Pasta spies and private eyes, and are you applying for a ghost job?
31:17 Share

Amounts that many people are alleged of spite opponent. Total information from include details of staff at a pasta manufacturer.

Okay, not the recipe, but yeah, the stuff, right?

Smashing security episode three hundred and ninety two pasta, spice and private ties and argue applying for a ghost job with Carol tario and gram hello, hello, welcome to a smashing security upside three hundred and ninety two. My name is grown .

luly and carro .

q is a very special day, the day of record in this scary day, scary day. Oh, because remember, fifty fta night. Isn't that the reason why everyone is thinking about november the fifth? That's why the world .

is going up in flames. Yes, that's exactly what I don't want to talk about IT. I wanna ick off this show. But first I want to think our wonderful sponsors, one password, vta and freshwater, is their support that help us give you this show for free. Now coming up on today show gram, what you got.

i'm could be talking about snooping scandal, which is taking place in italian.

kay, and i'm gonna deal into the world of ghost jobs in all this and much more coming up in this episode of smashing security.

Now, chm champs, let me take you to the beautiful land of italy. We all love italy. Fantastic food, fantastic architecture, fantastic people, fantastic weather.

It's one of the best countries in the world. Beautiful coast line. Yeah, lovely.

Looks like a boot. Ah, what else can we say? You don't really .

appreciate that when you go and see IT though?

No, you can't really tell. It's not that easy to tell from that. Have to zoom out.

get top up really high. Well.

bad news, i'm afraid, because hackers are alleged to have been stealing confidential data related some of the country's most prominent figures, including politicians. They even said to have access the contents the email of italian president sergio mattel, A H. So police have arrested four people as part of a major probe into the snapping and hacking scandal. People have arrested include a former super cup common gallow.

What's a super cup?

A super cup is, uh, a very important policeman. In this case, senior gallow is remembered for his crag's investigations into mafia gangs, his success in rescue in kidney victim.

So he was a top, top, top, top. That's IT yeah .

and he's now being arrested uh, as has another chap well called non zo Samueli cala mochi, the wonderful names they have been italy and he's been previously linked to the anonymous movement. He claimed to have hacked the pentagon in the past and with the leaders of this hacking gang, g, they are suspected of compiling dossiers, compiling docia to order no less.

All right.

likes a paper play. Yeah, people come on and say, yeah, could you gather or some information? Oh yeah, we can do that. You so theyve been illegally harvesting data from highly sensitive national security database, the requests of the client.

They don't trying to find out what kind of cigar he prefers, you know, because for Christmas present, yeah, but I mean, yeah.

that would be a robot extreme, wouldn't to a crime to find out what to buy someone about Christmas rather than just to get them maybe get intercept santas email to see what people are put on their Christmas list, perhaps. So there is a private investigations company called equalize, and that is run by the former supercup coming galley.

That company said to be at the heart of the scandal, IT said, to illegally access the government's national security databases. This private investigation company access those databases from twenty eighteen until earlier this year. Are you kidding me? Five years sitting .

there in the quiet, just who up everything that goes by .

in police water taps. Nzo kaleta is alleged to have boosted of having hacked the information of eight hundred thousand people while working. IT seems this P.

I. Company, and it's been described as one of the largest, the most alarming breaches of government data in recent history. So you might be thinking, well, how did they manage to gain access to those highly sensitive security database?

Yes.

you are wondering that.

Yes, yes, i'm playing well. Okay, okay.

I'm going to tell you I always that would be rather dull podcast, according to political, who broke the story on this during the day kalau cheese team of programmes they were creating and maintaining the databases for the interior.

minus under the guys of equalize.

they said, we can sort that out you. But when night fell, they were allegedly downloaded in troves of private information on thousands of italians, including the president, including the x prime minister matteo renzi, as well.

And what? Wipe the logs as well. So no one could see any this happening.

actually, to color mochi, he was recorded on these water taps, and the database had been designed by his stuff, he said, by the boys from cocheres. These are my lads. You've set this top up that have got IT on physical service insuring and we have a rat remote access. Troon.

yeah. So, so it's a huge conspiracy. Yeah, okay. yeah.

Amongst many people are alleged of spider upon ents stopping information from include details of staff at a pasta manufacturer.

okay, not the recipe, but yeah the .

staff in some of recipe. Uh, and italian, an energy company, E R G R G. Journalists at three of italy's leading newspapers and a pop singer.

okay.

