Former Prime Minister Boris Johnson wants to hand over his WhatsApp messages – or does he? And a couple of fun-loving girls from Aberdeen have come up with a sinister twist on sextortion scams.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley (from a mystery location) and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
It is claimed that he hasn't been able to hand over his WhatsApp messages because he can't remember the PIN code on his phone.
Perfect. How long did it take he and his lawyers to come up with that one? He just gives it to one of his lawyers and says, change my PIN code, change it now. I don't know what it is.
They could put me in a lie detector test. Let's go.
They could put me in a lie detector test. Let's go.
Smashing Security, episode 331: Boris Johnson's WhatsApps. And sextorting party girls with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 331. My name's Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 331. My name's Graham Cluley.
And I'm Carole Theriault.
Carole, here we are yet again. This time I'm at a mystery location.
Yes, you got your feet up and having a holiday, but Smashing Security keeps going every week.
Going, I'm somewhere, somewhere in Southern Europe. In the middle of a heat storm. I've never heard of heat storms before, but this is a heat storm that I am in.
And it, yeah, it's a bit clammy. It's a bit hot.
And it, yeah, it's a bit clammy. It's a bit hot.
Boo-hoo-hoo. You're on holiday in a hot Southern European— Should we just get the show on the road so you can go back to your virgin margaritas?
Go on then. Go ahead.
Okay. Before we kick off, let's thank this week's wonderful sponsors, Collide and Drata. It's their support that helps us give you this show for free.
Now, coming up in today's show, Graham, what do you got?
Now, coming up in today's show, Graham, what do you got?
I'm going to be talking telephones.
Telephones. And I'm going to see how a seemingly lucky happenstance turns into an utter nightmare. All this and much more coming up on this episode of Smashing Security.
Now, chums, in the United Kingdom, where I'm not speaking to you from—
Chum chum.
Oh, okay. Chum chum. Excuse me.
In the United Kingdom right now, there is an independent public inquiry going on into how this wonderful country responded to the COVID-19 pandemic and any lessons that we maybe could learn for the future from that.
In the United Kingdom right now, there is an independent public inquiry going on into how this wonderful country responded to the COVID-19 pandemic and any lessons that we maybe could learn for the future from that.
We were amazing. We suffered lockdown with a brave British face. No one complained.
No, no, there was no trouble at all.
No one broke the rules.
No one broke the rules at all. Apart from the people in power. Yes, apart from the Prime Minister and some others.
They just had a little party. Come on, they need to let their hair down.
Anyway, this inquiry, which was first announced by the then Prime Minister Boris Johnson in May 2021, if listeners have heard of him, it's now reached the public hearing stage.
So they're now taking evidence in public from, well, politicians and experts, public figures.
Some of these sessions have been televised and it's making for lots of newspaper headlines.
And, you know, basically we're trying to answer questions about what happened, when and why, and how we might be able to learn more in the future.
But behind the scenes, there's been a bit of a hoo-ha, largely because of the inquiry's attempts to gather information from the government about how it made its decisions and how it was communicating internally.
Specifically, I think they're really interested in decisions about the 3 national lockdowns which we had in the United Kingdom and how those decisions were made and various other things as well.
And the inquiry wants information, the communications which have been obviously going on inside the government between government officials.
So they're now taking evidence in public from, well, politicians and experts, public figures.
Some of these sessions have been televised and it's making for lots of newspaper headlines.
And, you know, basically we're trying to answer questions about what happened, when and why, and how we might be able to learn more in the future.
But behind the scenes, there's been a bit of a hoo-ha, largely because of the inquiry's attempts to gather information from the government about how it made its decisions and how it was communicating internally.
Specifically, I think they're really interested in decisions about the 3 national lockdowns which we had in the United Kingdom and how those decisions were made and various other things as well.
And the inquiry wants information, the communications which have been obviously going on inside the government between government officials.
And give me your emails.
Well, yeah, not just emails actually, also you know, could be instant messages, could be WhatsApps, for instance, which are being communicated.
Because surprisingly, a lot of MPs, a lot of government officials use WhatsApp. Hopefully they're not using TikTok so much.
They seem to be very against TikTok, but they seem comfortable using WhatsApp to communicate.
And some of the information which they're trying to get hold of, it belongs to the former Prime Minister himself, Boris Johnson.
They're after his unredacted notebooks, diaries and WhatsApp messages from his time in Downing Street.
Because surprisingly, a lot of MPs, a lot of government officials use WhatsApp. Hopefully they're not using TikTok so much.
They seem to be very against TikTok, but they seem comfortable using WhatsApp to communicate.
And some of the information which they're trying to get hold of, it belongs to the former Prime Minister himself, Boris Johnson.
They're after his unredacted notebooks, diaries and WhatsApp messages from his time in Downing Street.
That's so weird. You know, I worked for a CEO once who wrote everything down, didn't use computers, even though we worked in a technology firm.
And I was teasing him one day and I said, show me one of those books, show me one of those books. He goes, grab any one you want. And I opened it up and I couldn't read anything.
It was gibberish because he had his own code.
And I was teasing him one day and I said, show me one of those books, show me one of those books. He goes, grab any one you want. And I opened it up and I couldn't read anything.
It was gibberish because he had his own code.
What?
Wasn't shorthand. He had his own code.
He was writing things down in real time in his own code?
In his own kind of weird Morse code, whatever, gibberish, Pig Latin, whatever combination of weird stuff he knew how to do that I, at a quick glance, couldn't suss, right?
