It’s a case of algorithm and blues as we look into an AI music scam, Ukraine believes it has caught a spy high in the sky, and a cocaine-fuelled bear goes on the rampage.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Is it really very wise to cover an electricity plant with tin foil or whatever it is?
Look, I'm leaving it to the experts. It's just an idea. I'm just spitballing.
Smashing Security, Episode 384: A Room with a View, AI Music Shenanigans, and a Cocaine Bear with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 384. My name's Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 384. My name's Graham Cluley.
And I'm Carole Theriault.
Carole, the excitement continues.
Before we kick off, let's thank this week's wonderful sponsors: 1Password, Vanta, and Sysdig. Now, coming up in today's show, Graham, what do you got?
I'm going to be taking a look through the lens of property hunting in Ukraine.
Okay, and I'm going to be talking about zygotic wash stands. All this and much more coming up on this episode of Smashing Security.
Now, Carole, do you ever find yourself watching property programs on TV? Do you enjoy those? Are there any particular ones you really love?
No, I like lots of them over time. Right. I loved when, you know, you had that one where the neighbors would come over and do up your living room for $300.
Changing Rooms.
Changing Rooms. Love that one.
That's from the '90s with Carole Smiley. Location, Location, Location. Grand Designs.
Yep. Oh yeah. Grand Designs. Very good.
Selling Sunset.
You know them. Yeah, yeah, yeah. I like all that. I think it's my favourite type of porn is property porn.
Oh, okay. Yes. Right. Yes. Lovely worktops. That sort of thing.
Well, many of us can only dream, can't we, about one day escaping to the country or buying a little place in the sun or a bijou hideaway in the bright lights of the city.
What would be your dream pad, or what would you really desire property-wise one day? What sort of property would you have?
Well, many of us can only dream, can't we, about one day escaping to the country or buying a little place in the sun or a bijou hideaway in the bright lights of the city.
What would be your dream pad, or what would you really desire property-wise one day? What sort of property would you have?
I would probably have a small cabin in a big wood, and it would have a lake and maybe a waterfall somewhere, all overgrown and beautiful and mine, with lots of animals running around.
It sounds a little bit remote to me though, Carole. Are you going to have broadband? Are you going to have all the amenities which you may want?
I don't need a lot of amenities, right? I do yoga, I paint, I do podcasts. As long as I get those things done, I'm all right.
You need a supermarket as well. Don't forget that. You need some facilities.
There's deliveries, there's drones.
Well, they might not deliver to the middle of your— oh, by drone. Well, perhaps, I suppose. I think there's things which people look for when they're buying a property.
I mean, price is obviously a big factor, right?
I mean, price is obviously a big factor, right?
Yeah.
Size can be an issue. You've got a big yeti who you live with. Can you fit your grand piano in?
If you were buying a penthouse apartment, sounds like you're not, but I'm guessing you'd care about the views as well if you got something like that.
So maybe you'd be after a city skyline that could be spectacular or a lovely waterfront to look at or a historical landmark or perhaps a Ukrainian energy plant.
If you were buying a penthouse apartment, sounds like you're not, but I'm guessing you'd care about the views as well if you got something like that.
So maybe you'd be after a city skyline that could be spectacular or a lovely waterfront to look at or a historical landmark or perhaps a Ukrainian energy plant.
Well, I have looked at an old waterworks building that had gone up for sale as a domestic residence. I was very swoony about it. So I can understand that whole industrial chic.
I think Victorian waterworks, that's really another term for disused sewage centre, isn't it? I mean, that's right.
Very well built, turns out. They really wanted to keep the shit in.
Certainly could have a certain ambiance. But anyway, so I think a view of a Ukrainian energy plant, that could be interesting.
It seems some people are indeed snapping up high-rise apartments with views of critical infrastructure in that particular war-torn country. Which seems to me a bit of an odd choice.
Do you really want to be near critical infrastructure if Vladimir Putin is lobbing a whole load of missiles and drones towards it?
It seems some people are indeed snapping up high-rise apartments with views of critical infrastructure in that particular war-torn country. Which seems to me a bit of an odd choice.
Do you really want to be near critical infrastructure if Vladimir Putin is lobbing a whole load of missiles and drones towards it?
I'm trying to figure out why they would want to do it.
Yeah.
Maybe to make sure they have energy, you know, the closest served.
Oh, if the power cuts out, you can just get a USB cable, plug in.
Yeah, a really long extension lead. Just go plug in.
Well, we've just seen a man arrested by Ukraine's secret service, the SBU, because he was renting several apartments in high-rise buildings with glamorous views over local energy facilities.
According to intelligence agencies, authorities in Ukraine, the man decided to rent out the apartments after being offered what was euphemistically called easy money via Telegram.
According to intelligence agencies, authorities in Ukraine, the man decided to rent out the apartments after being offered what was euphemistically called easy money via Telegram.
What's that mean, easy money?
It means there's a way you can make a bit of money here. Here I am on this sort of slightly dodgy messaging app. Would you like to earn some money?
