Facebook suffers a massive (and very public) failure, Britain announces plans for counter-attacking nation states in cyberspace, and there’s a tragic story related to ransomware.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Chris Kirsch.
And don’t miss our featured interview with Attivo Network’s Carolyn Crandall.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Because if you've got a laser, yeah, you know, yeah, someone's on a trampoline, right, you know, intercepts the laser beam. How do you handle that? Poor little Ricky.
I don't know if there's a little kid trampolining in front of Julian Assange's balcony at the Ecuadorian embassy, but it's a possibility. They should call us in next time.
Yes, I've got loads of ideas.
Smashing Security, episode 245, the Julian Assange assassination Ransomware Plot and IoT Toilets with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 245. My name's Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 245. My name's Graham Cluley.
And I'm Carole Theriault.
And this week, Carole, we are joined by nobody. Nobody at all.
No one at all. Just us. We're busy. We're busy as anything this week, both of us, for all kinds of reasons. So, you just have us.
But we still got time for the podcast.
We do. And we have time to thank this week's sponsor, 1Password. Its support helps us give you this show for free. Now, coming up in today's show, Graham, what do you got?
I'm going to be taking us to a little part of Ecuador.
And I'm going to a room in the house that we all have. All this and much more coming up on this episode of Smashing Security. Could be the kitchen. Could be the seat.
Now, chums, chums, WikiLeaks, not as much in the news as they used to be, are they? Don't hear so much about them.
What, since Julian went to prison?
Since Julian Assange got detained at Belmarsh Prison.
Yeah.
They don't seem to be doing as much.
Now, of course, everyone remembers in 2012, Julian Assange, facing multiple charges from Sweden, including rape and hacking-related allegations from the United States.
He snuck into the Ecuadorian Embassy in London.
Now, of course, everyone remembers in 2012, Julian Assange, facing multiple charges from Sweden, including rape and hacking-related allegations from the United States.
He snuck into the Ecuadorian Embassy in London.
Well, he was invited. He didn't sneak in through the window.
Well, or come down the chimney like Father Christmas.
Yeah. Ho, ho, ho. I'm here.
He came out looking a bit like Father Christmas, though, as I remember.
But anyway, he claimed political asylum and he set up home in Ecuador, at least that little bit of London which is Ecuador, at the Ecuadorian Embassy.
But anyway, he claimed political asylum and he set up home in Ecuador, at least that little bit of London which is Ecuador, at the Ecuadorian Embassy.
Yeah.
And he stayed there.
He couldn't leave.
He stayed there for years and years. Occasionally he'd come out on his balcony and give a little chat to the media.
I mean, he was avoiding arrest, right?
Yes. He didn't want to be extradited either to Sweden or to America. And so, yeah, he was hanging out there. And the whole challenge was, well, what's he going to do?
How long can he stay in there? He's got his suntanning machine. What are they called?
How long can he stay in there? He's got his suntanning machine. What are they called?
A suntan machine?
A suntan bed? A suntan— yeah, a tanning bed. He'd got one of them because obviously he needs some vitamin D.
And what was it, no garden?
No, he didn't have a garden. Oh no, he had a little balcony at the end of his— you know, you can actually check out the layout of the office. There wasn't very much room.
He was sharing a kitchen. Anyway, he was there for years and years. And things were generally heating up, and the Obama administration, they were sort of in a pickle. What do we do?
Is this a freedom of speech thing? If we clamp down, is he a journalist? Isn't he a journalist?
They obviously didn't like all the things which were coming out, which were making them look bad. And then things got really serious.
In March 2017, after he'd been there about 5 years, WikiLeaks released information about super duper secret CIA hacking tools.
He was sharing a kitchen. Anyway, he was there for years and years. And things were generally heating up, and the Obama administration, they were sort of in a pickle. What do we do?
Is this a freedom of speech thing? If we clamp down, is he a journalist? Isn't he a journalist?
They obviously didn't like all the things which were coming out, which were making them look bad. And then things got really serious.
In March 2017, after he'd been there about 5 years, WikiLeaks released information about super duper secret CIA hacking tools.
Yeah.
And they published them online. These are the tools which the CIA used to hack other people. It was called Vault 7.
Mm-hmm.
And it was described as the largest data loss in CIA history.
Well, in terms of largest data that they had taken from other people? No, no, no.
This wasn't data which the CIA had gathered by surveilling other people. This was actually CIA tools and CIA's own documentation about how to use these tools.
Which was released on the internet.
Which was released on the internet.
Yes, yes, yes, yes.
So it's all the secret things which they had.
Right.
In order to snoop on people or, you know, grab information from computers.
And the lovely WikiLeaks made it available to everybody.
It's WikiLeaks, not Licky Leaks. That's a whole different fetish.
Not one I want covered on this show. I don't even want to know what you think it might mean. I don't even want to know.
Okay, all right. Onwards. So this was March 2017. Now, of course, something had happened between 2012 and 2017 in regards to America, which was they had a new guy in charge.
The orange cheese puff.
Yeah, exactly. So now Donald Trump was president, and some of those in the Trump administration were being tougher on WikiLeaks, and they were saying we need to stamp down.
They're very, very anti-WikiLeaks and anti-Julian Assange, but they couldn't get their hands on him.
