157: Grifter

Man, last Defconn was wild. It is up there It's like one of the top ten best moments of my life and I don't think I ever told you about what happened See Defconn is an annual hacker conference in Las Vegas and it's my favorite conference in the world It's just so inventive and fun and brilliant and weird Defconn is just built different like of course there's talks and places to get hands-on doing hacking But at night most conferences just shut down not Defconn Defconn goes all night long At night they clear out the chairs and the lecture halls and they turn them into party spots And there's not just one party going on There's like a DJ and track one and there's an arcade set up in track two and there's nerdcore rappers on stage live in track three Keep walking and you'll find even more parties around the conference It's an adventure to find all the things happening and that's just that Defconn There are literally dozens of other parties all over town to hotel room parties bar meet-ups pool parties and Vendor parties of vendors sometimes spend over a hundred thousand dollars on a party But written out a whole nightclub and giving up free drinks and food to their customers with all these parties I got to thinking you know what I should throw a party a dark net Diaries party now You might be wondering Jack I heard you're a private person and nobody really knows what you look like that's true Well, then how do you go to these conferences and meet people? Ah? Here's my secret. I wear a disguise. I put on a big black hat dark sunglasses and a bandana over my face I kind of look like an old-time bandit in this costume and it's perfect Nobody knows what I actually look like and I can still meet hundreds of people if I want in fact I've worn this costume so much that everyone seems to know me when I wear it. It's my brand It's my look and when it's on people stop me all the time and say hi and talk with me. It's great I love that I can't walk ten feet in Defconn without someone shouting my name and saying hi But when I take that costume off Nobody knows it's me and suddenly I'm an anonymous face in the crowd And I love that anonymity is my default state and I can turn on the notoriety whenever I want I don't want people to know what I look like so that I can live a nice private life I love the attention I get from this show, but I also love that I can turn it off when I want So my big idea for this party at last Defconn was to step up that anonymity even more Everyone knows I am the guy with the big black hat the sunglasses and the bandana around my face What if I gave everyone that same costume when they came to my party that way? Everyone is Jack reciter I pitched the idea to Defconn they accepted it and showed me which ballroom I get and I rounded up 20 of my friends And we had it all planned we had four DJs to video DJs and so much more. It was great I ordered 800 black hats sunglasses and bandanas and the party got underway the room filled up instantly 400 people came pouring in through the door and they were all given these costumes and they put it on they played the game But the real test was could any of them find me in this crowd now where we're all wearing the exact same costume Amazingly no, I was extremely hard to find actually some people came in looked all over for me Couldn't find me and then left and then tweeted. I just went to Jack reciter's party. He wasn't even there Now I was going up to people and I was asking him Hey, where's Jack and nobody knew I tried to convince a bunch of ladies like hey I'm actually the real Jack reciter and they just laughed at me and walked away It was amazing to have all these people come to my party but I just had this very calm and happy and serene kind of experience to it because I could just float through the crowd and Enjoy it without being mobbed by everyone that usually happens and I wasn't even maskless This is my party and no one can find me. It was hilarious to me, but it didn't stop there I thought you know what I want to put my fans to the test I believe that my fans you the listeners of this show are the best Sweetest nicest people in the world and I want to prove that I want to somehow Be vulnerable to them to give them a huge amount of power over me and to see How they react to such power? I want to give them so much power that they could ruin me and I want to see if any of them abuse it And so I thought okay. I'm here at Def Con. What's the worst idea? I can come up with to do in this party and it hit me Let the party attendees control my Twitter account She should everyone looks like me already might as well be able to tweet as me too, right? So I set up this if this and that trigger so that when you text a phone number it automatically tweets what you texted it No moderation no filters just trust Well, I couldn't figure out how to get photos to work So it was just text and I did block URLs kind of the one thing I blocked And yeah, we set up a projector on the wall And we had a live feed of my Twitter and it said text this number and it will treat as Jack and people texted Holy cow dozens of text started flying in but the automation kept up And it just tweeted everyone that it got people were testing it at first just seeing if it was real like like someone said meow And someone said does this work and then people started writing their names up on there David was here and I love you Andrea and then ascii art started showing up and memes started getting posted I was real nervous watching the screen, but a bunch of people were standing around watching the tweets coming with me They had no idea it was even me and they couldn't believe that Jack was so stupid enough to hand over his Twitter to Def Con I mean, they're right, you know of all the places to do that Def Con is the worst These hackers to face anything for fun and delete and destroy stuff. This is a terrible idea I'm gonna get canceled something is gonna be posted that is going to be absolutely awful for me But like I said, it was a test to see how awesome my fans are to be vulnerable with them and to see if they abuse that power And you know what they didn't disappoint me. I think the spice use tweet I saw was I'm so horny right now But after a couple hours and hundreds of posts to Twitter Twitter rate limited me and they ruined the fun They they busted the party and blocked me from tweeting for like 24 hours Which which I think is a fitting way of ending that whole experience like it went out