Apps can let you spy on strangers in bars, a gang of cryptocurrency thieves turns to kidnap and assault, and have you joined the mile-high evil twin club?
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley of the brand-new “The AI Fix” podcast (co-hosted with Graham!).
Talk about nepotism.
Warning: This podcast may contain nuts, adult themes, and rude language.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Kiss Kassay?
It's a brilliant new podcast.
I didn't know you were hosting a podcast, Mark. Who are you doing that with?
Smashing Security, episode 379: Private Nights, Evil Twins, and Crypto Home Invasions with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 379. My name is Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 379. My name is Graham Cluley.
And I'm Carole Theriault. Graham, you sound a bit funny.
Oh, I do. I'm a little bit under the weather. I've got something stuck up my nose or coming out of my nose. So apologies, listeners.
But the good news is that we're joined by a special guest this week. Someone who's been on the show many times before, but under a new guise this week.
It's Mark Stockley of the AI Fix podcast.
But the good news is that we're joined by a special guest this week. Someone who's been on the show many times before, but under a new guise this week.
It's Mark Stockley of the AI Fix podcast.
Hi!
Hey, AI Fix! What is this? Qu'est-ce que c'est?
It's a brilliant new podcast.
I didn't know you were hosting a podcast, Mark. Who are you doing that with?
Some chap called Graham.
Graham.
Hello.
Graham Graham?
Yeah.
Okay, no, I knew, I knew. I was just trying to give some excitement.
Did you make us a cake? Are there decorations? I can't see.
Why? Because I'm a girl?
Wow. You went there, I didn't. I just, because you're nice.
Listeners, I'm a little insecure about this new podcast. You know, it's going to blow us out of the water.
Oh, I don't think so.
You know, you've got two knowledgeable middle-aged men.
Yeah, the podcast run by a couple of old white guys.
We thought there aren't enough podcasts with a couple of white guys talking about AI.
Yeah.
You know, it's a new niche.
So Mark, tell me, what's The AI Fix all about?
It's about AI, which is artificial intelligence.
Is it?
Not artificial insemination.
Well, sometimes. Yeah, it's a podcast about AI and it's for people who want to listen to something about AI and not fall asleep. I think that's probably the best way to describe it.
So we're going to dive headfirst into the hilarious, bizarre, and downright mind-boggling, it says here, world of artificial intelligence.
You and me, Mark, we're going to discover AI and share some weird stories, and who knows what we'll find on the way.
You and me, Mark, we're going to discover AI and share some weird stories, and who knows what we'll find on the way.
Well, I'm not nervous about it at all. It's super great. I'm super happy.
Great. Thank you very much. Anyway.
I think you should come on.
Come on.
Come and try out the furniture.
Be our first guest, maybe.
Sit in the AI Fix sofa. You can put up some decorations and make a cake.
Frankly, we could do with another listener.
Well, look, I have a new cat. I'm very busy. But before we kick off, let's thank this week's wonderful sponsor, 1Password.
It's their support that helps us give you this show for free. Coming up on today's show, Graham, what do you got?
It's their support that helps us give you this show for free. Coming up on today's show, Graham, what do you got?
Oh, I am going to be getting hep to the jive, daddy-o.
Okay, Mark, good luck with the AI Fix. What's your topic?
I am going to talk about criminals getting their digital comeuppance.
And we're going to see if evil twins do exist. All this and much more coming up on this episode of Smashing Security.
Now, Daddy-O, Daddy-O, are you hep to the jive?
As a jazz lover, this is really upsetting. Jesus.
Just as a human with ears, this is really upsetting.
I like nothing more on a Saturday night than cutting a rug, digging some crazy chick, and laying some skin on the dance floor.
It's all bollocks.
Hey, Carole, don't get bent out of shape. This is me, Graham, talking here. But what you may not know about me, listeners, is that this cat has got the cream.
So I say to you squares, get with it, Jackson, because the ginchiest thing you ever saw is a 50-something podcaster cooking with gas. Ya dig?
So I say to you squares, get with it, Jackson, because the ginchiest thing you ever saw is a 50-something podcaster cooking with gas. Ya dig?
Did you AI how to talk like someone who is a jazz cat? Yes, I did.
I am, of course, describing the typical night out that I like to enjoy in hip language.
You can imagine me donning my smoking jacket, my espadrilles, my plus fours, hitting the hip happening joints in my hometown.
But the question you also have to ask yourself when you're going out for the night is where to go.
That's the difficult question to answer because you want to go somewhere where there is what I believe is known by the kids as a vibe, somewhere that is hot.
Well, I wouldn't have had a problem if I lived in Dundee in Scotland, where an enterprising student has launched an app for your smartphone, Android and indeed iPhone, and it's called Whoz Out Tonight.
Whoz is spelt with an H. So it's who's out tonight, which is my approximation of a Scottish accent.
You can imagine me donning my smoking jacket, my espadrilles, my plus fours, hitting the hip happening joints in my hometown.
But the question you also have to ask yourself when you're going out for the night is where to go.
That's the difficult question to answer because you want to go somewhere where there is what I believe is known by the kids as a vibe, somewhere that is hot.
Well, I wouldn't have had a problem if I lived in Dundee in Scotland, where an enterprising student has launched an app for your smartphone, Android and indeed iPhone, and it's called Whoz Out Tonight.
Whoz is spelt with an H. So it's who's out tonight, which is my approximation of a Scottish accent.
So it's an app to find out who's about, who's out, who's doing what.
Right.
Yeah, connect. That's right.
It's got around about 3,000 users.
It was put together by a fourth-year medical student called Thom Whitelaw, and he developed Whoz Out Tonight so that people could— well, the app can track your location, and it guides partygoers to the best spots in town, it says.
It was put together by a fourth-year medical student called Thom Whitelaw, and he developed Whoz Out Tonight so that people could— well, the app can track your location, and it guides partygoers to the best spots in town, it says.
And hasn't this app already been invented about 20,000 times? Yeah.
He's already taking a chip out of our show, Graham. I'm just saying.
Because there was, was it Foursquare? Foursquare. That's right. Foursquare, where you could be king of a location.
Yeah. Grindr.
Yeah. Grindr could do it. And that you had extras with Grindr, of course. It sort of gave you a little radar. You are within 13 feet of a penis, if that was what you were looking for.
Dick alert. Dick alert. Us girls need that too, you know.
There goes the sonar. So, this app tracks your location, and this guy Thomas, he developed it after having some previous bad experiences.
He was describing to the media how he went out with his friends one night in Dundee, and there they are barrelling down the road, and they went to one venue.
They paid £5 to get in, and what did they find?
He was describing to the media how he went out with his friends one night in Dundee, and there they are barrelling down the road, and they went to one venue.
They paid £5 to get in, and what did they find?
Nothing.
No one was there. It was this place isn't happening.
Okay, I've been out a lot.
Carole, you're still in your 40s.
Yeah, I've been out a lot, and you can sniff out an empty joint pretty easily. It doesn't take much.
But hang on, there is a difference between you and me and Mark, and that is that you are a female.
Okay.
Yes, you're right. You've got boobies, which means that you can get into these places typically for free, whereas Mark and I—
No one wants to be in an empty joint, whether it's free or for a fiver.
No, but if it's happy hour or something, you could go in for a cocktail with your gaggle of girls and you could have fun there, and then us men would pay to gain access to you.
It's so gross. It's so gross.
