The Host Unknown Podcast - Episode 166 - The Potato Quality Episode
Episode Date: September 8, 2023This week in InfoSec (11:51)With content liberated from the “today in infosec” twitter account and further afield6th September 1987: Thomas Haynie was accused of intentionally jamming Playboy's sa...tellite network with a text-only message. Haynie was an uplink engineer at the Christian Broadcasting Network and was on duty at the time of the jamming. He received 3 years of probation. CBN engineer denies pre-empting soft-porn movieshttps://twitter.com/todayininfosec/status/1302620593322438656 Rant of the Week (20:12)If you like to play along with the illusion of privacy, smart devices are a dumb ideaDepressingly predictable research from Which? serves as another reminder, if one was needed, that furnishing your home with internet-connected "smart" devices could be a dumb idea if you'd rather try to preserve your privacy.The consumer rights organization's analysis of a number of IoT products – from speakers and security cameras to TVs and washing machines – found that they all demand customer data above and beyond what is needed for the product to perform its function, and then distribute that information to a horde of faceless corporations.Consumer campaign group Which? pointed out that this means consumers are not only in many cases paying thousands for the product itself, with all its "smart" connected bells and whistles, but continue to pay in the form of their personal data.The outfit broke down what information is required to set up an account with the product manufacturers, what permissions the associated apps request, and what customer activity companies are tapping into.Spoiler alert: it's all for ads and marketing.Disturbingly, every single brand examined required both exact and approximate location data – as though your fancy washing machine needed to "know" where it is to clean your clothes. Billy Big Balls of the Week (28:52)Guy who ran Bitcoins4Less tells Feds he had less than zero laundering protectionsA California man has admitted he failed to bake anti-money laundering protections into his cryptocurrency exchange, thus allowing scammers and drug traffickers to launder millions of dollars through the service.Charles James Randol, 33, who is now due to be sentenced, faces a maximum of five years in federal prison and three years supervised release, plus a fine of up to $250,000 or twice the total illicit proceeds from the scams, whichever amount is greater.Randol provided cryptocurrency exchange services in various ways, including via the post, ATMs, and occasionally in person, prosecutors told a Los Angeles federal court on Tuesday. The Santa Monica man would handle crypto-cash transactions exceeding $10,000 without knowing who his customers were – folks known only as "Puppet Shariff," "White Jetta," "Aaavvv," "Aaaa," and "Yogurt Monster," for example – which is hardly in line with regulatory requirements.To stay on the right side of American law, Randol should have verified and recorded their identities.In his plea agreement, the cryptocurrency dealer admitted to three in-person transactions between October 2020 to January 2021 in which he gave an undercover FBI agent a total of $273,940 in cash for Bitcoin, and kept a four percent commission fee. Randol "did not request a name, proof of identity, social security number, or any other information about [the undercover agent] or the source of the funds being exchanged," the plea agreement says.[Good comment]: Working for an American financial institution, we must go through mandatory AML (anti money laundering) training each year, and the consequences for the firm if an audit finds a violation tend to be in the high 6-digit payouts.With that in mind, a kid operating a blatantly open money laundering gig takes a proportionally much smaller punishment (assuming white-glove inmates usually manage to leave the can way before their time is served)] Industry News (36:14)UK Electoral Commission Fails Cybersecurity Test Amid Data BreachCrypto Casino Stake.com Back Online After $40m HeistUK Government Backs Down on Anti-Encryption StanceHundreds of Scam Pages Uncovered in Major Investment Fraud CampaignThink Tank Urges Labour to Promote “Securonomics” AgendaChinese Hacker Steals Microsoft Signing Key, Spies on US GovernmentIBM Reports Patient Data Breach at Johnson & Johnson SubsidiaryUK and US Sanction 11 Russians Tied to Conti/TrickBot RansomwareZero-Day Flaw Exposes Atlas VPN User IPs Tweet of the Week (44:39)https://twitter.com/KimZetter/status/1699546860187472034 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Hit the music.
So I'm the only one who didn't need to start extra, extra, extra early in the morning.
Like 4am.
And I was here first.
And it's like 45 minutes later.
Jeez.
I had a bit of a laptop issue.
I left it in our new office that I went to yesterday
Up in Leeds
Hence the reason you're recording from a potato
Exactly
One of my five a day
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us.
And welcome to episode 176 of the Host Unknown Podcast. unknown podcast the special guest star potato malik on his potato quality well video and uh
audio although you can't see the video dear listener obviously which trust me at this time in the morning is a good thing it looks like it's in a boudoir it does doesn't it you know you you talk about max all the time i am on a imac retina 5k 27
inch late 2015 model my have you know ah a whole eight years old you've done that quicker than
andy does his calculations do you know what i did uh find it funny that you struggled last week in my absence to try and work out the...
