From family tree to jail cell? A hacker is alleged to have exploited information on genealogy websites to steal millions from public companies. Meanwhile, Kaspersky’s US customers are wondering – what on earth is UltraAV?
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
But one guy called support as irate as a swatted wasp. He said he'd installed it across his whole network.
He'd used his admin username and password, bypassed all the warnings we'd built in. And the problem was he did not speak Klingon. Oh, right. What was he supposed to do?
He'd used his admin username and password, bypassed all the warnings we'd built in. And the problem was he did not speak Klingon. Oh, right. What was he supposed to do?
Oh, dear. He was fuming like a Ferengi. Smashing Security, Episode 387: Breaches in Your Jeans and Kaspersky Switcheroo Raises a Red Flag with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security, Episode 387. My name's Graham Cluley.
Hello, hello, and welcome to Smashing Security, Episode 387. My name's Graham Cluley.
And I'm Carole Theriault.
Carole, welcome back to the country. Good to have you back in old Blighty after your mission.
Yes, well, thank you. It's wonderful to be here, jet lag and all. But I'm excited to get this show kicked off.
So let's first thank this week's wonderful sponsors, 1Password, Vanta, and SentinelOne. Now coming up on today's show, Graham, what do you got?
So let's first thank this week's wonderful sponsors, 1Password, Vanta, and SentinelOne. Now coming up on today's show, Graham, what do you got?
I'm going to be asking the questions that really matter. Who do you think you are?
Okay. And I'm talking Kaspersky and how it's handling a US-sized snafu. All this and much more coming up on this episode of Smashing Security.
Now, chums, chums, and specifically you, Carole, as you're the only one here in the room.
Mm-hmm.
Have you ever wondered where you came from? Well, have you ever wanted to delve into your family tree?
Delve into my family tree? Well, we do have some of that stuff, so I know a bit, but there's a long line of mysteries.
Is there a deep and murky past?
None of your business. None of your business.
Oh, interesting. Any murderers? Explorers?
None of your business.
Maybe a millionaire?
Maybe.
I mean, wouldn't it be fascinating to discover that someone in your family's past had made a fortune on the stock market?
What if they'd known when the best time was to buy, when the best time was to sell, and maybe, just maybe, some of that financial wizardry could have drifted down the generations, could have trickled down to you, ended up in your DNA.
What if they'd known when the best time was to buy, when the best time was to sell, and maybe, just maybe, some of that financial wizardry could have drifted down the generations, could have trickled down to you, ended up in your DNA.
My DNA? Yeah. What, you mean I'm related to these people that had been, in the past, very, very rich through the stock market?
And maybe you'd have financial nous. Maybe it's a secret talent which has been passed down through the generations. It's possible.
Right, okay. My whole family are hairdressers. My great-grandfather was a hairdresser. My grandfather was a hairdresser. Yeah, okay.
It could be. It could be. It's in the DNA. So today I'm going to talk about a chap called Robert Westbrook. He's 39 years old.
He claims to have attended Oxford University just down the road from you. But frankly, haven't we all? You know, have we all claimed that? I mean, we've all made claims, haven't we?
But you know, going to Oxford University.
He claims to have attended Oxford University just down the road from you. But frankly, haven't we all? You know, have we all claimed that? I mean, we've all made claims, haven't we?
But you know, going to Oxford University.
No. I've been to Oxford University.
Okay, right. So you've walked—
Doesn't mean I went on a course. What are you, nine? Well, it doesn't mean I got a qualification.
I'm so clever.
This chap, Robert Westbrook, as far as I know, he could have just binge-watched some episodes of Inspector Morse and gone round with a tweed jacket with patches on his elbows.
Sure. Did he study at Oxford? I don't know if he studied at Oxford. I don't know. I went to LinkedIn. I actually found him on LinkedIn.
And his profile says that he has a bachelor's degree in philosophy, politics, and economics. PPE. PPE, yeah, because that's what all the politicians do, isn't it? So well done to him.
Doesn't give a year. So, you know, I'm a little bit skeptical.
And his profile says that he has a bachelor's degree in philosophy, politics, and economics. PPE. PPE, yeah, because that's what all the politicians do, isn't it? So well done to him.
Doesn't give a year. So, you know, I'm a little bit skeptical.
But even if he gave a year and gave all that information, like, how easy is it to lie on LinkedIn?
Very easy. Very easy, I've found. Extremely easy.
I don't hang out in those waters, but from what I hear. Anyway, I checked him out.
I went to Companies House and I found him. It does seem that he set up his own little investment company. And it does seem that he decided to make his fortune on the stock market.
Okay, loads of people do that. No biggie.
Loads of people do that. And there's lots of ways of doing it, aren't there? There's a number of ways. You can pore over financial reports. You can analyse market trends.
His approach, though, was a little bit different. Because why study the financials when there's a more direct way of finding out which way the markets may turn?
Yes, what he did was he went to genealogy websites.
His approach, though, was a little bit different. Because why study the financials when there's a more direct way of finding out which way the markets may turn?
Yes, what he did was he went to genealogy websites.
