The Host Unknown Podcast - Episode 77 - An Analogy Wrapped in an Inception Surrounded by Idiots
Episode Date: October 15, 2021This Week in InfosecWith content liberated from the “today in infosec” twitter account13th October 1999: An episode of the "True Life" documentary series titled "I'm a Hacker" aired on MTV. Afterw...ards one of the hackers featured on the show, Shamrock, issued a statement revealing that the whole thing was a hoax to dupe MTV. D'ohMTV made to look ridiculous by fake hackerTrue Life 'I'm a Hacker' 1 of 2True Life ‘I’m a Hacker’ 2 of 2https://twitter.com/todayininfosec/status/1316187816540413953 9th October 1999: A year after Staples launched its website, it was compromised.Add malicious code? Nope.Deface with a political message. No. Redirect to a porn site? Nah. Then what!? Advertisements were added which led to one of its competitors, Office Depot. Staples Sues Unnamed Hackerhttps://twitter.com/todayininfosec/status/1314710023931559937 As Seen on RedditSuperlative levels of TechBro shithousery in the technical recruitment zone of San FranciscoTech bro invents a "skip the interview" tool where you can crowdfund your way into getting a job. r/recruitinghell is having none of it. Billy Big Balls of the WeekFraudsters Cloned Company Director’s Voice In $35 Million Bank Heist, Police FindAI voice cloning is used in a huge heist in the U.A.E., according to Dubai investigators, amidst warnings about cybercriminal use of the new technology. Industry NewsNatWest Pleads Guilty in £400m Money Laundering CaseBrewer's Token Gaffe Causes Massive PII BreachCouple Arrested Over Sale of Nuclear Secrets Android Phones Sharing Significant User Data Without Opt-OutsNCSC CEO: Ransomware the "Most Immediate Threat" Facing UK BusinessesGhanaian Women Cautioned Against Sharing NudesCrypto Romance Scam Drains $1.4MFinancial Regulator Warns of Hybrid Working Security RisksMet Police Loses 2280 Electronic Devices in Last Two Years As Seen on TikTokThe Ron Burgandy of British "politics"Nigel Farage promoting drug dealers The Box © Charlie Langford charlie@clmediagroup.com for all of your video and sound production and postproduction needs. Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Actually, if we haven't got a cold open,
then I've just got this big red emergency button to hit.
Go on.
You know we're finally here, right?
It's Friday then, it's Saturday, Sunday, what?
It's Friday then, it's Saturday, Sunday, what? What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What? What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What?
What? What? What? What? What? What? What? What? What? You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us.
And yes, it's Friday and time for episode 77 of the Host Unknown Podcast. Episode 81.
Welcome, one and all good morning gentlemen how are we all right we've got the band back together we have we have it feels like we've gained weight
but you know nonetheless from from last from last week's streamlined, efficient and, well, very quickly recorded and delivered podcast to this.
That's sort of sluggish, carrying excess baggage.
Can't think of a cold open, you know, just, well, I don't know.
Anyway, Geoff, how are you?
I love you guys too, and I'm just as happy to be back as you are.
You're sounding like a record breaker here this morning, Jeff.
Oh, well, if you want to be the best.
You know what?
This could be the last podcast I do with you because I think from next week
I might be doing a podcast with other world record holders,
Olympic gold medalists, you know, that kind of thing.
Maybe I'll start a podcast with Tyson Fury, the Gypsy King himselfpsy king himself because you know me and him have a lot in common now is
it a guinness world record holder no but i think he can down a few points of guinness and still
knock people out so you've got that in common with him then no i i share the physique but just not well in terms of the belly but not the height
and i was gonna say yeah if tyson fury put on like a brown sort of mackintosh he'd be about
the same height as if there was two of you underneath a brown mackintosh well i'm hoping
he could carry put me in one of those baby carries and call me Mini-Me.
Oh, man.
So where were you last week?
What was that all about?
I was off on a studio film shoot for Inside Man Season 4,
which is available to Know Before customers and uh although season one is on
Amazon it yes it was on Amazon apparently it's uh it's no longer available due to some
I don't know big studio disagree licensing issue yeah something like that someone published it
without permission no no it was all kosher.
It was all Halal, brother.
But something, yeah, I don't understand the background politics.
But you remember season one, Tom.
It was filmed in, you kindly offered up your office space for some of the scenes in season one.
That's right.
Yeah, yeah, yeah.
And in fact, I had a panicked call from Jim
because they were about to be thrown off the set
because somebody unplugged a key piece of AV equipment
just before a client demonstration to plug in a steamer
or something like that.
