The Host Unknown Podcast - Episode 187 - Mess of Trois
Episode Date: March 17, 2024This week in InfoSec (14:26)With content liberated from the “today in infosec” twitter account and further afield7th March 2017: WikiLeaks began its new series of leaks on the U.S. Central Intel...ligence Agency (CIA). Code-named Vault 7 by WikiLeaks, it was the largest ever publication of confidential documents on the agency.https://twitter.com/todayininfosec/status/176582899371309056514th March 2013: Security journalist Brian Krebs was swatted when police responded to a spoofed 911 call claiming Russians had broken into his home and had shot his wife.One of several people who made the false report, Eric Taylor (aka Cosmo the God), was sentenced to probation in 2017.https://twitter.com/todayininfosec/status/1768253237260435814 Rant of the Week (21:38)US Congress goes bang, bang, on TikTok sale-or-ban planThe United States House of Representatives on Wednesday passed the Protecting Americans from Foreign Adversary Controlled Applications Act – a law aimed at forcing TikTok's Chinese parent ByteDance to sell the app's US operations or face the prospect of a ban.The bill names only TikTok as a "foreign adversary controlled application" and prohibits "Providing services to distribute, maintain, or update" the app – including by offering it for sale in an app store. Even updates to the app aren't allowed.If TikTok's US operations were locally owned and operated, none of the sanctions the bill mentions would be enforceable. And US lawmakers' fears that TikTok gives Beijing a way to gather intelligence and surveil citizens would be eased.[Related or coincidental? Or a BBB?]Former US Treasury secretary Steve Mnuchin thinking about buying TikTokOn the heels of the US House of Representatives passing a TikTok ban bill, former US Treasury secretary and private equity mogul Steve Mnuchin is apparently thinking about buying the platform.Speaking to CNBC's pre-market team at Squawk Box, Mnuchin said he hoped the TikTok ban would pass in the Senate, forcing a sale of the platform to a US-based parent. "It's a great business and I'm going to put together a group to buy TikTok," Mnuchin told CNBC. Mnuchin didn't mention whether partners had been identified, or what phase the purchase was in. Billy Big Balls of the Week (32:14)CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search FirmsThe data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its founder has launched dozens of people-search services over the years.Onerep’s “Protect” service starts at $8.33 per month for individuals and $15/mo for families, and promises to remove your personal information from nearly 200 people-search sites. Onerep also markets its service to companies seeking to offer their employees the ability to have their data continuously removed from people-search sites. Industry News (41:21)UnitedHealth Sets Timeline to Restore Change Healthcare Systems After BlackCat HitRussia’s Midnight Blizzard Accesses Microsoft Source CodeThird-Party Breach and Missing MFA Contributed to British Library Cyber-AttackLawmakers Slam UK Government’s “Ostrich Strategy” for CybersecurityGoogle to Restrict Election-Related Answers on AI Chatbot GeminiMeta Sues Former VP After Defection to AI StartupGoogle Paid $10m in Bug Bounties to Security Researchers in 2023French Employment Agency Data Breach Could Affect 43 Million PeopleTikTok Faces US Ban as House Votes to Compel ByteDance to Sell Tweet of the Week (50:29)https://twitter.com/andylapteff/status/1767952062279492006 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
is jav actually back or is that a edited photo that we're looking at i don't know
his cuffs are a bit wonky his fingers are all look like sausages as well i think he's got seven
on one finger on one hand no no i am back like many people and, I do like to edit my photos.
That bloke he's got from Fiverr has even got the voice changer down as well.
You're listening to the Host Unknown Podcast. Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining I'm not afraid to be honest still recycling jokes that, well, probably weren't even funny originally. But there you go.
So, yes, welcome back.
We had a week off last week, didn't we?
Unintentionally, but yes.
I can't leave you two unsupervised for any period of time, can I?
Well, after we had to suspend you, Jeb, it was a bit awkward.
Yeah, that's right i was
traveling and tom was uh far too busy to make a 5 a.m show he had to do so yeah yeah exactly it's
boring enough with you two let alone by myself anyway jab how you? How have you been these last few weeks whilst you've been off jet-setting?
I've been great. I've been great.
We had a company annual conference, KB4Con, in Orlando.
30 degrees, lovely weather.
Everyone seems in a far better mood.
You know, you go to a place like that, you rent your...
What, like Florida?
...your round pickup truck.
Yes.
Everyone's happy because they're off their tits.
It doesn't matter.
Why are you hating?
People are happy.
You've got the gas guzzler.
You get like, you know, 15 gallons to the mile.
You can smell the economy evaporating as you go down the road.
That's called the smell of freedom, my friend.
Try it someday.
The bald eagle flying across the top of the pickup.
That's right.
The American flag on a pole in the back.
The sound of spent ammo as you drive across the school entrance.