nicely I didn't get banned. We just got rate limited But by that point the place was packed and we're gone out of which one was me and I was just surrounded by people and it was great Fine, we were having a blast But what I didn't know is that there were another thousand people in line trying to get into this party And I know it was a thousand people because someone grabbed a box of pencils I had a thousand pencils in the box and handed one to each person in the line and they ran out of pencils by the end We ran out of everything hats bandana stickers sunglasses bracelets. I think I met 1500 people total in that weekend because I brought 1600 bracelets and I gave them all away Defcon is known for long lines, but there were so many people in line for my party Even defcon told me they have never seen a line that long for a party ever And that line was possibly the longest line of the whole conference that weekend Barely being longer than the merch line, which is always super super crazy We eventually couldn't hold them back anymore We just opened up the doors and let it rip and it was a madhouse in there And I think the party went on for like six hours all night long And I used every drop of energy I had But man was it worth it? That was the best time I've ever had at defcon And you know to this day I still get people sliding into my dms on twitter asking Why did you say this tweet man? And they're mad at some like hot take I had or something And when I look at the tweet and I wonder I don't remember ever saying that But then I look at the date and I see that it was posted on august 10th 2024 And that was the night I will never forget And it always puts a big smile on my face whenever I see a tweet from that day This is darknet diaries This episode is sponsored by delete me delete me makes it easy quick and safe to remove your personal data online at a time when Surveillance and data breaches are common enough to make everyone vulnerable Delete me does all the hard work of wiping you and your family's personal information from data brokers websites Since privacy is super important topic to me a few years ago I signed up delete me immediately got busy scouring the internet from my name and gave me reports on what they found Then they got busy deleting things. It's great to have someone on my team when it comes to my privacy Plus the new york times wire cutter has named delete me their top pick for data removal services Take control of your data and keep your private life private by signing up for delete me now A special discount for darknet diaries listeners get 20% off your delete me plan when you go to join delete me Dot com slash darknet diaries and use promo code dd 20 at checkout The only way to get 20% off is to go to join delete me dot com slash darknet diaries and enter code dd 20 at checkout That's join delete me dot com slash darknet diaries code dd 20 This episode is sponsored by Shopify starting your own business can be really hard full creative control sounds great Until you have to make the logo and design the products and the website and respond to customers and loads more All on your own what you need is a tool that can help you out and simplify key parts of running a business for millions That tool is Shopify Chances are you're going to need a website and Shopify's design studio ready with hundreds of ready-to-use templates Is there to help you build an online store to match your style next marketing Shopify helps you easily create email and social media campaigns Wherever your customers are scrolling or strolling and best yet Shopify manages everything from inventory to international shipping to returns and beyond if you're ready to sell You're ready for Shopify start your business today with the industry's best business partner Shopify and start hearing Sign up for your one dollar per month trial today at Shopify.com slash darknet go to shopify.com slash darknet. That's Shopify.com slash darknet Grifter how'd you get that name? So, um, I always cringe a little bit when someone asked me this question because uh, like many nerds out there I used to read the dictionary as a kid I looked for interesting words words that I liked and the definition that I came across of grifter was a person at a circus Or carnival who runs freak shows or games of chance? And I was like, oh, that's badass And then it said again also the more widely known a con artist and I was like also cool I'll take it. So yeah, so I started using it for names on like video games. I would put in grifter You grew up in new york yeah, long island And uh, what was computers like for you growing up? I was you know, I grew up part of the nintendo generation. So I was really into video games and My parents are divorced my dad and live with his brother And so his brother my uncle was was a computer tech back in the 80s So he had a computer and I have ADHD on a on a fantastic level But sitting in front of the computer or putting electronics in front of me was one of the things that could keep me still And so he encouraged me to do that as often as possible I started playing games on the computer which eventually led to My first online experiences which were dialing into pirate bulletin board systems to download pirated games Back then you were really really lucky if you had a computer at all in your house Nobody understood how they worked and they were very expensive And the problem with pirated games is that they riddled with malware and viruses So grifter would download a pirated game install it and then suddenly his uncle's computer was all screwed up Of course grifter didn't want to get in trouble for messing up the family computer So he sort of had to learn by fire how to troubleshoot the problem He caused and this forced him to skill up at understanding computers He wasn't just a user anymore. He was becoming a super user Yeah, I think that's the thing is like we were forced to learn a lot of different things at those ages Because we had to learn a little bit of everything like it wasn't just done for you Like even being able to get online at that time alone required a certain amount of skill like in order to You know configure a modem and dial the right numbers and get everything put in correctly and you know connect to different bbs software required different Settings and stuff and because it was like that it meant that There was an assumption that if you were online that you were an adult I could post things and nobody knew that I was 10 