Who needs a laptop to hack when you have a Firestick?
01:02:36 Share

How do you think that goes down with his fellow hackers?

I think they love. I love IT. I've been holding this.

wait. I want to be authentic. I want to to be me.

Thank you so much.

Smashing security episode three hundred and ninety three who needs a laptop to hack when you have a fires? Stick with Carol tario and gram. I, hello, I welcome to curate at three hundred and my names.

and i'm Carol tario and co. We are .

joined today by a special guest. We have it's been so .

long since we've had a guest and I am so thrill that don't have to just speak with you this week.

Tell me like and general please to announce yes is your magnanimous orate mr. Tom lang food tom, you're still with us.

That's great news, and it's so nice to be called .

special again. We are very, very glad you're here. tom. You're gonna give us a little bit of jot of energy .

that we desperately need. Yeah, yeah. I think so.

But first, let's think this week's wonderful sponsors, one password, fanta and blackberry, it's their support that helps us give you this show for free. Now coming up today, show gram.

what do you got? I'm going to explain how a life and death emergency and leads to fourteen million dollars.

Okay.

what about you time? I'm gonna be talking about the dangers of being a cat, ona.

and i'm gonna be talking about twenty three, and me, and you, and you, and you, and you and you. Plus, we have a featured interview with paul fire from blackberry, who's gonna tell us how we can keep the lines of communication open. Even and the worst natural or man made disasters, all this and much were coming up on this episode of smashing security.

Now, chm jump is quick question. food. Did you have a job as a teenager? Tom, where you ever a teenager?

Um yeah, a long time ago, right? Yeah, I did. As a late teenager, I worked in room service in a park line.

Hotel is down. You must have some stories regarding that. Oh, you know how many shifts you were paid back?

The hundred ten pounds a week.

right? OK, you have like to have made fourteen million dollars A K. So in total, in total.

well, in total, I mean, it's a little bit. But yeah.

I know what about you? Course.

I worked my whole life. I worked from the age of fourteen, got fired for my first job, actually, was that .

when you worked .

to be a dad? Yeah.

well, i'm gonna tell you today the story of one teenager actually living near us in oxford, U. K. His name is arian cartage and how he made his fortune.

And maybe we can all learn a lesson or two from that. We may not want follow in his footsteps. So in twenty twenty one, this Youngster, he was about sixteen years old. He was part of a hacking group that broke into electronic arts. They stole seven hundred and eighty gigabytes of data.

And wow, okay, this is right. The middle of the pandemics. So everyone else is sitting at home rocking, going so lonely. I and I.

video games, and that suddenly people are hacking the video games companies and the stolen data was dumped online. And he didn't actually take long for kurdish to be identified. His name was provided to the FBI.

And we're get a hint test to what was going on in the background little bit later. But curtains on others then hacked other companies, including bt british telecom, to mounted a four million dollar ransom. So just pretty serious stuff there. You know, it's not just the basement is not just a deus. This is stealing data, demanding money and going .

after some big dogs for the money as well.

right? And they were finding ways to actually monitise this data, which had been stolen. So um victims some of them found themself sim swapped. One of the victims was a guy cle Daniel shanta.

He told the press how he landed a he throwed airport had been on holiday in mexico at, and he landed in the pending the generally twenty twenty two this was so he landed that he throw ten on his mobile phone, wouldn't connect and he thought was of IT frustration, got himself a new sim card, didn't work either. And eventually he managed to logged into his coin base script currency account. And rather than finds the forty five thousand he was expecting to find in there, he actually found instead fifty two pens.

Maybe you should just quickly explain swap.

So some swap is where hackers most trick a mobile phone company into thinking that they own a particular mobile phone number rather than you. So your mobile phone number is basically stolen from you, which means that when a company or service or an online account may be text to a message or send your authentically code, IT doesn't go to your phone IT now goes to a the hackers phone who somehow hijacked your phone number. And sometimes that's done with social engineering, where they ring up the phone company and say, all i've lost my phone, I need my phone number switch to this new thing other times they can actually have paid someone corrupt inside the phone company to assist them in doing this.

Yeah perfect. Very well.

thanks. Thank you very much. Cartage was a member called lapses. And do you member lapses?

Yeah yeah.

Ah is self name or was this named by one of those companies that likes to pull random words out?

I think IT was actually self meant because IT was a lap with a dollar sign on the end. And I can't believe any gito mate side security company would have created such an irritating name because .

that's that proper hacking.

But exactly you. So let's put a dollar in that. One of the organizations they had was brazil ministry of health, and they deleted the country's database of COVID vaccinations.

It's outrage is just more than anything else.

shits and gaggles and .

lots of bachelor harm.

This guy kerith, november twenty twenty one, he took over a cycled dog spin that wasn't because he hacked. He bought the site. So ducks spin.

Don't if you ever encounter IT. It's a site where hackers publish each others personal information. They they publish each other's personal information to intimidation their rivals that hackers don't always get along right. And so you can understand that hackers have rivalries and hackers want to put down other hackers so they find out about each other and say, here's all the information .

about this hack of facebook.

yes. yeah. Linked team. And there's all the information and you think all chromes, there's my address, there's my photographs cartage bought this for seventy five thousand dollars. Not not a bad little thing to buy yourself when you're sixteen years old, which he was at the time a lot of longer.