The CIA wanted him silenced, and they were worried that WikiLeaks has leaked all this information about tools. What else might WikiLeaks have that could be more damaging?
And there was also this concern that maybe Assange was keeping some stuff back in order to sort of use it as a little bit of leverage.
They're very, very anti-WikiLeaks and anti-Julian Assange, but they couldn't get their hands on him.
The CIA wanted him silenced, and they were worried that WikiLeaks has leaked all this information about tools. What else might WikiLeaks have that could be more damaging?
And there was also this concern that maybe Assange was keeping some stuff back in order to sort of use it as a little bit of leverage.
Oh, he's only put out some of the stuff he's got his hands on, yeah.
Maybe some of the really juicy stuff I'm keeping back to use at an appropriate time.
So the CIA want him silenced and they also want him in a US court, but how are they going to get him? And that is the crux of my story this week.
So the CIA want him silenced and they also want him in a US court, but how are they going to get him? And that is the crux of my story this week.
Oh, okay. Well, nice short lead-in. Let's go.
I'm just explaining where we got to. So the guys at Yahoo News, they have— look, just because they're Yahoo News—
The ultimate oxymoron almost.
The folks at Yahoo News, they have investigated.
They've written a big write-up all about what was being discussed at the highest levels of the Trump administration when it came to clamping down on Julian Assange.
They've written a big write-up all about what was being discussed at the highest levels of the Trump administration when it came to clamping down on Julian Assange.
And how do they have this information?
Because Yahoo News have spoken to umpteen people who've confirmed what was going on at the time. Umpteen?
That many?
Umpteen, yes. So what happened was senior CIA folks said, look, we're gonna need some ideas here.
And the ideas for this kind of thing, they are called options or sketches, apparently. They ask for it. Can you do a sketch? They ask someone, work on a sketch.
And the ideas for this kind of thing, they are called options or sketches, apparently. They ask for it. Can you do a sketch? They ask someone, work on a sketch.
Yeah.
Maybe a bit like an artistic sketch. Maybe something— Well, they have, yeah.
They got the characters, right? They've got the characters, so yeah.
Right. So they can get their pastels out and they can do a little something, a doodle of some sort.
A puppet show, don't you know?
You could imagine that.
Yeah, puppet show.
So puppet show. Yeah. Do something with Lego people, who knows, a little bit of stop motion anyway.
So they asked people, come up with some ideas as to what we can do about this situation. And they did come up with ideas.
And amongst those ideas, according to former intelligence officials, was the assassination of Julian Assange.
And so they were discussing would it be all right for us to kill him while he's in the Ecuadorian embassy? So let's think this through right now, right?
So they asked people, come up with some ideas as to what we can do about this situation. And they did come up with ideas.
And amongst those ideas, according to former intelligence officials, was the assassination of Julian Assange.
And so they were discussing would it be all right for us to kill him while he's in the Ecuadorian embassy? So let's think this through right now, right?
I don't even think it takes that long. I think they're spitballing in a meeting, right? Probably a Zoom. No, it wouldn't have been a Zoom party.
It would have been an in-person party because it was pre-Rona. And they were spitballing.
And then when someone just got bored, tired, probably needed a burger or something, and went, look, we should just kill him. That's what happened.
It would have been an in-person party because it was pre-Rona. And they were spitballing.
And then when someone just got bored, tired, probably needed a burger or something, and went, look, we should just kill him. That's what happened.
We've tried bribing, that's not going to work.
Yeah.
But you have to ask, is there a way of killing him which doesn't look like that you've killed him?
Because here we've got an Australian citizen living technically in Ecuador, or at least the Ecuadorian embassy, which is technically Ecuador, and you are American and you're on British soil.
So how are you going to do this without it being a bit of a diplomatic incident?
Because here we've got an Australian citizen living technically in Ecuador, or at least the Ecuadorian embassy, which is technically Ecuador, and you are American and you're on British soil.
So how are you going to do this without it being a bit of a diplomatic incident?
It's going to have to be lasers. It's going to have to be lasers pointed at the balcony.
Right.
Right, right.
And what would the lasers do? What would these lasers do?
The lasers would have to shock him and make him think he had a heart attack or something that. That's my take. That's what I would do. That's what I would do.
Alright, okay. So a laser somewhere.
I'd look on Twitter for someone who'd know how to do it.
You'd be on Reddit. You'd be looking for something.
Guys, guys, crowdsource this one.
Come on. I've got a guy. He's got white hair. He's pale.
He wears slippers all the time. Hasn't gone outside very much.
What can we do? What can we do? And how can we not make it look us?
Or buy him a Peloton to help him out with his health problems of not getting out.
But he's bound to have some—
Carole it with something, right?
Right.
So that he falls off, or I don't know, it emits a gas if he hits a certain speed. I don't know, there's loads of stuff, right? Am I fine?
I was thinking poisoning milk bottles, because they must put milk bottles outside the embassy. They must have a milk delivery.
And if you were to inject a slow poison into it, maybe over time, when he's putting it on his sugar puffs in the morning.
And if you were to inject a slow poison into it, maybe over time, when he's putting it on his sugar puffs in the morning.
I wonder if anyone's writing these down as legit ideas.
If they are, it wasn't my idea. I didn't give you advice on how to assassinate people.
Stop wasting your time, seriously.
Alright, okay.
No, no, I meant that to the people writing it down.
