In episode 426 of the "Smashing Security" podcast, Graham reveals how you can hijack a train’s brakes from 150 miles away using kit cheaper than a second-hand PlayStation.

Meanwhile, Carole investigates how Grok went berserk, which didn't stop the Department of Defense signing a contract with Elon’s AI chatbot. So who is responsible when your chatbot becomes a bigot?

Plus: Email headaches, SPF rage, and a glowing review for... Taskmaster SuperMax Plus?

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Schoolboy hacks into city's tram system - The Telegraph.
• Caboose - Wikipedia.
• Neil Smith discusses his findings - Twitter thread.
• End-of-Train and Head-of-Train Remote Linking Protocol - CISA.
• The Cheap Radio Hack That Disrupted Poland’s Railway System - Wired.
• Grok, Elon Musk’s AI Chatbot, Shares Antisemitic Posts on X - The New York Times.
• X ordered its Grok chatbot to ‘tell like it is.’ Then the Nazi tirade began - Washington Post.
• Hacker uses Elmo's X account to post antisemitic rant and demand release of Epstein files - ABC News.
• Elon Musk Announces Sensuous Grok AI Companion - Mashable.
• Grok Rolls Out Pornographic Anime Companion, Lands Department of Defense Contract - The Rolling Stone.
• Learn DMARC.
• TASKMASTER SUPERMAX+.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Adaptive Security - request a custom demo featuring a real CEO deepfake simulation today from adaptivesecurity.com.
• Vanta– Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

In episode 425 of "Smashing Security", Graham reveals how "Call of Duty: WWII" has been weaponised - allowing hackers to hijack your entire PC during online matches, thanks to ancient code and Microsoft’s Game Pass.

Meanwhile, Carole digs into a con targeting the recently incarcerated, with scammers impersonating bail bond agents to fleece desperate families.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Call of Duty: WWII trailer - YouTube.
• Warning: Do NOT Play COD WWII on PC Gamepass - YouTube.
• 2017 Wichita swatting - Wikipedia.
• Call of Duty: WW2 on PC Game Pass yanked offline amid reports security exploits are leaving players with screens full of smut - Eurogamer.
• Common Bail Bond Scams and How to Avoid Them - US Attorneys.
• Can I Check out Another Person's Criminal Record? - Nolo.
• Belton Bail Bond Testimonials.
• ‘They know everything’: Families of inmates at Sumner County Jail targeted in bail scam - Nashville WKRN.
• Latest scam targets NJ families of those who were recently arrested, demanding bail - New Jersey 1050.
• John & Paul: A Love Story in Songs by Ian Leslie review – let it be the new gold standard in Beatles studies - The Guardian.
• Introducing 'John & Paul: A Love Story In Songs' - Ian Leslie.
• Charles Paris mysteries - BBC Radio 4.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Adaptive Security - request a custom demo featuring a real CEO deepfake simulation today from adaptivesecurity.com.
• Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.

A Mexican drug cartel spies on the FBI using traffic cameras and spyware — because "ubiquitous technical surveillance” is no longer just for dystopian thrillers. Graham digs into a chilling new US Justice Department report that shows how surveillance tech was weaponised to deadly effect.

Meanwhile, Carole checks the rear-view mirror on the driverless car industry. Whatever happened to those million Tesla robotaxis Elon Musk promised by 2020? Spoiler: they’re here — sort of — but they sometimes drive into oncoming traffic.

Plus: Leighton House, heatwave survival gadgets, and an unflushable toilet situation (not what you think).

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Mexican drug cartel hacker spied on FBI official’s phone to track and kill informants, report says - TechCrunch.
• Audit of the Federal Bureau of Investigation's Efforts to Mitigate the Effects of Ubiquitous Technical Surveillance - US Department of Justice Office of the Inspector General.
• Tesla driver tells police he was using 'self-drive' system when his car hit a parked police vehicle - AP News.
• ‘Lidar is lame’: why Elon Musk’s vision for a self-driving Tesla taxi faltered - The Guardian.
• Tesla invited influencers to test its robotaxi. Here's what they had to say - USA Today Europe.
• Elon Musk Hails 'Successful' Tesla Robotaxis Launch in Austin Amid Reported Glitches - eWEEK.
• A Fatal Tesla Crash Shows the Limits of Full Self-Driving - Bloomberg.
• The Arab Hall at Leighton House.
• Spandau Ballet’s “Gold” - shot at Leighton House!
• Shark FlexBreeze Fan With InstaCool Mist Attachment - Shark.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Vanta– Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• Trelica by 1Password- Access Governance for every SaaS app.

In this episode, Graham unravels Operation Endgame - the surprisingly stylish police crackdown that is seizing botnets, mocking malware authors with anime videos, and taunting cybercriminals via Telegram.

Meanwhile, Carole exposes the AI-generated remote hiring threat. Could your next coworker be a North Korean hacker with a perfect LinkedIn?

And BBC cyber correspondent Joe Tidy joins us to talk about "Ctrl-Alt-Chaos", his new book diving into the murky world of teenage hackers, ransomware gangs, and the strange motivations that lie behind digital mayhem.

Plus: competitive pond husbandry, dead slugs, Hitster the board game, and a shoutout to the AI startup that hijacked Graham's SEO.

