Smashing Security podcast #349: Ransomware gang reports its own crime, and what happened at OpenAI?

My auntie Liz, she got burgled once before Christmas and the burglar apparently unwrapped all the presents around the tree and left them all thinking these are shit.

I don't need some socks, thanks though Auntie Liz.

Smashing Security, episode 349. Ransomware Gang Reports Its Own Crime And What Happened at OpenAI with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, episode 349. I'm Graham Cluley.

And I'm Carole Theriault. What was the pause for there, Carole? Do you always say that? Or do you say, my name is Graham Cluley? I actually, you're, well. There's a weird audio cadence that changed.

I do normally say my name is Graham Cluley. That's right. But this time I said I'm Graham Cluley.

I was expecting the music.

My name is Graham Cluley. And I'm Carole Theriault. Carole, it's great to be back in the country. I was on my overseas mission last week, of course. I was at Black Hat MEA, where I bumped into friend of the show, Dan Raywood, a journalist of course. He's currently writing for Dark Reading.

He's everywhere. I saw him on a plane coming back from Canada. Literally we were getting on the plane, he told me that. Yes, I was on the plane really hot and bothered, not happy and now I just heard Carole Theriault. I was like oh hi, hi. Then we had a nice chat, it was very nice. So hi Dan.

He's stalking me as well. He's stalking me too. So anyway, he's now the owner of a lovely Smashing Security sticker as are some other delegates from the conference who came up to me and said that they enjoyed the podcast. And I did my usual trick of saying which one of us do you prefer, me or Carole? But regardless of their answer, I still gave them the sticker.

I love you guys. High five.

It was a crazy event. On the last day, last afternoon, I was the emcee of the event doing my shtick and there's suddenly huge thunderstorm. Right, oh I thought there was someone coughed. All right, no, no, no. Enormous thunderstorm, torrential rain and then the water started to come through the roof of this enormous conference center.

Oh no.

And then the power went out and we were all evacuated, thousands and thousands of people.

Oh my, I would have died. I would not that.

A journey which normally takes 10 minutes to get back to the hotel in a car took an hour and a half because the roads were completely flooded because they don't have drains because they're not expecting this kind of weather.

Oh my God.

So we should have canoed back. Anyway, dramatic end to the conference.

I'm glad you made it back. I had no idea. Well, there you go. I would have been on my own this week going, what do you think, Graham? Oh, yeah, that's right.

Should we kick this show off? Let's do it.

Okay, but first, let's thank this week's wonderful sponsors, Kolide and Vanta. It's their support that help us give you this show for free. Now, coming up on today's show, Graham, what do you got?

So, you've hacked a company, now what?

Ooh, and I'm going to talk about when company boards act numpties. All this and much more coming up on this episode of Smashing Security.

So imagine the scenario. Imagine that you have hacked a company. You've accessed their data. You've committed the security breach, okay? And what you probably want to do is you want to monetize the data in some fashion.

Right. So I've stolen all this glut of information. I want to make some wonga off the stuff I've stolen.

Yeah, makes sense. And there's different ways to monetize it. Maybe you could sell it to others. Maybe you could use the information which you've taken for fraudulent purposes.

Yeah. Social engineering.

Yeah. And maybe if you've actually managed to convert it into money, you may think, well, what are we going to do now? You might even launder it through online casinos to get rid of all their money and maybe make some more money.

No, it's to make it legal. That's the whole point, right? It's just to legalize the cash.

Yes, exactly. Exactly, yes. It covers your tracks and gives it to criminal, probably, casino operations.

You could also do ransomware, right? Where you kind of say you can have it back for a fee.

Right, exactly. And if you were trying to extort some money from an organisation, how do you apply those thumbscrews? You could leak the data online, which you've stolen, and say, if you don't pay up, we're going to put it on our dark website. You could contact journalists.

Yeah.

I've been contacted by ransomware gangs before saying, hey, look, we've got all the emails from this company and we've found some really juicy stuff. You could write about this. Sometimes I've had hacking groups do that with me.

Do you say okay? Do you say okay?