But the idea was to keep it super, super locked down. So I wonder if Boris Johnson did that in his little book.
But the idea was to keep it super, super locked down. So I wonder if Boris Johnson did that in his little book.
You may be crediting him with too much. I wonder, he probably was doing doodles rather than actually making notes, I suspect. Sort of adolescent drawings instead.
That's what I do. Well, anyway, I suppose I'm not Prime Minister though, so yeah.
I'm a big doodler, and heavens, if I were ever Prime Minister, what a disaster I'd make of the job, to be honest.
I'd export myself.
Right.
Anyway, so there have been concerns about whether this information should be handed over to the inquiry, because obviously there's private communications which may happen which may be embarrassing to the figures concerned.
Anyway, so there have been concerns about whether this information should be handed over to the inquiry, because obviously there's private communications which may happen which may be embarrassing to the figures concerned.
No, I'm sure there isn't. Come on.
Can you imagine? I mean, Boris Johnson's WhatsApps, which he may have been sending to all manner of different people, which he wouldn't necessarily want public.
I think the thing is that even if they were handed unredacted over to the inquiry, it doesn't mean necessarily that they will then be made public.
I would imagine things would then be redacted before they were made public if they weren't relevant, or if they felt that they didn't add anything to the inquiry.
I think the thing is that even if they were handed unredacted over to the inquiry, it doesn't mean necessarily that they will then be made public.
I would imagine things would then be redacted before they were made public if they weren't relevant, or if they felt that they didn't add anything to the inquiry.
I'm guessing they would just have the WhatsApp group, not all of his WhatsApp chats around, you know, with everybody.
It's not like they want to know what he and his 13 wives or whatever, how many ex-wives and children he has, but—
It's not like they want to know what he and his 13 wives or whatever, how many ex-wives and children he has, but—
And mistresses. Yes, I mean, I think it's not just the WhatsApp groups they're interested in.
There would be one-on-one communications because sometimes he might want to— I remember there was the leaking of WhatsApp communications between Boris Johnson and James Dyson, the entrepreneur who makes those hoovers and was claiming he could— I don't know this.
Oh yes, he was claiming he could make ventilators to help with COVID and they sort of came out into the press.
And again, you know, sort of questions as to were these really authorised channels?
And I think it's very important for politicians if they're communicating to avoid the image of maybe being underhand, it's important all these things get documented so there's transparency, so you avoid any possible interpretation of wrongdoing which might be happening.
But of course, if you're using an unofficial communication system such as WhatsApp rather than government-supplied email addresses, for instance, there could be all manner of things going on.
Anyway, anyway, anyway.
So thereafter, Boris Johnson's notebooks, his diaries, and his WhatsApp messages— his WhatsApp messages which I'm interested in— and the government itself— so this is the current government— they took the issue to court and they tried to block the inquiry from gathering these WhatsApp messages from Boris Johnson.
Now, my guess is they were actually worried about the precedent which would be set, because if they had to give the communications from a former prime minister, in the future the current prime minister may have to share his private WhatsApp messages as well.
And they've—
There would be one-on-one communications because sometimes he might want to— I remember there was the leaking of WhatsApp communications between Boris Johnson and James Dyson, the entrepreneur who makes those hoovers and was claiming he could— I don't know this.
Oh yes, he was claiming he could make ventilators to help with COVID and they sort of came out into the press.
And again, you know, sort of questions as to were these really authorised channels?
And I think it's very important for politicians if they're communicating to avoid the image of maybe being underhand, it's important all these things get documented so there's transparency, so you avoid any possible interpretation of wrongdoing which might be happening.
But of course, if you're using an unofficial communication system such as WhatsApp rather than government-supplied email addresses, for instance, there could be all manner of things going on.
Anyway, anyway, anyway.
So thereafter, Boris Johnson's notebooks, his diaries, and his WhatsApp messages— his WhatsApp messages which I'm interested in— and the government itself— so this is the current government— they took the issue to court and they tried to block the inquiry from gathering these WhatsApp messages from Boris Johnson.
Now, my guess is they were actually worried about the precedent which would be set, because if they had to give the communications from a former prime minister, in the future the current prime minister may have to share his private WhatsApp messages as well.
And they've—
How does your mind, man. That would never occur to me.
Well, that's probably why you're not Prime Minister, Carole.
Right.
So recently, the High Court actually compelled them. They ordered them to comply, and they gave them a deadline of earlier this month to cough up all the data.
And the UK government's been kicking up a stink about this. Then Boris Johnson said, well, I'm happy sharing all of my information.
Because I think Boris Johnson, and again, maybe you'll think I'm being too political about this, I think Boris Johnson was thinking, if I hand over all of my information, that's going to derail the current Prime Minister.
It's not that Johnson can do any worse damage to his image, but he could maybe scupper that of Rishi Sunak by saying, well, I'm going to hand over my information.
And the UK government's been kicking up a stink about this. Then Boris Johnson said, well, I'm happy sharing all of my information.
Because I think Boris Johnson, and again, maybe you'll think I'm being too political about this, I think Boris Johnson was thinking, if I hand over all of my information, that's going to derail the current Prime Minister.
It's not that Johnson can do any worse damage to his image, but he could maybe scupper that of Rishi Sunak by saying, well, I'm going to hand over my information.
Why would he want to do that?