All this and more is discussed in episode 423 of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault - it's like a cauldron of life... but for cybersecurity.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Operation Endgame.
• Ctrl+Alt+Chaos.
• Lizard Squad Member: Why I Took Down Xbox and PlayStation - YouTube.
• Reckoning With the Rise of Deepfakes - The Regulatory Review.
• Deepfake interviews: Navigating the growing AI threat in recruitment and organizational security - Fast Company.
• Why Your Hiring Process is Now a Cybersecurity Vulnerability - Pindrop.
• Best Practices for Defeating Deepfake Candidate Fraud - Dice Hiring.
• Phanpy - A minimalistic opinionated Mastodon web client.
• How to make a mini pond - Gardener’s World.
• Hitster board game.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Vanta– Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• Flare- Uncover the latest threats across the dark web and Telegram. Start your free trial today.
• Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on

A GCHQ intern forgets the golden rule of spy school — don’t take the secrets home with you — and finds himself swapping Cheltenham for a cell. Meanwhile, an Australian hacker flies too close to the sun, hacks his way into a US indictment, and somehow walks free... only to get booted back Down Under.

Plus: flow states, Bob Mortimer, and the joys of pretending to carry an owl around on a cushion.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• The Cheltenham Doughnut - Wikipedia.
• Summer placements - GCHQ.
• Spy school dropout: GCHQ intern jailed for swiping classified data - The Register.
• Former GCHQ intern jailed for taking top secret files home - Crown Prosecution Service.
• United States government says it will deport Australian hacker David Kee Crees - ABC News.
• Australian national known as “DR32” sentenced in U.S. federal court – DataBreaches.
• ICE takes steps to deport the Australian hacker known as “DR32” – DataBreaches.
• Aussie Travel Cover has hundreds of thousands of records stolen in hacking, policy holders not informed - ABC News.
• Australian cybercriminal to be deported from US - Information Age.
• Government sites hit by Aussie Travel Cover hacker - ZDNET.
• Abdilo, Australia-based computer hacker, live streams attack on US education sites - ABC News.
• Bob Mortimer's Pet Owl - YouTube.
• And Away… by Bob Mortimer - Simon & Schuster.
• Flow by Mihaly Csikszentmihaly - HarperCollins.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

What do a sleazy nightclub carpet, Google’s gaping privacy hole, and an international student conned by fake ICE agents have in common? This week’s episode of the "Smashing Security" podcast obviously.

Graham explains how a Singaporean bug-hunter cracked Google’s defences and could brute-force your full phone number. Meanwhile, Carole dives into a chilling scam where ICE impersonators used fear, spoofed numbers, and... Apple gift cards to extort terrified migrants.

Plus: Nazis, door safety, and the age-old struggle of telling Ralph Fiennes from Liam Neeson.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Bruteforcing the phone number of any Google user - Brutecat.
• Leaking the phone number of any Google user - YouTube.
• Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account - The Hacker News.
• Google fixes flaw that could unmask YouTube users' email addresses - Bleeping Computer.
• ICE Scammers Are On The Rise: What To Do - Newsweek.
• Student visa holder tricked by fake ICE agent scam, loses thousands - Newsweek.
• Conspiracy - IMDB.
• Schindler’s List - IMDB.
• Dutch Reach car door opening method - The AA.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.
• Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• Flare - Uncover the latest threats across the dark web and Telegram. Start your free trial today.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via

A bizarre case of political impersonation, where Trump’s top aide Susie Wiles is cloned (digitally, not biologically — we think), and high-ranking Republicans start getting invitations to link up with "her" on Telegram to share their Trump pardon wishlists. Was it a deepfake? Or just someone with a halfway decent impression and access to a shady data broker?

Meanwhile, we take a worryingly familiar journey into the mental health crisis in the UK — and how TikTok is stepping in with advice like “eat an orange in the shower” to cure your anxiety. Spoiler: it won’t. But it might make your bathroom smell nice.

Plus: a nostalgic tech support tale involving a CRT monitor, a wooden door, and an unexpected shade of brown.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Federal Authorities Probe Effort to Impersonate White House Chief of Staff - Wall Street Journal.
• FBI probes effort to impersonate White House chief of staff Susie Wiles, sources say - CBS News.
• The Trump Administration Accidentally Texted Me Its War Plans - The Atlantic.
• The Trump campaign is still being hacked - Popular Information.
• The Big Mental Health Report - Mind.
• Mental Health Pressures - British Medical Association.
• More than half of top 100 mental health TikToks contain misinformation, study finds - The Guardian.
• ‘They thought they were doing good but it made people worse’: why mental health apps are under scrutiny - The Guardian.
• How to find therapy or counselling - Mind.
• Carole in the shower with an orange? - Twitter.
• Matter - modern read-later app for iPhone, iPad, and web.
• Techie fixed a ‘brown monitor’ by closing a door - The Register.
• Smashing Security merchandise (t-shirts, mugs, stickers and...

Why is a cute Star Wars fan website now redirecting to the CIA? How come Cambodia has become the world's hotspot for scam call centres? And can a WhatsApp image really drain your bank account with a single download, or is it just a load of hacker hokum?

All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Allan Liska.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• How I found a Star Wars website made by the CIA - Ciro Santilli on YouTube.
• How the CIA failed Iranian informants in its secret war with Tehran - Reuters.
• Isis and al-Qaeda sending coded messages through eBay, pornography and Reddit - Independent.
• Games Without Frontiers: Investigating Video Games as a Covert Channel - IEEE.
• General David Petraeus used clever Gmail trick during affair - Network World.
• Cambodia is home to world’s most powerful criminal network: report - SCMP.
• How to protect yourself from suspicious messages and scams- WhatsApp.
• Is WhatsApp Safe? Tips for Staying Secure - WhatsApp.
• Hacked on WhatsApp – how to stay safe when using the messaging app - BBC.
• Just a GIF Image Could Have Hacked Your Android Phone Using WhatsApp - The Hacker News.
• Kon-Tiki: The Epic Raft Journey Across the Pacific - YouTube.
• Still Standing with Jonny Harris - CBC.
• Niki de Saint Phalle & Jean Tinguely - Myths & Machines - Hauser & Wirth.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Vanta– Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!