Students learn a valuable lesson when it comes to AI detecting guns on campus, SIM swappers are surprisingly stupid, and romance scammers get scammed by someone (or some thing?) calling themselves Chiquita Banana.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Anyway, according to Krebs, and this is terrifying, according to Krebs, there are dozens of teenage or 20-something sim swap millionaires out there.
How many?
Dozens, he says. That's how we count things in 2022, in multiples of 12.
Smashing Security, episode 288. Chiquita Banana, dumb criminals, and detecting ring binders. With Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 288. My name is Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 288. My name is Graham Cluley.
And I'm Carole Theriault.
And this week we've got a special guest in the hot seat. Who've we got, Carole?
We have the wonderful Mark Stockley. Hi, Mark.
Hello.
Returning guest, obviously.
I can't quite believe you've asked me back on.
Neither can we.
Tough times, tough times. Liz Truss isn't available and Boris Johnson's on holiday. So you got the gig. It was you or Nadine Dorries.
Do you know what? I think you sound a bit like Boris Johnson.
Who, Carole does? No, Graham.
We're going to leave it at that. But before we kick off, let's thank this week's sponsors, Bitwarden, Kolide, and Soul Cyber.
It's their support that helps us give you this show for free. Now, coming up on today's show, Graham, what do you got?
It's their support that helps us give you this show for free. Now, coming up on today's show, Graham, what do you got?
Oh, I'm going back to the crazy days of school.
Right. What about you, Mark?
I've got a story all about hiring hitmen online.
Excellent. And I'm taking a look at a giggle-worthy approach to combating romance scammers. All this and much more coming up on this episode of Smashing Security.
Now, chums, chums, I want to take you back in time in my timeline, not in your own timeline. I want to take you back to around about, I think it was about 1986, 1987.
There I was in sixth form.
There I was in sixth form.
I was going to say in diapers, but no. In sixth form in diapers would be pretty—
I was busy failing my A-levels.
Brilliant.
Is this a Doctor Who story?
It has nothing to do with Doctor Who.
I feel like this is how a Doctor Who story would start.
No, no, no, no, no.
I was studying with a whole bunch of kids, and one day, two of my mates, Howie and Johnny, came into school, and they told us what had happened to them the previous day.
Now, Howie had a car, which made him quite unusual in the sixth form, but he had a car, and he'd been going around town with Johnny with their water pistols.
They were having fun, basically. They were driving around with their water pistols, sort of shooting at people from the car. You know, she's pissing about.
I was studying with a whole bunch of kids, and one day, two of my mates, Howie and Johnny, came into school, and they told us what had happened to them the previous day.
Now, Howie had a car, which made him quite unusual in the sixth form, but he had a car, and he'd been going around town with Johnny with their water pistols.
They were having fun, basically. They were driving around with their water pistols, sort of shooting at people from the car. You know, she's pissing about.
Pissing about. Yeah.
Well, they weren't using actual urine, Carole. They weren't. As far as I know, they hadn't filled it with that. They were just using water.
They're not savages.
No, exactly. And what they did was they were driving up Camberley High Street, which is where I live in Surrey. And they had to pop into the bank.
These are the days when you had to pop into banks if you wanted to get money out.
And they parked on a double yellow line and they raced into the bank, got their money out from the person behind the till, and then leapt back into the car and zoomed off.
These are the days when you had to pop into banks if you wanted to get money out.
And they parked on a double yellow line and they raced into the bank, got their money out from the person behind the till, and then leapt back into the car and zoomed off.
Okay.
Still flourishing their water pistol.
I was just about to ask about the water pistols.
Okay. Yes.
Would you say that they were like straight-A students?
Well, they were bunking off school on the particular day, so they weren't in their lessons.
Yeah, okay.
So what had happened is that they'd then gone round to Johnny's house and they'd parked in the drive.
And probably about 20 minutes later, all these police cars arrived and surrounded them.
And, you know, and the police showed up who weren't happy at all because it appeared someone had seen them running into the bank with these water pistols, had raised an alarm that there were some shenanigans going on.
And told the police. And the police had obviously come round to the house, or followed them, or whatever. Anyway, they'd been caught. But it's all a false alarm.
They hadn't actually robbed the bank. They were just larking around.
And probably about 20 minutes later, all these police cars arrived and surrounded them.
And, you know, and the police showed up who weren't happy at all because it appeared someone had seen them running into the bank with these water pistols, had raised an alarm that there were some shenanigans going on.
And told the police. And the police had obviously come round to the house, or followed them, or whatever. Anyway, they'd been caught. But it's all a false alarm.
They hadn't actually robbed the bank. They were just larking around.
You've got great friends.
So they just went in the bank and made a normal withdrawal, or deposited some money, or—
Scratching their ear with the butt of their gun.
Yes.
They didn't put stockings over their head or anything like that. Yeah, they just went, raced in, got some money, raced out, brandishing some water pistols.
I don't know exactly how it happened, but this thing happened. And they came in, they told me the next day at school, and I said, this is brilliant.
I said, we should do something about this. We should call up a newspaper.
I don't know exactly how it happened, but this thing happened. And they came in, they told me the next day at school, and I said, this is brilliant.
I said, we should do something about this. We should call up a newspaper.
Of course you did.
I was busy. I was busy not studying for my exams.
Yeah.
And you wanted to be famous.
And I thought we could sell this story to the press. That'd be brilliant. So I went down all the list of quality newspapers and I stopped at The Sun.
Of course you did.
And I rang up The Sun newspaper, and I said, I've got a story for you about these two teenage kids who the police seem to think have done a bank robbery.
And in fact, they had water pistols. And The Sun loved it. And The Sun said, this is brilliant.
Can we send down a photographer to photograph Howie and Johnny sat on the bonnet of their car with their water pistols? Because this would make a nice little story for us.
And I said, sure, how much you gonna pay us? And I think they said, we'll give you £100 or something. I thought, okay, I'll share that between me, Harry, and Johnny.
But the problem was, the problem was that Johnny was in school that day. So I'd nipped off to someone else's house to plan this and work with the reporter. And Johnny was in school.
So we had to ring up the school, pretend to be Johnny's dad, saying that Johnny had to come home. And then we had to drive in to pick him up.
He didn't know, 'cause we didn't have mobile phones then. We had to drive in, pick him up, and say, "Here's the deal.
You're going to be in the newspaper, but they need you there, something from the guns." So we went in and picked him up and all the rest of it. So that's what I did at school.
And in fact, they had water pistols. And The Sun loved it. And The Sun said, this is brilliant.
Can we send down a photographer to photograph Howie and Johnny sat on the bonnet of their car with their water pistols? Because this would make a nice little story for us.
And I said, sure, how much you gonna pay us? And I think they said, we'll give you £100 or something. I thought, okay, I'll share that between me, Harry, and Johnny.
But the problem was, the problem was that Johnny was in school that day. So I'd nipped off to someone else's house to plan this and work with the reporter. And Johnny was in school.
So we had to ring up the school, pretend to be Johnny's dad, saying that Johnny had to come home. And then we had to drive in to pick him up.
He didn't know, 'cause we didn't have mobile phones then. We had to drive in, pick him up, and say, "Here's the deal.
You're going to be in the newspaper, but they need you there, something from the guns." So we went in and picked him up and all the rest of it. So that's what I did at school.
Okay, well—
In relation to guns.
That's a very nice tight pretext to your story.