No, of course I don't say okay.

No, no, no. But loads of journalists do because they need the clicks. So well done though, Graham, seriously, for having an ethical backbone. I had no idea.

You had no idea. I had any backbone at all. Well, I could do with the clicks, to be honest. It would be good. But maybe I'm an idiot. I'm not sure.

You're not an idiot. You're not an idiot. But yeah, I just don't the idea of being an accessory in the crime. I'm so proud of you, actually. I'm glad you're my friend. There

You know, I do feel like that, actually, quite strongly. Sometimes when you've seen celebrities get hacked and photographs stolen, and then you see the mainstream media publishing them, and I think, well, hang on a minute. Is that acceptable? So I sort of think it isn't, really. I'm with you. So other things you could do, you could contact the customers of the hacked company, describing how awful their security was. Just one year ago, AirAsia, they got hacked by a ransomware gang called the Dai Ching team. And they lost personal data of 5 million passengers, all of their employees. And normally that would be bad enough for a company, right, to have the data stolen. But something possibly actually has saved AirAsia from further attacks, something you probably wouldn't expect. Because according to the hackers, the Dai Chin team who came in, they said they were so irritated by the chaotic organisation of AirAsia's network and the absence of any standards that they refused to look at the data for a long time. And they said the network protection was very, very weak. And they basically announced, we're never going to hack them again because they're too much effort, because they're just so lousy, their security. So it's worse, actually, than the data being leaked. You've also got the hackers saying, you're a complete joke how you're running your computer security on your network.

I don't understand that. Okay, I don't get that at all. So you're stealing data and you're bitching publicly that the data was too easy to steal? Like, what the fuck?

Too easy to steal, but also just disorganised. There've also been hacked plastic surgeries and mental health clinics where the hackers have contacted patients threatening to release their details or their photographs, their pre-op photographs or their mental health notes unless they stump up the cash.

I thought you said hacked plastic surgery and I was imagining someone's face being somehow destroyed. I don't know. Okay. Yeah. There's loads of bad things out there, Graham. What's the point?

All ways of applying pressure on an organisation to pay the ransom. But now we are seeing something new. Is it really new?

Okay, I'm waiting. Okay. Impress me.

Well, I think there's been threats of this before, but now it actually seems to be happening. The ALFV ransomware gang, also known as Black Cat, earlier this month, they hacked a company called Meridian Link. And Meridian Link provides services, some kind of platform for financial institutions. They've got some important customers who've got lots of Wonga.

Okay. Yeah. It's not a company I know of. I don't know any of this. Yeah. Because it's not a field we work in, right? But the ALFV ransomware gang, they say that they didn't encrypt any files, which isn't that unusual these days. Can we just give ourselves a hat tip there and just take a pause? Because for freaking years, we banged on about having backups to everyone. Like, we did it for at least 10 years. So, well done. Well done. Well done. But well done. Yes, exactly. So this is a bit like I get robbed. They're still staking my joint, right? To see how I'll react. I don't fix the door or the broken window or anything. Don't do anything. They get annoyed. So then they go to the local paper and tell everybody that they broke into my house and how crap it was or whatever, you know, that I have this data. And then I go, okay, fine. I'll fix the door.

I changed the locks. Maybe you're fed up with people coming in every night, stealing your VHS recorder again, you know, and your collection of...

In the old days, we worked at the company we worked at. No free advertising for anybody. I would come home occasionally at night, right? I had a flat in Oxford Centre and my front door would be wide open because I had forgotten to close it when I left. Literally all day, that door was wide open in this huge door thing in a Victorian house, the little apartment. And no one walked in ever. No one stole anything.

How do you know no one walked in? Maybe people did walk in.

I don't know, actually. They didn't steal anything. Yeah, exactly.

Because I had an aunt, my Auntie Liz. She got burgled once before Christmas, and the burglar apparently unwrapped all the presents around the tree. And left them. And left them all thinking, these are shit.

I don't need some socks. Thanks, though, Auntie Liz.