Okay, you've totally lost me. Okay, genealogy websites. I know what they are, but—
Like ancestry.com, sites like that. And you're thinking, why? Why are you telling me this, Graham? What nonsense are you talking?
Well, he went there not because he wanted to find out about his great-aunt Mildred or how she was famed for a spotted dick recipe, nothing like that, but because sometimes it's a case of move over darkweb, because perhaps the secrets you need to hack into people's email accounts are buried in the past.
Now you're intrigued.
Well, he went there not because he wanted to find out about his great-aunt Mildred or how she was famed for a spotted dick recipe, nothing like that, but because sometimes it's a case of move over darkweb, because perhaps the secrets you need to hack into people's email accounts are buried in the past.
Now you're intrigued.
No, I'm just wondering why you're talking like this, but okay.
I'm trying to be dramatic.
Because it is alleged that Robert Westbrook used information he gathered from genealogy websites to crack open the accounts of high-ranking executives, including CFOs, chief accounting officers, finance directors.
Now, how did this work? Well, according to US authorities—
Because it is alleged that Robert Westbrook used information he gathered from genealogy websites to crack open the accounts of high-ranking executives, including CFOs, chief accounting officers, finance directors.
Now, how did this work? Well, according to US authorities—
Is this because their passwords were, my grandmother's name was Martha?
Oh, so close. So close. According to US authorities, on at least 5 occasions between 2019 and 2020, Westbrook managed to reset passwords by correctly answering security questions.
Things like, what's your mother's maiden name? Things like, what year were you married? Things like, who inherited Aunt Agatha's wooden leg?
That kind of material, which you use as a security question for when you can't remember your password and you need to reset it. So, he didn't have to crack passwords.
He just had to crack security questions and reset passwords.
Things like, what's your mother's maiden name? Things like, what year were you married? Things like, who inherited Aunt Agatha's wooden leg?
That kind of material, which you use as a security question for when you can't remember your password and you need to reset it. So, he didn't have to crack passwords.
He just had to crack security questions and reset passwords.
So I don't understand. I've not been on any of these ancestry sites, right? But can you access anybody's profile and get all the info, or is that hidden?
I think you can research— if you've bought the subscription, you can go and look up anyone's details as to who they married and when and when they died and all that kind of information, their full name, their maiden name, and so forth.
So he managed to break into these executives' Office 365 accounts, and he's alleged to have set up rules to automatically forward messages containing sensitive information to anonymous accounts under his control.
So he specifically targeted emails containing information about upcoming earnings announcements. So these are publicly traded companies.
There are internal emails, which obviously highly confidential about, here's our upcoming earnings announcement, and he was being forwarded them.
So even if these users reset their passwords later, their emails were still being forwarded out.
At one company, he's said to have attempted to create a rule that forwarded emails if they contained attachments or sent by the firm's president, or if they came from an external auditor.
So he managed to break into these executives' Office 365 accounts, and he's alleged to have set up rules to automatically forward messages containing sensitive information to anonymous accounts under his control.
So he specifically targeted emails containing information about upcoming earnings announcements. So these are publicly traded companies.
There are internal emails, which obviously highly confidential about, here's our upcoming earnings announcement, and he was being forwarded them.
So even if these users reset their passwords later, their emails were still being forwarded out.
At one company, he's said to have attempted to create a rule that forwarded emails if they contained attachments or sent by the firm's president, or if they came from an external auditor.
God, he must have felt like a little god, eh? Just sitting there gathering all this stuff, just going, "Oh, thank you very much. See, Mr.
CEO, that's exactly what I needed for my next plan of attack."
CEO, that's exactly what I needed for my next plan of attack."
You know how you can set up your email client so maybe it can play a different noise when you get a new email?
So you'd have Joanna Lumley saying, "You've got mail," in the old days of AOL.
Well, you can imagine the kind of bing bong or the ka-ching every time one of these emails was forwarded to him with some juicy information.
And this insider information, it's alleged, was then used by Westbrook to generate over $3.5 million by making profitable trades on the stock market.
Before, of course, it became known to the general public, you know, the information. So he got a sort of first sight of it before it was public.
So you'd have Joanna Lumley saying, "You've got mail," in the old days of AOL.
Well, you can imagine the kind of bing bong or the ka-ching every time one of these emails was forwarded to him with some juicy information.
And this insider information, it's alleged, was then used by Westbrook to generate over $3.5 million by making profitable trades on the stock market.
Before, of course, it became known to the general public, you know, the information. So he got a sort of first sight of it before it was public.
So I'm wondering how he got caught. Because I'm guessing he did, otherwise, you know, what is he telling you on the QT?
If he works on the QT, he's going to be pretty disappointed to hear this podcast.
So although he tried, it is alleged, to conceal his identity through the use of VPNs and anonymous email accounts and buying things on cryptocurrency and all the rest of it, there are experts at the SEC, the Securities Exchange Commission, who were curious about some of the transfers, some of the timings.
Yes, some of the timings, some of the stock market transactions taking place, and they did some crafty blockchain analysis.
And they were ultimately able, they say, this is the case which the prosecutors are putting forward, able to identify Westbrook as the person who did it.
And there were a number of other things which they found out about him. So he had also subscribed to some services to defeat CAPTCHAs to help him do that.