Right, because the one place you don't want real—
10 minutes later.
Is this what you were doing with all that time you had off in Auckland?
Yeah.
Just dressed like this. You've still only got 10 minutes, Graham.
The one place you don't want real guns is school. Is what—
Oh, really?
Yes. Campuses and education establishments in the States have been throwing tech at the problem to keep guns out. And I'm not talking water pistols.
Some have bought systems, for instance, which listen for aggressive noises. So they plant microphones into certain rooms. You've heard about this?
Some have bought systems, for instance, which listen for aggressive noises. So they plant microphones into certain rooms. You've heard about this?
Yeah.
I'm guessing this is happening in the States rather than the UK or Canada or anything, right?
Well, I'm sure nothing happens in Canada, but yes, certainly in the United States. They're listening out for aggressive noises.
But what they found is that this technology doesn't work very well.
So there was, for instance, the case of a drama student who was performing in some sort of horrific play, and she gives an ear-piercing scream like she's been attacked by a ghost.
In the library and nothing happens.
But when a student had a coughing fit in the audience, or if Happy Birthday is sung, then the alarm goes off and they think something suspicious is going on.
ProPublica even tested it with a YouTube clip of, you know, Gilbert Gottfried, the late American comedian. He's got it right down there.
He said, "Is it hot in here or am I crazy?" And if you play that, apparently— "Is it hot in here or am I crazy?" that triggers the alarm. That's something very aggressive.
But what they found is that this technology doesn't work very well.
So there was, for instance, the case of a drama student who was performing in some sort of horrific play, and she gives an ear-piercing scream like she's been attacked by a ghost.
In the library and nothing happens.
But when a student had a coughing fit in the audience, or if Happy Birthday is sung, then the alarm goes off and they think something suspicious is going on.
ProPublica even tested it with a YouTube clip of, you know, Gilbert Gottfried, the late American comedian. He's got it right down there.
He said, "Is it hot in here or am I crazy?" And if you play that, apparently— "Is it hot in here or am I crazy?" that triggers the alarm. That's something very aggressive.
I hope no one's listening to this on speaker in their school.
Because these systems are listening to sounds. They're not trying to understand words or the context. So we need a better system.
Is there any AI involved in this?
Ah.
This has the sort of— the stench of AI about it.
So, a company called Evolv Technology, that's evolve without an E, at least without an E at the end.
Yeah, they've evolved the word evolve.
They have promised an AI-based weapon screening system.
It's definitely going to work.
They say it's 10 times faster than metal detectors. No lineups, no stopping, no pat-downs, no emptying pockets or removing bags. And you just walk between these screens.
Great. It's going to be awesome.
Is it just wickedly racist? Is it?
No, no. No, no, no. It doesn't just pick up weapons though. It can also take— 'Cause they thought, well, that's not enough.
You also want to stop people coming in with dangerously high temperatures. 'Cause it might mean they have COVID-19 or maybe worse, maybe they're menopausal.
You also want to stop people coming in with dangerously high temperatures. 'Cause it might mean they have COVID-19 or maybe worse, maybe they're menopausal.
Yeah.
Something like that. Could be dangerous.
Yeah, they could have their periods. Yeah, keep them out.
Exactly. Could be dangerous.
Yeah.
In all those cases, I think, yeah, everyone else much safer.
Yeah.
So they say you just walk through. And using AI, Evolv says it can tell the difference between weapons, like a gun and a knife, and legitimate things you might bring into a school.
And it sounds brilliant, doesn't it?
And it sounds brilliant, doesn't it?
It's definitely gonna work.
It's definitely going to deter people from bringing weapons in. It's definitely gonna reassure students they're safe. It's gonna prevent tragedies.
And it's also not gonna disrupt the movement of kids coming into school quickly. It's a win-win-win-win-win-win-win. Marvellous.
And Evolv Systems, the CEO keeps on popping up on TV every time there's a school shooting in America. So he's quite busy describing how the technology keeps guns out.
But there's a problem. According— I know that's a shock— according to Motherboard, some school administrators saying the scanners have caused chaos.
At one school which had put the scanners just at one entrance to the school, the school principal described the situation as a clusterfuck.
And it's also not gonna disrupt the movement of kids coming into school quickly. It's a win-win-win-win-win-win-win. Marvellous.
And Evolv Systems, the CEO keeps on popping up on TV every time there's a school shooting in America. So he's quite busy describing how the technology keeps guns out.
But there's a problem. According— I know that's a shock— according to Motherboard, some school administrators saying the scanners have caused chaos.
At one school which had put the scanners just at one entrance to the school, the school principal described the situation as a clusterfuck.
Fuck.
Why the fuck do they beta test this on kids? Why wouldn't you start at— Anyway, okay, carry on. Sorry.
Is that the best the principal can come up with? Clusterfuck? Seriously? You're in charge of a school. Where's your vocabulary? Set an example.
The principal said—
An omnishambles.
It took all 10 people to even come close to manage in the chaos. We don't have the manpower for this.
This chap said, if you have multiple binders in your backpack or a spiral notebook, the sort of thing you might bring to school—
This chap said, if you have multiple binders in your backpack or a spiral notebook, the sort of thing you might bring to school—
You're obviously a killer.
Apparently the alert lights up and they have to do a search. So the solution they were given by the company was ask kids not to bring in so many binders to school.
Yes.
Know fewer.
Plastic binders. Yeah.
In fairness, if you hit someone with 10 binders, that would probably hurt. Maybe it knows more than we do.
Maybe not deadly though.
So the principal may not have a great vocabulary, but they did describe the detection of binders as weapons of mass instruction.
There you go. That's why he's the principal. That's why.
But they said it was probably the least safe day at the campus as everyone in security was manning the front doors instead of monitoring kids throughout the building.
Jesus Christ!
So, the company— That's so crazy! So the company's been asked now, look, are there any settings we can use to adjust this?
Is there an off button?
Yes. Can you just unplug it? Yeah. Because it's frequently detecting— Chromebooks, for instance.
I don't know about other laptops, but apparently Chromebooks are setting off the alarms 60 to 70% of the time as people come in. So it's become absolutely disastrous.
I don't know about other laptops, but apparently Chromebooks are setting off the alarms 60 to 70% of the time as people come in. So it's become absolutely disastrous.
So you're saying this is actually made by Microsoft?
Well, yes.
I think that's what we've learned there. Evolve is just—
To get people to—
It's a sham.
Yeah.
Once again, AI, as it runs to the rescue, trips and falls flat on its face.
It does seem to have done, yes. Mark, what have you got for us this week?
Well, a shorter introduction than you. Thank God. So, my story starts just a few days before Christmas, Christmas 2021, in a place called Abington, Pennsylvania. On the—
Alright.
On the 18th of December, at approximately 12:30 AM.
The local police were dispatched to a house fire where the homeowner believed that something had been thrown at their house just before the fire started.
And when the police got there, they found a slate that had been used to break a window and a broken bottle that smelled of a flammable liquid.
The local police were dispatched to a house fire where the homeowner believed that something had been thrown at their house just before the fire started.
And when the police got there, they found a slate that had been used to break a window and a broken bottle that smelled of a flammable liquid.
Okay.
So, some fairly obvious clues that this was an arson attack. And the victims of the attack had also previously been the target of several swatting calls.
So, grounds to believe that, you know, there may be something nefarious going on.
So, grounds to believe that, you know, there may be something nefarious going on.
What's a swatting call?
