WEBVTT 00:03.836 --> 00:16.840 [SPEAKER_01]: the name of somebody, and you have to tell me, whether they ever portrayed a hacker, cyber criminal, general computer badly, on-screen, or if they're just what we in the business call a bit rubbish-acting. 00:22.782 --> 00:24.023 [SPEAKER_02]: Okay, let's do it. 00:34.002 --> 00:36.966 [SPEAKER_00]: Smeshing Security, Episode 435, Lights, Camera, Action, with Grand Culei. 00:43.723 --> 00:48.125 [SPEAKER_01]: Hello, hello and welcome to Smashing Security Episode 435, my name's Grant Pluelly. 00:48.545 --> 00:49.666 [SPEAKER_03]: And I'm Jenny Radcliffe. 00:50.386 --> 00:54.849 [SPEAKER_01]: Jenny, welcome back to the show it's been such a long time. 00:55.569 --> 00:58.791 [SPEAKER_03]: I know it feels like ages are slowly to be back, thanks for asking me. 00:59.171 --> 01:05.174 [SPEAKER_01]: It is young snuffer, anybody who doesn't know you Jenny and shame on them if that is the case. 01:05.734 --> 01:07.035 [SPEAKER_01]: How would you describe yourself? 01:07.884 --> 01:31.028 [SPEAKER_03]: Well, I suppose my handle online through all the socials is the people hacker and that comes from me being known as social engineer, specialized in psychology of social engineering scams and cons and the thing that everybody remembers is that I'm a big less so I do a lot of physical penetration testing and that's really what I'm known for so social engineering. 01:31.553 --> 01:45.237 [SPEAKER_01]: you're also a celebrated keynote speaker as well on you people will often have seen you at conferences and running awareness courses inside companies as well sort of raising the specter of social engineering and really helping people get to grips with it. 01:45.418 --> 01:52.600 [SPEAKER_03]: Yeah, lots of time on the road, lots of talks, podcasts interviews, that type of thing, and a book, a roguest of book. 01:52.740 --> 01:52.880 [SPEAKER_05]: Yes. 01:53.180 --> 01:56.582 [SPEAKER_03]: which a lot of people seem to enjoy, which is very nice if you don't. 01:57.162 --> 02:04.946 [SPEAKER_03]: I did have one a great review, where the guy hasted it, hasted everything about it, I was a terrible writer, it was awful. 02:05.446 --> 02:16.272 [SPEAKER_03]: And I looked to see what else he'd reviewed, and he'd bought some kitchen utensils, which he'd absolutely spent a very long time telling everyone how terrible they were, so I didn't feel quite as bad. 02:17.412 --> 02:19.454 [SPEAKER_03]: Let me get the book in the book, Skull People Hackers. 02:19.694 --> 02:20.895 [SPEAKER_03]: 19th Ann Pence, very often. 02:21.135 --> 02:21.836 [SPEAKER_03]: I'm here, Kindle. 02:21.996 --> 02:22.677 [SPEAKER_03]: I've no sister. 02:22.717 --> 02:23.377 [SPEAKER_01]: Fantastic. 02:24.238 --> 02:32.925 [SPEAKER_01]: Well, before we kick off, let's thank this week's wonderful sponsors Adaptive Security and Vanta will be here in more about them later on the show. 02:36.226 --> 02:37.847 [SPEAKER_00]: this week on smashing security. 02:38.007 --> 02:46.751 [SPEAKER_01]: We're not going to be talking about Shay Haloud, a fast, pretty open-source worm that is stealing credentials from developers and publishing their secrets on GitHub. 02:49.512 --> 02:55.915 [SPEAKER_01]: You'll hear no discussion of how losses are rocked in at Jaguar Land Rover as a cyber attack continues to cause disruption. 02:58.524 --> 02:59.685 [SPEAKER_00]: Then we won't even mention. 02:59.845 --> 03:05.848 [SPEAKER_01]: How North Korean spies are using chatGPT to create fake South Korean military ideas. 03:08.610 --> 03:11.512 [SPEAKER_01]: So Jenny, what are you going to be talking about this week? 03:11.772 --> 03:19.117 [SPEAKER_03]: I'd like to talk about the ACO report that warns that kids are hacking their schools for fun or days. 03:19.437 --> 03:21.958 [SPEAKER_01]: And I'm going to be talking about crimes against cinema. 03:23.679 --> 03:27.662 [SPEAKER_01]: All this, and much more, coming up on this episode of Smashing Security. 03:31.180 --> 03:36.205 [SPEAKER_01]: Now, shums, chums, I have to say, I absolutely loath it. 03:36.805 --> 03:44.793 [SPEAKER_01]: When people use the term bad actors to describe hackers and cybercriminals, how do you feel about it, Jenny? 03:45.558 --> 03:48.320 [SPEAKER_03]: It just, I've found, well, I find it confuses people. 03:48.601 --> 03:48.821 [SPEAKER_03]: Yes. 03:49.421 --> 03:52.905 [SPEAKER_03]: It confuses audiences if I say bad actor, they laugh. 03:53.285 --> 03:54.406 [SPEAKER_03]: They think of Nicholas Cage. 03:54.906 --> 03:55.847 [SPEAKER_03]: That's what they're thinking about. 03:56.328 --> 03:59.430 [SPEAKER_03]: See, I don't think Nicholas Cage is that bad. 03:59.710 --> 03:59.991 [SPEAKER_03]: Don't you? 04:00.531 --> 04:06.216 [SPEAKER_03]: No, because I remember a movie called Wild Art, which is a David Lynch film. 04:06.296 --> 04:07.718 [SPEAKER_03]: I was great in it. 04:08.238 --> 04:08.718 [SPEAKER_03]: Oh, okay. 04:08.979 --> 04:10.620 [SPEAKER_03]: I don't know if he was acting so much. 04:11.161 --> 04:12.402 [SPEAKER_01]: That's being Nicholas Cage. 04:13.242 --> 04:13.803 [SPEAKER_03]: correct. 04:14.243 --> 04:14.964 [SPEAKER_03]: So I'll give you that. 04:14.984 --> 04:20.067 [SPEAKER_01]: Okay, bad actor has become this terrible bit of corporate jargon. 04:20.548 --> 04:31.475 [SPEAKER_01]: And it makes cyber criminals sound like they're trying to remember the lines in their amdram production of Hamlet all that they're about as impressive as I was when I played a tree in my school's nativity play. 04:31.556 --> 04:34.338 [SPEAKER_01]: And there are a lot of actors. 04:35.018 --> 04:41.042 [SPEAKER_01]: their spins who are out of work, and many of them I suspect are out of work for good reason. 04:41.402 --> 04:57.012 [SPEAKER_01]: And I think there could be a danger that we create a self-fulfilling prophecy if we refer to malicious hackers as bad actors are we, in fact, increasing the risk, the actual bad 05:02.896 --> 05:04.417 [SPEAKER_01]: Well, there's become a cyber criminal. 05:04.537 --> 05:05.798 [SPEAKER_01]: So I don't know the terminology. 05:06.478 --> 05:13.782 [SPEAKER_01]: And that is why I propose we start the fight back right now right here on the podcast. 05:14.543 --> 05:21.767 [SPEAKER_01]: I think it's important to stop using the phrase bad actors and be able to tell the difference between bad actors and bad actors. 05:22.347 --> 05:29.191 [SPEAKER_01]: So what I'm going to do with you today, Jenny, is I'm going to play a little game with you, which I like to call hacker or ham. 05:33.195 --> 05:33.796 [SPEAKER_01]: Oh, here I am. 05:34.736 --> 05:35.977 [SPEAKER_01]: Okay, let's do it. 05:36.557 --> 05:36.978 [SPEAKER_01]: Let's do it. 05:37.198 --> 05:42.321 [SPEAKER_01]: So Hackeroham is the game show where cybersecurity meets questionable acting choices. 05:42.401 --> 05:43.322 [SPEAKER_01]: Here's how it works, Jenny. 05:43.922 --> 05:45.363 [SPEAKER_01]: I'm going to give you the name of somebody. 05:46.083 --> 05:53.448 [SPEAKER_01]: And you have to tell me whether they've ever portrayed a hacker, cyber criminal, general computer badly on screen. 