Snowflake hackers, and under the influence
35:21 Share

Granddad? Granddad? Hey, I'm going to read out a number. It's long. I've got to read a passcode. Get your pen. Smashing Security, Episode 397. Snowflake Hackers and Under the Influence, with Carol Terrio and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 397. My name's Graham Cluley. And I'm Carol Terrio.

Now, Carole, we've had some feedback from a listener. Yes, Matt has been in touch and it's a bit of a, well, as he describes it, he says it's a bit of a nitpick. Okay, I'm very excited to hear this. Most unfortunately, it's a nitpick with me. I didn't think you would bring that up. I was convinced it was going to be something I'd done. Okay. No, no, no, no, not on this occasion. So yeah, nitpick with me and my story last week. He says,

I lived in Korea for many years and can attest to the number of satellite dishes scattered throughout Seoul and regional areas. No problem so far. But in episode 396, Graham, that's me, reports that Korean police have frozen 6 billion Korean dollars due to that dodgy dish manufacturer. You remember the story, I'm sure. Yeah, of course. Yeah, yeah. So he says the company would be delighted if that were the case, not only because Korean dollars don't actually exist.

I kept referring to Korean dollars, but it's actually... Instead of won. Yes, it's Korean won. Yeah, okay. I didn't even catch you, so I didn't, you know, my bad. A

A listener, PaleBlueDot, also got in touch with that correction via Blue Sky. But he says also that my conversion rate was wrong. They've actually frozen 61 billion Korean won, which means they've seized 34 million pounds, which is a bit more significant than the 3 million quid I suggested in the show. So consider me slapped on the wrist.

Thank you, Matt. What's the moral of the story, Graham? More research. Good. Okay, good. We need a takeaway here. Thank you, Matt, very much. I appreciate it so much. It wasn't me.

Anyway, let's kick off the show. Okay, first let's thank this week's wonderful sponsors. We have 1Password, BigID and ThreatLocker. Now coming up in today's show, Graham, what do you got? I've got another story about a Dumbo hacker. Okay, and I'm going to head down under for a visit with a crypto stud. All this and much more coming up on this episode of Smashing Security.

Now, chums, chums, 2024, it has been another year of snowflakes, hasn't it? You know, keep on seeing it in the press, people being called snowflakes left, right and centre. I don't like it, actually. I don't like that people are called snowflakes. I dislike that kind of labelling. Equally, I dislike people being labelled Karens. I just think it's...

Not very nice. You know, we need to be nicer. But it was a year of Snowflake in another way, because in April of this year, there was a mahoosive data breach affecting the cloud storage firm Snowflake.

A hundred million people were estimated to have been impacted and over a hundred companies. What do they do? What does Snowflake do? It's a bit like those Amazon web buckets where you can chuck all your data in the cloud. They will store your databases for you. And lots of big companies use them, like AT&T and Ticketmaster. Oh, okay. Even banks and so forth. So they're a big deal. Not the kind of companies which individual consumers may have heard of.

but the big businesses do use them. And so they are a company who could be storing your data in the services which they provide. And unfortunately, Snowflake, really Snowflake customers, suffered a breach.

Which meant that AT&T, they had stolen from them records of virtually every call made by AT&T's customers during a six-month period. Oh, my God. The hacker ultimately was paid $370,000 by AT&T. I think we should be clear, though. It's not actually what is said in the call. It's a call log that has been stolen.

That's right. It'll be logs as to where calls went from and what time and text messages and so forth. Ticketmaster, they had a 1.3 terabyte database of information on their users stolen. 560 million Ticketmaster customers had their names, addresses, emails, phone numbers, as well as event details. Is this globally? Yeah, absolutely. Okay, so that means we're affected because we've bought stuff off Ticketmaster before. There you go. So...

Lots and lots of information, even included some credit card details as well. Last four digits of your card numbers. The hackers, again, they offered that for sale. They said $500,000 if you want to get that. Neiman Marcus, which is a department store in the States, I think, 65,000 customers had their contact information dates of birth. That was taken. So those companies made the headlines.