Oh, dear.
But no, it was fantastic.
And I was there.
And a couple of days before the event started,
it was the beginning of Daytona Bike Week.
So I went over to Daytona.
And honestly, these are all like characters you see out of a movie or something.
The bikes were ridiculous enough.
But the people who were riding them were even more of a spectacle.
You surprised me, given it was in Florida.
Yeah.
It's like when you order The Undertaker from timu or something it's like
loads of people are they like budget bikers or something what's the
no it's just they don't look like real people they look like caricatures that have come to life
honestly it's really bizarre it's like a cultural experience
you won't get anywhere else in the world and they use the word cultural in a very
loosest of senses but you know it's it's like even over here if you go to like
say like a car meet or something like that yeah they're people with like they've spent you know
a few grand on their cars but they're still
like normal people when they look and talk like normal people and over there it just looks like
have you just walked off a movie set or something it's just like
bizarre just wait until you go during national gun week
yes i saw posters for that that was like in uh, you know, a couple of months time or something.
And I was thinking that like, what would you do?
Like, you just go there and what they just loads and loads of guns or something.
You're just like, but yeah, no, it was really, really nice.
Good time over there.
And at the conference, I don't know if you know Rachel Toback.
Yeah, he's on Twitter. She was our keynote speaker. And she was brilliant. over there and at the conference um i don't know if you know rachel tobac yes on twitter she she
was our keynote speaker and uh she was brilliant and she she done her talk and everything and then
she got perry carpenter who's our chief strategy officer on the stage um and she said okay how
would i and and she she asked him about this a few weeks prior like how would i hack perry if i was really
after him so she started showing like hypothetically all the things she would do and like finding his
phone numbers his email addresses and stuff like that and like there was a lot of redacted
information so she wasn't giving it all out and then she was like this and that and then she
actually showed how like she would she got audio from a podcast
and then she ran it through a voice sort of like synthesizer but one of those ones where she could
speak into it as herself yeah so she gave me the right intonations and everything and then
it comes out as his voice and like in the end he was like yeah that so so she figured out who his
producer or editor was for the podcast and everything and email and said okay if i sent
him this as you and he was like yeah that would definitely work wow it was uh it was really good
she was fantastic so if you haven't seen i mean mean, you've probably seen some of her clips online where she's like, you know, done stuff to reporters.
I think there was one CNN reporter.
She stole off his all of his air miles and then put him in the middle seat for a flight or something.
And yeah, I think it's the inhumanity of someone doing that.
I can no longer support her.
That is crossing a line.
Yeah, exactly.
But it was a CNN reporter, like the peddlers of fake news.
Yeah, the middle seat though.
Oh my God, the inhumanity.
That implies you're in a three formation, not a four or a five.
No, a five you could.
A three, four, three.
Yeah.
Dear me.
So anyway, I had a good time and I'm not very happy to be back to the cold, wet, miserable land.
Yes.
Yes.
It is a little bit.
It is a little bit.
What about you, Andy you how was your week or
two weeks i should say uh it's you know i'm i'm absolutely not going to be able to top anything
jav has said uh into i've been to sofia i you know i traveled the how is she tried the culinary
delights of eastern europe. She's very good.
But no, do you know what?
The food was actually really good and really cheap and really not good for my belly.
Yeah, fantastic.
The old Andy is breaking through.
He's coming back.
He's fighting.
Why are you tapping?
Why are you implying I've got extra chins all of a sudden
um but you know so there was one tool actually that came up during my uh place of work this week
we had like a you know as you do with companies where people are spread out all over the place
had a virtual town hall and uh during this town hall a quick sort of name popped up on the screen
uh to be admitted into the meeting and very quickly
disappeared right and it may be that someone just pressed it quickly because there's a presentation
on screen and you know the problem is there's like 600 people on the town hall you can't tell
you know who's done what anyway at the end of this town hall an email comes through gets sent to
everyone and it's a summary of the meeting uh action points, you know, the intro, what the general tone of the meeting was and what the engagement of the meeting was based on people's expressions while they were on camera.
And this is not an authorized app that was sanctioned by the company. And what happened is that an employee had been invited to a meeting with a client
and received this as an output of a meeting with that client.
So they clicked into it to read the transcript of the meeting.
And when they clicked into it, they had to create an account to view it.
And when they create that account, they had to create an account to view it. And when they create that account,
it gets permissions to, you know,
as part of the things,
you have to give permissions to read,
only read only your calendar.
And what it did,
it took the meeting details from the calendar
and then it invites itself to your meeting
so it can transcribe your meetings for you.