And this data was then sold to clients. So people who said, have you got some data or used to blackmail IT is alleged entrepreneurs and politicians since at least twenty nine, and they supposed have made millions of millions in europe of hush money.

basically. I know that you did ba blah because I have the email give me fifty grand.

or whether they got paid by the people who wanted the datas. Well, in one conversation, which was alleged to be recorded this super cup or former super cup, he said he had videos showing the member ruby the heart stealer was the dancer. He had a particular eye for who he met when he was just seventeen. Come in gal, the former super cup. His recorded claiming to have had videos of burleson's up to no good with her.

So he had him on a show at least. Jez, one of those .

people who's been arrested is a chapter LED messia I O camp novo. Easy for me to say. Now he is either a private investigator, a hacker, depends on which newspaper he report to read. Maybe this is the same thing these days. And he told the judge is handling this case that he fears for his safety and that of his family because he says, I received a lot of data and compiled reports on behalf or equalize and I may have enemies in high places or maybe low places, who knows, but anyway, he he's worried as a consequence .

yeah ah yeah you would be the right because you're missing yeah yeah .

this with a lot of powerful .

people yeah and now you're a actually .

be I have at that are not just the people you've taken the data from, but the people who asked for the data right? Who are the people who are paying this? Private investigations .

come to dig up dirt. People, hundred people. So if they're getting troops of emails .

like another records, the financial records, all kinds of information, which could be embarrassing. So far, they're been sixty people linked to this breach. So there may well be more rest, not just italy. As I mentioned, there were programmers allegedly working for this gang in cul chester of all places as well. So if the prosecutors are right, we have a private investigations companies stealing highly sensitive information from government database of our politicians, entrepreneurs, olympic athletes, popstars, to order .

and energy companies.

and energy companies past the manufacturers. Let's not forget.

right? yes.

Who are they doing? IT. forker. Who do you think?

No idea. Do you have .

any suspicions? No.

i'm sorry. okay? The aliens. So doing for aliens?

Well, no, no, be strAngely. No suggestion of that so far. Okay, okay, few.

But what types you have been leaked to the italian media? Clearly, everyone is leaking everything. The italian impress get lots of leaks from the police of one attap.

And things suggest that equalizes clients included more, said the israeli intelligence agency. And you may not be that surprised. I mean, i'm Frankly not that surprised about .

that than being no .

I there there was never client OK .

um who's been mentioned .

the fatigue.

what the wall you know okay, wow. okay.

So interesting.

Did they comment?

Well, politico did request to comment.

Good for them are apparently .

they made a written request. I don't if that means they predict letter or something, I don't know the veterans, I think .

they're getting email if they're asking for troves of data gonna be putting IT in stone.

The veteran hasn't responded.

okay. Yeah, but you know.

this is a story which is just break now there is more investigation to be done. IT looks huge. And it's interesting to me because this is like which is largely quite localize and you could sort of ignore IT in a way. But I wonder what other countries something similar may be a current in on which govern encies may have farmed out the administration of some of their database to people who might allegedly be accessing that data out of hours and maybe monetizing in other fashions.

Okay, this is outrageous. I'm going to say this, the vatican, an requesting with information somehow feels to .

me is IT against one of the tens so you thinking.

no, I just feels somehow less dangerous right to me in this state age then say a political enemy getting that information.

your a lovely person grow and possibly very, very innocent. But I think any powerful organization has the ability to do terrible things. Sometimes I think you have to wonder what they were going to do with IT. And maybe they won't going call you in a dark Kelly.

But no, no, I suspect they were probably going, do you really want to to do that? Limit this review the tapes. Um let me show you this kind of gentle coercion.

See you want to be pope, do you you want to be an interested um we've got this little information on you. So italian politicians understanding the open arms, which is the italian gesture, if you think about IT, they will have their arms up. Yeah, it's a mega hacks for her and those who've been arrested so far, they're refuse ing to answer questions from the judge in charge of the case.

They will be interesting to see how this develops because as the charges become more serious, think the pressure will be on them to may be reveal a little bit about what has been really going on and do for 哇哦。 grow. What's your topic for us this week?

This week i'm going going to talk about ghost job postings. Have you heard of this?

Is this where you advertise jobs at your company, which don't really exist?

Yes.

you're very close OK. Why would you do that?