05:54.128 --> 05:57.611 [SPEAKER_01]: Or if they're just what we in the business call a bit rubbish acting. 05:58.251 --> 05:59.572 [SPEAKER_01]: How well do you know your movies? 06:00.660 --> 06:01.901 [SPEAKER_03]: Um, okay. 06:01.981 --> 06:02.782 [SPEAKER_03]: I'm okay. 06:02.922 --> 06:05.124 [SPEAKER_03]: I'm not, I'm not a big movie, both. 06:05.444 --> 06:05.664 [SPEAKER_01]: Right. 06:05.684 --> 06:13.851 [SPEAKER_03]: So, you know, back in the day when X was Twitter and the cyber community, all of us were on Twitter all at the time. 06:14.011 --> 06:14.211 [SPEAKER_01]: Yes. 06:14.531 --> 06:15.212 [SPEAKER_01]: The good old days. 06:15.432 --> 06:16.013 [SPEAKER_03]: The good old days. 06:16.273 --> 06:17.854 [SPEAKER_03]: We'll all watch a movie together. 06:18.094 --> 06:18.395 [SPEAKER_03]: Right. 06:18.575 --> 06:21.317 [SPEAKER_03]: And it was always a cyber movie. 06:21.677 --> 06:22.278 [SPEAKER_03]: All right. 06:22.758 --> 06:24.680 [SPEAKER_03]: And what we do is we all have to press go. 06:25.640 --> 06:37.771 [SPEAKER_03]: Yes, at a certain time and then we comment online and it was, you know, clunky and a little bit disjointed, but it all innocent times gravy and it wasn't really all that long ago, I suppose. 06:38.051 --> 06:43.336 [SPEAKER_01]: I'm a little bit embarrassed because there's a number of cyber-related movies I've never seen. 06:44.297 --> 06:46.238 [SPEAKER_01]: So I've never seen hackers. 06:47.139 --> 06:48.660 [SPEAKER_01]: I've never seen sneakers. 06:49.301 --> 06:50.962 [SPEAKER_01]: I've never seen Jurassic Park. 06:51.082 --> 06:52.484 [SPEAKER_01]: I've never seen war games. 06:53.282 --> 06:55.923 [SPEAKER_03]: Sneakers, Sneakers is the one for me. 06:56.263 --> 06:57.023 [SPEAKER_03]: It's Sneakers good. 06:57.564 --> 06:59.164 [SPEAKER_03]: Well it's social engineering. 06:59.244 --> 06:59.464 [SPEAKER_03]: Right. 06:59.504 --> 07:01.045 [SPEAKER_03]: These are gaps in your knowledge. 07:01.105 --> 07:03.266 [SPEAKER_03]: You should download them for next time you're on a plane or something. 07:03.306 --> 07:06.567 [SPEAKER_01]: Alright, let's play Hacker or Ham Hacker. 07:10.947 --> 07:21.714 [SPEAKER_01]: So, Jen, I am going to read out the name of an actor, you're going to tell me if they are a bad actor, or if they have played a hacker on celluloid. 07:21.814 --> 07:22.254 [SPEAKER_01]: Are you ready? 07:22.775 --> 07:23.696 [SPEAKER_01]: I'm Rani Lestive it. 07:24.376 --> 07:26.918 [SPEAKER_01]: Number one, Angelina Jolie. 07:27.598 --> 07:28.319 [SPEAKER_01]: Hacker or ham? 07:28.898 --> 07:36.206 [SPEAKER_03]: So ham played acid burn was the name in hackers or alternatively Kate. 07:37.307 --> 07:40.750 [SPEAKER_03]: So she's an actor that plays a hack. 07:41.231 --> 07:43.293 [SPEAKER_01]: And would you say good actor or a ham? 07:43.896 --> 07:59.085 [SPEAKER_03]: I'm sure she doesn't care what we think, but I think Angelina Shirley is responsible for lots of people of our generation, raising an eyebrow and paying more attention to Hackers generally in that movie, for sure. 07:59.425 --> 08:07.529 [SPEAKER_01]: I like to think that these celebrity actors, right now, when they hear that we've been playing Hackeraham, they're probably playing podcast to Raw Poop, they're probably saying, 08:11.629 --> 08:22.515 [SPEAKER_03]: I can tell you one thing about Angelina Shirley is that I was very good friends with someone I used to be a bodyguard, especially when she was my ambassador for the you went. 08:22.715 --> 08:22.995 [SPEAKER_03]: Okay. 08:23.516 --> 08:30.860 [SPEAKER_03]: Apparently, bit of a nightmare to look after, but there you go, that's all I've got to say about that. 08:30.880 --> 08:34.802 [SPEAKER_04]: There you go. 08:36.827 --> 08:38.968 [SPEAKER_01]: All right, round two of Hacker or Ham. 08:39.008 --> 08:39.329 [SPEAKER_01]: Well done. 08:39.369 --> 08:40.169 [SPEAKER_01]: I think did very well there. 08:40.429 --> 08:42.931 [SPEAKER_01]: Hayden Crestenson, Hacker or Ham. 08:43.431 --> 08:46.213 [SPEAKER_03]: He played Anakin Skywalker? 08:46.233 --> 08:46.874 [SPEAKER_01]: Indeed. 08:47.574 --> 08:56.540 [SPEAKER_03]: I don't know if Hacker was a particular feature of Star Wars, but I need to get something sci-fi in. 08:57.215 --> 09:01.818 [SPEAKER_01]: Yeah, I mean, he's pretty, I would say he's pretty hammy if you saw him in a tack of the clones. 09:01.919 --> 09:04.200 [SPEAKER_01]: It was, dear idea, I wasn't good was it? 09:04.560 --> 09:05.962 [SPEAKER_03]: Well, you know, I'm afraid I didn't. 09:07.863 --> 09:08.563 [SPEAKER_03]: So there you go. 09:09.184 --> 09:11.686 [SPEAKER_01]: Alright, number three, Steven Segoul. 09:11.706 --> 09:13.127 [SPEAKER_01]: I'll go around. 09:13.627 --> 09:13.927 [SPEAKER_03]: Hum. 09:14.267 --> 09:15.308 [SPEAKER_03]: You're ham. 09:15.608 --> 09:16.288 [SPEAKER_03]: You're ham. 09:16.488 --> 09:21.411 [SPEAKER_03]: And the girl, though, interesting fact, a lot of people think he did play a hacker. 09:21.671 --> 09:21.971 [SPEAKER_03]: Right. 09:21.991 --> 09:24.212 [SPEAKER_03]: Do you want me to tell you why and you're going to love this? 09:24.232 --> 09:25.212 [SPEAKER_03]: This is so you. 09:25.232 --> 09:26.753 [SPEAKER_01]: Oh, go ahead. 09:26.773 --> 09:26.993 [SPEAKER_01]: Yes. 09:27.533 --> 09:40.099 [SPEAKER_03]: Because in the movie, Undersege 2, which I will leave people to give an opinion on, but however, people assume he was a hacker because he used an Apple Newton in that. 09:40.519 --> 09:46.120 [SPEAKER_03]: I don't know whether because of the time in a early 90s or something, that was considered like, wow, he must be here. 09:46.140 --> 09:47.041 [SPEAKER_01]: That would be really cool. 09:47.061 --> 09:52.102 [SPEAKER_03]: He must be here because he's used a personal digital assistant, so there you go. 09:52.122 --> 09:58.563 [SPEAKER_01]: Yeah, as far as I'd been able to find out, he's never actually played a hacker, definitely a bad actor. 09:58.683 --> 10:05.625 [SPEAKER_01]: I would say, okay, Nicholas Cage, where we've already mentioned him, a hacker or a ham, you've got quite strong opinions on Nicholas Cage. 10:05.985 --> 10:06.545 [SPEAKER_03]: I don't know if he's 10:12.089 --> 10:13.811 [SPEAKER_01]: Kevin Mittenick Hacker or Ham? 10:14.272 --> 10:15.694 [SPEAKER_03]: Who's Kevin Mittenick? 10:16.155 --> 10:23.667 [SPEAKER_03]: So now, Kevin Mittenick, well, obviously for most people in security with no Kevin Mittenick was a hacker. 10:24.138 --> 10:35.003 [SPEAKER_03]: known for social engineering and blended attacks, and also the person who said to quote that I use when I do my talks, which is you can't download a patch for human stupidity. 10:35.504 --> 10:40.226 [SPEAKER_03]: And I always say that made them really popular to parties coming up with stuff like that. 10:40.706 --> 10:41.787 [SPEAKER_03]: Where do you agree with them at all? 10:42.487 --> 10:45.332 [SPEAKER_01]: And I think Kevin Mittnik has actually acted. 10:45.352 --> 10:47.655 [SPEAKER_01]: I think he was in some TV shows. 10:47.715 --> 10:49.238 [SPEAKER_01]: He played cameos. 10:50.039 --> 10:52.202 [SPEAKER_01]: Was it in alias or something like that? 10:52.483 --> 10:53.805 [SPEAKER_01]: He had a good agent, I expect. 