And all you have to do, because you don't have to install anything, all you have to do because you don't have to
install anything all you have to do is admit it to the meeting and then it will take care of the rest
so this is just phenomenal but it's like so obviously this this thing then goes out to
everyone at the end of the meeting here's a copy of the stuff and then other people sort of see it
and says well it's not like you can tell
it's not a fish because it's legit info it's got far too much info about the meeting right it's not
asking for your creds at any point it's saying you have to just create an account and it's like
okay so create this account it only needs to just read your calendar it's all read only it doesn't
copy and you know unbelievable so then obviously you know more people get that
they think
oh is this real
they sign up to it
oh my god
you've got a bloody virus
going around
you've got yourself
a self-replicating
yeah
it's
yeah crazy
but that was it
I mean I'm
I'm torn between
how impressed I am
and how
outraged I am
that
it was admitted
to a meeting.
And that was this week's Rant of the Week.
That is appalling.
Yes, yes, yes.
That is really fascinating.
And I think it underscores a really important point about how,
because so many things are cloud-based now,
and people are so used to, like, do you want to give this thing read access or whatever yeah you know it's like when you sign
on with google to something and it's like this will be able to view your profile and everything
and yeah yeah you just sort of like get blind to it or whatever and you're like yes yes yes yes yes
um yeah and uh it's really quite scary isn't it it's very insidious
before you know it you've got you know you've given access to everything because it's all
it's all on the cloud right you know it's not like you've as you said and it's not like you've
installed something all you've said is yeah i can read that that data but jeez there's got to be
some privacy thing there uh well there is And obviously you accept those terms as a blanket click through agreement.
When you when you go to their website to create the account, tick here to agree to all our terms and conditions.
And our terms and conditions say that we may or may not store this data in North Korea.
Who knows? It's not quite that.
Surely you will have something to say about that.
Well, but no, I i mean the data is stored in
the us and you and so you have the ability to delete it um you just request only the person
who invited it can delete it and so that that was all done um but yeah if you're interested it's
read.ai uh which was uh read.ai i am not going to that website nice i'm not going anywhere near it
just in case right whoa yeah but talking of uh people to avoid tom how's your week been yeah
very good i'm liking it yeah i'm not even going to talk about work at all it's it's too too
difficult at the moment too hard but highlight of my week was you have been very difficult to get hold of
you're clearly busy
that would be the vast amounts of olive oil
but the highlight
of my week I think was completing the last
of my Christmas Lego
which was Concord
and
it's beautiful
it's over a metre in length it's it's big you know landing gear
comes down nose cone goes down you know all that sort of stuff little internal seat it's lovely
it's really good really really really good build so if you're looking for something fun to do i
would highly recommend um you know the lego concord safe, though, or does it make a bad landing?
Oh, no, it's the British Airways one.
No, it's... Actually, it's in the original BAOC livery, I believe.
So, yes, it's...
But, yeah, it was really good.
I was doing sort of like a couple of bags,
and it's part of my sort of, you know, come down. Yes, it was really good. I was doing a couple of bags a night
as part of my come-down routine.
But now I've got nothing left.
I haven't got any Lego.
So I don't know what I'm going to do
for the next few weeks until my birthday.
Please go to Tom Langford's GoFundMe
to support his Lego addiction.
Exactly.
Exactly. And talking of things that need all the help they can get shall we see what we've got coming up today this week in infosec is a tale
of software unknowingly spying on citizens of another nation run to the week is a story about
the app which poses a threat to national security.
Billy Big Balls is a story playing both sides.
Industry News is the latest and greatest security news stories from around the world.
And Tweets of the Week is a recap of the rules of surveillance.
So, without further ado, let us move on to the favourite part of the show.
It's the part of the show that we like to call
this week in infosec
it is that part of the show where we take a trip down InfoSec memory lane with content liberated from the Today in InfoSec Twitter account and further afield?
And our first story shall take us back a mere seven years to the 7th of March 2017,
when WikiLeaks began its new series of leaks on the US Central Intelligence Agency.
the US Central Intelligence Agency. Codename Vault 7 by WikiLeaks, it was the largest ever publication of confidential documents on the agency. So just to recap, Vault 7 was a series
of documents revealing the activities and capabilities of the CIA in electronic surveillance
and cyber warfare. And the documents spanning from 2013 to 2016 detailed the cia's tools for compromising
various devices and operating systems including smartphones computers tvs web browsers and the
release of vault 7 actually prompted the cia to redefine wikileaks as a non-state hostile intelligence service, which was fantastic.
And yeah, former CIA software engineer Joshua Schultz was recently convicted to, he was
sentenced to 40 years imprisonment just last month for releasing the information on these.
But yeah, I mean, the details were just horrendous.
Like, you know they
each part of the vault focused on the sort of different aspects um you know that they used
iphones macs windows linux it didn't matter what you did but also the documents also revealed the
cia's efforts to track any leaked documents and monitor internet activity through various malware and surveillance
tools um so you know the cia's dlp has been very aggressive for at least at least 10 years that
we're aware of um but you know here we are in 2024 and uh they're worried about tiktok yeah
yeah which may well be a theme of the show i'm not sure so is this may well be a theme of the show. I'm not sure.