Like I had no real idea because because, you know, I guess I been cruising full time job for a while and I don't spend my time on linked in, but there does seem to me to be a serious lack of good vibes and I want your opinion. okay. So right? okay.

So for those who don't know as great suggested, a ghost job is a job listing that an organization publishes, except the job either does not exist or has already been filled. So think we have an imaginary friend called cave who's found the perfect job and spends all his time polishing A C V. And detAiling his experience is in writing a cover letter to increases chances of getting a looking right.

All the while .

he's just spinning his little wheels because there's effectively no jo B2Be had is a w.

as te of tim e for him isn 't yea h yes.

it's the complete waste time, right? And you know if that was happening to me, I would feel frustration, right? I would feel a little note.

There are companies who advertise jobs because we have to advertise the job, but they've actually got someone internally in the company already. So I don't know this is a legal requirement to advertise IT and but they they actually know who they want to shoot on in their already a that's that's annoying when that happens. But this is something different from .

that is IT seems to be right. And you know, I was thinking, this is gonna be niche, right? This is gonna be pretty niche.

It's not so niche. crime? No, my perfect resume. So they published research recently saying eighty one percent of recruiters, eighty one admitted to posting ghost jobs. Eighty one.

Why to show that they're really, really popular recruit agencies i'm going to get to that.

You start thinking in your head reasons why, okay, resume builder, okay, they say forty percent of companies admitted to posting fake jobs in twenty twenty four. So almost have okay.

I've got I got another theory. Why might this good.

good draw him down? okay. They also found that thirty percent of companies were currently, currently advertising for roles. They were not even real.

right? Okay.

why would a company do this? Over two gram. Take a step.

Is that the recruiting agency is doing IT or the company that .

is actually both often H R, or seeing your staff like a CEO in the c level in the VP will be behind IT if it's strayed up with the company or uh.

recruit agents of a few theories, right OK. Number one. Number one, you've got a horrendous cheap sections of right is complete maniac like most CEO are.

And you've gotta convince him that you're busy, right? You don't want to get far. You don't want him walking into a child. Same, what are you guys doing? You're to sitting around picking your to nails.

So what you do is you start advertising float jobs and you keep on trying to convince the C E, O that the companies doing really well and we're hard in her, in her, in her, in her, in. Come find the right people. Oh my god.

Yeah, you know but we're active. At least we're doing something. boss. So is that there the kids?

A good theory.

Yeah think that's not IT.

It's not in my list. Then there's lots of them on my list.

those that one is not in my yeah another theory, you are an agency which wants to say where the people with all the jobs and therefore you cranking fake jobs yeah, so it's like you're trying to get more people to sign up for your books and give you their credentials so that they can spare you in future with real job adverts, but they making up attractive phony jobs in the meantime.

Okay, that's pretty close. Pretty close. So okay, here's a few to add to that.

S yeah, okay.

let me give a few. And then we will come back to you OK OK. So one of them is to build a pool of applicants in case of turnover.

right? Oh, right. okay. So someone takes the job, then quits after a week and a half.

Yeah, I can't believe they don't let me donuts in the office. I'm gona leave here. Storm out.

also collect cvs, do a bit of data mining.

right?

Engage the market to see if specific skill sets are available or not. So you might be going, how many, you know, a links programmes do we have available? And also understand salary expectations, like if you want this job for sixty grand year, you know there may be put a back out against ty grand seven two to create an impression of growth. This is basically you're getting to to perhaps attract investors or maintain a positive public image or to look very active even if you're suffering from .

a hiring freeze. IT seems that .

though doesn't IT, yes, but there's two more that kind of shock me. Okay, okay.

go at go. So in level one.

attend. We have shocked to work. You may not be shocked at all. You're cooler fish than me. To convince an employee that additional resources are on the way without ever having the intention to fill the role. You I know how many surveyed said they did this.

No way.

Six out of ten, sixty percent. I think that was sixty one. So over sixty percent do this for that reason.

Yeah, maybe you you stuff a colleague. Yeah, at the colleague and they said, could you, could you just cover for your colleague as well? free. We are. We are hiring. We are hiring.

You just keep on you. Do you we, your salary package keep doing the work.

We can't find the right person, but we are definitely hiring.