years old and I really liked that But grifter was quite a mischievous troublemaker and he gravitated towards the darker parts of the internet So the pirate bulletin board stuff and posting on there eventually led to somebody on one of the bbs is saying like Hey, just based on the stuff that you're posting. I think that you would really be interested in this other bulletin board and they posted a number and I dialed it up and it was a hacker bbs and I Went crazy basically. I thought it was the best thing ever I read everything on that bbs like all of the text files about You know the different systems that were out there, you know basic commands for different things Like I was like fantasizing about operating systems. I'd never You know contacted before and being like, oh, I can oh, I can do this. I can do this And and it wasn't just different operating systems It was oh the computer viruses and like how to write a virus and do all these different things and I Was fascinated by it and I just Loved all of it and that was it. I was in I know exactly what he means by being in I got on bulletin board systems too when I was young or bbs's and it was strange and weird and I didn't get it So I didn't enjoy it But when I got in aol, I found some chat rooms where a bunch of people were just talking all at once in real time And that blew my mind I was instantly hooked on chat rooms and would spend countless hours just talking with tons of people That's when I fell in love with the internet. I was in I soon discovered IRC after that and I've been in ever since And Living where I did I thought like, okay. Well, I'll probably never leave new york Right, like I didn't the idea of like traveling the world and doing things like that was was as foreign to me as those places were But a computer changed all of that I could Dial into a system and hop from one to the next to the next across networks that were traversing undersea cables and Ending up in other countries. I never thought I'd get to travel to and I thought Well, if I access a system, let's say in amsterdam I know that when I do that and I'm interacting with that machine The the lights on the modem or network card are flashing and the hard drive is spinning up because I'm accessing files from there and in my 12 and 13 year old brain. I felt like Like I was I was there like it was my way of touching A place that I didn't think I'd ever make it too physically Like I knew that it was in a closet somewhere and nobody could see it But somehow and in some way I was physically affecting that environment So that's what he was up to online, but in normal life in the meat space He was constantly getting in trouble So growing up without a lot of money In an area where people didn't have a lot of money. I I would say I wasn't a good kid. I've been trying to make up for it ever since But we did crimes like a shop lifted like crazy around every scam you could run We would steal cars. We would break into cars and steal stereo's and speakers. We would uh, I lived near a marina We would go rob the boats like we'd break into houses We fought people constantly for fun like it wasn't okay. Tell me about one of these fights. Okay, so I I like fighting like I like physical Fighting. I don't know why I think it's just something it I enjoy it. I know that makes me sound like a psychopath but um, I like Facing off against somebody else and seeing where you come out on it at the time it was just we would get in In fights with either random people or people from like, you know, rival gangs that kind of stuff where it was just like, okay um, you're in some part of town that you're not supposed to be in I'd just get into fights. I'd go Pick a random fight. I'd fight two people at once I would just I liked fighting and a lot of my friends were the same way And sometimes we would just go out and just get into as many fights as we could get in He says the area he was in had a lot of this stuff happening As a kid if that's all you see Then you kind of assume that's what everyone's like I thought that was like normal when I watched tv and I saw the types of things that you'd see on like, you know The disney channel or something like that some disney channel original movie I was like that's fantasy like this is a fantasy world that people wish existed I didn't realize that there were people who grew up in towns that one looked like that or that people Behaved the way that they did I didn't know any different right? I didn't know that it wasn't normal to like Walk home at night and if a car is coming like dip behind a tree or a telephone pole because You might end up Hurt right like you might end up in a bad situation like I didn't know that that wasn't a normal thing um, and so it was in part Survival in another part you like make a reputation or get a name for yourself where it's like, oh, okay. Well Yeah, don't get in a fight with him because you'll lose My thing was like I I can take a punch and I can get hit a lot and It's really hard to knock me out Grifter's world was rough and to get ahead it felt like you had to break some rules There was a chain of stores that are there kind of department stores Like a k-mart type of thing actually or something like that where a couple of friends we'd all go on a saturday And we'd go out to the store and we do like the barcode swapping like so sticker swapping so you just go out Swap the sticker on something so you'd see like a crystal bowl and then there'd be another Glass bowl and so you take that and you'd swap the price tags on it So the glass the crystal bowl that should be 300 dollars You go buy for 30 dollars and then you swap the tags back and then you go return it And we'd just go out on a saturday and we'd hit like seven or eight stores and we'd like We'd go buy it at one store return it to the next one buy some other stuff at that store Go return it at the next one go do like stuff like that and for a small crew of people we were Pulling in some pretty decent money None of my friends were into computers at all but I was and so I knew How to do some things that they had no knowledge of Like carding is what we called it back in the day, which is basically just Really identity theft and like credit card fraud And then order a bunch of stuff like computer parts or clothes or different things and get them shipped or mailed to Abandoned houses. I just leave a note on the door that said like hey ups guy like not home Please leave the package under a blanket So that