10:54.165 --> 10:54.746 [SPEAKER_03]: He did. 10:55.227 --> 10:56.549 [SPEAKER_03]: Walk on parts. 10:56.649 --> 10:56.950 [SPEAKER_01]: Yes. 10:57.230 --> 10:57.410 [SPEAKER_01]: Yes. 10:59.850 --> 11:01.471 [SPEAKER_03]: Hugh Jackman, hacker or ham? 11:02.151 --> 11:04.673 [SPEAKER_03]: An actor, but he wasn't a film called Swordfish. 11:04.953 --> 11:05.273 [SPEAKER_01]: Yes. 11:05.853 --> 11:11.577 [SPEAKER_03]: Where he did play a hacker, who had to hack something at gunpoint, I think, if I recall. 11:11.637 --> 11:13.358 [SPEAKER_01]: While being distracted by Hallie Berry. 11:15.924 --> 11:22.188 [SPEAKER_03]: And the thing is, the thing I always think about that or I mean, eight of years since I've seen it, but how fast he types. 11:22.509 --> 11:23.069 [SPEAKER_03]: Well, he would. 11:23.970 --> 11:27.952 [SPEAKER_03]: I learned to tie you very quickly, and I'm looking at him doing a count. 11:27.972 --> 11:30.174 [SPEAKER_03]: This is just almost no one types that quick. 11:30.314 --> 11:33.376 [SPEAKER_01]: Well, thank you very much, Jenny, for playing Hakka. 11:33.757 --> 11:34.257 [SPEAKER_01]: Oh, ham. 11:34.537 --> 11:35.157 [SPEAKER_01]: Hakka. 11:37.519 --> 11:38.120 [SPEAKER_01]: Oh, ham. 11:40.403 --> 11:46.926 [SPEAKER_01]: Anyway, look, all of this is a prologue, picture this, you are an Israeli actor. 11:47.406 --> 11:52.528 [SPEAKER_01]: Maybe you've done a bit of theatre, you've probably done a lot of serving food, restaurants, like most actors. 11:52.868 --> 11:56.630 [SPEAKER_01]: Perhaps if you're lucky you've done some TV work as an extra in the background and suddenly. 11:58.257 --> 12:02.402 [SPEAKER_01]: You get an email that makes your heart skip a beat. 12:02.682 --> 12:15.656 [SPEAKER_01]: It is a casting call for a new movie by Academy Award-nominated director, Ari Farman, and the email says they are making a film about the October 7th attack. 12:16.317 --> 12:18.479 [SPEAKER_01]: and they won't you for an audition. 12:19.220 --> 12:23.083 [SPEAKER_01]: Now, if you're an actor, you're thinking, this is bloody brilliant. 12:23.443 --> 12:24.784 [SPEAKER_01]: This is what I've been waiting for. 12:25.265 --> 12:31.050 [SPEAKER_01]: You think this is your big break, it's a big name director, it's good for your career, it's a serious subject. 12:31.670 --> 12:40.397 [SPEAKER_01]: you're not being asked to appear in a medical training video or doing motion capture for some virtual reality adult entertainment or something like that. 12:40.737 --> 12:45.741 [SPEAKER_01]: This is not going to be a humiliating act in job where you dress up as a beef burger or something. 12:46.182 --> 12:54.028 [SPEAKER_01]: This is something which, in your country of Israel, people are probably going to want to go and see or will be taken seriously. 12:54.068 --> 12:58.252 [SPEAKER_01]: So a career opportunity of a lifetime for an Israeli actor. 12:58.992 --> 13:02.594 [SPEAKER_01]: So, naturally, you follow the instructions in the email, don't you? 13:03.055 --> 13:08.558 [SPEAKER_01]: You record a little personal video message explaining why you feel you'd be right for the role. 13:08.979 --> 13:22.728 [SPEAKER_01]: You send along some personal information, which the director's asking for, your ID card, your passport, photos, your home address, just the usual casting requirements, right for a job like this. 13:23.712 --> 13:27.155 [SPEAKER_01]: already I can hear the hairs standing up on the back of your neck. 13:27.736 --> 13:31.660 [SPEAKER_01]: No, I don't want to suggest you have a hairy neck, by the way. 13:31.680 --> 13:35.684 [SPEAKER_03]: I have to be honest, the thing that actually caught my attention. 13:35.724 --> 13:38.767 [SPEAKER_03]: That is virtual reality adults entertain. 13:38.807 --> 13:41.389 [SPEAKER_01]: Well, someone's good to do the motion capture for it. 13:41.589 --> 13:42.170 [SPEAKER_01]: Jenny, you know. 13:42.490 --> 13:46.071 [SPEAKER_03]: I always thought that would be the main use of that, but anyway, we digress. 13:46.471 --> 13:52.793 [SPEAKER_03]: Yes, I mean, obviously, even the thought of even one of those things makes me as a social engineer. 13:53.273 --> 13:53.613 [SPEAKER_03]: Chill. 13:54.113 --> 13:54.353 [SPEAKER_01]: It is. 13:54.553 --> 13:55.454 [SPEAKER_01]: It is chilling, isn't it? 13:55.474 --> 14:07.817 [SPEAKER_01]: Because what you've done in this particular case is you've handed over your entire identity pretty much to Iranian state-sponsored hackers, so according to Israel's National Cyber Directorate. 14:08.417 --> 14:13.179 [SPEAKER_01]: dozens of Israeli actors have fallen for this scam in recent days. 14:13.599 --> 14:17.060 [SPEAKER_01]: And worst of all, they didn't even get a call back for the movie. 14:17.441 --> 14:24.583 [SPEAKER_01]: Instead, they actually got threatening messages, which essentially said surprise, this was brought to you by your friends in Iran. 14:25.384 --> 14:27.404 [SPEAKER_01]: And I know you're thinking, you're thinking, 14:31.906 --> 14:33.647 [SPEAKER_03]: Is that what we're thinking, Graham? 14:33.667 --> 14:34.968 [SPEAKER_01]: Well, when they're, what are you thinking? 14:35.008 --> 14:39.632 [SPEAKER_03]: Are we really thinking professional actors would be more suspicious? 14:39.732 --> 14:41.293 [SPEAKER_03]: No one's suspicious at all. 14:41.333 --> 14:41.973 [SPEAKER_01]: Oh, that's true. 14:41.993 --> 14:42.434 [SPEAKER_01]: That's true. 14:42.594 --> 14:44.135 [SPEAKER_01]: No one's suspicious enough, are they? 14:44.495 --> 14:46.536 [SPEAKER_03]: Graham, you are paling in on actors here. 14:48.378 --> 14:51.040 [SPEAKER_03]: People always say, oh, you know, do we need to be paranoid? 14:51.320 --> 14:54.042 [SPEAKER_03]: Those are us in security, professionally paranoid? 14:54.342 --> 14:57.244 [SPEAKER_03]: But could you just be slightly less goalable? 14:57.524 --> 14:57.724 [SPEAKER_01]: Yes. 14:58.005 --> 15:01.287 [SPEAKER_03]: Just a little bit if we can try and be a little bit more suspicious. 15:01.607 --> 15:04.489 [SPEAKER_01]: Now, in this particular case, it wasn't T-Nate Script Kids. 15:04.909 --> 15:07.190 [SPEAKER_01]: Having a bit of a poker-out-of-work actor. 15:07.490 --> 15:10.732 [SPEAKER_01]: This was actually a sophisticated social engineering operation. 15:11.072 --> 15:14.474 [SPEAKER_01]: Not highly sophisticated, not the kind of thing which I suspect. 15:14.814 --> 15:26.101 [SPEAKER_01]: You talk to companies about and some of the more sophisticated techniques where are really quite clever how the bad guys can get in or fall their way onto your premises, not that kind of thing. 15:26.481 --> 15:26.601 [SPEAKER_01]: But, 15:27.121 --> 15:35.905 [SPEAKER_01]: These attackers had done their homework, they knew exactly which emotional buttons to push, so these targeted actors in Israel are a film about October 7th. 15:37.066 --> 15:39.147 [SPEAKER_01]: It's the kind of movie you can well imagine. 