity.com/lastpass. And remember, home users, you can use it at home for free. More info at smashingsecurity.com/lastpass.
LastPass. Attacks and breaches are sadly a fact of life. They happen. What's most important is how well your organization responds, and technology isn't really enough.
Your staff must be ready too. Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats.
Check out their free ebook all about the MITRE ATT&CK framework and how you can use it as a part of your cybersecurity strategy.
And improve your security posture by identifying weaknesses. Go to immersive-labs.com/smashing right now to download your free ebook. That's immersive-labs.com/smashing.
And welcome back, and you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week.
Your staff must be ready too. Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats.
Check out their free ebook all about the MITRE ATT&CK framework and how you can use it as a part of your cybersecurity strategy.
And improve your security posture by identifying weaknesses. Go to immersive-labs.com/smashing right now to download your free ebook. That's immersive-labs.com/smashing.
And welcome back, and you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week. Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security-related necessarily.
Better not be. Well, my Pick of the Week this week is not security-related.
As I am sure all devotees of vintage television know, there are sadly many missing episodes of Doctor Who which were junked by the BBC. More shame on them.
They did not keep copies of them.
Could be a funny story, a book that they read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security-related necessarily.
Better not be. Well, my Pick of the Week this week is not security-related.
As I am sure all devotees of vintage television know, there are sadly many missing episodes of Doctor Who which were junked by the BBC. More shame on them.
They did not keep copies of them.
That is shameful, actually. It is shameful.
It's part of our cultural history, whether you love Doctor Who or not. There's other TV shows which have suffered as well, of course, such as The Avengers.
Oh dear, old Diana Rigg died. I'm so upset. Anyway, it was very sad. Very sad for my 15-year-old self.
There is one particular interesting episode of Doctor Who which is called Mission to the Unknown, which was broadcast in 1965.
And what makes it unusual is it features neither the Doctor nor any of his companions. And it was an episode of Doctor Who which just had the Daleks.
Oh dear, old Diana Rigg died. I'm so upset. Anyway, it was very sad. Very sad for my 15-year-old self.
There is one particular interesting episode of Doctor Who which is called Mission to the Unknown, which was broadcast in 1965.
And what makes it unusual is it features neither the Doctor nor any of his companions. And it was an episode of Doctor Who which just had the Daleks.
Oh my God, really? Oh no! What happened, Graham? Oh, well.
And they decided to get rid of this episode.
No, that episode no longer exists, although an audio version.
In a way, it never did though, because it didn't have the Doctor in it. It's not the same.
It was a prelude to The Daleks' Master Plan, which was a classic 12-part Doctor Who story which featured the Doctor and Peter Purvis and Jean Marsh and Nicholas Courtney and others.
But what happened was a bunch of students at the University of Central Lancashire, they said to themselves, you know what, we're doing this TV media course, why don't we recreate the episode?
And they did that. And they did it with the same kind of black and white cameras, 4:3 screen size rather than widescreen.
They made the sets, they looked at the original designs, and is a remarkable reconstruction. It's only 25 minutes.
But what happened was a bunch of students at the University of Central Lancashire, they said to themselves, you know what, we're doing this TV media course, why don't we recreate the episode?
And they did that. And they did it with the same kind of black and white cameras, 4:3 screen size rather than widescreen.
They made the sets, they looked at the original designs, and is a remarkable reconstruction. It's only 25 minutes.
Do you watch it from the beginning to the end?
Did you hurry? Did you skip along at any point? Did you kind of go, oh, just skip this bit?
I've watched it and the making of documentary as well. It came out about a year ago, but I was just thinking, you know, that was a marvelous thing.
And yeah, scraping the barrel here, scraping the barrel for something to put as my pick of the week this week. But I thought, you know, what a tremendous thing.
And so that is why Doctor Who: Mission to the Unknown— it's up on YouTube, we will put a link in the show notes— is my Pick of the Week.
And yeah, scraping the barrel here, scraping the barrel for something to put as my pick of the week this week. But I thought, you know, what a tremendous thing.
And so that is why Doctor Who: Mission to the Unknown— it's up on YouTube, we will put a link in the show notes— is my Pick of the Week.
Yeah. A show without the stars. Excellent.
Mark, what's your Pick of the Week? Ignore her.
What did you say the categories were again? What can my Pick of the Week be? You said an app or a—
Pick of the Week. Funny story, a book that you've read, a TV show, a movie, a record, a podcast, a website, or an app.
Whatever you like. Okay, well, I'm not interested in any of those things. No, I've had enough of that.
I've had enough of apps and TV shows and all that kind of— We don't need more TV shows cybers and apps and all stuff like that. What we need is more trees.
So, my Pick of the Week this week is trees.
I've had enough of apps and TV shows and all that kind of— We don't need more TV shows cybers and apps and all stuff like that. What we need is more trees.
So, my Pick of the Week this week is trees.
Can I just say that has been my Pick of the Week before.
We have had trees as Pick of the Week before.
But you can have it. You can have it. This is our first double. This is our first, yeah.
I think trees is a fantastic— Because, you know, they don't get a great press. They don't have their own podcast. But they are quite useful.