Like I said, it's a lot easier when you're on the sofa shouting at the TV.
I almost had to do the double calculator noises.
Oh dear. Geoff, how are you apart from being computerless at the moment?
No, I'm good, I'm good. I was up in Leeds yesterday.
Sorry to hear that.
We, as I know before, opened new UK headquarters.
Ah, new headquarters.
It's a very, very nice place.
So our CEO flew over with the heads off, what have you.
And, you know, it was all a very good affair to see everyone.
We're laughing because Jeff's been handed breakfast.
Eggs and bagel and coffee and just like...
Thanks, Jeeves.
Been waited on hand and foot.
As if he's late enough and he's still getting served his breakfast.
He's still got time for breakfast.
Yeah, yeah, that's right.
That's right.
I'm a growing lad.
So, obviously, how's your backyard doing?
How's your surveillance doing?
It was all good.
Sorry.
No incidents while I was away.
Backpassage, I mean. doing? It was all good. Sorry. No incidents while I was away. Although,
I used to have one fox that used to
frequent the garden every night.
Right. Now it's
accompanied by two little foxes.
Ah!
Have they got little
sort of black grey beards?
I don't know.
I don't know. But one of them's about
to be, mine's a tale very soon? I don't know. I don't know. But one of them's about to be
mindless a tale very soon
if they don't stop
like messing around
in my territory.
You're going to go
or you're going to go out
and wee on them or something?
No.
No, they're actually really cute.
Yeah.
Even during the day
one of them's taken to
sitting on top of my office roof.
Oh!
So.
Very cute.
I'm getting friends with the foxes.
Hi.
And welcome to this week's episode of Host Unknown's Spring Watch.
I was going to say, it's got some sort of nature watch.
Oh, I know.
You never know what you're going to get.
Never know what you're going to get.
So how are your foxes, Andy?
All good.
Although we used to have foxes in our garden that would frequent the place.
But obviously, since we've got a dog a few years back,
he does not like foxes in the garden.
So they tend to sit in the garden when the back door is shut
and they move very quickly when they realise they've antagonised him
and I open the door to
let him out are they flicking up their middle middle um middle they do some of them actually
yeah they do sort of like do it deliberately to wind him up
yeah it's been a um yeah no it's been a good week i was in france at the start of the week
uh very hot weather out there.
Yes, your Disney adventure.
I did, and you were right last week.
It was absolutely, like, ridiculously expensive.
But I did see Le Grand Fromage, the big cheese himself, Mr Mouse.
Yes, I saw the photo on Instagram.
Ah, okay.
Not my Instagram, clearly.
No, no, no.
Well, I don't follow you.
I follow your missus.
Oh, right, okay.
I was going to say,
I don't remember posting a picture of me and Mickey.
But, yeah, no, that makes sense.
And, yeah, I came back.
And do you know what?
I subscribed to Club Pret this week.
If you're familiar with Pret and Vulture, for £30 per month, you can get up to five drinks a day.
Yeah, that's right.
Yeah, which the first month is only £15.
So a bit of a bargain.
I've already had 10 drinks in the last two days plus 20 off my food
is that why your camera's shaking that's yeah it's not the camera it's uh yeah it's actually
me shaking the room um but yeah no i'm gonna make money of this this subscription most people sort
of say well should i go to pure gym for 30 quid a month i think actually no i would no i've got a prep for 30 quid a month yeah exactly
more closer to 20 pounds a month but i i see your intent
see i wouldn't even know i looked at a place called third space which is 260 quid oh
i've seen those that on tiktok yeah so and i bet you still don't get free coffee there
uh no that they they charge they do like special protein coffee for like nine quid or something like that.
But it's like, apparently it's just full of influencers.
Like you go in there and it's just people with their phones set up recording themselves.
I can't think of anything worse.
And I know I'm showing my age, but oh God.
Dreadful. We're talking a dreadful how was your week Tom
dreadful no it's been right
well apart from being so
bleeding hot I tell you what
I've been sweating like a cucumber in a
women's prison this week
it's awful
awful it's so hot I had two
hobbits running and throw their ring inside the flat.
Not that I saw those on a TikTok this morning.
Because I joined TikTok.
Yay!
Oh, super.
I can't wait until it comes up with people.
You may know
I follow two people
well you didn't
in fairness
it was my daughter
so as you know
she's getting a lot
I just switched it on and it's already chattering away
as you know she's on there
and her current stats on this uh video she's got 1.3
million views on this video the type of views that jav would kill for kill for i think he would
yeah he's already trying to figure out how he's going to capitalize on that yeah exactly
so so i thought i follow her and I follow William Hanson.
Okay.
I don't know who that is.
William Hanson Etiquette.
He's the posh dude who tells you how to sit in restaurants
and pass the salt cellars.