Alright, so they were coming up with ideas, but they thought it might cause a bit of bother. They also thought that there could be a bit of trouble either from Ecuador.
Ecuador could consider it an attack. Australia wouldn't be very happy, because it's an Australian citizen, even if it wasn't one they're particularly keen on, Julian Assange.
You just kind of think, you can't go around doing that, America. Going around assassinating people, at least not when you're leaving loads of obvious clues.
Ecuador could consider it an attack. Australia wouldn't be very happy, because it's an Australian citizen, even if it wasn't one they're particularly keen on, Julian Assange.
You just kind of think, you can't go around doing that, America. Going around assassinating people, at least not when you're leaving loads of obvious clues.
Presumably the UK wouldn't like it much either.
Well, no, absolutely not. Because if you've got a laser, you know?
Yeah, and someone's on a trampoline, you know, intercepts the laser beam. How do you handle that? Poor little Ricky. I don't think it through. I didn't think it through.
I don't know if there's a little kid trampolining in front of Julian Assange's balcony at the Ecuadorian embassy, but it's a possibility.
I'm just saying, it's a possibility. Falling, is that what you asked for?
This is the kind of thing they should call us in next time.
Yes, because I've got loads of ideas.
Have you thought of everything? Have you thought of everything?
Now, they became rather more concerned about what they were going to do with Julian Assange later in 2017 because they picked up intelligence that Russia was plotting to sneak Assange out of the embassy and move him secretly to Moscow.
So there were a series of plans, it turns out.
Now, they became rather more concerned about what they were going to do with Julian Assange later in 2017 because they picked up intelligence that Russia was plotting to sneak Assange out of the embassy and move him secretly to Moscow.
So there were a series of plans, it turns out.
Like what? Someone was going to go in as an electrician or something and bring him out in a bag?
You're so close. No, I'm not. You're so close. Did you read about this?
No.
One of the plans was to hide Julian Assange in a laundry cart. There you go, yeah.
What's human-sized? What exactly is human-sized?
He's quite a lanky kind of individual, isn't he, Julian Assange? He comes across that way.
Yeah, he's gonna be a bit of a boneless chicken if he hasn't done much exercise.
So, they were worried that he'd be pushed out in a laundry cart and he'd be hopped into a Russian diplomatic van.
Oh, they didn't have any— Oh, yeah, they had intelligence that said this, that they were going to come to get him. They didn't know how.
Yes. And they thought that he was going to be loaded onto a cargo plane heading for Russia. So, that was a concern for the American authorities.
They also had a concern because they had seen suspected Russian operatives who had been gathering outside the Ecuadorian embassy and making a starburst manoeuvre.
Do you know what a starburst manoeuvre is?
They also had a concern because they had seen suspected Russian operatives who had been gathering outside the Ecuadorian embassy and making a starburst manoeuvre.
Do you know what a starburst manoeuvre is?
No.
It's when you're all huddled up. So imagine you are goons working for an intelligence agency, right? You're there with your long coats on. Yeah.
And your trilbies, or maybe a Russian fur hat or something. Big eyebrows. And you're all huddled up, all close together. And the starburst movement is when you go pow!
And you all go in different directions.
And a starburst maneuver, apparently this is classic anti-surveillance technique where basically you scram in different directions, which means—
And your trilbies, or maybe a Russian fur hat or something. Big eyebrows. And you're all huddled up, all close together. And the starburst movement is when you go pow!
And you all go in different directions.
And a starburst maneuver, apparently this is classic anti-surveillance technique where basically you scram in different directions, which means—
That's what everyone would do. I don't even think it needs a name, right?
It's the opposite of tailgating. Well, it does have a name. It does have a name. It's called the starburst.
And this obviously, if you were the American operative or indeed British as well, who was trying to prevent Julian Assange being taken away, if lots of people were there, maybe with a really big overcoat, and you don't know which one of them is hiding Julian Assange underneath it, and they all go in different directions, you don't know which one to follow.
And this obviously, if you were the American operative or indeed British as well, who was trying to prevent Julian Assange being taken away, if lots of people were there, maybe with a really big overcoat, and you don't know which one of them is hiding Julian Assange underneath it, and they all go in different directions, you don't know which one to follow.
Yeah, they could all dress, you know, comedy horses, right? With a person in the front and the back.
Like pantomime horses.
Yeah, and they could all run away and starburst out. No one would be suspicious.
The annual convention of pantomime horses outside the Ecuadorian embassy. Exactly.
It happens every year. Today, this year being the first.
Kids want to see what's going on, so they're on their trampolines jumping up and down to watch. Well, so these Russian agents were seen doing this. So the Americans were going crazy.
It was causing panic across American intelligence services.
It was causing panic across American intelligence services.
Were they calling up, was it Theresa May at the time? Going, "What the heck?" Yeah.
"Look at this." "Has anyone been ordering pantomime horse costumes from the fancy dress shop?" So it's panic. They're worried Assange is gonna slip through their fingers.
And so the CIA and the Trump administration— Again, they were spitballing, right? Spitballing.
They were looking into possibilities and looking at the scenarios as to what they could do.
And their scenarios of how they were going to prevent Assange being taken out of the embassy and taken to this cargo plane or in the pantomime horse or whatever it is included potential gun battles on the streets of London.