Well, not like that.
It's so gross.
I'm not suggesting—
Gather in the chickens, let the cocks in.
Typically, the men have to pay to get in, and only then do they discover either that it's empty, or there's no one there that they find particularly attractive.
Yeah, it's not a guarantee of, you know, getting laid, a fiver. Seriously, if that's what you're hoping to get for a fiver—
This is Dundee we're talking about, Carole. I'm sure it probably is quite good.
Good God.
So they went somewhere else, and they paid another £5, and then they realised it was an over-40s night. So it probably would've been us three in there at that time.
What were their objectives? Like if they wanted to go out and boogie or—
They just want to go out there. They're medical students. They just want to go out and get drunk and disembowel someone or whatever it is medical students do. Play with some corpses.
What do medical students do?
What do medical students do?
Do we really want to go there?
I'm thinking it's rhetorical question. Just ignore him.
Yeah.
Anyway. They ended up spending £15, and they were really, really disappointed. Oh!
Okay, wow. I'm feeling for them now.
And they said by the time they went somewhere there were actually people, it was 2 AM. And the bouncers said, "No, you're not allowed in now.
It's too late." So, is Dundee a big place?
It's a city.
It's got a university.
It's home of the Dundee Cake as well.
It took them until 2 AM to find someone.
They're medical students. They're probably quite, quite drunk.
So they basically, they stayed in the place that was empty.
Well, they said they didn't, but they may have bought a drink on the way. Just to get—
Did they write the app in the place that was empty?
They just used the silence, took the opportunity, spent a few hours, made the app, found someone with the app, 2 AM, £15 well spent.
They just used the silence, took the opportunity, spent a few hours, made the app, found someone with the app, 2 AM, £15 well spent.
I'm interested in knowing why this is on our show at the moment.
Because—
Because—
I'm glad you asked that question.
This medical student who's behind the app, he says that safety and privacy are a priority for him. He says that the app shows locations to your, quote, friends.
These are people you've pre-approved. And the map doesn't show how you are travelling to a particular location.
These are people you've pre-approved. And the map doesn't show how you are travelling to a particular location.
What do you mean how? Like skateboard, donkey?
Skiing?
Yeah, that kind of critical information is not shared, apparently, by the app. Or what routes that you're taking, because they don't want to share that.
They just want to say when you check into somewhere. And he was asked by the press, how do you stop abuse? And he said, don't worry about that.
We've got inbuilt measures in place to stop abuse.
They just want to say when you check into somewhere. And he was asked by the press, how do you stop abuse? And he said, don't worry about that.
We've got inbuilt measures in place to stop abuse.
Sounds like 90% of the companies.
He says the main one is your location will not be shared with people you haven't accepted as friends on the app. Right.
That's what you want to know.
You want to— I'm going to be responsible for choosing people that I know, and you're responsible for making sure that the right information is shared with them. Got it. Okay.
You want to— I'm going to be responsible for choosing people that I know, and you're responsible for making sure that the right information is shared with them. Got it. Okay.
Yeah, makes sense.
Makes sense.
So in principle, if that data is held securely, if the app has been developed by professional app developers rather than in a bar while they're waiting to find some girls, then everything should be fine, right?
Everything should be okay because they're only going to notify people who you've friended via the app as to where your location is.
If you're not friends of anyone, you would be able to see that there are maybe 80 people checked in at a particular venue, but you won't be able to see who specifically is in that bar.
So you'll be able to see the popularity of a place, but you won't be able to see who is there. I don't know if it tells you what gender they are.
So in principle, if that data is held securely, if the app has been developed by professional app developers rather than in a bar while they're waiting to find some girls, then everything should be fine, right?
Everything should be okay because they're only going to notify people who you've friended via the app as to where your location is.
If you're not friends of anyone, you would be able to see that there are maybe 80 people checked in at a particular venue, but you won't be able to see who specifically is in that bar.
So you'll be able to see the popularity of a place, but you won't be able to see who is there. I don't know if it tells you what gender they are.
It might say that, oh, and three of your friends are there too. Well, yes.
But if you're friends, then it will actually tell you that Brian and Cluffy and Stringberg are there as well.
I don't want to jump ahead or second-guess what's going to happen next, but I've got a bad feeling about this.
And my bad feeling is, when somebody says to me that my privacy and security is important to them, I get the same feeling as when somebody tells me their call is important to me.
And my bad feeling is, when somebody says to me that my privacy and security is important to them, I get the same feeling as when somebody tells me their call is important to me.
Well, so far, the only people who've used Whose Oot to Neet are these 3,000 students, I imagine, in Dundee. And I imagine this—
That's not chump change.
No, it's not.
But I imagine they're all so bladdered that they haven't actually had the compos mentis to actually test the security of the app to see if there are any vulnerabilities.
But I imagine they're all so bladdered that they haven't actually had the compos mentis to actually test the security of the app to see if there are any vulnerabilities.
Oh, right. Go and read the terms and conditions that you always make fun of me for. Right, they should all do that now.
Or they haven't vulnerability tested it, or no one's actually—
Kids are better than most. Kids are better than most, I think. I don't know, I'm defending the kids. They're pretty smart.
Well, there is a new app on the scene now. So that's one of them, but this is happening all around the world. Another one has hit the streets of San Francisco.
So there is an app called Two, the number 2, Night.
So there is an app called Two, the number 2, Night.
What? You're— okay, you're annoyed by something.
It sounds— yeah, the name. Number 2 Night. It's a little bit like a Prince song.
What's wrong with Prince?
Well, Prince is all right, but the names of his songs sometimes have a number 2 instead of the word 'two', or 'You' is a capital U on its own.
Carole, do you want to be on a podcast?
2Night allows users to check livestreams of bars and clubs to determine if they have the right vibe.
And the chap who's created this app has predicted that demand's going to be really high, because he says San Francisco night scene, he's had problems navigating it.
What it does is his company has set up a network of cameras across San Francisco venues that let app users see how busy events are, not by people checking in, but instead by them looking at the livestream video from particular bars.
And the chap who's created this app has predicted that demand's going to be really high, because he says San Francisco night scene, he's had problems navigating it.
What it does is his company has set up a network of cameras across San Francisco venues that let app users see how busy events are, not by people checking in, but instead by them looking at the livestream video from particular bars.
Oh, I quite like that.
I think I do, because if I were a 20-something kid wanting to go out and party, especially if I'm in the States and it's a long drive, you know, it's not an A to B.
I'm not living in New York and it's easy to get to. It's far, you want to check and make sure it's worth its salt.
I think I do, because if I were a 20-something kid wanting to go out and party, especially if I'm in the States and it's a long drive, you know, it's not an A to B.
I'm not living in New York and it's easy to get to. It's far, you want to check and make sure it's worth its salt.
Well, it has divided opinion because although there may be some advantages, for instance, you may be able to get a sense of the male-female ratio, for instance, or—
Yeah, that would be my first worry. Is there too many girls in the house?
Shit, I'm not going. I'm sorry, I don't wish to speak out of turn, but I think that's a big assumption in San Francisco.
I could go work out the male-male ratio. If your club is full of Hell's Angels or ventriloquists or something, you may choose not to want to go there, Carole.
So working out the ratio and who actually is there, I think it makes a lot of sense.
But it's interesting that you think this is a good idea because they've suffered a real backlash on social media because bar-goers are claiming their privacy is being invaded.