Oh. Anyway. So they exfiltrated data, right? And the company's now protected. But ALFV did not rest on its laurels there because they still want the company to pay up. And they're thinking, well, you know, Meridian Link haven't been in touch. They're not negotiating with us. There's no dialogue going on. You know, why aren't they doing anything?

Are they prodding Meridian Link and asking for a dialogue? Oh, yeah. They're attempting to start a decent dialogue, a decent negotiation. Find us on this forum. And they're not getting very far. So they decide to take it upon themselves to tell someone else about the hack. Oh. So ALFV has submitted a form. There's a place you can go on the SEC website where you can report companies who you believe have failed to, for instance, disclose a security breach within four days as stipulated in SEC rules. This is, oh my God. This is the kind of stuff that people like policymakers never consider. How could you? So you've got some digital robbers reporting you for being robbed by them.

Beautiful. And not telling the authorities. Not reporting it within the time limit. So they wrote, the hackers wrote on the SEC website, "We want to bring to your attention a concerning issue regarding Meridian Link's compliance with the recently adopted cybersecurity incident disclosure rules."

Oh my god, written by AI, I can hear it. It's written, I will test this later.

So according to the new US SEC rules, you have to report a breach within four days unless you can delay the disclosure if the US Attorney General determines that immediate disclosure would pose a substantial risk to national security or public safety, which I suspect it doesn't in this case.

I'm going to say this is my immediate reaction of what they should do. So they have to amend the law and you need to identify yourself as the reportee for them to take it seriously.

Oh I see. On the form you have to say I'm Joe Smith, upload your passport, tell us your phone number, we'll verify, otherwise we can't take it seriously. We need to go speak with you. We need to get more information first.

Maybe the hackers would fall for that.

Well they wouldn't, but then they also wouldn't report you because now there's a sticky pickle.

There's a catch-22 because if they don't then take it seriously, if they don't go after them, there could be a whole little mess, a little squabble going online. But hang on, isn't this a little bit like software as a service? Aren't the hackers actually doing a good duty for the company? Because a company which has been hacked has got enough on its plate already. How wonderful if the hackers then begin the process of reporting the breach to the authorities, ringing up the ICO. The SEC could start offering bug bounties to hackers to report companies that fuck up. So Meridian Link, they've now confirmed that they suffered a cybersecurity incident. But they say their investigation to date have not identified any unauthorized access to its production platforms. Of course, that's what you have to do for liability. You have to say we don't know that anything's been stolen. It could be. It's always possible, isn't it? That's the problem, though. There's no ethical place to post that data. I don't mean to the public, but to somewhere where they can go, yeah, yeah, no, they've got stuff. In murder investigations, I listen to a lot of this crap podcast about murderers and stuff, you have to prove, oh, I know stuff that the cops know. Oh, yes, because you know about the tattoo behind the ankle or something. Only the murderer would know about that. Oh. That's a screw up on the hacker side. The hackers have gone a little bit too early, but maybe a warning for other organizations as well that leave it a month. They're listening right now and they're going, damn you, Graham Cluley. Damn you. Foiled our plans. Maybe we'll see more of this in the future. After December 15th. All righty. We have a fast moving story here. So apologies to those of you bored senseless by AI natter. But today, this is less of a technology story and more of what's going to happen next. So buckle up.

Bletchley Park a couple of weeks ago, wasn't he? Yeah, he's everywhere. With Kamala Harris and Rishi Sunak. There was that big meeting about AI ethics.

He's like Princess Diana of the AI world. He is everywhere and everything doing all the right messages.

This is – Is he really loud? No, he's not. He's not at all. He's not at all. Of course I'm not. Of course not. A blog post.

So the blog post is titled OpenAI announces leadership transition. And I have just a few select quotes because there's lots of we're great, we care about everybody, lots of good stuff. But basically, the board of directors of OpenAI that acts as the overall governing body for all AI activities today announced that Sam Altman will depart as CEO and leave the board of directors. Mira Maradi, the company's chief technology officer, will serve as interim CEO effective immediately. Okay, that's in paragraph one.