Oh, okay.
There's probably someone else that I know.
Yeah, that's me.
Oh, you found something?
Yeah.
Yeah.
Zero followers, zero posts.
You have one follower now oh god no
um so yes as as we know from last week i you know my my daughter was trending towards a million and now she's just added another 300 000 since uh friday afternoon um so yeah uh so i thought i i had to join in solidarity
and also see what the hell was going on so there was that um i uh i saw carol terrio last night
and her lovely husband john gas carol terrio from Smashing Security. Those who shall not be named.
It was
a close friend's birthday, so we went
round there for dinner. So that was nice.
Very good. Reminded of the
fact because we had tea served in Smashing
Security mugs.
I think she was trying to
say something.
Host unknown mugs on the way.
Yeah, exactly.
Where are we going now?
See, we don't sell merch.
We don't need any of that gimmicky stuff.
No, we're beyond that.
It's so cheap and tacky, honestly.
But we are handing out the cards at B-Sides, right,
to get more followers.
Absolutely.
Actually, maybe we should get some merch at B-Sides, right, to get more followers. Absolutely. Yeah.
Actually, maybe we should get some merch for B-Sides.
Oh, and if you don't know, B-Sides London tickets were on sale.
They're probably all gone now.
But hopefully we'll see you at B-Sides.
Well, we will see you at B-Sides because we're all going, aren't we?
Yeah, I'll be there.
Yeah, I'll be there.
I haven't missed one yet, Mr Langford.'ll be there. I've not missed one yet, Mr Langford.
Sorry, what?
I've not missed one yet.
Ah, I only missed the first one.
Yeah, you're a latecomer.
Yeah.
So the only thing is that you'll have to be on your best behaviour
because my daughter's also got a ticket for B-Sides London this year.
She's trying to break into the industry.
And so she's saying a few things.
She's currently doing her CC search.
So what you're saying is
we've got a new member of Host Unknown
and we need to advise her
of when she can ditch the loser.
Well, I'm trying to set her up
so that she can take over this task for me,
this mundane task of speaking to YouTube
reading off a script
How's her timekeeping?
As long as she has
a laptop, she's already ahead of you
A laptop and
a watch
Like any teen, she's not awake before
12, so
But if you want to record
at 1am I think
that'll be fine
yeah
oh dear and talking
of I don't know
talking of staying in
bed or maybe we
should have stayed in
bed shall we see what
we've got coming up
for you this week
this week in InfoSec
is X-rated and no
it's not about Twitter
this time
rant of the week is just an illusion Billy Big Balls no, it's not about Twitter this time. Rant of the Week is
just an illusion. Billy Big Balls
airs its dirty laundry.
Industry News brings us the latest and greatest
security news stories from around the world and
Tweets of the Week is
a little bit serious actually
this year, this year, this week.
Right, shall
we get on? Let's
oh, it's our favourite part of the show, isn't it, Andy? It's the pod show that we like to call...
This Week in InfoSec.
It is that part of the show where you guys can eat your breakfast as I do all the talking as we take a trip down InfoSec memory lane with content liberated from me today
on InfoSec Twitter account and further afield.
And our first story takes us back a mere 36 years to the 6th of September 1987 when Thomas Haney was accused of intentionally
jamming Playboy's satellite network with a text-only message. So Haney was a satellite
engineer at the Christian Broadcasting Network and was on duty at the time of the jamming. And this is actually quite an interesting
story. So the Playboy channel was airing a film called Three Daughters at the time, when all of
a sudden a message popped up that urged viewers to get right with God. So it said, Thus saith the
Lord thy God, remember the Sabbath and keep it holy.
Repent for the kingdom of heaven is at hand.
And so Haney, who was 38 years old at the time, testified in the U.S. District Court that he had nothing to do with the incident and did not know who was responsible.
So his quote is saying, I didn't do those interference episodes.
I did the other ones. Yeah. And he said, I know it didn't happen those interference episodes. I did the other ones.
Yeah.
And he said, I know it didn't happen at CBN, like, you know, where he worked.
So he, at the time he'd worked at CBN for about five years,
said that he regularly attends church,
but he would never impose his own personal beliefs regarding pornography on others.
He said, I don't like to watch pornography myself,
but it's the right for people to watch what they want.
Liar!
Exactly. Straight away. Even the judge is like, come on.
So he claimed that he didn't know how to operate the character generator that printed these messages.
Otherwise known as keyboard.
Yeah, just like I'm sure a keyboard was involved at some point.
So these two messages happened two hours apart on a Sunday night.
But he did acknowledge that he was the only one working at the Christian Broadcasting Network at the time around the 6th of September.