Because they're thinking maybe there'll have to be a shootout.
They discussed crashing a car into the vehicle transporting Assange to the airport in order to make it stop and so they could grab him. This is real Hollywood stuff.
And they also discussed shooting the tires of the plane on the runway before it could take off with Assange on board.
And so the CIA and the Trump administration— Again, they were spitballing, right? Spitballing.
They were looking into possibilities and looking at the scenarios as to what they could do.
And their scenarios of how they were going to prevent Assange being taken out of the embassy and taken to this cargo plane or in the pantomime horse or whatever it is included potential gun battles on the streets of London.
Because they're thinking maybe there'll have to be a shootout.
They discussed crashing a car into the vehicle transporting Assange to the airport in order to make it stop and so they could grab him. This is real Hollywood stuff.
And they also discussed shooting the tires of the plane on the runway before it could take off with Assange on board.
Isn't this proof as to why people trust disinformation or misinformation? I mean, this is kind of almost ridiculous. I'm only believing it because you're saying it.
And even then, that makes it less credible.
Grain of salt.
No, well, what makes you think these are ridiculous?
If someone is being taken out of the embassy to the airport, and you really, really want to stop him, 'cause you want to grab him, 'cause once he's in Moscow, you're never getting him back.
If someone is being taken out of the embassy to the airport, and you really, really want to stop him, 'cause you want to grab him, 'cause once he's in Moscow, you're never getting him back.
You're not in your own country, right? I wouldn't like the idea of any country deciding how to handle— Like, he was kind of basically in Ecuador inside the UK.
So surely the way to do this is speak to Ecuador and the UK and figure out a way to approach it.
So surely the way to do this is speak to Ecuador and the UK and figure out a way to approach it.
Yeah, well, UK can't go in. Because it's Ecuador. Ecuador are all chums with Assange at the moment.
The whole plan was if he got taken out, were they going to act, right?
Yeah.
We don't know what they were planning to do while he was inside.
Well, the plan was, the British plan was just to wait.
Yeah.
And eventually they thought he might want to, you know, pop out for a pizza or something. And then—
Can you imagine the guys that had that work gig or the, you know, the people working? Like there must be somebody who was posted outside every single day.
Oh yeah, apparently it cost millions. Yeah. There are claims that everyone within three blocks of the embassy was working for one intelligence agency or another.
Like service people, people repairing the roads, security guards— everyone was actually working for either the Americans or the British or who knows who else, maybe Russians as well.
Meanwhile, Julian Assange's mental health not going that great.
Like service people, people repairing the roads, security guards— everyone was actually working for either the Americans or the British or who knows who else, maybe Russians as well.
Meanwhile, Julian Assange's mental health not going that great.
Oh, I wonder why?
He's— well, yeah. He's worried he might be being spied upon. So much so, in fact, that he used to have meetings with his lawyers in the ladies' bathroom in the Ecuadorian embassy.
You see, it always bites you in the ass, doesn't it? Well, it does.
Well, Julian Assange made his name basically revealing other people's secrets and, you know, basically breaking the privacy rules for whatever reason, whatever his stand was.
But it became he became very worried about his own privacy.
Well, Julian Assange made his name basically revealing other people's secrets and, you know, basically breaking the privacy rules for whatever reason, whatever his stand was.
But it became he became very worried about his own privacy.
Yeah. And one of the big mistakes he made is he really fell out with his hosts at the Ecuadorian embassy.
According to Ecuador's foreign minister, he claimed that Julian Assange smeared feces on the walls of the Ecuadorian embassy.
According to Ecuador's foreign minister, he claimed that Julian Assange smeared feces on the walls of the Ecuadorian embassy.
What? Because he couldn't find any crayons?
Well, I know he had his broadband taken away from him, which he was unhappy with.
Ecuador began to find it rather uncomfortable that he was not only taking up one of their very valuable rooms—
Ecuador began to find it rather uncomfortable that he was not only taking up one of their very valuable rooms—
And stinky.
But he was also a bit stinky. In fact, the foreign minister said the embassy cleaning staff had described improper hygienic conduct throughout Assange's stay.
Yeah.
Something which Julian Assange's lawyer attributed to stomach problems. So, I'll leave that to your imagination.
Well, perhaps Julian Assange had some things to be paranoid about, because the Spanish security company that had been employed by the embassy to have CCTV and so forth, they were also working for the United States.
And they provided the United States with video and audio feeds from inside the embassy with hidden microphones and cameras.
Well, perhaps Julian Assange had some things to be paranoid about, because the Spanish security company that had been employed by the embassy to have CCTV and so forth, they were also working for the United States.
And they provided the United States with video and audio feeds from inside the embassy with hidden microphones and cameras.
No wonder he was going insane!
No wonder, eh?
No, but— right? Who wouldn't?
And so this security agent—
No one's spying on you. Oh, people are spying on me. No one's spying on you. No, they're alive.
And of course they were.
And so, in fact, there's a claim made that the head of this Spanish security company who was securing the embassy, he discussed a plan with the American agents to accidentally, on Christmas Eve 2017, leave the embassy's front door open.
Whoops. And they were going to allow goons to sneak in and kidnap Assange.
And so, in fact, there's a claim made that the head of this Spanish security company who was securing the embassy, he discussed a plan with the American agents to accidentally, on Christmas Eve 2017, leave the embassy's front door open.