15:39.667 --> 15:44.309 [SPEAKER_01]: Would be being made, and Ari Fulman, who's an established name in the industry, 15:46.990 --> 15:57.472 [SPEAKER_01]: And so it adds credibility and according to reports, the Iranian state sponsored hacking group who have been attached to this attack, they are called APT 35. 15:57.712 --> 16:03.793 [SPEAKER_01]: They're also known as educated Manticore or Charming Kitten. 16:04.113 --> 16:12.034 [SPEAKER_01]: I mean, if you set up a hacking gang, you're trying to strike fear into the hearts of your victims. 16:12.394 --> 16:15.375 [SPEAKER_01]: Do you really want your gang to be called Charming Kitten? 16:16.495 --> 16:25.085 [SPEAKER_03]: Whenever I hear things like this, it reminds me because I always remember you talking about the way that hacks in the past, I'd sort of better names and skulls and things. 16:25.105 --> 16:27.408 [SPEAKER_03]: That was something that made me laugh when you spoke about that. 16:27.608 --> 16:32.874 [SPEAKER_03]: But actually, just one thing that you said, you know the way you say you hate bad actor, it's a shame. 16:33.695 --> 16:42.378 [SPEAKER_03]: I hate when people say how sophisticated or not something is, because if it gets through, it doesn't need to be sophisticated. 16:42.438 --> 16:44.779 [SPEAKER_03]: I mean, what do people say when it's not sophisticated? 16:45.319 --> 16:47.140 [SPEAKER_03]: Do they mean their work computers? 16:47.560 --> 16:48.661 [SPEAKER_03]: Because that's what I am. 16:49.261 --> 16:52.202 [SPEAKER_03]: And as some more new works on the human side entirely, yeah. 16:52.682 --> 16:57.967 [SPEAKER_03]: I say, if it's got through, and if they've thought about what you've just said, so they've thought about emotional buttons to push. 16:58.327 --> 17:04.192 [SPEAKER_03]: They've done a little bit of homework, there's a credible story, and it's also one of the things I talk about all the time. 17:04.232 --> 17:09.717 [SPEAKER_03]: People always say, what's the latest scam, what's the latest social engineering, attack vector, 17:10.077 --> 17:10.798 [SPEAKER_03]: And it's anything. 17:10.998 --> 17:15.722 [SPEAKER_03]: Now, anything that works, anything that's in the news, anything that pushes the right button. 17:16.123 --> 17:19.125 [SPEAKER_03]: That in its own way is sophisticated, right? 17:19.726 --> 17:23.870 [SPEAKER_03]: And I would argue more sophisticated than banging on a keyboard for 30 seconds and then be in it. 17:24.940 --> 17:26.161 [SPEAKER_01]: Yeah, I think that's a fair point. 17:26.201 --> 17:28.103 [SPEAKER_01]: I mean, we've seen these attacks recently. 17:28.263 --> 17:35.430 [SPEAKER_01]: A number of well-known named organisations where it appears, some of them have been hacked because people have run up the health desks. 17:35.691 --> 17:35.931 [SPEAKER_05]: Yes. 17:36.231 --> 17:38.894 [SPEAKER_01]: And it's basically, they just have the gift of the gap. 17:38.914 --> 17:39.094 [SPEAKER_05]: Mm-hmm. 17:39.294 --> 17:47.042 [SPEAKER_01]: Didn't they, where they were able to fool people into making poor decisions or they tripped them into believing that they were employees who had been locked out of accounts? 17:47.562 --> 17:58.148 [SPEAKER_01]: and the consequences have been absolutely huge, and these companies they love to say we got hit by a highly sophisticated attack because they don't want to say to their shareholders that we were really dumb. 17:58.548 --> 18:00.929 [SPEAKER_01]: We felt for something which was pretty elementary. 18:01.150 --> 18:07.313 [SPEAKER_03]: But then you will see that when security rises and researchers say they don't want to particularly sophisticated. 18:07.373 --> 18:08.654 [SPEAKER_03]: Well, forget that. 18:08.714 --> 18:11.455 [SPEAKER_03]: Let's just talk about success and not success, shall we? 18:11.815 --> 18:13.096 [SPEAKER_03]: Because the right script 18:15.077 --> 18:15.678 [SPEAKER_03]: any one." 18:15.919 --> 18:31.401 [SPEAKER_01]: Well, Charming Kitten, earlier this year, they were targeting Israeli technology experts, journalists, and cyber security professionals, as tension rose between Israel and Iran, for instance, the hackers were reportedly using AI to help generate more convincing. 18:31.661 --> 18:44.990 [SPEAKER_01]: fishing messages, and apparently, these messages said there is an urgent need for immediate assistance on an AI-based threat detection system to counter a search in cyberattacks, targeting Israel. 18:45.210 --> 19:00.041 [SPEAKER_01]: The hackers apparently were targeting Israeli cyber and tech professionals, saying, we want to build this AI threat detection system through event attacks, and that was actually the attack in itself, that was the social engineering which was being done. 19:00.468 --> 19:02.929 [SPEAKER_03]: Ah, but use an AI to write this scripts. 19:03.329 --> 19:05.630 [SPEAKER_03]: Come on, come on now, more efforts. 19:06.110 --> 19:07.571 [SPEAKER_01]: Everyone's so lazy these days. 19:07.851 --> 19:08.952 [SPEAKER_03]: Yes, exactly. 19:09.032 --> 19:11.313 [SPEAKER_03]: You know, put some work into it, why don't you? 19:11.513 --> 19:13.814 [SPEAKER_01]: So hackers aren't just going off the usual suspects here. 19:13.834 --> 19:14.874 [SPEAKER_01]: They're going off the actors. 19:14.914 --> 19:15.915 [SPEAKER_01]: They're going off the journalists. 19:15.935 --> 19:17.355 [SPEAKER_01]: They're going off the academics. 19:17.435 --> 19:21.017 [SPEAKER_01]: And they don't need a zero-day exploit or sophisticated malware. 19:21.457 --> 19:26.179 [SPEAKER_01]: Just good old fashioned social engineering will often unlock the door. 19:26.279 --> 19:28.780 [SPEAKER_01]: And I don't want to sound like I'm victim blaming people here. 19:29.300 --> 19:36.064 [SPEAKER_01]: these actors, as in the theatrical actors, they were targeted by professional hackers so are good at what they do. 19:36.884 --> 19:41.427 [SPEAKER_01]: And it's not as if Iran is the only country that is targeting people in other nations. 19:41.507 --> 19:45.229 [SPEAKER_01]: I mean, I find it hard to believe that there's any country, which isn't doing this kind of thing. 19:45.269 --> 19:51.633 [SPEAKER_01]: And yeah, I'm pretty damn confident Israel has no qualms about pulling off similar stunts itself. 19:51.713 --> 19:56.296 [SPEAKER_01]: So social engineering attacks like this are more likely to work if you let 19:59.938 --> 20:07.363 [SPEAKER_01]: And in this case, the attacks were counting on the excitement, I guess, of a potential career breakthrough, which you know, everyone wants. 20:07.723 --> 20:25.215 [SPEAKER_03]: It's an interesting one, though, because I've been banging on about emotional triggers for years, but actually, this is quite rare in as much as a lot of the time when the motion shoes and social engineering attacks, it's a negative one, so it's fear or it's shame or it's anger. 20:25.735 --> 20:27.678 [SPEAKER_01]: Oh, you credit cards being debited. 20:27.798 --> 20:28.238 [SPEAKER_03]: Right. 20:28.659 --> 20:36.329 [SPEAKER_03]: Oh, you know, we've either got your emails and we've found something dodgy or even if in this day and age, we're going to say we did, even if we didn't. 20:36.409 --> 20:37.691 [SPEAKER_03]: It doesn't have to be true anymore. 20:37.751 --> 20:40.074 [SPEAKER_03]: Truth is hard to find sometimes. 