was something that my friends wouldn't know how to do naturally that I kind of taught them right like here's how we do this and then we can make some money And so then we had essentially stolen goods that were sent to us And then we would just some of the stuff we got that we wanted to keep and other things were Things that we would then go and resell and get money that way He was ordering things like Tommy Hill figure jackets Fila shoes and other street wear at the time So he was looking fresh everywhere he went and he would sell it for cheap too He would be your hookup and of course along with this lifestyle came drugs So he dabbled in that partaking in it himself for a while But then he quit he he didn't like how it was ruining his brain He saw his brain as a very important thing that he didn't want to lose But he saw that other people were doing drugs and he saw this as an opportunity to make money from it So he sold it. I did all this like physical like meat space like crime normal crime during the day Like I was like just a like I said kind of a kind of a shitty person like a shit kid doing all this random stuff But at night I was still completely wrapped up in the hacker world, right? But then eventually I was just breaking into different systems and I got into a system that ultimately turned out to be a large um credit card provider a credit company At first he didn't know he was in a credit card provider the internet's a dark place You don't always get to see where you're going and hacking back then was barely even hacking And that's the thing that is different about the time that we grew up in versus I think what we have with like hackers now Is that we do talk about these things like their Massive achievements like it's like oh when I was a kid I broke into NASA And it's like when you were a kid you logged into NASA You just had to know an IP address or a phone number to connect to you And if they had security at all it might ask you for a username But it didn't always like you could just type anything in and it might let you in Or you could just wait and it might just time out and then let you in It wasn't hard to hack back then But nobody knew what they were doing So it kind of was hard because there weren't tutorials on how to do any of this stuff So if you just tried enough places you might end up finding something that did let you in And that's how he got into this company a credit card provider And while he's in that network he was looking around to see what files were there And he found some training manuals for how to process a new credit card So basically after someone passes their credit check An employee at this company needs to issue them a card And this training manual shows exactly how to do that And so here grifter is inside the company inside the computer that is used to internally create a new credit card for a customer And he has the tutorial on how to process it And I went looking for the database and then when I found it, um, you know, it was not too difficult to then Figure out what I needed to fill in and where And the initial one was I was just like I wonder if I could do this I wonder if I put in if I fill in these fields if I could get them to send me something And I filled out the fields appropriately and put in an address that I had been using as a drop for for some of the carding stuff And then I waited and then a couple I just watched that house and I checked the mailbox and You know every couple days or something to see if anything had been delivered And eventually I one day I opened the mailbox and there was an envelope in it from the credit card company And it had a card in the name that I had put and I was Elated and horrified um in equal measure I was like, oh my gosh like it created this kind of like excitement mixed with panic because I was like, oh, this is This is real crime. Like this is actual This is actual bad Even though all of the other stuff was real crime something about that made it very Real to me like holding it in my hands and I remember Running home going into my room opening up holding the card in my hand and then just being like Oh my gosh He laid on his bed and just held it up staring at it His very own credit card And one he doesn't have to pay back because he put a fake name on it And the credit card company has no idea who he is to try to come after him And the letter said there's a five thousand dollar limit on this card Wow after daydreaming about it for a day or two. I realized You can't ever use this like you're not going to be able to walk into a store in a mall at you know 15 years old And walk up with your credit card and buy whatever like it just didn't seem I didn't realize also that people there are kids that did that and other places in the in the world like but um But I just thought there's no way anyone's going to believe that you should have a credit card So I just sat on it And I was like But I was I was like I wonder if that was a fluke. Let me see if I can do it again Again, I sent another one to a different house and again it showed up And I was like, okay. I've got something here. I'm not quite sure what because I know I can't use these What can I do with them? There was a guy he knew the dad of one of his friends and this dad was part of a group that did organized crime Like in new york fireworks were illegal But this dad would have grifter and some other kids go around and see who wanted fireworks Almost like they're going around selling Girl Scout cookies And then you put your order in of what fireworks you want and then a few weeks later Grifter would come back and deliver the fireworks to you In fact, this guy was so into organized crime that he was often hanging out with mafia type people and had connections to some pretty serious criminals because I knew that he had some connection to like actual criminals like I Approached him and said like hey So I can do this thing where I can get access to to credit cards with higher limits on them and I don't want to use them. I don't want to be on camera in stores I don't want to do anything is that something that you or you know Your people would be interested in and he was and he was like, yes Like he just said to me like yeah, yeah, I would And I'm like, okay, and he's like, let me talk to some people or whatever And he's like, what are we talking here? And I'm like, I don't know $5,000 $10,000 Whatever whatever and he's like, let me find out what I can get you And then he came back and