Oh, so, a swatting call is where you phone the police and you say, somebody at an address has a gun. And then the police will respond with a SWAT team, who will then raid the house.
Ah, yes.
With guns and shields, and basically they'll go in there expecting there to be a shooter.
And of course, if there isn't a shooter there, that's incredibly dangerous for everybody concerned.
And of course, if there isn't a shooter there, that's incredibly dangerous for everybody concerned.
Yeah.
And people have actually been killed in swatting events.
Yeah. But probably seen as super hilarious.
Yes, it was— it's a thing that gamers— it used to be part of the sort of hardcore gaming culture where people would do that to each other and they would swat each other.
So these people have been swatted before, but now they've also been the victim of an arson attack.
And then about two weeks later, on January the 2nd, the police in another town were called out when there were shots fired into a house in West Chester, Pennsylvania.
And the police found several shell casings and a discarded pistol magazine outside, and they found bullet holes in a window, and then bullets inside the house embedded in a wall, inside a piano leg, in a piano stool, and in a small table.
So these people have been swatted before, but now they've also been the victim of an arson attack.
And then about two weeks later, on January the 2nd, the police in another town were called out when there were shots fired into a house in West Chester, Pennsylvania.
And the police found several shell casings and a discarded pistol magazine outside, and they found bullet holes in a window, and then bullets inside the house embedded in a wall, inside a piano leg, in a piano stool, and in a small table.
Are you suggesting these are clues to a crime or an attack, Mark? Yep.
We're looking for someone that hates furniture.
Yes.
Yes.
This is turning into an episode of CSI, I'm telling you.
Well, according to journalist Brian Krebs, the attacks were carried out by a hitman hired by a cybercriminal who wanted to get at one of their rivals by targeting their female friends.
And Krebs says that both criminals frequented Telegram channels about SIM swapping.
So SIM swapping is a form of fraud where you steal somebody else's phone number so you can get all their calls and messages. And it's used to defeat two-factor authentication.
The, yeah, so two-factor authentication is normally used to safeguard high-value accounts like, guess what, drum roll, cryptocurrency logins.
Because we can't have a story about crime that doesn't involve cryptocurrency.
Anyway, according to Krebs, and this is terrifying, according to Krebs, there are dozens of teenage or 20-something SIM swap millionaires out there.
And Krebs says that both criminals frequented Telegram channels about SIM swapping.
So SIM swapping is a form of fraud where you steal somebody else's phone number so you can get all their calls and messages. And it's used to defeat two-factor authentication.
The, yeah, so two-factor authentication is normally used to safeguard high-value accounts like, guess what, drum roll, cryptocurrency logins.
Because we can't have a story about crime that doesn't involve cryptocurrency.
Anyway, according to Krebs, and this is terrifying, according to Krebs, there are dozens of teenage or 20-something SIM swap millionaires out there.
How many?
Dozens. Dozens, he says.
Oh, dozens, dozens.
That's how we count things in 2022, in multiples of 12. So there are dozens. There are dozens of these SIM swap cryptocurrency millionaires.
And as we all know, when the money and the testosterone outpace the intelligence, stupidity and bullshit follow.
And in this case, that bullshit seems to be manifesting as real-world hits. Now, there's nothing new about the idea of hiring a hitman on the dark web to do your dirty work.
And research, proper academic research, suggests that you can spend up to $120,000 for a really high-end professional hit.
And I can confirm, because I did a bit of research before this episode, I can confirm there are indeed some very scary individuals out there on the dark web.
And as we all know, when the money and the testosterone outpace the intelligence, stupidity and bullshit follow.
And in this case, that bullshit seems to be manifesting as real-world hits. Now, there's nothing new about the idea of hiring a hitman on the dark web to do your dirty work.
And research, proper academic research, suggests that you can spend up to $120,000 for a really high-end professional hit.
And I can confirm, because I did a bit of research before this episode, I can confirm there are indeed some very scary individuals out there on the dark web.
Just interested why Mark was looking up very professional hitmen on the web.
Well, Graham, if you look behind you, there's a surprise for you. I bought you an NFT.
So what you're saying is that cybercriminals, let's call them these fraudsters, these SIM swappers, cybercriminals, effectively.
They are attacking their rival cybercriminals or they're attacking their loved ones in order to intimidate them.
So they've identified who the other cybercriminals are and then have then taken it into the real world.
They are attacking their rival cybercriminals or they're attacking their loved ones in order to intimidate them.
So they've identified who the other cybercriminals are and then have then taken it into the real world.
Correct.
So what?
If they're able. No, but you, what do you mean what?
I don't understand.
I'm not following you.
Okay, let me explain. Let me explain. Mark is a cybercriminal.
What?
And I'm a cybercriminal, right?
Okay.
I've gone on the dark web one time looking for hitmen, and now I'm a cybercriminal.
And I've decided—
Get the tattoo.
I've decided I want to make Mark's life less pleasant. I want to threaten him.
So what I'm going to do, I'm gonna send a hitman or an arsonist round to his Auntie Ethel to firebomb her house.
Which means that I've identified who Mark is in real life, and I know who his Auntie Ethel is and where she lives.
So what I'm going to do, I'm gonna send a hitman or an arsonist round to his Auntie Ethel to firebomb her house.
Which means that I've identified who Mark is in real life, and I know who his Auntie Ethel is and where she lives.
And I'm scaring the pants out of him. Yeah, exactly.
But the thing is that I've identified who he is. Whereas normally with cybercrime, you sort of hide on the internet, don't you? And it's hard to actually know.
It's not like you're a regular gangster in that way.
So if they're able to identify each other, why on earth aren't the police able to identify the true identities of these criminals as well?
It's not like you're a regular gangster in that way.
So if they're able to identify each other, why on earth aren't the police able to identify the true identities of these criminals as well?
That's a very interesting question, which brings me neatly, in fact, to the second half of my story.
Ah.
Because here I am. Telling you about this story with the benefit of police documents.
Aha.
So you remember I told you about those really professional hitmen that you can hire on the dark web?
Yeah.
Yeah. So this isn't them. No, none of those really professional guys were involved in this crime at all.
The criminal mastermind behind this one decided against using the dark web to organize their business.
What they did instead is they used all the pillars of the corporate American establishment, like Google, Apple, and Discord, to coordinate their business.
And it was on Discord that somebody told other Discord users that he was behind the shooting and was willing to carry out firebombings using Molotov cocktails.
The criminal mastermind behind this one decided against using the dark web to organize their business.
What they did instead is they used all the pillars of the corporate American establishment, like Google, Apple, and Discord, to coordinate their business.
And it was on Discord that somebody told other Discord users that he was behind the shooting and was willing to carry out firebombings using Molotov cocktails.
What?!
So, FBI Special Agent E. Edward Conway discovered this. Because the Discord Trust and Safety team told him.
And in case that wasn't enough to incriminate himself, the user who the FBI refer to as User 5348, and who's also known as Tongue, or Pat, or Patty, was part of a discussion—
And in case that wasn't enough to incriminate himself, the user who the FBI refer to as User 5348, and who's also known as Tongue, or Pat, or Patty, was part of a discussion—
Tongue.
Pat.
Whichever is the most objectionable.
So anyway, Tongue was part of a discussion about a video of the shooting at West Chester, Pennsylvania, in which he disclosed additional details about the shooting, named the target, explained the motive, and then confirmed that he had carried out the shooting when somebody asked him if he'd done it.
