Investigative journalist Geoff White has spent a lot of time inside the leaked communications of Conti — the Russian ransomware gang that ran like a corporation, hit Ireland's national health service, extorted the Costa Rican government, and pulled in $180 million in a single year. Geoff joins us to break down how Conti operated, the internal moral debate over hitting hospitals, the jewellery heist that spooked them into apologizing to Saudi royals, and how he tracked down rare video of the gang's elusive alleged boss, a man almost nobody had ever seen. It's a preview of his new BBC series Cyber Hack, dropping June 1st.

Learn more about your ad choices. Visit podcastchoices.com/adchoices

We return to one of the more interesting ransomware as a service stories of the last few years; the story of REvil and it's recently (allegedly) named operator. Also the big mythical thing that happened.

Learn more about your ad choices. Visit podcastchoices.com/adchoices

Heads up, the guy in the opening story survives — realized in editing it's kind of stressful if you don't know where that's going. In this chat episode we start with a coin toss on which story to start with, which leads us on an adventure into the world of America's favourite private security camera network, Flock, searchable by law enforcement without a warrant. Cool stuff.

Learn more about your ad choices. Visit podcastchoices.com/adchoices

We start this chatty chat looking at the legacy of EternalBlue, an NSA-developed cyberweapon that leaked in 2017 and powered global disasters like WannaCry, to explain a new mobile threat called "Coruna." Just as EternalBlue likely escaped government chain of custody to become a tool for mass digital carnage, Coruna is a sophisticated iPhone exploit framework leveraging 23 vulnerabilities that has similarly migrated from elite surveillance into the hands of broader cybercriminal groups. This "EternalBlue moment" for mobile marks a shift where nation-state-grade tools, capable of silently hijacking devices via compromised websites, are now circulating freely in the wild.

Also, cute little Macbooks!

Learn more about your ad choices. Visit podcastchoices.com/adchoices

In this chatty chat episode, we kick things off with a primer on one of the oldest methods of stealing money—made new again in the age of crypto: the $5 wrench attack. It’s a simple tactic, but it has enabled some surprisingly significant damage.

We also cover recent incidents, including the DJI robot vacuum hack, and wrap up with an in-depth discussion on AI harnesses.

Learn more about your ad choices. Visit podcastchoices.com/adchoices

A lot of modern AI models have a kind of security guard layer that sits in front of them. Its job? A binary choice as to whether the prompt heading into the model is safe or not. Kasimir Schulz, a lead security researcher at HiddenLayer, has been researching how to trick these models. Their solution, a technique called "Echogram" involves words with such positive statistical sentiment — such overwhelming good vibes — that it flips that verdict.

Learn more about your ad choices. Visit podcastchoices.com/adchoices

Two FBI agents. One room. One of them is the most damaging spy in U.S. history.

Robert Hanssen told a lot of lies — including a really weird one about booking the Beach Boys for the FBI. That lie didn’t matter all that much, but the others did. For 22 years, Hanssen sold America’s deepest secrets while hunting moles inside the Bureau.

With retirement looming, the FBI set a trap: a fake department, a fake job, and a young agent named Eric O’Neill placed three feet from the suspected spy.

This episode is our conversation with Eric O’Neill — the man tasked with spying on the spy — about lies, tradecraft, psychological warfare, and the sting operation into what the DOJ later called “possibly the worst intelligence disaster in U.S. history.”

Learn more about your ad choices. Visit podcastchoices.com/adchoices

Pokémon cards became a billion-dollar market—and then a massive fraud target. This episode follows the rise of ultra-rare Pokémon prototypes, the grading systems meant to protect collectors, and the amateur investigator who used codebreaking and printer forensics to expose a modern forgery ring hiding in plain sight. All that plus a nice chatty chat after the break to kick off the year.

Learn more about your ad choices. Visit podcastchoices.com/adchoices

It’s the 2025 Chatty Chat year in review friends! We’re diving into a big old pile of stories from the past year and speculating on what’s to come in 2026. If you’re wondering where this sits on the "in-depth interview vs. casual chatting" spectrum, just know we spend a considerable amount of time talking about how rad the Switch 2 is. This is not a deep dive, just a good time.

Learn more about your ad choices. Visit podcastchoices.com/adchoices

A deep dive into Lighthouse, a phishing-as-a-service platform linked to millions of scam texts worldwide, and the sprawling “smishing triad” ecosystem built around it. With security researcher Ford Merrill, we unpack how modern scam operations work at industrial scale — from fake e-commerce sites and mass SMS campaigns to the wallet-provisioning techniques that let criminals turn stolen credit cards into tap-to-pay phones. 

Learn more about your ad choices. Visit podcastchoices.com/adchoices

For the last few years, Grindr has branded itself as the global gayborhood—a digital safe space for queer communities. But a series of European investigations raised serious questions about how the app handled user data. In this episode, we talk with Chaya Hanoomanjee of the law firm Austin Hayes, who is leading a major UK claim alleging that Grindr shared sensitive user information, including in some cases health data, without proper consent. We trace the story from Norway’s multimillion-euro fine to the 12,000-person UK action and unpack what “special category data” actually means, why these cases matter, and what we’re all really agreeing to when we tap “accept.”

Learn more about your ad choices. Visit podcastchoices.com/adchoices