Because he hates Rishi Sunak. Because he blames Rishi Sunak and some others for his downfall. That's why.
You have to remember some of our listeners don't live in the UK.
That's true. That's true. That's true.
Don't know all these things.
So anyway, this is my theory anyway. So, despite Johnson's promises of handing over the WhatsApp messages, he still didn't share his WhatsApp messages.
And why was that, you're wondering, Carole?
And why was that, you're wondering, Carole?
Probably because he's completely inappropriate about 5 out of 6 times.
Probably.
Probably reads more entertainingly than the Private Eye little vignettes that they do. Yeah.
Oh, can you imagine? Because of course, Matt Hancock, who was the Health Secretary who ended up losing his job because he broke COVID rules by having an extramarital entanglement.
Outrageous. Yeah.
His biographer, the person who was writing his COVID diaries, he gave this person all of his WhatsApp messages and she then leaks them to the papers.
You know, it's the woman he'd written this book with, which has done lots of damage to his reputation as well.
Anyway, yes, lots of reasons why Johnson may not want his messages leaking out. For instance, how many times has he posted a happy birthday from dad message to one of his children?
That'd be very useful to know how many of those messages there were a year, because then you'd know how many kids he had. But so there's all sorts of reasons.
The reason it is claimed that he hasn't been able to hand over his WhatsApp messages is because he can't remember the PIN code on his phone.
You know, it's the woman he'd written this book with, which has done lots of damage to his reputation as well.
Anyway, yes, lots of reasons why Johnson may not want his messages leaking out. For instance, how many times has he posted a happy birthday from dad message to one of his children?
That'd be very useful to know how many of those messages there were a year, because then you'd know how many kids he had. But so there's all sorts of reasons.
The reason it is claimed that he hasn't been able to hand over his WhatsApp messages is because he can't remember the PIN code on his phone.
Perfect. Perfect. How long did it take he and his lawyers to come up with that one? He just gives it to one of his lawyers and says, change my PIN code. Change it now.
Change it to something else. I don't know what it is. They could put me in a lie detector test. Let's go. I'm ready.
Change it to something else. I don't know what it is. They could put me in a lie detector test. Let's go. I'm ready.
What a buffoon.
So, the central thing, central device in this case is Johnson's smartphone, or rather his old smartphone, because in May 2021, he changed his smartphone after it was discovered that he, Boris Johnson, at the time the Prime Minister, he had left his phone number, his personal mobile phone number in the public domain on the end of a press release he issued 15 years earlier.
For 15 years, his phone number was available to read on the web.
And this was discovered by Pop Bitch, which is a salacious email newsletter which I subscribe to for my celebrity gossip. They found it.
So he'd posted this when he was MP for Henley. Anyone could call him up. Anyone could add Boris Johnson, the Prime Minister, to a WhatsApp group.
Anyone could send him a WhatsApp message, which leads to all kinds of potential problems.
Not only allegations of corruption and so forth, and why have you been speaking to so-and-so, and all those sort of situations which clearly have bedeviled him over the years.
But also, what about state-sponsored hacking, where we know groups for instance, the Saudi regime have sent messages to people's smartphones, to other leading people's smartphones, in order to infect them and to spy upon them.
And bloody Boris Johnson's mobile number— I can't believe that the intelligence services didn't insist he changed his mobile number when he became Foreign Secretary or Prime Minister.
So, the central thing, central device in this case is Johnson's smartphone, or rather his old smartphone, because in May 2021, he changed his smartphone after it was discovered that he, Boris Johnson, at the time the Prime Minister, he had left his phone number, his personal mobile phone number in the public domain on the end of a press release he issued 15 years earlier.
For 15 years, his phone number was available to read on the web.
And this was discovered by Pop Bitch, which is a salacious email newsletter which I subscribe to for my celebrity gossip. They found it.
So he'd posted this when he was MP for Henley. Anyone could call him up. Anyone could add Boris Johnson, the Prime Minister, to a WhatsApp group.
Anyone could send him a WhatsApp message, which leads to all kinds of potential problems.
Not only allegations of corruption and so forth, and why have you been speaking to so-and-so, and all those sort of situations which clearly have bedeviled him over the years.
But also, what about state-sponsored hacking, where we know groups for instance, the Saudi regime have sent messages to people's smartphones, to other leading people's smartphones, in order to infect them and to spy upon them.
And bloody Boris Johnson's mobile number— I can't believe that the intelligence services didn't insist he changed his mobile number when he became Foreign Secretary or Prime Minister.
It is surprising, that, isn't it? But I guess you're, look, I know a lot of people. I'm in a lot of people's contact lists.
Well, of course. I mean, but again, Carole, you're not Prime Minister, right? You're not Foreign Secretary.
And maybe the intelligence services should do something about this because you know, it's astonishing intelligence services didn't insist on that.
And maybe the intelligence services should do something about this because you know, it's astonishing intelligence services didn't insist on that.
Can you imagine if you're, you know, in the intelligence services and he's your prime minister and you have to try and wrangle him in? Think about it. Come on.
Oh, it would have been difficult, without a doubt. Yeah. I mean, it's getting your CEO to change his behavior.
I think they probably tried. I'm just going to give them the benefit of the doubt here.
And he refused.
And he just acted a fucking buffoon. Probably didn't remember his— oh, I don't know where I live.
I think the one thing we can be certain of is he hopefully does know where he lives if he's Prime Minister. If not, then we've really got trouble, right?