Whoops. And they were going to allow goons to sneak in and kidnap Assange.
Oh, there you go. Nice low-tech solution there.
Yeah, exactly.
Yeah.
Now, Assange himself, he didn't really want to go. He didn't really like the idea of going to Russia.
Where will I put my PCs? I don't know what he talks like, but—
Good Australian accent. Anyway, by 2019, things had changed. Sweden dropped its charges against Assange, dropped the case.
Mm-hmm.
And as I said, the Ecuadorian embassy had had enough of cleaning up after him. And eventually, April 11th, 2019, Ecuador had a new government.
They revoked his asylum and they evicted him. And you'll all probably remember the pictures of British police carrying him out of the embassy kicking and screaming.
And he's currently detained in Belmarsh Prison while he fights extradition to the United States on espionage charges.
But it's quite extraordinary to hear some of these things which the Americans were thinking of doing in order to get their man, simply because they didn't want a data breach to happen.
They revoked his asylum and they evicted him. And you'll all probably remember the pictures of British police carrying him out of the embassy kicking and screaming.
And he's currently detained in Belmarsh Prison while he fights extradition to the United States on espionage charges.
But it's quite extraordinary to hear some of these things which the Americans were thinking of doing in order to get their man, simply because they didn't want a data breach to happen.
Yeah.
I wonder if there's any sort of tips and lessons we can all learn as companies there.
If you don't want a hacker to release information which has been stolen from your organization, whether you could do these sort of things, drive a car into them.
If you don't want a hacker to release information which has been stolen from your organization, whether you could do these sort of things, drive a car into them.
Do you know that you're an influential person?
I'm not saying it's a good idea.
Oh, well, it sounds like it. Sounds like you're saying, well, yeah, you might get some ideas from this. Jeez.
Carole, what's your story for us this week?
Mine is much, much more serious than yours.
Good.
No, it's not. It's not. I'm going to start with a story. So when I was a kid, I liked making lists. I still like making lists. I make lists.
And one of my jobs when I was a kid was to write down the shopping list, right?
So people would, you know, family would belt out things and, you know, oranges, milk, whatever, whatever. And I'd write them down on the list.
And one of my jobs when I was a kid was to write down the shopping list, right?
So people would, you know, family would belt out things and, you know, oranges, milk, whatever, whatever. And I'd write them down on the list.
Did you ever write made-up things on the list to try and mess up?
No, I don't know why. Because, yeah, well, I do know why. No, I did not. Didn't screw around with the list. Took it very seriously.
Okay.
And then one day we're doing this. Sorry, I've lost my voice a little bit, so you have to suffer with me. One day I'm doing a lesson and the word stumped me.
And the word was ass wipe. And I couldn't understand. I was trying to think, is that a fruit, vegetable? What is that? And so they said it again and started laughing their heads off.
And of course my parents were killing themselves laughing because, you know, they had to explain it to me and slow it down and say it to me very slowly and separate the two words and then tell me it meant toilet paper.
And the word was ass wipe. And I couldn't understand. I was trying to think, is that a fruit, vegetable? What is that? And so they said it again and started laughing their heads off.
And of course my parents were killing themselves laughing because, you know, they had to explain it to me and slow it down and say it to me very slowly and separate the two words and then tell me it meant toilet paper.
Your parents said ass wipe? Yes.
I don't know, it's probably, I don't know, yeah. Yeah.
How old were you?
I don't know. 11, probably about that, 10, 12.
How old were they?
I don't know, older.
Presumably.
Yeah. Anyway, I'm telling you this.
I'm so sorry, Carole.
Well, I'm telling you this because we're heading to what the Brits call the loo, what the Americans call the can, and what Canadians call the bathroom for some reason.
Now last week we talked about smart glasses, didn't we? That was last week, wasn't it? With Mark Stuckley.
Now last week we talked about smart glasses, didn't we? That was last week, wasn't it? With Mark Stuckley.
Facebook's Ray-Ban link-up thing. Terrible idea. Terrible idea. Yeah.
Well, this week it's smart bogs, as in toilets. Now, before we dive in, not literally.
If I told you I had invented a smart toilet, Graham, I would say to you, okay, dude, I have created a smart toilet. What are we going to do with it? What are we going to do?
If I told you I had invented a smart toilet, Graham, I would say to you, okay, dude, I have created a smart toilet. What are we going to do with it? What are we going to do?
Let's spitball. Do you want ideas as to what to do with a smart toilet? Yes. Or how to sell it? So functionality it could have.
Yeah, what kind of functionality items? What are we going to tell people it can do?
Well, you would want it to be able to warm your buttocks.
Yeah, yeah. So you'd have a seat warmer, check.
I would have some kind of radar device which would help you confirm that your urinal stream was going in the right place.
You can't use your eyes?
And not spraying. Well, if you're doing it in the dark.
Oh, why not have a light inside the bowl?
Yes. But if you're reading a book or, you know, on Instagram or something while you're peeing.
You might want a scale, for example, right? It could say, hey, Steve, lift your feet up. We're going to check your weight.
Oh, okay. Okay. Yes. You could have maybe a periscope or something. So you could sort of—
Well—
with a little camera on it or something, just to have a look. Because there are parts of your body which are hard to access and hard to view.
