How a cybersecurity boss framed his own employee
Smashing Security
Graham Cluley
4.7 • 579 Ratings
🗓️ 5 March 2026
⏱️ 50 minutes
🧾️ Download transcript
Summary
When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker... who promptly sent an innocent colleague into a career-ending ambush.
In this episode, we unravel the jaw-dropping tale of a defence contractor caught selling zero-day exploits to a Russia-linked broker.
Plus: are nation states quietly poisoning AI models to bend reality itself? We explore how “foreign information manipulation interference” could target not just social media users, but the large language models we increasingly trust for answers — and what that might mean for truth, trust, and the future of online influence.
All this, and much more, in episode 457 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Carl Miller.
EPISODE LINKS:
- Large-Scale Online Deanonymization with LLMs - Simon Lermen.
- Hacked Prayer App Sends ‘Surrender’ Messages to Iranians Amid Israeli and US Strikes - Wired.
- “Stay safe out there gamers”: Streamers say Amazon just made Wishlists a doxxing risk - Daily Dot.
- Apple alerts exploit developer that his iPhone was targeted with government spyware - TechCrunch.
- Former General Manager for U.S. Defense Contractor Sentenced to 87 Months for Selling Stolen Trade Secrets to Russian Broker - US Department of Justice.
- Treasury Sanctions Exploit Broker Network for Theft and Sale of U.S. Government Cyber Tools - US Department of Treasury.
- Inside the story of the US defense contractor who leaked hacking tools to Russia - TechCrunch.
- Hundreds of English-language websites link to pro-Kremlin propaganda - Guardian.
- The Incredible Shrinking Man - Internet Archive.
- “The Immortalists” by Aleks Kortoski - Penguin Books.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
SPONSORS:
- Action1 - Keep your systems safe (and your sanity intact) with the patch management platform that just works. The best part? Your first 200 endpoints are free, forever, with no functional limits.
- Meter - Network infrastructure for the enterprise. Get a free personalised demo.
- Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!
FOLLOW THE SHOW:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript
Click on a timestamp to play from that location
| 0:00.0 | You know, look, you are fired, but at least you are in a world-class city where you have some extremely interesting tourist options of your fingertips. |
| 0:11.2 | Madame Two-Swords, though, is very expensive, isn't it? And probably overrated. I'm not sure. |
| 0:16.2 | Listeners, write into Graham, if you are, as furious as I am with a suggestion that Madam Two-Sorts is overrated. |
| 0:22.8 | I'm now going to get emoes from the C-So of Madame Two-Sorts. |
| 0:36.0 | Smashing Security, Episode 457, how a cyber security boss framed his own employee, with Graham Cluelly and special guest Carl Miller. |
| 0:46.3 | Hello, hello, and welcome to Smashing Security episode 457. My name's Graham Cluelly. |
| 0:51.8 | And I'm Carl Miller. |
| 0:52.7 | Carl, welcome to the show first time on Smashing Security. Fantastic to have you here. I know. I can't believe it's taken you 457 epastone, Graham, to finally have me on. It is rather outrageous, isn't it? I do apologise. Yeah, you must have had some people on about five times by now. Oh, some of them. |
| 1:11.1 | Oh, my goodness, scores of times. I think that page on my roller decks must have just, |
| 1:15.5 | that's actually aged me, hasn't it? Mentioning in Rolodex. Must have just fallen out somehow or another. |
| 1:22.1 | Now, Carl, for anyone who hasn't encountered you before, and more shame on them if that's the case, |
| 1:29.0 | who are you? And why might they have heard of you? Well, I'm a technologist and a writery. I always kind of |
| 1:34.9 | gel those two things together. So I am a co-founder of a information integrity group of |
| 1:39.8 | technologists, lab, I suppose you call it, called Kazim Tech. I think tanker. And people might have heard, I guess, in the cybersecurity world of me, if they have at all, via a podcast that went out at the end of 2024 called Kill List. |
| 1:53.0 | Now, Kill List was quite a sensation, wasn't it? I mean, it was a really popular podcast, and it was about a fascinating topic topic which we have touched upon in the past |
| 2:02.0 | sometimes here on Smashing Security. Do you want to share a little bit more about what that was |
| 2:05.8 | about? Sure. Well, if the name hasn't completely given it away, it was really about a kill list. |
| 2:10.9 | It was... |
| 2:11.1 | Genius. |
| 2:12.8 | Yeah, I know. We like to describe things directly in the killlist team. It's about a assassination market |
| 2:19.3 | sitting on the dark net. So it was a long investigation that me and colleagues did, essentially |
| 2:24.0 | working with a hacker called Chris who managed to gain access to the site, broken, and found |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Graham Cluley, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Graham Cluley and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.