Now, that's fine, you say. Nobody else can see what's happening in the Discord channel. It's all secret.
Well, of course, that's not true because Discord can see what's happening in the Discord channel. And they didn't like it.
So anyway, Tongue was part of a discussion about a video of the shooting at West Chester, Pennsylvania, in which he disclosed additional details about the shooting, named the target, explained the motive, and then confirmed that he had carried out the shooting when somebody asked him if he'd done it.
Now, that's fine, you say. Nobody else can see what's happening in the Discord channel. It's all secret.
Well, of course, that's not true because Discord can see what's happening in the Discord channel. And they didn't like it.
Of course.
And because the conversations were carried out on Discord, the trust and safety team were able to link Pat to a real name, Patrick Allen, and a billing address in New Jersey.
It's not a very creative username if he's trying to— Yeah. Okay.
If you are looking for signs of criminal genius, you won't find them in this story. Yeah. Anyway, so they link him to a name. They also link him to a billing address.
And the billing address also happens to be the address of record of somebody called Patrick McGovern Allen.
And the billing address also happens to be the address of record of somebody called Patrick McGovern Allen.
Okay.
Where does the tongue come into things?
Hang on, hang on. Hold your horses.
Oh, is that coming?
Yeah.
Alright.
Anyway, so Pat is also linked to a Gmail address, which allows Special Agent Conway to serve a search warrant on Google for the content of the patthebat email address.
And that identifies Pat as Tung, because Pat's got these emails from Discord that refer to him as Tung.
That's fine, you say, but one or two things that link them aren't proof of anything, okay? We just know that Patrick is Tung and has an address.
Well, anyway, further analysis of Discord chats successfully established that User 5348 and Patrick Allen share the same birthday, because Patrick Allen told people what his birthday was on Discord.
They also established, because he told them, that User 5348 was also an employee at the same Italian restaurant where Patrick Allen worked. That's fine, you say.
That doesn't establish that Allen was the actual shooter, because he could be lying. Well, in another chat, User 5348 tells his phone number.
Now I know what you're thinking — it's a burner phone, right? Well, the other user was thinking that too.
And the other user said, "Is that a burner?" And User 5348 says, "No, that's my main phone." So anyway, wow.
Agent Conway reads this and he subpoenas T-Mobile, which establishes that the phone is owned by Patrick Allen's grandfather, who lives at the same New Jersey address as Allen does.
Okay, that's fine, you say. So we know who Tung is, okay? And we know his phone number, and we know where he lives. That doesn't mean he was actually present at the shooting.
Well, cell tower data provided by T-Mobile puts the mobile phone number volunteered by User 5348 while boasting to another Discord user within 1 mile of the arson attack, which is about 75 miles away from Patrick Allen's home.
Just 17 minutes after the fire is reported.
It also puts the phone number just 2 miles away from the shooting, which is also about 75 miles away from his home, just 5 minutes after that's reported. That's all fine, you say.
He could have been there for perfectly innocent reasons. It's not as if there's actually a video of Allen firing a gun into somebody's window. Now is there? Well—
And that identifies Pat as Tung, because Pat's got these emails from Discord that refer to him as Tung.
That's fine, you say, but one or two things that link them aren't proof of anything, okay? We just know that Patrick is Tung and has an address.
Well, anyway, further analysis of Discord chats successfully established that User 5348 and Patrick Allen share the same birthday, because Patrick Allen told people what his birthday was on Discord.
They also established, because he told them, that User 5348 was also an employee at the same Italian restaurant where Patrick Allen worked. That's fine, you say.
That doesn't establish that Allen was the actual shooter, because he could be lying. Well, in another chat, User 5348 tells his phone number.
Now I know what you're thinking — it's a burner phone, right? Well, the other user was thinking that too.
And the other user said, "Is that a burner?" And User 5348 says, "No, that's my main phone." So anyway, wow.
Agent Conway reads this and he subpoenas T-Mobile, which establishes that the phone is owned by Patrick Allen's grandfather, who lives at the same New Jersey address as Allen does.
Okay, that's fine, you say. So we know who Tung is, okay? And we know his phone number, and we know where he lives. That doesn't mean he was actually present at the shooting.
Well, cell tower data provided by T-Mobile puts the mobile phone number volunteered by User 5348 while boasting to another Discord user within 1 mile of the arson attack, which is about 75 miles away from Patrick Allen's home.
Just 17 minutes after the fire is reported.
It also puts the phone number just 2 miles away from the shooting, which is also about 75 miles away from his home, just 5 minutes after that's reported. That's all fine, you say.
He could have been there for perfectly innocent reasons. It's not as if there's actually a video of Allen firing a gun into somebody's window. Now is there? Well—
If there had been a video. Oh, hello.
It turns out that the phone number that User 5348 volunteered, that definitely isn't a burner phone and is his main phone, is linked with two separate iCloud accounts, both of which are also registered to Allen's New Jersey address, one of which contains a video of somebody shooting a gun into the Westchester house.
I think Mr. Tung is F-U-C-K'd.
That, ladies and gentlemen, is how not to cover your tracks on the internet.
No, but it's also a silver lining, isn't it? It's wonderful to know that some of the cybercrime underbelly don't knit with only one needle. Yes.
Maybe that's just too smart for you guys. I don't know.
Maybe that's just too smart for you guys. I don't know.
Well, you're non-music experts over here. I'm just laughing.
Carole, what's your story for us this week?
We know that romance scams were a problem before COVID but it seems the isolation and loneliness that many of us felt during the pandemic may have been some sort of catnip to romance scammers.
All these lonely people online with big fat bank accounts.
I wonder if for some scammers it was just a treasure hunt mentality — as long as I can get the victim to trust me, I can cash in big.
FTC says that in the last 5 years, people have reported a staggering $1.3 billion lost to romance scams. And that's more than any other FTC fraud category.
We know that romance scams were a problem before COVID but it seems the isolation and loneliness that many of us felt during the pandemic may have been some sort of catnip to romance scammers.
All these lonely people online with big fat bank accounts.
I wonder if for some scammers it was just a treasure hunt mentality — as long as I can get the victim to trust me, I can cash in big.
FTC says that in the last 5 years, people have reported a staggering $1.3 billion lost to romance scams. And that's more than any other FTC fraud category.
Oh, this is just people asking for money, isn't it?
Well, you know, putting up a situation where they're stuck and they need cash. And sometimes we've seen huge numbers, right?
Send me $100,000 for a plane ticket. Yeah, exactly.
It's like 80% increase compared to 2020. Wow. And all this to say that romance scams are a growing problem. But sometimes it can be baffling.
Okay, so I was reading a few romance scams and this one just caught my eye. I'm going to read the opening paragraphs to a Daily Beast story, okay, on a recent romance scam.
Actually, no, let's play a game. I want you guys to ping whenever you hear something suspicious, okay, in this reading thing. Okay, just go ping. All right.
In May of last year, someone claiming to be a military doctor on a secret mission in North Korea ping contacted Laura Francis on Facebook looking for love and connection.
Francis, a California realtor, thought he was charming. His profile images portrayed a man with a muscular build, beard, tattoos, and hospital scrubs.
Okay, so I was reading a few romance scams and this one just caught my eye. I'm going to read the opening paragraphs to a Daily Beast story, okay, on a recent romance scam.
Actually, no, let's play a game. I want you guys to ping whenever you hear something suspicious, okay, in this reading thing. Okay, just go ping. All right.