That address is one even I know, so it should be something that's—
That address is one even I know, so it should be something that's—
You could ask anyone in the street. Exactly.
The UK's intelligence agency should have had a real problem there. Other countries' intelligence agencies were probably absolutely fine with it.
They loved it that they had this number.
I'm not saying that there weren't ways for them to find it out otherwise, but it seems bizarre to keep the same phone number for that length of time.
So at the time when Popbitch revealed his phone number, May 2021, Johnson reportedly turned off his phone, switched numbers, got a new phone.
It became a security issue, even though the government at the time said, oh, it's not that much of a problem.
He now says he doesn't remember the number, the PIN code, with, quote, 100% confidence.
And so because he's not able to say confidently, this is the PIN code on my phone, as if it's not the one he uses on his current phone as well— I'm sure he uses the same PIN code— because he doesn't have that confidence, the authorities have been nervous of unlocking his phone in case the entire phone gets wiped if they make the mistake too long.
Or imagine if they said to Boris, right, Boris, could you just unlock your phone? And there he is deliberately putting in the wrong number. In order to delete the data.
They loved it that they had this number.
I'm not saying that there weren't ways for them to find it out otherwise, but it seems bizarre to keep the same phone number for that length of time.
So at the time when Popbitch revealed his phone number, May 2021, Johnson reportedly turned off his phone, switched numbers, got a new phone.
It became a security issue, even though the government at the time said, oh, it's not that much of a problem.
He now says he doesn't remember the number, the PIN code, with, quote, 100% confidence.
And so because he's not able to say confidently, this is the PIN code on my phone, as if it's not the one he uses on his current phone as well— I'm sure he uses the same PIN code— because he doesn't have that confidence, the authorities have been nervous of unlocking his phone in case the entire phone gets wiped if they make the mistake too long.
Or imagine if they said to Boris, right, Boris, could you just unlock your phone? And there he is deliberately putting in the wrong number. In order to delete the data.
You see, yeah, okay. I don't have a problem with deleting data. I would just be like, okay, bye WhatsApp, later.
Well, yeah, but this is pertinent communications by—
Yeah, but he's not Prime Minister anymore.
No, not anymore, but these are communications from when he was Prime Minister.
He shouldn't have access to them, should he?
Oh, that's an interesting point. They should have had a— I mean, what, did they not have a backup of this phone as well? I mean, was WhatsApp not doing a backup?
I don't know, all kinds of questions. Anyway, COVID-bereaved campaigners, they describe this as a complete joke.
They've been saying, look, surely security officials can break into this bloody phone. Surely there's a backup. Surely there's some way of finding out the PIN.
And now it's claimed a source close to the government says the government has found, quote, its own version of the PIN. They're now saying they can unlock this phone.
I don't know what their own version of this PIN, of the PIN, means. I mean, surely it is the PIN or it isn't the PIN. But they're saying now they have got a version of the PIN.
Which means they are able to open the messages.
I don't know, all kinds of questions. Anyway, COVID-bereaved campaigners, they describe this as a complete joke.
They've been saying, look, surely security officials can break into this bloody phone. Surely there's a backup. Surely there's some way of finding out the PIN.
And now it's claimed a source close to the government says the government has found, quote, its own version of the PIN. They're now saying they can unlock this phone.
I don't know what their own version of this PIN, of the PIN, means. I mean, surely it is the PIN or it isn't the PIN. But they're saying now they have got a version of the PIN.
Which means they are able to open the messages.
A version?
Yes. I don't understand it either, Carole.
It's a master key. That sounds like a master key, doesn't it?
It does sound like MI5, maybe.
Yeah.
Have found some other way of getting in. I'm not sure. But anyway, they say that they can get in. So it does appear as though maybe the messages could be handed over to the inquiry.
Now, curiously, the other little sort of addendum to this whole story is that Times is saying, but actually the device was last accessed in December 2021.
Do you remember when Boris Johnson and his wife Carrie, they were in trouble about the funding of the refurbishment of their flat? They'd got some extremely expensive wallpaper.
Now, curiously, the other little sort of addendum to this whole story is that Times is saying, but actually the device was last accessed in December 2021.
Do you remember when Boris Johnson and his wife Carrie, they were in trouble about the funding of the refurbishment of their flat? They'd got some extremely expensive wallpaper.
Yes. Yeah, or curtains or something. Yes.
And so there was an investigation into that.
And so at the time, Johnson had said, well, you know, go and check my WhatsApp messages as to what I asked for and what the quality of wallpaper was.
So apparently it was accessed then. So whether he temporarily remembered the PIN code with 100% confidence or not is unclear or not. So a little bit of a niggle.
And so at the time, Johnson had said, well, you know, go and check my WhatsApp messages as to what I asked for and what the quality of wallpaper was.
So apparently it was accessed then. So whether he temporarily remembered the PIN code with 100% confidence or not is unclear or not. So a little bit of a niggle.
Or he hadn't changed his PIN code, just like he hadn't changed his phone number.
I mean, seriously, it's going to be 1, 2, 3, 4 or something, isn't it? It's not going to be a complicated one.
Oh no, it's going to be 69. 69, of course.
Oh God. Carole, what's your story for us this week?
Well, you know that we're old, right?
Speak for yourself.
And I'm going to tell you how I know we are old.
Because when I see young women walking around with spray tans and lip fillers and enough slap that you could ice a cake with, I kind of shudder, right? For me, it's just too much.