And just to look at your anal print once in a while.
Yes, but if you've got a pain or an unusual protrusion from part of your body, you may want to examine, just work out what's going on out there.
And then you find out there are mirrors, Graham. I know it's difficult sometimes, isn't it, to arrange?
And then you find out there are mirrors, Graham. I know it's difficult sometimes, isn't it, to arrange?
It is. Well, most of these things actually already exist, I'm sure, because smart toilets are said to be huge business. It's a race to the bottom, if you will.
I have experienced smart toilets in—
I can't believe you missed that joke. It wasn't even mine.
Race to the bottom, yeah. Hang on, I'll do this. Rude. It was from The Guardian.
I thought it was very good.
Yeah. I have experienced smart toilets in Asia.
Yes, yes. Japan is kind of known as the kings of the advanced loo, isn't it?
I have to say, I rather liked them.
Really?
I don't the idea of them being connected to the internet. Oh, really? No, I think I wouldn't want a breach or a leak happening while I was on the loo.
Well, that's what I was thinking when you were telling your story. That's maybe why he smeared his feces on the wall. Maybe he thought he had one.
Maybe Julian was worried about, you know.
Maybe Julian was worried about, you know.
Poor old Jules.
Okay. We're going to move this along. The point is poo and pee analysis.
Apparently stool provides tons of health data and academic stool dudes say we're missing a trick by simply flushing them away.
Self-referred smart toilet enthusiast Joshua Kuhn, professor of chemistry and biochemistry at the University of Wisconsin-Madison, says there are several thousand known different small molecules that exist in urine, and they give you insight into what's going on.
So he's done a few small studies, and he says it turns out you can detect compounds that are diagnostic of exercise. So can you just see it? Honey, did you work out today? Yes.
Why does the toilet have an angry red face on it? Right?
Apparently stool provides tons of health data and academic stool dudes say we're missing a trick by simply flushing them away.
Self-referred smart toilet enthusiast Joshua Kuhn, professor of chemistry and biochemistry at the University of Wisconsin-Madison, says there are several thousand known different small molecules that exist in urine, and they give you insight into what's going on.
So he's done a few small studies, and he says it turns out you can detect compounds that are diagnostic of exercise. So can you just see it? Honey, did you work out today? Yes.
Why does the toilet have an angry red face on it? Right?
Right. Okay. Yes.
And he also says when you can— he says you can see when an over-the-counter medication comes into the system and clears out, you can see molecules that correlate to how well you slept, how much fat you had in your diet, what your calorie intake was.
It's very clever.
Did you have a Big Mac yesterday on the way home from work? No. Are you sure?
And does all this analysis— can— does this happen on device or is it sent up into the cloud?
Of course it's sent up to your phone.
Right.
Yes, of course. Why put all the tech in there? All it's got to do is just send the information, right? Crunch it elsewhere.
Still got to sort of sift through the— is this just urine or is this also the other stuff?
Every little thing we deposit, turns out you can squeeze out some information out of it.
Squeeze out. If you're using posh toilet paper, it's triple quilted or something, wouldn't that change the results?
Wouldn't it say you appear to have a lot of roughage in your diet just because you've got all this sort of paper there as well?
Wouldn't it say you appear to have a lot of roughage in your diet just because you've got all this sort of paper there as well?
Good question, good question. But this year at the influential annual Consumer Electronics Show, a Japanese manufacturer, Toto, announced its wellness toilet.
Now this is a concept it's still working on, but according to the Guardian article, its sensors, including one for scent, would aim to detect health problems and conditions such as stress, but also lifestyle suggestions.
In one image provided by the company, it envisioned the toilet sending you a recipe for salmon and avocado salad. It's just nowhere's sacred.
Now this is a concept it's still working on, but according to the Guardian article, its sensors, including one for scent, would aim to detect health problems and conditions such as stress, but also lifestyle suggestions.
In one image provided by the company, it envisioned the toilet sending you a recipe for salmon and avocado salad. It's just nowhere's sacred.
Pleased to hear that Toto have moved on from their 1980s hit Africa to now going to the toilet business. This is fantastic.
People could use it to check up on their kids, see if their kids are on drugs or their partners are on drugs.
The parents are on drugs installing this, buying this damn thing. How much does one of these cost?
Well, I saw numbers in the $14,000s, $15,000s. I mean, this is early days, these are early days. And of course, yeah, things this way happen. Yeah. So would you have a shared account?
That's the other thing I wondered.
That's the other thing I wondered.
What?
No, but you have a family account, right? Do you demand it when you start dating someone just to make sure that they are healthy?
Do you install them at work to make sure your staff are getting enough sleep and aren't high as kites?
Do you install them at work to make sure your staff are getting enough sleep and aren't high as kites?
Oh, well, that's a reasonable point because people— some companies do drugs testing.
Yeah. Is this against people's will, or is it the only toilets you provide at work?
Do you need people to agree to have their deposits analyzed.
Yeah. Yeah.
Are there terms and conditions? Hmm.
It brings a whole new meaning to the word tailgating. Okay, but there are a lot of positive implications too, especially after a pandemic.
I mean, imagine that that information could help give you a clue that something serious was going on in a particular part of the world because of some weird bacteria or weird virus that was found.
I mean, imagine that that information could help give you a clue that something serious was going on in a particular part of the world because of some weird bacteria or weird virus that was found.