But I guess you get a lot of jump .

change he could spend. He was making money because of these .

currency transactions, making coin as the kids.

So he took over management of the site. They turned out he wasn't very good at running IT wasn't a very good manager. I'm sure some of us can identity with that as well.

I'm sure they could go.

But people they didn't like him run in the site. And eventually he was convinced to sell IT back to the original loners, so sold IT back. And so okay, you take IT over then. If people don't like the way i'm run, but this cartage guy took the info, you downloaded .

the database of .

everyone use the names, that password, that email dresses cost would what do you think he does?

Makes his own site yeah publishes .

all this everyone who's a member of doxy, an absolute gold mine for CBA crime investigators. wow. Now how do you think that goes down with this fellow hackers?

I think they love IT. I love IT. I've been holding this weight.

I want to be authentic. I want to be me. And you've pushed me over the brink, thinking so much.

I hate IT being called closed to my bag. Boy, I want my real name to be out there.

I think nothing speaks more like a petulant teenager than buying and selling a hacker website and then publishing everybody's details. I mean, that's just a teenager basically just granted, and so and and slam in the door, but money.

So unsurprisingly, hackers then published kurtas hes own details, not just this email address, but also photos of him, where he goes to school, his home address, where his family. I think that .

was possible if you think he didn't even occurred.

I know he's sixteen. I know brain well.

will be looking more into his brain. So he was then arrested by U. K.

Police for the B. T. Hack, right? He got arrested in january twenty twenty two.

They sees his phones, but because he's only sixteen, they released him, right? They can't put him in remand. You don't put Young people that Young, typically into a mt.

And within a month, the lapsus gang had hacked someone else that hacked in video, the chicken people, the people who behind all the crypt to currency money. They still credentials for two of their contractors. They got past multi factor authentication.

Again, may be by doing this sim swap. They released A T gig about the data. They demanded a ransom.

And then they take on the big guns. They take on microsoft. They have microsoft. They have some sung in the list, goes on and on and on. And one of the ways in which the hackers who are able to break into account, one of the ways in which they're able to sim swap people right and get past multipactor al authentication, was through these things. Could E D R.

no idea what that is?

okay. Emergency data request. These are illegal mechanism through which law enforcement agencies, typically in the united states, can obtain information from social networks, telephone companies, the internet service providers in life and death emergencies.

Or the police claim there's going to be some terrorist activity or someone's gonna die. We need a number now. We need these details now.

So so we are false tracking rather than taking at a sepa, is a way of file tracking the information to get IT out of companies. Okay, okay. So what the hackers do was they posed as police in law enforcement.

Go to the tech companies instead. We need the details. We need the phone. Number of this particular personnel who runs this website .

was IT like two teenagers in in like a long police coat.

S on the shoulder at the other, exactly.

We are the police doing the business.

And in some cases, they'd actually hacked the police accounts in order to send the messages through the police's own portal to these tech companies. So to the tech companies, IT IT .

really looked like, yeah.

And so they were handing over the information in a quick fashion. And with that, they were unable to trick the cell phone companies, as we described, to let them grab the same number to .

the there must have been warns involved in stuff. I mean, it's it's the panic thing that stops companies from actually doing their .

due diligence emergency that a bomb.

which is imagine Bruce will.

it's that kind of situation.

My husband would .

swing tom creigh in mission impossible. He doesn't bother with sap, as in the people .

was down from the sky.

Jack bowl missed the president. I to speak to the president .

the more cup .

so the FBI right now says there has been a huge rise in the number of underground foreign sts, which are offering to coach people on how to steal data through this fragile ent emergency data request for isn't as those one hundred dollars, you can find out how to do this. And the hackers are loving IT. And this is one of the things that the lapses again were doing. They were even offering twenty thousand dollars a week to employees of mobile phone companies who would help them take over a mobile phone number.

Oh my god.

what beats hundred and ten qua week?

So the police arrested her charge again. right? Theyve arrested in once. And then these other companies have have.

And how old does he now? Seventeen with peach first.

I think he's not quite seventeen years, but yeah, he is still very he said to have missed a bit coin fortune worth approximate fourteen million dollars by now that would be worth a lot more. And his dad was actually interviewed by the press at the time and they said, we know we are hoping to keep him off computers. He's never talked about hacking.

He's very good on computers. Spend a lot time of them. I also thought is playing games. He said, we're gonna try to stop him from getting on computers. And so he was released.

Okay, so weird. I would just assume that as part of his arrest, IT would be yet not a lot computers dude, your obvious reasons, like touch one in your in jail.

I need IT for a school work.

It's been released again on conditioning stays of computers. But remember, he was docked. And over the next few months, someone threw bricks through the window.

His family home just outside oxford, his mother's car was smashed up. And this is a weird thing. A bag of chicken was mystery. Sly delivered to his house.

And sure, IT wasn't .

delivering a new greeks.

Yeah, I have a delivery.