He said that his shift lasted between 3 p.m. till 11 p.m. and the incidents reported at 8 p.m. and 10 p.m.
p.m. and the incidents reported at 8 p.m. and 10 p.m. And so the prosecution contended a wide range of technical tests done in conjunction with the FCC. And they said they'd narrowed the source
to the unauthorized signal back to CBN station. The defense called a witness say that it's
extremely difficult to identify the source of an unauthorized signal um it said it was
next to impossible to identify the exact source but you know they didn't believe that um so he
pleaded this is a funny phrase he pleaded innocent to three felony counts of interfering with the
operation of a satellite and three misdemeanor counts of violating a license for radio
communication he did innocent yeah rather than not guilty yeah i know it's you know america right so and three misdemeanor counts for violating a license for radio communication. He pleaded innocent. Yeah.
Rather than not guilty.
Yeah, I know.
It's America, right?
So I didn't really question it.
But, you know, he was found guilty anyway.
Three years probation he got.
And then it was four years later, during August 1991, on appeal,
the federal court upheld the conviction of the guy.
And they said, yeah, no, you are still guilty of interrupting satellite broadcasts of the Playboy channel with religious messages.
So, yeah, he was the only person there.
They're basically saying no one else could have done this there's so many layers to this because one you hear about so many miscarriages of justice where people are sent down for 25 years or
whatever for crimes they didn't commit and if you can find them you know if you know maybe you could
hire them to do something um but um a little 18 that reference there for the younger folks in the audience.
But conversely, you want, you know, someone who's actually.
Stopping a nation's post-nut clarity is only going to do ending bad things for the country.
I mean, it's it's a heinous crime
um i i the only thing i can think is you know the reason why we haven't gone to
so many more wars is because the leaders you know nip off for five minutes and then come back later
and go you know what guys it's probably not a good idea not a good idea yeah well i think
they've got interns for that they don't have to do anything but um yeah so the other i actually
checked it you know i did look into this a bit i found thomas haney on uh linkedin did you
i didn't message him no he's third level contact. I could have messaged him,
but he's says he's still an engineer at the Christian Broadcasting Network.
And he's been there 38 years,
10 months.
With time off for good behavior.
Maybe a three month gap in there.
Sorry,
three year gap somewhere in the late 80s.
I think what's interesting about this is
we talk about the the old school hackers a lot where they weren't financially motivated they're
either motivated by curiosity or their beliefs yeah they're anti-establishment or something
and yes it's it's a religious thing which not all of you might agree with but it's still
cut from the same cloth so to speak yes it's it's a belief it's it's it's a religious thing, which not all of you might agree with, but it's still cut from the same cloth, so to speak.
Yes. It's, it's a belief. It's, it's,
it's a belief base, not, not for personal gain. Yeah. Yeah. Yeah.
And, and, you know, so I think it's activism. Yeah.
It's still an interesting story and, and you know, it's, uh,
three years, um, luckily it's just probation, but it's still quite a lot.
I mean, like, if the satellite could be brought down
with only a couple of emojis, then I think there's something...
There's other problems, right?
Yeah.
And to be fair, back then, the Playboy channel was all softcore.
Playboy has never been hardcore porn.
It was always uh
such you mean i mean give some examples perhaps i've read i've read somewhere that uh yeah but uh the other thing i did know did you read it with one hand sorry yeah but at the same
time this this sort of hijacking took place, this satellite,
the guy that owned the station, Robertson, someone Robertson,
was actually running for the Republican presidential nomination.
Which station? Playboy or Christian?
Christian, yeah. You never know, do you? No, that's just it.
You never know, do you?
No.
No, that's just it.
I mean, everything from the extremes of political life or life generally is just projection at the end of the day, right?
Yeah.
Yeah, interesting.
Very good.
Thank you so much.
This week in InfoSword.
People who prefer the Smashing Security podcast
over the Host Unknown podcast
are statistically more likely to enjoy
the Harry and Meghan documentaries.
Read into that what you will.
And if you can hear some background noise there,
it's basically, I think Jav's got a Lavalier mic on
or something like that
because every time he moves,
we've got some crinkly sounds.
I thought he had like waterproof seating
because he is prone to accidents in his old age.
So I thought that maybe he...
Okay, what if I hold it a bit over here?
Well, doesn't matter.
The listeners can still hear it.
And by it, I mean you.
Right, let's move on to the ranty part,
the part of the show that we regularly call...
Listen up!
Rant of the Week.
It's time for Mother F***ing Rage.
And just because Jav thinks that I'm not going to out him,
he's threatening me visually on the video.
It's quite interesting.
He's going to cut my throat apparently.
Well, mine or Andy's, I can't tell,
because he's actually just pointing at the camera.
Point at you, old man.
And it's the Undertaker signature move.
It's not an actual threat.
Come on, Everyone knows that.
What?
What do you mean everyone?
Right.
