In this episode, Graham unravels Operation Endgame - the surprisingly stylish police crackdown that is seizing botnets, mocking malware authors with anime videos, and taunting cybercriminals via Telegram.

Meanwhile, Carole exposes the AI-generated remote hiring threat. Could your next coworker be a North Korean hacker with a perfect LinkedIn?

And BBC cyber correspondent Joe Tidy joins us to talk about "Ctrl-Alt-Chaos", his new book diving into the murky world of teenage hackers, ransomware gangs, and the strange motivations that lie behind digital mayhem.

Plus: competitive pond husbandry, dead slugs, Hitster the board game, and a shoutout to the AI startup that hijacked Graham's SEO.

All this and more is discussed in episode 423 of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault - it's like a cauldron of life... but for cybersecurity.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Operation Endgame.
• Ctrl+Alt+Chaos.
• Lizard Squad Member: Why I Took Down Xbox and PlayStation - YouTube.
• Reckoning With the Rise of Deepfakes - The Regulatory Review.
• Deepfake interviews: Navigating the growing AI threat in recruitment and organizational security - Fast Company.
• Why Your Hiring Process is Now a Cybersecurity Vulnerability - Pindrop.
• Best Practices for Defeating Deepfake Candidate Fraud - Dice Hiring.
• Phanpy - A minimalistic opinionated Mastodon web client.
• How to make a mini pond - Gardener’s World.
• Hitster board game.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Vanta– Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• Flare- Uncover the latest threats across the dark web and Telegram. Start your free trial today.
• Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on

A GCHQ intern forgets the golden rule of spy school — don’t take the secrets home with you — and finds himself swapping Cheltenham for a cell. Meanwhile, an Australian hacker flies too close to the sun, hacks his way into a US indictment, and somehow walks free... only to get booted back Down Under.

Plus: flow states, Bob Mortimer, and the joys of pretending to carry an owl around on a cushion.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• The Cheltenham Doughnut - Wikipedia.
• Summer placements - GCHQ.
• Spy school dropout: GCHQ intern jailed for swiping classified data - The Register.
• Former GCHQ intern jailed for taking top secret files home - Crown Prosecution Service.
• United States government says it will deport Australian hacker David Kee Crees - ABC News.
• Australian national known as “DR32” sentenced in U.S. federal court – DataBreaches.
• ICE takes steps to deport the Australian hacker known as “DR32” – DataBreaches.
• Aussie Travel Cover has hundreds of thousands of records stolen in hacking, policy holders not informed - ABC News.
• Australian cybercriminal to be deported from US - Information Age.
• Government sites hit by Aussie Travel Cover hacker - ZDNET.
• Abdilo, Australia-based computer hacker, live streams attack on US education sites - ABC News.
• Bob Mortimer's Pet Owl - YouTube.
• And Away… by Bob Mortimer - Simon & Schuster.
• Flow by Mihaly Csikszentmihaly - HarperCollins.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

What do a sleazy nightclub carpet, Google’s gaping privacy hole, and an international student conned by fake ICE agents have in common? This week’s episode of the "Smashing Security" podcast obviously.

Graham explains how a Singaporean bug-hunter cracked Google’s defences and could brute-force your full phone number. Meanwhile, Carole dives into a chilling scam where ICE impersonators used fear, spoofed numbers, and... Apple gift cards to extort terrified migrants.

Plus: Nazis, door safety, and the age-old struggle of telling Ralph Fiennes from Liam Neeson.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Bruteforcing the phone number of any Google user - Brutecat.
• Leaking the phone number of any Google user - YouTube.
• Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account - The Hacker News.
• Google fixes flaw that could unmask YouTube users' email addresses - Bleeping Computer.
• ICE Scammers Are On The Rise: What To Do - Newsweek.
• Student visa holder tricked by fake ICE agent scam, loses thousands - Newsweek.
• Conspiracy - IMDB.
• Schindler’s List - IMDB.
• Dutch Reach car door opening method - The AA.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.
• Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• Flare - Uncover the latest threats across the dark web and Telegram. Start your free trial today.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via