I mean, there was even said to be a plots from hackers to still crippled out from him. So the police decide he needs protection because he's even though he you know suspected of been up to know good, he needs protection from other criminals. And so he was booked into the travel lodge.

Okay, so now we know where the oxford police service put people when they want to protect them.

And people think this is a nice, sleepy old county, oxford ure, but actually, look what's going on. Okay.

thereafter uba got hacked. I don't. If he's that the chicken delivery, their internal slack got hacked.

Someone post the link to an erect penis to that slack. you. And then a couple of days later, rockstar games that make us a grand pith auto.

Someone still clips from them for granted to to six, which hasn't been released yet. So the police are in what is going on. So they going visit him at the travel lodge in room this, this take LED me.

The room number was in fifteen of. They're put IT. They're in in the end, you do diligence on the story.

Right now I have I actually found out which travel logit was. All I had was a photograph. I did a reverse google search and found that I was the travel lodge.

Now they didn't find a computer with him, but they found an amazon festive plugged into his TV and a keyboard and mass. And what he done is to the faster he downloaded the silk browser, and from there he'd been able to hat. You've got to admire, in some ways this guy is to.

or is completely .

addicted, is addicted, is absolutely addicted.

is know to do. And he's smart enough to know all the work rounds and he's too Young to, you know.

And his parents have convinced him in these multiple arrests haven't stopped him to. So he was arrested again, of course, and he did have his day in court, but judge heard medical evidence which said that he was highly autistic and that he didn't understand the difference between good and bad. And in fact, the jury were ordered not to adjudicate as to whether he had intended commit crime or not. They said he wasn't capable of making that decision. They only had to determine whether he had committed .

the alleged tax when he knew that forty .

million in bitcoin was yeah and his defense team, they argued, while releasing the G, T. A six trailer, the video game trailer ahead of time that actually helped with the promotion of the game. And so IT haven't caused them any hub the games developed as rockstar games, they said, cost us five million dollars actually yeah ah the end result is he has been confined to a secure mental health.

Wood is being put a secure hospital indefinitely until doctors decide he's no longer a danger to the public. So he's probably gonna there for a while. Interestingly, apparently the hospital ward does have computers in the common areas.

Whether he's gone to access them or not, who knows? But is an interesting case. Isn't IT what what should happen to people who have such severe autism? They can't be kept off their computers. They don't necessarily understand right and wrong. Was this a good way to deal with this guy or not? I tend to think, well, in the absence of anything else, maybe this was the right thing to do with him, but obvious ly companies and individuals have lost you huge amounts of money as a result of this guy's actions.

He certainly needs some therapy. There's no doubt about IT whatever form that would help him here. here. It's also have to you have to be held accountable to one degree or another.

How could the parents not notice if he has extreme severe tis?

He was attending a special needs school for many years. So I think there had been a lot of chAllenges with his up, bring his parents that split up. They are taken him at school after they're been some violent instance in trouble like that and then taken to the special needs school.

There's some nice context at the end.

Well, well, i'm telling you about the crime, and then i'm telling you .

about him himself in which the mitigating .

circumstances that is not always black and White h and IT is complicated. IT is interesting. How many people who have been charged, particularly teenagers who've got involved in cybercrime, have been determined to have autistics traits? But .

market, for instance, is that as per he has that was taken into yeah but .

not everyone with autism with technical traits goes down .

this type of route. Sometimes security.

Don't watch your story for us this week.

So either of you a lover of cats.

I don't have a cats at the moment. I have had cats. I like cats.

Oh, I love cats. Cats are cool.

Cats are absolutely and bengal. Al, cats, the most real of cats.

what a bengal cats, just tell.

Give me an idea what I can tell you, because my cat is got a slight bing thing. They tend to have a spots. They looked at parity. They're very long and they're very strong. So they can actually jump really high and they can kick the of most cat, apparently they're are on the only cats that are seme feral, so they're very difficult .

to tame and make a bang .

in curry as an .

ingredient. So if you're in australia, you might want to find out because australia's got all sorts of weird rules when IT comes to IT, Flora and former and animals and all that sort of think we might want to know if it's legal to own a bengal cat in australia if you need license for IT.

So what might one type into google in that case? So things like maybe r bo cats legal in australia, or even do you need a license to own a bengal cat in australia and you would get some responses back, right? And you would click on, said responsible on, and do what he says to find out. So apparently this been a cyber current podcast, not a cat podcast. Apparent yes, it's criminals out there have been using a critical dude loader um which what IT does is its manipulates search engine optimization seo this is so is what companies used to basically trying get there products as higher possible in google or that duck goes or beings responses .

in mid waves doing IT key words, paying money .

states as much technologies in these dark arts yeah no and .

it's one of the worst .

things on the internet .

that's it's just horrible.

It's a constant zero some game.

At the end of the day, the only worst thing that missing around where S O is to meet an seo consulting is just every of all because how do .

you know there are an sco consult?