So this way,
it's a little bit serious this week,
actually.
Quite a few things.
So this is me lamenting about modern society effectively.
So the headline being,
and this is from the research from Which? Which?
Which serves as a reminder that if you like to play along with the illusion of privacy,
smart devices are a dumb idea.
So this is kind of reporting from the bleeding obvious,
but it does bring it home quite dramatically for us.
Effectively, furnishing a home with internet-connected smart devices could be a dumb
idea if you'd rather preserve your privacy. So, Which is a consumer rights organization,
for those that don't know.
And they did an analysis of a number of IoT products from speakers, cameras, TVs, and washing machines,
found that they all demand customer data way beyond what is needed for the product to actually perform its function,
and then distribute that information to a horde of faceless corporations.
So, which pointed out that this means consumers are not only,
in many cases, paying thousands for the product itself,
with all of its smart, connected bits and pieces, bits and bobs, bells and whistles,
but continue to pay in the form of their personal
data. And this again comes down to, which is quite interesting, people will pay thousands,
but very often the cheapest devices, if we think about Amazon's Echo and Alexa and all that sort of
stuff, they dramatically undercut the competition.
But in principle, it's so that Amazon can stream off a whole bunch of data and try and sell you stuff, is the idea.
And they've not been able to make it work.
But what you're not paying in cash, you're paying for in your data.
So they actually broke down, sorry, which broke down what information is required to
set up an account with the product manufacturers, what permissions, the associated apps request,
and what customer activity companies are actually tapping into. And obviously, it's all for ads and marketing. End of. And I think we all know this.
We've talked about it talking. We've talked about it quite a lot in the past. But it really,
it's very insidious. It's in virtually every single product now, even your car,
you know, the example given here, your washing machine, your dishwasher, you know the example given here your washing machine your dishwasher you know anything that
can be connected to the internet is being connected to the internet and they can monitor
everything about about it and your use and you know or anything that might you know that
might lead to some kind of follow-on service or or or the fact that they could just sell that data on
elsewhere um you've got valid questions all right why does your washing machine need to know your
date of birth yeah exactly exactly or your location well actually location is an interesting one. So location defines the hardness of your water.
And most modern machines will actually alter settings according to that hardness to try and reduce limescale.
So that's an interesting one because that's the example they give.
So your fancy washing machine needed to know where it is to clean your clothes.
Wash machine dishwashers, knowing the hardness of your water is quite important now
used to be you'd set that manually with a little dial or something now it's doing it automatically
but this is where they're getting there it's in the interest of the service this is you know for
the in the interest of the consumer we're putting this in so they don't have to twiddle the dial or look up where they are or things like that.
But it's still a very, very thin and flimsy veil of respectability as to what they're doing and why they're doing it. remember or rather we mustn't forget that every time something is free or cheap or good value or
or even shockingly expensive and has all the bells and whistles that that actually there is a price
to pay for that and that price is a stream of income based upon your personal characteristics and i think this is obviously
quite problematic uh and something that we're just taking for granted now and it wouldn't surprise me
if in two generations this this kind of thing is just you know it's not even talked about
so i can see jav jav sort of gearing up here. Well, I was yawning, actually, because you've told us nothing new,
nothing nobody already knows.
There's absolutely no value to this story.
Like you knew about hardness of water in your washing machine.
No, that was the new one, I give you that.
I like how you began to freestyle when reading the story.
You went off the script and you said, like, like cars.
And I'm thinking like, yeah, you know, self-driving cars.
I would like it to know where my car is at all times.
I don't want to say like, no, I don't want you to know where I am.
That would have been good.
When Tom tries to get clever and make his own examples i suppose reading the ones that andy
feeds him through his earpiece through my earpiece i think you'd hear it oh dear so i saw uh something
so when you see a device described as smart just remember that smart stands for self-monitoring analysis and reporting technology oh nice like it they also say that the
the box the tv comes in is the same price as the tv because the um you know they make they make
their money back on the data that the tv gathers on you yeah i mean there's a lot of that but you
know you say two generations i think it's it's pretty much already here. I say give it half a generation.
Even now, people have got all these things. I mean, Tom, you're a tech.
I guess I'm saying in two generations, people like us will be dead.
Oh, you really overestimate how long you're going to live for, Tom.
I'm going to be like that dude in that film Seven, in the bed.
Every week's a gamble as to whether we get through an episode, to be honest.
I know, yeah.
Well, after the gamble of if the episode's going to start with Jav or not.
Well, that's why there's always a risk that someone dies before it's recorded.
I always like to give you time to inject your insulin, to take your statins, to like...
Yeah.
Well, you're late because you're injecting your testosterone.
Yeah, and?
What's wrong?
See, modern...
They put something in the water these days.
My washing machine told me that.
Man, it's just not straight naturally.