People say, forget that shit, they're saying.
So working out the ratio and who actually is there, I think it makes a lot of sense.
But it's interesting that you think this is a good idea because they've suffered a real backlash on social media because bar-goers are claiming their privacy is being invaded.
People say, forget that shit, they're saying.
We don't like the idea of being videoed when we go to a bar. Just go to a bar and decide if you like it. If it's not cool, go to another bar.
And some of the bars are upset because some of them are saying, we've been listed on this app and we haven't actually signed up for this, but it's advertising that we're members of the network.
And some of the bars are upset because some of them are saying, we've been listed on this app and we haven't actually signed up for this, but it's advertising that we're members of the network.
So people are saying this is a privacy issue because other people can see that you're constantly at the bar drinking away and you're getting a bad reputation.
That's what they're worried about.
That's what they're worried about.
They're worried about their boss.
Or you're doing the fandango.
They're worried about their boss seeing the video of them just chugga-chugga. Right.
I don't know about you guys, but if I don't want to be seen and I don't want people to know what I'm doing, I go to a bar.
But if you— maybe you don't mind being seen at the bar, but you don't want other people who don't go to the bar seeing that you're there.
Like, for instance, your partner, or maybe your boss, because you've got a big project to hand in at 8 o'clock the following morning.
Like, for instance, your partner, or maybe your boss, because you've got a big project to hand in at 8 o'clock the following morning.
Oh no, okay, but think about it.
And you're out there getting blathered.
Think about it. Okay, so say you don't want your tutor to know that you've gone out instead of written your essay, right? So you've gone out to one of the bars.
Is the tutor gonna spend his time going through every single bar, all the live footage to see if they can spot you?
Is the tutor gonna spend his time going through every single bar, all the live footage to see if they can spot you?
Presumably this is outside the bar, not inside the bar.
No, it's inside the bar. It's inside. So— These cameras are ins— I've just said it 3 times. I'll say it again. They're inside the bar.
So where are the cameras? They're inside, Mark.
Mark, what's your story for us this week?
Well, you guys know that I love a story about criminals who aren't as smart as they think they are.
And so my story today is all about an absolutely horrible individual called Rémy Saint-Félix and his gang.
And so my story today is all about an absolutely horrible individual called Rémy Saint-Félix and his gang.
I love his name. Rémy Saint-Félix.
Anyway, he turned out to be a lot less tech savvy than he thought.
And that's good news for all of us, but particularly for people living in North Carolina, Florida, Texas, and New York.
Because Saint-Félix is a horrific individual who's just been convicted of a series of violent home invasions and is now facing 7 years to life.
And that's good news for all of us, but particularly for people living in North Carolina, Florida, Texas, and New York.
Because Saint-Félix is a horrific individual who's just been convicted of a series of violent home invasions and is now facing 7 years to life.
Okay, I don't like his name very much anymore.
No. So strangely, this guy is a cryptocurrency thief, and there's nothing unusual about that, you might think.
When cryptocurrency was booming, you couldn't go a week without somebody, normally the owner, siphoning off half a billion dollars in bitcoin from some dodgy online exchange or abusing a smart contract to ransack somebody's collection of monkey pictures.
But Felix wasn't like those thieves. Now, crypto theft is never victimless and it can cause significant harm, but it is at least normally bloodless. But St.
Felix and his gang were not bloodless. They targeted cryptocurrency owners and they broke into their homes.
And then once they were inside, they threatened and even tortured the occupants in an attempt to get them to transfer money or hand over passwords. Oh boy, that's really nasty.
When cryptocurrency was booming, you couldn't go a week without somebody, normally the owner, siphoning off half a billion dollars in bitcoin from some dodgy online exchange or abusing a smart contract to ransack somebody's collection of monkey pictures.
But Felix wasn't like those thieves. Now, crypto theft is never victimless and it can cause significant harm, but it is at least normally bloodless. But St.
Felix and his gang were not bloodless. They targeted cryptocurrency owners and they broke into their homes.
And then once they were inside, they threatened and even tortured the occupants in an attempt to get them to transfer money or hand over passwords. Oh boy, that's really nasty.
It'd be really annoying if you'd lost your little gizmo where all that information was on and you wanted to give it to them as well. You'd be, "I don't know where I put it."
Oh, your little hardware key.
Yeah, don't break my toe.
Anyway, thankfully, they only carried out a handful of these raids before they were caught, and they didn't make much money.
And in fact, they'd actually have been much better off staying online, which is where they started. So the origins of the gang start with a chap—now, if you like St.
Felix's name, you're going to love this one.
So the origins start with a chap by the name of Jared Seemongold, who cut his teeth on SIM swaps, working bizarrely with a group of people that he met in Minecraft.
Which is easily the weirdest thing about the whole story. I mean, I thought Minecraft was this sort of charming educational game for kids.
It's the one thing online that I had no problems with my kids spending all day on. But who knew? It turns out it's a gateway to violent home invasions.
I should just let them use TikTok or something. Anyway, so SIM swap is where you trick a phone company into transferring somebody's phone number to your device.
And that allows you to receive their two-factor authentication codes when they log into an online account.
So, you know, you type in your username and password and then your phone says, you know, now you need to type in this six-digit code that appears on your phone.
And so if you've guessed someone's password and you've stolen their phone number through a SIM swap so you can get their 2FA codes, then you can break into their crypto accounts and you can steal their money.
And it sounds like Seemongold was actually quite successful at this. And in one case, he even managed to steal $3 million from a single victim.
And in fact, they'd actually have been much better off staying online, which is where they started. So the origins of the gang start with a chap—now, if you like St.
Felix's name, you're going to love this one.
So the origins start with a chap by the name of Jared Seemongold, who cut his teeth on SIM swaps, working bizarrely with a group of people that he met in Minecraft.
Which is easily the weirdest thing about the whole story. I mean, I thought Minecraft was this sort of charming educational game for kids.
It's the one thing online that I had no problems with my kids spending all day on. But who knew? It turns out it's a gateway to violent home invasions.
I should just let them use TikTok or something. Anyway, so SIM swap is where you trick a phone company into transferring somebody's phone number to your device.
And that allows you to receive their two-factor authentication codes when they log into an online account.
So, you know, you type in your username and password and then your phone says, you know, now you need to type in this six-digit code that appears on your phone.
And so if you've guessed someone's password and you've stolen their phone number through a SIM swap so you can get their 2FA codes, then you can break into their crypto accounts and you can steal their money.
And it sounds like Seemongold was actually quite successful at this. And in one case, he even managed to steal $3 million from a single victim.
I'm dying to know how he gets into proper home invasions to make this even more complicated.
Well, that's a really, really good question. And the details on this case don't go into that very much.
But it seems after a year or so of doing this, he started to think about ways to target people that he couldn't hack.
So for example, one of the victims was someone that he had stolen money from online, but he knew there was more money to be had.
But it seems after a year or so of doing this, he started to think about ways to target people that he couldn't hack.
So for example, one of the victims was someone that he had stolen money from online, but he knew there was more money to be had.
So he's going back to another previous victim. Yeah.
In order to do a SIM swap, for that to work, you also have to guess someone's password, which means they either have to be reusing passwords or they have to have a password you can guess.
So there's this whole group of other people who've got slightly better online security that aren't going to be vulnerable to that kind of attack no matter what.