Because that keeps same word over and over again and simple that exactly .

yes exactly so so what this does is when people search specifically for bengal cats in australia sea, a specific series of links are marked very highly in the S. C. O. Victims are often enticed into clicking on these links are which are disguised as legitimate marketing or legitimate google searches ah but is actually malicious Edward uh and IT directs them to a compromised website. The hosts a malicious pale oed mashurina as the desired file so IT might say, download dish handy document to find out .

about is this like in the sponsored area? Typically of searches are .

just near the top of a Normal .

best results for your request. This is the number one responded google or whatever searched and you're .

using to go to that compromised website and download a file because here's your handy cut out and keep fill in this application form for your, you know much love, bengal's cat and seta. This payload is delivered and is a small way that sits on the machine, but nothing happens initially. But if that nowhere remains there undetected for a while, IT then goes on and downloads the second stage, pye wed, known as the good kit. I'm just love these names, which is a highly invasive ve information stealer and remote access children or rat. What IT does is IT establishes a persistent foot hold on the users computer and networking one, and anything else can IT can reach out and talk to.

So in your desire for a cat, you ve ended up with a rat.

indeed. indeed. I see what you've done. That gram, I go and tell .

what you are. professional. Very good.

IT was. But this good kit can only be used to deploy ransom where or other tools, including drumle cobo strike for follow on exploited tions. So what I find absolutely fascinating about this is, is this the tip of the iceberg? Or is there a criminal who just happens to love bengal cats and finds IT highly amusing that when people search for bengal cats in australia that he's trying to compromise their their machines.

all you're thinking of like a .

blow fell time is IT. Is IT a cat breeder who's been spent by the cat breeding community and wants to spread some kind of awful cat based or rat based mail way out there? It's either very, very specific or utterly random, and I think it's gonna a little while.

First for now, I looked at, I looked to, uh, the software website that actually broke this story. Uh, and I got lost. I thought I did not understand how the stuff they were talking about the above, my technology, great. But if someone has put a vast amount of effort into this to try use potential bengal cat owners in australia's computers to launch, or and somewhere attacks elsewhere in the network.

now they could change IT easily from .

bengal cats, could not sure.

So I think if I was targeting new tom for rent, ince had to use some sort of lego 乐。 Yeah, that's to one thousand seventy space. Like I would choose .

something else, but nothing I on the show.

Grow what chill story .

first this week, let's say hello to uncle anon. OK uncle anon once retired, okay, got to spend all his free time looking up into his family history, his family tree and all that, and was thrilled when he learned about genetic testing companies because they could help and find long last family. okay? Yes, so, so he signs up for one of repute, twenty three and me. And to make sure you remember this log, and he cleverly used to his trusted username and password, and one eight, one, two, three, and and one, eight, three, two, one, now, and sent off his DNA and eagerly awaited the result, arrive like he wanted to know, like, was his weird obsession with dogs actually in his DNA, or which side of his family rewarded him with boldness?

At eight, twenty nine, so so twenty three and me have this amazing feature called DNA relative finder and it's included in the twenty three and me kit, which also includes ancestry reports, family tree and trade reports and the idea or what they sell IT as as you get personalized genetic insight to take action on your health, people like anon connect with distant relatives, you know, including his knights, who are call the mary. Now, demary works in cyber security and has never gone on these sites, right? Because he sees this as a security issue OK. But through one called antons family investigations.

he used my pet name again.

Some genetic and health history data of demary became available on the site. Dr, having never access the genetic testing site was none the wiser. SHE doesn't know no until he gets a message on her socials from some strangers saying he cus were related. So we've talked about twenty three and me before, but a year ago, in fact, two guys remember why we brought IT up because, tom, you must remember.

you listen every episode data.

And there was a problem with this particular part of twenty three, and me wasn't there. This this thing which allowed you to connect with other .

people is quite invisible. Yeah.

IT was a way in which people were able to find out information about other people. So even if they hacked t one account, they are they able to grab information about .

other people too, a bit like facebooks shadow database of people who aren't on facebook.

exactly. yeah. So let me IT go back. Yes, the experience of big data breach loads of user data was leaked and appeared on breach forms.

yes. And IT was attributed to credential stuffing. So basically, antons password, a username weren't that difficult to crack, and you'd also used them on many other sites right across the web. So not only was uncle anon data compromise, but people connected to him who hadn't shared their DNA with twenty three and me, people like the mary, were also at risk. Now at the time, twenty three and me said, look, users, could you just not reuse passwords, use some multifactorial entice ation know this wouldn't happen otherwise .

it's all your foot you dumb uses you're the one who handled this badly. Yeah.

exactly. But last month, twenty three and me was made to pay up for this breach. And one of the issues was that twenty three and me seem to have fail to alert customers with chinese and sonoy juice ancestry, yes, that the hacker appeared to specifically target and then posted their information for sale in the dark web.

So are slows the links that shown to want to read more about this listeners. But in short, in short, twenty three and me or ask to pay thirty million for fAiling to protect the privacy of six point nine million people whose personal information was exposed in a data breach last year. One point five million of those were never customers of twenty three and me, well, so people like the mary, but that's not the end of the story because as a result of this entire fisco, twenty three and me feeling the financial pinch, yeah and it's more than a pinch.