So was this before or after? May well be a theme of the show.
Maybe.
Was this before or after
what's his face went into the Ecuadorian embassy?
I can't.
It's before.
Yeah.
Julian Assange.
This is why he went.
Yeah.
This is why.
Yeah.
Right.
We're the fallout of all of this.
Yeah.
Yeah.
But alas, our second story takes us back a mere 11 years
to the 14th of March 2013
when security journalist Brian Krebs was swatted
when police responded to a spoof 911 call
claiming Russians had broken into his home and shot his wife.
One of the several people who made the false report,
Eric Taylor, was sentenced to probation in 2017.
And yeah, so it's believed that 11 years ago,
Krebs became one of the first journalists
to be the victim of swatting,
which is obviously where, you know,
I mean, it wasn't just that, you know,
hackers orchestrated a series of attacks against him
at the time in retaliation for his investigations
into their online organisations.
So at the same time, his website was subjected
to a massive DOS attack,
the emergency calls made to the police.
But yeah, he did recount,
there's many stories online you can view
where he sort of recounts the experience he went through
facing armed officers at the door, you know, being briefly detained
until the authorities confirmed it was a hoax.
But he had previously warned the police that this was something
that could potentially happen to him.
So he was lucky that he actually stayed calm, you know,
when the situation did arose and equally lucky that the responding officers were of sound mind and not like the officer the other week that an acorn dropped on him.
So he unloaded his magazine into Krebs' house.
Yeah.
You know, I was going to say something really cynical, but I don't know whether...
Well, I'm going to say it anyway.
A, I can't believe it's 11 years since that incident happened. But I remember thinking at the time, this is just the exact kind of thing a journalist would do to potentially like rile up support or notoriety for themselves.
Yeah.
Krebs, if you're listening, friend of the show, Krebs, if you're listening, we can only apologize for Jav.
I mean, he's just come back off a two-week ban,
and here he is again.
We know you're one of the good guys.
His cynicism.
Brian, yeah.
Do you know what?
He's like Lee Anderson, right?
He's going to jump ship to another podcast.
He's going to another podcast soon,
and he's taking his views with him.
He refuses to apologise.
So that's a reference thankfully that's lost on 80 of our audience from around the world but uh but no um coming to an episode of smashing security near you
no they see no that's the thing.
If I was Brett Hart, I could sell out to WCW, but
unfortunately,
Graham is not the kind of person that likes
people like me, so...
What, vendors?
A vendor.
I'm not saying anything beyond
that, but I have receipts everyone knows you know it
tom knows it graham clearly knows it
oh dear right and um so this is jav's show all legal action for libel
defamation sorry please address to uh javad the deck chair malik yeah yeah just because you don't
get invited on to smash him whereas andy and i are some of the most popular guests ever
open your eyes open your eyes escape the matrix guys honestly this is just oh god
who invited andrew bloody Tate here? Oh, fuck's sake.
Right, let's move on before we really get ourselves into trouble.
That was this week's...
This week in InfoSwerve.
The Host Unknown Podcast.
Orally delivering the warm and fuzzy feeling you get when you pee yourself right let's uh just like clockwork let's move on to our rant of the week
rant of the week it It's time for Mother F***ing Rage.
All right.
So, again, unless you've been living under a rock,
you'll have heard about the USA's move to try and ban TikTok.
And it seems to have actually happened.
Although the legislation doesn't say, you we're gonna ban uh tiktok but uh the united uh state's house of representatives uh yes not yesterday two days ago on wednesday
passed the protecting americans from foreign adversary controlled applications act or you Foreign Adversary Controlled Applications Act, or more suitably called the PFAQ.
It's a law aimed at forcing TikTok's Chinese parent, ByteDance, to sell the app's US operations or face the prospect of a ban.
So here we have an app created by communist China, released around the world very popular in the u.s
in fact so popular it outshines virtually every other social media app out there
very engaging content although they do have some very dodgy um you know um views on who they ban
obviously because i got beef here. But very popular, very popular
amongst the kids. Very safe environment as well. You know, my daughter who's on there says it's a
very welcoming and fun environment to be on. And it's doing better than all of the other apps in
the US. And so the US thinks we want some of that. We'll have some of
that. How do we actually buy the company? How do we make this happen? Well, we'll ban it.
So what the bill does is it names TikTok, literally names TikTok as a foreign adversary
controlled application and prohibits it from providing
services to distribute, maintain or update the app. So they can basically no longer
carry out business in the US. And that includes offering it for sale in an app store, although
I'm pretty sure it's free to download. Even updates to the app aren't
allowed. So effectively, it's going to be gone. It's going to be gone. If TikTok's US operations
were locally owned and operated, none of the sanctions the bill mentions would be enforceable.