Yes, yes.
And they were about to get thrown off set,
so I had to forego my cameo in that show just to calm some nerves, to say the least.
But there was a silver lining because as a result of that, you played your card and said,
look, I just saved you whatever, 30 grand, 50 grand in relocation and reshoot costs.
Now can you shoot us a music video and that's how lost all the
money came about that's that's how our least uh popular uh music video came about secondly
second least i think you'll find the zoom song is the least yeah but we've we've all forgotten about the Zoom song.
Unfortunately, unfortunately, and not just us either.
Yes, yes, great days, eh?
Great days.
This is gold dust. This is all information that will go into the biographical movie
that is made about Hosts Unknown in the future.
They'll all capture these nuggets into their head.
Yeah, who would we have playing us?
Oh, that's a tough one.
Well, Andy, I think it has to be Ryan Reynolds for Andy.
Obviously, yeah, clearly.
Oh, I know, it's Ryan Reynolds from the movie Just Friends
where in the beginning he's wearing the fat suit.
I've not even seen that film, so I don't know what that looks like.
Well, you're obviously going to be played by Tyson Fury,
and I'm going to be played by Clint Eastwood.
Well, they have to digitally de-age Clint Eastwood, but I think it works.
Yeah, I was going to say.
Andy, how are you?
Okay, nothing to add really.
You know me, I just tick over, get stuff done.
You know, someone's got to do the work behind the scenes or else you end up doing crappy
music videos that don't get any views.
So I best get back to the drawing board yeah yeah yeah or
or or you or you uh you're out sending uh sounds or bites that need to be incorporated into the
show minutes before we go live yeah hey it's still in advance right that's right
blaming about why lyrics don't scan so you give a substandard version
and then three weeks later say oh i was sent the higher quality one i just never checked my emails
hey i'm not even going there with this one jesus uh inside jokes inside jokes we're losing our
audience let's move on indeed uh so what have we got coming up today?
Well, this week in InfoSec shows us that the entertainment industry, in a shock, does not
let the truth get in the way of a good story.
Billy Big Balls is something that Jav is going to be coming up with, as seen on Reddit, sees tech bros of San Francisco creating an app which solves a problem that really we never had in the first place.
Industry News brings us the latest and greatest security news stories from around the world.
And as seen on TikTok, is a real world SQL injection analogy.
Or is that sequence injection? i don't know i i i
i haven't done my media training uh sequel injection analogy
all right well i think we go on to our favorite part of the show right now
uh the part of the show we like to call
this week in infosec
so just to clarify that favorite part of the show is actually the jingle isn't it
not the actual content yeah yeah absolutely yeah absolutely Making sure we're all on the same page here.
So it's that part of the show where we take a stroll down InfoSec memory lane with content liberated from the Today in InfoSec Twitter account.
So our first story takes us back 22 years to a time when,
I think it's fair to say MTV was just coming over the peak of its climax.
If you think back to Celebrity Deathmatch, Beavis and Butthead, The Real World, Total Request Live,
all those good things, we've now got programs like Teen Mum, Catfish and 16 and Pregnant.
It just doesn't compare to what happened back then, in addition to no music these days.
Are you sure you're not talking about Channel 5?
Well, yeah, I mean, they kind of follow the same path,
but at least Channel 5 still probably has more music than MTV.
Yeah, it probably does.
There's been a massive drop in the, you know,
the quality of programming here.
But back in 1999, MTV did mix in some decent programs with their music schedule
um so it was actually 22 years ago this week mtv's true life did a captivating true life
documentary called i'm a hacker and i just want you to listen to this sort of short montage that
um you know that was after those that the show was made up of
that the show was made up of. done to my head. That's what woke me up because I'm a pretty sound sleeper. I'm Shamrock and I'm a hacker. It's like being God. If I had the opportunity to show off all the power in the city right now, do you think I would do it? We want on our laptop to know the location of every
SWAT car within the nearest city. What people don't understand, they fear. We've all heard
about the hacker menace. Hackers break into government and business computers, stealing and
destroying information,
raiding bank accounts, running up credit card charges.
Young people who break into telephone and computer systems simply because they can't.
The Pentagon calls it a cyber war.
Never before have people so young had so much potential power to disrupt the systems we all rely on.
But what do we really know about hackers are they the enemy
within as the government sees them or are they freedom fighters of the digital age
over the next half hour we'll take you inside their world
absolutely gripping stuff there you've got some serious headline grabbing content in there
are we worried that we're not gonna fill up enough time with our own content pretty much yeah that's what happens when you don't have content
right um so 13th of october 1999 the uh true life documentary series titled i'm a hacker aired on
mtv now afterwards one of the hackers featured in the show Shamrock issued
a statement revealing the whole thing
was a hoax to dupe MTV.