It's more like a wallop across the fat chops because the share Prices fAllen in more than seventy percent this year. In september, seven of the twenty three and me eight strong board resigned, citing they had not received a satisfactory buyout. And just today, the day recording DNA testing site, twenty three meat is to lay off forty percent of its workers, or two hundred employees as IT struggles for survival and also its halting work on therapies. It's been developing some for years.

I mean, it's not looking good for twenty three. Meet too, is IT IT looks like facing bankruptcy. You have to want that how they gonna some money.

either going to a sell themselves, in which case the data goes to someone else. You can then start changing things, or they're na ll date.

This is permanent information. DNA stuff, not stuff you can actually mess around within.

change up. You can change your DNA. You can change your password.

And who might this be very valuable? For example, authorities with love this information .

with in the health insurance companies.

Health insurance companies would love this information. Big farmer.

what about an evil enemy state which was developing a biological weapon, who wanted to knock out .

pod casters getting .

i've getting little a bit James bond with this. I'm getting conspiratorial.

But here this is the big clinch of unlike medical information, yes, the type of genetic data collected by companies like twenty three and me are not covered by hippa limiting legal records for affected users.

How is that not covered by hippo is the most personal of medical information.

right? And this was based on a very recent article just in the atlantic against lino uts. So apparently twenty three and me does comply with GDP r in the E. U, which has stricter privacy protections and heavy penalties for breaches. And kind of say, as a final word, as you gotta love the GDP r right words in all, yeah, I know there's a few words in IT, but you had gotten love the GDP r so for all you need stairs .

out there and next time someone invite you, just spit into a test tube and put IT in the bus to them. Maybe things just .

to choose for me. Yeah.

but can I just like, I don't know, I was thinking about that like you are a bit of paranoid sort. You may not your DNA to go anywhere. You over a friend silence st. You're like, no, not drinking anything.

No, I bringing my .

own glass about.

My own go.

Wouldn't IT be nice to have secure communications through a critical event, be at a cyber attack and extreme weather event, or even civil unrest? Wouldn't IT be nice to know that you are communicating to the right people so you can deploy resources to areas where they are most needed? And wouldn't IT be nice to have all this delivered out of band so there is continued communication even if your own infrastructure is compromised.

The answer is yes. yes. IT would say hello to blackberry.

Thank you, sweet. Certified to meet the highest security requirements. Thank you. Sweet protects against threats to enterprise and local and national security by enabling secure communications on conventional mobile devices with blackberry seq, sweet employees can make secure phone calls, exchange secure messages, including group chats on the devices the bay already Carry. How good is that? Find out more at smashing security dot com slash blackberry and things to blackberry for.

Swing the show, whether austerity nor scaling your company's security program, demonstrate in top note security practice and establishing trust is more important than ever. Venter automates complaints for sock to, I saw twenty seven O O one and more, saving you time and money while helping you build customer trust.

Plus, you can stream line security reviews by automating questionnaire and demonstrating your security posture of a customer facing trust center, all powered by venture ai. Over seven thousand global companies like at asian flow health and cora use water to manage risk and prove security in real time. Get one thousand dollars of venter when you go to venter dot com slash slashing n that's venter dot com flash smashing.

But one thousand dollars of. Quick question. Do your end users always and I mean, always, without exception, work on company owned the devices and IT approved apps? I didn't think so.

So my next question is, how do you keep your company's data safe when it's sitting on all of those and devices? Well, one passport has an answered this question, and it's called extended access management. One password.

Extended access management helps you secure every signing that every APP on every device. Because IT solves the problems, traditional im and m, dm can't touch. Go and check that out for yourself at one password dot com slash smashing. That's one password dot com slash machine. And thanks to the folks of one password, the support in the shed, i'm welcome back and you join us our favorite part of the show, the part of the show that we like to call, pick of the week.

take the week, pick of the week.

pick of the week, is about the show.

Everyone is so like a funny story, a books that they're A T, V, show, a movie, a record to podcast, a website or an APP, whatever they wish. IT doesn't have to be security related .

necessarily. Well.

pick of the week. This week is not security related to thank one of our listeners actually. Listen a William brought .

this to my attention. yeah.

Thanks for the IT is a webcast cle Y Y T C H Y T C H dot X Y Z that's easy to remember. And this is, well, imagine what youtube would be like if I actually mimic what IT was like to turn on your television. Back in the nineteen eighties, just had a hand full of channels.

You could just jump, jump, change between them. You couldn't stream anything instantly. There was no T, V on demand.

That is what this website is like. Now, guys, I sent you the link before the podcast so you could, you could try IT out time. What did you think?

You know, I was really confused at first, which is is a fairly Normal state of being, you know, for me, but but lonely. I thought this is, this is really quite cool. I I could see myself basically spending hours clicking .

the .

channel button every two, three minutes.

And so is this just tied up with like something like youtube and just grabbing them at random or so?

It's got thirty nine channels. So there are channels about, you know, food. This change is about comedy or cars or using politics or movies, something like that. And you just change your channel and it'll be whereever IT is during that video at that time as though you're watching old tile TV, there's no ads. Oh my goodness, how wonderful is that?

So like the BBC in the seventies.

there's a bit of static on the screen when you change the channel or and .

you can choose your channel. I can i'm looking at IT now. You can say, oh, i'd like a food channel oh yeah, you click on IT, you have to go to the channel channel.