Okay, gets swears IT. Gets where? See ready? Six out of tens of sixty percent plus survey.

yeah. Also said this was to make employees feel replicable. Like double wow like make your employees nervous. That's the secret to high employment retention. Who knew don't get .

always about the a station. Don't start asking for a raise because we've .

recruited yeah we recruiting right now. It's like, boss, why is my exact job on the job word? Uh, just wondering. So resume builder, apparently y said that posting ghost job had a positive impact on revenue productivity.

And surprisingly, they say employee moral and i'm like, oh, really, when an overworked employee realizes there's no relief on the way, are they going to be like, I god, I love this guy. I love this company. I love everything about how they are treating me.

One of these service, this sounds like all these companies are doing surveys about this. And I say, oh, hang on them and hang on. Sixty percent of companies are doing this. The look at me feeling like, right then nothing.

No, I think about the candidates, right? So all these big jobs is like it's like being on actually medicine and looking for the love of your life that they're spending serious time applying for positions that do not exist or end are not gonna be filled. Can just say eighty percent of company surveyed admitted to doing this and it's gross. But as growth I might find IT IT doesn't seem to be illegal, right?

okay. I get that is complicated.

You know especially in the states's example, you've got state laws, but IT is weird because the ftc act prohibits unfair or deceptive acts or practices in commerce. So how can knowingly posting a ghost job not fall .

under this person of a vacant ency? Aren't a there's no vacancy? No, I know, but that is like an advert, is an advert for something which you can't mind. You like that. Yeah, how would you make IT illegal in the UK?

You know, the best place I could find was be maybe the employment agencies act, which requires employment agencies to be transparent about their services and ban unfair practices. So, you know, my mind, a big fun in red saying fake job do not apply might be helpful. And I anette ally, I heard this is a huge deal on linked in.

And then I was wondering this linked in care about this, right? Because is IT in their you know do they have any way of reporting if something looks suspicious? And apparently they do.

Oh, the basically right now it's kind of like the wild's west with one side holding all the cards and the lowly candidate being, you know, screwed around. What can you do about ghost ops? And there's not much you can.

The advice I saw was look for vague descriptions so listings that lacks specific details about responsibility, lie s and qualifications, maybe ghost jobs, maybe right long post generations. And i've heard this from other people as well. Um so positions that have been posted for more than thirty days without updates are often considered ghost jobs.

right, and .

repeated listings. So if a job appears frequently or has been reposted multiple times, IT could be a sign that it's not actively .

being filled. Doesn't this cost companies to repost these ads? I mean, do they care so much about their employees morale, but they but they okay, but their .

employees moral because they are like some cases, they're like trying to find replacements faky just to make them feel nervous. Anyway, I don't think it's a very cool way to Operate companies.

You don't you don't think this .

cool on the cool scale of zero to ten. It's way closer to new A.

These websites smash security broad by flash point twenty twenty four, being a year like no other for security cytha ATS. Social security have continued to increase. Now geopolitical instability is that in a new layer of risk and uncertainty, last year, there was a staggering eighty four percent rise in ransome wear attacks in the thirty four percent jumping data breaches.

The result, while millions and millions of dollars in financial losses and threats to safety worldwide, that's where flash point comes in. Flash point empowers organizations to make mission critical decisions that will keep their people and asset safe. How's they do that?

By combining cut teenage technology with the expertise of world class analyst teams and with ignite flash points award winning threat intelligence platform, you get access to critical data, finished intelligence, alert and analytics all in one place. It's no one that flash point is trusted by mission critical businesses and governments worldwide to access the industry's best thread data in intelligence. Visit flash point dot I O today. That flash point to I O.

Whether your state or scaling your company is security program, demonstrating top note security practice and establishing trust is more important than ever. Venter automates complaints for sock to I saw twenty seven O O one and more, saving you time and money while helping you build customer trust.

Plus you can stream line security reviews by automating questionnaire demonstrating your security posture with a customer face intrust, all powered by venter A I. Over seven thousand global companies, like at asian flow health and cora use venture to manage risk and prove security in real time. Get one thousand dollars of venter when you go to venter dot com slash smashing.

That's venter dot com slash smashing. But one thousand dollars of. Quick question. Do your end users always and I mean, always, without exception, work on company owned devices and IT approved apps? I didn't think so.

So my next question is, how do you keep your company's data safe when it's sitting on all of those unmanaged steps and devices? Well, one password has an answered this question, and it's called extended access management. One password extended access management helps you secure every signing that every APP on every device.