He'd also apparently bought a whole bunch of books about hacking. I guess they went through his Amazon wishlist. But you know, who knows?
Maybe he's innocent because he hasn't had his moment in court yet.
Maybe he was just so addicted to company quarterly reports, he liked to get them early 'cause they are riveting reading.
So although he tried, it is alleged, to conceal his identity through the use of VPNs and anonymous email accounts and buying things on cryptocurrency and all the rest of it, there are experts at the SEC, the Securities Exchange Commission, who were curious about some of the transfers, some of the timings.
Yes, some of the timings, some of the stock market transactions taking place, and they did some crafty blockchain analysis.
And they were ultimately able, they say, this is the case which the prosecutors are putting forward, able to identify Westbrook as the person who did it.
And there were a number of other things which they found out about him. So he had also subscribed to some services to defeat CAPTCHAs to help him do that.
He'd also apparently bought a whole bunch of books about hacking. I guess they went through his Amazon wishlist. But you know, who knows?
Maybe he's innocent because he hasn't had his moment in court yet.
Maybe he was just so addicted to company quarterly reports, he liked to get them early 'cause they are riveting reading.
You know, but as we talked about in the show recently, if you crack into someone's email, people have years and years and years of information in there.
And I'm imagining now, especially with the AI tech that we have, you can actually parse that data much more easily.
I was always kind of using that, hey, it's a needle in the haystack if you come near me because I've never organized anything. But actually AI can do that now quite quickly, I hear.
So that's interesting, right? Because, and then there's so much information in email. It's— Oh, huge amount. Huge amount.
And I'm imagining now, especially with the AI tech that we have, you can actually parse that data much more easily.
I was always kind of using that, hey, it's a needle in the haystack if you come near me because I've never organized anything. But actually AI can do that now quite quickly, I hear.
So that's interesting, right? Because, and then there's so much information in email. It's— Oh, huge amount. Huge amount.
And it may be being kept for regulatory reasons inside organizations as well. So they can't delete it.
Yeah, but what about you though? I bet you don't delete all your email. I bet your email goes back 20 years. And why?
I mean, when is the last time you looked at an email that was more than a year old?
I mean, when is the last time you looked at an email that was more than a year old?
Oh, I do. I do. Now, sometimes I do. But yeah, I hear you. Yeah. And there's a lot of cruft, isn't there? A lot of stuff you should delete. Yeah.
So that's one piece of advice is if you're able to do good housekeeping on your email, obviously.
So that's one piece of advice is if you're able to do good housekeeping on your email, obviously.
Or just delete it. Although that doesn't help.
Doesn't help with new emails, of course, coming in, which may be about, you know, if, for instance, my company were doing a merger and acquisition with yours, for instance, we wouldn't want that becoming public information, would we?
But the other thing is that, obviously, very crafty using these genealogy websites to find out this information.
And it suggests that the executives at these hacked companies weren't adhering to best security practices, because you should never choose easy-to-guess or easy-to-find-out answers to secret "forgot your password" questions.
So if you're Paris Hilton and your passwords are basically the name of your pet chihuahua, that's a piece of personal information.
If you're Sarah Palin, if you remember her— do you remember the good old days of Sarah Palin? Yes, of course I do. When we thought that was as crazy as it would get.
She, for instance, had her email account because she'd used public information to secure it, information which was contained in her biography about when she'd met her husband, town that she was born in, that kind of information.
So instead of that, tell a lie. When you're asked to give your city of birth, say it's UV6DNW01XSB. Or say your mother's maiden name is Xena Warrior Princess.
Don't use those two examples. Okay.
But the other thing is that, obviously, very crafty using these genealogy websites to find out this information.
And it suggests that the executives at these hacked companies weren't adhering to best security practices, because you should never choose easy-to-guess or easy-to-find-out answers to secret "forgot your password" questions.
So if you're Paris Hilton and your passwords are basically the name of your pet chihuahua, that's a piece of personal information.
If you're Sarah Palin, if you remember her— do you remember the good old days of Sarah Palin? Yes, of course I do. When we thought that was as crazy as it would get.
She, for instance, had her email account because she'd used public information to secure it, information which was contained in her biography about when she'd met her husband, town that she was born in, that kind of information.
So instead of that, tell a lie. When you're asked to give your city of birth, say it's UV6DNW01XSB. Or say your mother's maiden name is Xena Warrior Princess.
Don't use those two examples. Okay.
There is a cost to that, though, because you might be a very good liar and be able to keep all your lies in check.
Some of us are really crap at lying and don't remember if we happen to have to lie. We don't remember. Right?
Some of us are really crap at lying and don't remember if we happen to have to lie. We don't remember. Right?
Because it's not true. Are you lying about being a crap liar, Barbara? Now, this chap, Robert Westbrook, he's been arrested in the UK. The intention is to extradite him to the US.
He's going to face all kinds of charges. If convicted of everything, he could face up to 65 years in prison.
He's going to face all kinds of charges. If convicted of everything, he could face up to 65 years in prison.
Yeah, see, the US is a weird country to choose. The penalties will be much higher there, I imagine, than anywhere in the EU.