Yeah.
So I don't know. I'm with you, my toilet's going to stay dumb for a while yet. It's the only non-IoT place in my house practically.
At the moment, but your birthday's approaching, Carole. Your birthday's approaching. Thanks to this week's sponsor, 1Password.
Did you know around 80% of business data breaches result from weak or reused passwords?
Well, using 1Password can close the gaps in your company's security, combat shadow IT security and help your employees stay both productive and secure wherever they are.
With the right tools, the right mindset, you can create a culture inside your company where your employees feel empowered to share responsibility for security risk management.
1Password makes the secure thing to do the easiest thing to do by letting your employees stay secure without slowing them down.
For employees, 1Password makes it easy to play their part in personal security and by extension, company and customer security too. So what are you waiting for? Find out more.
Try 1Password for free for 14 days. All you gotta do is go to 1password.com. And thanks to the team at 1Password for supporting the show.
And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
Did you know around 80% of business data breaches result from weak or reused passwords?
Well, using 1Password can close the gaps in your company's security, combat shadow IT security and help your employees stay both productive and secure wherever they are.
With the right tools, the right mindset, you can create a culture inside your company where your employees feel empowered to share responsibility for security risk management.
1Password makes the secure thing to do the easiest thing to do by letting your employees stay secure without slowing them down.
For employees, 1Password makes it easy to play their part in personal security and by extension, company and customer security too. So what are you waiting for? Find out more.
Try 1Password for free for 14 days. All you gotta do is go to 1password.com. And thanks to the team at 1Password for supporting the show.
And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week. Pick of the Week.
Pick of the Week is the part of the show where everyone, Carole, me, and our guest, everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish. Doesn't have to be security related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish. Doesn't have to be security related necessarily.
Better not be.
Well, the rule isn't that it can't be security related, just that it doesn't have to be security related. And this week, my Pick of the Week is security-related.
Oh!
Yes.
Really? On the one week where we are together doing this on our own, and I have no respite, and I actually have to listen.
This week, my Pick of the Week is a podcast produced by a chap called Gary Milne. And it's coming out of BBC Ulster in Northern Ireland. And it is called Assume Nothing.
Okay.
And they've done investigations into a number of dodgy goings-on in Northern Ireland.
And in their latest episodes, which are called Hack Attack, they take a look at the notorious TalkTalk breach of 2015. You remember?
And in their latest episodes, which are called Hack Attack, they take a look at the notorious TalkTalk breach of 2015. You remember?
Yeah.
Our lovely friend Dido Harding, CEO of TalkTalk, and how well she handled that one.
She tried her best.
It's not good enough. And they also examine who was behind it and some of the stories.
And I have to say, it is probably the most accurate telling of the TalkTalk data breach there has ever been.
And I have to say, it is probably the most accurate telling of the TalkTalk data breach there has ever been.
Did they call you?
Yes, they did talk to me.
You're so lame.
Well, no, that's not the reason.
That's— that is exactly the reason.
No, no, no, that's the reason why I know about it, because he emailed me to tell me the podcast was finally out, because I spoke to him back in January.
And I am in it only very briefly. Gary Milne.
And I am in it only very briefly. Gary Milne.
Gary Milne?
Yeah.
Is he a nice chap?
He was a lovely chap and it's a great podcast and it's, you know, and you get to hear yours truly in it. Only very briefly. They do mention Smashing Security a few times. Not me.
Do they?
They mention it. So there we got a little plug in it.
So what was this? A significant and sustained cyberattack? An act of terrorism?
Or as Dido Harding hinted, was it something that was just copied and pasted off the internet and used to cripple a communications company?
Graham Cluley from the Smashing Security podcast explains.
Or as Dido Harding hinted, was it something that was just copied and pasted off the internet and used to cripple a communications company?
Graham Cluley from the Smashing Security podcast explains.
So there was a big problem. It's got one of those commentaries, you know, when they speak in a very dour way.
He goes, it was August 14th, it was 3 AM, and the police were knocking on the door of a 15-year-old boy. Inside, he was not a member of the cyber— you get the idea?
He goes, it was August 14th, it was 3 AM, and the police were knocking on the door of a 15-year-old boy. Inside, he was not a member of the cyber— you get the idea?
Yeah, yeah.
So it's one of those. But it's very nice.
NPR style, we call it.
Right. Okay. Well, that's what the professionals call it, perhaps. Its name is Assume Nothing. You can find it on BBC Sounds.
You can probably find it in your favourite podcast app as well. The specific episode is called Hack Attack, but I think you might enjoy some of the others as well.
And that is why it is my pick of the week.
You can probably find it in your favourite podcast app as well. The specific episode is called Hack Attack, but I think you might enjoy some of the others as well.
And that is why it is my pick of the week.
FYI, we say profesh in the business, not professional.
Just, you know. Well, if you're really professional, you just say prof. Carole, what's your pick of the week?
My pick of the week, I'm looking at it right now. It is a physical thing.
It is a big, fat, stonking book, one that maybe some millennials have never seen the size of because they've been glued to their phones. It's called The Art Museum by Phaidon.
It's called The Art Museum because it's housing art across continents, across time, across artistic periods.
It's basically like a compendium of the history of art and compiled into these mini museums or these mini galleries within the book. It's very cool the way they've done it.