All you've got to do for us is a little bit of a—
All you've got to do for us is a little bit of a—
No, okay. Okay. Whoa, whoa, whoa. Most people who buy apartments in the view of renting them out will go on some site and say, hey, do you want it?
Perhaps so. I don't know if you'd necessarily go on Telegram and accept easy money. You'd think maybe there'd be some sort of strings attached.
Apparently, the people contacting him via Telegram were Russia's military intelligence service, the GRU. And they recruited the man to install cameras in his apartment.
Apparently, the people contacting him via Telegram were Russia's military intelligence service, the GRU. And they recruited the man to install cameras in his apartment.
Aha.
Do you remember the early days of the internet when there wasn't much to look at?
I was very young.
You probably weren't even existing in the early days. I remember when there was a main list about cryogenic suspension.
There was a coffee pot at the University of Cambridge you could check on to see what it was up to. And after a few years, you began to hear about sites like Jennycam.
And Jenny was the world's first cam girl. She had a webcam, which was quite an unusual thing to own in those days, in her dormitory at Dickinson College.
And it automatically took a photograph of whatever was going on in her room every few minutes and broadcast it.
There was a coffee pot at the University of Cambridge you could check on to see what it was up to. And after a few years, you began to hear about sites like Jennycam.
And Jenny was the world's first cam girl. She had a webcam, which was quite an unusual thing to own in those days, in her dormitory at Dickinson College.
And it automatically took a photograph of whatever was going on in her room every few minutes and broadcast it.
I seem to remember you when I was a bit hard up for cash in the early days of our friendship, you kept saying to me, quote, webcam your house, as though that was the best solution I could do.
I thought there was a market for it.
I'm sure there was a market for it.
I wasn't suggesting you do anything sexy.
You were basically saying sell your soul to the internet if you want to pay rent easily.
I thought some good passive income— don't make me sound like some kind of Andrew Tate character.
I'm not making you sound— did you or did you not say that?
Right, I did, but I wasn't saying do anything sexy. That's the thing. These days, if you hear about webcam girls, you imagine it's something else entirely.
But in those days, I think people were just looking for anything on the internet. It was a bit, I imagine, like watching Big Brother.
You watch the TV show and you would watch them 24 hours a day as they were scratching their bottom or whatever, or organising dinner.
But in those days, I think people were just looking for anything on the internet. It was a bit, I imagine, like watching Big Brother.
You watch the TV show and you would watch them 24 hours a day as they were scratching their bottom or whatever, or organising dinner.
You're really, really down some weird rabbit hole right now. I just want you to know that.
Anyway, this JennyCam girl, she became an internet sensation. She was even famous enough to appear on David Letterman in 1998 alongside Samuel L. Jackson.
Now, no one else ever subsequently ever had the thought again of live streaming cameras in women's bedrooms.
That definitely isn't a thing, and it wasn't something I suggested to you. At least it wasn't suggested to you in a pervy way or anything like that.
I just simply thought— anyway, the thing is, it hasn't become a phenomenon.
But if you were approached by Russian military intelligence and they asked you if you could put some cameras in your apartment, you might think it was maybe to boost the morale of their troops on the front lines.
Now, no one else ever subsequently ever had the thought again of live streaming cameras in women's bedrooms.
That definitely isn't a thing, and it wasn't something I suggested to you. At least it wasn't suggested to you in a pervy way or anything like that.
I just simply thought— anyway, the thing is, it hasn't become a phenomenon.
But if you were approached by Russian military intelligence and they asked you if you could put some cameras in your apartment, you might think it was maybe to boost the morale of their troops on the front lines.
No, I think 99.99% of the people who would ever be approached by the GRU in this situation would be bricking it. This is not a very fun situation for anyone to find themselves in.
It wasn't because the Russian military wanted to watch this particular chap.
Of course.
The cameras, they weren't pointing inwards, as you've guessed, Carole, because—
Right.
Yeah, that's because you're smart, Carole. That's because you have worked it out.
So are all our listeners. We all understand that the Russians were interested in the energy facilities nearby. I think we're all with you, Graham.
That's right. From the high-rise apartments, that's what they were looking at.
And in a statement posted on Telegram, Ukrainian law enforcement have announced they've arrested this alleged Russian spy in Kyiv and that he had installed video cameras with remote access software allowing Russia to monitor Ukraine's critical infrastructure in real time.
And the reason for this, of course, is that the Russian forces wanted to be able to assess the impact of recent airstrikes by accessing the footage and identify anti-aircraft defense systems put in place by Ukraine.
And in a statement posted on Telegram, Ukrainian law enforcement have announced they've arrested this alleged Russian spy in Kyiv and that he had installed video cameras with remote access software allowing Russia to monitor Ukraine's critical infrastructure in real time.
And the reason for this, of course, is that the Russian forces wanted to be able to assess the impact of recent airstrikes by accessing the footage and identify anti-aircraft defense systems put in place by Ukraine.