In May of last year, someone claiming to be a military doctor on a secret mission in North Korea ping contacted Laura Francis on Facebook looking for love and connection.
Francis, a California realtor, thought he was charming. His profile images portrayed a man with a muscular build, beard, tattoos, and hospital scrubs.
Ah, the hospital scrubs. Ping, ping, ping.
Now I put a picture in for you guys to see of him, just so you can see his buff muscles. This is in the show notes. You can see his—
He's not wearing scrubs there, is he?
No. But you can kind of decide how old you think he might be.
Yeah, he's probably like 20s, early 30s, maybe. Okay, I'm carrying on.
The mystery man calls himself David Hodge.
Hang on a minute, there's something wrong with his face.
Yeah, it's pixelated for— yeah. I mean, he's quite ugly. Maybe. The mystery man calls himself David Hodge, and he claimed to be a kind of surgeon.
A kind of surgeon?
He said, "I'm a kind of surgeon." Ding! Helping soldiers who'd been injured by explosives in war. David's love bombing of Frances, age 69, was insistent. Ping! Right?
So he texted her every morning and throughout the day, usually on Google Hangouts, and called her on the phone just as often. "I fell in love with his voice.
He had just the cutest laugh," recalls Frances. He serenaded her with links to romantic songs on YouTube, like "Hero" from Enrique Iglesias.
So he texted her every morning and throughout the day, usually on Google Hangouts, and called her on the phone just as often. "I fell in love with his voice.
He had just the cutest laugh," recalls Frances. He serenaded her with links to romantic songs on YouTube, like "Hero" from Enrique Iglesias.
Oh yes, that always works. Yes.
So blah, blah, blah. You guys know the story, right? David Hodge got away with Frances's basically her kids' inheritance is what she claims, around $250K.
So often stories of romance scammers open with a devastating story don't they? But there's another victim of the romance scam, and that's the online dating service itself.
So there's this startup called Filter Off, okay? And this is a video-first dating app. That's what they call themselves. So they launched at the beginning of COVID lockdowns, right?
The startup with just 3 people.
And the platform obviously took off during lockdown because it would host virtual speed dating events, you know, around various topics maybe Harry Potter or Dog Lovers Night, New York City date night, whatever.
Today, the platform is said to have hundreds of thousands of users, and its popularity seems to be growing with humans looking for love.
But the founders discovered that it also attracted a second set of people, humans looking for money, aka romance scammers. So what do you do, right, if you're one of these guys?
Well, they decided to write an algorithm based on dodgy scammer behavior so they could identify someone saying, well, you're up to no good the way you've created this account.
Does this involve AI? Of course it does. Of course it does. So they would identify these dodgy accounts and delete them.
They kept deleting these profiles and every scammer they cut down, another 5 would pop up, Medusa style, right?
So they decided to create a private pool of thousands of bots that were using deep learning GPT-3 to create bots that interact just like real people.
And they tied these interactions with human-like faces to create bot profiles.
And then they threw in the scammer accounts that they had identified into this pool of bots to see what would happen.
So often stories of romance scammers open with a devastating story don't they? But there's another victim of the romance scam, and that's the online dating service itself.
So there's this startup called Filter Off, okay? And this is a video-first dating app. That's what they call themselves. So they launched at the beginning of COVID lockdowns, right?
The startup with just 3 people.
And the platform obviously took off during lockdown because it would host virtual speed dating events, you know, around various topics maybe Harry Potter or Dog Lovers Night, New York City date night, whatever.
Today, the platform is said to have hundreds of thousands of users, and its popularity seems to be growing with humans looking for love.
But the founders discovered that it also attracted a second set of people, humans looking for money, aka romance scammers. So what do you do, right, if you're one of these guys?
Well, they decided to write an algorithm based on dodgy scammer behavior so they could identify someone saying, well, you're up to no good the way you've created this account.
Does this involve AI? Of course it does. Of course it does. So they would identify these dodgy accounts and delete them.
They kept deleting these profiles and every scammer they cut down, another 5 would pop up, Medusa style, right?
So they decided to create a private pool of thousands of bots that were using deep learning GPT-3 to create bots that interact just like real people.
And they tied these interactions with human-like faces to create bot profiles.
And then they threw in the scammer accounts that they had identified into this pool of bots to see what would happen.
Oh, I see. So they created fake people on their dating site.
Thousands of them.
Thousands of them to lure the scammers.
In a secret pool. They're not sitting there out in the open. Oh, you know, it's a secret pool. So no, if I were going on there looking for love, right, I would not be shown into that.
If they identified you as a scammer, for example, on their site, they would just throw you into this pool with lots of bots and other scammers to see what would happen.
If they identified you as a scammer, for example, on their site, they would just throw you into this pool with lots of bots and other scammers to see what would happen.
And also to keep you busy rather than you creating a new account.
Exactly. Ah, I see. So do they sell tickets for this? This sounds amazing.
Well, the product marketing head wrote an article about their findings on Medium. And he said it delivered 3 amazing things for us. One, our bots sounded like humans, kinda, he says.
The scammers had no clue they had been detected. And we received a series of hilarious bot plus scammer conversations. And you two, my friends, are gonna act one out for us.
So, you will see it's called Banana, okay? And Mark, I would like you to be Maurice. The scammer, or the purported scammer. Okay.
And Graham, you're gonna be Bot, and your text is on the right, if you see that. Oh, okay. Okay? So, I leave it to you guys. Please, act one, Banana.
The scammers had no clue they had been detected. And we received a series of hilarious bot plus scammer conversations. And you two, my friends, are gonna act one out for us.
So, you will see it's called Banana, okay? And Mark, I would like you to be Maurice. The scammer, or the purported scammer. Okay.
And Graham, you're gonna be Bot, and your text is on the right, if you see that. Oh, okay. Okay? So, I leave it to you guys. Please, act one, Banana.
Hello. Good morning. Nice to meet you. Hello.
It is nice to meet you too. Where are you from?
I am from. OK. How long have you been using this site? This is my first time here.
I have been using this site for a while now. I really enjoy it.
OK. I'm a banana. So, uh, what are you looking for?
I'm looking for someone to chat and get to know. OK. Are you married? Got any kids? Chiquita Banana. I am not married and I do not have any kids. Oh, OK. What do you do for a living?
I'm a banana.
I'm a banana.
Please, I don't understand this site. This is my first time here.
I don't know how it works.
What do you mean, a banana? I am a banana.
I am a banana. Can we talk outside here? Chiquita Banana, sure, we can talk outside.
Give your email address.
Chiquita Banana. Can I 'Can I have your email address?' 'Chiquita Banana.' 'Hello?' 'Chiquita Banana.' So they don't act very human.
No, I can see how romance would flourish after this sort of conversation.
No, I can see how romance would flourish after this sort of conversation.
But it would keep you busy for a while, wouldn't it?
I've had worse chats on dating sites than this, to be honest.
Oh, God, poor you. The thing is, though, there's something very clever about this, right? Because the bot deflects, right? So they go, what's your last name? What's your email address?
All you reply is Chiquita Banana.
All you reply is Chiquita Banana.
It's indistinguishable from a real person. It's amazing.
Mark was trying to, you know, get your, you know, what was he trying to get? Your email address, find out if you could chat somewhere else. And you just were being a bit wacky.
So that might be a way to handle this kind of thing. If ever you feel like, you know, this isn't all right, just start nutballing them, you know?