And so this guy, Semangull, approached St. Felix and two others, and then St. Felix recruited a bunch of other people until they had a gang of about a dozen.
And although the crimes happened in the real world, obviously very little happens in the real world today that doesn't also touch the online world somehow.
So the gang took steps to protect themselves online, and they were using cryptocurrencies, of course, and they liked Monero, which does a much better job of keeping you anonymous than Bitcoin.
Which is only pseudonymous, right? And they use the Telegram encrypted messaging service to plan their crimes.
Because for some reason, criminals always use Telegram rather than Signal. I don't know why.
But if you tell me that you're a Telegram user, I'm basically going to assume that you're either a crook or you're a Russian mill blogger. Those are your only two options.
So there's this whole group of other people who've got slightly better online security that aren't going to be vulnerable to that kind of attack no matter what.
And so this guy, Semangull, approached St. Felix and two others, and then St. Felix recruited a bunch of other people until they had a gang of about a dozen.
And although the crimes happened in the real world, obviously very little happens in the real world today that doesn't also touch the online world somehow.
So the gang took steps to protect themselves online, and they were using cryptocurrencies, of course, and they liked Monero, which does a much better job of keeping you anonymous than Bitcoin.
Which is only pseudonymous, right? And they use the Telegram encrypted messaging service to plan their crimes.
Because for some reason, criminals always use Telegram rather than Signal. I don't know why.
But if you tell me that you're a Telegram user, I'm basically going to assume that you're either a crook or you're a Russian mill blogger. Those are your only two options.
Telegram is the Russian encrypted messaging service, isn't it? I think they— Yes. I wonder if that could possibly be connected to the cybercrime angle.
Very popular with ransomware gangs. Just going to leave it there. Anyway, as you know, both of you, staying hidden online is hard.
And in the words of the US Department of Justice, although the members of this violent conspiracy tried to cover their tracks through encrypted communication and anonymous financial transactions, they were not beyond the reach of our dedicated investigators and prosecutors.
And you can say that again.
And in the words of the US Department of Justice, although the members of this violent conspiracy tried to cover their tracks through encrypted communication and anonymous financial transactions, they were not beyond the reach of our dedicated investigators and prosecutors.
And you can say that again.
I don't think I could, actually.
I'd like to hear Graham say it in jive. Don't think we got time. So I'm deliberately not going to go into the details of the invasions because they are actually horrifying.
And they must have been an unimaginable ordeal for the people who were involved.
So instead, I'm going to focus on the criminals because I'm absolutely not above poking fun at awful individuals.
But just so that you know, these were violent crimes with real victims. Now, one of the invasions happened in North Carolina in April 2023.
And it started with members of Felix's gang disguising themselves as construction workers by wearing safety vests and khaki pants.
And they must have been an unimaginable ordeal for the people who were involved.
So instead, I'm going to focus on the criminals because I'm absolutely not above poking fun at awful individuals.
But just so that you know, these were violent crimes with real victims. Now, one of the invasions happened in North Carolina in April 2023.
And it started with members of Felix's gang disguising themselves as construction workers by wearing safety vests and khaki pants.
They sound at the moment they're Village People, I think, is how they've dressed themselves up. Which is truly terrifying if they showed up in the middle of the night in my house.
That was the only point in the whole scenario where they were in any way the Village People. But one of them, you're going to love this, Carole, one of them is called Elma Castro.
Anyway, once inside, they coerced the occupants into transferring exactly $156,853 of cryptocurrency. And then after the attack, the criminals had to split the money.
So Castro and Felix both opened cryptocurrency accounts not long after leaving the crime scene.
You'd imagine that criminals who are savvy enough to use Monero and Telegram to cover their tracks are going to use some kind of shady offshore exchange rather than one that the FBI can pick up the phone to, say Coinbase.
Anyway, once inside, they coerced the occupants into transferring exactly $156,853 of cryptocurrency. And then after the attack, the criminals had to split the money.
So Castro and Felix both opened cryptocurrency accounts not long after leaving the crime scene.
You'd imagine that criminals who are savvy enough to use Monero and Telegram to cover their tracks are going to use some kind of shady offshore exchange rather than one that the FBI can pick up the phone to, say Coinbase.
Oh my goodness, they didn't. They did.
Seriously? They opened Coinbase accounts.
And why is that so crazy?
Well, if you open a Coinbase account, you're basically, you have to register in the US.
And if you've got an account there and you're of interest to the FBI, the FBI pick up the phone and they wave a search warrant at Coinbase and Coinbase goes, here's everything we know about these people.
And if you've got an account there and you're of interest to the FBI, the FBI pick up the phone and they wave a search warrant at Coinbase and Coinbase goes, here's everything we know about these people.
And when you create an account at Coinbase, they're going to ask you for your ID. They want to know who the hell you are.
Before they let you in. Oh yeah.
Yeah. So, I mean, I guess you could always use a false identity. Like, you're a crook, you're into home invasions.
Yes, yes, you definitely would. You're going to have a false ID. Every decent crook would do that.
Yes, of course. Yeah. So that nobody would be dumb enough to open a crypto account in their own name. Would they?
Oh, I would. I'd be the idiot.
Elmer Castro does sound like a pseudonym. It doesn't sound like it's his real name.
Yeah, I can't, I'm trying to imagine the mum looking at this tiny little baby going, I know.
Tickle me, Elmer.
So within hours— Oh boy. —of the attack, both Castro and St Felix had both opened Coinbase accounts in their own names.
And as Graham pointed out, you don't get to open one of those accounts without providing some ID.
And so not only did they provide their names, but they also provided their phone numbers, their addresses, their email addresses, and copies of their driver's licenses.
And as Graham pointed out, you don't get to open one of those accounts without providing some ID.
And so not only did they provide their names, but they also provided their phone numbers, their addresses, their email addresses, and copies of their driver's licenses.
Why didn't they— when they're torturing people to get access to their bitcoin currency or whatever it is, why aren't they also taking the ID information from those people and creating accounts in their victims' names?
Wouldn't that be a— well, sorry, I don't want to give people ideas, but wouldn't that have been a—
Wouldn't that be a— well, sorry, I don't want to give people ideas, but wouldn't that have been a—
Next time you're doing a home invasion, follow Smashing Security for tips on crime.
Yeah, I bet you didn't think of that in your podcast, Mark. No, I'm kidding.
Episode 6, how to use AI for crime. Now, I know what you're both thinking. Because I just said that they provided phone numbers. Right.
And we all know that phones can be used to track people. Oh yes. So obviously there's no way they'd be stupid enough to go anywhere near the crime scene with their phones, right?
Well, if you're thinking that, you'd be wrong.
And we all know that phones can be used to track people. Oh yes. So obviously there's no way they'd be stupid enough to go anywhere near the crime scene with their phones, right?
Well, if you're thinking that, you'd be wrong.
No, no, I was just going to say, I wouldn't have thought of that. I mean, yeah, I probably would have.
If I'd committed a crime and I was going to the scene, I'd probably leave my phone at home. Wouldn't I? I probably would.
If I'd committed a crime and I was going to the scene, I'd probably leave my phone at home. Wouldn't I? I probably would.
Well, rather than taking a selfie of what you're up to or something. Yeah.
This is where I did last night. So, location data from the phones showed that both men had travelled from Florida to North Carolina a few days before the attack. Right.
And then returned to Florida a few days after.
