Razzlekhan, the self-proclaimed Crocodile of Wall Street, pleads guilty to the biggest crypto laundering scheme in history, and just how safe are you typing while on a Zoom call?
Meanwhile, Graham rants about public EV chargers.
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Why didn't you just go up to the main floor and do your business and then come back down?
Oh, well, Carole, you weren't there, right? If you're going to jump in with sensible suggestions at this point, it's too late.
I can't believe I've ever taken any advice from you in my life.
Smashing Security, Episode 334: Acoustic Attacks and the Tears of a Crypto Rapper with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security, Episode 334. My name's Graham Cluley.
Hello, hello, and welcome to Smashing Security, Episode 334. My name's Graham Cluley.
And I'm Carole Theriault.
Carole, great to have you with us once again, despite being on pastures far away. Still on your secret assignment?
Yes, I am still on my secret mission.
But the podcast stops for nothing.
Well, that was a bad decision, I think. But how about we get this show on the road and get back to our summer lifestyle?
Before we kick off, let's thank this week's wonderful sponsors, Collide and ClearVPN. It's their support that help us give you this show for free.
Now, coming up on today's show, Graham, what do you got?
Before we kick off, let's thank this week's wonderful sponsors, Collide and ClearVPN. It's their support that help us give you this show for free.
Now, coming up on today's show, Graham, what do you got?
TikTok tap tap tap.
Okay, that reveals nothing. And I'm going to tell you a tale about the tears of a rapper. All this and much more coming up on this episode of Smashing Security.
Tears of a rapper. Now, Chum Chum.
Yes, yes.
Have you ever been on a really boring work conference call? I wonder.
Oh no, no, no, no, no.
Never?
They are riveting.
All of them wonderful.
I look forward to them so much. Most people now whose life has moved to online Zooming and all this, it is a joy, don't you think?
Absolute joy. I love nothing more than the feeling of having my eyelids propped open on matchsticks and pretending to pay attention.
Because you sometimes get on these calls, but I remember being on calls in the past, which were literally all day with a great big team, and you'd be there and you just had to listen, waiting for your name to be mentioned and then, oh God, oh God, oh no.
And it'd be terrible if they mentioned your name at the end of the question rather than, Graham, I wonder if I could ask you, if they say blah, blah, blah, blah, blah, blah, is that right, Graham?
And it's, what? I don't know.
Because you sometimes get on these calls, but I remember being on calls in the past, which were literally all day with a great big team, and you'd be there and you just had to listen, waiting for your name to be mentioned and then, oh God, oh God, oh no.
And it'd be terrible if they mentioned your name at the end of the question rather than, Graham, I wonder if I could ask you, if they say blah, blah, blah, blah, blah, blah, is that right, Graham?
And it's, what? I don't know.
This is why that invention, the Suitsy, was so glorious because it gave you the appearance of wearing a suit when that was something pre-COVID, but it was actually a baby's, you know, whatever, baby's little thing.
So it's pretty bad, isn't it? And it is worse when it's on video because you have to appear as though you're listening rather than simply keeping an ear open for your name.
I don't know if you've heard about this. There's this new technology Nvidia Eye Contact.
So the guys at Nvidia have, they can now give you AI-powered eyeballs to ensure that you're always looking at the screen. So rather than, you know.
I don't know if you've heard about this. There's this new technology Nvidia Eye Contact.
So the guys at Nvidia have, they can now give you AI-powered eyeballs to ensure that you're always looking at the screen. So rather than, you know.
What do you mean AI-powered eyeballs?
So they change the video stream so that you appear to be looking down the webcam all the time rather than, you know, scratching your crotch or looking under the table or, you know, looking at your other screen where maybe you're playing Patience.
What, just the eyes stay there floating? As your head kind of bobs down to tie up your shoe.
Well, no, maybe not quite that. Maybe not quite that.
But they certainly give the appearance that you have perfect Zoom etiquette because you are looking down the camera all the time. It's all being done by technology.
Inevitably, if you are on a dull conference call and your colleagues are on it too, if your boss— it's normally the bosses who love to talk, isn't it?
It's normally them who just go on and on and on and on. Talking about something extremely tedious or making a sexist comment.
And, you know, they're just— suddenly you wake up from your slumber and you IM your other pals on the call saying, "Did you hear what that idiot just said?" So you make it— this is what I do.
But they certainly give the appearance that you have perfect Zoom etiquette because you are looking down the camera all the time. It's all being done by technology.
Inevitably, if you are on a dull conference call and your colleagues are on it too, if your boss— it's normally the bosses who love to talk, isn't it?
It's normally them who just go on and on and on and on. Talking about something extremely tedious or making a sexist comment.
And, you know, they're just— suddenly you wake up from your slumber and you IM your other pals on the call saying, "Did you hear what that idiot just said?" So you make it— this is what I do.
You were silly to do that because of course you were doing that on the company's systems. You're a lame-o.
But people do it, don't they? People might— or people might have a, you know, have their AOL chat or whatever, ICQ. They may have their own little private channel.
They may even be using Signal, who knows, where they're just chatting to their buddies saying, oh my God, can you believe that? Or, you know, your bit's coming up or whatever it is.
They may even be using Signal, who knows, where they're just chatting to their buddies saying, oh my God, can you believe that? Or, you know, your bit's coming up or whatever it is.
Yeah, like having a little private— I did this all the time. I once, my job was to try and make my favorite colleagues spew as they drank their tea.
So trying to time, because I could see them on the video about to take a sip of hot tea.
And then I would send them an outrageous text message or IM that would pop up on their screen. And then I would watch them almost turn and spill.
And that was my fun during those boring, boring conferences.
So trying to time, because I could see them on the video about to take a sip of hot tea.
And then I would send them an outrageous text message or IM that would pop up on their screen. And then I would watch them almost turn and spill.
And that was my fun during those boring, boring conferences.
Or put them off while they're actually talking by sending them something highly inappropriate.
So, well, Carole, take heed, beware, because some boffins at British universities have revealed that they have had success in stealing data from the sound of keyboard keystrokes.
In other words, if you are on a conference call and you are typing to your buddies, it is feasible that people could actually find out what you are typing, whether you're using Signal or IM or ICQ or Telegram or whatever it may be.
So, well, Carole, take heed, beware, because some boffins at British universities have revealed that they have had success in stealing data from the sound of keyboard keystrokes.
In other words, if you are on a conference call and you are typing to your buddies, it is feasible that people could actually find out what you are typing, whether you're using Signal or IM or ICQ or Telegram or whatever it may be.