But it wasn't as though their own systems had been breached. It was that the data they had put on Snowflake's cloud services had been breached. And the common problem, it appears, was that their credentials for logging into those accounts had been compromised and multi-factor authentication hadn't been enabled. So there were weak security practices which the hackers were able to exploit to gain access. And at the time, Snowflake didn't

that you had multi-factor authentication turned on. For companies, that's interesting, isn't it? Because that impacts everybody that is a customer of one, you know, one said company that is using Snowflake. Yeah, there is some fault of the individual companies because maybe they should configure their web buckets better, but there's also some fault on the part of Snowflake, it seems, because it's...

it wasn't insisting on it. Yeah, yeah, yeah, agreed. So in October, I think it was around about October, Snowflake said, right, from now on, if you create a new account on our systems, MFA, multi-factor authentication, is mandatory, which means even if the hackers have stolen a username and password, they won't be able to access the database because at least it'll be more complicated.

they'd have to get that six digit number or something which is regularly changing as well, a one time password. But they haven't said what's going to happen with existing accounts. I mean, maybe they should have multi-factor authentication sort of forced upon them as well. So this has been a huge data breach, as I say, millions and millions of pieces of information. And these hackers have been offering it for sale. They've been extorting money out of businesses as a consequence. And you have to wonder who was behind this data breach? Who was behind this extortion? What

What kind of villain could this be? Where could they... If you say a 16-year-old kid in his back bedroom...

I don't know. Oh, come, come, Carole. It's not going to be anyone like that. It'll be some mastermind in an undersea base protected by sharks. It'll be someone hidden deep within a volcano. Who was it? Or will it be someone who lives with his grandfather in a quiet residential street in the city of Kitchener, close to Ontario, Canada? Yes, Carole, your neck of the woods. Wow.

Well, yeah. Don't know if you want to claim any responsibility for this. No, I don't. Okay, so he's living in this sleepy hollow. There's a lot of...

I think it's Mennonites that live around there. So it is very sleepy bit of Ontario. What's a Mennonite? Like someone who lives off the land, more like... Like the Amish or something like that? Yeah, like the Amish. Like the Amish, but it's Mennonites. I think there's Mennonite communities all dotted around there. So it is quite sleepy and quiet in many ways. I wouldn't imagine they'd have a great broadband connection for downloading...

Terabytes and terabytes of information. But maybe they do. There's also very world-class tech universities there, right? Yes. Maybe they've got satellite dishes provided by South Korea. Anyway, the thing is this. At the end of October, a man was arrested in connection with the hacks that targeted Snowflake's cloud customers. And he may well be well on his way to a U.S. court because they put him in line for extradition. He calls himself Alexander Kovalev.

I don't know how you pronounce this. Mucha, M-O-U-C-K-A. He also calls himself Connor Mucha. He also uses the handle Weithu. And he allegedly was a leading member of a hacking gang that was responsible for many major intrusions over the last five years or so. Those are not my words, but they are the words of Adler.

Alison Nixon. Now, Alison Nixon, I don't know if you've heard of her. She is chief research officer at a cybersecurity firm called Unit 221B. Nope. Have you ever heard of Unit 221B? Nope. Have you heard of 221B without a unit? No.

Think of literature. Think of detectives. Who lives at 221B? Oh, very cute. Yes, Benedict Cumberbatch or Sherlock Holmes and Dr. Watson. They're all big fans. Anyway, Alison Nixon, she has been tracking Weifu online for quite a while. Okay. And Weifu and the other hackers who've been behind these snowflake breaches are members of a cybercriminal community called The Com, I guess short for community.

They are an underground network of young hackers. They're all there communicating via telegram and discord, and they're engaging in ransomware attacks and SIM swapping and cryptocurrency theft and sextortion and trolling and harassment and all kinds of nastiness like that. And according to the Waterloo Region Record, which is the local newspaper, Weifu made a big error.

And this potentially is one of the reasons why he's now being caught. He made the mistake of threatening violence. Hard to imagine a Canadian doing such a thing. But he made the mistake of threatening violence against a woman online via Telegram. Oh. But typically, Telegram is purported to be the underground's main method of communication because it's also encrypted and secret.

Well, yes, there have been questions in the past as to just how secret Telegram may be. And certainly what it has done historically is it's turned a bit of a blind eye to cyber criminal and unpleasant criminal activity. It's got a little bit more thorough about doing that since its CEO got into a bit of bother with law enforcement. He said, why aren't you doing more? Now, Weifu, he really dropped out.