said oh well, I need to know. It's real. Do you have Do you have something to prove it? Da da da da, I said sure got him one of the cards that I'd gotten And I was like that one's you know $5,000 and he's like, well, I'm I can give you 10% for that And I'm like, okay So I get 500 bucks like and he's like, yeah, and then he peeled off $500 bills and said This better work and I was like it'll it'll work and then I was terrified because I was like, what if it doesn't work? Oh my gosh, right? But I saw I was like don't spend the money right like don't spend the money But now I'd been handed money for something that I was like, okay This is like this is actually a little bit nerve-wracking But it worked right and then he came back and he was like, okay great Can you do it again? And I was like, well, I already have I have one right now He's like, all right, go get it right and I went and got it and then I gave it to him and then he again he peeled off another 500 bucks and he's like Just come to me whenever you got it and I was like all right So grifter logged back into the credit card company and processed another card under another fake name And that was going to another abandoned house and this was making money for him But this guy wanted more much more and grifter would get in arguments with him saying man If we do too much, they're gonna know and they're gonna shut us down But if we take it slow, we can keep things going for a while and grifter was right He would only give himself a new credit card every two weeks and that allowed him to keep it going for two whole years I don't know how long that worked because I eventually just stopped doing it like I and about 17 years old I decided that I needed to get out of my town Was sitting in the back of my friend's car and he said Just wait until we're like 25. We're gonna own this town They said own what are you kidding me? Holy shit if I'm still here when I'm 25 You guys killed me I was like, oh my gosh. I have to get out. I have to get out of this town And so I didn't have money right. I didn't have a way to pay for college I didn't have a way out and a common response to that is I went to the military What you went to the military? Yeah This is a this is a I would not expect to life of crime Hacking drugs and then suddenly Yeah, this was a massive shift in my brain And I just said like I have to go and I have to do this immediately And while I was still a senior in high school like signed the papers man and committed to go My parents had to sign me over because I wasn't 18 and I and I went into the military when I was 17 years old So as soon as I graduated I went into the air force And that is that was an incredibly eye-opening experience for me as well because right into basic training I met people who they've never been in a fist fight before Right and I was like how Like I just it could not comprehend how how did you not? Run your mouth at some point to a level that somebody wanted to put their fist in it And then I'd hear the stories about how they grew up and I was like what? My mom tried to raise me like with morals and whatever and I did pretty good in some areas and really poorly in others But the air force core values are our integrity service before self and excellence and everything you do And I took that to heart. I didn't even really know what integrity meant at the time like I'd heard the word But I didn't really know what it meant and essentially to me the way that I took it was it's like doing the right thing Even if nobody's looking Right and I was like, okay, do the right thing even if nobody's looking great Service before self. Okay, so put others before you always try to put others before you okay I'll try to do that and then like excellence and everything that you do That was something that my mother had already instilled in me as well where she was like if you're gonna be she's like I don't care what you are if you're gonna be something be the best at it Whatever is you gonna grow up and you're gonna be you know Janitor be the best janitor there is you're gonna be a surgeon be the best surgeon there is But if you're gonna put effort into something if you're gonna spend your time on it Be the best right and so like those those core values those like air force core values really Like took hold and the military was really good for me because it like forced me to be an adult It put me in a situation where it was like, oh you have to you you can't just tell somebody what you think of them Just because you think it you can't swing on someone because they mouthed off to you You have to show up here on time and you have to come ready to do the hard things and all whatever the military was Super super good for me. He got stationed in utah and in the air force. He was assigned to fix f16 avionics He wanted to do computers, but you don't really get a choice They just tell you what to do But it was cool to sit in a cockpit and swap out instruments And he was even deployed to the middle east for a while But after a while the whole thing was starting to frustrate him if there's anything that just riles me up Or a pet peeve of mine. It's like inefficiency And the military is really inefficient. So I would be like, hey if we change this process It would save us this many hours and probably this many parts and all the sort of ever and they would be like Just do it the way the air force tells you right like and I hated that. Oh, I hated it And then also in a lot of cases you get rank because you've been there longer or you test better than other people It's not about leadership experience And so you'd have to take orders from people who were making poor decisions and I just couldn't do it I was like one. I can't keep my mouth shut to like I I just I can't handle it like as a person and so I was like I've got to get out And so when I got out of the military, I only knew how to do two things and it was work on f16s or break into computers and so I was like, okay. Well, I guess I'll go back to break into computers Stay with us. We're going to take a quick break, but when we come back with your breaks into computers This episode is sponsored by spy cloud with ransomware affecting 85 percent of organizations in the past year And phishing becoming the top entry point to ransomware taking action on your company's exposure has never been more critical I recently visited spy cloud.com to check my dark net exposure And was shocked to discover just how much stolen identity data