It freaks me out. But maybe that's the point, because it's not supposed to be appealing to me because I'm of a completely different generation. Do you know what I mean?
Do you know the look I mean?
Because when I see young women walking around with spray tans and lip fillers and enough slap that you could ice a cake with, I kind of shudder, right? For me, it's just too much.
It freaks me out. But maybe that's the point, because it's not supposed to be appealing to me because I'm of a completely different generation. Do you know what I mean?
Do you know the look I mean?
Well, it's a fashion thing, isn't it? I mean, back in the 1700s, men wore lots of slap and a great big curly wig.
Sure, sure. But I'm still alive. I'm still alive, right? I'm still here, right?
Yes, just about, girl, just about.
So look, I've put a picture in the show notes of the kind of look.
Yes, yes, ah, yes, it's a bit Kardashian or a Katie Price-Jordan thing, isn't it? Yeah, big lips and a lot of makeup. And yeah, okay, I get you.
Yeah, well, you know, if they like it, if they like it, I say go ahead.
Yeah, well, you know, if they like it, if they like it, I say go ahead.
Sure, totally do your thing. I'm just saying it's not for me.
And this is how the Times reported that two beautiful young and, you know, Aberdeen hip to present themselves when they go out in the town.
And this is how the Times reported that two beautiful young and, you know, Aberdeen hip to present themselves when they go out in the town.
And Aberdeen hip?
Yeah, because they're from Aberdeen, right?
So they're, you know, oh, okay, okay. Yeah, right.
These girls lavish it up something fierce. So they have expensive handbags.
They hold parties at Aberdeen's swankiest hotel in the massive suite, footing the bar tab and even recreational drugs. Okay, this is Miss Lynch and Miss Rattray.
They were indeed rocking a high roller lifestyle, okay, by anyone's account.
But the thing is, as far as I know, these two young women didn't have high-powered jobs or come from dizzying amounts of money.
So they're 20-something, funding all the lipstick and the handbags and the glitz that you could dream of, which I know can be—
They hold parties at Aberdeen's swankiest hotel in the massive suite, footing the bar tab and even recreational drugs. Okay, this is Miss Lynch and Miss Rattray.
They were indeed rocking a high roller lifestyle, okay, by anyone's account.
But the thing is, as far as I know, these two young women didn't have high-powered jobs or come from dizzying amounts of money.
So they're 20-something, funding all the lipstick and the handbags and the glitz that you could dream of, which I know can be—
It can be very expensive. It can be. Yeah.
Yes. So how are they doing that? Let me put you out of your misery. Of course it's a scam, because this is Smashing Security and we love to unthread a scam, right?
So this is how it rolled, okay? They would hunt targets on the socials and find men that met their, you know, quote requirements.
One of their targets, for example, was a serving soldier, said the Times.
So this is how it rolled, okay? They would hunt targets on the socials and find men that met their, you know, quote requirements.
One of their targets, for example, was a serving soldier, said the Times.
Yes.
And it might start off with one of the targets saying online that it's my birthday today. And then one of these two women would reach out saying happy birthday.
And then, you know, it would just go from there. And if things got a little fun and steamy, these girls might even send this guy some explicit pics.
And then, you know, it would just go from there. And if things got a little fun and steamy, these girls might even send this guy some explicit pics.
Ooh, okay.
And that's not illegal, right? I mean, there's nothing wrong with one consenting adult sending another consenting adult a nudie pic, right?
Yeah. If they're both adults, I suppose. I suppose that's—
Yeah, right. And they decide to do that and who cares? Oh, I forgot to say that one of their tactics is that they then would tell the target, oh, by the way, I'm 15 years of age.
Oh, I'm unclear at this moment, right, whether they introduce themselves, say they're 15, and then say, hey, do you want to see some pics of me?
Oh, I'm unclear at this moment, right, whether they introduce themselves, say they're 15, and then say, hey, do you want to see some pics of me?
Right.
Or if they're having a chat with someone and offer to say pics, and the guy says, "Yeah, yeah, I'd love to see them," and after they ooh and ahh, they say, "Oh, by the way, I'm 15."
Yeah, so my guess would be that they hold back the 15 thing until there's been an exchange of photos, because then that would be extra leverage.
Exactly.
To scam someone, to say, "Unless you do this I'm going to report you," or "You're being the shit, mate."
Totally, totally, I guess. So anyway, the game plan was then to threaten to expose the target as a pedo or a cheater or whatever unless they coughed up some dosh, right?
And remember that these guys hadn't viewed pictures of underage girls at all, right? Because these women are in their 20s, right? But they certainly might have thought they had.
So that picture I showed you earlier, these are our two women that are involved in this scam. I seem to have a picture here of one of the images they would send.
Don't worry, listeners, this is not a dirty one.
This is one of the more innocent ones, but you can see how they have made themselves look a lot younger than they do when they go out on the town.
So they really try and youthify their pics.
And remember that these guys hadn't viewed pictures of underage girls at all, right? Because these women are in their 20s, right? But they certainly might have thought they had.
So that picture I showed you earlier, these are our two women that are involved in this scam. I seem to have a picture here of one of the images they would send.
Don't worry, listeners, this is not a dirty one.
This is one of the more innocent ones, but you can see how they have made themselves look a lot younger than they do when they go out on the town.
So they really try and youthify their pics.
Yeah. So it's a younger looking— I mean, the photograph you're showing me now, it could be of a 15-year-old girl, I suppose.