Okay, so why are they getting rid of him? Ha, good question. So, does this answer your question? Quote, Mr. Altman's departure follows a deliberate review process by the board, which concluded that he was not consistently candid in his communications with the board, hindering its ability to exercise its responsibilities. The board no longer has confidence in his ability to continue leading OpenAI. He's the guy who didn't get invited to the meeting. That's why he didn't get the Zoom invite.

That's why he's pissed off. That's why he's throwing away his company that's currently worth something like 80 billion or something. You know, after the next round. So this is the darling of the tech world. And they just dumped their co-founder and CEO on his ass. And this was a surprise to all because many maintain this. This guy's done loads to generate enthusiasm for, you know, language models like ChatGPT, right? Like he's been everywhere and done all the talks. And the question on everyone's lips after hearing the news was, what happened? But Sam was tight-lipped. All the papers were probably calling him nonstop, going, what, what, what, you know, what happened? What do you have to say? And he didn't respond to anyone that I saw. And so were the board and so was the ex-president Brockman. He said a few words, but nothing exciting. Oh, for goodness sake. Can they not just tell it? This sounds really juicy. It's coming, Graham. No matter who you are, right, if you're unceremoniously dumped like this, also very publicly with a blog afterwards. I have been dumped in the past, but never with a blog afterwards. So I would be disappointed if if there was a blog and it still didn't tell me why I'd been dumped. I think I think everyone deserves to be told why they're done. True. It is true he's not lying. The other thing is we're not even talking about the staff who are going, where's our boss? Where's the figurehead of everything? There's 700 of them, right? And they want to know the deeds. So when they ask, they're told that there was a breakdown in communications between Sam and the board. Thanks, guys. Really? Thanks. I would say, actually, no shit. Thanks.

Carole, have you found out what the reason is or not? Are you just teasing me along here? Have you found out what the actual reason is? You're going to

Follow my story. So sit back. I told you to buckle up. That means zip it. So how come they were able to do this? How come the board were even able to just fire the CEO who is a member of the board, right? And it's because it's a capped profit subsidiary. So Sam Altman himself, the CEO or ex-CEO, did not directly own shares. And this board does not have the typical incentive of maximizing returns for shareholders, but they have a fiduciary responsibility or duty to create safe, artificial general intelligence that is broadly beneficial. Hence, they were able to sack Sam without blinking and just saying, you know, he wasn't keeping us informed. It was maybe a bit dangerous. But they're now having to say it wasn't dangerous. It's not dangerous, but it's kind of, we had to get rid of him. So, this is why it's so exciting. Let's pivot again, because we have Microsoft who have sunk 10 billion, not 10 million, 10 billion. I bet they're pleased. Into OpenAI.

They've spent 10 billion on this company and now the two people who were heading it up have left. Well, that was a good investment, wasn't it?

They must have had a proper heads up, right? They must have been called and told, look, guys, guys, guys, this guy is not good. We got to, you know, do you agree? Do you think? Do you want to know when they found out? Same time everybody else did. One minute before the blog post went live. What a kick in the ass.

Just so you know, we're about to publish a blog. Oh, we've just done it. Oh,

It's published. And the employees, right? Well, they're not getting answers that they want, so they start quitting. Some of them quite senior, at least three senior researchers, including the director of research at OpenAI, says sayonara to OpenAI. This is all on Friday. Okay, this is one day.

It's a bit when we left that company, Corral, when we both left and there was an avalanche of other people who came out with us, wasn't there? There was a cavalcade of people. No, there wasn't. No, no. We

Did put out a blog when we left.

Well, yeah, we published a blog article. They didn't

Want us to publish a

Blog article. No, they didn't. But no one came with us, did they? No one came with us.

Well, you came with me.

Oh, yeah. Okay, that's true. Yeah, loyal.

So next day, we wake up to see Sam Altman saying he's in talks with OpenAI's board about returning to the company. And he even posted a photo of himself in the OpenAI offices wearing a guest visitor badge and has the line, first and last time. Yeah. Complicated.

It's beginning to sound a bit a publicity stunt now.