Oh, dear.
Well, actually, I've got one more thing to just knock you off your feet on this one, Joe.
Go on, then.
Rant of the Week.
This is the podcast the king listens to,
although he won't admit it.
Right, we're up against it.
We've tickled, tattled too long.
It's now time for Jav's...
I like how Tom gave us a complete non-story
and then as soon as it's my turn, it's like,
oh, we're up against it now.
We've tittle-tattled for too long, he says, pointing to himself.
OK, so a California man has admitted he failed to bake anti-money laundering protections into
his cryptocurrency exchange, thus allowing scammers and drug traffickers to launder millions of dollars through the service
i mean well color me surprised jeff yeah isn't that the whole point of cryptocurrency
but uh charles james randall um that if that isn't a serial killer name i don't know what is
but you know he's in cryptocurrency so so we got, you know, one less
mass murder off the streets. And he's
33. He's now due to be sentenced
and faces a maximum of five years in
federal prison and three
years supervised release,
plus a fine of up to $250,000
or
twice the total illicit
proceeds from the scams, whichever
amount is greater.
This reads like GDPR.
It does, doesn't it?
That's quite rare for America.
I know, I know.
So he provided cryptocurrency exchange service in various ways,
including the post, ATMs, and occasionally in person.
If that is a quality service that anyone would...
I mean, if my bank manager is very
custom focused and like i phone up my bank or i send them a telegram message and say oh i can't
be bothered going to the atm machine i'd like to withdraw like 20 quid and the bank manager drives
up himself here you go sir now that's customer service i think we should be praising this man for
being such an entrepreneur entrepreneur and providing such high quality service, white glove service.
So where did it all go wrong for him?
We got caught.
Yeah, he would handle crypto crush transactions exceeding $10,000 without knowing who his customers were.
So it's the classic like like, know your customer,
KYC checks that weren't being taken.
So he would take money and provide transactions
from folks known as Puppet Sheriff.
Well, I knew him then.
Jetta, AAAVVV, Tom Langford, and Yogurt Monster, for example.
Oh, if only I had the money to invest in crypto,
all mine's in bloody Lego.
So to stay on the right side of the law,
he should have verified and recorded their identities.
He did.
Puppet Sheriff, White Jetta, Arv, and Ah, Yogurt Monster.
Exactly.
Come on, what more do these people want?
So he got caught, typically, not because he wronged any of his customers,
they were very happy, by these people who've got nothing better to do with their time,
the FBI.
So they set up a sting and got him to do three in-person transactions
in which he gave an undercover FBI agent a total of $273,940 in cash.
He gave him $250,000 in Bitcoin?
In cash, in exchange for Bitcoin.
Damn.
So the Fed gave him...
He gave him $200,000 in cash for Bitcoin. Damn. So the Fed gave him... He gave him $200,000 in cash for Bitcoin.
Yeah.
Yeah, I see what you're doing there.
And he kept a 4% commission fee,
which I think is absolutely reasonable.
It's a bargain.
Have you ever used Travelex at the airport?
You know, they charge 4% just for talking to them.
So, you know, and so I'm now suspicious.
The Feds have seized an awful lot of Bitcoins over the years.
And you're telling me they only cashed in like 273 grand of it.
I mean, like, surely they must have got at least a million or so out of him before they said, oh yes, he's
given us 273,000.
And we'll have the cash we gave you
back. Yeah, yeah.
Anyway, he did not request
a name, proof of identity, social
security number or any other information
from the undercover
agent or the sources of funds
being exchanged. He probably got his tag,
you know, like Puppet Sheriff, White Jetta or not he probably got his tag you know like puppet sheriff
white jetter or not the fbi so you know a comment i'd like to make on this story is like you know
if you work for a financial institution um you must go through mandatory aml anti-monday
laundering training each year and the consequences for the firm if an audit finds a violation could
be in the high six figures i don't know what andy's doing with his phone recording me or
something but okay i'll keep no be real went off it's time to be real alpha you bloody teenager Bloody teenager. Anyway, so if you're a proper bank and you fall foul of AML,
you could have to pay six figures.
But this kid, well, 33-year-old kid,
is blatantly open about money laundering.
Takes a much smaller punishment. is blatantly open about money laundering,
takes a much smaller punishment.
So the lesson here is,
if you want to set up your own bank and stuff,
just don't care about any of the laws at all,
and you'll be treated with far more leniency.
And I think,
hats off to this Billy Big Bull for putting that theory to the test
and proving it right.
See, I think he would be a Billy Big Ball
if he was keeping the money, but he's not.
He's come out of this net zero.
Hey, look, he's been caught by, what,
he did three transactions with an undercover FBI agent.
How many transactions do you think he actually did in his time?
OK, but the where is it?