And then cell tower data put both the phones in the vicinity of the home that was raided in the days before the attack, at exactly the times that camera footage from local residents had spotted a BMW SUV conducting surveillance on the victim's home.
And then returned to Florida a few days after.
And then cell tower data put both the phones in the vicinity of the home that was raided in the days before the attack, at exactly the times that camera footage from local residents had spotted a BMW SUV conducting surveillance on the victim's home.
So they go to all the effort of going out of state. It's like, we're not going to do this on our own home turf.
We're going to do it far away from where we live so people can't track it back to us.
But they do go to the effort of getting themselves a car or something with fake plates to conduct surveillance on the house.
We're going to do it far away from where we live so people can't track it back to us.
But they do go to the effort of getting themselves a car or something with fake plates to conduct surveillance on the house.
Well, I wouldn't go that far. They got themselves a car. Let's leave it there.
No one's a genius in all things, Graham, right? It's like, there's gonna be some blind spots in all of us, and maybe we're exposing a few of theirs.
I just feel like, if we were talking about something that wasn't their chosen profession, I might agree with you.
It's like, if you're gonna be a genius at one thing, and you're doing crime... crimes, I mean, it seems like an obvious choice to me.
Anyway, so the police don't just have access to phone records. They even also pull details of what money you've spent and where.
Now you'll recall that these criminals were big fans of cryptocurrencies. And so it was natural that they would cover their tracks by buying the things they needed using crypto.
Uh-oh. I'm kidding, they didn't do that. They used a debit card. The day before the attack, Castro used a debit card at the victim's local Walmart to buy safety vests and khaki pants.
And the surveillance cameras at Walmart spotted both Castro and St Felix making the purchase.
And they also spotted a BMW SUV in the Walmart car park that matched the one that was later seen surveilling the victims.
But the real treasure trove was the email addresses that Castro and Felix gave to Coinbase. Oh no.
So Castro's email address was associated with an iCloud account which allowed police to access messages exchanged between the two.
And in those messages, they discussed going to North Carolina, hiring a car, and staying in a specific hotel.
And the police also found a picture of a very distinct pink pistol that one of the victims had identified during the attack. A pink pistol? Why would you photograph the gun?
I just— Pink! Well, yeah, you want to look good when you're doing a home invasion, right?
It's like, if you're gonna be a genius at one thing, and you're doing crime... crimes, I mean, it seems like an obvious choice to me.
Anyway, so the police don't just have access to phone records. They even also pull details of what money you've spent and where.
Now you'll recall that these criminals were big fans of cryptocurrencies. And so it was natural that they would cover their tracks by buying the things they needed using crypto.
Uh-oh. I'm kidding, they didn't do that. They used a debit card. The day before the attack, Castro used a debit card at the victim's local Walmart to buy safety vests and khaki pants.
And the surveillance cameras at Walmart spotted both Castro and St Felix making the purchase.
And they also spotted a BMW SUV in the Walmart car park that matched the one that was later seen surveilling the victims.
But the real treasure trove was the email addresses that Castro and Felix gave to Coinbase. Oh no.
So Castro's email address was associated with an iCloud account which allowed police to access messages exchanged between the two.
And in those messages, they discussed going to North Carolina, hiring a car, and staying in a specific hotel.
And the police also found a picture of a very distinct pink pistol that one of the victims had identified during the attack. A pink pistol? Why would you photograph the gun?
I just— Pink! Well, yeah, you want to look good when you're doing a home invasion, right?
There's probably quite a few iCloud accounts which have something which looks like a pink pistol, to be honest.
It's the sort of thing you have to be very careful with if you're sharing your photo stream. I just ignore them.
It's the sort of thing you have to be very careful with if you're sharing your photo stream. I just ignore them.
But that, I mean, that seems bad, right? That seems bad, taking a picture of the gun that you're going to use. But St Felix's Google account was even worse.
So evidently, St Felix likes taking pictures, because he was kind enough to photograph the following things for the police. He took a picture of the victim's licence plate number.
He took pictures of the BMW SUV that was seen surveilling the victim's house and visiting Walmart, where the crooks bought their construction outfits.
So evidently, St Felix likes taking pictures, because he was kind enough to photograph the following things for the police. He took a picture of the victim's licence plate number.
He took pictures of the BMW SUV that was seen surveilling the victim's house and visiting Walmart, where the crooks bought their construction outfits.
He trusts tech.
Was he planning to have his family round for a slideshow after the crime? Say, hey, look what we did on our trip.
He took a picture of a gun next to some BMW keys in a room with a carpet matching the carpet of the hotel the two men had discussed on the chat found on Castro's phone. Oh.
So all the little points of light align, and they're—
So many points of light. And then what about this one? He took a screenshot of a cryptocurrency account taken the day before the attack, which had exactly $156,853 in it.
And the criminals, they had sort of prior information about the account that they were raiding, right. So that's what that screenshot is. Wow.
Now there's one last photograph, and I've saved it to last. 'Cause it's the best one, right. But rather than me tell you what's in it, I want you to guess.
So, based on what I've told you so far, what do you think could be in the last photograph?
And the criminals, they had sort of prior information about the account that they were raiding, right. So that's what that screenshot is. Wow.
Now there's one last photograph, and I've saved it to last. 'Cause it's the best one, right. But rather than me tell you what's in it, I want you to guess.
So, based on what I've told you so far, what do you think could be in the last photograph?
Passport photo.
Is it actually a selfie of them at the victim's house?
Not quite, not quite.
So Felix took a picture of himself posing in the hotel where the gun and the keys were photographed while wearing the construction outfit that he'd bought from Walmart and would later wear at the victim's house.
So Felix took a picture of himself posing in the hotel where the gun and the keys were photographed while wearing the construction outfit that he'd bought from Walmart and would later wear at the victim's house.
I think Graham gets that point. That's pretty good.
Thank you, Carole.
Carole, what's your story for us this week?
Okay, imagine both of you, you, Graham, you, Mark, you're both in Australia. You're together. You're travelling together on a domestic flight.
Are we holding hands?
I'm sure you are. It's perhaps a smaller plane. I don't know who gets the aisle seat, who gets the window seat. How would you guys decide?
The weight distribution is always very controversial, isn't it? I mean, making that decision, especially on a small plane. Speak for yourself.
Where someone's gonna sit and where the other one's gonna sit.
Where someone's gonna sit and where the other one's gonna sit.
It's tricky. Do you both like aisles or both windows?
What are you? I'm getting the aisle. I'm getting the aisle. I'm sorry, it's not even, this is not even a conversation. I prefer an aisle.
I want an aisle. I don't wanna be next to the window.
Well, I'm very sorry for you that you're sat in the window.
Okay, so Graham, you're sitting on Mark's lap on the plane.
And let's be honest, you're both feeling a little weary because, you know, you're nearing the end of your global live podcast show tour for The AI Fix. Okay. Oh, yes, that's right.
And let's be honest, you're both feeling a little weary because, you know, you're nearing the end of your global live podcast show tour for The AI Fix. Okay. Oh, yes, that's right.
2025. I've always said you should go first with your stories.
You know, you've hit New York, London, Paris, Tokyo, and Perth, and the crowds have been going wild. Your hands hurt from all the autographs. That's what you guys say.
Anyway, I'm glad it was autographs. Anyway, Mark has taken to wearing a white microfiber towel around neck to daub his celebrity glow.
Graham, you're sporting a flowery silk pajama suit, and you're sitting in the very cozy seats, smooshed in.