Yeah, maybe. I think maybe you're right. Anyway, folks, insider trading, not a good idea. Oh, well, thank you. Well, it's just a piece of advice. That's what I do.
I just share my wisdom. Share my wisdom.
I just share my wisdom. Share my wisdom.
People are so lucky.
Carole, what's your story for us this week? Okay.
Well, first, Graham, I'm going to take you down memory lane. Oh, yes. A joyous memory. Not one of those yucky ones. Don't worry. Good. Cast your mind back to 2009.
This is the year Barack Obama took office, the year Russia shut the oil line to Ukraine. Oh, yes. And Kate Moss kept promoting the smoky eye look.
This is the year Barack Obama took office, the year Russia shut the oil line to Ukraine. Oh, yes. And Kate Moss kept promoting the smoky eye look.
Oh, yes. That's what I mostly remember of 2009. Yes. Kate Moss's smoky eye.
And you and I were working at an AV company in PR and communications and all that. And basically, we wanted to do something a bit off the wall to get some press attention.
And we didn't know what. So I suggested we pull together a little tiger team of brainiacs. Do you remember?
And we had a friend of the show, Mark Stockley, and Vanja Svajcer, and you and me. And I think there was someone else who I'm forgetting. Sorry, sorry, sorry.
And we all got together to brainstorm what could we do.
And we didn't know what. So I suggested we pull together a little tiger team of brainiacs. Do you remember?
And we had a friend of the show, Mark Stockley, and Vanja Svajcer, and you and me. And I think there was someone else who I'm forgetting. Sorry, sorry, sorry.
And we all got together to brainstorm what could we do.
Right. Yes.
And we came up with the idea because it was going to tie in with the new Star Trek movie. This was the first reboot with the original TV actors. Oh, yes.
And that was about to launch in theaters across the UK in 2009. So we decided we'd go all out and translate every text string that was displayed in our flagship Windows product.
And that was about to launch in theaters across the UK in 2009. So we decided we'd go all out and translate every text string that was displayed in our flagship Windows product.
Into Klingon.
Into Klingon. And we somehow found and paid a Klingon translator named Melanie. And we kept laughing because we're like, I don't know if she's going to get it right.
You know, she could just be writing gibberish. I mean, it's not like I can read it, but we put it all together and we had some dudes put it into the product.
You know, she could just be writing gibberish. I mean, it's not like I can read it, but we put it all together and we had some dudes put it into the product.
Yeah.
And then how to get press attention. Do you remember how we did that?
Before we got press attention, surely the thing— how were we going to do quality control that the messages were displayed in the right places? I mean, how were they checking?
You can't trust the translator, surely. We needed to find a second translator who could read Klingon.
You can't trust the translator, surely. We needed to find a second translator who could read Klingon.
And so you remember, this is how we launched it. We made it look as though it was half finished, although we had totally finished the whole product.
Not difficult with our software.
Yeah. And we put it up on a webpage and we had little comments displaying on the final page, kind of looking like code, like we were working on it.
Oh, there was stuff embedded in the HTML. So it wasn't— so if you looked at the source code of the webpage, it looked like it almost leaked out by accident.
Wasn't that what we did?
Wasn't that what we did?
Exactly. Yeah. It worked. We must have leaked it as anonymous tips to certain publications. We must have done that. I don't remember, but it worked. We got oodles of press.
We even had a YMCA song to promote it.
We even had a YMCA song to promote it.
Sung in Klingon. Sung in Klingon, I should add.
Sung in Klingon. Sung in Klingon. Now, for the record, we did not push this product out to all paying customers, right? We made it available as a clear single install as a joke.
But one guy, one guy called support as irate as a swatted wasp, I tell you. And he said he'd installed it across his whole network.
He'd used his admin, you know, username and password, bypassed all the warnings we'd built in. And the problem was he did not speak Klingon. Oh! Right? What was he supposed to do?
How could he get it off his systems?
But one guy, one guy called support as irate as a swatted wasp, I tell you. And he said he'd installed it across his whole network.
He'd used his admin, you know, username and password, bypassed all the warnings we'd built in. And the problem was he did not speak Klingon. Oh! Right? What was he supposed to do?
How could he get it off his systems?
Oh dear. He was fuming like a Ferengi.
So this brings me to this week's story. Well, less of a story, more of a situation that I thought we could noodle about because— All right, yes.
I think this— I think I can argue that this company is in a pretty tight spot. And it all revolves around Russian antivirus company Kaspersky. The U.S.
Commerce Department announced in June earlier this year its plans to ban the sale of antivirus software made by Russian firm Kaspersky. Yep. Why? Because the U.S.
government placed the blame on its alleged links to the Kremlin. Yeah.
Back in June, a spokesperson for the Commerce Department said that Moscow's influence over the company was found to pose a significant risk to U.S.
infrastructure and services, that the U.S. was compelled to take action due to Russia's capacity and intent to collect and weaponize personal information of Americans.
I think this— I think I can argue that this company is in a pretty tight spot. And it all revolves around Russian antivirus company Kaspersky. The U.S.
Commerce Department announced in June earlier this year its plans to ban the sale of antivirus software made by Russian firm Kaspersky. Yep. Why? Because the U.S.
government placed the blame on its alleged links to the Kremlin. Yeah.