Or twice the total illicit proceeds from the scam.
Right. If he didn't keep records of who he's dealing with,
do you really think he keeps records?
I think the one thing we can get from this article is that record keeping
is not this guy's strong point.
That's a very fair point.
Billy Big Balls of the Week.
We don't research the story, but let us tell you what we think based on the headline.
You're listening to Insights from the award-winning Host Unknown podcast.
I know we're running out of time, Andy.
Hopefully we've got you for the next 10 minutes so you can do well.
So you can tell us what time it is.
It is that time of the show where we take a trip down InfoSec memory lane, but it's not.
It is that time of the show where we head over to our news sources
over at the InfoSec PA Newswire,
who have been very busy bringing us the latest and greatest security news
from around the globe.
Industry News.
UK Electoral Commission fails cyber security test amid data breach.
Industry News. CryptoCasino. test amid data breach. Industry news.
Crypto casino stake.com back online after $40 million heist.
Industry news.
UK government backs down on anti-encryption stance.
Industry news.
Hundreds of scam pages uncovered in major investment fraud campaign.
Industry news. Hundreds of scam pages uncovered in major investment fraud campaign. Industry News
Think Tank urges Labour to promote Securonomics agenda.
Industry News
Chinese hacker steals Microsoft signing key spies on US government.
Industry News
IBM reports patient data breach at Johnson & Johnson subsidiary.
Industry News IBM reports patient data breach at Johnson & Johnson subsidiary. Industry news.
UK and US sanction 11 Russians tied to Conti trick bot ransomware.
Industry news.
Zero day flaw exposes Atlas VPN users' IPs.
Industry news.
And that was this week's...
Industry news. Huge is's... Huge is true.
Huge is true.
So this crypto casino, stake.com,
back online after a $40 million heist,
does that mean that somebody actually just won?
Yeah, I didn't even...
I don't even remember.
I didn't realise they went offline.
No.
I thought stake was one of the bigger players.
Who knows?
Who knows?
And government has backed down on the anti-encryption stance.
Really?
After all the rhetoric that's been going on for years now,
they finally actually stood down.
I obviously haven't kept up with the news.
They've sort of kicked it down the road rather than, you know,
we'll come back to it it'll
be yeah yeah yeah yeah i mean because maybe this is something that's been going on i remember david
cameron talking about this when he was and if you remember like six prime ministers ago which is
only like three months five years yeah not good well mean, even if it gives a breathing space now,
hopefully it's going to allow the opposing side,
i.e. us, to build better cases.
Yeah.
So did you, like, this could have been a Billy Big Boy.
You know this Chinese hacker that steals Microsoft's signing key?
Oh, yeah.
And then spies on the US go,
did you hear how he actually managed to do this
or how they actually managed to do this?
No, no, go on.
So they basically got the info from a crash dump.
So, you know, they caused the system to crash.
They got all the info from the crash.
And they managed to figure out what the key
was based you know within that crash dump what and then it's actually useful information in that
crash dump yeah apparently so you know it's uh yeah if you actually pay attention to that stuff
and you know know what it all means um good lord crazy so so have you are you the type
of person i think i know you you both are but are you the type of person like me who when something
sort of constantly crashes and you think and you just hit restart restart all that stuff and then
you think right no i'm actually going to look at this see if i can work it out and you start to
read it and you go what am i doing i
have absolutely no idea what i'm looking for exactly or if i found it what i'm gonna do with
it exactly the same sort of person that you know when the car breaks down you pop the bonnet
well the engine's still there yeah right take yeah i remember in my first job um we had like this massive nt4 estate
and it was really new but it was like the biggest nt4 deployment in europe and it was always going
down and what have you and we had so many of those like blue screens of death and crash dumps and
everything and i was really i was really new i was just on my work placement and there's a guy i was
shadowing he was like mentoring me and this crash dump came
up and I was like oh so Nick what does that mean he turned around to me he goes Jeff that means
basically fuck off that's all it means there's Microsoft telling you to get lost so yeah like I
went on a um a Linux course back in like the early 2000s uh me and a colleague from work um
and I just remember I was in this class and there's some proper hardcore techie guys in there like the early 2000s, me and a colleague from work.
And I just remember I was in this class and there's some proper hardcore techie guys in there.
And the instructor was sort of telling me,
so you know how when you get a Windows server
and it crashes and you get the blue screen of death?
So what does everyone do?
And I sort of motioned to hit the reset button.
You know, reset.
And the instructor looked at me and chuckled. He went, so obviously you make yeah reset and the instructor looked me and chuckled he went
so obviously you make a note of the crash number and and i tell you i looked at my colleague and
we're like what but everyone else in the class was nodding along come on and that's the difference
between linux people and normal people. Yeah.
And that's Andy's origin story of life. This is how I can be funny
to hide the fact that I don't know anything.