Yeah, yeah. But you know, the day when they go out, they certainly don't look like that. I'm just saying, there's a very big difference in the makeup happening here.
Yes, it ages them.
Yes, I think you're right, because I'm guessing when the two girls came up with the scam, they decided that it would be unlikely to be reported or found out because the targets would be petrified at the repercussions.
Yeah, it's all very Ashley Madison, isn't it? It's using shame as a driver to steal money.
Yes, it ages them.
Yes, I think you're right, because I'm guessing when the two girls came up with the scam, they decided that it would be unlikely to be reported or found out because the targets would be petrified at the repercussions.
Yeah, it's all very Ashley Madison, isn't it? It's using shame as a driver to steal money.
Well, yeah. People don't want to get into trouble and people also don't want to be embarrassed. Don't want to be put in an awkward position with their employer or with their family.
It's— yeah.
It's— yeah.
Yeah.
Or the police.
Yeah, quite. And this was the fun, fun game that these two women played, netting them more than £120,000. And scaring the bejesus out of their targets. So different targets.
£120,000?
£120,000?
Yep. Oh my goodness.
I think one of the girls had 8 charges against her and the other one had 5. So that's 13 targets, probably £120,000, so £10,000 a pop.
Wow. I mean, that's a huge amount.
That's my math here, but yeah, I agree. So, you know that there was a serving soldier I mentioned earlier, one of the targets, right?
The Times reports that one of the women texted him saying that "The shit I've got can ruin your life. You're a pedo, mate.
I will fuck you over." She told them that his army superiors would be informed if he didn't pay up. This is all according to The Times.
She also threatened to tell his family that he had been viewing pictures of underage girls. So he paid up, as many others did, to the tune of a few hundred K.
According to the sheriff, in one of the instances, the impact was quote "catastrophic on the victim."
The Times reports that one of the women texted him saying that "The shit I've got can ruin your life. You're a pedo, mate.
I will fuck you over." She told them that his army superiors would be informed if he didn't pay up. This is all according to The Times.
She also threatened to tell his family that he had been viewing pictures of underage girls. So he paid up, as many others did, to the tune of a few hundred K.
According to the sheriff, in one of the instances, the impact was quote "catastrophic on the victim."
Oh my God.
Of course it was. This is such an insidious scam. But the clincher is this: there's apparently no money left. They didn't bank it. They spent it running up bar tabs or handbags.
Handbags, recreational drugs. One of the women was found to have £5K worth of cocaine in her flat when the cops did their thing.
Handbags, recreational drugs. One of the women was found to have £5K worth of cocaine in her flat when the cops did their thing.
I suppose he didn't have to dust the place then.
And loads of lipsticks. And here's my problem, right? These are two attractive-looking young women, right? They have no problem sending nudie pictures of themselves to people.
So why don't they rock an OnlyFans account? But that's not illegal.
So why don't they rock an OnlyFans account? But that's not illegal.
You know what, Carole? That's a very good point. They could have done, couldn't they?
They could have legally sold pictures of themselves, admitted their own, their genuine adult age, and probably continued to make money.
But now, I mean, what's going to happen to them? Are they going to end up in jail, these people?
They could have legally sold pictures of themselves, admitted their own, their genuine adult age, and probably continued to make money.
But now, I mean, what's going to happen to them? Are they going to end up in jail, these people?
No, they haven't ended up in jail. They have a few hundred hours of community service. Yep.
Why aren't they in jail? They stole £120,000.
Yep. A few.
That's just— so are those people who lost the money, are they gonna—
Well, I don't know. I— okay, yeah, it's a big area, jail, right? Whether people actually incarcerated, reform.
Okay, you know, it's better that they have to sweep up cigarette butts off the street. I suppose that doesn't exist anymore. I have to pick up what— water bottles.
Okay, you know, it's better that they have to sweep up cigarette butts off the street. I suppose that doesn't exist anymore. I have to pick up what— water bottles.
Feels like they knew what they were doing, though. I don't like it. I'm not happy, right? I'm not a happy camper.
Well, yeah, don't accept, you know, sex pictures. Don't ask for them, I think is the answer.
No, well, I don't want to see pictures of anybody. Jeez.
If you work in security or IT and your company has Okta, this message is for you.
For the past few years, the majority of data breaches and hacks you read about have something in common. It's employees.
Hackers absolutely love exploiting hiding vulnerable employee devices and credentials. But imagine a world where only secure devices can access your cloud apps.
Here, credentials are useless to hackers, and you can manage every OS—even Linux—from a single dashboard.
Best of all, you can get employees to fix their own device security issues without creating more work for IT. The good news is you don't have to imagine this world.
You can just start using Kolide.
Kolide is a device trust solution for companies with Okta, and it makes sure that if a device is not trusted or secure, it can't log into your cloud apps.
Visit kolide.com/smashing to watch a demo and see how it works. That's k-o-l-i-d-e.com/smashing.
For the past few years, the majority of data breaches and hacks you read about have something in common. It's employees.
Hackers absolutely love exploiting hiding vulnerable employee devices and credentials. But imagine a world where only secure devices can access your cloud apps.
Here, credentials are useless to hackers, and you can manage every OS—even Linux—from a single dashboard.
Best of all, you can get employees to fix their own device security issues without creating more work for IT. The good news is you don't have to imagine this world.
You can just start using Kolide.