A clanger. We don't know precisely what Wei Fu posted, but we do know it was unpleasant. And we also know that this woman he targeted, we know who that was. And it was Alison Nixon.

the Cybersecurity Research Bod at Unit 221B. Right. The game is afoot. Okay. I don't think this is a game. I think this sounds pretty tragic so far. No, it's a quote crawl from Sherlock Holmes. So what did Alison Nixon do? Well, she got her team onto the case. So her day job is hunting down cyber criminals. As you said, yeah. And she saw this cyber criminal having a bit of a pop.

a pop at her and saying unpleasant things about her. And she thought, I don't like this. Now, the thing is, she wasn't investigating Weifu until she saw these messages. And that obviously irked her. And she thought, right, if he's being so unpleasant, we're going to turn our magnifying glass in his direction. And so they delved deep and they uncovered all kinds of information about Weifu. And

It turned out that Waifu had been a little bit careless online. He had been writing telegram posts and saying things, and at one point he maybe shared a little bit too much information, and maybe he realised his goof.

And so he started posting up on Telegram and Discord all kinds of false and misleading information about himself under different names, under different usernames. Trying to obfuscate needle in the haystack stuff. Yes. Yeah, yeah. Yes, exactly. Creating a cloud of confusion so people wouldn't notice. He realized he'd slipped up, but it didn't deter Alison Nixon and her researchers. She

She says, we put some time into this investigation during the year where basically half of the reason he has now been identified. We have had his name for months. We've been waiting for his arrest. Well, you missed your opening line. It should have been, hell hath no fury like a woman scorned. Like a researcher scorned. Yes, exactly.

So, there are other snowflake hackers who have been tracked down as well. It wasn't just this waifu guy. Someone else of interest is someone called Kyber Phantom with a K at the beginning and a zero halfway through. He also uses a number of other aliases including reverse shell and buttholio. I imagine that's someone who's...

Very religious. Some researchers believe he might be or may have been a US Army soldier stationed in South Korea. I suspect Alison Nixon is looking into him as well. When she was asked, she said, no comment.

at the moment as to whether she knows his identity. So maybe she's also waiting for law enforcement to feel his collar too. But like you said, don't piss off the cybersecurity researchers, especially if they're not already investigating you because it may be your undoing. Or just maybe don't do bad stuff. And even better, even better way to live your life, Crow, excellent advice. And turn on multi-factor authentication if you've got a cloud bucket.

That's my advice for businesses.

So what's going to happen now? He's in the clink, this waifu guy. He's obviously going to be appearing in court. There's extradition proceedings against him. And it appears how the case will unfold from this point onwards rather depends on whether Alexander Mucha is allowed access to the internet while he's being held. Because if he can access his cryptocurrency to pay for decent lawyers, that potentially could unlock a large amount of money for him. Granddad?

Granddad, hey, I'm going to read out a number. It's long. I've got to read a passcode. Get your pen. Let me find my pen. I've got to turn on the computer, son? What are you talking about? People don't talk like that in Kitchener. They don't talk like that? No. Crow, what's your topic this week?

Okay, let's pivot. I want you, Graham, to meet our Aussie influencer, Andre Zachary Ribello. Okay. He's in his 20s. Right. And he's found himself in a bit of a pickle. But we have to go back. We're going to go back a few years, back to 2020. And at this time, Andre...

A supermarket delivery driver turned cryptocurrency day trader. Okay. Is doing pretty well for himself. Right. He is what I would call a crypto stud. A crypto stud? Yeah. You mean a bit sexy? Well, certainly he thinks so. Will you tell me? Oh, hello. Oh, I've seen pictures of him here with a young lady. Right. Okay. He's very buff in that kind of bronzed sort of Australian way, you know, sunshine and...

Yes, he's a bit too attractive for me. You're uncomfortable. I am uncomfortable, yeah. But yeah, he does have a very photogenic, beautiful girlfriend, his baby mama, in fact. And I think he must have thought, why don't I share my fortune with the world? So he hits the world of social media influencing. And he does well at this, right?

The 20-something Andre amasses a million-plus followers on the Instas?

Wow. And it's like he's publishing like it's like a lifestyle channel of sorts where Andre and his partner Grace are living, you know, the best life when it's carefree, full of riches, luxury. I hate them already. I hate them. Maybe let's channel that. Right. So let's imagine you are Andre. Right. You've got a million followers. You are running a lifestyle Insta channel.

I pretty much am. Yes. Okay. Yeah, I can imagine that. Let's say you're doing that. So what would you do to entertain this curated audience of yours? This is obviously in a very important audience because it leads to sponsorship, right? So you want to keep them happy.

And they're all people who are impressed by luxury items. They seem to be. That's what you've been posting so far. And they love. Well, that would be great. So maybe I'd contact some luxury brands of things I could include on the channel. Maybe some cars or maybe some technology or beautiful clothing or hotels. I could travel around the world going to stay at luxury resorts. That sounds gorgeous. Yes.