You actually have to go up and down. Yeah, you can't type in a number or anything. peroni.

I love channel twenty three, which is chess. Twenty four hours of chess up a math, fantastic. But .

channel nine.

channel nine is cars. I can see the is there right now. There's classical music.

is a very good fine gram.

Thanks to William for telling me about IT.

Yeah, is this your way? Ve seen that next week's podcast is going to be very late.

It's really enjoy Y T C H. It's go to a youtube channel. I guess it's standard of the X Y said go and check IT out.

I think many people will actually, really, really like IT. Q, and that was my pick of the week. Tom.

what's youll pick the week? So cost your mind back, if you can, to nineteen seventy five in the U. K.

We've just had phenomenon that was in a two thousand one, a spice to sea. We had clock work, orange. So all of these .

kind of futuristic called clockwork.

clockwork k orange, I think just .

go get you mind the government.

you're all thinking of the pom parody on anyway. So lots of you know, slightly so post a pocket fail or future field going on. It's before star wars, crucially, and you've got the powerhouses, that is Jerry and Silvia Anderson.

So jar, if you don't know, Jerry, Silvia and son are the creators husband and wife who created thunder birds. Stingray je ninety um fiber itself five. What they ve got into was A T V show called space nineteen nineteen nine.

You know, this game, I don't know this at all.

You bored.

oh my good. You don't know.

My god.

I love space nineteen ninety ninety. IT has the greatest thing tune of any TV program ever, in my opinion.

So good, so good. Bottom lines, this is a classic british. That was what they were trying to sell IT to the U. S. They had the leeds were american, Martin land down and barba ban, big hitters of the seventies. The basic premises, the moon gets knocked out of its orbit by a massive nuclear explosion is now just travelling through space sector.

The third, nineteen, nineteen, nine.

thirteen, nineteen ninety nine. exactly. They get sent hurting through space. It's all about their weekly adventures and who they come across in the spectacular aliens and there in a demons and all that all the stuff is brilliant, perfect periodical shown.

I had some like twenty two episodes per season, so plenty of content. yeah. Now the moon city uniforms for the first series were created by an austria.

An fashion designer tells you everything you need to know. Uh, really a good right. And they were bage so beige, so much beige everywhere they were glorious. I was great.

I love, I love the moon city. IT was at the the special effects in model work, the eagle, the eagle, whether transport is their main spaceships. They work 什么 呢？

As you'd expect, the model work was second to none. In fact, I think the equal transport is beloved IT by many a man over certain age. But the music you mentioned, gram was season too. Ah, not season one. yeah.

Oh, really from what he needs, the ones that trigger my memory the most season too, even though season one is so much Better and so much, so much more british, you know, so much, you know. But anyway, because i've told friends and family this so much, and I just ignored me, I thought, I just tell a captive audience, I love, this is superb. It's dreadful as much as that. This is amazing and that's part of the child.

Gorgeous yeah, that's always a gorgeous combination.

Highly recommend.

So you're pick of the .

week is space nineteen nineteen nine.

Very cool, strong. Recommend for me as well grow.

What is your pick of the week? Uh, okay. So my pick of the week is an article that I read over the weekend.

And if you know it's one of those, you know when you watch the office and then IT gets really uncomfortable and i'd like sometimes will hide behind the city just because I, you know, I can flying at my skin and discomfort. He was one of those. And IT involves doll dolls for kids from toymaker mattel.

okay? And they're always putting out toys. These guys, and they recently put out a new keep sake celebrating the new wicked movie that's coming out.

All right?

And I can tell that tom's already seen this. So stay with me, tom. Stay with me. Yes, so wicked. So just for those don't know the idea of the movie, wicked is set the land of all years before theis arrival, and has a Green skin, much misunderstood Young woman who will eventually become the wicked which of the west, and cynthia a.

Viro plays the witch L F, ba and arry's, a grand day, the pop singer place gyda, the popular blonde roommate. Okay, so all that is back story because you have these two characters in a box, right? Um they're being tied for Christmas, right? And you know all these boxes with lots of information and you can learn all about IT at their website so grand why don't you go the website? So it's wicked dot com.

wicked. W I.

yeah, that's the name in the movie. yeah. W, I, C, K, D.

i'm going. Access beyond these pages restricted to adult sighting tonally. 还有， i know what's .

going on.

and because of the Green skin, just click up. Go.

go.

go.

These look like, oh, watch. Surely, surely that's not the president's desk. She's t this store. Me trumped soul. Hang on, these look like rather x rated videos.

right? So apparently there's another studio known as wicked pictures that is currently making pornographic parities, teaching various characters from the marvel cinematic universe.

and also a little orange as well.

And IT was unfortunate. However, the packaging for the alphabet and gLinda ls for the wicked movie .

you are wrong listed .

the web dressed for wicked dot com, the home page of wicked pictures, where the link should have been wicked movie that com. So parents who may have bought these dogs for your children in the upcoming holiday season, you may want to get a little sharpie and block that out. I lesson to, although it's be careful with links gave me. You remember when we were working in a journalist scentin a link, you know, with questions and he obviously was maybe having a bit of adult fun at the same time that he was emAiling us a list of questions because he got the link wrong and we ended up on something that.

yeah yes, he's sent us an unsafe link, shall we say? Anyway, moving on now.

coral, you've been .

chatting to the focus of blackberry this week. haven't?