I think they're quite nice to look at, and I think we're going to need quite a lot of trees. In fact, we need about a trillion of them. And that isn't just me saying that.
There's actually, you know, UN-commissioned scientific research says we're down by about a trillion trees.
I think they're quite nice to look at, and I think we're going to need quite a lot of trees. In fact, we need about a trillion of them. And that isn't just me saying that.
There's actually, you know, UN-commissioned scientific research says we're down by about a trillion trees.
Yeah, good thing they have drones that plant the seedlings now. Yes. And they just shoot them into the ground from a great height.
Do you know what the really great thing about trees are? They plant themselves. If you do absolutely nothing at all, you get trees.
And I think actually the future is not firing seeds into the ground with drones, because you're limited by drones and seed guns and all those sorts of things.
And I think actually the future is not firing seeds into the ground with drones, because you're limited by drones and seed guns and all those sorts of things.
You're going to change all of humanity is what you're planning to do. That's your approach. You're going to get all people to respect trees? Because I'm in, I'm in all the way.
I love trees.
I love trees.
It started here.
I think you've got to keep an eye on trees though, haven't you? They're not Triffids, Graham.
You know, it's just—
Have you ever seen a tree, Graham?
Yes, yes, I have seen a tree. Yeah, and they're, you know, the ones I've seen have been all right, but it's just sometimes they get a little bit carried away.
Did you know there's a very, very clever lady, I think in Canada, a scientist who researches the exchange of information between trees. I love that.
And she has established that trees will share nutrients using the mycelial network in the ground.
And so there is an exchange of information between trees, trees of different species as well, but that mother trees will preferentially foster their seedlings over other trees.
There's a lot more going on than we realize.
And she has established that trees will share nutrients using the mycelial network in the ground.
And so there is an exchange of information between trees, trees of different species as well, but that mother trees will preferentially foster their seedlings over other trees.
There's a lot more going on than we realize.
Yeah, that's what I'm saying. I'm saying we have to keep an eye on them because we don't know what they're up to.
Okay, no, I want to geek out with Mark for a second. So I have a bunch of plants in my front room, but they're all in pots, right?
And I've read about all this and I worry about them being isolated, like I've got them in solitary confinement. But I've put them all close together and I've been watching them.
And there is a mama fern, a maiden fern, and she puts out all her little tentacles on everybody and holds them all together. Every— it doesn't matter where I remove them.
As long as they're within reach, she'll find them and rest her hand on them. It's very cute. So anyway, you sure it is a tree?
And I've read about all this and I worry about them being isolated, like I've got them in solitary confinement. But I've put them all close together and I've been watching them.
And there is a mama fern, a maiden fern, and she puts out all her little tentacles on everybody and holds them all together. Every— it doesn't matter where I remove them.
As long as they're within reach, she'll find them and rest her hand on them. It's very cute. So anyway, you sure it is a tree?
It's not—
It's not a tree, it's a fern or spider or something.
Okay, okay.
Anyway, so trees rock.
And trees don't — they obviously don't have hands, they can't make websites, but there is a website about trees which I'd like you to go to called Trillion Trees, which explains why we need a trillion trees and how we're gonna get them.
And trees don't — they obviously don't have hands, they can't make websites, but there is a website about trees which I'd like you to go to called Trillion Trees, which explains why we need a trillion trees and how we're gonna get them.
Cool. Trilliontrees.org.
Does that mean I have to stop using my log burner?
You've been killing trees.
I'm glad you waited until the end of the podcast to mention this.
Jesus. Carole, what's your pick of the week?
Right. My pick of the week. So we're gonna hark back for a second to episode 149, which was called—
Who can forget 149?
A golden oldie.
Oh my God, it was called Fall in Love with Fraudsters. That's so weird. I'm a broken record.
So my main story was about fraud, and the reason I mentioned 149 is because I'm actually echoing my pick of the week on that episode, which was the first series of a show called Criminal on Netflix.
So my main story was about fraud, and the reason I mentioned 149 is because I'm actually echoing my pick of the week on that episode, which was the first series of a show called Criminal on Netflix.
And you accused me of scraping the barrel when it came to picks. You're just saying, I've done season 1, now I'm doing season 2. Geez, let me remind you about season 1.
Let me just do my padding, please.
Maybe I'll do a list of Doctor Who episodes.
First season, if you remember, was 12 episodes, 3 episodes each set in 4 countries. Do you remember?
It was Criminal France, Criminal Spain, Criminal Germany, Criminal UK, and each one has 3 shows, and all 12 of the shows are in the exact same set, so they all have their own actors, writers, directors, producers.
It was Criminal France, Criminal Spain, Criminal Germany, Criminal UK, and each one has 3 shows, and all 12 of the shows are in the exact same set, so they all have their own actors, writers, directors, producers.
It was an interrogation room.
Yes, in the confines of the interrogation room. And you're in this HQ, this staged police HQ. And I love that. But the parameters are the same across all of it.
And how each team tackled the project differently was just great. So Criminal season 2, the UK one, has just been released. And I hoovered up all 3 episodes over the weekend.