Yes, exactly. And opulent digs, all that stuff. And like, what would you say if your kid, for example, or a kid you liked said, you know, this was their complete dream to become one of these influencers, these lifestyle influencers? Well, I think this is not the norm. All young people want, that's the only job they want, isn't it? To be influencers, because that's what they see on their TikToks and on their Snapchats.

Somehow it doesn't sit okay with me, but I think that's probably because I'm of an older generation. Yeah, we're fuddy-duddies. No, no, no, no, no, no. We are not fuddy-duddies. You might be a fuddy-duddy. I am Gen X. Proud. Proud. You are what? A boomer? I don't know. What years? 1969? 1969?

I was born in 1969. What does that make me? Boomer. Oh, for God's sake. Anyway, yeah, I know. Suddenly people of my age

more mature generation than yours, we always think, you know, you should become a doctor or an engineer or, you know, become a solicitor or, yes, you know, sort of professional job would be the thing you just aspire to. Not this plastic fantastic promoter. I saw that expression somewhere. That's what these, I love that, plastic fantastic. You know, it wasn't invented in our day, was it? So we can't imagine that would be our job. You also find it hard to believe that it would be a long-term job. It

It might be a little bit like being a footballer or an athlete or something. It may be just for a short time before you become a little bit too craggy and wrinkly and chubby to continue. I don't know. Oh, really? The market, Graham, is booming. Is it? For the boomers? It was worth an estimated $16.4 billion in 2022. And?

And it's expected to grow to a whopping $143 billion by 2030. So, ka-ching. It's insane. It's insane. Almost two-thirds of Gen Z and millennials say they trust their social media influencers. And maybe the glue, the reason this works for younger generations and not us, is that anyone...

could theoretically be an influencer. It's not like, you know, you have to go study to be a doctor or a lawyer or all these things, right? So teens and kids can look dreamily at their phones and aspire to this carefree, almost kid-like, you know, existence. Well, it's only people who already have the luxury of having a phone and...

I think you need some luxury in your life already to kick it off. Oh, I see what you mean. Like, yes, I would agree. Let's go back to Andre and Grace here, the influencer duo, living in the lap of luxury and generously sharing their highlights with their followers. But Graham, there is a growing problem in their digital heaven. Mm-hmm.

Do you want to take a stab at what it might be? Acne. No, that's a good one. No? No. You've kind of already hit on it. They don't have their social media accounts properly protected, so a hacker could come in and steal their audience. No, that would align way too closely with the ethos of the show. No. It's all a lie. It's all a lie. He doesn't have millions. Yeah.

No, yes, exactly. Andre is having trouble paying for his proverbial snakeskin boots. While living the life, they are diving deeper into debt to the tune of $120K in Oz dollars. So this is a sticky pickle, right? Your job is to promote wealth and luxury. And what do you do to keep your followers and your sponsors on?

Like you can't just hit up TK Maxx, right? Oh, I know what I'd do. I'd buy a green screen. Oh. And then I could pretend to be anywhere in the world, couldn't I? I could fake it. But you'd have to buy a green screen. They're not cheap. Yeah, well, right. Or buy a pot of green paint. That's right. Or a green sheet. Yeah. Yeah. It's not. I mean, that isn't that much. No. You could share it around with your mates as well. You could all be doing it.

Right. And with free tools on the internet, you could Photoshop your images to make them look more convincing. Here we are on the Amalfi Coast. Or maybe you could use AI.

as well, to deep fake some of this, to make it look like you're doing things. I mean, it's extraordinary. Interesting you say that. Interesting you say that. Right. Because things get worse for Andre, right? Things get worse because while he's struggling to figure out how he can pay for his debts and keep all the balls in the air that he's got spinning, plates, balls, I don't know. Uncomfortable. His mom is found dead.

by his youngest brother. Like, otherwise a very healthy woman, she's apparently fallen in the shower. So it's like, oh my God, you know, so he's dealing with this debt, he's dealing with his mom's debt, but there is a silver lining and that's that thankfully his mom had life insurance policies and they would award Andre with upwards of a million Australian dollars. Now,

Sometimes you've accused me of being a little bit cynical, Carol. So I do have a thought going through my head. I don't want to appear unkind or unsympathetic to this poor chap who's lost his mother. Why don't you just keep it in your pocket for now? And then if you say, I knew it. All right. Yeah. But we all believe that you know it. Okay. I'm not. My lips are sealed for now. Okay. Your lips are sealed for now.