Not good stuff for Ukraine, you know, ultimately.
Well, I think there's a lot of not good stuff happening for Ukraine right now. Yes.
I'm not arguing that point. I'm just I can understand why the Ukrainian authorities decided to detain this guy.
And when they got him, they actually caught him in the act of allegedly setting up one of these new CCTV cameras to record an airstrike on the city.
They also seized his phones and video cameras, which contained evidence of what they called intelligence and subversive activities for Russia.
If convicted, let's face it, it's quite likely he will be, if convicted, he faces life imprisonment. And his cameras and phone being confiscated.
Now, I'm not— I think I've got a good idea as to which one's going to bother him more.
But all of this makes me think, we've often worried about CCTV and webcams being hacked by perverts or sextortionists, or hackers exploiting baby cams to spook children.
But surveillance cameras can clearly be abused in other ways as well.
They also seized his phones and video cameras, which contained evidence of what they called intelligence and subversive activities for Russia.
If convicted, let's face it, it's quite likely he will be, if convicted, he faces life imprisonment. And his cameras and phone being confiscated.
Now, I'm not— I think I've got a good idea as to which one's going to bother him more.
But all of this makes me think, we've often worried about CCTV and webcams being hacked by perverts or sextortionists, or hackers exploiting baby cams to spook children.
But surveillance cameras can clearly be abused in other ways as well.
Yes, everyone should worry now about geopolitical terrorism information that'd be taken from your webcams and your Ring outside your door?
Well, maybe not my Ring doorbell. I'm not sure that's pointing anything too critical.
But clearly, sometimes these surveillance cameras are being installed intentionally close to places where there is critical infrastructure. I mean, that's the point, right?
If you've got critical infrastructure to protect, you're probably going to have security cameras.
So you better darn well make sure that they can't be hacked, they can't be accessed remotely, that you've got them properly locked down.
And sometimes these things can actually be technology which has been made in other countries, maybe has vulnerabilities, maybe your government has cut a few corners when it's budgeted for this and hasn't got them properly locked down and hasn't got them properly secured.
But clearly, sometimes these surveillance cameras are being installed intentionally close to places where there is critical infrastructure. I mean, that's the point, right?
If you've got critical infrastructure to protect, you're probably going to have security cameras.
So you better darn well make sure that they can't be hacked, they can't be accessed remotely, that you've got them properly locked down.
And sometimes these things can actually be technology which has been made in other countries, maybe has vulnerabilities, maybe your government has cut a few corners when it's budgeted for this and hasn't got them properly locked down and hasn't got them properly secured.
I have a solution. I've got a solution.
Go on then.
You just— there's that— remember that artist? I don't remember his name, but there's this artist that used to cover buildings in swaths of material.
Tony Temple?
No, no, no. Big, big buildings. He did one I know in Germany. He did a bridge, I think. So he covers the whole thing. I'll find it and put it in the show notes, listeners.
Right.
So you just need to hire some guy and they can do some really artsy thing and basically cloak the entire building under these sheets of cloth.
And then no one knows what's going on inside.
And then no one knows what's going on inside.
Is it really very wise to cover an electricity plant with tinfoil or whatever it is?
Look, I'm leaving it to the experts. It's just an idea, I'm just spitballing.
So Russia is also aware of this threat. Last month, it warned people living in areas at risk from Ukraine's counter-offensive to stop using surveillance cameras altogether.
They said turn them all off, cover them up, as they feared they could be exploited to gather information by Ukraine's forces.
And earlier this year in Ukraine, they found surveillance cameras on residential buildings in Kyiv.
They took them down because they had allegedly been hacked by Russia to spy on air defense forces, critical infrastructure.
They said turn them all off, cover them up, as they feared they could be exploited to gather information by Ukraine's forces.
And earlier this year in Ukraine, they found surveillance cameras on residential buildings in Kyiv.
They took them down because they had allegedly been hacked by Russia to spy on air defense forces, critical infrastructure.
That's very interesting, though, you know, because you have a lot of people are, oh, you know, authorities want you to film everything because it makes everyone's job easier.
You know exactly where who was, where, what they did. Yeah, police love them.
And it's great within a geography until that geography is at war or having fights with someone else, because then obviously it could be hacked.
It's just an interesting weakness I've never thought of, actually.
You know exactly where who was, where, what they did. Yeah, police love them.
And it's great within a geography until that geography is at war or having fights with someone else, because then obviously it could be hacked.
It's just an interesting weakness I've never thought of, actually.
Even if you're just watching the road, I mean, you may be able to monitor troop movements.
In this case, at these residential buildings in Kyiv, the cameras had initially been put there to monitor the surrounding area, the parking lot, but the hackers, after gaining access, changed the viewing angles and set them up to stream footage live to YouTube.
Again, probably trying to help direct drone attacks and missiles en route to Kyiv. So, there you go, Carole. Are you going to get a video camera on your doorbell?