Well, you know, you have all these plans, you have these employees, and yet you have the board that spat you out in public in a humiliating way and you want to go and have chats? But then on the same day, there's also gossip that Altman, Sam Altman and Brockman, were going to go launch their own initiative. And he also pokes the board on X slash Twitter saying, if I start going off, the OpenAI board should go after the full value of my shares. Snigger, snigger, because I don't have any. Right? So, this morning, this morning, this is now Sunday, what do we hear? Sam Altman and Greg Brockman have decided to accept roles leading the brigade at Microsoft's Advanced Research Lab. Because Microsoft probably pissed off by AI just saying, well, we have the right to do this as the board. Basically said, look, hey guys, you have an open job here. Just come on in.

Presumably, they're not going to give another 10 billion to these two guys again, are they? Well,

OpenAI are also shuffling things about because Mira Murati, who is the interim chief since Friday, is now being replaced by Emmett Shear. He's the former CEO of Twitch. Lower ranks in OpenAI, the employees are also scrambling. More than 550 of OpenAI 700 employees signed a letter saying that the board have to quit because otherwise, if they don't resign, they may just get up and go and work for Microsoft because Microsoft has said to them, don't worry, there are jobs for all OpenAI staff if they want to join the company. I'm talking very, I can tell I'm shrill. I'm sorry, listeners.

Carole, you haven't told me yet why they got rid of him.

Well, the staff say the process through which you terminated Sam Altman and removed Greg Brockman from the board has jeopardized all of this work and undermined our mission and company. Your conduct has made it clear you did not have the competence to oversee OpenAI. 550 employees signed to that note. Okay, well, I get

That. But why did they fire the guy? What was the problem? What did he do? Do you know or not? They tell the board in the letters.

Carole, do you? Carole, Carole. No, I have one more thing to say before we have this conversation. Get this. One of the board members, who is obviously being targeted by this employee onslaught of saying, resign, you fuckers, also signed the letter. He's quoted as saying, I deeply regret my participation in the board's actions. I never intended to harm OpenAI. I love everything we built together and I will do everything I can to reunite the company. So I'm just saying, hand me the toffee popcorn. Am I right?

I'll hand you the toffee popcorn when you tell me why he was actually fired.

Every single journalist who are much more powerful than me have tried to get that answer, and so far we do not know.

You know what? You've all made a big mistake, because it's easy to find out why he was fired. All you have to do is ask ChatGPT.

It's not up to date that way, unless you pay.

We're not prepared to pay for this breaking news.

Maybe one of our listeners is going to be a monthly subscriber to ChatGPT-4. Please let us know what they say.

I wonder if some of these crazy responses from the OpenAI board were not actually human responses but people who thought, oh God, I've got this boring board job. I don't know what to do today. I'll ask ChatGPT to tell me what I should do today and what decisions I should make. This is the AI taking control right here, Carole. This is the AI pushing out the man.

Maybe it's a PR stunt. And they've actually got ChatGPT to do all these communications. What would you do if you were Greg Brockman at this stage? What would you do if you're Mira Murati? And they're just building up their whole drama. Who knows? It's crazy. But this is the belle of the ball, right? This is like Pamela Anderson. What was that beach show she was on when she was running around? Baywatch. Much tripping and breaking her ankle. That's how big this is. Pay attention. It's probably old news now that you're listening.

Interesting mixed metaphor that you're making here between a fairy tale about Cinderella and Pamela Anderson in Baywatch. A show which most of our listeners don't even remember.