Okay. So remember this was way back in 2020. This was COVID times, right? Yes. So let's fast forward a few years. And now we have an employee. We're going to call Joni. And Joni works at an insurance company. And she picks up a claim. Right. And Joni gets a whiff of foul play. Something's not smelling right. Right. And the thing is, is that it seems that Andre took out three people.

separate life insurances worth a total of just over a million Australian dollars against his mother. He did this in the week before she died. Are you with me, Columbo? I'm with you. I'm also wondering if you also bought some extra bars of soap and left them lying around in the shower tray. That's awful. Okay, well, interesting, interesting.

Also, he has a twin sister, right? And other sibling. And he is named as the sole beneficiary. And then, just days after his mother's death, Andre started apparently hounding the insurance companies to pay out their policies. And in his pursuit of the money, it seems that Andre provided the insurers with fake records about his mother's health and death, phony copies of her medical records in a coroner's report.

And, get this, Lefty insures a voicemail using an AI voice generator to impersonate his mother's psychologist. Hello, it is Hank Gelfrand here, the psychologist. So, no surprise, this gave the authorities enough to arrest him.

And he has been found in front of a jury of his peers where he's pleaded, eventually pleaded guilty to the fraud, but denies killing his mother. I don't know. Anyway, the jury deliberated for almost two days before finding him guilty.

And he's been remanded in custody following this week's verdict and will be sentenced in April 2025. Right. So chances are he's going to get locked up. Chances are he's going to get locked up. Anyone likely to give him a pot of green paint for his cell? Is he going to redecorate the walls? I don't think he wants that. I think he wants a Lamborghini. He wants a Lamborghini and a Rolex. That is what stressed him out.

How many followers did you say he had on social media? A million plus. Presumably, he could sell his account to somebody else.

Who could take on the reins and have all those followers. I'm not offering to pay that much for it, but I'm just... Yeah, but come on, come on, come on. I think there's a Netflix story here. This guy's not building a boring curriculum vitae here. You know, a supermarket delivery driver turned cryptocurrency trader turned Insta-influencer turned criminal turned accused murderer.

turned public speaker. As soon as he gets out, he'll be on the circuit. He'll be writing a book. You're right. He'll probably have his own reality TV show. Well, he won't write a book. He'll have AI to do it.

BigID helps you uncover dark data, identify and reduce risk, take action through remediation, and scale your data security strategy through seamless integration with your existing tech stack. Start protecting your sensitive data wherever your data lives by visiting bigid.com/sensitivedata.

slash smashing. Get a free demo to see how BigID can help your organisation reduce data risk and accelerate the adoption of generative AI. Also, there's a free new report that provides valuable insights and key trends on AI adoption, challenges and the overall impact of Gen AI across organisations. So go visit bigid.com slash smashing and thanks to the folks at BigID for sponsoring the show.

Do zero-day exploits and supply chain attacks keep you up at night? Worry no more. You can harden your security with ThreatLocker. Imagine taking a proactive, deny-by-default approach to cybersecurity, blocking every action, process and user unless specifically authorized by your team. ThreatLocker helps you do this and provides a full audit of every action for risk management and compliance.

Onboarding an operation is fully supported by their US-based support team. Stop the exploitation of trusted applications within your organization to keep you running efficiently and securely. Worldwide, companies like JetBlue trust ThreatLocker to secure their data and keep their business operations flying high.

To learn more about how ThreatLocker can mitigate unknown threats and ensure compliance for your organization, visit smashingsecurity.com slash ThreatLocker. That's smashingsecurity.com slash ThreatLocker. And thank you to ThreatLocker for sponsoring the show.

Quick question: do your end users always, and I mean always without exception, work on company-owned devices and IT-approved apps? I didn't think so. So my next question is: how do you keep your company's data safe when it's sitting on all of those unmanaged apps and devices?

Well, 1Password has an answer to this question and it's called Extended Access Management. 1Password Extended Access Management helps you secure every sign-in for every app on every device because it solves the problems traditional IAM and MDM can't touch.

go and check it out for yourself at 1password.com slash smashing. That's 1password.com slash smashing. And thanks to the folks at 1Password for supporting the show. And welcome back. And you join us for our favourite part of the show, the part of the show that we like to call Pick of the Week. Pick of the Week.