criminals have at their disposal spy cloud's new identity threat report Reveals that nearly half of all corporate users have been infected by infostealer malware at some point with 63.8 billion distinct identity records now circulating on the dark web the scale of this threat is staggering What's even more alarming is that only 38 percent of organizations can actually detect these historical identity exposures that create ongoing risk Knowing what's putting you and your organization at risk from stolen credentials to session cookies to pii Is critical for protecting against identity based threats like account takeover session hijacking Yes, even ransomware with spy cloud You're never in the dark about your company's exposure from third party breaches successful fishes or infostealer infections Read the full report and check your dark net exposure for free at spy cloud.com slash dark net daries. That's spy cloud.com slash dark net diaries Now grifter was stationed in utah and one stayed over from utah is nevada Where the biggest hacker conference in the world is def con So I knew about def con from the first def con But being poor and being like 14 years old or something when when def con started I was like well my parents are never going to take me to los vegas and I can't afford to go there myself It was like a month or two months before I was separating from the military Def con 8 happened in 2000 and I was like screw it. I'm going military be damned. I'm gonna go And so I I did I went I went out to def con and you know met my people essentially it was great. It was incredible experience What makes you connect with the people at def con? So yeah, I'd been to small hacker meetings before but going and and at the time it was probably I don't know there might have been a thousand of us or something like that at def con 8 if If that I love the fact that you could just Anybody could be talking about anything you could walk up to somebody and be like what you guys talking about And they'd start talking about something and whatever it was it was interesting like you know There was something interesting or there'd be people crowded around a table With like computers and like some electronics or something or whatever and they're like oh, we're trying to get this thing to do this Like I had this idea in my head that I was like oh man if we could actually take all these people and like stick them on an island and just be like Here's the problem that we have can you solve it that there was like nothing that couldn't be solved And so I knew like I knew from that first time I went that I would always go to def con that that would be it I felt the same way the first def con I went to was def con 17 and that was back in 2009 and yeah The place feels magic. It's electric. It's amazing And I was hooked from that first visit and I've been going for 15 years now at def con 8 A buddy of mine had brought 20 t-shirts or something that he had brought and I was like what's the t-shirts for and he said Oh, I'm gonna sell the t-shirts when we get there and we road trip down right so he was like I'm gonna sell the t-shirts when we get there 20 bucks a piece and that will fund my weekend So it'll pay for the hotel. I'll get to eat really good Or whatever it'll pay for def con and I'm like, oh, what a cool idea So the next year I decided I was gonna make t-shirts, but I Don't do anything halfway. And so I was like, okay. Well, I'm gonna get a table in the vendor area I'm gonna make a t-shirt and I gotta had a really nice design put together and I ordered 320 t-shirts 20 to trade to friends and to other t-shirt vendors and 300 of them to sell So I took them down and we sold them all in the in the vendor area. It was a really nice design So they were gone and I was like sweet like I just made a bunch of money like off of Sellin t-shirts and then I met Russ Rogers Russ Rogers is one of the conference organizers and as grifter to goon next year Which basically means to volunteer to help with the conference. There's a lot of different types of goons There's crowd control goons speaker assistance Technical support and other things like helping with the vendors or contests But at the time everyone had to start at security, which is like crowd control and checking badges And there are massive lines at def con and someone has to keep them all in check So he took the role of goon and was part of the def con staff at def con 10 I was a security goon and then at def con 11 I went and I was a vendor goon And yeah, and then I've been a goon ever since so from def con 10 So now this year will be def con 33 Gosh, that's 23 years of being with def con at this point and because of his attitude of being excellent and everything He does he quickly started taking on more responsibility at def con I started doing things like I ran the def con forums with another guy Who went by null tone? The two of us were with the administrators for the def con forums at the same time that I was gooning I was a vendor as well. I never stopped selling t-shirts. So I was a goon a vendor I was administrator for the def con forums. I ran the def con scavenger hunt Oh, and then starting at like def con 10. I started speaking. So I spoke at def con 10 11 12 13 or whatever and And so I was busy, right and then somewhere in there as well I eventually started running all the technical operations for black hat Black hat is another hacker conference in vegas and it's happening the same week as def con And they're both started by the same person dark tangent But black hat has an entirely different vibe over there. It's more professional and corporate compared to def con I describe it as um at black hat. There are tons of companies all there saying Hey, if you buy our products, it'll make your company safe and secure Well at def con the overall message is everything is vulnerable. Nothing is safe and secure And here's how to hack anything. So black hat you see more people wearing collars and even ties Well at def con everyone just wears all black Cargo pants are common mohawks are common and wires and antennas are sticking out of everyone's backpacks So grifter started volunteering at both conferences. I got busy fast, right? And then I had a day job on top of it I did become I guess part of what would be considered to be like the the def con inner circle, right? Like where it's like, okay We need to decide what def con's vision is going to be what direction are we going to go in? What are we