Back in June, a spokesperson for the Commerce Department said that Moscow's influence over the company was found to pose a significant risk to U.S.
infrastructure and services, that the U.S. was compelled to take action due to Russia's capacity and intent to collect and weaponize personal information of Americans.
Yes, that's one argument they could use.
I mean, there is a counterargument that, of course, they also posed a significant risk to American antivirus companies who were trying to compete with them.
I mean, there is a counterargument that, of course, they also posed a significant risk to American antivirus companies who were trying to compete with them.
So no surprise Kaspersky was not best pleased with this, right? The US is an absolute huge market for any antivirus firm.
And at the time, Kaspersky said it intended to pursue all legally available options to fight the ban, and denied it engaged in any activity that threatened US security.
And I should note that according to The Register's Iain Thomson, another friend of Smashing Security, his article suggests that US authorities have not provided details to back these assertions and that Kaspersky offered to hand over its source code for checking by US officials, but he writes that the offer was ignored.
So there's that. The US plan was simple in premise: bar loads of Kaspersky software, bar updates, bar resales, and licensing of the product from the 29th of September.
And sellers and resellers who violated this restriction would, of course, face fines from the Commerce Department. So I'm going to pause here.
So Graham, you and I, you know, hail from this AV world. I can't think of a single antivirus outfit who would not panic at this situation.
Because not only can you not sell products, but you can't even send updates. So effectively, you're leaving everybody in a lurch.
And at the time, Kaspersky said it intended to pursue all legally available options to fight the ban, and denied it engaged in any activity that threatened US security.
And I should note that according to The Register's Iain Thomson, another friend of Smashing Security, his article suggests that US authorities have not provided details to back these assertions and that Kaspersky offered to hand over its source code for checking by US officials, but he writes that the offer was ignored.
So there's that. The US plan was simple in premise: bar loads of Kaspersky software, bar updates, bar resales, and licensing of the product from the 29th of September.
And sellers and resellers who violated this restriction would, of course, face fines from the Commerce Department. So I'm going to pause here.
So Graham, you and I, you know, hail from this AV world. I can't think of a single antivirus outfit who would not panic at this situation.
Because not only can you not sell products, but you can't even send updates. So effectively, you're leaving everybody in a lurch.
I mean, they were given a little bit of time. There was some warning before it happened. But yeah, this deadline, which has now gone, hasn't it, was looming, of course.
And you must be thinking, not only is this cutting off a revenue stream, but also what's going to happen to those companies because they won't be protected with up-to-date antivirus software?
And you must be thinking, not only is this cutting off a revenue stream, but also what's going to happen to those companies because they won't be protected with up-to-date antivirus software?
Efforts to reverse the decision failed, and the Russian AV company ended up complying with the ban. But how they approached it caused a bit of a ruckus.
So the plan Kaspersky came up with was to automatically transition US-based users of its consumer-grade products to UltraAV, which was provided by an American vendor.
So the plan Kaspersky came up with was to automatically transition US-based users of its consumer-grade products to UltraAV, which was provided by an American vendor.
UltraAV. Haven't heard of that one.
Me neither.
No. And we know quite a lot of antivirus companies.
We do know quite a lot.
And your Yeti knows even more really, really obscure antivirus companies.
Yes. Well, I even asked him about this. He said, "I've been asking around. No one's heard of it."
I haven't heard of it. Wow.
So I saw that Kaspersky started talking about this publicly at the beginning of September. It may have been earlier than that, but that was the first I saw.
And this past week, the switch started, right? Kaspersky software being automatically replaced by UltraAV on some Windows systems.
Presumably using the permissions already granted to what Kaspersky was allowed to do, I'm guessing. But some people are not very happy, right?
I found this Kaspersky forum where people are letting off a little bit of angry steam, different versions of, "Why do you use a bottom-level antivirus when we paid for Kaspersky-level antivirus?" And the official-looking answer from Kaspersky says, "Hello, as you may know, the U.S.
authorities have restricted the sales and distribution of Kaspersky products in the U.S., but we remain committed to providing you the utmost cybersecurity.
And as we're forced to limit our cybersecurity products in functionality, we give you an opportunity to let a replacement security solution by our trusted partner, UltraAV."
And this past week, the switch started, right? Kaspersky software being automatically replaced by UltraAV on some Windows systems.
Presumably using the permissions already granted to what Kaspersky was allowed to do, I'm guessing. But some people are not very happy, right?
I found this Kaspersky forum where people are letting off a little bit of angry steam, different versions of, "Why do you use a bottom-level antivirus when we paid for Kaspersky-level antivirus?" And the official-looking answer from Kaspersky says, "Hello, as you may know, the U.S.
authorities have restricted the sales and distribution of Kaspersky products in the U.S., but we remain committed to providing you the utmost cybersecurity.
And as we're forced to limit our cybersecurity products in functionality, we give you an opportunity to let a replacement security solution by our trusted partner, UltraAV."
Okay. People would be an awful lot more comfortable if it was an antivirus maybe they'd heard of. I mean, Kaspersky had a very good reputation for looking after computers.