So in a
statement on the
Hacking News Network, Shamrock explained
it was MTV's cynical approach
to hacking that actually prompted
the scam. So he said we
waited months to see if they'd be realistic
and after it was obvious
they wouldn't we figured the only option would be to discredit with them with as much fiction
as possible so he said he went on to say that you know him and his fellow hoax has never expected
mtv to actually swallow the absurdities they made up there um but he said you know the hoax was just
done to illustrate the shallow nature
of the mainstream media um and then yeah following that i mean a representative from uh the
independent television commission um sort of the the british tv industry independent watchdog said
that it considers this kind of blunder inexcusable this sort of thing is not difficult to detect if
you've done your work
properly we would expect program makers to do their work and make things that are factually
accurate do your research do your research just don't believe everything you hear or see or what's
old it's uh but a classic example of um you know little hij little hijinks, a little fun with a major broadcaster at the time.
Well, you know, I'd say, though, that the hackers that were on the show, while they may have made up stuff,
they did pull off a very elaborate social engineering scam.
Exactly.
They were as great as hackers as they claimed they were
yeah it's not all uh you know as you see on the tv it's not all we know we know the location of
every squad car in the country uh but it's actually i stuck a link in the show notes i
found the documentary on youtube um and it's actually got loft uh heavy industries in it as
well with uh dr muds and you know friend of the show andft's heavy industries in it as well.
Dr. Mudge and a friend of the show and various other well-known people as well.
So it's worth a look
if purely for the entertainment value
because this was basically posted
as a documentary
and it is almost like an episode
of like a short of Swordfish.
You remember the John Travolta movie?
It's just fantastic.
Just with fewer blowjobs. Yeah. And Hallow's Berries. Yeah. like a short of swordfish you remember that the john travolta movie it's just fantastic just with
fewer blow jobs yeah with you and halloween's berries and yeah try whilst you're trying to
drop a two five six bit encrypted trojan on the firewall that's right
oh dear nice one literally have you got have you got another one for us andy
uh i did well okay i'll quickly
run through this one right so it's 9th of october 1999 still 22 years ago um you may know a store
called staples um you know so they actually launched their website in 1998 so a year later
october 1999 the website was compromised um did it add malicious code no did they deface it with a
political message that was quite popular back then no did they redirect it to a porn site
no what could they have possibly done well the uh hackers basically have added adverts which led
them to their competitors at office depot It was quite an innocent hack for the time.
Was this industrial espionage?
Well, yeah, it probably could.
It would be the classic way through.
I just don't think Office Depot had an offensive security team back then.
22 years ago, I don't think the stationers thought,
right, let's get stationary
people, supply chain people,
warehousing, offensive security
team, red team.
I just don't
think it was in their top 50 list of
hires that year.
Had they done it, it
would have been even better.
Nice one. Nice one. Thank you
Andy for this week's
all right so we shall move on to a uh the next segment which is me and believe it or not
it's not a rant of the week.
It is technically... This is the sound of the Host Unknown podcast crew putting on their armour,
getting ready to do battle with the hordes of strong opinions.
This is As Seen on Reddit.
So we all know stories of uh tech bros that is uh people who uh normally men who set up
uh small startup companies picture may pitch very very well even though the idea itself may not be
so so uh good or savory and get vast amounts of funding to do something that, frankly, nobody needs in the first place.
And there's quite a few examples out there.
But this one is probably really up there in fixing a problem
that nobody really thought needed fixing in the first place.
but nobody really thought, you know, needed fixing in the first place.
It was found, or I saw it on Reddit, under r slash recruiting hell.
And the website in question was called skiptheinterview.com,
which sounds great.
You know, okay, you know, you want to go for a job and you don't want to interview for it,
but you want said job.
Okay, what do I need to do to do that?
One might think you need to sort of build quite a portfolio. You might need to put some extra hard work, extra hard working.
Build yourself a reputation on, you know, in your industry and on the internet such that the job
offers just come flooding into you. No, according to tech bros, in order to skip the interview,
you pay money. But not only that, not your money, because that would be too easy. What you do is you get sponsored
by your existing work colleagues to the tune of a minimum of $50 per person. And if you reach
a certain amount of money, then the job is yours. And recruiters will advertise on skiptheinterview.com.
