How not to steal $46 million from the US government

A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn't stirred since 2024 - and within minutes, giant woodpecker images are plastered across the internet's favourite encyclopaedia.

Meanwhile, a crypto contractor hired to help the US Marshals manage seized digital assets allegedly decides to help himself to $46 million of it - and then brags about it on a recorded Telegram call.

Plus: Graham champions Asterix, Trisha discovers the fantasy novels of Robin Hobb, and someone called "Lick" ends up in the nick.

All this, and much more, in episode 458 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Tricia Howard.

EPISODE LINKS:

Major data leak forum dismantled in global action against cybercrime forum - Europol.
Ericsson blames vendor vishing slip-up for breach exposing thousands of records - The Register.
How hackers bypassed MFA with a $120 phishing kit – until law enforcement shut them down - Hot for Security.
Wikipedia hit by self-propagating JavaScript worm that vandalized pages - Bleeping Computer.
FBI arrests crypto thief accused of stealing $46 million from seized government wallet - Tom’s Hardware.
Twitter thread by ZachXBT about John Daghita’s arrest - Twitter.
Asterix - Wikipedia.
Robin Hobb.
The Complete Farseer trilogy - Harper Collins.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
ThreatLocker - Start your free trial and book a demo of ThreatLocker today to see how you can implement Zero Trust in your environment.
Meter - Network infrastructure for the enterprise. Get a free personalised demo.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy

Upptäck Premium

Prova 14 dagar kostnadsfritt

Skaffa Premium

Avsnitt(463)

The hack that brought back the zombie apocalypse

America's airwaves are haunted by zombies again, as we dig into a decade of broadcasters leaving their hardware open to attack, giving hackers the chance to hijack TV shows, blast out fake emergency a...

27 Nov 202540min

We’re sorry. Wait, did a company actually say that?

Stop the press - a company has actually said "sorry" after a data breach, and hotels are helping hackers phish their own guests.In episode 444 of "Smashing Security" we examine a refreshingly honest b...

20 Nov 202555min

Tinder’s camera roll and the Buffett deepfake

Tinder has got a plan to rummage through your camera roll, and Warren Buffett keeps popping up in convincing deepfakes dishing "number one investment tips."Meanwhile, will agentic AI replace your co-h...

13 Nov 202538min

The hack that messed with time, and rogue ransomware negotiators

Time itself comes under attack as a state-backed hacking gang spends two years tunnelling toward a nation’s master clock — with chaos potentially only a tick away.Plus when ransomware negotiators turn...

6 Nov 202538min

Inside the mob's million-dollar poker hack, and a Formula 1 fumble

Basketball stars have allegedly joined forces with the mafia to fleece high-rollers in a poker scam involving hacked shufflers, covert cameras, and an X-ray card table.Meanwhile, researchers have foun...

30 Okt 202540min

How to hack a prison, and the hidden threat of online checkouts

A literal insider threat: we head to a Romanian prison where “self-service” web kiosks allowed inmates to run wild. Then we head to the checkout aisle to ask why JavaScript on payment pages went feral...

22 Okt 202544min

A breach, a burnout, and a bit of Fleetwood Mac

A critical infrastructure hack hits the headlines - involving default passwords, boasts on Telegram, and a finale that will make a few cyber-crooks wish the ground would swallow them whole. Meanwhile ...

15 Okt 202545min

When your mouse turns snitch, and hackers grow a conscience

Your computer's mouse might not be as innocent as it looks - and one ransomware crew has a crisis of conscience that nobody saw coming.We talk about how something as ordinary as a web page could turn ...

8 Okt 202542min

Allt en och samma app

Lyssna på dina favoritpoddar och ljudböcker på ett och samma ställe.

Noga utvalt innehåll

Njut av handplockade tips som passar din smak – utan ändlöst scrollande.

Fortsätt när du vill

Fortsätt lyssna där du slutade – även offline.

Premium

99 kr/ månad

Tillgång till alla Premium-poddar
Reklamfritt premium-innehåll
Avsluta när du vill

Prova 14 dagar gratis

Premium

129 kr/ månad

Tillgång till alla Premium-poddar
Reklamfritt premium-innehåll
Avsluta när du vill
Ett extra konto

Prova 14 dagar gratis

Populärt inom Politik & nyheter

Berättelserna och rösterna du älskar att lyssna på

Obegränsad lyssning på alla dina favoritpoddar och ljudböcker

Upptäck Premium