Yeah, that's right.
Andy went, oh, no,
yeah, you're right, it's hilarious.
I know.
Always a joker.
Always a joker.
Oh, dear.
Oh, man. Anything else here?
I like
how the UK and US
sanctioned 11 Russians.
Pissing in the wind.
That's right. You know, this is
such a, just a PR
exercise.
The link over here
in the show notes goes to infosec and uh but the u.s
have on the government website they've got a it's such it looks like such a movie style stage photo
it's like the the guy who's in charge of the operation two flags behind him mood lighting
you know it's such a like you know a pr stunt in this
name these people we're gonna get them what are you gonna do well we put their names on a list
and if they ever visit a country which means we have extradition treaties then you know whatever
but it's um i've always said it like america is the best marketing nation on the planet. They, they know how to market the market,
something to make it look like that.
There's such true savior.
And I think that,
that,
that's not just to the rest of the world,
but to themselves as well.
Yeah.
This whole,
you know,
I was thinking about it the other day,
this whole,
thank you for your service.
Thank you for your service.
You know,
and,
and therefore there is the net result is the number of people who who pretend to be service people
pretend to have been in the armed forces because there's such an adulation of being in the in the
in the services if you told somebody in the u.s that you were in the army they would say thank
you for your service if you told somebody in the uk that you were in the army, they would say, thank you for your service. If you told somebody in the UK that you were in the army,
you'd be, how many people did you kill?
You've been in a war.
What's it like shooting a big gun?
Do you know what I mean?
It's a completely different take on it.
You're totally right, Jeff.
Jesus Christ, did I just say that?
I'm going to record that clip and just put it as my ringtone from now on.
Whatever you call me.
You had something, Andy, or do you want to move on?
Well, I'll say we need to move on.
But the zero-day flaw in Atlas VPN user.
Basically, it's not protecting your IP.
If you use Atlas VPN, people know who you are.
Yeah. Yeah.
Yeah, not good.
Not good.
It had one job, basically.
Couldn't do it.
Anyway, thank you, gents.
That was...
Industry News.
Recording from the UK.
You're listening to the Host Unknown podcast.
OK, Andy, take us home, please, with this week's...
Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
This week's Tweet of the week is from Kim Zeta
and she says, something I realised today that I didn't realise before. My reading comprehension
improves with examples. If you state something in writing, especially if it's in the abstract,
you should provide examples to elaborate and not leave space for ambiguity or misunderstanding.
And that is something that really resonated with me
because I love to see examples,
or particularly if there's something visual that I can picture,
I like to be able to play something through in my mind
when someone says something, just to make sure we're not talking about...
Analogies. You're talking about analogies, right?
I like analogies as well.
Yeah.
That is, you know, disappointingly good advice.
And I say disappointingly because normally it should be so obvious.
Well, yeah. And also it's a toy of the week.
We should be laughing at somebody.
I know, but it's what I saw this one. It was just too good.
I thought, Oh God, that, that really, I wish more people would do this.
How did it make you feel?
Give us an example
of the one of the emotions you went through yeah but if you're a consultancy then how
are you supposed to make money if you if you don't if you don't leave space for ambiguity oh dear or cya yeah yeah absolutely hand waving and you know a lot of
a lot of gesturing that's that's how we make money come on let's not let's not change that kim
i why does kim zeta sound so familiar she's an author of a book. I can't remember the name of the book,
but she'd done one on China or Russia or something.
And she does a lot of articles as well online.
Okay.
Very prominent.
So friends of the show, obviously, but we've not met her.
I met her a couple of years ago at RSA very briefly.
It's the time that we went to RSA.
Ah, okay, okay.
Yeah, Countdown to Zero Day is the name of her book.
Ah, 2015.
Tom was probably drinking back then, so he doesn't remember.
I probably was.
Actually, what year was it?
2015.
Oh, I was drinking then.
The year I bought this iMac I'm on, so.
Right, thank you folks
we come to the end of the show
just in time we have literal
seconds and minutes
left well which is literally
everything
got to shift
exactly so Jeff
thank you so much
for your time
you're welcome
it looks so
disinterested
and Andy
thank you
stay secure
my friend
stay secure
you've been
listening to
the host
unknown podcast
if you enjoyed
what you heard
comment and
subscribe
if you hated it
please leave your best insults on our Reddit channel.
Worst episode ever.
R slash Smashing Security.
No, I wasn't disinterested.
I was just distracted by someone coming in and asking me something.
Would you like more food, sir?
Would you like second breakfast?
Is it time for your second breakfast, sir?
No, it's like, shall I bring your socks and shoes?
Is it time for your second breakfast?
No, it's like, shall I bring your socks and shoes?
No, no, no.
You mean your grey socks and sandals.