Whopper Hackers, and AI Whoppers

A YouTuber has unleashed an innovative AI bot army to disrupt and outwit the world of online scammers, and a New York Times investigation looks into the intricate web of global money laundering.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:O2’s AI granny Daisy unveils what she’s learnt from her time on the phone to scammers – and what you can do to ruin their day - O2.Lenny - The Telemarketing Troll.I Built a Bot Army that Scams Scammers - Kitboga on YouTube.Takeaways From Our Money Laundering Investigation - The New York Times.Infiltrating scammer networks with the world’s top fraud fighters - YouTube.Open Street Map - Open Street Map.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before. 1Password Extended Access Management – Secure every sign-in for every app on every device.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

26 Mars 33min

In episode 409 of the "Smashing Security" podcast, we uncover the curious case of the Chinese cyber-attack on Littleton's Electric Light Company, and a California landlord's hidden camera scandal. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:This is the FBI, open up. China's Volt Typhoon is on your network - The Register.Landlord recorded nude videos of woman tenant with cameras hidden in bedroom smoke detectors, lawsuit says - The Independent.Landlord arrested after tenant discovers hidden camera in rented room - PBSO.Hidden Cameras: What Travelers Need to Know - The New York Times.Shakespeare insults t-shirt - Royal Shakespeare Company.OAS Exhibitions - Oxford Art Society.Carole’s “Rusty Sage” - Bluesky.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before. Acronis Threat Research Unit - Your secret weapon against cyber attacks. Access the reports now.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

19 Mars 35min

What happens when a healthcare giant’s legal threats ignite a Streisand Effect wildfire… while a ransomware gang appears to ditch the dark web for postage stamps?Find out about this, and more, in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:'We wanted to help': Students arrested after exposing FreeHour security flaw - Times of Malta.Medusa ransomware gang demands $2M from UK private health services provider - DataBreaches.net.Medusa Unveils Another 50TB of Stolen Data from HCRG Care Group, Giving Greater Insight Into the Scope of the Breach - DataBreaches.net.HCRG Care’s lawyers claimed an injunction issued in a “private” hearing required us to remove two posts. We didn’t comply - DataBreaches.net.Security firm leaves more than five billion records exposed on unsecured database - Graham Cluley.After threatening me with legal action, Keepnet Labs finally issues statement over data breach - Graham Cluley.Sophos apologises for going legal on school techies - The Register.Mail Scam Targeting Corporate Executives Claims Ties to Ransomware - IC3.One of the nastiest ransomware groups around may have a whole new way of doing things - TechRadar.Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear - GuidePoint Security.Severance - Apple TV+.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:1Password Extended Access Management – Secure every sign-in for every app on every device.Palo Alto Networks - Get the 2025 Unit 42 Global Incident Response report to discover emerging threat trends, attacker tactics and expert recommendations to safeguard your business.Tripwire Enterprise - Set up a demo of Tripwire Enterprise to see how you can simultaneously harden your systems and automate compliance. SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

12 Mars 32min

Journey with us to Myanmar's shadowy scam factories, where trafficked workers are forced to run romance-baiting and fake tech support scams, and find out why a company's mandatory hold time for tech support could lead to innocent users having their computers compromised.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Plus - don't miss our featured interview with Acronis CISO Gerald Beuchelt!Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:HP deliberately adds 15 minutes waiting time for telephone support calls - The Register.HP mandated 15-minute wait time for callers - why that was good news for criminals - Bob Sullivan.How vulnerable people are trafficked to fuel a global cyber scam industry - ABC News.Hundreds of foreigners freed from Myanmar's scam centres - BBC News.'I need help': Freed from Myanmar's scam centres, thousands are now stranded - BBC News.Some foreigners pulled out of Myanmar scam centres face struggle to get home - Yahoo! News.'Pig Butchering' Scam: How China's 'Broken Tooth' stole over $75 bn from global investors using crypto currencies - The Economic Times.Scunthorpe problem - Wikipedia.Scunthorpe Sans font.Sociopath: A Memoir by Patric Gagne - Goodreads.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Acronis - Integrated cybersecurity, data protection and endpoint management built for MSPs.Threat Vector - The podcast from Palo Alto Networks that gives you timely analysis of current security trends and challenges.Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before. SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

5 Mars 53min

We explore how the cryptocurrency exchange Bybit has been hacked to the jaw-dropping tune of $1.5 billion, and we look at what is being done to better defend women and girls' safety online.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Incident Update: Unauthorized Activity Involving ETH Cold Wallet - Bybit.Bybit Launches Recovery Bounty Program with Rewards up to 10% of Stolen Funds - Bybit.ZachXBT links Bybit hack to Lazarus Group - Twitter.Online Safety Act: explainer - GOV.UKThese Are The 10 Most Complained-About TV Moments In Ofcom's History - Ofcom. Ofcom to push for better age verification, filters and 40 other checks in new online child safety code - TechCrunch.UK’s internet watchdog toughens approach to deepfake porn - TechCrunch.Girlguiding research exposes alarming online harms facing girls - Charity Today News.Ofcom's approach to implementing the Online Safety Act - Ofcom. Women's abuse online: 'I get trolled every second, every day' - BBC. Amanda’s funniest moments in Motherland - YouTube.Amandaland - BBC iPlayer.Cassandra Sci-Fi Thriller limited series - Netflix. Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.Scanner.dev provides a new technology offering fast search and threat detections for security data in S3 helping teams reduce the total cost of ownership of their SIEM by up to 90%. Try the interactive playground at scanner.dev/demoSUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