Okay. I feel like we've flirted around, researchers have flirted around this area before.
They've done other things.
A number of years.
Yeah. There've been other things which have been done, astonishing number of different ways of stealing information.
We did speak, for instance, about the reflection of your screen in your eyeball as you appear on video conferencing and how researchers were able to steal information if you had a good enough quality webcam from the reflection in your screen.
There have been plenty of other ones as well. There have been ones where people have actually been able to gather data by watching the vibrations on the window.
So they might be able to hear the conversations which are going on. Oh, all kinds of things. But this, of course, is something that we all do all the time.
We're all using Zoom, we're all using Skype, we're all speaking to each other.
And these boffins at British universities, they're not just having some success in stealing data from the sound of keyboard keystrokes.
They reckon that with their deep learning model, which can steal data from these keystrokes recorded with a microphone, they have an accuracy rate of 95%.
And is this any keyboard, or is this you have to use the proprietary keyboard as designed by the researchers?
Any keyboard, including touch keyboards, not just the clackety-clack keyboards, other keyboards as well.
We did speak, for instance, about the reflection of your screen in your eyeball as you appear on video conferencing and how researchers were able to steal information if you had a good enough quality webcam from the reflection in your screen.
There have been plenty of other ones as well. There have been ones where people have actually been able to gather data by watching the vibrations on the window.
So they might be able to hear the conversations which are going on. Oh, all kinds of things. But this, of course, is something that we all do all the time.
We're all using Zoom, we're all using Skype, we're all speaking to each other.
And these boffins at British universities, they're not just having some success in stealing data from the sound of keyboard keystrokes.
They reckon that with their deep learning model, which can steal data from these keystrokes recorded with a microphone, they have an accuracy rate of 95%.
And is this any keyboard, or is this you have to use the proprietary keyboard as designed by the researchers?
Any keyboard, including touch keyboards, not just the clackety-clack keyboards, other keyboards as well.
Shut up.
For real. This means 95%.
I can't even have a chat affair anymore.
This means 95% accuracy, so 1 in every 20 characters will be incorrect. Only one in twenty.
So your passwords, your private discussions, your messages, other sensitive information can all be leaked to a malicious third party using this method.
And they say that it's likely to be even simpler now because of just how many devices have microphones in them capable of high-quality audio capture, because everyone's computer's got a microphone, everyone's phone has got a microphone.
People have got smart devices left, right, and centre. It's possible you've got a watch which has a microphone in it as well. All kinds of devices now have this.
So your passwords, your private discussions, your messages, other sensitive information can all be leaked to a malicious third party using this method.
And they say that it's likely to be even simpler now because of just how many devices have microphones in them capable of high-quality audio capture, because everyone's computer's got a microphone, everyone's phone has got a microphone.
People have got smart devices left, right, and centre. It's possible you've got a watch which has a microphone in it as well. All kinds of devices now have this.
Home assistants, all that.
Yeah, exactly. So let me tell you how it works.
The first step of the attack is to record keystrokes on the target's keyboard, as that data is then used to train the prediction algorithm.
The first step of the attack is to record keystrokes on the target's keyboard, as that data is then used to train the prediction algorithm.
So why not just install a keylogger at this point now?
Well, you need the sound as well.
When you say record, you mean audio record, have a microphone near the person who's typing away? Yeah. Yeah. Okay. Okay. Sorry.
Sorry. Sorry. Was that not clear? Yes, of course. So it's not normal sort of keyboard logging. This is keyboard recording. It's the audio recording. So it could be on a Zoom call.
It could be on Google Chat or whatever they call it and all those other things. So it can all be grabbed via a nearby microphone, which could be the microphone on the user's phone.
It could be the microphone on the desktop computer, and that might have been infected by malware that has access to microphone.
Or as I just said, it can be recorded through a Zoom call. So you could have someone who really wants to know what you're writing during meetings, Carole.
They have a Zoom call with you and they can then record you as you type.
It may be someone from HR wanting to know what you've been messaging someone else in the company during these very important company meetings.
And so HR say, "Hey, we've just got a little Zoom call with you, la la la la. We'd like you to fill in an online form.
Here's the link." And it asks you to type in various things, name, et cetera, et cetera. It's not asking for passwords necessarily.
They're asking you to complete a survey while they have the Zoom call.
And that way they learn what your keyboard sounds like, and they then put that into the deep learning model to train up their algorithm.
So it's like, this is how Carole's keyboard sounds.
It could be on Google Chat or whatever they call it and all those other things. So it can all be grabbed via a nearby microphone, which could be the microphone on the user's phone.
It could be the microphone on the desktop computer, and that might have been infected by malware that has access to microphone.
Or as I just said, it can be recorded through a Zoom call. So you could have someone who really wants to know what you're writing during meetings, Carole.
They have a Zoom call with you and they can then record you as you type.
It may be someone from HR wanting to know what you've been messaging someone else in the company during these very important company meetings.
And so HR say, "Hey, we've just got a little Zoom call with you, la la la la. We'd like you to fill in an online form.
Here's the link." And it asks you to type in various things, name, et cetera, et cetera. It's not asking for passwords necessarily.
They're asking you to complete a survey while they have the Zoom call.
And that way they learn what your keyboard sounds like, and they then put that into the deep learning model to train up their algorithm.
So it's like, this is how Carole's keyboard sounds.
When she's typing at it.
Yeah. And from that, because the recordings produce audio waveforms and spectrograms, I love that word, to train their system. And like I said, 95% accuracy.
That's 95% accuracy if it's done via smartphone, 93% from Zoom.
Skype is a bit lousier, audio capture than Zoom, a feeble 91.7% accuracy, but still, let's face it, still pretty good via Skype as well.
That's 95% accuracy if it's done via smartphone, 93% from Zoom.
Skype is a bit lousier, audio capture than Zoom, a feeble 91.7% accuracy, but still, let's face it, still pretty good via Skype as well.
I've just thought of a way to try and get around this.
Brilliant. Let's hear it.
Just play loads of audio of keyboard clacking of previous, of other people keyboard clacking all around to try and obfuscate, you know, needle in the haystack type thing.
Oh, Carole.
But if it's AI empowered, I'm sure they'll be able to figure out that pattern in no time flat. We're doomed.
Carole, you're a genius.
You're a genius because the researchers who came from Durham University, University of Surrey and Royal Holloway, one of the techniques, one of the mitigations they came up with was exactly what you suggested.
You're a genius because the researchers who came from Durham University, University of Surrey and Royal Holloway, one of the techniques, one of the mitigations they came up with was exactly what you suggested.
Well, there you go. Give me a degree.