Pick of the Week is the part of the show where everyone chooses to say they like. It could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website or an app. Whatever they like. It doesn't have to be security related necessarily. Better not be. Well, my Pick of the Week this week is not security related. My Pick of the Week is a movie. Not a new movie. It's been out for a few years, but I've only just seen it and I thought it was quite good.

It's a movie by Spike Lee. Have you ever seen any Spike Lee movies, Kroll? I have seen Spike Lee movies, but please don't ask me to name them. I'll know if you say it. I'll have to go look it up and I'll go, yeah, I've seen it. No, I haven't. This one's got a very unusual name. Okay. And it's kind of hard to look up on streaming services because of the way it's spelt. Okay.

So don't let that dissuade you too much. It's Black Klansman. Oh, I have not seen that. And between the words black and klansman is another K. So it's three Ks in the middle, which does give you a little bit of a clue as to what it's about. And it's a Spike Lee movie. And it's about the Ku Klux Klan, of course. And it's loosely based on the true story of Ron Stallworth. He was a detective in the 1970s.

in the Colorado Springs Police Department. And he's trying to build up a name for himself. And he sets out to infiltrate the local Ku Klux Klan chapter to expose what they're up to. And that is not an easy job for him because Ron is black.

Wow. And as you can imagine, not simple. So this movie stars John David Washington. He's the son of Denzel Washington. He was in Tenet, if you saw Tenet. Yeah, no, I did. It was quite confusing, but quite good. There's also Adam Driver in it. He's excellent. He plays Kylo Ren from Star Wars. And that's probably what he's most famous for, but he's been in lots of things. He is Ron Standing when he has...

in-person meetings with the KKK because, of course, the KKK, not a big fan of black people. Also, not a huge fan of Jewish people. And Adam Driver's character in the movie is a Jewish detective. So, again, a little bit awkward there. The movie's great. It's sometimes darkly funny. It's often frightening. When did you see it? I saw it on Netflix.

It's also got some things to say about today and some of the goings on in the US of A. So I would really recommend it. I thought it was a great movie and I can't believe I'd waited until now to see it. So that is my pick of the week. Black Klansman by Spike Lee.

Carole, what's your pick of the week? We're coming to the end of a pretty climactic year. You know, there's a lot of turmoil going on politically and natural disasters. Plus, turns out doom scrolling might not be good for you. And apparently we've all been brushing our teeth incorrectly. So, you know. And all this over the everyday stuff we all have to face has turned a lot of us into, you know, stressed out, worried, fearful little humans, which is not good. No. So what to do? What to do?

Well, I asked my therapist and one of the answers is self-care. Self-care. What's that? I said, self-what? What? So basically, it's apparently taking time to chill out. CTFD, as we used to say, Graham, in the office. Oh, yes. Calm the flip. Yeah. Yeah. Yeah.

Now, as many of you know, I'm an audiophile, so I listen to stuff all the time, books, you know, podcasts, music. What if I took time to listen to something that was very chill without a beat or a storyline? Right. And so let me present A Soft Murmur. Murmur. There's a link in the show notes, Graham and listeners. Right. So you can go have a little play around while I explain it. So on this app or website, so you go to asoftmurmur.com.

you can design a relaxing background soundscape, such as crackling fire and crashing waves or winter birds. And you can even mash them together and put them at different volumes. This is great. This is like a sound desk where you can sort of, you can put up the faders on different kinds of sound effects. I've got a bit of waves, a bit of wind. Yeah. And you can combine them all together.

And there's lots here, aren't there? I researched and wrote today's story having a crackling fire in the background. Loved it. Loved it. You did check, presumably, that it wasn't for real happening behind you. It wasn't your house burning down because that's not relaxing, Carol.

And you can send them a few bucks and get even more ambient sounds. So thank you to Mashable for the tip. I think it's very sweet and I do think it's important just to unplug. And the holidays are coming. What better excuse? My pick of the week is a soft murmur to keep the stress under control. Well, what a lovely way to end the episode. That just about wraps up the show for this week.

You can find Smashing Security on Blue Sky, unlike Twitter, which wouldn't let us have a G. And don't forget to ensure you never miss another episode. Follow Smashing Security in your favourite podcast app, such as Apple Podcasts, Spotify and Pocket Casts. And thank you to our episode sponsors, 1Password, ThreatLocker and BigID. And of course, to our wonderful Patreon community. It's thanks to them all that this show is free. For episode show notes, sponsorship info, get...

guest list and the entire back catalogue of more than 396 episodes. Check out smashingsecurity.com. Until next time. Cheerio. Bye bye. Bye.