Yes, i've been talking to paul fire from blackberry. And you know, when things can go really wrong, as we've seen so many times this year through wars and through natural disasters, they have a way to keep the communication lines open. Listen up.

So listeners today, we are speaking with paul frie. He is a senior manager in the sales engineering at blackberry, and we are gonna a talk about critical event management and how to do IT. Right now, blackberry needs little introduction.

IT was first founded in one thousand and eighty four as research in motion, or I am blackies, now a leader in cyber security, helps businesses, government agencies and institutions of all sizes secure their digital words. Pull fire of black. Very welcome to snatching .

security.

Thank you. So paul, maybe we can just start and learn a bit about you. So how did you end up at blackberry?

Of course, I paining technology since and at school. So what give my age away? But that was late nineteen and ninety four.

Uh, and i've run h in positions across all of support infrastructure, network design. Uh, a compromise please. There are being uh a lady.

And then I came to a point about a years ago where I really focused on side of security as the next role for me, sales engineering. I like designing things, like building things, and I like driving success india within teams. So I joined at that point, if, if, if I may use a competitor.

I joined my coffee. I ran their cal engineering for about six years. And when I move across two livery, two two half years ago, to do the same thing across the U. K. And the addicts, at least africa, that social areas.

yeah, it's in a very exciting time for black as well with, you know, not just cyber security, but also with the advent of a ee security, right? So it's the fun time to be working in security. Epic.

I is used a lot within the cyber security space yeah and what we try and put across the organizations, I know we can think of topic a little bit, but what we try and put across across all the organization, these is not L A. Never the same. Just because we call IT is something we approach A I A predictive standpoint when that comes to our liability.

Ity solutions is very unique and different in in the market. That's been a really different thing to drive across technology industries and government public sets specifically and other areas of industry. Yeah.

i'm sure IT plays a part as well in critical event management solutions. So effectively, critical event management is often referred to by its acronym, C M. And maybe you can help us understand what is a critical event like is that a power outage?

Or what is the great question, right? Management has such spectrum scope across where I can be applied. I'll give me spring ampler. So let let's take three an infrastructure technology and then called IT um a people focused the event the .

recent but more .

bridge collapse. Very high profile infrastructure as in physical infrastructure based event are were used to communicate, ate across a number of different agencies to make sure that people in the right place at the right time to respond to that incident, ensure no further loss of life or chAllenge to individuals in the area, and make sure that we could collect real time information about where, as individuals were.

they will help and have then.

I think, really obvious critical event. It's a very physical for republic science. Secondly, a digital living, its gravity that have to do physical in nature. So a digital event, the the recent widespread computer are teach is is a good example of this.

You've got millions of devices impacted globally within about six minutes to be tell her how do organizations that i've got, let's say, ten to two thousand devices out, they understand what the impact on their businesses, at the community, with the workforce, to find out who is impacting, who is an impacted, that for whether we need to focus on effort to get these critical system back up and running. So we talking about event management to recover critical systems within the organizations themselves. IT would gather real time such updates, maintain secure, reliable communication. How do we do that if their systems are out?

Well, exactly. That could be next question. I mean, exactly the elements .

were talking about here with us cohl, because you mentioned h just now, is that we are out band. So we are out of band of their own infrastructure, week bliant of them, and there's all can be relied upon if they have got to do the incident that caused them an issue in credico across their the infrastructure in the state.

And then the third one.

which which is which is interesting, is interesting to talk about this day we record in this podcast and as the latest U. S. Election is just closing out, but and you recall the U. S. Uh, captain interact, but back end of the more from last lady where that was the civilian rest in the area. And our solution that was actually used and pictured on the best top of the officer, the speaker in the house, in the senate, advising people to exit, build because of civil unrest, where to go to, how to go hail and how to respond to make sure the people are already waited around races that was done in multiple message, email, ism s telephone and this.

So we are able to advise people where to go, how to behind, and we too way in communication from as well, so if they have the the opportunity to respond and say, yes, i've taken the action, or yes, i'm in that location and then they get making quite quickly and priorities who have to assist, help, help. nowhere. They are role, if anything, I suppose, know where they are on, understand what's coming on, and then response that need help more. Really.

you know, IT sounds to me like a very useful tool, particularly today with so much environmental climate crisis changes that we're seeing with incidents happening all around the world, plus we have civilian rest in many geography. So this is something that could help. So tell me, how does blackberry cm solutions ad hawk, what gives you the edge over anybody else as thing?

As a couple of things, I talked us now about the multiple communication chains. So what we are able to do M A number of things. So we have a application on the phone. We have just the pampas to talk about.

You don't have to have our software on your devices to receive a notification from our solution so we can do everything is so we're able to use very light way common tools to communicate request. And again, this is two ways. The m is is is two ways.