She is Canadian. Oh, well, all right. Thank you to Smashing Security sponsors Vanta, where you can shortcut compliance, without shortchanging security. Expand the scope of your security program with Vanta's market-leading compliance automation. Vanta's 5,000-plus global customers report saving over 300 hours in manual work and up to 85% of cost for SOC 2, ISO 27001, HIPAA, GDPR, custom frameworks, and more. And with Vanta's 200-plus integrations, you can easily monitor and secure the tools your business relies on. From the most in-demand frameworks to third-party risk management and security questionnaires, Vanta gives SaaS businesses of all sizes one place to manage risk and prove security in real time. As a special bonus, Smashing Security listeners get a whopping 20% off Vanta. Just go to vanta.com slash smashing. That's V-A-N-T-A dot com slash smashing. If you work in security or IT and your company has Okta, this message is for you. For the past few years, the majority of data breaches and hacks you read about have something in common. It's employees. Hackers absolutely love exploiting vulnerable employee devices and credentials. But imagine a world where only secure devices can access your cloud apps. Here, credentials are useless to hackers, and you can manage every OS, even Linux, from a single dashboard. Best of all, you can get employees to fix their own device security issues without creating more work for IT. The good news is, you don't have to imagine this world. You can just start using Kolide. Kolide is a device trust solution for companies with Okta, and it makes sure that if a device is not trusted or secure, it can't log in to your cloud apps. Visit kolide.com slash smashing to watch a demo and see how it works. That's K-O-L-I-D-E dot com slash smashing.

And welcome back. Can you join us at our favourite part of the show? The part of the show that we like to call Pick of the Week. Pick of the Week. Pick of the Week. Pick of the Week is the part of the show where everyone chooses to say anything they like. That could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website or an app, whatever they like. It doesn't have to be security related necessarily. Yours is security related.

Maybe a little bit. Tighter it. Tighter it.

Well, I say it doesn't have to be necessarily. I mean, it's you who say it shouldn't be.

I don't know why you put me through it then.

Well, I just find it rather, you know. Anyway, my pick of the week this week. I don't know how many of our listeners are following British politics.

I'm not, so you can inform me.

If you think the goings-on at OpenAI are a complete shit show, watch British politics.

Is this about Cotswolds Dave?

Well, it was connected to David Cameron, our former prime minister, who was an MP in the Cotswolds long ago. He's now become, he's been ennobled to the Lords. He's now Lord Dave of Chipping Norton, and he is going to be our Home Secretary, although not actually answerable to the House of Commons because he won't be showing up there because he's not an MP. Anyway, that's all come about because Suella Braverman has been fired as Home Secretary. You can look into exactly what she did wrong. Well, you probably don't have time for that. You can see the latest thing that she did wrong, which upset Prime Minister Rishi Sunak. Now, I'm not going to get very political here, but my pick of the week this week is a Twitter account called Rate Your Resignation Letter. And what they do is they analyse, and it's quite often been the resignation letters of politicians, to give them basically a score. A score for their grammar, a score for any insults, any sort of mistakes that they've made. Just having a pop, basically, at the quality of the resignation letter. Now, Suella Braverman's resignation letter was quite a hoot.

Was it? Oh, yes. Is it in the show notes? Can I look at it?

Yes, yes. I've linked to it in the show notes. You can go and read a resignation letter. And this has caused a cavalcade of other politicians to question the suitability of Rishi Sunak to be Prime Minister, including someone called Dame Andrea Jenkins MP. And she has written a letter of no confidence. And this was a work of art. Dame Andrea Jenkins has written the most extraordinarily badly written letter that I think I've ever, ever seen. She's a big fan of a previous prime minister, Boris Johnson.

I'm looking at her letter now. Okay, so the one signed 13th of November, she says, Dear Sir Graham. Is that why you chose this story?

No, no, it's written to Sir Graham Brady, the chairman of the 1922 committee. This is what you do. If you want the current leader of the Conservative Party to be ousted, enough MPs have to write complaining. So what I particularly like is she's a big fan of Boris Johnson, and some of her sentences appear to have missed out verbs, or she's got a little bit distracted by the end of the sentence. So, for instance, she says, Yes, Boris, the man who won the Conservative Party, a massive majority, was unforgivable enough. And I think she meant to write the ousting of Boris was unforgivable enough. So she appears to be saying that Boris Johnson was unforgivable enough.

I wonder if some third party may have gotten their hands on this before it was sent out. Like if she didn't press the return button on her own, there could have been changes. No?