Are you going to put one up in your bedroom? I know I suggested it 30 years ago, but—
In this case, at these residential buildings in Kyiv, the cameras had initially been put there to monitor the surrounding area, the parking lot, but the hackers, after gaining access, changed the viewing angles and set them up to stream footage live to YouTube.
Again, probably trying to help direct drone attacks and missiles en route to Kyiv. So, there you go, Carole. Are you going to get a video camera on your doorbell?
Are you going to put one up in your bedroom? I know I suggested it 30 years ago, but—
Yeah, maybe now I'll think it's a great idea. Yeah, I'm going to webcam my house, Graham.
Carole, what's your story for us this week?
Okay, zygotic washstands. Doesn't that sound beautiful?
Ah, fantastic.
Our story today focuses on the music industry. Now, we all know that the moneymaker, or one key moneymaker for musicians and songwriters and the like, is royalty payments.
There are different types of royalties out there. I didn't know this. So in the US, you have mechanical royalties, and that's whenever the song is streamed or downloaded online.
You have performance royalties. This is where the music's publicly performed, on radio or in venues. You have sync royalties or synchronization royalties.
This is where the music is used in visual media, films or TV commercials, video games, YouTube, that sort of thing.
And then you've got print royalties, where it's the sheet music that's sold.
There are different types of royalties out there. I didn't know this. So in the US, you have mechanical royalties, and that's whenever the song is streamed or downloaded online.
You have performance royalties. This is where the music's publicly performed, on radio or in venues. You have sync royalties or synchronization royalties.
This is where the music is used in visual media, films or TV commercials, video games, YouTube, that sort of thing.
And then you've got print royalties, where it's the sheet music that's sold.
Is that still happening? I know that used to be huge.
Of course it's still happening. People learn how to play music all the time, right?
You get an instrument and then you go get, "I want to play Paul Simon's best song" or whatever, right?
So basically, the more downloads or more streams or plays or sales or whatever, the more moolah the royalty holder gets.
And Graham, remember, we used to talk — this is ages ago, but we used to talk about writing a Christmas hit.
Because our thinking was, you know, if it gets picked up and becomes a classic, we can rest on our rich asses for the rest of our days.
You get an instrument and then you go get, "I want to play Paul Simon's best song" or whatever, right?
So basically, the more downloads or more streams or plays or sales or whatever, the more moolah the royalty holder gets.
And Graham, remember, we used to talk — this is ages ago, but we used to talk about writing a Christmas hit.
Because our thinking was, you know, if it gets picked up and becomes a classic, we can rest on our rich asses for the rest of our days.
I actually remember my song which I wrote for that purpose.
Oh, okay. Do you want to sing it now?
I could sing it now, but I'm a little bit worried it might get ripped off. I don't—
No, don't worry.
It was called Sausage Dog. If anyone encounters me, I will sing it to them in person, but I'm not sure I should put it on the podcast.
So this was your Christmas—
It was a Christmas novelty song called Sausage Dog.
Yeah. I remember it. Don't worry, Graham, no one's going to steal that from you. Because I don't think either of us had enough musical talent to do any crooning.
And everyone on the planet has the idea of "Oh, if we only wrote a Christmas song, it'd be amazing." But it seems as if you do have the talent, and maybe a dash of luck and a sprinkling of magic, you can make some serious cash in the music industry, our man of the moment here, Michael Smith.
So this 50-ish, your age, Graham, right? A North Carolinian.
He's been living this dream literally, because songs that he's published are getting an enviable glut of listens across all the platforms.
So you've got Amazon Music, Apple Music, Spotify, YouTube, and all these listens translate into royalties.
And everyone on the planet has the idea of "Oh, if we only wrote a Christmas song, it'd be amazing." But it seems as if you do have the talent, and maybe a dash of luck and a sprinkling of magic, you can make some serious cash in the music industry, our man of the moment here, Michael Smith.
So this 50-ish, your age, Graham, right? A North Carolinian.
He's been living this dream literally, because songs that he's published are getting an enviable glut of listens across all the platforms.
So you've got Amazon Music, Apple Music, Spotify, YouTube, and all these listens translate into royalties.
Hang on, his name is Michael Smith. Should I know him? I don't recognize his name. Is he famous?
See, I don't recognize his name either. But get this, right? Why would you? Loads of people put music out and we never hear of them.
But this guy, this guy, he's not just getting a tiny bit of royalty. This guy's making it to the tune of $10 million.
But this guy, this guy, he's not just getting a tiny bit of royalty. This guy's making it to the tune of $10 million.
Well, that's doing very well.
Mon Dieu, you know? I mean, you got to get a lot of listens to get that much money in royalties.
Well, yeah, it's not selling records. I mean, the number of listens you'd have to get on Spotify, for instance, to earn that sort of money would be astronomical, I'd expect.
I mean, that's enough to buy you a McMansion or a belt with a gold buckle. Your own podcast.
I can see your priorities lie.