And according to how important the role is, the seniority of it, et cetera, et cetera,
defines how much money you will need to raise. so entry-level job is uh looking at from what i've
have seen on the website is is looking at roughly or an entry a you know sort of junior program is
looking at roughly eight thousand dollars to be raised by previous employees etc which is shocking
is this if you want people to leave your company you can pay for them to
leave yes you know what i can see why there's an incentive to do yeah there'll be a whole new
expense code yeah you're like hey look guys 50 quid each right i i don't get this so So the money goes to the hiring manager, does it?
Well, the money, presumably a large chunk of it,
goes to skiptheinterview.com.
And, in fact, I think most of it goes to skiptheinterview.com.
I have no idea.
I've not actually seen it.
Because I'm not quite gross so it feels like you're bribing the hiring manager to say hire this person
without interviewing them okay compliance no okay maybe it's not a direct bribe because it's a crowdsourced donation by colleagues to get someone out.
It just sounds very unethical. Maybe I'm not understanding it correctly.
So you go to the website, which is a story in and of itself.
I'll tell you that in a minute. And the quote is, we believe a strong reference from your previous co-workers is worth more than your ability to tell me how many golf balls can fit in a mini.
I think that's a reference to dodgy Google interviews.
Those references only matter, though, if the person referring has skin in the game.
At Skip the Interview, that is what we are creating.
So, find a job you love.
Co-workers sponsor you.
Send out a link to people you have worked with before.
Ask them to sponsor you for this new role.
It can be as low as $50.
And then start as soon as you gather enough funds.
If you stay on the job for more than two months,
your sponsors get double what they invested minus our fees.
Sounds very weird.
Well, exactly.
And if you were to go to skiptheinterview.com, so skip the interview.
I'm typing this in right now.
This is live, folks.
Skiptheinterview.com.
Well, it currently says this website cannot be reached.
It's the power of Reddit, that is.
Yeah, that's right.
Well, actually, when I went to it yesterday,
it actually came up and it was a blank screen apart from a single bit
of text at the top saying, we've listened to your feedback
and we are going to go away and take a think about this.
Oh, wow.
Okay.
So it got the Reddit kiss of death.
It did.
It did.
Oh, dear.
I think one of the pieces of feedback that was given was uh so
fuck your business model fuck this idea and fuck your startup you can fucking burn to the ground
in r slash recruiting hell right where you belong um so yeah so no opinions on this one no no
pretty much on the fence because the ceo he said we we actually
launched just to get feedback so well they got the feedback all right um just a prank bro it's
just a prank yeah prank it's just a prank tech bro um but uh so yeah you can actually see the
website if you go to the wayback Machine, you'll see the…
It's a new website that appears on the Wayback Machine.
You know it's got something controversial on it.
Exactly, exactly.
It's got an extremely happy, hipster-looking man with orange sunglasses
that are obviously not prescription on the cover page,
so you know it's you know for proper tech bros uh yeah so it's
it's um it's an absolute uh shit show but it did get me thinking that maybe this is how we solve
the skills shortage you know yeah this is not we don't we're just moving the the the co-workers we
hate the most we're paying them to get them out of our company
and in somewhere else.
And if they stay for two months, we get money back.
Are you worried that we're going to ship you off to another podcast?
Yeah.
Because I'm just saying.
500 quid.
Yeah, but Smashing said the figure they gave us was just way too high.
Let's be honest.
Yeah.
the figure they gave us was just way too high.
Let's be honest.
So, yeah, it's, well, it just goes to show the, to quote another quote,
the level of shithousery that goes on in tech bro culture here.
So, yeah, absolutely shocking.
Yeah.
It's actually, other than Redditdit you know why combinator they're one of the um the incubators for this and so on their page there's lots of
people expressing their disappointment with them actually putting money into it and there's a
they're saying like it's um there's a really weird exchange it's like how is this not a bribe and the ceo responded
bribe is such a loaded word these are these are references who put their money where their mouths
are um he's got a career in pr i tell you that that's a yeah you don't pay to give good references, right? You pay.
Yeah, dreadful, dreadful.
The fact that people, it just goes to show the kind of bubble that people operate in sometimes, totally insulated from the real world.
It's more about the funding these guys get to just create.
Well, yeah, I mean, it does go to show how much money is just thrown
at these things without any kind of thought.
So, yes, well, that was this week's.
Just remember to be nice in the comments section, as seen on Reddit.
Sketchy presenters, weak analysis of content,
and consistently average delivery.
But they still won an award.
Like and subscribe now.
All right, Jav,
it's over to you for this week's
Billy Big Balls of the Week.
This is only a Billy Big Balls because I couldn't think of which other category this would fit under.
But in early 2020, a bank manager in the UAE received a call from a man whose voice he recognised.