So that might be a way to handle this kind of thing. If ever you feel like, you know, this isn't all right, just start nutballing them, you know?
Yeah, just throw out random truths.
Is it possible the scammers have also created a bot to interact with the bots from this particular dating site? Because I didn't find them particularly convincing either.
I was going to say the same thing. I'm supposed to believe that Morris is smooth-talking 69-year-olds with his fantastic lines like, what do you do for a living?
'Where do you live?' And here's my Gmail address. Wow.
'Where do you live?' And here's my Gmail address. Wow.
I have put tons of links in the show notes. You can go see, there's lots of little interactions. They've even done some YouTube videos of the interactions. You can see those. Ooh.
Yeah, no, it's quite fun.
And I have to, you know, hat tip the guerrilla marketing here that has been used for this, for FilterOff, because it's something, you know, guerrilla marketing is dear to my heart.
And I think this is a very clever approach and they're getting lots and lots of coverage. So well done, you guys.
Yeah, no, it's quite fun.
And I have to, you know, hat tip the guerrilla marketing here that has been used for this, for FilterOff, because it's something, you know, guerrilla marketing is dear to my heart.
And I think this is a very clever approach and they're getting lots and lots of coverage. So well done, you guys.
First time that dating sites had bots, of course.
Ashley Madison had all those fembots to try and lure people in, but they didn't think of sort of spinning it to say, oh, we're only trying to catch the scammers rather than trying to get new customers.
Ashley Madison had all those fembots to try and lure people in, but they didn't think of sort of spinning it to say, oh, we're only trying to catch the scammers rather than trying to get new customers.
Yeah, well, they didn't ringfence them either.
No, no, that's true. Yeah, yeah, the ringfencing is a good idea.
Well, the Ashley Madison customers were sort of self-ringfencing, weren't they?
Ringpacing, maybe. Anyway, Hakuna Matata, Chiquita Banana. Chiquita Banana. It means no worries.
Anyone who's listened to Smashing Security over the years will know that we believe that everyone, whether you're a single end user or a business, should use a password manager.
And the password manager we're recommending is Bitwarden.
Millions of users around the world, including many of the world's largest organizations, trust Bitwarden to protect their online information using a transparent, open-source approach to password management.
You can effortlessly manage all your passwords and logins backed by end-to-end 256-bit encryption.
And for the enterprises out there, Bitwarden recently added SCIM support, making it even easier to provision and manage users.
For password security you can trust, get started today with Bitwarden. Learn more at bitwarden.com/smashing.
Take security of your passwords and logins more seriously by visiting bitwarden.com/smashing. And thanks to Bitwarden, they're great folks for supporting the show.
Thanks this week to our sponsor SolCyber, who believe that it shouldn't just be the Fortune 500 that benefit from top-of-the-line cybersecurity.
They make managed security affordable and accessible to all small to medium-sized organizations. Check out SolCyber's foundational coverage services.
They include ransomware assessment and training, advanced email protection, endpoint detection and response, Active Directory abuse prevention and lateral movement detection, and 24/7 security operations center capability.
As a SolCyber Foundational customer, you also get access to expedited cyber insurance coverage and discounts of up to 30% off your premiums.
Mention Smashing Security and you'll get 1 month free for every 12 months you subscribe to SolCyber's foundational coverage services.
Visit smashingsecurity.com/soulcyber to learn more. That's smashingsecurity.com/s-o-l-c-y-b-e-r. And thanks to SolCyber for sponsoring the show.
Kolide sends employees important, timely, and relevant security recommendations for Linux, Mac, and Windows devices right inside Slack.
Kolide is perfect for organizations that care deeply about compliance and security, but don't want to get there by locking down devices to the point where they become unusable.
So instead of frustrating your employees, Kolide educates them about security and device management while directing them to fix important problems.
Sign up today by visiting smashingsecurity.com/kolide. That's smashingsecurity.com/kolide. K-O-L-I-D-E.
Enter your email when prompted, and you will receive a free Kolide goodie bag after your trial activates.
You can try Kolide with all of its features on an unlimited number of devices for free, no credit card required. Try it out at smashingsecurity.com/kolide.
That's smashingsecurity.com/kolide. And thanks to Kolide for supporting the show. And welcome back. Can you join us at our favorite part of the show?
The part of the show that we like to call Pick of the Week.
Anyone who's listened to Smashing Security over the years will know that we believe that everyone, whether you're a single end user or a business, should use a password manager.
And the password manager we're recommending is Bitwarden.
Millions of users around the world, including many of the world's largest organizations, trust Bitwarden to protect their online information using a transparent, open-source approach to password management.
You can effortlessly manage all your passwords and logins backed by end-to-end 256-bit encryption.
And for the enterprises out there, Bitwarden recently added SCIM support, making it even easier to provision and manage users.
For password security you can trust, get started today with Bitwarden. Learn more at bitwarden.com/smashing.
Take security of your passwords and logins more seriously by visiting bitwarden.com/smashing. And thanks to Bitwarden, they're great folks for supporting the show.
Thanks this week to our sponsor SolCyber, who believe that it shouldn't just be the Fortune 500 that benefit from top-of-the-line cybersecurity.
They make managed security affordable and accessible to all small to medium-sized organizations. Check out SolCyber's foundational coverage services.
They include ransomware assessment and training, advanced email protection, endpoint detection and response, Active Directory abuse prevention and lateral movement detection, and 24/7 security operations center capability.
As a SolCyber Foundational customer, you also get access to expedited cyber insurance coverage and discounts of up to 30% off your premiums.
Mention Smashing Security and you'll get 1 month free for every 12 months you subscribe to SolCyber's foundational coverage services.
Visit smashingsecurity.com/soulcyber to learn more. That's smashingsecurity.com/s-o-l-c-y-b-e-r. And thanks to SolCyber for sponsoring the show.
Kolide sends employees important, timely, and relevant security recommendations for Linux, Mac, and Windows devices right inside Slack.
Kolide is perfect for organizations that care deeply about compliance and security, but don't want to get there by locking down devices to the point where they become unusable.
So instead of frustrating your employees, Kolide educates them about security and device management while directing them to fix important problems.
Sign up today by visiting smashingsecurity.com/kolide. That's smashingsecurity.com/kolide. K-O-L-I-D-E.
Enter your email when prompted, and you will receive a free Kolide goodie bag after your trial activates.
You can try Kolide with all of its features on an unlimited number of devices for free, no credit card required. Try it out at smashingsecurity.com/kolide.
That's smashingsecurity.com/kolide. And thanks to Kolide for supporting the show. And welcome back. Can you join us at our favorite part of the show?
The part of the show that we like to call Pick of the Week.
Pick of the Week.
Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish.
It doesn't have to be security related necessarily. Better not be. Well, my Pick of the Week this week is not security related, at least not cybersecurity related.
It was a documentary which I watched, a documentary about an incident which happened in Gladbeck, Germany, and Bremen in August 1988.
I seem to be spending a lot of my time in this podcast back in the late 1980s. Two men robbed a bank. They took two hostages.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish.
It doesn't have to be security related necessarily. Better not be. Well, my Pick of the Week this week is not security related, at least not cybersecurity related.
It was a documentary which I watched, a documentary about an incident which happened in Gladbeck, Germany, and Bremen in August 1988.
I seem to be spending a lot of my time in this podcast back in the late 1980s. Two men robbed a bank. They took two hostages.