And well, that just seems a way of, it just seems like a cash grab, to be honest with you.
US lawmakers fear that TikTok gives Beijing a way to gather intelligence and surveil citizens.
Would be eased by having it American owned.
I'm not quite sure how that works.
But, you know, probably some kind of, you know, freedom TikTok version or Merkur TikTok might come out.
So it's it's it just seems, you know, well, basically, Communist China has has won capitalism and the US is pissed and wants to buy,
wants to make sure that they own and control the app in the US.
Now, notwithstanding everything we've talked about, Meta and Facebook and Google and many, many other organizations,
potentially this Read.ai as well that we were just talking about,
being US owned and surveilling and gathering vast amounts of data
and gaining vast amounts of influence over its American citizens.
And in fact, Facebook was even found guilty of influencing the presidential elections in 2016.
It's the whole Cambridge Analytica thing.
Notwithstanding all of that, their biggest target is TikTok.
So if you are an American in poverty,
in a state that has you know very restrictive reproductive rights and uh right
right um legislation in a school that's likely to be shot up by by somebody which because you know
it happens literally every day there uh and with a child uh who you can't afford to feed and so therefore has to go hungry at school and being taught by very poor and demoralized teaching staff. moving TikTok from your, you know, so that to alleviate the dreariness of your life and not
invested in any of the above. So quite shocking. And in a in a late edition.
Could this be coincidental? Could this be related? The former u.s treasury secretary and private equity mogul steve mnuchin
is apparently thinking about buying the platform uh speaking uh to lucky timing right i know he
said he hoped the tiktok ban would pass in the senate forcing the sale of the platform to a u.s based parent it's a great
business and i'm going to put together a group to buy tiktok so it's almost almost like he knew it
was going to happen it's almost like he knew that the share price was going to tank and he could he
could buy it out etc so uh obviously a um you know someone like like Steve Mnuchin,
who's obviously an absolute stand-up guy.
Absolute stand-up guy, yeah.
Very, very known for his morals, known for all that,
is going to be owning TikTok moving forwards, it seems.
It would be hilarious if it wasn't so scary.
Well, you know, this is not the first time.
Like, if you look at the number of athletes that have won gold medals or championships for the US that have only done so
because they were fast-tracked and given a US citizenship
to play for the, to represent the US.
This is the same thing, but now we're talking about in technology terms.
Someone's got a bit of tech.
We can't beat them.
Why don't we just buy them, give them US citizenship?
Well, not just, why don't we just buy it in a fair race, right?
Why don't we actually collapse the capital of the company
to the point where it's an easy purchase, right?
It's not even fair commercialism.
No.
See, I actually hope that the ban does get pushed through in the US
and TikTok refused to sell because the US actually only make up 10%
of TikTok's user base.
There's only 110 million users and TikTokiktok has like over a billion years yeah so there's um i
really hope that they they realize how small they actually are on the world stage and there
is other countries outside of the us yes who are actually using this platform yeah so tiktok either
lose control of that 10%
and don't get anything from it,
or they just cut off that 10%.
Yeah.
I think it's an easy decision.
It's one of the big, like you said,
it's the biggest social media company out there.
Why would you even consider devaluing it
by cutting off 10%?
I mean, the thing is,
because the algorithm's so good on tiktok
it serves you content that's relevant to you so if you're an american living in america it's
gonna give you american-based english-speaking content for the most part so you think oh this
is what all the content is about uh but it's not there's so much more to it yeah and the um the
other thing is you know like it
generally gives positive stuff so in the in the past you know instagram's been accused of
you know feeding vulnerable teenagers um yeah you know sort of content to tell them how ugly
they are and make them yeah like you know if you if you're on a negative trend and you know
just do it um whereas tiktok like tiktok you know we said many moons and, you know, just do it. Whereas TikTok, like TikTok, you know, we said many moons ago,
like, you know, in the other,
it's just such a positive welcoming community.
Like it's always like good vibes only sort of thing.
But yeah, there's just, it just, you just can't compete with it.
It's just such a powerful app.
And even like the most popular guy on it, I forget his name, be you know he's not even he doesn't even speak english um you know
he's the the most followed person but his content is uh he doesn't actually speak because he appeals
to people globally um you know he's the guy that sort of he plays a video of someone doing
something really complicated and then he just does a very simple version of it like you know next to it but uh yeah i think it's one of those things where you know america's can
gonna learn that they're not actually they're not the winners in this one no and they're being shown
up see they're not only time will tell although i did see a very good tweet by a good friend of mine uh chung fang um who said it goes it goes like so uh the u.s bill
forces a sale of tiktok google then buys it for 50 billion dollars to pass antitrust google merges
with youtube and tiktok for a spin-off tiktube goes public at 420 billion.