A director at a company with whom he'd spoken before.
The director had good news. His company was about to make an acquisition,
so he needed the bank to authorise some transfers to the tune of $35 million.
A lawyer named Martin Zellner had been hired to coordinate the procedures and the bank
manager could see in his inbox emails from the director and Zellner confirming what money needed
to move where. The bank manager, believing everything a bit legitimate, began making the
transfers. For those of you keeping score at home, or
those who like spoilers, or
the ones that guessed within the first five
minutes of the sixth sense that Bruce Willis
was actually unalive,
this was...
Spoiler!
So, according to
this article, which a friend of the show, Tom Brewster, has written,
is that the bank mania was duped as part of an elaborate swindle
in which the fraudster had used deep voice technology to clone the director's speech.
voice technology to clone the director's speech. So the phone call he received was actually from a deep clone voice impersonator or software that told him to make the transfers. And this is really
interesting because deep fake technology is like the thing that we hear a lot about and there's
lots of proof of concepts and everything around there. However, there's nothing in the thing that we hear a lot about and there's lots of proof of concepts and everything
around there however there's nothing in the story that actually points to any real proof of it being
deep voice it could have been someone who sounds like that director like an impressionist or like
an impression it could have actually been the director himself. It could have been Rory Bremner.
Yeah.
For all we know, the bank manager could have been in on it
and fabricated the story that, you know.
What, 35 million?
I'm calling it out now.
Just wait.
In two weeks, that bank manager is going to be unable to work
due to health issues and he's going to suddenly buy a yacht.
Retire.
Yes.
health issues and he's going to suddenly buy a yacht retire yes um so just to confirm do you say he had email confirmation in addition to the voice call yes so he had a voice call and then he had
emails from the director and from the solicitor the lawyer lawyer. So, you know, maybe, I mean, okay, emails, they can be
smoothed or whatever. But what I'm also thinking is that if I want to make a payment over my daily
limit, I can't just phone up my bank manager and say, hey, it's me, Jav. You know me. I came in
like last week or when you saw me when I opened my account there are procedures there's
you know sometimes they'll send you a text to confirm sometimes you have to go into the banking
app sometimes you have to use the the two-factor device that they send you where you put your card
in and you know the chip and pin there's all these things sometimes you have to go into the branch and
you have I think there's such a systemic breakdown.
But the analogy is the wrong way round.
It's if the bank manager phones you and says,
Jav, I've got some money for you.
Can you just confirm your account details?
But also, when the bank manager's making these transfers,
he's going to have to do all these secondary factor stuff.
So he's the man that's controlling
those authentications.
He just needs someone
to tell him to do it.
The bank manager, you're saying?
Yeah.
Not the bank manager.
No, the guy that's got the ability
to transfer the funds.
Are we in the analogy
or are we in the story?
I can't work it out.
We're back in the story now.
This is a bit like
Mary Poppins.
Matrix 3 right now.
I'm really not sure
what's real
and what's not real.
Inception 2.5.
I never saw how that ended either.
Yeah.
I walked out
before the end
of Matrix 3.
I couldn't sit through it.
No.
It was horrible.
Oh, it's shocking.
It's a shocking time.
You're not going to change my mind on this
let's not even go but what i'm saying is all right if you can trick that um not the bank manager so
the guy that's making this transfer right the bank manager the bank manager yeah so he's the real one
or or the analogous one well i was gonna say what else would he need other than confirmation you know in either a voice call
supporting an email right what else would you expect him to have i i'd expect there to be more
controls for that sort of sum of money i'd expect there not to be email i expect someone to at least
log on to some online banking system and put in their request there because a phone call and email
anyone can make those but at least if someone's logged onto their bank account their online banking
and requested the transfer there and then it's over the limit and then they follow it up with
a phone call or email I think that would be there's some more safety net there but i don't think you can just rely on an email or a phone call and say
i'm so and so um and make this payment it's like if i was to phone up barclays today and say hello
my name is mr andrew agnes uh and they'll be like well that's a bad, we're shutting down your account. Stop fooling us.
No more butt plug refunds in your statements, please.
I do think, though, that the deepfake technology isn't the story here.
That's, I suppose, what I'm trying to get at.
It's a Billy Bigmore move to nick 35 million.