So how come we haven't heard of this guy, Michael Smith, right?
Because you'd think even the mainstream press would be piqued by a guy with such musical talent and business acumen as to make that much cash.
It turns out that Michael Smith has published a lot of music. So it's not like one song has gone viral and everyone's listening to it.
It's more his royalties are spread across his music catalog. I mean, fair enough, right? That's a bit Bob Dylan, right? He gets royalties for Mr.
Tambourine Man, and then he also gets them for All Along the Watchtower and whatever else, you know, he's prolific. He has 40 studio albums. That's crazy.
But Michael Smith is even more prolific than our Bob. Okay, because Michael Smith has created hundreds of thousands of songs, Graham. Hundreds of thousands.
Because you'd think even the mainstream press would be piqued by a guy with such musical talent and business acumen as to make that much cash.
It turns out that Michael Smith has published a lot of music. So it's not like one song has gone viral and everyone's listening to it.
It's more his royalties are spread across his music catalog. I mean, fair enough, right? That's a bit Bob Dylan, right? He gets royalties for Mr.
Tambourine Man, and then he also gets them for All Along the Watchtower and whatever else, you know, he's prolific. He has 40 studio albums. That's crazy.
But Michael Smith is even more prolific than our Bob. Okay, because Michael Smith has created hundreds of thousands of songs, Graham. Hundreds of thousands.
Come on. Hundreds of thousands.
How the flip does Michael do that? AI to the rescue. So our Michael is actually a big fat scammer who has been aiming to game the musical industry since 2018. Here's how he did it.
Here's a rough outline of the game.
Here's a rough outline of the game.
Okay, I'm making notes. This sounds good.
I think you'll this. So in 2018, Smith, he begins working with a CEO of an AI music company.
Okay, this is early days in the world and a music promoter to create a lot of songs using AI.
And the music company took it seriously and soon began providing Smith with thousands of songs. Each week that he could upload to streaming platforms.
Okay, this is early days in the world and a music promoter to create a lot of songs using AI.
And the music company took it seriously and soon began providing Smith with thousands of songs. Each week that he could upload to streaming platforms.
Right.
And those thousands of songs over time turned into hundreds of thousands of AI songs. And these AI songs don't have catchy names I'm Sexy or, you know, whatever.
Loving your imagination there, Carole.
Yes. 'How Will I Know,' that kind of thing. No, they're more N_7A2B2D74- blah, blah, blah, blah.
Oh, it's a really good AI system if it's coming up with song names that. That's—
So these files are being delivered to Smith, and Smith, you know, he's not an idiot. He's, no one's going to listen to N-5-7A7B2D74.
Oh, okay, right. Yeah.
So he randomly generates song titles and artist names for the audio files so they wouldn't look they'd been created by AI, but by maybe a real artist with perhaps poor taste.
You be the judge. So instead of having N_782B2D, you have Zygotines, Zygoats, Zygotik, Zygotiklanies, Zygotik Washstands. And that is my favorite. Zygotik Washstands.
You be the judge. So instead of having N_782B2D, you have Zygotines, Zygoats, Zygotik, Zygotiklanies, Zygotik Washstands. And that is my favorite. Zygotik Washstands.
Has he possibly only downloaded one letter from the alphabet when generating these names?
This was an example given to us by the wonderful FBI that put out a little press release a few days ago.
Oh, the FBI are onto this? They're fans?
Well, actually, no, I'm really good friends with this Michael Smith. He's told me it all on the down low. So the question now is, okay, so he's putting out all this music.
Great, great, great. Hundreds of thousands of songs are going out there. Who the hell's listening to this crap? Who would listen to it? It must sound garbage. Of course it's bots.
Of course it's non-human. AI tunes are out there for non-human bots because maybe, hey, bots need entertainment too.
And it seems that thousands and thousands of bot accounts allegedly created by our very own Michael Smith. Oh my God.
They were programmed to go and listen to Michael Smith songs, AI songs, as much as possible. And listen, they did.
Great, great, great. Hundreds of thousands of songs are going out there. Who the hell's listening to this crap? Who would listen to it? It must sound garbage. Of course it's bots.
Of course it's non-human. AI tunes are out there for non-human bots because maybe, hey, bots need entertainment too.
And it seems that thousands and thousands of bot accounts allegedly created by our very own Michael Smith. Oh my God.
They were programmed to go and listen to Michael Smith songs, AI songs, as much as possible. And listen, they did.
That's very clever.
To the tune of $10 million or so in royalties. Like, this is billions and billions and billions of bot listens.
And he's been doing this since 2018, did you say?
And all this was to avoid detection by the authorities.
Because if he had put out one song and had all the bots listen to that one song, people would be like, who is this new Taylor Swift? But no.
So he had lots and lots and lots of bots listen to lots and lots, lots of songs a little at a time and tried to stay under the radar.
Because of course it's not legal to push out AI music and declare that as human-made or to create fake bots to pretend to be human listeners.