going to like coming up with new ideas to keep def con fresh? Like I came up with the idea for def con groups. So def con groups is hacker meetups that happen in Different cities and different countries all over the world They are very similar to the 2600 meetings So that used to go to like when I was younger and the reason that we kind of departed from from 2600 was Because they they started to get political and kind of let their politics get involved in like they were like telling hackers Like you should vote for this person or vote for that and I didn't like that I didn't like the idea of of saying like, yeah vote this way And so I Approached, you know, you know dark tangent Jeff Moss and said like hey I don't like this about the way that 2600 is going Def con has a lot of clout, you know, we could probably do something like that and we'll do it by area code And we could just you know, we'll come up with a name for it or whatever and he's like, I love it Love the idea talk to russ again russ rogers and he's like, yeah, let's do it We came up with all the like ground rules and concepts and all whatever and the Structure for it and then we started running def con groups our meetups. I think it was february of 2003 I want to say and it was salt lake city and colorado springs, which is where russ is from So we had dc 801 and dc 719 and those were the first two def con groups and we ran them until def con And then we announced def con groups at def con and it spread like wildfire Def con groups has grown to over a hundred chapters worldwide and they're typically really cool people go to these things A lot of people ask me. Hey, how do I get started in cyber security? Where can I find a mentor and I always recommend them to look to see if there's def con groups in your area It's a great way to meet people who are super passionate about cyber security And I attended one just the other day and it was great. I met so many cool people I mentioned all of the stuff that I did previously, right? So it was like def con administrator vendor Goon running the def con scavenger hunt. Oh, we also ran the def con movie channel Um, like it was a lot. I was doing a lot and I said to dt after def con 13 I was like, I'm gonna I'm gonna stop gooning Like I It's just too much. Like it's too much and he was like, please don't you know, he's like, don't don't stop Like what's the problem? I was like, I'm just burning out. I'm like, I can't run all of these things He was like, okay. Well, how about this? He's like, we're moving to a new venue next year Um, and it's gonna be at the Riviera and he's like, and there's this space that are there like skyboxes that overlook the convention floor and he's like, I think, you know What if you were like in charge of what like whatever We put in that space like you can just there'll be a small portion of the conference You can do whatever you want with it Like come up with something cool that people will want to do and I was like, okay He's like, I'm sure people want to have parties or whatever and I'm like, okay, great So he goes to the Riviera the place where def con is going to be held that year And he looks at the space and tries to decide what to do with it It's a cool set of rooms are up high and they overlook the whole conference And like I was saying in the intro def con has a lot of parties Conference goes on all day and parties go on all night. In fact, there's so much going on at def con It's actually hard to remember to eat and shower and even sleep It's the best conference in the world. So of course these skybox rooms are perfect party rooms But that's a nighttime thing What do you do in them during the day and which parties are going to be up there? And that's when grifter got the idea. He posted on the def con forums We have a place for you to host a party But if you want the space you have to fill the room with something cool during the day You can't just come party at night and the first one to say, okay We'll do it was tool the open organization of lock pickers And they were like we want one of those skybox spaces So we can have a party And we'll come in and we'll put out tables and we'll put a bunch of locks on the tables And we'll teach people introductory lock picking and we'll bring all kinds of examples of things to bypass And we'll just we'll show people how to do it And I was like great that sounds awesome. And then it was again, it was Russ who said hey I'll get some folks and we'll set up a hardware hacking Like area and we'll have people come in and they can like learn how to solder And learn how to like do basic electronic stuff and we'll teach them how to do that and I was like great 303 was like we'll do talks But we're gonna do talks that aren't allowed to be recorded That you can't have your like phone out that you can't nothing like nothing can be like it doesn't exist Right type of thing and I was like that sounds cool. Let's do that And so that's how the villages started was the the first ones to call themselves a village was the lock pick village Not only is that where defcon villages was born, but it's also where sky talks was born That name came to be because there were talks in those sky boxes at the Riviera Because all the defcon talks are recorded and posted to youtube But sky talks is where no recordings are allowed which allows people to give talks that are more Secretive or maybe even incriminate themselves I've probably been to a dozen of these sky talks and I've heard some pretty wild stories But what's more is sky talks has kind of made its way into many other conferences Where there's a smaller room off to the side and no video or recordings are allowed in there So that idea also has stuck and spread so the next year when it came around The hardware hacking people called themselves the hardware hacking village They adopted the name village from from the lock pick village And then another group started the wi-fi village and they just immediately adopted the name village with theirs too So they started calling themselves the wi-fi village. So the second year so defcon 15 We had the lock pick village the wi-fi village and and the hardware hacking village And then that concept of like having these broken out areas like spread to other conferences Like people are like, oh, we're gonna have a lock pick area. Oh, we're gonna have whatever and they started calling them villages And so like the village concept or like those little community areas that you see at all