Were they friends of yours? No.
They embarked on an odyssey across West Germany. They picked up their girlfriend, hijacked a bus containing almost 30 people.
And this documentary is all about what happened, because most of this happened on TV. The reporters were in pursuit of this bus. They were injecting themselves into negotiations.
The police, quite frankly, seemed to have lost control and weren't really doing anything. And the media were just sort of chatting to the hostage takers.
They were doing live TV interviews. It is weird. For 3 days, the eyes and ears of all of Germany were glued to TV, live radio, newspapers, watching this.
And I thought, well, this makes for a rather interesting documentary. I will share this with our listeners as well. So I watched it on Netflix.
Now, I have to warn you about this documentary, is that if you go onto Netflix, you will get the most terrible American dubbing on the documentary.
It makes it completely unwatchable.
So what you need to do is not just put on subtitles, obviously, but you also need to change the language to the original German with English subtitles.
You do not want the American dubbing at all because it makes the whole documentary pointless.
But if you're prepared to read the subtitles and listen to it in German, it's a great documentary and fascinating thing which happened. Not necessarily a completely happy ending.
Let's put it mildly.
And this documentary is all about what happened, because most of this happened on TV. The reporters were in pursuit of this bus. They were injecting themselves into negotiations.
The police, quite frankly, seemed to have lost control and weren't really doing anything. And the media were just sort of chatting to the hostage takers.
They were doing live TV interviews. It is weird. For 3 days, the eyes and ears of all of Germany were glued to TV, live radio, newspapers, watching this.
And I thought, well, this makes for a rather interesting documentary. I will share this with our listeners as well. So I watched it on Netflix.
Now, I have to warn you about this documentary, is that if you go onto Netflix, you will get the most terrible American dubbing on the documentary.
It makes it completely unwatchable.
So what you need to do is not just put on subtitles, obviously, but you also need to change the language to the original German with English subtitles.
You do not want the American dubbing at all because it makes the whole documentary pointless.
But if you're prepared to read the subtitles and listen to it in German, it's a great documentary and fascinating thing which happened. Not necessarily a completely happy ending.
Let's put it mildly.
Is there any, what's it called, when you fall in love with your captor? Stockholm syndrome. Stockholm syndrome. I see. I remember this story.
I'm sure I've heard this on podcasts before this.
I'm sure I've heard this on podcasts before this.
I think it has been covered on podcasts before. Certainly, some of the people who were released early on in the process appear to have been slightly more.
I think if there was any Stockholm syndrome being exhibited, it was actually by the media who seemed to fall in love rather with the hostage-takers rather than the hostages themselves, who were obviously in a rather sticky pickle.
I think if there was any Stockholm syndrome being exhibited, it was actually by the media who seemed to fall in love rather with the hostage-takers rather than the hostages themselves, who were obviously in a rather sticky pickle.
I also seem to remember that Stockholm Syndrome was proven to not actually exist at all, and the findings of it are pretty shaky to begin with. So, erase that question. There you go.
There we go. Mark, what is your pick of the week?
My pick of the week is actually an organisation. So, you know I'm a bit fluffy and I like leaves and oxygen and animals and other things.
And I'm very, very fond of The Ocean Cleanup. I don't know if you've heard of them, but they're basically cleaning the ocean.
So you probably know that there are these giant plastic gyres in the ocean, in all the oceans in the world, where the plastic is gathered by the Coriolis effect.
Into these huge floating pools. And the biggest one is in the middle of the Pacific.
And The Ocean Cleanup are literally out there in the Pacific Ocean with their technology pulling hundreds of thousands of kilograms of plastic out of the ocean.
And they've been testing this.
And I'm very, very fond of The Ocean Cleanup. I don't know if you've heard of them, but they're basically cleaning the ocean.
So you probably know that there are these giant plastic gyres in the ocean, in all the oceans in the world, where the plastic is gathered by the Coriolis effect.
Into these huge floating pools. And the biggest one is in the middle of the Pacific.
And The Ocean Cleanup are literally out there in the Pacific Ocean with their technology pulling hundreds of thousands of kilograms of plastic out of the ocean.
And they've been testing this.
How do they not catch fish? That's what I want to know.
There's more to it than I could possibly describe. AI?
Is AI detecting the fish?
Well, there is AI involved, but the AI is in working out where they need to go to get the most plastic.
So in the beginning, what they thought— so it started off with the CEO, a guy called Boyan Slat. I think when he was 16, he came up with this idea of a floating coastline.
So you create an artificial beach, and the plastic basically washes up on this artificial beach that you float in the middle of the ocean.
And he thought they were going to need hundreds of these things. They modeled it all out. They thought they were going to need hundreds of these things.
And where they've got to now is they have a sort of a variation on that, which they tow behind a couple of enormous boats at very, very slow speed.
And this, it works, it works extremely well. And they're going to need a fleet of tens of these Ocean Cleanup vessels.
And with that fleet, they will be able to clean up most of the plastic from the Pacific Garbage Patch. And they've already started.
And they're, at the moment, they've only got the one. They've got the one device, and it's a test system, so it's not full-scale.
So they're now starting to test the larger-scale parts.
And they produce fantastic videos to explain what they're doing and how they're paying for it, why they go where they go, and how they use technology.
And it's just like a sort of Silicon Valley startup in the way that it approaches the problem, but it's actually trying to do something useful rather than something— Really useful.
Like really, yes, really useful. You know, they talk a lot about things like not catching fish and how they avoid bycatch and all that sort of thing.
And what they've done very, very recently is, because they're actually out there, actually pulling plastic out of the ocean, they can tell you what kind of plastic is in the ocean.
And what they've discovered most recently is that it's, I think it's something like 70 to 80% of it is fishing, fishing-related.
So it's nets and tubes for catching eels and things like that. So all this stuff that we hear about, you know.
It's great that we don't use plastic bags in supermarkets, and it's great that we don't use plastic straws with our drinks, but those are not the things filling up the oceans.
Those are the things washing up on the coastlines. So they come down the rivers and they wash out, and then they just come back up against the coastlines.
It's the stuff that's discarded at sea that ends up in these gyres.
And we only know that because there are actually people out there pulling it out of the ocean in such quantities that they can measure it. Anyway, so go support The Ocean Cleanup.
Very cool.
So in the beginning, what they thought— so it started off with the CEO, a guy called Boyan Slat. I think when he was 16, he came up with this idea of a floating coastline.
So you create an artificial beach, and the plastic basically washes up on this artificial beach that you float in the middle of the ocean.
And he thought they were going to need hundreds of these things. They modeled it all out. They thought they were going to need hundreds of these things.
And where they've got to now is they have a sort of a variation on that, which they tow behind a couple of enormous boats at very, very slow speed.
And this, it works, it works extremely well. And they're going to need a fleet of tens of these Ocean Cleanup vessels.
And with that fleet, they will be able to clean up most of the plastic from the Pacific Garbage Patch. And they've already started.
And they're, at the moment, they've only got the one. They've got the one device, and it's a test system, so it's not full-scale.
So they're now starting to test the larger-scale parts.
And they produce fantastic videos to explain what they're doing and how they're paying for it, why they go where they go, and how they use technology.
And it's just like a sort of Silicon Valley startup in the way that it approaches the problem, but it's actually trying to do something useful rather than something— Really useful.
Like really, yes, really useful. You know, they talk a lot about things like not catching fish and how they avoid bycatch and all that sort of thing.