Because if he had put out one song and had all the bots listen to that one song, people would be like, who is this new Taylor Swift? But no.
So he had lots and lots and lots of bots listen to lots and lots, lots of songs a little at a time and tried to stay under the radar.
Because of course it's not legal to push out AI music and declare that as human-made or to create fake bots to pretend to be human listeners.
Yeah, I think that's— I mean, it's probably all right to put out music that's AI-generated.
Sure. As long as you say this is AI.
Oh, do you really have to? I don't know. Well, we've got an AI-generated tune on the AI Fix podcast.
I haven't heard that.
Cheeky. I can understand why it would be fraud to have a bot listening to the music, because obviously that's taking money from someone.
That's taking money from the music companies, isn't it? Or the streaming service.
That's taking money from the music companies, isn't it? Or the streaming service.
Well, surely it's taking money from somebody, and it's real money he's getting, not fake digital bot money.
Yeah, that's naughty.
But as we said, yeah, his plan has been foiled.
So Smith, aged 52, has just been charged with all kinds of wire fraud and money laundering conspiracies and is looking at decades in the clink.
Of course, this is— these are all allegations at this point, and Smith is presumed innocent until proven guilty.
The biggest question for me, I think, is what's going to happen to Zygotik Washstands as a name? Does he own the TM for that?
So Smith, aged 52, has just been charged with all kinds of wire fraud and money laundering conspiracies and is looking at decades in the clink.
Of course, this is— these are all allegations at this point, and Smith is presumed innocent until proven guilty.
The biggest question for me, I think, is what's going to happen to Zygotik Washstands as a name? Does he own the TM for that?
Are they still out there? Have you managed to find any of their music? Is it still lurking somewhere online?
No. I would love one of our listeners to maybe put something up on YouTube. This is the channel name: Zygotik Washstands. Show us what you got and we may play it on an upcoming show.
It reminds me of a scam I heard about. Now, I don't know if this is apocryphal. I don't know if this really happened or not.
But I heard there was a group who called themselves Local Radio. That was their name.
And they managed to generate money for themselves because whenever people would say to their Alexa, Alexa, play the local radio, it would play that band instead.
And so they got all these accidental plays. And it helped them make money. Isn't it a great— I think it's a really lovely idea.
But I heard there was a group who called themselves Local Radio. That was their name.
And they managed to generate money for themselves because whenever people would say to their Alexa, Alexa, play the local radio, it would play that band instead.
And so they got all these accidental plays. And it helped them make money. Isn't it a great— I think it's a really lovely idea.
See, I knew you'd like this. You like little sneaky things like this. Says a lot about your character.
Quick question. Do your end users always, and I mean always without exception, work on company-owned devices and IT-approved apps? I didn't think so.
So my next question is, how do you keep your company's data safe when it's sitting on all of those unmanaged apps and devices?
Well, 1Password has an answer to this question, and it's called Extended Access Management.
1Password Extended Access Management helps you secure every sign-in for every app on every device because it solves the problems traditional IAM and MDM can't.
Go and check it out for yourself at 1password.com/smashing. That's 1password.com/smashing. And thanks to the folks at 1Password for supporting the show.
Modern threat actors have weaponized cloud automation to accelerate, taking only 10 minutes to fully execute an attack in the cloud.
As organizations continue to shift into larger and more complex cloud estates, legacy detection and response frameworks are no longer sufficient at stopping cloud attacks.
Well, Sysdig delivers fast and effective multi-cloud detection and response, or CDR, capabilities to empower analysts against these accelerated and complex cloud threats.
Powered by Falco, analysts gain the visibility, context, and real-time security capabilities traditional EDR on-prem tooling fail to deliver.
Learn more about how to stop advanced attacks at cloud speed. Visit smashingsecurity.com/sysdig for more information. That's smashingsecurity.com/sysdig.
And thanks to Sysdig for supporting the show.
Whether you're starting or scaling your company's security program, demonstrating top-notch security practices and establishing trust is more important than ever.
Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money while helping you build customer trust.
Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing trust center, all powered by Vanta AI.
Over 7,000 global companies like Atlassian, FlowHealth, and Quora use Vanta to manage risk and prove security in real time. Get $1,000 off Vanta when you go to vanta.com/smashing.
That's vanta.com/smashing for $1,000 off. And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
So my next question is, how do you keep your company's data safe when it's sitting on all of those unmanaged apps and devices?
Well, 1Password has an answer to this question, and it's called Extended Access Management.
1Password Extended Access Management helps you secure every sign-in for every app on every device because it solves the problems traditional IAM and MDM can't.
Go and check it out for yourself at 1password.com/smashing. That's 1password.com/smashing. And thanks to the folks at 1Password for supporting the show.
Modern threat actors have weaponized cloud automation to accelerate, taking only 10 minutes to fully execute an attack in the cloud.
As organizations continue to shift into larger and more complex cloud estates, legacy detection and response frameworks are no longer sufficient at stopping cloud attacks.