Play random keyboard noises. The only problem was that they thought that random keyboard noises may be a little bit annoying, maybe somewhat distracting.
So they said that it could be a little bit annoying if you have to have click.
And of course, it may raise suspicions as to what's going on at your end if you would hear clack, clack, clack, clack, click, click, clack, click, click, clack while you're on your Zoom call.
So they had some other ideas. One was to mix the sound in. One was to play fake white noise, but apparently that's easier to remove than the fake keystroke noise.
Another idea they had as a defense was that they could warp the audio whenever it detected a key press. So the audio could go, "You could be talking like this." What?
Every time you do a keystroke to hide the keystroke. So, other tips which they gave. One is check a room for microphones, they said.
They suggest removing all smartphones, smartwatches, laptops, webcams, smart speakers from the room. I don't know why they didn't mention computers.
I don't think that's very practical. If you're going to be on a Zoom call, you're going to have some kind of device there, aren't you, with a microphone?
Otherwise you can't take part in the bloody— bloody students! These researchers who've come up with this research, it's a pathetic idea.
Another idea they had was mute your microphone every time you type something. Like, that won't be suspicious.
So they said that it could be a little bit annoying if you have to have click.
And of course, it may raise suspicions as to what's going on at your end if you would hear clack, clack, clack, clack, click, click, clack, click, click, clack while you're on your Zoom call.
So they had some other ideas. One was to mix the sound in. One was to play fake white noise, but apparently that's easier to remove than the fake keystroke noise.
Another idea they had as a defense was that they could warp the audio whenever it detected a key press. So the audio could go, "You could be talking like this." What?
Every time you do a keystroke to hide the keystroke. So, other tips which they gave. One is check a room for microphones, they said.
They suggest removing all smartphones, smartwatches, laptops, webcams, smart speakers from the room. I don't know why they didn't mention computers.
I don't think that's very practical. If you're going to be on a Zoom call, you're going to have some kind of device there, aren't you, with a microphone?
Otherwise you can't take part in the bloody— bloody students! These researchers who've come up with this research, it's a pathetic idea.
Another idea they had was mute your microphone every time you type something. Like, that won't be suspicious.
Or— It's not about suspicion. You'd be saying, I'm being extra vigilant.
Well, yeah, but sometimes it might be people in the workplace who are wondering what you're typing to each other. They also say, why not not type during the call?
Well, that's bloody genius, isn't it? Don't type anything. But sometimes you need to type something. You need to log into something to check something out.
Well, that's bloody genius, isn't it? Don't type anything. But sometimes you need to type something. You need to log into something to check something out.
Well, no, no, it doesn't matter really, if you're typing. I guess it becomes interesting when it becomes sensitive information.
Yes.
As opposed to rando, you know.
But sometimes it is. I mean, sometimes I've been on calls and people say, oh, could you just give me details that.
And I'm thinking, well I'll have to log in to my blah blah blah to look that up. And so I just say hang on a moment. Tick tock. And that isn't my actual password.
And I mean, and you know, and it may have been revealed.
And I'm thinking, well I'll have to log in to my blah blah blah to look that up. And so I just say hang on a moment. Tick tock. And that isn't my actual password.
And I mean, and you know, and it may have been revealed.
Okay. We just have to start talking every time we're typing, humming. Or scatting. Let's scat. Scat to obfuscate. That would be fun.
Ah, the scatological defense. Brilliant.
Irritating to your coworkers.
Why not? Trust you to come up with that solution.
It's brilliant.
Carole, what's your topic for us this week?
Okay, this is a bit of a big story because it spans a whole 7 years.
Oh, okay.
And we're going to start at the beginning.
Yes.
So we are in August 2016, and in 2016, in hot August, a Hong Kong-based bitcoin outfit called Bitfinex— this is where customers store their virtual currency, their bitcoins— and Bitfinex suffered massive hack.
Okay, so massive losses as a result of this. No way. They said they had a total of 120,000 bitcoin taken by a hacker.
Okay, so massive losses as a result of this. No way. They said they had a total of 120,000 bitcoin taken by a hacker.
Wow, that's quite a lot of cash.
It's huge. Yeah, that's quite a lot of cash.
When I started writing this story, I was doing all the, you know, the conversions, but of course conversions over a period of 7 years is ridiculous.
So we're going to try and talk in bitcoin.
When I started writing this story, I was doing all the, you know, the conversions, but of course conversions over a period of 7 years is ridiculous.
So we're going to try and talk in bitcoin.
Okay, okay.
So 120,000 bitcoin, we know that's a lot of wonga. Yes.
And they did this by initiating more 2,000 unauthorized transactions.
And what was— I mean, that's big in itself. That's huge. But what would Bitfinex do, right? So they in August made another announcement in August 2016.
They said that the impact of this hack, this huge loss, was going to be shared across the site's customers.
They said that the impact of this hack, this huge loss, was going to be shared across the site's customers.
Oh, that seems very reasonable, very democratic of them.
It's very interesting though. So effectively, it was a way to socialize the losses.
So in a statement on its website, Bitfinex said, we have decided to generalize losses across all accounts.
So at the time, they reported in a statement, upon logging into the platform, customers will see that they have experienced a generalized loss percentage of 36%.
So in a statement on its website, Bitfinex said, we have decided to generalize losses across all accounts.
So at the time, they reported in a statement, upon logging into the platform, customers will see that they have experienced a generalized loss percentage of 36%.
Wow.
That's huge, right?
That feels like—
Imagine that. I know it's a first-world problem for most, but still.
It feels quite tough, doesn't it?
Whereas you would normally expect the organization which had actually suffered the security breach maybe to say, OK, well, we're going to have to cover that ourselves, seeing as we appear to have lost all of this digital cash.
Whereas you would normally expect the organization which had actually suffered the security breach maybe to say, OK, well, we're going to have to cover that ourselves, seeing as we appear to have lost all of this digital cash.
You know, I think the customer was in a rock and a hard place because they probably wouldn't have got the money back anyway.
No.
Right. And or they would have defaulted and gone bust and there'd be no recourse.
So not everyone's account got plundered.
Well, they did have an interesting plan, though. So they said there's going to be a generalized loss of 36% across all accounts.
But it said, worry not, they were going to receive a BFX token equal to their personal losses.
So these tokens, the idea was they would eventually be exchanged either for repayment by Bitfinex or for shares in its parent company, iFinex Inc.
So it's an interesting way of trying to handle the situation.
But it said, worry not, they were going to receive a BFX token equal to their personal losses.