I mean, it was very good at finding malware, but UltraAV is a bit of a mystery, isn't it?
I mean, it was very good at finding malware, but UltraAV is a bit of a mystery, isn't it?
What its quality is like. I saw some reports saying that, you know, hey, we're the hush-hush company. You know, if people don't know us, they don't attack us.
And I'm thinking, hmm, hmm, I think this is a bit of a red flag. You know, I wouldn't feel very good because AV by its very design has pretty deep access to your systems. Oh, yeah.
And I'm thinking, hmm, hmm, I think this is a bit of a red flag. You know, I wouldn't feel very good because AV by its very design has pretty deep access to your systems. Oh, yeah.
Well, just ask CrowdStrike. Yeah.
And you need to trust your provider. And if you don't and they're crawling all over your system, you know, not be a happy puppy.
I mean, on one side, Kaspersky could say, "Okay, fine. You know, you don't want us there. You got us federally banned. Fine, we're out.
Goodbye and good luck." And leave everyone, those who had not heard about this ban because they're not reading tech press all the time, or people that hadn't taken action yet, you leave them in the lurch.
I mean, on one side, Kaspersky could say, "Okay, fine. You know, you don't want us there. You got us federally banned. Fine, we're out.
Goodbye and good luck." And leave everyone, those who had not heard about this ban because they're not reading tech press all the time, or people that hadn't taken action yet, you leave them in the lurch.
I imagine these companies have bought site licenses, have paid Kaspersky for, I don't know, the next 3 years or something, haven't they?
Well, that is, that is something because some people have been asking for their money back saying, look, I like Kaspersky. I'm not into this whole Ultra AV thing.
Can I have my money back, please? And they wrote on their forum, dear customer, greetings. Appreciate you getting in touch.
Unfortunately, we are unable to process your refund request at this time.
We have a 30-day, no-questions-asked return policy for all purchases made through our official online store, as outlined on our website.
So basically people that bought 3-year site licenses or single licenses.
Can I have my money back, please? And they wrote on their forum, dear customer, greetings. Appreciate you getting in touch.
Unfortunately, we are unable to process your refund request at this time.
We have a 30-day, no-questions-asked return policy for all purchases made through our official online store, as outlined on our website.
So basically people that bought 3-year site licenses or single licenses.
Because this would, yeah, this is happening both at businesses and home users, I imagine, is it?
You know, I'm seeing it at consumer level AV. So, but I mean, I am sure there are many, many small companies that have that level of AV across their company.
Because those businesses are going to be needing to run a different antivirus as well.
I imagine there's a lot of rival antivirus companies who are rubbing their hands together saying, "We will take on your license. We will protect you. Come to us.
You know, if you've got 6 months of your license still with Kaspersky, we'll give you that for free."
I imagine there's a lot of rival antivirus companies who are rubbing their hands together saying, "We will take on your license. We will protect you. Come to us.
You know, if you've got 6 months of your license still with Kaspersky, we'll give you that for free."
Just sign up with us for the next 3 years.
And you'd think a reputable company may have come up with a deal for this to be able to take over those customers in a way that would feel more— I mean, there's always gonna be gripes, right?
There's no way you could do this and not have gripes. I get that.
And you'd think a reputable company may have come up with a deal for this to be able to take over those customers in a way that would feel more— I mean, there's always gonna be gripes, right?
There's no way you could do this and not have gripes. I get that.
Maybe though the regular antivirus companies, let's call them the American antivirus companies, were petrified about getting into a business relationship with Kaspersky in case some of this shade which has been thrown at Kaspersky lands on them as well.
It's, well, you know what, we don't mind if these customers choose to come to us, but maybe we shouldn't be the chosen one, as it were.
Maybe that's why they've ended up with UltraAV, whatever that is.
It's, well, you know what, we don't mind if these customers choose to come to us, but maybe we shouldn't be the chosen one, as it were.
Maybe that's why they've ended up with UltraAV, whatever that is.
Well, yeah, I'm just surprised that Kaspersky is allowed to put Ultra AV in place and not have to give the option of getting money back.
It must be in the fine print, you know, comes back to my big adage, always read the fine print.
It must be in the fine print, you know, comes back to my big adage, always read the fine print.
Support for today's podcast comes from SentinelOne, which secures and protects every aspect of your cloud, in real time.
Discover all your assets and deploy AI-powered protection to shield your cloud from build time to runtime.
On top of that, SentinelOne offers threat hunting, visibility, and remote administration tools to manage and protect any IoT devices connected to your network.
Looking for a cloud-native application protection platform? SentinelOne is your ultimate CNAPP solution. Go to smashingsecurity.com/sentinelone for more information and a free demo.
See what a flexible, cost-effective, and resilient cloud security platform can do for your organization with SentinelOne. That's smashingsecurity.com/sentinelone.
Quick question: do your end users always, and I mean always without exception, work on company-owned devices and IT-approved apps? I didn't think so.
So my next question is, how do you keep your company's data safe when it's sitting on all of those unmanaged apps and devices?
Well, 1Password has an answer to this question, and it's called Extended Access Management.