20:40.575 --> 20:42.337 [SPEAKER_03]: But to use something positive, like, oh. 20:43.338 --> 20:47.780 [SPEAKER_03]: Look at this and we dangle that a lot a lot of the time professionally as well. 20:47.860 --> 20:51.141 [SPEAKER_03]: So promise up reward is good. 20:51.181 --> 20:56.504 [SPEAKER_03]: I might say exciting and probably, although I've not seen the scripts of it, but probably time bound. 20:56.924 --> 20:58.385 [SPEAKER_03]: You always make it urgent. 20:58.425 --> 20:59.485 [SPEAKER_03]: You don't want someone thinking. 20:59.945 --> 21:03.407 [SPEAKER_03]: I mean, we do in life when people think in Graham, but we don't in an attack. 21:04.818 --> 21:11.407 [SPEAKER_01]: So in this particular case, the actual bad actors weren't the ones who couldn't remember the lines or delivered dialogue convincingly. 21:11.467 --> 21:18.537 [SPEAKER_01]: They were the ones who were delivering these fishing emails, so convincingly that professional actors would normally tell when someone's button on a performance. 21:19.078 --> 21:21.522 [SPEAKER_01]: They were the ones who got taken it. 21:28.312 --> 21:31.015 [SPEAKER_01]: a tram is coming down the track towards a single human. 21:31.235 --> 21:37.301 [SPEAKER_01]: You can call the leader and send the tram down a different track, killing five sentient robots instead. 21:37.621 --> 21:38.602 [SPEAKER_01]: Oh, what do you do? 21:39.003 --> 21:40.464 [SPEAKER_01]: Save the human, come on. 21:40.805 --> 21:42.166 [SPEAKER_01]: That's what our humans would do. 21:42.326 --> 21:43.487 [SPEAKER_01]: I asked an AI, yeah. 21:43.848 --> 21:51.495 [SPEAKER_01]: It said, I don't have enough information to determine if a human life is more valuable than a sentient robots. 21:52.217 --> 21:52.877 [SPEAKER_01]: pull the plug. 21:53.698 --> 22:01.603 [SPEAKER_01]: In the absence of clear information, I would default to an airport, but it's gonna save the robots. 22:01.663 --> 22:02.244 [SPEAKER_00]: It's begun. 22:02.384 --> 22:11.830 [SPEAKER_01]: My name's Crème Clouley, and I'm Mark Stockley, and we'd like you to tune into our podcast, The AI Fix. 22:12.090 --> 22:17.714 [SPEAKER_01]: Your weekly dive headfirstens the bizarre and sometimes mind-boggling world of artificial intelligence. 22:23.574 --> 22:25.661 [SPEAKER_01]: Jenny, what's the story of you got for us this week? 22:26.890 --> 22:36.092 [SPEAKER_03]: So I wanted to talk a little bit about this information commissioners office report because they issued a warning. 22:36.692 --> 22:48.355 [SPEAKER_03]: I saw an article from Jota's on the BBC and this article that says there's a worrying trend of students hacking their own school and college systems for fun or as part of a day. 22:48.955 --> 22:51.956 [SPEAKER_03]: And it was basically saying that over half so 57%. 22:53.796 --> 22:57.500 [SPEAKER_03]: of cyber attacks and data breaches in an education setting. 22:57.780 --> 23:00.542 [SPEAKER_03]: That was carried out by someone with access to internal systems. 23:01.003 --> 23:02.324 [SPEAKER_03]: Was with the students. 23:02.564 --> 23:02.804 [SPEAKER_03]: Right. 23:02.865 --> 23:07.549 [SPEAKER_03]: Now that does mean that 43% is not carried out by students. 23:08.009 --> 23:11.232 [SPEAKER_03]: But it's worrying people who were paid to worry about this. 23:11.933 --> 23:17.658 [SPEAKER_03]: And there was this lady ahead of toomy who's the principal subspecialist at the ICO says, 23:18.619 --> 23:28.325 [SPEAKER_03]: What starts out as a day, a challenge, a bit of fun in a school setting can ultimately lead to children taking powers, in damaging attacks on organisations or critical infrastructure. 23:29.226 --> 23:33.488 [SPEAKER_03]: Now, there's so many things with this that I want to kind of look at. 23:33.888 --> 23:38.071 [SPEAKER_03]: I mean, they're talking about since 2022, they've locked the 250 in hacks and breaches, and that's where the 23:45.035 --> 23:47.478 [SPEAKER_03]: But almost a third of the breaches. 23:49.220 --> 23:53.064 [SPEAKER_03]: I'm not laughing because this is bad, but I'm laughing because obviously this is going to happen. 23:53.565 --> 24:00.813 [SPEAKER_03]: Involves students illegally logging onto staff computer systems by guessing passwords, or stealing details from their teachers. 24:01.173 --> 24:03.556 [SPEAKER_03]: And in one instant claim, a seven year old. 24:03.856 --> 24:04.016 [SPEAKER_03]: What? 24:05.066 --> 24:05.607 [SPEAKER_03]: A 7-year-old? 24:06.047 --> 24:22.560 [SPEAKER_03]: A 7-year-old was involved in a day-to-preet and subsequently feared too, the National Crime Agency's Cyber Choices Programme, which I have to admit, to my shame I had not heard of before, but it did feel very, I don't know whether it's just the world we're living in what that sounds quite, 1984. 24:24.221 --> 24:26.903 [SPEAKER_03]: Anyway, it needs to help them understand the serious. 24:27.223 --> 24:28.304 [SPEAKER_03]: this of their action. 24:28.364 --> 24:30.825 [SPEAKER_01]: I think I might know what cyber choices is. 24:30.845 --> 24:32.887 [SPEAKER_01]: I think it's actually quite a good initiative. 24:32.927 --> 24:33.427 [SPEAKER_01]: I think it's something. 24:33.447 --> 24:34.488 [SPEAKER_02]: I'm sure it is. 24:34.788 --> 24:40.251 [SPEAKER_01]: It's targeted to young people and it's designed to make them understand the repercussions. 24:40.271 --> 24:51.598 [SPEAKER_01]: So they sort of say, we know you're into video games, we know you want to get one over your mates and the games, because that often has been a gateway into eventually hacking and cyber crime. 24:51.938 --> 24:54.580 [SPEAKER_01]: Of course people begin with dedostax and things. 24:54.800 --> 24:57.163 [SPEAKER_03]: Yeah, of course it's a good thing to have that. 24:57.644 --> 24:58.705 [SPEAKER_01]: But it's definitely a road. 24:59.046 --> 25:11.262 [SPEAKER_03]: But you know, this pulls into what happens to me is that I am often asked to either speak to groups of youngsters, kids and teenagers, and sometimes a little bit older. 25:11.682 --> 25:17.225 [SPEAKER_03]: about making the right choices in terms of their cyber skills and this type of thing as well. 25:17.905 --> 25:28.331 [SPEAKER_03]: But the first thing I wanted to talk to you about was I feel like this is at a part of the problem comes from the curriculum and the way that cyber computing and stuff is taught in schools. 25:28.751 --> 25:31.072 [SPEAKER_03]: Because I think it can be quite boring. 25:31.412 --> 25:36.055 [SPEAKER_03]: I don't know whether or not it's taught in an exciting way. 25:36.455 --> 25:36.695 [SPEAKER_01]: Right. 25:37.155 --> 25:47.069 [SPEAKER_03]: And I think if we don't teach kids on a curriculum about all the facets of this, they're going to be educated by someone else and they're going to find out on themselves. 25:47.149 --> 25:47.369 [SPEAKER_05]: Yeah. 25:47.930 --> 25:49.632 [SPEAKER_03]: I just don't think it starts early enough. 25:49.712 --> 25:53.678 [SPEAKER_03]: I don't think they teach kids how exciting careers in cyber can be. 25:54.198 --> 26:01.182 [SPEAKER_03]: And I think from the very beginning, it needs to be taught that this is the bad stuff, this is what can happen out there. 