Kolide is a device trust solution for companies with Okta, and it makes sure that if a device is not trusted or secure, it can't log into your cloud apps.
Visit kolide.com/smashing to watch a demo and see how it works. That's k-o-l-i-d-e.com/smashing.
Any company can say they're trustworthy, but with this week's sponsor, Drata, you can prove it.
With over 14 frameworks including SOC 2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business.
Automated controls, over 75 integrations, and 24-hour monitoring keeps your company in compliance without manual work.
And with a new open API and plenty of customization, you can build your program your way. With over 360 5-star reviews, Drata is the highest-rated cloud compliance platform on G2.
Countless security professionals from companies like Notion, Lemonade, and Bamboo HR have shared how crucial it's been to have Drata as their trusted compliance partner.
So listeners of Smashing Security, you can get 10% off Drata and waived implementation fees at smashingsecurity.com/drata. That's smashingsecurity.com/drata.
And welcome back, and you join us for our favorite part of the show, the part of the show that we like to call Pick of the Week.
With over 14 frameworks including SOC 2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business.
Automated controls, over 75 integrations, and 24-hour monitoring keeps your company in compliance without manual work.
And with a new open API and plenty of customization, you can build your program your way. With over 360 5-star reviews, Drata is the highest-rated cloud compliance platform on G2.
Countless security professionals from companies like Notion, Lemonade, and Bamboo HR have shared how crucial it's been to have Drata as their trusted compliance partner.
So listeners of Smashing Security, you can get 10% off Drata and waived implementation fees at smashingsecurity.com/drata. That's smashingsecurity.com/drata.
And welcome back, and you join us for our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week.
Pick of the Week. Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security related necessarily. Better not be. Well, my pick of the week this week is not security related. My pick of the week this week is music related.
Or is it? Oh, okay. Interesting. Because, Carole, I am going to direct you to some videos made by a chap called Mario.
Now I'm going to pronounce his surname incorrectly, and I apologize for that. Mario Vinerov. Weinerreiver. Mario Weinerreiver. Yeah, listeners, find the link in the show notes.
Yeah, that'd probably be easiest. He has got a little channel where he has made a series of musicless music videos. What? Presses mute? So no, no, no.
He takes a music video, for instance, the classic Hello By Lionel Richie. Oh, a favourite. Yeah. Absolutely.
And what he does is he gets rid of the soundtrack and he adds his own sound effects as though it were the music video, but without any singing and without any music.
So there'll be the walking around or the creaking open of a door. Cute. Or a conversation or something like that. So I find them quite amusing and spectacularly awkward.
So there is, for instance, a live performance from 1964 on some TV show by the Rolling Stones where Mick Jagger is jumping around and going, woo, woo.
You know, you hear the occasional strum of, and the audience just watching in silence as they jiggle around trying to appear cool.
And without the music, they just look like a bunch of twats. Yeah. Which of course the Rolling Stones are. Hey! So, well, no, but you know, obviously, you know, really. Party boys.
All right. Okay. Anyway, so, Carole, check one out, see what you think.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security related necessarily. Better not be. Well, my pick of the week this week is not security related. My pick of the week this week is music related.
Or is it? Oh, okay. Interesting. Because, Carole, I am going to direct you to some videos made by a chap called Mario.
Now I'm going to pronounce his surname incorrectly, and I apologize for that. Mario Vinerov. Weinerreiver. Mario Weinerreiver. Yeah, listeners, find the link in the show notes.
Yeah, that'd probably be easiest. He has got a little channel where he has made a series of musicless music videos. What? Presses mute? So no, no, no.
He takes a music video, for instance, the classic Hello By Lionel Richie. Oh, a favourite. Yeah. Absolutely.
And what he does is he gets rid of the soundtrack and he adds his own sound effects as though it were the music video, but without any singing and without any music.
So there'll be the walking around or the creaking open of a door. Cute. Or a conversation or something like that. So I find them quite amusing and spectacularly awkward.
So there is, for instance, a live performance from 1964 on some TV show by the Rolling Stones where Mick Jagger is jumping around and going, woo, woo.
You know, you hear the occasional strum of, and the audience just watching in silence as they jiggle around trying to appear cool.
And without the music, they just look like a bunch of twats. Yeah. Which of course the Rolling Stones are. Hey! So, well, no, but you know, obviously, you know, really. Party boys.
All right. Okay. Anyway, so, Carole, check one out, see what you think.
I will. I will. I think it sounds fun. It's really good for a podcast too to be talking about this because— Well. Okay, Lionel Richie. I'm watching it now. I'm watching it now. Oh, God.
So the only word he says is hello, and everything else—
So the only word he says is hello, and everything else—
So you get all these sort of foley sound effects. This is good, Graham.
This is great. Listeners, run, run to your computers now.
Musicless Music Videos by Mario Weinreuther is my pick of the week.
Carole, what's your pick of the week? So my pick of the week was gonna be a TV show because I was chopping up a bunch of veggies yesterday. Okay.
And I wanted something mindless to focus on. So I put on "Traitors," the Australian version, right?
I don't even know if that's what it's actually called because I couldn't watch it because the host made me feel literally unwell.
Like I literally could not stand his manner so much that I couldn't even use it as background TV.
And I wanted something mindless to focus on. So I put on "Traitors," the Australian version, right?
I don't even know if that's what it's actually called because I couldn't watch it because the host made me feel literally unwell.