1Password Extended Access Management helps you secure every sign-in for every app on every device because it solves the problems traditional IAM, ransomware and MDM can't touch.
Go and check it out for yourself at 1password.com/smashing. That's 1password.com/smashing. And thanks to the folks at 1Password for supporting the show.
Whether you're starting or scaling your company's security program, demonstrating top-notch security practices and establishing trust is more important than ever.
Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money while helping you build customer trust.
Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing trust center, all powered by Vanta AI.
Over 7,000 global companies like Atlassian, Sophos, FlowHealth, and Quora use Vanta to manage risk and improve security in real time.
Get $1,000 off Vanta when you go to vanta.com/smashing. That's vanta.com/smashing for $1,000 off.
And welcome back, and you join us at our favorite part of the show, the part of the show that we call Pick of the Week.
Discover all your assets and deploy AI-powered protection to shield your cloud from build time to runtime.
On top of that, SentinelOne offers threat hunting, visibility, and remote administration tools to manage and protect any IoT devices connected to your network.
Looking for a cloud-native application protection platform? SentinelOne is your ultimate CNAPP solution. Go to smashingsecurity.com/sentinelone for more information and a free demo.
See what a flexible, cost-effective, and resilient cloud security platform can do for your organization with SentinelOne. That's smashingsecurity.com/sentinelone.
Quick question: do your end users always, and I mean always without exception, work on company-owned devices and IT-approved apps? I didn't think so.
So my next question is, how do you keep your company's data safe when it's sitting on all of those unmanaged apps and devices?
Well, 1Password has an answer to this question, and it's called Extended Access Management.
1Password Extended Access Management helps you secure every sign-in for every app on every device because it solves the problems traditional IAM, ransomware and MDM can't touch.
Go and check it out for yourself at 1password.com/smashing. That's 1password.com/smashing. And thanks to the folks at 1Password for supporting the show.
Whether you're starting or scaling your company's security program, demonstrating top-notch security practices and establishing trust is more important than ever.
Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money while helping you build customer trust.
Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing trust center, all powered by Vanta AI.
Over 7,000 global companies like Atlassian, Sophos, FlowHealth, and Quora use Vanta to manage risk and improve security in real time.
Get $1,000 off Vanta when you go to vanta.com/smashing. That's vanta.com/smashing for $1,000 off.
And welcome back, and you join us at our favorite part of the show, the part of the show that we call Pick of the Week.
Pick of the Week. Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security-related necessarily. Better not be. Now, Carole, do you remember the old days? Nope.
Well, if you did, you would remember that in the days before Spotify and iTunes and things like that, you used to rip CDs and you'd have hundreds, if not thousands, of MP3 files.
And you would curate them, you would put them into folders, you'd organize them, maybe you'd add— I didn't. You didn't do any of that?
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security-related necessarily. Better not be. Now, Carole, do you remember the old days? Nope.
Well, if you did, you would remember that in the days before Spotify and iTunes and things like that, you used to rip CDs and you'd have hundreds, if not thousands, of MP3 files.
And you would curate them, you would put them into folders, you'd organize them, maybe you'd add— I didn't. You didn't do any of that?
I still have 20,000 songs. Someone gave me a huge dump of their MP3s and just slapped it into my music, which I've been continuing to add to.
And it's full of crap I don't like at all. It's a complete disaster nightmare.
And it's full of crap I don't like at all. It's a complete disaster nightmare.
Well, wouldn't it be great to organise those things so you could see what they were without having to listen to them? Wouldn't it be great if you had all the cover art added?
Wouldn't it be great if you had all the tags and the genres and all of that stuff which you'd normally have to do by hand, if it was magically occurring?
Well, I've had this situation recently where I had some MP3 files and I thought, "Oh, I don't want to have to tag everything, I don't want to have to do this." I found a free and open-source piece of software called Picard, and it links up with a database which knows all about millions and millions of pieces of music called MusicBrainz.
Now, I almost didn't suggest this because MusicBrainz is spelled with a Z at the end, which upsets me, but MusicBrainz, Picard, identifies, tags, organizes your digital audio recordings, helps you organize your music collections, renames your files, sorts them into folders.
It is free. It's available for Windows, Mac, and Linux. And I can report it works a treat. I'm really, really impressed by it.
Wouldn't it be great if you had all the tags and the genres and all of that stuff which you'd normally have to do by hand, if it was magically occurring?
Well, I've had this situation recently where I had some MP3 files and I thought, "Oh, I don't want to have to tag everything, I don't want to have to do this." I found a free and open-source piece of software called Picard, and it links up with a database which knows all about millions and millions of pieces of music called MusicBrainz.
Now, I almost didn't suggest this because MusicBrainz is spelled with a Z at the end, which upsets me, but MusicBrainz, Picard, identifies, tags, organizes your digital audio recordings, helps you organize your music collections, renames your files, sorts them into folders.
It is free. It's available for Windows, Mac, and Linux. And I can report it works a treat. I'm really, really impressed by it.
Really? Okay. That sounds good. Do you think I could do it on my own or do you think I need help?
I think, I think most people could do it on their own, Carole. Let's just leave it at that. I think the vast majority of people would have no trouble at all doing this.