I don't think the deep fake is the story here the story here is that it's so it seems trivial to be able to swindle a bank manager into making
a big payment and so it's the whole process element of it the deep fake thing is just another
method of convincing somebody exactly and what i'm worried about is that there's going to be
someone that's going to take this story they're going to go to y combinator they're going to say
invest in our startup that will detect deep fake voice calls i thought you're going to be worried
about some uh someone transferring 35 million of your money yeah yeah no no i've got it under
this isn't the this isn't the first time that this has happened
there was a case of uh there was a an accountant in the uk who yes spoke to his um german boss
over the phone and he transferred a sum of money and then was asked to do it again and
that was when he sort of fell in what was going going on. That was last year as well, wasn't it? That's right. And that was put down to a deepfake voice.
Yeah.
And again, there's never been anything to confirm that it was a deepfake.
It could have been someone with a German accent.
Yeah.
Although the guy said he recognised his voice.
He spoke to this person on a regular basis.
He recognised his voice.
But it did prompt me.
This time every year, roughly from now on,
it's like, what are your cyber predictions for next year
and all that sort of thing?
Well, I put one out there, which was we're going to see
our first facial video deepfake crime this year so um i'm being let down so far
cyber criminals you've basically got two and a half months to to not prove me a liar so
so please pull your finger out no no one's calling you a liar tom they'll just say you're incompetent
no they've said that before now they're going to tell me i'm a liar if it's any consolation having
been like a analyst and everything before where you make predictions every year no one remembers
what no one just don't remind them no one reminds them as long as you grab the headlines when you
make the prediction no one's going to double check back and see whether you were right or wrong you
only remind them.
No, end of this year, we should actually go back,
see what everyone's predictions were and call out how shit they were.
Yes.
Yeah, let's start with Jab.
No.
Oh, dear.
Yeah, you only reference them when they're right anyway, don't you?
Yeah, of course.
Actually, a couple of years ago i wrote a blog i submitted i think
it's one of those ones and i put out all these predictions and right at the end i disclosed the
fact that they were predictions that i'd copied from a blog post that someone else had written
10 years ago and reading them today they they still seem exactly the same they're just as
applicable nothing really changes in our industry.
Nice one.
So thank you very much, Jad, for this week's...
Billy Big Balls of the Week.
This is the Host Unknown Podcast.
Andy, what time is it?
It's that time of the show where we head over to our news sources over at the InfoSec PA Newswire who have been very busy bringing us the latest and greatest security news from around the globe.
Industry News
NatWest pleads guilty in £400 million money laundering case.
Industry news.
Brewer's token gaffe causes massive PII breach.
Industry news.
Couple arrested over sale of nuclear secrets.
Industry news.
Android phones sharing significant user data without opt-outs.
Industry news.
NCSE CEO says ransomware the most immediate threat facing UK businesses.
Industry news.
Denying women cautioned against sharing nudes.
Industry news.
Crypto romance scam drains $1.4 million
Industry News
Financial regulator warns of hybrid working security risks
Industry News
Met Police loses 2,280 electronic devices in last two years
Industry News
And that was this week's
Industry News years industry news and that was this week's industry news
so andy what are working security risks uh that's a very good question now let me tell you about
hybrid working security risk glad you asked me okay because the Because as we know, the UK's financial regulator, the FCA,
they've just released this new guidance for organizations in the sector
to help them transition securely to hybrid working practices.
And as I read through this article very quickly to try and get the cliff notes,
I really don't know.
You know what?
So I work in the Fca regulated industry and there's one
thing i can tell you is the fca does not tell you what you need to do right it makes very high
level statements very fluffy sort of um you know you need to consider organizational and technical
controls okay and that's as much detail as i go into they won't say this needs to include dlp this
needs to include you know perimeter controls they just don't go into. They won't say, this needs to include DLP. This needs to include perimeter controls.
They just don't go into that level of detail.
You've got quite the echo
going on there.
It's not coming from my side.
I can hear it too. That's my fault.
My mic popped out. One second.
This is terrible.
This is a disaster.
It's an amateur hour over here.
I was just about to say exactly that.
Okay.
Does that sound better?
Let's see.
Yay!
I'll send you my pinky finger in the post.
So is anybody surprised that Android phones share data without their user permission?
What?
No.
phones share data without their user permission what uh no i'm surprised that it doesn't say every phone shares data without yeah yes that's very true that's very true but yeah blimey
sure that's that's something that was ascertained years ago that people have to opt into this stuff
not opt out and you don't share data without permission, you know,
without explicit permission.
Yeah, but it's one of those if they don't know.
Who's going to know?
Who's going to know?
They're never going to know.
Never going to know.
Just like who's going to find out, you know,
that over 2,000 devices have been lost in two years
in one public organisation.
Yeah, it's quite...
I mean, considering the lockdown protocols
that were in place for most of 2020,
it's really hard to understand
how so many end-user devices went missing.