You start off at the very beginning and you're looking at the Caves of Lascaux, for example, in France.
And they have pictures, really high-quality pictures, and it goes all the way to modern times in art. It's huge.
It is a big, fat, stonking book, one that maybe some millennials have never seen the size of because they've been glued to their phones. It's called The Art Museum by Phaidon.
It's called The Art Museum because it's housing art across continents, across time, across artistic periods.
It's basically like a compendium of the history of art and compiled into these mini museums or these mini galleries within the book. It's very cool the way they've done it.
You start off at the very beginning and you're looking at the Caves of Lascaux, for example, in France.
And they have pictures, really high-quality pictures, and it goes all the way to modern times in art. It's huge.
So this is like the definitive history of art.
That's what they're claiming. Phaidon are pretty good, pretty strong on their art books anyway.
But if you wanted to look and try and get an understanding of art as a kind of whole, this is a great place to start.
But if you wanted to look and try and get an understanding of art as a kind of whole, this is a great place to start.
So if I named an artist, would you be able to look it up in the book?
Sure. Go, let's try.
Really? What, like a famous painter, for instance?
Yeah, I think you'd have to be fairly famous if they're covering all time. Yeah. Let's see.
Vermeer.
Yeah, okay, there'll totally be Vermeer in there. God, I don't even know why I was worried about you.
Sorry.
They have a lot of Van Gogh. They have a Velázquez, which is great.
Rubens? Do they have Rubens?
See, this is a very big index. It's on another page. Hold on, please.
Well, yeah, it'll be alphabetical.
Yeah, well, you know, some of us—
Pollock's.
Yeah, they got— yeah, Rubens is all through there. Yeah, that's a good one. Yeah, Pollock. Pollock. Jackson Pollock. Yeah, he's in there too. Oh, you're being funny.
Bosch.
That's very far away. Yeah, they'll have Hieronymus. He'll be there.
Oh, very good.
Were you testing me?
Terrio? Terrio?
Not yet. Not yet, Graham.
Not long. Not long.
Anywho, if you're interested, check it out. It's called The Art Museum. It's published by Phaidon. That's P-H-A-I-D-O-N.
And I got my massive hard copy from Costco for a very reasonable price. So if you are Costco members, maybe go check it out. And that is my pick of the week.
And I got my massive hard copy from Costco for a very reasonable price. So if you are Costco members, maybe go check it out. And that is my pick of the week.
That just about wraps it up. You can follow us on Twitter at Smashing Security, no G, Twitter must have a G, and we're also on Reddit.
Check out the Smashing Security subreddit and don't forget to ensure you never miss another episode.
Follow Smashing Security in your favorite podcast apps, such as Apple Podcasts, Overcast, and Google Podcasts.
Check out the Smashing Security subreddit and don't forget to ensure you never miss another episode.
Follow Smashing Security in your favorite podcast apps, such as Apple Podcasts, Overcast, and Google Podcasts.
And of course, thanks to this week episode sponsor, 1Password, and to our wonderful Patreon community. It's thanks to them all that this show is free.
And for episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 244 episodes, check out smashingsecurity.com.
And for episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 244 episodes, check out smashingsecurity.com.
Until next time, cheerio. Bye-bye.
Bye. Hey, Cluley, I have a thought. Yes. I have a thought. Our 250th episode is coming up.
I know. I wanted to talk to you about that. What are we going to do?
Honestly, I don't know. You should take a holiday.
Just go straight to 251.
Yeah, just skip it. Kidding, kidding, kidding.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Chris Kirsch – @chris_kirsch
Show notes:
- Update about the October 4th outage — Facebook Engineering.
- More details about the October 4 outage — Facebook Engineering.
- Facebook Whistleblower Says Company Chooses ‘Profits Over Safety’ All The Time — Vice.
- Inside Facebook’s Push to Defend Its Image — The New York Times.
- Conspiracy Theories About Facebook Outage Spread Even Without Facebook — Vice.
- Facebook outage: what went wrong and why did it take so long to fix after social platform went down? — The Guardian.
- A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death — Wall Street Journal.
- Baby's Death Alleged to Be Linked to Ransomware — Threatpost.
- US unites 30 countries to disrupt global ransomware attacks — Bleeping Computer.
- Interpol urges police to unite against 'potential ransomware pandemic' — Bleeping Computer.
- More than 20,000 arrests in year-long global crackdown on phone and Internet scams — Interpol.
- Lancashire partners welcome NCF to the North West — Lancashire Enterprise Partnership
- National Cyber Force to be based in Samlesbury — BBC News.
- BoardGameGeek.
- I Expect You To Die — Schell Games.
- Midnight Mass — Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: 1Password
Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are.
1Password makes the secure thing to do the easiest thing to do.
Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.
Find out more and try 1Password free for 14 days at 1password.com
Sponsor: Attivo Networks
It’s time to get serious about preventing and detecting credential abuse, privilege escalation, and entitlement exposures.
Attivo Networks gives you visibility on identity exposures, vulnerabilities, and attack paths from endpoints to Active Directory to the cloud – all while creating an active defense, delaying and derailing attacks, empowering the defender and eliminating an attacker’s advantage.
Learn more and kick credential attacks to the curb, by visiting attivonetworks.com
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, Spotify, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