You're both silently fighting for command of the single armrest between you that you're sharing. Mark's knees are probably gunked into his chest because he's quite tall.
He's not that tall. Huzzah, though. Huzzah, the flight has free Wi-Fi. Brilliant.
You know, everything else can go to shit, but as long as you can sit there on your phones to check your latest show stats. Oh yeah, yeah. To see if you've kept your hot position.
Yeah. You guys are happy. And as you connect, you notice there's two Wi-Fi addresses showing up, both official airline offerings, right? Oh. And you're thinking, this is the life.
The airline might have ignored the legroom issue but has splurged to cover, you know, for the data hogs, people like you two. But guys, you'd be wrong.
Because it's something much more sneaky and I would say unusual, an evil twin Wi-Fi network. Dun dun dun. Okay, I'll get real sound effects, maybe. Maybe not, I don't know.
Anyway, I'm glad it was autographs. Anyway, Mark has taken to wearing a white microfiber towel around neck to daub his celebrity glow.
Graham, you're sporting a flowery silk pajama suit, and you're sitting in the very cozy seats, smooshed in.
You're both silently fighting for command of the single armrest between you that you're sharing. Mark's knees are probably gunked into his chest because he's quite tall.
He's not that tall. Huzzah, though. Huzzah, the flight has free Wi-Fi. Brilliant.
You know, everything else can go to shit, but as long as you can sit there on your phones to check your latest show stats. Oh yeah, yeah. To see if you've kept your hot position.
Yeah. You guys are happy. And as you connect, you notice there's two Wi-Fi addresses showing up, both official airline offerings, right? Oh. And you're thinking, this is the life.
The airline might have ignored the legroom issue but has splurged to cover, you know, for the data hogs, people like you two. But guys, you'd be wrong.
Because it's something much more sneaky and I would say unusual, an evil twin Wi-Fi network. Dun dun dun. Okay, I'll get real sound effects, maybe. Maybe not, I don't know.
You've got a budget on this podcast.
Yeah, yeah, yeah, we do, Mark.
Yeah, I know that we're in economy. You sent us on a world tour in your mind. Then you stuffed us into economy.
It's true. We're lucky to be in the aircraft at all, I reckon.
So this evil twin Wi-Fi network, okay, this is all according to the Australian Federal Police, the AFP, because back in April an unnamed airline reported suspicious Wi-Fi network activity to the AFP, and they took it seriously.
So seriously that just a few weeks later the AFP investigators search a 42-year-old man's baggage at Perth Airport. And what do they find?
A portable wireless access device, a laptop, and a mobile phone from his hand luggage.
So I was going to pause here and ask you guys, a portable Wi-Fi access device, laptop, mobile, not that suspicious really, is it?
So seriously that just a few weeks later the AFP investigators search a 42-year-old man's baggage at Perth Airport. And what do they find?
A portable wireless access device, a laptop, and a mobile phone from his hand luggage.
So I was going to pause here and ask you guys, a portable Wi-Fi access device, laptop, mobile, not that suspicious really, is it?
No. Not really, no.
I'm just thinking, is there any reason for someone to have a portable Wi-Fi access device? Can you think of one in our tech world?
'Cause laptops kind of do it, phones do it. Well, no, it's quite reasonable.
I think it's, for instance, it may be that you want to set up your own private little wireless network wherever you are heading to.
Rather than relying on whatever a hotel is gonna provide or whatever a conference centre is gonna provide, maybe. Or your cell provider, maybe.
I think it's, for instance, it may be that you want to set up your own private little wireless network wherever you are heading to.
Rather than relying on whatever a hotel is gonna provide or whatever a conference centre is gonna provide, maybe. Or your cell provider, maybe.
You don't want your cell provider to do it.
Maybe you don't want to use your cell provider, you know, but yes, you could set up your own little wireless network.
Yeah, maybe if you were on holiday with your kids and you wanted to safeguard what they were connecting to, or you hadn't heard of a VPN or something, or— I'm a bit hung up on what are they going to plug it into if they're planning to use it on the plane.
Do they have sockets in first class?
Do they have sockets in first class?
I don't— You need a really long cable. That's the main thing if you want to be on the internet on a plane. No other way to use the internet on a plane that I've ever found.
Really? I've used the internet on the plane.
Oh, come on. Does it actually work?
Well, it depends. What do you do? Do you try and stream high-end movies, or—
No, I'm just trying to connect to send an email. I'm just trying to see the statistics for the latest episode of The AI Fix podcast. And you're very impatient!
To be fair, that's a lot of data.
That is a huge amount of data to download. It's a big number. Big, very big number.
So this whole evil twin Wi-Fi network thing.
So basically the allegation from the Australian Federal Police is that this 42-year-old man used this portable wireless access device to create a Wi-Fi network with SSIDs very similar to those airlines operate when they offer in-flight access to the internet or for entertainment or whatever.
And the AFP stipulate this guy set it up at multiple locations to lure unsuspecting users into believing they were legit services and to sign up into the bogus Wi-Fi hotspot.
And the way that this guy did it is once they tried to connect their device, they were taken to a fake web page requiring them to sign in using their email or social media logins.
And then those details were allegedly saved on this man's device.
So basically the allegation from the Australian Federal Police is that this 42-year-old man used this portable wireless access device to create a Wi-Fi network with SSIDs very similar to those airlines operate when they offer in-flight access to the internet or for entertainment or whatever.
And the AFP stipulate this guy set it up at multiple locations to lure unsuspecting users into believing they were legit services and to sign up into the bogus Wi-Fi hotspot.
And the way that this guy did it is once they tried to connect their device, they were taken to a fake web page requiring them to sign in using their email or social media logins.
And then those details were allegedly saved on this man's device.
Because the thing is, when you're on an aeroplane, the internet connection is so bad that you will enter your details.
You will connect to any Wi-Fi network you can find, which could remotely be one which works, and you will enter your details and you will possibly enter your credit card details.
And if it manages to also scoop up your account details for your cryptocurrency exchange or whatever else that they might be able to grab, then, you know, potentially there's— and the kind of people who would use the internet on a plane, which is normally charged at such a ridiculous rate, are probably going to be the high flyers.
Aren't I clever? Anyway. This was free.
You will connect to any Wi-Fi network you can find, which could remotely be one which works, and you will enter your details and you will possibly enter your credit card details.
And if it manages to also scoop up your account details for your cryptocurrency exchange or whatever else that they might be able to grab, then, you know, potentially there's— and the kind of people who would use the internet on a plane, which is normally charged at such a ridiculous rate, are probably going to be the high flyers.
Aren't I clever? Anyway. This was free.
Okay, in Australia it's free. Free Wi-Fi.
It must be really shit then.
Is this the most expensive phishing attack in history?
Well, you know, it's really interesting because apparently he also— so basically he was harvesting legit account details stolen from unsuspecting plane passengers.
And apparently he also targeted the Perth airport Wi-Fi. But the question I've got is, had this guy done this at a local cafe, would anyone give a shit? Would anyone be the wiser?
Do you think the attention of the AFP would have been there? He went to national or international airports and started, you know, doing this on planes.
It kind of seems like a super— I don't know, maybe he was targeting a specific person.
And apparently he also targeted the Perth airport Wi-Fi. But the question I've got is, had this guy done this at a local cafe, would anyone give a shit? Would anyone be the wiser?