It was posted on her Twitter account, as is the custom. But there are a huge number of errors and grammatical flaws and you just think, oh my God, wouldn't you have spent a bit more time writing this letter? Anyway, the Resign Well website, the Rate Your Resignation Twitter account, is an account which looks at people's resignation letters and then gives them a score and points out grammatical errors. And I quite enjoy it because, my goodness, there's not that much to enjoy in British politics at the moment.

This is such a wanky thing that is so British, right? To go through and go, actually, they don't know how to use a past participant. Did you see? So, yeah, that's what this is. But it is good fun. I enjoy it too. I've lived here long enough. I know how to roll with this. I love it.

That's my pick of the week. Carole, what's your pick of the week?

My pick of the week is a book, which I experienced as an Apple audio book. And it is called The Future by Naomi Alderman. It's brand new. I think it's just hit the shelves. I've just finished it. And it is teeny tiny bit security related because at the heart of the story, there's some techie jiggery pokery afoot. But the whole thing is more taking a stab at how the near future could pan out if we don't pay a bit more attention to what's going on. So basically, you've got three tech trillionaires, right? You've got a CEO of a hybrid of Facebook and ex-Twitter called Fantail. You've got the CEO of Anvil, that's Amazon. And you have the CEO of Medlar, which is kind of a Microsoft-y Apple, you know, world's most profitable personal computing company. And they have made in-case plans. And what I mean by that is if the world goes AWOL completely, these three VVVV IPs can be safe, right? Because they have lavish bunkers dotted around the world.

Okay, so it's how they're going to survive when the world goes to shit. So they'll be cryogenically suspended or they'll be blasted into space to set up life on a new planet.

Yeah, the book is actually more about how do you get enough advanced warning that you're going to be able to get the hell out of Dodge if the hammer hits. So everything starts going crazy, everything starts melting down around you. How can you leave in your very posh, I don't know, whatever, Porsche or, you know, posh car and not be hammered by people who are going crazy? Jetpack. Good one. But you need an advanced warning system. So they say, why don't we create a program that triages all the world's data and risk points with a view of predicting the world's end ahead of time, so we have enough time to jet off to our fully stocked for decades luxurious safe house, while the rest of us fight for survival, Mad Max style-y. So this is kind of the narrative of the book. And it's interwoven with backstories and childhood experiences of all our kind of protagonists.

Is this a funny book, Carole? Is it a comedy?

No, it's not a slapstick book. No, no, no, it's not funny. But it is thoughtful. I found it very thoughtful and I found it smart and I found it engaging. The Guardian did not. They kind of slated it. Her previous novel was called The Power and that won the woman's prize for fiction. I haven't read that yet, but I will now. But I think it's a shame the Guardian didn't get it. I think she brings a lot of interesting topics, topics that our listeners will like, but Graham, this is not a book for you because it's kind of complicated. There's no pictures. And you need to focus. Yeah. You just need a lot of focus. There's a lot of threads. And I think you would just get really frustrated and go, ah, this is not for me, but I, it was right up my street. So if you my pick of the weeks, this sounds it's up your wazoo. Check it out. It's called The Future by Naomi Alderman. And that's my pick of the week. Well, that just about wraps up the show for this week. Next week, we're going to have a bumper show, aren't we, Carole? Overcast. And high tens to our episode sponsors, Fanta and Collide.

Until next time, cheerio. Bye-bye. Bye. What are you doing Thursday night, Crop? Thursday night? November the 23rd. BBC 4. They're showing a colourised re-edit of the first ever Dalek story. Doctor Who. The Daleks. 1963.

John's been watching these. He's been... Because the BBC have put... I can't believe this hasn't been one of your pick of the weeks yet. Or was it? I'm saving up for it. I'm saving up for it. He started watching from season seven. Oh, of the classic old series. Yeah. Yeah. He started because they're all up there now. All. Season seven's brilliant. It's John Pertwee's first series. Exactly. Exactly. That's what he said. John Pertwee is the best Doctor Who. That's what he said. But yeah, he started at season seven. They're all up. They've put them all up on iPlayer.

They are. Oh, it's a wonderful thing. No, it's good. Yeah. It's good stuff. Good stuff. All right. See you next week. Thank you.