Users start seeing 100 non-skippable ads before videos.
Yeah.
Rant of the week.
You're listening to the Host Unknown Podcast. Bubblegum for the brain.
All right, Jav, let's see if you can top that one.
It is time for...
You know, Tom, I can't top that.
What you just covered is probably the the highlight of
today's show so um uh i'll make a best effort at it um so um
there's a company called one rep.com and it bills itself as a virgin Virginia-based service for helping people remove their personal information from almost 200 people search websites.
Is that Billy Big Balls? Not really.
However, an investigation into the history of OneRep.com finds the company is operating out of Belarus and Cyprus and that its founder has launched dozens
of people search services over the year the years sorry uh so one reps protect service starts at
$8.33 per month which is a very strange figure I don't know how well i suppose it's converted from euros or something uh for
individuals and 15 a month for families and promises to remove your personal information
from nearly 200 people search sites uh it also markets its services to companies seeking to
offer their employees the ability to have their data continuously removed from thus said people
search sites. And a good friend of mine, Brian Krebs, has done a good write-up of this on his
website. And it's amazing the lengths that people go to to try and hide their past so uh dimitri chelest um is the ceo in in question
and uh you know he's in cyprus he's in belarus he's got dimitri chelest at one rep.com he's also
got the email address d.sh at nuba.com he's got a phone number um and then like he he's he but he's clever he's clever
he he sort of like um you know tried to hide his identity by adding a two at the end of one of his
email addresses to to throw off um you know your average investigator but mr krebs is no average
investigator he's smarter than your average bear.
So he's tracked him down.
He's linked him to all these websites.
And I think the Billy Big Ball's move here
is really the fact that on one hand,
this guy has made hundreds of websites
that basically sell people's data.
And now he's set up this separate entity that's saying hey
if you pay me i can get your details removed from all these websites so it's really like a never
ending loop of money making where like you know you're collecting data you're publishing there
and then you're charging people to get it removed it's like a mafia shakedown in some ways but
it's a beautiful cycle i was gonna say he had me in the
first half you know i was thinking where's where's the where's the billy big balls it seems like a
great service you know because we all get plagued by these things yes yes it is a great service
isn't it but um isn't it for the long game man it's i see nothing wrong with this
this this is the litmus test of host unknowns morals and ethics here i think well to be fair
demetrius is delivering on what he says if you sign up to his site and ask for you know ask for
his assistance remove your personal data from popular people search websites,
he will deliver on that promise.
By deleting it from his own websites.
You are getting what you pay for.
Well, that's...
You know what?
He didn't say anything about that.
Is there a connection between the site that gathers your data
to remove it from other sites?
Is that data then sold it from other sites is that data
then sold to those other sites again now that would be next level move that would be like you
know you see you see you're in awe of that i'm i'm like i'm i'm cynical enough to to think that's
the sort of thing these scumbags do yeah Yeah, well, that's like that, you know, insert your credit card number to see if it's been compromised.
Yes.
Hang on, that sounds like how I've been pwned.
Type in your password to see if it's been compromised.
Yeah, it's only a step up from the wallet inspectors from school days.
Yeah.
I like it. I like this guy oh my goodness a few weeks ago we covered the the antivirus antivirus company that was yeah
that was slurping up all your data and like you know selling it on or using it. Keeping your data private.
Making sure that no one else was getting that data.
They were the exclusive providers of that data.
Exactly, exactly.
I'm drawing a line between me and the two of you.
You're both just, I don't know.
You should move to the US.
You should move to the US you should move to the US and become senators because
you're
demonstrating the right kind of
moral characteristics
you know what
I was telling my colleagues that
if I was
if I was
paler
in complexion
let's put it that way i would move to florida and i would become a king
i'd get like a pickup truck and and a big muscle car and i would like you know have guns and i
would like you know ah i would be the ultimate florida man i think that's where my soul is from that that
is just like what what attracts me so much i would be such a right winger you would think donald trump
is moderate compared to me i i've got to say that if if i was white that that would be my i would
take advantage of my white privilege so much but couldn't you couldn't you sort of move to i don't know get a you know a subaru pickup
and have all the guns you want and live like a king there anyway i mean isn't
pickups toyota highlights yeah toyota pickup i'm sorry yeah yes you make a really good point you know i'm trying to think of what the downsides are
and i'm not seeing much you know except kids in pakistan get shot less
but you're more limited to ak-47s and whereas in the us you've got a wider range of guns yeah
yeah yeah but you know they go bang bang i mean who cares
you're just shooting them in the air anyway, right?
Exactly.
Yeah, he does weddings, bar mitzvahs, birthdays, you know.
Still, the education in *** town would be a lot better.
You know, you've really got me thinking.
Quality of life.
Health care.