So these tokens, the idea was they would eventually be exchanged either for repayment by Bitfinex or for shares in its parent company, iFinex Inc.
So it's an interesting way of trying to handle the situation.
So you've lost 36% of your cryptocurrency investment, but what we have here is a magic bean, and you're going to carry this bean around with you.
Exactly.
And one day it might become a wonderful beanstalk.
And you'll be able to climb it to the world's riches.
All the way to the moon.
Yeah, I don't think I'd be very happy with that solution at the time, really.
No, not that happy, no.
So, okay, so let's park that and let's now fast forward from 2016 to February 2022. So this is 18 months ago.
Oh yeah.
And there was a huge Bitcoin story that hit the press that 94,000 Bitcoin, that's $4 billion. See, I didn't take it out of my story everywhere. Was seized by the U.S.
Department of Justice, the DOJ.
Department of Justice, the DOJ.
Yeah.
This was the largest confiscation of its kind. And at the time, it's huge, isn't it? It's massive.
Yeah, yeah.
And at the time, officials also announced that they charged two people with attempting to launder these stolen bitcoins.
Yes.
The same, the very same bitcoins that had been stolen from Bitfinex back in 2016.
So you might remember I said earlier it was 120,000 bitcoins that were stolen in the hack, and the DOJ seizure accounted for 94,000.
So that's quite close, you know, they've recovered quite a huge—
So you might remember I said earlier it was 120,000 bitcoins that were stolen in the hack, and the DOJ seizure accounted for 94,000.
So that's quite close, you know, they've recovered quite a huge—
Quite a big chunk of what was stolen. Yeah.
So the thing— the next question is, who are these people that they arrested?
They must be geniuses, right? They must be really nerdy genius crypto bros.
Yeah, really bright.
Yes.
Yeah. Well turned out.
Yeah. Yeah.
Well, they are a husband and wife team. And 18 months ago, back in 2022, the papers went wild when they learned the identity of this duo.
And I'm going to talk to you and introduce you to the missus here. This is Heather Morgan, born in Oregon, grew up in Tehama, California.
And according to Wikipedia, Morgan, who's now 31, was a columnist for Inc. and a Forbes contributor from 2017 to 2021.
In fact, in a June 2020 article she wrote for Forbes, it was titled "Experts Share Tips to Protect Your Business from Cybercriminals."
And I'm going to talk to you and introduce you to the missus here. This is Heather Morgan, born in Oregon, grew up in Tehama, California.
And according to Wikipedia, Morgan, who's now 31, was a columnist for Inc. and a Forbes contributor from 2017 to 2021.
In fact, in a June 2020 article she wrote for Forbes, it was titled "Experts Share Tips to Protect Your Business from Cybercriminals."
So she's an author writing for Forbes about how people can keep close track on their cryptocurrency investments to keep them out of the hands of hackers.
And she's been accused of—
And she's been accused of—
Well, she's been arrested.
She's been arrested. She's been arrested in connection with one of the biggest heists of bitcoin ever.
That's right. And so in articles published by Forbes, in these articles, she claims to be a successful tech businesswoman, calling herself— she lists herself out here.
She says economist, serial entrepreneur, software investor, and rapper. A rapper. And not just any old rapper, one that likes to use quite a lot of saucy expletives.
She says economist, serial entrepreneur, software investor, and rapper. A rapper. And not just any old rapper, one that likes to use quite a lot of saucy expletives.
Ooh.
"I'm a motherfucking bad bitch. Go on, make me a sandwich. You annoying like vag itch.
So lame, it's fucking tragic." Morgan produces rap videos under the stage name of, get this, Razzle Khan, apparently inspired by Genghis Khan.
And according to the BBC's Joe Tidy, friend of the show, she masqueraded as a rapper in order to evade police.
So lame, it's fucking tragic." Morgan produces rap videos under the stage name of, get this, Razzle Khan, apparently inspired by Genghis Khan.
And according to the BBC's Joe Tidy, friend of the show, she masqueraded as a rapper in order to evade police.
Because that's what you do, isn't it, if police are on your trail? You pretend to be a rapper because that foxes them every time. Now, I think I've seen a video by Ms. Razzlekhan.
She obviously must have spent some of her money on the production of these videos.
She obviously must have spent some of her money on the production of these videos.
High-value production.
Yeah.
And what I find, this is a little slice of irony pie here. And whilst trying to go undetected by the cops, some of her lyrics are a bit telltale.
One of them is, quote, "I'm a real risk taker, pirate riding the flood. I'm a badass moneymaker."
One of them is, quote, "I'm a real risk taker, pirate riding the flood. I'm a badass moneymaker."
I'm a Forbes contributor. Oh, hang on, that doesn't sound quite so cool, does it?
On her website, Morgan calls herself Razzle Khan, the Versace Bedouin, the raunchy rapper with more pizzazz than Genghis Khan. You can see how talented she is there with the rhymes.
And she writes, "Her art often resembles something in between an acid trip and a delightful nightmare." This is on her website.
"Raz likes to push the limits of what people are comfortable with. Her style has often been described as sexy horror comedy."
And she writes, "Her art often resembles something in between an acid trip and a delightful nightmare." This is on her website.
"Raz likes to push the limits of what people are comfortable with. Her style has often been described as sexy horror comedy."
Yeah, she sounds like Doris Day to me. Something like that. Yeah, I can picture it.
I was reading this article at the BBC, and I love this line from Joe Tidy. He quotes her and he's like, "Come real far but don't know where I'm headed.
Blindly following rules is for fools," she says, gyrating on Wall Street wearing sunglasses and wearing a leopard print scarf and shiny gold jacket. So you can just picture it.
And according to The Guardian, on top of doing these rap videos, she also offers DIY techniques and yaks lifestyle issues on Instagram and TikTok.
Blindly following rules is for fools," she says, gyrating on Wall Street wearing sunglasses and wearing a leopard print scarf and shiny gold jacket. So you can just picture it.
And according to The Guardian, on top of doing these rap videos, she also offers DIY techniques and yaks lifestyle issues on Instagram and TikTok.
So despite— other than being this urban rapper, she's a serial entrepreneur, remember that. She's also giving out DIY tips.
She calls herself the Turkish Martha Stewart or the Waffle Queen of Korea.
So busy girl, she sounds nationality challenged if she's Turkish and Bedouin and, you know, the world citizen of the world.
Anywho, rapper Razzle Khan, okay, and her hubby Ilya Lichtenstein were arrested last year in New York after police traced their riches back to their crypto heist.
But it's very confusing, Carole. When I heard about this arrest and I checked out the video I thought, these people are morons. I thought the police have made a mistake.