And what they've done very, very recently is, because they're actually out there, actually pulling plastic out of the ocean, they can tell you what kind of plastic is in the ocean.
And what they've discovered most recently is that it's, I think it's something like 70 to 80% of it is fishing, fishing-related.
So it's nets and tubes for catching eels and things like that. So all this stuff that we hear about, you know.
It's great that we don't use plastic bags in supermarkets, and it's great that we don't use plastic straws with our drinks, but those are not the things filling up the oceans.
Those are the things washing up on the coastlines. So they come down the rivers and they wash out, and then they just come back up against the coastlines.
It's the stuff that's discarded at sea that ends up in these gyres.
And we only know that because there are actually people out there pulling it out of the ocean in such quantities that they can measure it. Anyway, so go support The Ocean Cleanup.
Very cool.
Yeah, no, excellent, excellent pick of the week. Really amazing. I've heard of them, but I'd never knew how they did it, you know. I never looked into it, but I will now.
Carole, what's your pick of the week?
So last week in the art world, there was a bit of a hoo-ha because a guy who won an art prize did not create his art. He had AI do it.
Oh yes, I remember.
Yeah. And there's been a bit of jabbering about AI-created image in the mainstream press as of late as well. There's DALL-E 2 and there's Craiyon spelled A-I-Y-O-N, right?
Where you get to give a prompt and the system will create an image based on it. So my pick of the week this week is Craiyon, C-R-A-I-Y-O-N, where you guys can go have a play.
Now, Graham and Mark, I gave a prompt. And these are the images that resulted. Can you guess what my prompt was?
Where you get to give a prompt and the system will create an image based on it. So my pick of the week this week is Craiyon, C-R-A-I-Y-O-N, where you guys can go have a play.
Now, Graham and Mark, I gave a prompt. And these are the images that resulted. Can you guess what my prompt was?
Okay, so I'm looking at a picture of a woman or girl, I'm not sure, wearing a pink top, eating a fairy cake, which is quite large, stuffing her mouth with this big frosty.
Can you recognise the person?
Is it my wife? I'm not sure. What's—
I'm glad you said that. So, I'll tell you my prompt. Liz Truss eating a giant cupcake of Europe.
Well, it absolutely nailed the cupcake bit. Of Europe?
I can see a cupcake. I don't see Europe so much.
Yeah. Not sure about the Liz Truss bit either. So I think what we're saying is that the AI knows as much about Liz Truss as we do. Exactly.
But you can have a lot of fun playing around with this. So the only— I would love you guys to play now, but it takes about 2 minutes for any image to generate.
So it's not very radio-friendly. But go have some fun. Maybe you can post some on TikTok Twitter and tag us.
So it's not very radio-friendly. But go have some fun. Maybe you can post some on TikTok Twitter and tag us.
You should share this picture on Twitter so other people can see Liz Truss eating a cake of Europe and see what they think.
Yes, giant cupcake of Europe, yeah.
Oh, I've just done Graham Cluley eating a banana. Is that what I look like?
I look forward to not seeing that.
It's like something from a David Cronenberg movie. Well, Graham, you know— It's really bad.
Now, listen, before we close, we had a competition last week and we had quite a few entries, dozens and dozens, in fact.
Some were great, some were rude, some were funny, some were hilariously bad. I loved every single one, so didn't know how to choose a winner.
So I put all the names on a bit of paper and put them into a sock and picked one out. So there you go. And the winner of last week's poem competition is Liv with the following poem.
Okay, you ready? Ahem. Security, impurity, and ingenuity. Smashingly dashing through content heavy. Served cleverly light, securely dumb. Smashing Security, I hope for more to come.
Pretty cute. Great. So congratulations, Liv. We'll be in touch this week about sending over your prize, an original watercolor in Miko's brand new book.
And a big shout out to every single one of you who took part, even Steen, who blatantly ignored the rules and sent us a massive 4-stanza poem.
Some were great, some were rude, some were funny, some were hilariously bad. I loved every single one, so didn't know how to choose a winner.
So I put all the names on a bit of paper and put them into a sock and picked one out. So there you go. And the winner of last week's poem competition is Liv with the following poem.
Okay, you ready? Ahem. Security, impurity, and ingenuity. Smashingly dashing through content heavy. Served cleverly light, securely dumb. Smashing Security, I hope for more to come.
Pretty cute. Great. So congratulations, Liv. We'll be in touch this week about sending over your prize, an original watercolor in Miko's brand new book.
And a big shout out to every single one of you who took part, even Steen, who blatantly ignored the rules and sent us a massive 4-stanza poem.
Which was quite obscene, as I remember.
Which was quite obscene. Yes. So there you go. You got a mention. There you are. Anyway, thank you very much for everyone taking part.
It was great fun. Loved it. Marvelous. And that just about wraps up the podcast this week. Mark, I'm sure lots of our listeners love to follow you online.
What's the best way for folks to do that?
What's the best way for folks to do that?
You can find me @MarkStockley on Twitter. Terrific.
And you can follow us on Twitter @SmashingSecurity, no G, Twitter allows to have a G. And we're also on Reddit in the Smashing Security subreddit.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Google Podcasts.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Google Podcasts.
And massive thank you to this episode's sponsors, Bitwarden, Kolide, and SolCyber. And of course, to our wonderful Patreon community. It's thanks to you all that this show is free.
For episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 287 episodes, check out smashingsecurity.com.
For episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 287 episodes, check out smashingsecurity.com.
Until next time, cheerio. Bye-bye.
Bye. Bye.
So have you seen these pictures of me eating a banana?
Oh, remember the second one? It's pretty— What? The final one has eyebrows.
It's really weird, isn't it? It's not terribly flattering.
It's very Francis Bacon.
Well, that's an insult to Francis Bacon. Sure, you know, no offence, but— Wow.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Mark Stockley:
Episode links:
- ‘The least safe day’: rollout of gun-detecting AI scanners in schools has been a ‘cluster,’ emails show – Motherboard.
- Gun detection AI the latest tech to make schools less safe – TechDirt.
- The unproven, invasive surveillance technology schools are using to monitor students – ProPublica.
- NYC Mayor considering a subway security system that can’t differentiate between a laptop and a handgun – Motherboard.
- Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire – Brian Krebs.
- USA vs Patrick McGovern-Allen (PDF) – Court Listener.
- Reports of romance scams hit record highs in 2021 – FTC.
- Meeting you was a fake: Investigating the increase in romance fraud during COVID-19 – Academic Research.
- This dating app fought scammers with bots… hilarity ensued – TechCrunch.
- She was 69. He Was Young, Hunky,,, and a Fraud – The Daily Beast.
- Gladbeck: The Hostage Crisis trailer – YouTube.
- Watch Gladbeck: The Hostage Crisis – Netflix.
- We flooded our dating app with bots… to scam scammers – Medium.
- Craiyon.
- Carole’s attempt to ask Craiyon to draw Liz Truss eating a giant cupcake of Europe.
- Is this Graham eating a banana? Crayon seems to think so.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- SolCyber – SolCyber delivers Fortune 500 level cybersecurity for small and medium-sized enterprises. If the bad guys aren’t being discriminating about who they’re attacking, how can you settle for anything less?
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky at @smashingsecurity.com, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Do you have a written copy of your shows? I cannot understand your accent but my hearing is not the greatest. Thank You, Kay