26 Feb 32min

From shadowy Bitcoin exchanges to Interpol’s most wanted, Alexander Vinnik was the alleged kingpin behind BTC-e, a $4bn crypto laundering empire. Learn more about him, and how he became a geopolitical pawn between the US, France, and Russia. Plus! Hear how concert-goers are being warned about a swathe of scams hitting stadiums and arenas around the world.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.PLUS! Don't miss our featured interview with Cliff Crosland of Scanner.devWarning: This podcast may contain nuts, adult themes, and rude language.Episode links:Russian National And Bitcoin Exchange Charged In 21-Count Indictment For Operating Alleged International Money Laundering Scheme And Allegedly Laundering Funds From Hack Of Mt. Gox - US Dept of Justice.BTC-e Operator Pleads Guilty to Money Laundering Conspiracy - US Dept of Justice.US releases Russian cybercriminal as part of exchange for teacher Marc Fogel - The Guardian.Lloyds Bank issues urgent warning over Taylor Swift ticket scams - Lloyds.Warning after more than 120k people queue for Black Sabbath Villa Park tickets as fans say 'scam' - Birmingham Live.‘Don’t buy tickets for Beyoncé’ - Minister Gayton McKenzie warns South Africans of concert scam - Independent Online.Beyonce Cowboy Carter tour fake tickets scam: Ticketmaster warns fans - USA Today.Singapore ticket scam queen jailed for three years after conning 76 Taylor Swift fans of S$110,000 - Malaysia News. Did Ozzy Osbourne really eat a bat? - Rock and Roll Garage.How to stop hiccups - Graham Cluley.The Telepathy Tapes podcast.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.Scanner.dev provides a new technology offering fast search and threat detections for security data in S3 helping teams reduce the total cost of ownership of their SIEM by up to 90%. Try the interactive playground at scanner.dev/demoHarmonic - Stop data leaks, not innovation. Zero-touch data protection for the GenAI era.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

19 Feb 51min

The story of how hackers managed to compromise the US Government's official SEC Twitter account to boost the price of Bitcoins, AI isn't helping reduce the rife conspiracy theories inside classrooms, and is the funeral bell tolling for ransomware?All this and more is discussed in episode 404 of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Jane Wakefield.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:SEC's Twitter account hacked to say Bitcoin ETFs approved - Hot for Security.Twitter says it’s not its fault the SEC’s account got hacked - Graham Cluley.SEC Twitter hack blamed on SIM swap attack - Hot for Security.The SEC’s X account got hacked by a 25-year-old who went by ‘AGiantSchnauzer’ and got paid in Bitcoin, feds say - Fortune.Pupils share conspiracy theories for fun, with girls ‘more susceptible’ - The Times.AI chatbots unable to accurately summarise news, BBC finds - BBC News.US-led cybersecurity coalition vows to not pay hackers' ransom demands - TechCrunch.35% Year-over-Year Decrease in Ransomware Payments, Less than Half of Recorded Incidents Resulted in Victim Payments - Chain Analysis.Ransomware: proposals to increase incident reporting and reduce payments to criminals - GOV.UK.The 2024 Ransomware Landscape: ‘Looking back on another painful year’ - IT Wire.The Space Doctor’s Big Idea by Randall Munroe - The New Yorker.Reading guide: Creation Lake by Rachel Kushner - Booker Prizes.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.Tripwire Enterprise - Set up a demo of Tripwire Enterprise to see how you can simultaneously harden your systems and automate compliance. Scanner.dev provides a new technology offering fast search and threat detections for security data in S3 helping teams reduce the total cost of ownership of their SIEM by up to 90%. Try the interactive playground at scanner.dev/demoSUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

12 Feb 50min

In episode 403 of "Smashing Security" we dive into the mystery of $65 million vanishing from Coinbase users faster than J-Lo slipped into Graham's DMs, Geoff gives a poor grade for PowerSchool's security, and Carole takes a curious look at QR codes.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist's Geoff White.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:ZachXBT’s thread - Twitter.Coinbase employee tells users not to use a VPN or ad blocker - Twitter.What PowerSchool won’t say about its data breach affecting millions of students - TechCrunch.QR code - Wikipedia.Reed–Solomon error correction - Wikipedia.Urgent warning over QR code scam tricking drivers out of £100s at popular car parks - Express.Scam alert: QR code on an unexpected package - Consumer AdviceNew Star Blizzard spear-phishing campaign targets WhatsApp accounts - Microsoft Security Blog.What You Must Know Before Scanning a QR Code - AARP.“More” - Niall Conlon.“Money Men” by Dan McCrum - Penguin Books.Bitter Orange Marmalade Recipe - Ballymaloe Cooking School.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Tailscale – Tailscale is perfect for work or personal projects, making networking simple. Its free plan covers up to 100 devices and 3 users. Get started at tailscale.com and be up and running in less than 10 minutes!1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.Cortex Symphony 2025 - Ready to transform your cybersecurity? Register now to see the future of security innovation with exclusive insights, demos, and stories from pros.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

5 Feb 50min