There's no way this idiotic person can possibly be involved in this huge heist. It just seemed implausible to me.
So maybe this actually is a brilliant cover story to pretend to be a really bloody awful rapper.
There's no way this idiotic person can possibly be involved in this huge heist. It just seemed implausible to me.
So maybe this actually is a brilliant cover story to pretend to be a really bloody awful rapper.
Yeah, totally. Well, she really pulled it off with aplomb, if you ask me.
Prosecutors claimed the pair split up the bitcoin into tiny amounts and transferred it to thousands of different crypto wallets and fake identities, right?
So they mixed their stolen funds with other criminal cryptocurrency on the darknet marketplace AlphaBay. They purchased gold coins.
They set up shell companies to make the bitcoin funds look legitimate.
And prosecutors say that the stolen money was also spent on, quote, absolutely mundane things such as purchasing a Walmart gift card for $500. And I don't know if this is irony.
Can you tell me if I'm making this up? This is irony.
The gift card that they bought, the Walmart gift card, the stupid little thing, is what led to their downfall because cops were able to link the Walmart gift card back to some of the proceeds from the Bitfinex hack, which then opened up investigation further.
And by buying these gift cards and moving between different exchanges and different cryptocurrency, they were able to trace it all back.
Prosecutors claimed the pair split up the bitcoin into tiny amounts and transferred it to thousands of different crypto wallets and fake identities, right?
So they mixed their stolen funds with other criminal cryptocurrency on the darknet marketplace AlphaBay. They purchased gold coins.
They set up shell companies to make the bitcoin funds look legitimate.
And prosecutors say that the stolen money was also spent on, quote, absolutely mundane things such as purchasing a Walmart gift card for $500. And I don't know if this is irony.
Can you tell me if I'm making this up? This is irony.
The gift card that they bought, the Walmart gift card, the stupid little thing, is what led to their downfall because cops were able to link the Walmart gift card back to some of the proceeds from the Bitfinex hack, which then opened up investigation further.
And by buying these gift cards and moving between different exchanges and different cryptocurrency, they were able to trace it all back.
Provenance once again.
Provenance once again.
It comes down to that.
Always down to provenance.
The BBC report that police successfully decrypted a spreadsheet meticulously detailing the couple's intricate methods for laundering the stash, allowing them to recover nearly the full amount, or 91,000 bitcoin if I remember correctly.
The BBC report that police successfully decrypted a spreadsheet meticulously detailing the couple's intricate methods for laundering the stash, allowing them to recover nearly the full amount, or 91,000 bitcoin if I remember correctly.
It's just such a huge amount of money.
It's so huge. And now the story's not even over. So fast forward to last week.
Oh yes, we hear that the couple have now pleaded guilty to money laundering, with Morgan pleading guilty to an additional count of conspiracy to defraud the US and crimes against music.
The couple now face prison sentence. She herself faces a possible 10 years.
Oh yes, we hear that the couple have now pleaded guilty to money laundering, with Morgan pleading guilty to an additional count of conspiracy to defraud the US and crimes against music.
The couple now face prison sentence. She herself faces a possible 10 years.
Wow.
And you remember those bitcoin losers, the Bitfinex customers?
Yeah, yeah.
According BBC, by 2019, the company had reimbursed the victims.
So now the Hong Kong-based firm and some customers who exchanged their losses for shares are in line for a windfall once the recovered bitcoins are returned.
So now the Hong Kong-based firm and some customers who exchanged their losses for shares are in line for a windfall once the recovered bitcoins are returned.
Oh, so if you've hung on to your magic bean.
Yes. So they're actually going to cash out by doing the social experiment of everyone taking a little haircut.
So happy days for the Bitfinex and its customers, albeit 7 years on, and sad days for Razzle Khan, the rapper, or wannabe rapper.
So happy days for the Bitfinex and its customers, albeit 7 years on, and sad days for Razzle Khan, the rapper, or wannabe rapper.
I think we should listen to a bit of Razzle Khan music.
Oh dear God. Okay, let's just sign out with about 10 seconds. I'm heading. Motherfucking crocodile of Wall Street. Silver on my fingers and boots on my feet.
Always be a goat, not a goddamn sheep. Email me. Fuck your message at the beep. Beep. Beep. Beep.
Always be a goat, not a goddamn sheep. Email me. Fuck your message at the beep. Beep. Beep. Beep.
Link's in the show notes.
If you work in security or IT and your company has Okta, this message is for you.
For the past few years, the majority of data breaches and hacks you read about have something in common. It's employees.
Hackers absolutely love exploiting vulnerable employee devices and credentials. But imagine a world where only secure devices can access your cloud apps.
Here, credentials are useless to hackers, and you can manage every OS, even Linux, from a single dashboard.
Best of all, you can get employees to fix their own device security issues without creating more work for IT. The good news is you don't have to imagine this world.
You can just start using Kolide.
Kolide is a device trust solution for companies with Okta, and it makes sure that if a device is not trusted or secure, it can't log in to your cloud apps.
Visit kolide.com/smashing to watch a demo and see how it works. That's k-o-l-i-d-e.com/smashing.
For the past few years, the majority of data breaches and hacks you read about have something in common. It's employees.
Hackers absolutely love exploiting vulnerable employee devices and credentials. But imagine a world where only secure devices can access your cloud apps.
Here, credentials are useless to hackers, and you can manage every OS, even Linux, from a single dashboard.
Best of all, you can get employees to fix their own device security issues without creating more work for IT. The good news is you don't have to imagine this world.
You can just start using Kolide.
Kolide is a device trust solution for companies with Okta, and it makes sure that if a device is not trusted or secure, it can't log in to your cloud apps.
Visit kolide.com/smashing to watch a demo and see how it works. That's k-o-l-i-d-e.com/smashing.
This week we're sponsored by ClearVPN, developed by MacPaw, a software company from Ukraine with more than 30 million users worldwide.
ClearVPN is incredibly user-friendly, ensuring that even non-tech-savvy users can easily protect their online privacy without any extra technical skills required.
ClearVPN has a free plan for all users worldwide. It can hide your IP address and browse without geo-restrictions.
And the best part is, you don't even need an account to start using ClearVPN's free plan. It's entirely anonymous. ClearVPN works on Mac, Windows, Android, and iOS.
And with its premium plan, you can be teleported to 40 other countries to unlock content on the top streaming services such as Netflix USA, Hulu, HBO Max, BBC iPlayer, and more.
To make your life online more safe and private with ClearVPN right now, you can try out 30 days of free trial premium.