Yeah, yeah, that's right.
And in an organization that is, well, one of its sort of founding principles
is that of security, right?
Surely.
Security and protection of, you know, of people and data as well.
But, yeah, I find it absolutely astounding that that many devices get lost.
And it's only just now headline news.
And even then, it's not BBC News headlines.
It's Host Unknown headlines.
Best thing.
Yeah, that's right.
Yeah. best thing yeah that's right well yeah but actually who's surprised that nat west was found
a high street bank was found complicit in 400 million million money laundering
well any bank right these days yeah i was gonna say we saw this before with uh was it hsbc yes
yeah hsbc barclays, the whole bunch.
Was it Barclays who worked out a system of packing money into certain shaped cubes?
No, that was HSBC in Mexico.
I think they were doing it for the cartel.
Oh, that's right.
Yeah.
Yeah.
But this is like here in the UK.
It's a jeweller's base in Bradford.
And they said, oh, we're going to's a jeweller's base in Bradford. And they said,
oh,
we're going to have a turnover about 15 million a year.
And then they deposited 365 million over the year,
off which 264 million was in cash.
What?
You know,
I try,
if you try to pay for a car, like even if it's a second hand old beat up car
for like 10 000 in cash they have to raise that would they have to flag that yeah and this sums
i'm a man over here in bradford's walking in with like 264 million and like yeah that's fine
even if it's spread out over a year or two years, that's an awful lot of cash.
But he just does, you know,
here's the 100 million in cash I need to deposit and here's the admin fee for you.
Yeah, go up west, buy yourself something nice, love.
Yeah, exactly.
Wow.
Absolutely.
Well, just follow the money, right?
Always about the money.
Oh, dear. Right, well, thank well thank you gentlemen that was this week's
Industry News
this is the podcast
the Queen listens to
although she won't
admit it
Andy
over to you now for our final segment of the show it's not just for kids
celebrities twerkers and people showing off their cars no as seen on tiktok
indeed as seen on tiktok i'm taking this one back to the streets uh so how is your street slang uh jav i know you and me speak
fluent uh street tom how is your street slang if i were to say to you
would you know what i was saying i'd say good afternoon to you young sir excellent and if i
was going to give a shout out to my plug. Do you know who I would be talking about?
Is that the plug that you gave me a refund on according to my bank statement?
No, it's a plug is a dealer on Street Start. And, you know, when I'm talking about the certiest plug around,
do you know what I'm basically saying?
The most certified?
Exactly.
He's the most certified dealer in town.
Oh, I was taking the piss.
No, that's right.
No, no, genuinely.
I mean, yeah.
Yeah, he's got five years experience.
He's got the certification.
He's got the certification.
He maintains his CPUs.
Every year he logs his CPUs.
Continual pushing education.
To education. There you go. he's sat outside of schools yeah you
don't also uh it doesn't always have to be drugs like if you're doing a bit of trafficking in there
as well you can count that towards some of the electives uh in the in the module yeah there's
some class a points you collect class b class c yeah obviously um so you know there's uh other I'll see. Yeah. So,
you know,
there's other freight like
drops loaded
fast or cuts
always on time.
It basically
means that the
dealer is
reliable and
punctual.
So this is
a story.
You may
remember a
story last
year about
Tiger King's
Carol Baskin
being tricked
into recording the shout out for Rolf Harris.
Oh, that's right.
Yeah.
Yes.
That was off the back of seventh, seventh actress Beverly Mitchell giving a shout out to an Australian serial killer, you know, saying that, you know, for your work in picking up hitchhikers, you know, this type of thing.
There was also one about the anniversary of Fred and what's her face?
Rosemary West.
Yeah,
exactly.
So this is people abusing the celebrity messaging app cameo,
which is where you can pay for celebs to,
you know,
record messages on your behalf.
And Brexit conspirator himself, himself mr nigel farage is
not immune to this but that man would do anything for money anyway so he absolutely just he would
he'll read out anything he's given so last week he read out uh some sort of pro ira um you know
statements on his on his cameo are you, yeah, absolutely. He'll actually read out
anything. He is the Ron Burgundy of
cameo.
That's right.
The funny thing, his prices have actually gone up this week.
So now it's £95 for him to record
a video. Wow.
That's Brexit inflation, that is.
Brexit inflation, indeed.
But anyway, I've got a
video, which it's no longer on his cameo,
but obviously it's doing the rounds on TikTok,
where a drug dealer has got him to advertise his wares.
Roll the VT.
Yeah.
Wag one, Aki's.
Shout out to my plug, Ace of Asia.
Serious plug around.