Do you think the attention of the AFP would have been there? He went to national or international airports and started, you know, doing this on planes.
It kind of seems like a super— I don't know, maybe he was targeting a specific person.
Who knows? I can't get past the economics. So I'm just imagining, let's just say a plane ticket costs $1,000, right? So normally a phishing attack, you know, there are frameworks.
You basically have to put up a website. You can do that at like Wix or something. It's essentially free. You can do it in half an hour.
You send out a couple of hundred thousand emails.
And this guy's out there rubbing his hands together going, if I get on a plane with fake Wi-Fi, I can access as many as 250 people in one go for nothing more than a plane ticket that cost me $1,000.
It's so weird.
You basically have to put up a website. You can do that at like Wix or something. It's essentially free. You can do it in half an hour.
You send out a couple of hundred thousand emails.
And this guy's out there rubbing his hands together going, if I get on a plane with fake Wi-Fi, I can access as many as 250 people in one go for nothing more than a plane ticket that cost me $1,000.
It's so weird.
And the guy's been charged with a laundry list of counts. But what I found interesting is the advice from the AFP.
It was quote, to connect to a free Wi-Fi network, you shouldn't have to enter any personal details such as logging in through an email or social media account. Really?
Now I've been on many free Wi-Fi networks and I find that they try and hoover up as many personal details as they can.
So I find that a little bit — I don't think that would be an area where you'd suddenly be nervous. That is absolutely a thing.
It was quote, to connect to a free Wi-Fi network, you shouldn't have to enter any personal details such as logging in through an email or social media account. Really?
Now I've been on many free Wi-Fi networks and I find that they try and hoover up as many personal details as they can.
So I find that a little bit — I don't think that would be an area where you'd suddenly be nervous. That is absolutely a thing.
Absolutely a thing. I was gonna say, but the funny thing is if we were doing this story 10 years ago, we'd be like, "Oh no, they're on dodgy Wi-Fi.
They're gonna hoover up all your data, and they're gonna steal all your passwords and things like that." But now, pretty much the only danger is that bit where you type in your email address.
And that, or maybe use your social media login, and then that's it. That's it.
Because even if you're on some criminal's Wi-Fi, as long as you're using encrypted email, which you almost certainly are, or you're using an encrypted web connection, which you almost certainly are, actually you're fine and they can't really do anything.
They can't attack your DNS, they can't get into your traffic. You just have errors and warnings coming up everywhere.
So weirdly, the actual danger of this, he could almost have been providing a public service.
If his rogue Wi-Fi was actually a faster connection than the airplane, I would connect to the rogue Wi-Fi. He should just advertise himself. He'll make more money. Yes, be legit.
They're gonna hoover up all your data, and they're gonna steal all your passwords and things like that." But now, pretty much the only danger is that bit where you type in your email address.
And that, or maybe use your social media login, and then that's it. That's it.
Because even if you're on some criminal's Wi-Fi, as long as you're using encrypted email, which you almost certainly are, or you're using an encrypted web connection, which you almost certainly are, actually you're fine and they can't really do anything.
They can't attack your DNS, they can't get into your traffic. You just have errors and warnings coming up everywhere.
So weirdly, the actual danger of this, he could almost have been providing a public service.
If his rogue Wi-Fi was actually a faster connection than the airplane, I would connect to the rogue Wi-Fi. He should just advertise himself. He'll make more money. Yes, be legit.
Yes, they'll pay for his plane ticket. In a perfect world, end users would only work on managed devices with IT-approved apps.
But every day, employees use personal devices and unapproved apps that aren't protected by MDM, IAM, or any other security tool.
There's a giant gap between the security tools we have and the way we actually work.
1Password calls it the Access Trust Gap, and they've also created the first-ever solution to fill it.
1Password Extended Access Management secures every sign-in for every app on every device.
Includes the password manager that you know and love and the device trust solution you've probably heard of on this podcast back when it was called Kolide.
1Password Extended Access Management cares about user experience and privacy, which means it can go places other tools can't, like personal and contractor devices.
It ensures that every device is known and healthy safely, and every login is protected.
So stop trying to ban BYOD or shadow IT and start protecting them with 1Password Extended Access Management. Check it out at 1password.com/smashing.
And thanks to 1Password for supporting the show. And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
But every day, employees use personal devices and unapproved apps that aren't protected by MDM, IAM, or any other security tool.
There's a giant gap between the security tools we have and the way we actually work.
1Password calls it the Access Trust Gap, and they've also created the first-ever solution to fill it.
1Password Extended Access Management secures every sign-in for every app on every device.
Includes the password manager that you know and love and the device trust solution you've probably heard of on this podcast back when it was called Kolide.
1Password Extended Access Management cares about user experience and privacy, which means it can go places other tools can't, like personal and contractor devices.
It ensures that every device is known and healthy safely, and every login is protected.
So stop trying to ban BYOD or shadow IT and start protecting them with 1Password Extended Access Management. Check it out at 1password.com/smashing.
And thanks to 1Password for supporting the show. And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week. Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish. It doesn't have to be security-related necessarily.
It better not be. Well, my Pick of the Week this week is not security-related.
It is a service I found online, a website, and I believe it's an app as well on your phone called Suno, S-U-N-O.
And what it allows you to do is just type in a few words and via the power of artificial intelligence, it will create a song for you.
So you can say, I would like to have a barbershop quartet singing about the insurance industry. And out the other end will come a barbershop quartet.
It will write the lyrics, it will do all the music and the backing, and it will do the voice. That's crazy. And this is enormous fun.
Could be a funny story, a book they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish. It doesn't have to be security-related necessarily.
It better not be. Well, my Pick of the Week this week is not security-related.
It is a service I found online, a website, and I believe it's an app as well on your phone called Suno, S-U-N-O.
And what it allows you to do is just type in a few words and via the power of artificial intelligence, it will create a song for you.
So you can say, I would like to have a barbershop quartet singing about the insurance industry. And out the other end will come a barbershop quartet.
It will write the lyrics, it will do all the music and the backing, and it will do the voice. That's crazy. And this is enormous fun.
Wow.
Computers are cool.
Turns out computers are cool.
Now, I have been able to put this to practical use because I've recently started with my co-host Mark Stockley, a podcast called The AI Fix, and we needed some theme music.
And what better than theme music created by artificial intelligence. And so I got Suno to work on it for me.
And it came up with a few different versions, which we can hear here, but for the purposes of timekeeping, we won't. No, no, we're not going to hear them.
But there are some links which maybe—
Now, I have been able to put this to practical use because I've recently started with my co-host Mark Stockley, a podcast called The AI Fix, and we needed some theme music.
And what better than theme music created by artificial intelligence. And so I got Suno to work on it for me.
And it came up with a few different versions, which we can hear here, but for the purposes of timekeeping, we won't. No, no, we're not going to hear them.
But there are some links which maybe—
You could do that as a bonus on your own show.
But for instance, we've got an operatic version. I've got a Christmas version à la Michael Bublé.
And I've got the, well, something which is a little bit similar to the version which we actually have on the show played on a banjo. So that is my pick of the week.
It's a website called Suno, S-U-N-O, enormous fun.
And I've just scraped the surface in how I've described it, but I'd really suggest you go and check it out because it's a great way to make music, but probably really, really bad for genuine musicians.
But never mind.
And I've got the, well, something which is a little bit similar to the version which we actually have on the show played on a banjo. So that is my pick of the week.