Head over to smashingsecurity.com/clearvpn, click Start 30 Days, go through the registration, and then download ClearVPN to your device. That's smashingsecurity.com/clearvpn.
And welcome back. Can you join us at our favorite part of the show? The part of the show that we like to call Pick of the Week.
ClearVPN is incredibly user-friendly, ensuring that even non-tech-savvy users can easily protect their online privacy without any extra technical skills required.
ClearVPN has a free plan for all users worldwide. It can hide your IP address and browse without geo-restrictions.
And the best part is, you don't even need an account to start using ClearVPN's free plan. It's entirely anonymous. ClearVPN works on Mac, Windows, Android, and iOS.
And with its premium plan, you can be teleported to 40 other countries to unlock content on the top streaming services such as Netflix USA, Hulu, HBO Max, BBC iPlayer, and more.
To make your life online more safe and private with ClearVPN right now, you can try out 30 days of free trial premium.
Head over to smashingsecurity.com/clearvpn, click Start 30 Days, go through the registration, and then download ClearVPN to your device. That's smashingsecurity.com/clearvpn.
And welcome back. Can you join us at our favorite part of the show? The part of the show that we like to call Pick of the Week.
Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security related necessarily.
Could be a funny story, a book that they read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security related necessarily.
Better not be.
Now, Carole, after 334 episodes of Smashing Security, we've given a lot of picks of the week. And every now and then we've subverted the format and not given a pick of the week.
Instead, we've done a nitpick of the week. And I would like to take this opportunity to give my nitpick of the week.
Instead, we've done a nitpick of the week. And I would like to take this opportunity to give my nitpick of the week.
Please shoot. I want to hear it.
Two weeks ago, you were away on a secret mission and I edited the podcast.
And I managed to edit the podcast successfully, but the day after editing, my laptop went kaput and I was actually away as well. And so it was rather difficult, right?
So my laptop went kaput and I thought, I need to go and take it into the nearest Apple Store to get it fixed, to get them to look at it. One of the geniuses at the bar.
My nearest Apple Store is in Oxford. That's no problem, I thought. I'll drive into Oxford. I'll park my car. I have an electric vehicle, as you know.
I will park it at the Oxford Westgate Shopping Centre.
And I managed to edit the podcast successfully, but the day after editing, my laptop went kaput and I was actually away as well. And so it was rather difficult, right?
So my laptop went kaput and I thought, I need to go and take it into the nearest Apple Store to get it fixed, to get them to look at it. One of the geniuses at the bar.
My nearest Apple Store is in Oxford. That's no problem, I thought. I'll drive into Oxford. I'll park my car. I have an electric vehicle, as you know.
I will park it at the Oxford Westgate Shopping Centre.
What day of the week is this?
This was Monday. Monday it was.
Okay. Yeah.
Okay. So, I went into the Oxford Westgate Shopping Centre and plugged my car in.
Now, the exciting thing about going to Oxford is that the EV chargers at the Westgate Shopping Centre are free. You can plug your car in and it'll charge it for free.
Fantastic, I think. I love a freebie. But oh no, no, they don't do that anymore.
They've obviously cottoned on that people like me were going there and getting a free charge because they're no longer free. They now say you have to download an app called Sparco.
And they won't let you use your debit card or something at the machine, right? Instead, you have to download the app. It says you have to download the app.
You can't do anything unless you download the app. So you think, I'll just download the app, don't you? Wrong.
Now, the exciting thing about going to Oxford is that the EV chargers at the Westgate Shopping Centre are free. You can plug your car in and it'll charge it for free.
Fantastic, I think. I love a freebie. But oh no, no, they don't do that anymore.
They've obviously cottoned on that people like me were going there and getting a free charge because they're no longer free. They now say you have to download an app called Sparco.
And they won't let you use your debit card or something at the machine, right? Instead, you have to download the app. It says you have to download the app.
You can't do anything unless you download the app. So you think, I'll just download the app, don't you? Wrong.
Well, I would of course read the privacy terms and agreements.
Well, you would have done. Yeah, but okay. I can't just download the app because the Oxford Westgate Shopping Centre car park is underground and there's no data.
Yes.
And so I can't get on the internet with my little mobile phone to download the sodding app. Right? And there's also no Wi-Fi. And I'm thinking, well, how do I connect?
Do I have to walk out of the car park in order to get a connection and then walk all the way back in? You know, down all the slopes and everything.
Anyway, I think, ah, the shopping centre has free Wi-Fi. Maybe there's a little trace of it reaching down into the underground car park.
Do I have to walk out of the car park in order to get a connection and then walk all the way back in? You know, down all the slopes and everything.
Anyway, I think, ah, the shopping centre has free Wi-Fi. Maybe there's a little trace of it reaching down into the underground car park.
Why didn't you just go up to the main floor and do your business and then come back down?
Oh, well, Carole, you weren't there. Right, if you're going to jump in with sensible suggestions at this point, it's too late because it's now no longer Monday when this happened.
Yeah, okay.
So I hop onto the shopping centre Wi-Fi and it tells you to register if you want to use their free Wi-Fi.
You've got to enter your name, you've got to enter your email address, you have to agree to the terms and conditions, you have to tell it the reason for coming to the shopping centre.
The reason for me coming to the shopping centre is to go to your sodding shops, I'm thinking.
So I'm answering all these questions and it says, "Now we're going to email you a confirmation link. You have 10 minutes to click on the link in order to get free Wi-Fi," right?
And then it'll unlock it. So I go to my email app, but there's no email from them. They haven't sent me the email. No matter, I think, it'll be along in a minute.
Sometimes these things take a while. So while I have my 10 minutes of Wi-Fi, I download the Sparco app. Right, so I download it.
You've got to enter your name, you've got to enter your email address, you have to agree to the terms and conditions, you have to tell it the reason for coming to the shopping centre.
The reason for me coming to the shopping centre is to go to your sodding shops, I'm thinking.
So I'm answering all these questions and it says, "Now we're going to email you a confirmation link. You have 10 minutes to click on the link in order to get free Wi-Fi," right?
And then it'll unlock it. So I go to my email app, but there's no email from them. They haven't sent me the email. No matter, I think, it'll be along in a minute.
Sometimes these things take a while. So while I have my 10 minutes of Wi-Fi, I download the Sparco app. Right, so I download it.
I can't believe I've ever taken any advice from you in my life. Okay, right, okay. So now you download it. How are you downloading the app?
Because I've got 10 minutes worth of Wi-Fi from the shopping centre during which I'm supposed to click on the confirmation link, but it's letting me—
Oh, right. And you're trying to work it really quickly to download an app.