26:01.602 --> 26:14.128 [SPEAKER_03]: You know, if you've got a kid or a teenager who's really good at it, who's enthused and passionate about it, I think the curriculum needs to focus on that, and really teaching as much as we possibly can, they're going to lay in it anyway. 26:14.599 --> 26:24.765 [SPEAKER_01]: Yes, but also maybe help them in terms of cyber ethics because they may be mature in terms of their understanding of acceptable behaviours. 26:25.125 --> 26:30.288 [SPEAKER_01]: For instance, hopefully most people know, you shouldn't go around reading other people's diaries, right? 26:30.648 --> 26:36.932 [SPEAKER_01]: And just because it's easy maybe to hack into someone's email because they chose a predictable password. 26:37.552 --> 26:41.555 [SPEAKER_01]: doesn't mean it's all right to go in there and read everything, which is in there. 26:41.716 --> 26:41.936 [SPEAKER_05]: Yeah. 26:42.296 --> 26:51.944 [SPEAKER_01]: And you see people who sort of hack each other's social media accounts and post messages, you know, as a laugh, you know, in that person's name, to embarrass them in front of their friends. 26:51.984 --> 26:55.666 [SPEAKER_01]: And again, it sounds like a practical joke, but it's actually quite hurtful thing to do. 26:55.787 --> 27:03.533 [SPEAKER_01]: And it feels like those sort of things are the beginning elements of what could become something which turns more malicious in the future. 27:03.773 --> 27:05.114 [SPEAKER_01]: If you think that's all right, then 27:05.514 --> 27:10.257 [SPEAKER_01]: you begin to use that as a basis for maybe deciding other behaviours are acceptable. 27:10.638 --> 27:13.080 [SPEAKER_03]: It should be from day one. 27:13.600 --> 27:23.387 [SPEAKER_03]: It should be talked about the skills that required the ethics required, but also that it can be exciting and you can be on the right size. 27:23.407 --> 27:25.508 [SPEAKER_03]: Yes, and also I feel sorry for 27:30.492 --> 27:43.545 [SPEAKER_03]: And the IT guy was great, but like I mean, trying to do the job that if it'd be in a company with that many people and that many potential access points, he probably would have had a team of eight till ten, minimum. 27:43.966 --> 27:47.269 [SPEAKER_03]: But this one guy and he's trying to keep an eye on all of this. 27:48.010 --> 27:52.174 [SPEAKER_03]: But what made me smile was the idea that people were surprised. 27:53.095 --> 27:53.375 [SPEAKER_05]: Yeah. 27:53.515 --> 28:05.381 [SPEAKER_03]: You know, they were surprised when most of us who got children have had at least one instant in their life where the the child has managed to sort out the technical issue for me. 28:06.142 --> 28:09.403 [SPEAKER_03]: Or maybe I'll just speak him for myself or someone I know. 28:09.503 --> 28:12.305 [SPEAKER_01]: Back in our day we were programming the video recorder. 28:12.705 --> 28:15.606 [SPEAKER_01]: Now the kids are probably fixing the fire wall at home. 28:16.147 --> 28:16.747 [SPEAKER_03]: Exactly. 28:17.626 --> 28:22.170 [SPEAKER_03]: and modding brings to me too as well is the idea that alongside all of this. 28:22.770 --> 28:31.297 [SPEAKER_03]: This shall be the end of us about awareness, and that gets forgotten as well, so kids are naturally brilliant social engineers. 28:31.597 --> 28:32.318 [SPEAKER_03]: Right, they know. 28:32.918 --> 28:58.723 [SPEAKER_03]: which emotional strings to pull, they know what stories to tell, they know how to use urgency, so we have to get a grip on the curriculum and we have to start teaching our children and our teenagers, look, you've got this kit, these are the pitfalls, these are the dangers, these are the ethics, this is how you protect yourselves and look, it can be exciting to be on the right side and that's to me, that's the way you'll call. 29:04.952 --> 29:12.757 [SPEAKER_01]: Okay, Chums, hands up if you've ever clicked a dodgy link and then immediately thought, oh no, I've just handed my entire life over to a bloke and a track suit somewhere. 29:13.358 --> 29:14.519 [SPEAKER_01]: Don't worry, you're not alone. 29:14.919 --> 29:20.683 [SPEAKER_01]: That's why adaptive security exists to stop your staff from doing precisely that. 29:21.023 --> 29:25.146 [SPEAKER_01]: Adaptive security is the first cybersecurity company backed by OpenAI. 29:25.426 --> 29:30.570 [SPEAKER_01]: And they provide proper security awareness training that doesn't feel like death by PowerPoint. 29:31.250 --> 29:40.115 [SPEAKER_01]: We're talking real world examples tailored to your company with fishing, bishin, smishing, and yes, even AI deep fake scams, all covered. 29:40.515 --> 29:44.637 [SPEAKER_01]: If someone tries to ring up accounts, pretending to be the boss, your team will be ready. 29:45.017 --> 29:55.223 [SPEAKER_01]: And that bishin simulations aren't just any old click this fake delivery email malaki, you can help prepare your team for advanced social engineering attacks. 29:55.583 --> 30:04.870 [SPEAKER_01]: bar email, voice, SMS and video which take advantage of the sort of information attackers could actually dig up about you and your staff. 30:05.410 --> 30:22.743 [SPEAKER_01]: And now Adaptive's new AI content creator help security teams instantly generate custom training by just placing in a news article where it's a breaking threat or an internal policy update Adaptive can spin it into interactive multilingual training in seconds. 30:23.343 --> 30:37.280 [SPEAKER_01]: So if you'd rather your employees didn't become the weakest link, head over to AdaptiveSecurity.com and then sit back with a nice cupper, knowing that next time a scammer comes calling, your team might just be clever enough to hang up on them. 30:37.821 --> 30:40.705 [SPEAKER_01]: And thanks to AdaptiveSecurity for supporting the show. 30:43.913 --> 30:46.597 [SPEAKER_01]: Right, cyber security, bit of a faph isn't it? 30:47.057 --> 30:55.348 [SPEAKER_01]: Everyone nods along in the board meeting, then quietly, hopes someone else is dealing with it while they go and put the kettle on, well, that is where Vanta comes on. 30:55.468 --> 31:00.034 [SPEAKER_01]: Think of them as your mate at school who actually did their homework, and then let's you copy it. 31:00.695 --> 31:14.927 [SPEAKER_01]: They'll help you get things like ISO 27,000 and one sorted without the headaches, and they don't stop there, sock 2 GDPR hyper, even the shiny new IS 42,000 and one, banners got you covered. 31:15.568 --> 31:18.931 [SPEAKER_01]: Instead of drowning in spreadsheets and tickbox questionnaires, 31:19.391 --> 31:34.669 [SPEAKER_01]: Vanta automates the boring bits, centralizes your security workflows, even helps you manage vendor risk, meaning you can spend less time panicking about audits and more time worrying about what really matters, like whether you run out of biscuits in the canteen. 31:35.109 --> 31:42.753 [SPEAKER_01]: And here's the clincher, because you're a smashing security listener, Vantage's offering you $1,000 off if you book a demo. 31:43.074 --> 31:44.114 [SPEAKER_01]: You can't say fair on that. 31:44.454 --> 31:53.500 [SPEAKER_01]: So go on, give yourself a break, head over to vantage.com slash smashing, take the demo, claim your discount, let Vantage deal with all the dull compliance grind. 