How not to steal $46 million from the US government

A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn't stirred since 2024 - and within minutes, giant woodpecker images are plastered across the internet's favourite encyclopaedia.

Meanwhile, a crypto contractor hired to help the US Marshals manage seized digital assets allegedly decides to help himself to $46 million of it - and then brags about it on a recorded Telegram call.

Plus: Graham champions Asterix, Trisha discovers the fantasy novels of Robin Hobb, and someone called "Lick" ends up in the nick.

All this, and much more, in episode 458 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Tricia Howard.

EPISODE LINKS:

• Major data leak forum dismantled in global action against cybercrime forum - Europol.
• Ericsson blames vendor vishing slip-up for breach exposing thousands of records - The Register.
• How hackers bypassed MFA with a $120 phishing kit – until law enforcement  shut them down - Hot for Security.
• Wikipedia hit by self-propagating JavaScript worm that vandalized pages - Bleeping Computer.
• FBI arrests crypto thief accused of stealing $46 million from seized government wallet - Tom’s Hardware.
• Twitter thread by ZachXBT about John Daghita’s arrest - Twitter.
• Asterix - Wikipedia.
• Robin Hobb.
• The Complete Farseer trilogy - Harper Collins.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

• Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• ThreatLocker - Start your free trial and book a demo of ThreatLocker today to see how you can implement Zero Trust in your environment.
• Meter - Network infrastructure for the enterprise. Get a free personalised demo.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.