You've got my dilemma already. So I'm starting up the Sparco app and it says, "Would you like to register an account?" I know I bloody wouldn't.
I want— I just want to pay and go, right?
So I will click on the button which says, "Carry on without registering an account." And I click that button and it takes me to a random screen in the app.
And I click it again, click it again, click it again. All the time I'm just saying, "Carry on." It doesn't work.
So I think, "Okay, I'm going to have to register an account with Sparco." Did I mention, by the way, I'm in a hurry? I'm in a hurry. There's places I have to be.
I've got an appointment at the Apple Store. I need to get there. Sparco wants my name, my email address, my postcode. It then searches my mailing address from my postcode. I select it.
Then it asks me to choose a password, minimum 12 characters, it says, uppercase, lowercase, and a symbol. So I create a password. I re-enter the password.
The password matches, it says. Then it asks me to complete a CAPTCHA. I find—
I want— I just want to pay and go, right?
So I will click on the button which says, "Carry on without registering an account." And I click that button and it takes me to a random screen in the app.
And I click it again, click it again, click it again. All the time I'm just saying, "Carry on." It doesn't work.
So I think, "Okay, I'm going to have to register an account with Sparco." Did I mention, by the way, I'm in a hurry? I'm in a hurry. There's places I have to be.
I've got an appointment at the Apple Store. I need to get there. Sparco wants my name, my email address, my postcode. It then searches my mailing address from my postcode. I select it.
Then it asks me to choose a password, minimum 12 characters, it says, uppercase, lowercase, and a symbol. So I create a password. I re-enter the password.
The password matches, it says. Then it asks me to complete a CAPTCHA. I find—
Can I interrupt one more time?
Yes.
Sorry. As I listen to your story.
Yes.
Your car, is it a hybrid car or fully electric?
No, it's fully electric. Fully electric.
Right. So it's not like you could have just parked in a normal car spot, go do your hurry, hurry thing and dealt with this afterwards.
I could have done. But I was quite low on juice and I wanted to charge my car.
Right, so you were basically trying— Yeah, yeah. You did not prioritise what was most important, car or Apple.
Again, you're offering advice, which is very gratefully received, but you weren't there at the time.
I'm sorry, okay, sorry. Get back in your soapbox.
You could possibly have called me with this advice if I'd had any data to reach me in my underground car park.
So I'm taking the CAPTCHA and I find three buses and then asks me for another CAPTCHA. I find four bicycles. Ask me for another CAPTCHA. I find three fire hydrants.
Ask me for another CAPTCHA. I find four—
So I'm taking the CAPTCHA and I find three buses and then asks me for another CAPTCHA. I find four bicycles. Ask me for another CAPTCHA. I find three fire hydrants.
Ask me for another CAPTCHA. I find four—
Bzzz.
It says—
Out of time.
Cannot complete CAPTCHA, it says. Do you have internet access? Because at this point—
This does sound like a nightmare situation. I'm so sorry.
At this point, I've lost my internet access.
Oh dear.
I haven't received the email from the shopping centre. I'm walking around the car park trying to find better— No internet access.
Dare not go up those stairs though.
I fill in the shopping centre Wi-Fi form again and again and it keeps not working. I turn off my Wi-Fi, turn it on again.
I managed to re-register for the Wi-Fi for another 10 minutes. I try and register on Sparco again. I enter all my details again. I tick the I am human box.
No internet access, says the CAPTCHA.
I managed to re-register for the Wi-Fi for another 10 minutes. I try and register on Sparco again. I enter all my details again. I tick the I am human box.
No internet access, says the CAPTCHA.
You're ridiculous.
15 minutes have now passed. I finally managed to create a Sparco account. And I think, right, we're almost there. And it says it wants payment information. Easy, I think.
I'll just enter my payment card details. Oh no, no, no. It wants to set up a fricking direct debit with my bank at this point. So I have to dig out my—
I'll just enter my payment card details. Oh no, no, no. It wants to set up a fricking direct debit with my bank at this point. So I have to dig out my—
That's the only option?
Yes. They only accept payment via direct debit.
And again, at this point you still don't go, okay, I'm just going to park in a normal car spot, go to the Apple thing.
Again, Carole. Again, Carole, you weren't there to offer this advice.
No, I know, but I'm here right now and this is taking a long time.
I enter my direct— I find my information for my bank, even though I don't have internet access.
I find it, I enter it, and I think, right, now I can choose my charging point and tell it to start charging.
And I find my charging point in their app, and it has a button, it's marked Start Charge, and I think, this is it, but it's now going to work out.
And then I notice it's greyed out and it tells me your charging point is already occupied. It's well, yeah, it's occupied by me. This is where my car is.
And so it won't let me start the charge. I don't understand why. I then have to move my car from that point, charging point, to find another one. I've been there 30 minutes by now.
I eventually start to charge my car. Fantastic. Go to the Apple Store. They take my laptop away. They're going to fix it. Lovely, lovely.
Now I come back to the car park and I think this would be easy. I'd just sleep in my car. No, no, no.
That'd be too easy because I now have to log into the fucking app to tell it to stop charging my car.
I can't disconnect the cable unless I can get into the app to tell it to stop charging because there's no stop button on the charging point.
And I can't get into the app unless I have data to get onto the internet and I'm underground.
I find it, I enter it, and I think, right, now I can choose my charging point and tell it to start charging.
And I find my charging point in their app, and it has a button, it's marked Start Charge, and I think, this is it, but it's now going to work out.
And then I notice it's greyed out and it tells me your charging point is already occupied. It's well, yeah, it's occupied by me. This is where my car is.
And so it won't let me start the charge. I don't understand why. I then have to move my car from that point, charging point, to find another one. I've been there 30 minutes by now.
I eventually start to charge my car. Fantastic. Go to the Apple Store. They take my laptop away. They're going to fix it. Lovely, lovely.
Now I come back to the car park and I think this would be easy. I'd just sleep in my car. No, no, no.
That'd be too easy because I now have to log into the fucking app to tell it to stop charging my car.
I can't disconnect the cable unless I can get into the app to tell it to stop charging because there's no stop button on the charging point.
And I can't get into the app unless I have data to get onto the internet and I'm underground.
Okay, deep breath.
So, in summary—
You had a bad, bad Monday afternoon.
No electrical vehicle chargers should require you to install an app to charge your bloody car. They should all—
Especially if it's underground.
Yes, with no data. They should all have the ability for people to pay contactless with their payment cards. Welcome to my TED Talk. Thank you very much. Good night.