Because IT solves the problems. Traditional I I M and M D M can't touch, go and check IT out for yourself at one password dot com slashed smashing. That's one password dot com slashed smashing. And thanks to the folks of one password, the support in the show and. Welcome back, new journal favorite part of the show, the part of show that we like to cool because .

the way pick the week.

week, week. Because the week is the post show where everyone sees something like to be funny story, a book that they had, A T, V show movie, a record to podcast website or an APP, whatever they wish. IT doesn't have to be security related necessarily.

Better not be. Well, I pick the week this week. It's not subsets ity related.

good. So on the day of recording, amErica is going to the polls grow. It's not just guy folks today. Yes.

I am very rare.

of course, be listening to this in the future. Listened to this after the poles have decided in amErica come once again. But if you want, if you want, remember the chaotic old days of twenty, twenty, twenty, twenty one and so forth. I got a podcast which may be relevant. IT is a podcast on B, B C sounds by B, B, C, jane's gabbi o gatehouse called the coming storm.

And I really like IT.

yes. Have you heard some this?

Yeah, i've heard some of its very good.

It's very good. So IT looks into the background of the january sick things direction in washington. But it's not just a retrained of q anon conspiracy theories and unpleasant discussion forms on the internet. He takes a bit of a broad of you looking into the past, goes back to the which crapp trials of five hundred years ago and yoga teachers and all the way to the matrix and tech brows and interactions running for congress to want to abolish federal government. There's all these strand, yes.

gay byo gatehouse. I listened to the first series of this is excEllent. I I don't know why I did make a my picture. We come to you.

The second series is now I haven't heard the first series. I've been list. I've been listened series too.

He's got a great voice and is very, very well produced like a lot of BBC down podcasts are, to be honest. So it's fascinating. It's serious. It's sometimes talking about the barge's things are mentionable, but I think that might be a good thing if more people listen to IT. It's not just a podcast.

It's also a book, uh, which I haven't read, but I love to get my hands on IT but judged by the podcast, that will be a great read. Anyway, my recommendation is a podcast called the coming storm croll enjoyed IT. I've enjoyed IT. You listen to IT, and that is my .

pic of the week.

Cora, what's your pic? The week?

great. I don't know this has ever happened before. I don't have the same because the week as you, but it's very similar. Oh, so I have a BBC podcast. So good.

Are they sponsor in the show you wish .

posted by john ronson?

Oh yes.

So he's interest.

yeah.

He's been a journalist and author for decades and has a passion for a dealing with culture wars in the digital age.

This is very similar row. This is very similar.

I know so if someone likes yours, they're onna like mine advice first and I so my pakistan is the second season um IT stand alone shows you can dip in and out and each episode deals with a hot topic or issue where well meaning people become extremists in one way another.

So from .

Christian fundamentals ism, the proof, anti vectors, billiam protests, he touches all of them, and he seems to be obsessed why people do things they do, uh, and what LED them to that decision. So a lot of other stories will have headlines that you might have read, and he will fill in a buck story.

It's almost like we don't talk about what we're gonna talk about in the show. cool. Before we record the show.

Yeah I know it's very similar to what and in k this is also weird. Gram, I have this sort in my note, john. Once he is a weird voice.

that seems a little unfair. He has a distinctive voice.

Okay, fair enough. He he has an unusual voice that I like, but I can imagine some people might not like.

So other people who have distinctive voices grow that people may not.

Yes, there are gram.

Yes, they are great.

So stories are well researched, told in a weirdly compelling voice screen. If this sounds like you're thing, you can chicken out whether you get your podcasts. This is bbc's things fell apart and that is my pic of the week.

How weird is that? wait. Well, that just wraps up the show for this week. You can follow us on twitter at smash insecurity. No g twitter, announce A G and don't forget to ensure you never miss A A episode for smashing security in your favorite podcast p such as apple podcast about five and pocket casts and huge.

huge thank you to our episode sponsor vantine one password and flash point and to our wonderful patriotic unity is thanks to you all that this shows free for episode shown note sponsorship info guesses than the entire back catalogue more than three hundred and ninety one episode des. Check out special security document .

until next time. Shero, bye, bye, bye.

Can't call john person s voice where he's never gna come on the podcast. Now we see he hears that can full upset.

but he does not be that you're weird.

What you know i'm weird.

You think you're weird? I'm weird.

Yes, I think that's what you should say rather than I.

Yes, okay, you're the most Normal person.

I've eet much.

Yes, we do. goodbye.