Well, Sysdig delivers fast and effective multi-cloud detection and response, or CDR, capabilities to empower analysts against these accelerated and complex cloud threats.
Powered by Falco, analysts gain the visibility, context, and real-time security capabilities traditional EDR on-prem tooling fail to deliver.
Learn more about how to stop advanced attacks at cloud speed. Visit smashingsecurity.com/sysdig for more information. That's smashingsecurity.com/sysdig.
And thanks to Sysdig for supporting the show.
Whether you're starting or scaling your company's security program, demonstrating top-notch security practices and establishing trust is more important than ever.
Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money while helping you build customer trust.
Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing trust center, all powered by Vanta AI.
Over 7,000 global companies like Atlassian, FlowHealth, and Quora use Vanta to manage risk and prove security in real time. Get $1,000 off Vanta when you go to vanta.com/smashing.
That's vanta.com/smashing for $1,000 off. And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week. Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like.
It doesn't have to be security related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like.
It doesn't have to be security related necessarily.
Better not be.
Well, Carole, my Pick of the Week this week is not security related. My Pick of the Week actually owes some thanks to you.
Oh.
Because back in episode 358, February 2024, you recommended libraries.
Yes, I did.
Which wasn't that novel in itself. I mean, that wasn't, oh, I've never heard of a library before. But you also mentioned an app.
The Libby app.
The Libby app. Exactly.
Which I still love and use every day. Love it, love it, love it.
Well, I obviously am not allowed under the rules of Pick of the Week to recommend the Libby app again.
But I have recently dug out my old Kindle and I've been reading ebooks and enjoying them.
And I remembered you talking about this Libby app because I'm a member of the library and I thought, oh, I don't really want to spend loads of money.
So I thought maybe there's some ebooks I can read for free. Now, in America, I believe via Libby, you can send an ebook which you borrow from your library to your Kindle device.
And what I found is that for some reason, that doesn't work in the UK. You can't send your Libby-borrowed book from the library to your UK-based Kindle.
So I went and bought myself another e-reader. So my old aging e-reader has been consigned to someone else. And now I have the Kobo Clara BW, which is a Kindle, really.
But I have recently dug out my old Kindle and I've been reading ebooks and enjoying them.
And I remembered you talking about this Libby app because I'm a member of the library and I thought, oh, I don't really want to spend loads of money.
So I thought maybe there's some ebooks I can read for free. Now, in America, I believe via Libby, you can send an ebook which you borrow from your library to your Kindle device.
And what I found is that for some reason, that doesn't work in the UK. You can't send your Libby-borrowed book from the library to your UK-based Kindle.
So I went and bought myself another e-reader. So my old aging e-reader has been consigned to someone else. And now I have the Kobo Clara BW, which is a Kindle, really.
Very interesting user interface I've had to tangle with.
Oh, have you?
I have a parent who owns one.
Oh, right.
Okay, I don't find it that different from the Amazon Kindle myself, but the beauty is that it's all integrated with the Libby app by something called OverDrive, which means that I can now take out from my local library from the comfort of my e-reader.
And the wonderful thing about this e-reader for me compared to my old one is it has a night mode. So when I'm reading in bed, and the lights are out, I can actually read.
I don't have to have a great big bright screen in front of me.
Okay, I don't find it that different from the Amazon Kindle myself, but the beauty is that it's all integrated with the Libby app by something called OverDrive, which means that I can now take out from my local library from the comfort of my e-reader.
And the wonderful thing about this e-reader for me compared to my old one is it has a night mode. So when I'm reading in bed, and the lights are out, I can actually read.
I don't have to have a great big bright screen in front of me.
Jesus Christ, you just discovered backlit Kindle?
No, no, not black. No, no, no, because my old one had a backlight, but it was black writing on a white background. Right. It was very, very bright for me.
Now I get white writing on a black background at night. You with me?
Now I get white writing on a black background at night. You with me?
The crowd's so wild. Yeah, the crowd's gone wild. It's cool.
Anyway, I love it. It's cheap and affordable, does the job. Don't get the colour version. Everything I've read says the colour version is not as good as the black and white version.
So I have got the Kobo Clara BW, and that is my pick of the week. And thank you, Carole, for recommending the Libby app all those months ago.
So I have got the Kobo Clara BW, and that is my pick of the week. And thank you, Carole, for recommending the Libby app all those months ago.
Yeah, it's great. Love the Libbys.
Very nice. And yeah, I'm enjoying doing this thing called reading.
Yeah. Yeah, you should try audiobooks. There's no ads or anything. It's amazing.
That'll be the next step. That'll be the next step. Carole, what's your pick of the week?
Okay, so it's earlier this week and it's pissing down with rain, howling with wind.
And it was evening and I was chilling out with my cousin and we didn't want to go out because it was too gross. So we do what we all do.
We made some simple, cozy, you know, goopy food and perused some of the streaming channels.
And it was evening and I was chilling out with my cousin and we didn't want to go out because it was too gross. So we do what we all do.