That is my nitpick of the week.
That is my nitpick of the week.
Listeners, let us know if you want more disaster stories Graham's life.
We've got a lot of material.
Yes, nothing to do with how he uses the world. It's all to do with the world.
Carole, what's your pick of the week or nitpick of the week?
Well, it is, as you know, you open saying we've done a lot of pick of the weeks. We have done a lot of pick of the weeks. I am a little nervous.
We may have touched on this subject before in one of the 333 previous episodes.
We may have touched on this subject before in one of the 333 previous episodes.
Right.
But as we were talking about, I'm on a mission far, far away in a place where using data on my phone would cost a veritable fortune.
Okay.
So as I'm having to work while I'm away, what do I do? 'Cause I'm not always near a Wi-Fi point.
Well, I got myself a virtual SIM card, an eSIM, because my phone is eSIM compatible, as are most modern phones. So an eSIM is an industry standard digital SIM.
This is according to Apple, okay? But it does work on other devices that allows you to activate a cellular plan from your carrier without having to use a physical SIM.
So basically I can get SIM access without getting off my ass. And that's a—
Well, I got myself a virtual SIM card, an eSIM, because my phone is eSIM compatible, as are most modern phones. So an eSIM is an industry standard digital SIM.
This is according to Apple, okay? But it does work on other devices that allows you to activate a cellular plan from your carrier without having to use a physical SIM.
So basically I can get SIM access without getting off my ass. And that's a—
I mean, this is a brilliant invention because the pain with SIMs is you have to have that little— this potentially is a nitpick of the week. Again, that funny little pin thing.
You sure you want to keep it for next week?
You have to have one of them to get in the car. Nothing else fits. Nothing else fits.
I used to have one of them on my keychain because I occasionally needed one, and it kept on stabbing me in the thigh. You know, potentially.
I used to have one of them on my keychain because I occasionally needed one, and it kept on stabbing me in the thigh. You know, potentially.
Only you would call it stabbing.
But no, it could cut.
It's a paperclip.
It could be. It's probably a very important vein in my thigh. It could kill me.
Well, I'll carry on with my story. I'm glad you lived through that horror. Now, I got one from a company called HolaFly. H-O-L-A Fly.
Hola.
Yeah, hola, like hello fly.
Yes.
And yeah, hello, fly. And basically you go to their website and they say, hey, where you heading? Where are you going? Right.
And you say, oh, I'm going to, you know, Mexico, or I'm going to, you know, Japan or the US or wherever. And they say, well, how long you plan to go for?
And you say, oh, I'm going to, you know, Mexico, or I'm going to, you know, Japan or the US or wherever. And they say, well, how long you plan to go for?
Yeah.
And you tell them, and bish bash bosh, you can have unlimited data for that length of time. Oh yes. Do you—
So you don't have to put anything into your phone? Your phone already comes equipped with this eSIM technology?
Yeah. If you go right now, go to esim.holafly.com.
Are you being sponsored by them?
No, I know. I think I sound like an ad. I'm not getting a fucking penny. I was just really impressed. It installs in a few clicks. It's really simple to use. There's no trickery.
You just choose your travel mobile plan or your local travel plan.
You just choose your travel mobile plan or your local travel plan.
Right.
And that's it. For unlimited data, it's pretty affordable. So for 7 days, I'm just looking now. So let's say I was going to the States, right? And I was going there for 7 days.
Yeah.
For unlimited data, $27. So you can download on your phone, keep it there silent. And when you go away, you kick it off and then you've got 7 days of unlimited time, unlimited juice.
Well, that's a very helpful pick of the week.
Yes, it is. It's fabulous and it's easy and it doesn't need an IT technician to do it for you.
So that's why I am choosing eSIMs and my only experiences with HolaFly so far, but that's why eSIMs are my pick of the week.
So that's why I am choosing eSIMs and my only experiences with HolaFly so far, but that's why eSIMs are my pick of the week.
Very nice too. Well, that just about wraps up the show for this week, Carole.
It does.
Listeners can follow us on Twitter @SmashingSecurity, no G, Twitter doesn't allow us to have a G.
And we also have a Mastodon account if you're one of those people who've made the exodus already. And look us up on the Smashing Security subreddit.
Don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast apps such as Apple Podcasts, Spotify, and Overcast.
And we also have a Mastodon account if you're one of those people who've made the exodus already. And look us up on the Smashing Security subreddit.
Don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast apps such as Apple Podcasts, Spotify, and Overcast.
And huge, huge thank you to this episode's sponsors, Kolide and ClearVPN. And of course, to our wonderful Patreon community. It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest list, and the entire back catalog of more than 333 episodes, check out smashingsecurity.com.
For episode show notes, sponsorship info, guest list, and the entire back catalog of more than 333 episodes, check out smashingsecurity.com.
Until next time, cheerio, bye-bye.
Bye-bye. Hey, I didn't tell you. I was accused by someone who's known me for quite a long time that I don't say my name properly on this show.
You don't? You've always said I'm the one who says it correctly.
Oh, no, no. They definitely think you do not say it correctly, and I have to agree with them under duress.
Oh, okay. So what is, how do you say your name?
Well, I think I don't know.
You don't know how to say your name?
I think I've lost the, moving to England, I mean, so in French it would be Carole Theriault.
Carole Theriault.
Right, but that's really hard for Brits to say and I don't them horking on my R. What?
You don't want anyone horking on your Rs.
Exactly. Anyway.
Ah, dear.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Episode links:
- With Nvidia Eye Contact, you’ll never look away from a camera again – Ars Technica.
- “A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards” – Technical paper (PDF).
- New acoustic attack steals data from keystrokes with 95% accuracy – Bleeping Computer.
- Bitfinex users to share 36% of bitcoin losses after hack – BBC News.
- Bitfinex’s Latest News & Updates – BitFinex blog.
- Heather R. Morgan – Wikipedia.
- Razzlekhan and husband guilty of $4.5bn Bitcoin launder – BBC News.
- Record-high seizure of $4bn in stolen Bitcoin – BBC News.
- ‘Sexy horror comedy’: Bitcoin laundering suspect is also ‘raunchy rapper’ Razzlekhan – The Guardian.
- ”Versace Bedouin” music video by Razzlekhan – YouTube.
- “Pho King Badd Bhech” music video by Razzlekhan – YouTube.
- SWARCO – Nit Pick of the Week.
- Esim Holafly – Holafly.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- ClearVPN – Hide your IP address, browse without geo-restrictions, and stay private online with a 30 day free trial of its premium plan.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky at @smashingsecurity.com, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