It's a website called Suno, S-U-N-O, enormous fun.
And I've just scraped the surface in how I've described it, but I'd really suggest you go and check it out because it's a great way to make music, but probably really, really bad for genuine musicians.
But never mind.
Smashing Security. Someone's looking for a sponsor.
So that is my pick of the week. Mark, what's your pick of the week?
Well, my pick of the week is also not security related, but it is a podcast.
So if you're intrigued, bewildered, or slightly alarmed by AI, and you want to listen to two other people who are intrigued, bewildered, and slightly alarmed about AI, then I have got a podcast for you.
Oh, and I'm talking, of course, about The AI Fix, which is a brand new podcast from Graham and me. I don't know if we mentioned it. It's about AI and you can get it every week.
It's a great way to stay up to date about AI in a way that doesn't send you to sleep.
So we talk about all the latest news and then we try and teach each other something about some aspect of AI.
So if you want a flavor of what we've talked about so far, in the first 5 episodes, we've established that AI probably doesn't exist.
We've asked whether fitting guns to robot dogs is just wokeism gone mad.
Graham got cross— not gonna surprise you at all, Carole, but Graham got cross about the R in the name Toys 'R' Us.
And I explained why there's a 99.9% chance that AI will wipe us all out.
So if you're intrigued, bewildered, or slightly alarmed by AI, and you want to listen to two other people who are intrigued, bewildered, and slightly alarmed about AI, then I have got a podcast for you.
Oh, and I'm talking, of course, about The AI Fix, which is a brand new podcast from Graham and me. I don't know if we mentioned it. It's about AI and you can get it every week.
It's a great way to stay up to date about AI in a way that doesn't send you to sleep.
So we talk about all the latest news and then we try and teach each other something about some aspect of AI.
So if you want a flavor of what we've talked about so far, in the first 5 episodes, we've established that AI probably doesn't exist.
We've asked whether fitting guns to robot dogs is just wokeism gone mad.
Graham got cross— not gonna surprise you at all, Carole, but Graham got cross about the R in the name Toys 'R' Us.
And I explained why there's a 99.9% chance that AI will wipe us all out.
Ooh, fun.
So you can find The AI Fix on all your favourite podcast apps. Just search for The AI Fix. And yeah, if you feel like sponsoring it, go ahead.
Carole, what's your pick of the week? You are allowed to include a podcast if you wish.
Well, thank you very much for the opportunity, Graham. So for my pick of the week this week, it's not going to be your podcast, but it's a game. It's a game for the Switch.
It's called Putty Pals. Have you played it, either of you? Putty Pals? Putty, P-U-T-T-Y. Oh no, I haven't.
Yeah, I think you might have missed the boat, and maybe Mark can still play, because it was a recommendation I got from a dad who played with his 10-year-old daughter and had a blast.
So I didn't take their word for it, obviously. So I got a copy of my own. I played it with my other half, the Yeti. And it's basically a cooperative puzzle platformer.
That's the term apparently.
Basically a two-player and you are these little stretchy characters called Putty Pals and you have to work together to navigate through weird and wonderful worlds.
It reminds me a bit of is it Lemmings where you had to work together to get things done? Yeah. But you're kind of each managing one of these Putty Pals and you have to work together.
So you have to kind of tie arms to get across a Velcro bridge, all kinds of cute things. It's a tenor. Every world is kind of unique. It's quite beautiful in the art.
It's kid-friendly. Yeah, I bet, Mark, your daughter might like this, I think. It looks cute. I don't know. It's cute and it's fun and it's kind of smart. It sounds fantastic.
It's called Putty Pals. Have you played it, either of you? Putty Pals? Putty, P-U-T-T-Y. Oh no, I haven't.
Yeah, I think you might have missed the boat, and maybe Mark can still play, because it was a recommendation I got from a dad who played with his 10-year-old daughter and had a blast.
So I didn't take their word for it, obviously. So I got a copy of my own. I played it with my other half, the Yeti. And it's basically a cooperative puzzle platformer.
That's the term apparently.
Basically a two-player and you are these little stretchy characters called Putty Pals and you have to work together to navigate through weird and wonderful worlds.
It reminds me a bit of is it Lemmings where you had to work together to get things done? Yeah. But you're kind of each managing one of these Putty Pals and you have to work together.
So you have to kind of tie arms to get across a Velcro bridge, all kinds of cute things. It's a tenor. Every world is kind of unique. It's quite beautiful in the art.
It's kid-friendly. Yeah, I bet, Mark, your daughter might like this, I think. It looks cute. I don't know. It's cute and it's fun and it's kind of smart. It sounds fantastic.
Yeah. So it's called Putty Pals.
It's for the Nintendo Switch. It's my pick of the week and I'm not looking for any sponsors.
Fantastic. Well, that just about wraps it up for this episode of Smashing Security. Thanks to our guest, Mark Stockley, for coming on the show.
I'm sure lots of our listeners would love to find out what you're up to, Mark, and follow you online. What's the best way for them to find out what you're up to?
I'm sure lots of our listeners would love to find out what you're up to, Mark, and follow you online. What's the best way for them to find out what you're up to?
Well, you can find me online at Mark Stockley. You can also find me at The AI Fix on Twitter, or you can go to theaifix.show and you can see a big picture of me.
Fantastic. And you can follow us on Twitter at Smashing Security, no G, Twitter allows to have a G. And don't forget to ensure you never miss another episode.
Follow Smashing Security in your favorite podcast apps such as Apple Podcasts, Spotify, and Pocket Casts.
Follow Smashing Security in your favorite podcast apps such as Apple Podcasts, Spotify, and Pocket Casts.
And thank you to our episode sponsor, 1Password, and to our wonderful Patreon community. It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 378 episodes, check out smashingsecurity.com. Wow. Until next time, cheerio.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 378 episodes, check out smashingsecurity.com. Wow. Until next time, cheerio.
Bye-bye. Bye.
Do you want to do an extra plug right now on your show? Because I don't think we had enough on the show. Just to make sure people got the name and—
The AI Fix.
What about backwards?
Yeah. Fix IA The. We'll see what makes it through the edit. There's a challenge for can you edit all of the AI fixes out of that podcast?
Of course I can. Of course I'm a master. Editing queen.
That's my challenge. That's my challenge. That's my challenge to you.
Don't give her a challenge like that.
You're going to have to listen and find out if I did. What do you like, Mark?
Jesus.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Mark Stockley:
Episode links:
- Hoos Out Tonight? Dundee medical student launches new app which reveals ‘hot’ pubs – The Courier.
- ‘It’s completely invasive’: New app lets you spy on SF bars to see if they’re poppin’ – San Francisco Standard.
- Florida Man Convicted in Violent Crypto Theft Spree – Crypto Daily.
- Inside a Violent Gang’s Ruthless Crypto-Stealing Home Invasion Spree – Wired.
- Man charged over creation of ‘evil twin’ free WiFi networks to access personal data – Australian Federal Police.
- Police allege ‘evil twin’ in-flight Wi-Fi used to steal info – The Register.
- Australian charged for ‘Evil Twin’ WiFi attack on plane – Bleeping Computer.
- Suno – make a song about anything.
- The AI Fix podcast – hosted by Graham Cluley and Mark Stockley.
- Putty Pals – Nintendo Switch.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky at @smashingsecurity.com, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