Health care. You've probably got health care yeah the politics probably isn't quite as corrupt the uh
well the fact they threw that guy in prison and it's still not as corrupt as the us you're right
and you can get tiktok there yeah sold damn i'm sold with the dodgy mustache man i'm going to
you know what i heard there's some good deals on some compounds in
let's talk we can get neighboring compounds let's move on let's move on yeah i need to keep the inner thoughts inside sometimes it's just
you two are enablers billy big balls of the week If good security content were bottled like ketchup,
this podcast would be the watery juice which comes out when you don't shake properly.
In a niche of our own, you're listening to the award-winning Host Unknown podcast.
It's definitely time to move on. Andy, what time is it?
It is that time of the show where we head over to our news sources over at the InfoSec PA Newswire,
who have been very busy bringing us the latest and greatest security news from around the globe.
Industry News. UnitedHealth sets timeline to restore change
healthcare systems after Black Cat hit
Russia's Midnight Blizzard accesses Microsoft source code
Industry News
Third-party breach and missing NFA contributed to British Library cyber attack.
Industry News.
Lawmakers slam UK government's ostrich strategy for cyber security.
Industry News.
Google to restrict election-related answers on AI chatbot Gemini.
Industry News.
Meta sues former VP after defection to AI startup.
Industry News.
Google paid $10 million in bug bounties to security researchers in 2023.
Industry News.
French employment agency data breach could affect
43 million people.
Industry News.
TikTok faces US ban
as House votes to compel
ByteDance to sell.
Industry News.
And that was this week's
Industry News.
Huge if true. Huge if true.
Huge if true.
So there's one thing I saw.
So there's this story about Meta launched legal action against its former VPs
after he allegedly stole employee and business information
before resigning to work as an AI startup.
So they really went after the former VP of infrastructure, Dipenda Singh.
They accused him of being brazenly disloyal, using those exact words,
before lifting documents after defecting after 12 years with the company.
So they're saying that, you know he he took proprietary highly sensitive
confidential non-public documents about meta's business and employees and he was said to have
uploaded the documents to his personal google drive and dropbox before leaving um now with it
you know like sometimes especially when people have been at companies a long time you know if
you have ever seen logs of what they're doing they do sort of sometimes try and take stuff like you know your dlp might catch them
uh you have to go and have a word with them and sort of say actually no you're not allowed to do
this um and they're always the same so oh but i worked on this this is really hard it's just the
template i'm after it's just this you know it's it's just to remind me it's just a moment you
know the work i did and all this kind of stuff. So I thought that this story was about that.
However, it was quite funny that when you actually go into it,
the name of the folder in his Dropbox get was actually the name of his new employer.
So the folder he actually uploaded it to was the name of his new employer.
Oh, wow.
So it's like, actually, I've kind of lost all kind of you
know sympathy on this one the criminal mastermind what was he oh dear me
that is terrible it was just oh my guy come on meet us halfway on this one right you know we can
we can try and make a case but you know yeah yeah deserves
everything he gets so everyone's like everyone's throwing him under the bus like they've never
stolen or borrowed a template when they're leaving to go to a new well take it take mementos yeah
exactly exactly so when actors leave a film and they want to keep their outfit,
you know, or the gun they use.
Exactly the same thing.
Absolutely.
So, unsurprisingly, UK government hiding its head in the sand,
apparently, about cyber security.
I mean...
Doesn't sound like the UK government at all.
Exactly.
On anything.
As charges go
It's probably one of the least worrying ones
You know
That could be levelled against them
The government doesn't acknowledge
How unaffordable the insurance market is
For cyber attack victims
Well
No shit Sherlock
Because it's expensive
Yeah no shit Sherlock because it's expensive yeah
and so the British Library
got busted
because third party credentials were stolen
and they didn't have MFA
on their account
despite receiving previous warnings
about these whisks
yeah who listens to warnings they yeah
let's see as well french employment agency
million people yeah yeah i'm surprised well no
um go on say it you're surprised at 43 million people work in france
it's not saying that i can see it on your face
yeah oh man i was just like i was trying my best to be more politically correct
and like what like like you were 10 minutes ago i think that
yeah that that's boundaries like what happened 10 minutes ago and like other comments but i think we
can all agree the french are fair game when it comes to employment rules and working rights and
striking and rugby and riots because england and playing it tomorrow. There's nothing, it's not really
very interesting, is it? TikTok we know all about.
No, it's...
No, I did see on the BBC,
so that's where our
InfoSec PA News
Newswire reporter didn't go, there was
a story about how
they raided a pig
butchering scam
call centre
in... Oh... raided a pig butchering scam call center in um oh somewhere in southeast asia and they there's about
300 people that were held captive there forcing them to do like love romance scams online oh
they they were like literally captured there with some of them had signs of torture on them
electrocution and whippings and stuff the guards had guns and it was like a horrible horrible
scenario they were in and i'm surprised you didn't cover it under your billy big balls
no that's that's filed under like future business plans
yeah it's like it's only a couple down the list from like you
know selling personal data and then selling services to uh remove personal data yeah yeah
why is tom sort of shaking his head and putting his head in his hands and so
why is he why is he unplugging his mic and i've just woken up who Who are you two? I've never met you before in my life.