Get your drops loaded fast.
Bring your barks and nations.
Cuts always on time.
Serious ute.
Not going to lie to you, man.
What the fuck?
So now you've got the drug dealer sending this around telegram
or advertising his services saying, you know, I've been endorsed.
This is as big an endorsement as you're going to get, right?
Have we gone back to video deep fakes again?
I'm not sure.
I swear there's a link in the show notes to the actual video he's recorded.
If you look at that account, it's got loads.
He just reads stuff out. If it was anybody other than Farage, I would have thought it might have been a deep fake, show notes to the actual video he's recorded but if you look at that account it's got loads he just
reads stuff out if it was anybody other than farage i would have thought it might have been a
deep fake but yeah that man would do anything for money but uh no absolutely classic and this is
you know well i was saying at the beginning like an analogy of a sequel injection right
where you don't sanitize the input and you just let it run as it is.
Ah, I wondered where that was coming in.
It is indeed. So there's an analogy that actually worked as opposed
to the bank manager calling Jav.
Yeah, I'm still trying to figure that one out.
Yeah, that's right.
That's going to play on my mind today.
So in this analogy, is Farage the sequel injection?
Or is he the dumb?
Right, right.
The message being put, you know, the script being given to him
is the sequel statement.
The dumb, soulless, you know.
He's just running it.
Yeah, exactly.
He's just ticking over in his head.
Excellent.
Thank you very much, Andy, for this week's...
It's not all twerking in booty shorts.
What?
Seen on TikTok.
Well, and that brings us neatly round towards the end.
A little bit of a rollercoaster today.
And some, well, some truly fascinating stories in there.
Oh, speaking of plugs, before we just go,
and not those kinds of plugs, don't snicker.
Are you the surteest of plugs?
This is the surteest of shout-outs I'm going to give.
But, you know, Tom, you have been making some amazing, amazing,
and I mean this genuinely, promotional videos for some of your talks.
And if people aren't on LinkedIn or follow you on Twitter,
you should definitely check out some of his talks.
They're probably more entertaining than the talks.
Than the talk themselves, yeah.
But, you know, and I tell you what,
as one of the original YouTube security people, I was getting a bit jealous.
And then.
And then you watch the actual content.
And then.
You're basically saying the trailers are better than the content.
It's as if someone heard my prayers from above.
And I got an email from the CEO of a company called CL Media Group and saying that
they are taking a year off and maybe you know I would like to work with the genius that that puts
all your stuff together Tom so yes CL stands for Charlie Langford, who is Tom's son,
who is the actual genius behind a lot of the video work.
So if anyone's listening, if you are interested in a promo video,
some media work, some graphic design,
I highly recommend you get in touch with Charlie
because he works wonders with Tom.
I'm sure he can help you out.
He can make me look good.
He is.
He is.
So, Tom, you can put his details in the show notes below.
I think if we can generate some money, some business gain towards him,
he's a young man who's full of energy, full of great ideas,
and his execution is spot on.
Yes.
Thank you.
And the finder's fee is not going to hurt either no
thank you jam and and and honestly that that did come as a surprise you you were you didn't say
you were going to say anything like that at all so uh thank you uh and it's true he does he does
make me look very very good um and he also has a full head of hair, which is just...
Poor guy.
Drives me insane.
Poor guy.
Yeah, but it's going to go at some point.
Exactly.
When he turns 25, it's just going to...
I just feel sorry for him.
I see his hair, and he's just not prepared for what's coming.
He's going to go 90s Bruce Willis really quickly.
Yeah.
Anyway, on that note, thank you very much, folks.
Thank you, Jav, for today and for that extra plug at the end.
No worries.
And Andy, thank you very much.
Stay secure, my friends.
Stay secure.
You've been listening to the Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
The worst episode ever.
r slash Smashing Security.
Is it a competition to see who can stay quiet the longest?
It's Friday then, it's Saturday, Sunday, what?
It's Friday then, it's Saturday, Sunday, what?
It's Friday then, it's Friday, Sunday, what?
Emergency jingle deployed.
Apologies to anyone that listens to this on Monday.
Yeah, that's right it's friday for us
but there was a um oh there's an australian podcast i listened to uh like podcast from
australian radio station they actually have this thing where you're on the radio so if you're quiet
for too long a song kicks in an emergency song kicks in if it doesn't detect any sound
because obviously it's a radio station you can't have that's very good and there was like someone
said something everyone's just so stunned this emergency song just started playing
it's like it's like i just received word my family's died in the car crash and everyone's
quiet and then all of a sudden this song comes on it's right yeah yeah