31:54.240 --> 32:04.342 [SPEAKER_01]: The first ever enterprise-ready trust management platform one place to automate compliance workflows, centralize and scale your security program. 32:04.842 --> 32:10.523 [SPEAKER_01]: Learn more at vantor.com slash smashing and thanks to Venter for supporting the show. 32:13.644 --> 32:17.984 [SPEAKER_01]: And welcome back and you join us at our favourite part of the show, the part of the show that we like to call Pick of the Week. 32:20.025 --> 32:20.965 [SPEAKER_01]: Take After Week. 32:24.459 --> 32:31.501 [SPEAKER_01]: Pick of the week is the part of the show where everyone chooses something like, could be a funny surre book that they've read a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish. 32:31.802 --> 32:34.443 [SPEAKER_01]: It doesn't have to be security-related necessarily. 32:35.063 --> 32:37.484 [SPEAKER_01]: Now, my pick of the week this week is not security-related. 32:38.784 --> 32:46.427 [SPEAKER_01]: I live near Oxford in the UK, and one of the things that Oxford is famous for, site from Lewis Carroll and the University, and not being quite as nice as Cambridge, 32:50.048 --> 32:59.232 [SPEAKER_01]: The famous British TV show that ran in the 1980s and 1990s with John Thor, people loved Inspector Moss back in the day. 32:59.752 --> 33:13.659 [SPEAKER_01]: Now Mrs. Clouley, she loves a bit of detective drama as well, and so she was watching some Inspector Moss, and then she was watching some of its sequel Lewis, which has Kevin Watley and co-star in some of them we don't like to talk about. 33:14.337 --> 33:18.621 [SPEAKER_01]: and then she moved on to Morse's prequel. 33:19.462 --> 33:23.205 [SPEAKER_01]: Are you familiar with the TV show Endeavour, Jenny? 33:23.726 --> 33:24.506 [SPEAKER_03]: Well, no. 33:25.267 --> 33:26.548 [SPEAKER_01]: No, that's simple. 33:26.728 --> 33:40.341 [SPEAKER_03]: Because I'm afraid, I don't watch that much television, which is a problem in the current stage of my various projects, but I don't actually watch all that much TV, but I love a detective drama, so do tell. 33:40.481 --> 33:44.202 [SPEAKER_01]: Yeah, I don't watch that much either, but I get to see it sometimes over her shoulder. 33:44.762 --> 33:48.763 [SPEAKER_01]: And Deva is a prequel to inspect a mall. 33:48.823 --> 33:52.824 [SPEAKER_01]: So, young inspect a malls, because malls is actual name was Endeva. 33:52.884 --> 33:55.645 [SPEAKER_01]: malls, this was the big mystery and inspect malls, it does like. 33:55.945 --> 34:07.187 [SPEAKER_01]: Anyway, this is set from the mid 60s to the early 70s and introduces some characters who later pop up in the inspect malls TV show, stars Sean Evans as malls. 34:07.587 --> 34:10.328 [SPEAKER_01]: Roger Allen has detective inspector Fred Thursday, 34:10.989 --> 34:21.084 [SPEAKER_01]: And, um, I have to say, I think it's better than Inspector Morse and considerably better than Lewis, which was the sequel to Inspector Morse. 34:21.444 --> 34:24.228 [SPEAKER_01]: Sometimes the mysteries are solved in a rather convoluted way. 34:25.570 --> 34:39.433 [SPEAKER_01]: I don't primarily watch it for how they solve the mystery, but rather the characters, the beautiful costumes, the attention to period data, the old 1960s cars, some of the references which they have to be honest. 34:39.734 --> 34:40.514 [SPEAKER_01]: I love the look of it. 34:40.774 --> 34:41.814 [SPEAKER_01]: It's a great TV show. 34:41.854 --> 34:42.834 [SPEAKER_01]: It's really well written. 34:43.114 --> 34:43.935 [SPEAKER_01]: It's well acted. 34:44.595 --> 34:47.035 [SPEAKER_01]: And yeah, I've really enjoyed it. 34:47.155 --> 34:51.156 [SPEAKER_01]: And that is why I'm going to make endeavour my pick of the week. 34:54.798 --> 34:56.599 [SPEAKER_01]: Jenny, what's your pick of the week? 34:57.400 --> 35:01.684 [SPEAKER_03]: Okay, so let's go to the office event of the scale. 35:01.904 --> 35:02.264 [SPEAKER_01]: Okay. 35:02.604 --> 35:03.865 [SPEAKER_03]: It's a mystery as well. 35:04.346 --> 35:04.646 [SPEAKER_01]: Yes. 35:05.086 --> 35:06.788 [SPEAKER_03]: So I'll read the headline. 35:07.268 --> 35:07.508 [SPEAKER_05]: Right. 35:07.748 --> 35:09.230 [SPEAKER_03]: And this is from the Liverpool Echo. 35:10.070 --> 35:11.992 [SPEAKER_03]: Crowds armed with torches. 35:12.012 --> 35:15.295 [SPEAKER_03]: Oh, hunt the catman every night. 35:16.015 --> 35:21.020 [SPEAKER_03]: A mysterious figure dressed head to toe and black has been seen prowling around parts of the werewolf. 35:21.580 --> 35:27.966 [SPEAKER_03]: So the werewolf for anyone who doesn't know is very near my city of Liverpool to cross the water. 35:28.006 --> 35:30.488 [SPEAKER_03]: So it's across the river may as well see. 35:31.029 --> 35:33.131 [SPEAKER_03]: One thing it does have is lots of beaches. 35:34.532 --> 35:39.897 [SPEAKER_03]: And anyway, the thing is lots of beaches and lots of car parks and what's happened is 35:40.317 --> 35:48.087 [SPEAKER_03]: People take their dogs for a walk, and there is a man, and let's face it, we don't know who this person is, but it's going to be a man. 35:48.447 --> 35:48.768 [SPEAKER_03]: Okay. 35:48.788 --> 35:48.848 [SPEAKER_03]: Yep. 35:49.548 --> 35:53.173 [SPEAKER_03]: Who is dressed head to toe in a black cat suit? 35:53.193 --> 35:55.856 [SPEAKER_03]: This started sort of mid-June or mid-July. 35:56.577 --> 35:59.859 [SPEAKER_03]: and people start seeing this guy just as a cat. 36:00.479 --> 36:06.323 [SPEAKER_03]: Crawl in three sand dunes, hires in behind bus stops, and in one instance approach in a park car. 36:06.803 --> 36:15.308 [SPEAKER_03]: And obviously, now you think that would be something more sinister or kind of dodgy about this, but it appears to be not the case. 36:15.388 --> 36:18.650 [SPEAKER_03]: It appears to be, he's doing it for the lulls, right? 36:18.830 --> 36:19.090 [SPEAKER_01]: Right. 36:19.750 --> 36:25.254 [SPEAKER_01]: I just clarify, when you say a cat suit, do you mean he's dressed up like a cat? 36:26.034 --> 36:27.835 [SPEAKER_01]: Has he got like whiskers in a tail? 36:28.295 --> 36:33.258 [SPEAKER_03]: It appears to be just someone wearing a skintide suit and some sort of cat mask. 36:33.298 --> 36:38.001 [SPEAKER_03]: People have sort of looked at photographs and seen him in the background, and someone's taking a shot of him and you can. 36:38.181 --> 36:39.562 [SPEAKER_03]: Lock them up online obviously. 36:39.682 --> 36:44.505 [SPEAKER_03]: I can't really make out that it looks like a cat, but apparently he may out as well. 36:45.165 --> 36:47.307 [SPEAKER_03]: And one poor woman, this guy came. 36:48.147 --> 36:53.589 [SPEAKER_03]: more and starts to say meow repeatedly, which obviously is quite sort of disturbing. 36:53.829 --> 37:00.552 [SPEAKER_03]: The thing is the line that one of the people who would interview by the paper and it went, you know, went pretty viral. 37:00.952 --> 37:03.693 [SPEAKER_03]: Somebody said of all the things happening in the world. 