Anyway, what was the point of the story, Geoff?
I said that would have been a good one to talk about,
but now I can't find it on the BBC.
You know, the stories go really quickly from the front page.
Well, why don't we close with Google paid $10 million in bug bounties.
Well, that's good.
That's actually a good news story for once. It is it's actually two million down on the previous year so either they
are producing less vulnerabilities or paying less i don't know it's hard to tell well the whole point
of a lockdown effect yeah yeah i mean and the whole point of the bug bounty is to try and produce
less vulnerabilities right you know it's in your interest to make secure code.
All right, let's leave it there, shall we?
That was this week's Industry News.
People who favour the Smashing Security podcast
are statistically more likely to eject USB devices safely.
For those who live life dangerously, you're in good company
with the award-winning Post Unknown Podcast.
Do either of you eject USB sticks or do you just yank them out?
No.
No.
I've never used a USB stick for years.
I just use Dropbox and Google Drive
with names of my future employers as folders.
You've got a smashing security folder, haven't you,
with all the show notes from our podcast.
And all our jingles in.
Yeah.
Yes, and the secret sauce to what makes it so special,
our podcast. Yeah, that's right. Graeme's what makes it so special, our podcast.
Yeah, that's right.
Graeme's been dying to get a hold of that.
And his email address.
He just can't replicate what we do.
No, no.
It's so disjointed and it's just so poorly edited.
Like, how do they do it so effectively each week?
And still get so few listeners.
So let's move on.
It's time for...
Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
And this week's Tweet of the Week
comes from Andy Laptev.
Permit IP Andy Andy on...
Oh, sorry.
Permit IP Andy Andy on Twitter.
And he says,
can one of my cyber friends explain to me
the threat to US national security posed by TikTok?
My limited understanding is the US has been engaged
in mass warrantless surveillance
of Americans' communications for decades.
Our own government can spy on us without cause,
but China can't?
And I would add a mic drop.
I agree with all of that, apart from the last
sentence, which,
you know, in theory,
other
nations shouldn't
spy. You know, that's kind of like...
The US have been caught spying on UK citizens.
Oh, I know that.
I'm not saying that that's
wrong either but you know the you can our own government can spy on us without cause well they
are your own government but china can't well no that's not the point but nonetheless it is the
point but i did see a related tweet by a good friend of the show, Dan Cuthbert, saying, hey, if they can debate banning TikTok, maybe there's hope they start talking about the reigning in the pervasive data tracking and broker industry that flourishes in the US, which I think is the real question here.
But, you know, I did reply to him saying i guess one can
hope but uh you know it's quite an idealistic view because you know how are we going to make
money if we can't sell data and then buy it back and then resell it again and you know yeah that's
where the money is these days well your hero mr schloss or whatever his name was is that's exactly
it no no he's not my hero but if i was to create a
mount rushmore his face would be on there he'd be on the far right yes not one of the
on the far right no i wouldn't push him far right this is just normal
capitalism there's nothing racist he's doing about it there's nothing like intolerant
there's nothing racist he's doing about it there's nothing like intolerant
oh dear excellent thank you for the tweet of the week so we come barreling to the end of the show once again uh hopefully we're not going to
get cancelled this week i really do hope um so yes thank you very much jeff thank you sir
thank you thank you um it's always a pleasure to be here i'm glad to be back um i think the
break done me good and i think the break from last week done you too good as well
but i'm i'm just gonna investigate how good the internet connection is going to be
to see if I can join this call reliably.
But we might have to talk about time zones
and making sure it's suitable for me.
But other than that, I am great.
Hang on a second.
6 a.m. UK time is what?
That's not like lunchtime in ****.
It's actually going to work better for you.
It is.
We'll still tell you at 6 a.am, but you'll turn up on time.
Yeah.
And thank you, Andy.
Stay secure, my friends.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our reddit channel worst episode ever r slash smashing security
you know i hate you guys even graham done a tiktok video the other day and he ended off with
stay secure my friends i can't believe you stole that from me.
Yes.
I sign off my Tice talks like that.
But you wouldn't know, Jav, because you've never watched any.
No, why should I?
Because they don't like my kind either.
Vendors.
Yeah, for clarity, vendors. what else would i be employing
episode sponsor an episode and come on the show yeah
yeah the economy's tough these days and i know if i sponsor you're just going to take my data
and then sell it and then i'm going to receive spam from Tice and their affiliates for years to come.
It's quality spam.