I'm not making any promises regarding yourself. Anyway, MusicBrainz Picard is my Pick of the Week. Very good.
I'm not making any promises regarding yourself. Anyway, MusicBrainz Picard is my Pick of the Week. Very good.
And funny that, you know, you say Picard and I talked about Star Trek. Oh my God. Oh yes.
Very good. Very good.
Carole, what's your Pick of the Week? Okay, so sometimes you need downtime, right? We all need downtime.
Real downtime where you want to do something where you don't have to think or you don't have to follow a twisty twisty plot or, you know, you can't even contemplate listening to music because it might get complex.
You just need reality TV. You know what I'm talking about?
Real downtime where you want to do something where you don't have to think or you don't have to follow a twisty twisty plot or, you know, you can't even contemplate listening to music because it might get complex.
You just need reality TV. You know what I'm talking about?
Marriage at First Sight. Yeah.
That's right. What was it? Season 6. Now, this is a rare pleasure for me, because outside these downtime moments, reality TV is not my thing at all.
But if a new show crops up and I'm feeling it, as I was this weekend, it can be a lovely experience. So my reality TV recommendation as my pick of the week is Culinary Class Wars.
It's a sizzling competition. It's Korean. It's on Netflix. Sizzling competition that will see 100 top chefs going apron to apron in a dramatic battle for culinary excellence.
How could you not watch that? So in these 100 competitors, you've got hidden masters. So people that aren't yet really recognized.
But if a new show crops up and I'm feeling it, as I was this weekend, it can be a lovely experience. So my reality TV recommendation as my pick of the week is Culinary Class Wars.
It's a sizzling competition. It's Korean. It's on Netflix. Sizzling competition that will see 100 top chefs going apron to apron in a dramatic battle for culinary excellence.
How could you not watch that? So in these 100 competitors, you've got hidden masters. So people that aren't yet really recognized.
100 competitors, did you say? So this is like Squid Game, but with saucepans.
Kind of. And you've got two colored teams and they go face to face and they're given some food stuff and they have to go head to head and one gets kicked out and one doesn't.
It was glorious for me just to watch this in the background because I don't know any of these chefs. It's in Korea. This is entirely outside my echo chamber. I don't know anything.
I don't know Korean cooking techniques. I don't know squat, but I can just sit there and vegetate. So that is my pick of the week for those of you that need a bit of lazy time.
Culinary Class Wars on Netflix.
It was glorious for me just to watch this in the background because I don't know any of these chefs. It's in Korea. This is entirely outside my echo chamber. I don't know anything.
I don't know Korean cooking techniques. I don't know squat, but I can just sit there and vegetate. So that is my pick of the week for those of you that need a bit of lazy time.
Culinary Class Wars on Netflix.
Sounds fascinating. It sounds great. Can I ask a question? Why class wars? Is it because some of them are posher than others? Is it Penelope Keith versus Felicity Kendal?
I mean, what's going on?
I mean, what's going on?
They've taken star chefs, so I guess TV chefs or people with Michelin stars, that sort of thing, and they've pitted them against lesser-known chefs, and they're put into two different teams, one called the White Spoons and the Black Spoons, very cleverly.
So, yeah, it's great fun.
So, yeah, it's great fun.
Terrific. Well, thanks for that recommendation. Well, that just about wraps up the show for this week.
You can follow us on Twitter @SmashingSecurity, no G, Twitter allows to have a G. And don't forget to ensure you never miss another episode.
Follow Smashing Security in your favorite podcast apps such as Apple Podcasts and Pocket Casts.
You can follow us on Twitter @SmashingSecurity, no G, Twitter allows to have a G. And don't forget to ensure you never miss another episode.
Follow Smashing Security in your favorite podcast apps such as Apple Podcasts and Pocket Casts.
And huge, huge thank you to our episode sponsors SentinelOne, Vanta, and 1Password. And of course, to our wonderful Patreon community. It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 386 episodes, check out smashingsecurity.com. Until next time, cheerio. Bye-bye. Bye.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 386 episodes, check out smashingsecurity.com. Until next time, cheerio. Bye-bye. Bye.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Episode links:
- U.K. National Charged with Multimillion-Dollar Hack-to-Trade Fraud Scheme – US Department of Justice.
- Sophos punts anti-virus for Klingons – The Register.
- Designating Kaspersky Lab Leadership in Response to Continued Cybersecurity Risks – US Department of Treasury.
- Kaspersky says Uncle Sam snubbed its verification proposal – The Register.
- Use Kaspersky Antivirus Software? You’ll Be Migrated to Pango’s UltraAV – PC Mag.
- Kaspersky software replaced by ‘UltraAV’ on some US PCs – The Register.
- Need Instructions on Refunds for those who bought multi-year subscriptions – Kaspersky.
- US bans Kaspersky antivirus software for alleged Russian links – BBC News.
- Who gave you permission to put UltraAV on my computer? – Kaspersky Total Security.
- MusicBrainz Picard – Cross-platform music tagger powered by the MusicBrainz database.
- 100 Chefs Will Slice Through the Competition in Culinary Class Wars – Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- SentinelOne – secure and protect every aspect of your cloud in real-time.
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky at @smashingsecurity.com, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