We made some simple, cozy, you know, goopy food and perused some of the streaming channels.
Yes.
And we were just deciding together what we should watch.
You know how sometimes two people together come up with something that neither individual party would have watched on their own?
You know how sometimes two people together come up with something that neither individual party would have watched on their own?
Yes, I do.
Right? You know what I'm talking about? That does happen. You don't know how, but it happens.
Well, it happened to us because I ended up watching Cocaine Bear, which is my pick of the week. Please tell me it's not a finished show.
Well, it happened to us because I ended up watching Cocaine Bear, which is my pick of the week. Please tell me it's not a finished show.
I have heard of it, but I haven't seen it.
Okay, great. So the premise of the story, for those who don't know about it, it's 1985.
A drug smuggler wants to drop a shipment of cocaine by plane by parachuting out with a drug-filled duffel bag. That's his plan, right?
But somehow knocks himself out on the plane's doorframe on his exit and sadly falls to his death in Knoxville, Tennessee.
A black bear finds the cocaine, munches on it, goes insane, chasing and mauling folks in a rather grisly manner, all in the desperate need to get more of his fix.
Of course, the drug dealers that are connected with the guy who died are also trying to find where the hell their cocaine has gone. And did the guy do a runner? And what's going on?
And the cops are there and the rangers are there because they keep getting reports of missing people in the area.
A drug smuggler wants to drop a shipment of cocaine by plane by parachuting out with a drug-filled duffel bag. That's his plan, right?
But somehow knocks himself out on the plane's doorframe on his exit and sadly falls to his death in Knoxville, Tennessee.
A black bear finds the cocaine, munches on it, goes insane, chasing and mauling folks in a rather grisly manner, all in the desperate need to get more of his fix.
Of course, the drug dealers that are connected with the guy who died are also trying to find where the hell their cocaine has gone. And did the guy do a runner? And what's going on?
And the cops are there and the rangers are there because they keep getting reports of missing people in the area.
Right.
So, it's fantastic.
You've got TV stars like Keri Russell from The Americans, Isaiah Whitlock from The Wire, Margo Martindale from everything political in the world, and the late Ray Liotta is even in it.
It's just ridiculous. It's wonderful. It's horrible. It's got a pinch of gore. It's wildly entertaining. We both totally loved it.
And a weird factoid, it is loosely based on a true story.
There was no murderous rampage by a bear in the true story, but investigators finally found the corpse of a 175-pound male bear and 3 to 4 grams of cocaine in his bloodstream.
And can you guess what the world nicknamed him? This big bear?
You've got TV stars like Keri Russell from The Americans, Isaiah Whitlock from The Wire, Margo Martindale from everything political in the world, and the late Ray Liotta is even in it.
It's just ridiculous. It's wonderful. It's horrible. It's got a pinch of gore. It's wildly entertaining. We both totally loved it.
And a weird factoid, it is loosely based on a true story.
There was no murderous rampage by a bear in the true story, but investigators finally found the corpse of a 175-pound male bear and 3 to 4 grams of cocaine in his bloodstream.
And can you guess what the world nicknamed him? This big bear?
I don't know.
Pablo Escobear.
Oh, very clever. Very clever.
So this is Cocaine Bear. That's my pick of the week. It's streaming on Netflix. Check it out, it's fantastic.
And that just about wraps up the show for this week. You can follow us on Twitter @SmashingSecurity. No G. Twitter wouldn't allow us to have a G.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
And huge, huge thank you to our episode sponsors, Sysdig, 1Password, and Vanta. And of course, to our wonderful Patreon community. It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest list, and the entire back catalog of more than 383 episodes, check out smashingsecurity.com.
For episode show notes, sponsorship info, guest list, and the entire back catalog of more than 383 episodes, check out smashingsecurity.com.
Until next time, cheerio. Bye-bye.
Bye. Cocaine Bear. Seriously, I recommend it because you will laugh and you will kind of get shocked.
You will go, "Ah!" Is it a TV series, is it, or a movie?
No, no, no, it's just a movie. It's just a movie. Just a movie. 90 minutes of your life.
Okay.
You'll thank me.
Oh, yeah. Sounds good.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Episode links:
- Ukrainian detained for allegedly installing CCTV cameras to aid Russian attacks – The Record.
- Russia calls for restrictions on surveillance cameras, dating apps in cities under attack from Ukraine – The Record.
- Christo and Jeanne-Claude art projects.
- North Carolina Musician Charged With Music Streaming Fraud Aided By Artificial Intelligence – United States Department of Justice.
- Man Arrested for Creating Fake Bands With AI, Then Making $10 Million by Listening to Their Songs With Bots – The Futurist.
- Kobo Clara BW ereader – Kobo.
- Cocaine Bear: Why? – The Atlantic.
- Cocaine Bear Official trailer – YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Sysdig – Secure your cloud in real time. Detect, investigate, and respond to threats at cloud speed.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky at @smashingsecurity.com, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