Like I literally could not stand his manner so much that I couldn't even use it as background TV.
Traitors is like the TV version of the parlour game Mafia, isn't it, basically? Yeah. Right.
Yeah. And there's a US version, there's a UK version, and now there's an Australian version. And yes. Yeah. So I'm not recommending that, but worry not, I have a podcast to recommend.
Of course I do. Oh, okay, good. Great. I think this would be up your street, Mr. Cluley. Once again, not an audio drama. Okay.
But an investigative piece from BBC Radio 4 podcast called Intrigue.
Of course I do. Oh, okay, good. Great. I think this would be up your street, Mr. Cluley. Once again, not an audio drama. Okay.
But an investigative piece from BBC Radio 4 podcast called Intrigue.
Oh, I haven't heard of this one.
Oh, it's good, it's good. So on the channel, if you search for Intrigue, you will see there's two seasons, right? Each one focuses on a different story.
They're about 10 episodes each. The first season is called Mayday, and it's about this unbelievable misinformation campaign involving the war in Syria.
Those trying to help the wounded. Okay, incredible story, incredible reporting.
And the second season is called Burning Sun, and it's how this seemingly super wholesome and lovely K-pop star, Jung Joon-young, kept quite a nasty, disgusting side of his from the public, and how a local journalist managed to expose him for what he really was.
Oh my goodness. It's like, it's pretty outrageous. It's not for the faint-hearted, right?
Okay, it was literally hard for me to listen to, but what a story and how well it was told, like intelligently, sensitively, amazingly.
It's done by the BBC journalist Chloe Hadjimatheou. So she does lots of kind of incredible feats of investigative journalism.
They're about 10 episodes each. The first season is called Mayday, and it's about this unbelievable misinformation campaign involving the war in Syria.
Those trying to help the wounded. Okay, incredible story, incredible reporting.
And the second season is called Burning Sun, and it's how this seemingly super wholesome and lovely K-pop star, Jung Joon-young, kept quite a nasty, disgusting side of his from the public, and how a local journalist managed to expose him for what he really was.
Oh my goodness. It's like, it's pretty outrageous. It's not for the faint-hearted, right?
Okay, it was literally hard for me to listen to, but what a story and how well it was told, like intelligently, sensitively, amazingly.
It's done by the BBC journalist Chloe Hadjimatheou. So she does lots of kind of incredible feats of investigative journalism.
The BBC, the BBC are really knocking it out of the park with podcasts, aren't they? They've got some terrific podcasts.
Yeah, they're awesome.
It's not just what they put out on the air, it's yeah, it's a good trove to treasure.
Yes. So British listeners, you can find it at BBC Sounds. You're looking for Intrigue. And of course, you can also find it wherever you get any of your podcasts.
But I think that the second one, what's it called? Burning Sun is now coming out week by week, but you can get the whole thing on BBC Sounds. So there you go.
That's my pick of the week.
But I think that the second one, what's it called? Burning Sun is now coming out week by week, but you can get the whole thing on BBC Sounds. So there you go.
That's my pick of the week.
Super. And that just about wraps up the show for this week. You can follow us on Twitter @SmashingSecurity. No G, Twitter won't allow us to have a G.
And we also have a Mastodon account. And look up the Smashing Security subreddit on Reddit as well. And don't forget to ensure you never miss another episode.
Follow Smashing Security in your favorite podcast apps such as Overcast, Spotify, and Apple Podcasts.
And we also have a Mastodon account. And look up the Smashing Security subreddit on Reddit as well. And don't forget to ensure you never miss another episode.
Follow Smashing Security in your favorite podcast apps such as Overcast, Spotify, and Apple Podcasts.
And huge thank you to this episode's sponsors, Kolide and Drata, and to our wonderful Patreon community. It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 330 episodes, check out smashingsecurity.com. Until next time, cheerio.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 330 episodes, check out smashingsecurity.com. Until next time, cheerio.
Bye-bye. Bye.
Well, you go back to the sweltering glorious heat in your mystery location in South Europe.
I'm going to jump in the pool, I think.
Oh, la-di-da for you.
Yeah, yeah, I need to chill out. I'm going straight into the pool. Well, not straight into the pool because it's bloody freezing there.
They don't I think they put ice cubes in the pool, so you have to edge yourself in slowly, but it feels good once you're in.
They don't I think they put ice cubes in the pool, so you have to edge yourself in slowly, but it feels good once you're in.
Okay. All right. Enjoy yourself.
I'll edit the show. Cheers. Bye. Bye.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Episode links:
- The UK Covid-19 Inquiry.
- Court orders ministers to hand Boris Johnson’s WhatsApps to Covid inquiry – The Guardian.
- Boris Johnson ‘has forgotten’ passcode for phone wanted by Covid inquiry – The Guardian.
- The Lockdown Files: Matt Hancock rejected expert advice on care home testing, WhatsApp messages reveal – The Telegraph.
- Boris Johnson’s Personal Phone Number Has Been Hiding in Plain Sight Online For 15 Years – Vice.
- Party girls netted £120,000 from terrified men in ‘sextortion’ scam -The Times.
- Exclusive: Women posed as underage girls to blackmail men out of nearly £122000 -Press and Journal.
- Musicless music video of Lionel Richie’s “Hello” – YouTube.
- Musicless music video of Rolling Stones performing live in 1964 – YouTube.
- Intrigue: Burning Sun – BBC podcast.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky at @smashingsecurity.com, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