And it's so great. The cast is impressive. You've got Game of Thrones star Kit Harington. And you've got Catastrophe actor Sharon Horgan, who I love.
And how each team tackled the project differently was just great. So Criminal season 2, the UK one, has just been released. And I hoovered up all 3 episodes over the weekend.
And it's so great. The cast is impressive. You've got Game of Thrones star Kit Harington. And you've got Catastrophe actor Sharon Horgan, who I love.
Oh, yeah. She's the best.
Isn't she? Oh, my God. And she's amazing in this. She's so good. And Hotel Rwanda star Sophie Okonedo. And Big Bang Theory, which I never watched. I know, shock, shock. Kunal Nayyar.
And, of course, we're waiting now for the other miniseries from the other countries so we can do that. So, all I can say is watch it. It's written amazing.
There's all these twists and turns, superbly acted, superbly directed.
It's one of those shows that you feel healthier for having consumed it rather than watching some crap and you feel you've eaten 15 Big Macs. You know what I mean? Wife Swap.
I used to watch Wife Swap or Come Dine with Me, and you'd watch one of those or a few of those and you'd be, oh God, I feel I've just eaten a whole 20 chicken McNuggets.
You just feel shit. But this doesn't — you feel great after this. You just feel good. It's good. So I will put the link in the show notes. It's on Netflix. Criminal.
If you haven't seen the first one, hey, guess what you gotta do. All right.
And, of course, we're waiting now for the other miniseries from the other countries so we can do that. So, all I can say is watch it. It's written amazing.
There's all these twists and turns, superbly acted, superbly directed.
It's one of those shows that you feel healthier for having consumed it rather than watching some crap and you feel you've eaten 15 Big Macs. You know what I mean? Wife Swap.
I used to watch Wife Swap or Come Dine with Me, and you'd watch one of those or a few of those and you'd be, oh God, I feel I've just eaten a whole 20 chicken McNuggets.
You just feel shit. But this doesn't — you feel great after this. You just feel good. It's good. So I will put the link in the show notes. It's on Netflix. Criminal.
If you haven't seen the first one, hey, guess what you gotta do. All right.
Sounds very cool. Thank you for those picks of the week. And that just about wraps it up for this week, Mark.
I'm sure lots of our listeners would love to follow you online and find out what experiments you're doing on Twitter. Where can they do that?
I'm sure lots of our listeners would love to follow you online and find out what experiments you're doing on Twitter. Where can they do that?
Well, you can find me @MarkStockley on Twitter. You can find my chickens @InternetOfHens, and you can find Graham and Carole duking it out at Graham or Carole.
I hope I win. And you can follow us on Twitter @SmashingSecurity, no G, Twitter won't allow us to have a G. And we also have a Smashing Security subreddit.
And don't forget, if you want to be sure never to miss another episode, subscribe in your favorite podcast app such as Pocket Casts, Spotify, or Apple Podcasts.
And don't forget, if you want to be sure never to miss another episode, subscribe in your favorite podcast app such as Pocket Casts, Spotify, or Apple Podcasts.
Socially responsible smoochies to you all for listening, supporting the show via Patreon and sharing this podcast with your people.
Also, thank you so much this week's Smashing Security sponsors, Immersive Labs and LastPass. Their support helps us give you the show for free.
Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.
Also, thank you so much this week's Smashing Security sponsors, Immersive Labs and LastPass. Their support helps us give you the show for free.
Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.
Until next time, cheerio, bye-bye, bye-bye, see you later, alligator. That's a bit lackluster, that bye, Mark.
Oh, bye. Bye.
We had John Bentley on and he was like, oh, bye-bye.
Yes. Great. Yes. Oh, fantastic. Amazing. Oh, my goodness. Yes. He never listened to the show. We're fine saying whatever we like.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Mark Stockley:
Show notes:
- Package Thief vs. Glitter Bomb Trap — YouTube.
- CSGO Cheaters trolled by fake cheat software — YouTube.
- This Hacker Creates Fake Cheats That Make Cheaters Jump Off Buildings In-Game — Vice.
- Tweet by Colin Madland.
- Which will the Twitter algorithm pick: Mitch McConnell or Barack Obama? — Tweet by @bascule.
- GrahamOrCarole? — Twitter.
- Founder And CEO Of Cyberfraud Prevention Company Arrested And Charged With Securities Fraud Scheme — Department of Justice press release.
- Founder of Anti Cyber Fraud Company Charged With Fraud — Vice.
- Founder of cyber fraud startup ironically facing fraud charges — Gizmodo.
- Interview with NS8's Adam Rogas — YouTube.
- Mission to the Unknown Recreation – Doctor Who — YouTube.
- The making-of Mission to the Unknown — YouTube.
- Trillion Trees.
- Criminal: UK — Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: LastPass
LastPass Enterprise makes password security effortless for your organization.
LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Sponsor: Immersive Labs
Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats.
Check out their free ebook all about the MITRE ATT&CK framework, and how you can use it as part of your cyber skills strategy and improve your security posture by identifying weaknesses. Visit immersivelabs.com/smashing now.
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, Spotify, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