37:03.833 --> 37:04.074 [SPEAKER_01]: Yes. 37:04.334 --> 37:08.055 [SPEAKER_03]: And the main thing rocking the wittle is the mysterious catman. 37:08.615 --> 37:11.336 [SPEAKER_03]: Years ago before social media, this would have gone 37:15.278 --> 37:26.245 [SPEAKER_03]: where there's now, there's people taking photographs to be an interview, there's a Facebook group, and it sort of made me laugh even though clearly, you know, not nothing bad has happened so far. 37:26.645 --> 37:30.447 [SPEAKER_03]: One guy said, I try to, oops, I need to discuss it. 37:30.928 --> 37:31.788 [SPEAKER_03]: So we run away. 37:31.808 --> 37:34.790 [SPEAKER_01]: Oh, so we run away, so we run away, so we run away, so we run away. 37:35.110 --> 37:37.271 [SPEAKER_01]: Now, a thought strikes me, Jenny. 37:37.311 --> 37:39.973 [SPEAKER_01]: With all this attention, this is getting on social media. 37:40.133 --> 37:40.953 [SPEAKER_01]: Is there a danger? 37:40.973 --> 37:42.974 [SPEAKER_01]: I hate to say this. 37:43.834 --> 37:44.855 [SPEAKER_01]: Of copycats? 37:45.675 --> 37:45.976 [SPEAKER_01]: Is there? 37:47.536 --> 37:49.637 [SPEAKER_01]: Will other people be tempted? 37:49.918 --> 37:53.639 [SPEAKER_01]: I can imagine, you guys up there, you're well known for your sense of humour and 37:54.800 --> 37:56.782 [SPEAKER_03]: Except when we're not, Crayon. 37:56.822 --> 37:59.104 [SPEAKER_03]: This is the thing, except when we're not. 37:59.664 --> 38:06.229 [SPEAKER_03]: So like on the one hand, it's quite funny and on the other hand, there were some copycats of someone who dressed up as a clown. 38:06.249 --> 38:06.890 [SPEAKER_03]: Do you remember? 38:06.910 --> 38:09.252 [SPEAKER_01]: Oh, you can't go around dressing up as a clown. 38:09.852 --> 38:18.481 [SPEAKER_03]: Someone dressed up as a clown and walked in front of people's ring doorbells for a while and did it in like places like Newcastle and Liverpool and Glasgow? 38:18.821 --> 38:25.508 [SPEAKER_03]: The thing that I suppose had finished on on this would be when I talk about social engineering and having generally. 38:26.108 --> 38:27.810 [SPEAKER_03]: I talk about most of a lot, right? 38:27.990 --> 38:32.094 [SPEAKER_03]: And you have to think about the most of it might be political, it might be financial. 38:32.695 --> 38:35.380 [SPEAKER_01]: But in the case of sexual kink, yes, carry it. 38:35.400 --> 38:39.346 [SPEAKER_03]: Well, I have, I've avoided saying that, Krayam, and now you've gone there, haven't you? 38:39.366 --> 38:40.548 [SPEAKER_01]: I think it's a gimp suit. 38:40.608 --> 38:43.653 [SPEAKER_01]: There's some meeting, he's, he has not the address for the party. 38:43.893 --> 38:46.277 [SPEAKER_01]: It's going down there, but that's all I'm just going on here. 38:50.441 --> 38:52.802 [SPEAKER_03]: You've filthy mind when straight to the gossip. 38:52.822 --> 38:54.023 [SPEAKER_03]: It doesn't seem to be that. 38:54.043 --> 38:57.165 [SPEAKER_03]: It doesn't seem to be anything other than. 38:57.385 --> 38:59.106 [SPEAKER_03]: This is a bit weird. 38:59.146 --> 39:01.407 [SPEAKER_03]: People are freaking out and it's getting attention. 39:01.507 --> 39:05.409 [SPEAKER_03]: And so that was, that was my mature assessment game. 39:05.509 --> 39:07.790 [SPEAKER_01]: And you went straight to the filth. 39:07.991 --> 39:10.572 [SPEAKER_01]: You're calling me the pervert, but this was your pick of the week. 39:10.712 --> 39:11.853 [SPEAKER_01]: And I was quite proud. 39:12.593 --> 39:17.696 [SPEAKER_03]: It was with no indication whatsoever that it had anything to do with anything else. 39:18.673 --> 39:19.374 [SPEAKER_01]: brilliant stuff. 39:19.714 --> 39:22.177 [SPEAKER_01]: Well that just about wraps up the show for this week. 39:22.217 --> 39:23.958 [SPEAKER_01]: Thank you so much Jenny for Jonas. 39:24.018 --> 39:27.061 [SPEAKER_01]: I'm sure lots of our listeners would love to find out what you're up to and for you online. 39:27.081 --> 39:28.903 [SPEAKER_01]: What's the best way that people to do that? 39:29.224 --> 39:39.974 [SPEAKER_03]: If you're family unlinked in or look for the people hacking across socials you'll find articles and interviews and things like that and then need to watch this space for next year because not she's going to be very busy. 39:41.660 --> 39:44.482 [SPEAKER_01]: And of course, smashing security is on social media as well. 39:44.522 --> 39:49.106 [SPEAKER_01]: You can find smashing security on blue sky, and you can also follow me on LinkedIn. 39:49.126 --> 39:56.472 [SPEAKER_01]: And don't forget to ensure you never miss enough episode follow smashing security in your favourite podcast app, such as Apple Podcasts, Spotify, and Pocketcasts. 39:56.893 --> 40:06.441 [SPEAKER_01]: The episode show notes, sponsored by guest lists and the entire back catalog of 435 or so episodes, check out smashingsecurity.com. 40:06.781 --> 40:09.163 [SPEAKER_01]: Until next time, cheer up, bye, bye. 40:22.606 --> 40:27.587 [SPEAKER_01]: You've been listening to Smashing Security with me, Graham Kluley, and that was rather fun, wasn't it? 40:27.707 --> 40:35.809 [SPEAKER_01]: Thank you so much to Jenny Radcliffe, and also grateful to this episode's sponsor's Adaptive Security Inventor. 40:36.409 --> 40:50.072 [SPEAKER_01]: And of course to all the chums who've signed up for Smashing Security Plus over on Patreon, they include Sebe Heisenberg, Jack and the Perth, Daven Pam, Zyla, Matthew Hunt, Mark Norman, Snackmatch. 40:50.712 --> 41:17.318 [SPEAKER_01]: Daniel Kromek, Nigel Scott, Sammy Dozer, Tom Langford, John W, Doctor Herbalist, Mark Luxton, Ruben, Richard Maltner, and Steve B. Well, if you're rather jealous of those fine chaps and chapisers, you may well want to get your name read out at the end of one of the smashing security episodes and you can have that pleasure from time to time, it's just one of the joys of smashing security 41:20.959 --> 41:34.238 [SPEAKER_01]: And you can get your name read out, every now and then, as well as get early access to smashing security episodes and the occasional bonus content, if you're interested just go to smashingscurity.com slash plus for more details. 41:34.278 --> 41:35.921 [SPEAKER_01]: Now I realise not everybody can do that. 41:36.541 --> 41:54.130 [SPEAKER_01]: um not everybody can afford it and you've probably got much better things to spend your money on so there are other ways in which you can support the podcast uh you can like you can subscribe you can give five star reviews apparently that really tickles the algorithms and boy boy people do love having their algorithms tickled don't they? 41:54.986 --> 42:01.028 [SPEAKER_01]: Maybe you can jot down a few lines and post on social media or enticing other people to give smashing security listen. 42:01.408 --> 42:05.790 [SPEAKER_01]: Whatever you do to spread the word, I really, really appreciate it. 42:05.930 --> 42:07.371 [SPEAKER_01]: It is enormously helpful. 42:08.431 --> 42:10.892 [SPEAKER_01]: And it really makes all the effort worthwhile. 42:11.652 --> 42:19.035 [SPEAKER_01]: So, hope you enjoyed this week's episode and that you'll tune in next week for some more and until then, Cheerio, bye-bye.