We come back and give an answer to a question or in response back and second day, I think that lead into a couple of things that we have in the in a solution center with playbooks, around solution, around events that we can trigger responses for. We can guide people into other areas of of communication flow. We have secure communications, boys and data. It's important.

Yeah.

this gold. So we have a communication ation to the company, on the blacky company and on weaken as part of the playbook of an event, direct people, that communication platform to have the secure conversation, we looking at a security level conversation that he should be had. So we're not just restricting ourselves with that one application and applying IT in one certain way, but we are able to guide around other methods to go and to medicate with the team and and respond to an incident that happened.

I know when I saw on your websites that there were a few stats, and one of them was the black rec M. A howk solution organization can quickly assess the scope like in a matter of a minute, and like I would managing in a situation like this, most companies, organizations would have people jumping around like mad frog. You'd be chaos. So this must be something that helps direct and and give focus.

yes. So that's my point around associate of two way communication, right? And when we have an event, we can send out a force wide or organization wide request that can respond to that. And we click of here where people are in that risk level of the event that say it's an instruction event on the bridge collapsed example or baby a sie and in an office building, we can quite quickly understand where you know what the risk is and respond to that allow the organza to respond to that so much quicker.

I mean, it's kind of it's unusual to have security people on the show that actually have a life saving component .

to their software. Best are really interesting point next about we like this back to again. And now in the communication you were out and let's take a rest where I go a hack of some some sort.

People are sitting on your infrastructure, having branched your network and listening to your communication flow. Hello, respond to that confidently with communication tools in your infrastructure. But the people that are hold me to rent some more hacking. You just still data could be watching. So you're having a conversation in time around what's our next step in resolving this issue through tactics can be watching that and then and then second guessing your next step. So the out of band element W A C N platform means you can have these conversations outside of your infrastructure now in that the people that are are the holding you to rent them or stating your data can't see IT and respond and trying attack quicker than that you can respond to what they're doing.

Yeah incredible because there's a lot of talk these days about you deep fakes and they often take advance of situations. I'm not been in the industry for a decade and I remember even when we had hurricane Katrina immediately they were a fake kind of at the time I was emails, but you know trying to raise money that we're all going to fragile lent in pockets. How do you work around that IT?

Is nobody told the fishing me with an acrosst .

system is the sure now in .

here is talking is really important. There's one critical way we we can do with that. You mentioned at the top of this, this podcast, black is right around for a number of years.

We are essentially device management organization well at cool. We around hands set manufacturer. We still maintain security that to once gave you with a software, a set of software solutions that allow you to manage applications and policy on on mobile devices. So we are able to also deploy these products using articular or management toling sucks that you have every confidence that the person that send you that message has valid access IT allowed to resist their information and is also monitor audit based on the actions that have been taken and actually important around and how how we did a security from I know who you're talking to as well as how do we respond to the issue.

Yeah, especially in a crisis, you don't have time to, you know, go in double chip and triple check everything at that time. You gotta go go go see, really want to a trusted partner that knows what they're doing. And that sounds like blacky might be a good one. Yeah.

the ool has to be trusted. And later, security and and and governance is a really strong point of we trying delivery degree.

Well, I going to a van a blacky for a long time ever since the black ry curve, way back when I was my favorite hands at today, it's still my favorite hand that I wish I would come back. Is there anything you'd like to add for our listeners about critical event management solution um at hook.

So there's a lot of areas that that this this lation said is critical for. I would suggest people look at in their organization and the kind of things that they're concerned about, the kind of things that have got policies fall around, even the security of persons or they got policy her around.

And if there's a bias into out to to if there and was your communication plan for that, what show how do you disseminate data in insecure when and communicate with your not only boots on the ground, but you're exact and up to make sure you're making the questions on the right comments to rest as well as in turn lakes become perform, organizations might have to make their source statement. There is a play for solutions such as this. I would suggest that organizations understand what that looks like before the ages doesn't happens, that I cannot community.

Yeah right. You be prepared as a key component of all this.

Thank you.

Thank you. So, so much paul listeners, if you would like to hear more, there is a time very able, kind of information available for free to smashing security listeners on blackberry cm solution page. At hack.

They have video solution, brief demos and all kinds of jazz. All you ve got to do is visit smashing security dot com slash blackberry, that smashing security dot com slash blackberry and paul fire, senior manager of sales engineering of blackberry. Thank you so much for coming on and sharing your insight.

Thanks, Carry. We have been pleasant.

Well, that just about wraps up the show for this week. Thanks very much, tom, for journy, i'm sure lots .

of listeners would.

and you can follow us on twitter at smash insecurity. No g twitter and average, but blue sky has allowed as tavern. He can also follow us there instead. And don't forget to ensure you never miss another episode follows smashing security in your favorite podcast, APP, such as apple podcast, specify and pocket .

cars and huge, huge. Thank you to our episode sponsors, van ta, blackberry and one password. And of course, to our wonderful patron community is thanks to them all that this show is free, the search show notes, sponsorship information, guesses and the entire back catoche of one of three hundred ninety two episodes. Check out snatching ing security 点 com until .

next time Cherry o bay.

bye bye.

Stay secure, my friends.