of these other Info second conferences and stuff all came from people wanting to throw a party in a skybox at defcon 14 And then the villages were born Now when grifter first started getting involved with defcon everyone only knew him as grifter And that's the thing about this conference is it's not unusual that people just know you as your alias or your hacker name And nobody even questions it if you say you're grifter then you're grifter nobody's gonna be like, oh, that's funny Um, what's your real name though? No defcon folks are different. They get it privacy is important for all of us I had been grifter Like I said, basically I picked that name when I was about eight years old And I used it in the hacker community And nobody knew my name when I went to hacker meetups 2600s when I anything I did no one knew my name I had no online presence at all and I was proud of that people didn't know who I was And then at defcon nine my wife at the time my ex-wife she she came with me And I had said something to her and she was selling t-shirts And I said something to her and I was like, all right, I'll be back in a little while and I walked away And I started walking away and I got a few tables away and she said, oh wait neil And I was like Like it like oh and I turned around and the look on my face must have just been like, oh my gosh Like are you kidding me? And then she and I'm like staring at her and she goes. Oh sorry grifter And I was like, oh my gosh because now even people who weren't looking Like turn their heads and we're like What like and then there were there were guys that I'd known seven ten years and they were like Your name's neil and I was like, yeah they're like, huh You don't look like a neil. I'm like cool Like I was like, oh my gosh so that Anonivity like to some degree like it flew out the window So after a while grifter got put in charge of running the wi-fi and network at black hat that other conference That's happening in vigis the same week as defcon. They call it the black hat knock Which stands for network operation center and I should say even though black hat and defcon happen the same week They don't actually overlap black hat is like monday tuesday wednesday thursday and defcon is friday saturday sunday And I should also mention that there are many other conferences happening that same time as well Like there's b sides, which is a big one and it's on wednesday and thursday and there are other ones happening around town Like there's toxic barbeque, which is where a bunch of people meet up in a park and barbeque And there's a defcon chute which is where people go to the desert and shoot guns And there's just meetups like all over the place like diana initiative and queer con at any given moment during that week There are 50 things happening and it's overwhelming and awesome So anyway, grifter was tasked with setting up the wi-fi at black hat Which you can imagine trying to get a wi-fi network up and usable at a hacker conference Is challenging. Yeah, it is it's actually incredibly difficult, but it's also super satisfying to do it It makes it fun. You're going up against multiple different types of attacks ongoing Throughout the conference at different times trying to hit you in different ways People learning new things and getting creative Like we've had stuff where like somebody discusses a vulnerability for a piece of equipment that we're using at the conference And we've got a scramble to try to make sure that the network stays up because they just told 500 people in a ballroom How to do something against a piece of equipment that we've got running in the knock We call it the black hat knock because it is a knock like it is We we replace every router every switch every firewall and every access point at whatever venue we go to so now that's mandalay bay Um, it's the marina bay sands in singapore and it's the excel center in london but we bring all of our own equipment because it allows us to Have control over the environment mitigate attacks if they come we can't be opening a support ticket Oh, yeah, the the hotel would now have a chance against this. Would they not a not a chance in hell Um, what do you tell them? Just shut it all down over here? Um, yeah, we actually do we just say please shut the wi-fi in these areas and so Yeah, it's uh It's an interesting thing that they want to hire you to like set up their wi-fi to be resilient against stuff like this And say wait, just leave what you have here because we'll just use it from now on Yeah, they're getting better again It's like years have gone on and stuff they're getting better not to the point that we're willing to like let them run things because again Like well one we're we call ourselves a knock, but we are a full fledged sock We have every piece of equipment that that a modern day security operations center has in there and When we initially started out we were running everything with like open source, you know hardware open source scripts and and software and Uh commercial stuff that you could just buy it like best buy right? Yeah, their budget was very small at the beginning But if you go to black hat one thing you won't miss is the expo floor I went last year and I was blown away at how big ed has grown This is a room where if you're a cyber security vendor you can set up a booth there and pitch your products to people who are walking through the conference I walked through and it took me hours and hours To just try to walk past every booth and just read their name. It felt like it went on forever every cyber security company in the world seemed to be there and There must have been hundreds so as this black hat knock grew it needed more sophisticated equipment and grifter wondered With all these vendors here Would any of them let us use their gear like just for the week? And so we were like well, what if we went down to the expo floor and we approached some of the vendors and we say hey If you'll let us use your equipment or you're give us a software license We'll put your logo like in the program that says like you help like Partner with the the black hat knock we go up to the first like vendor that we wanted to talk to They're like, yeah, oh absolutely and they were like when like now Like do you want equipment? Do you need people? Like and I was like this response was like on a level that I wasn't prepared for and so I was like, uh I was like, I think we might be on to something here, you know, and they were like we'd love to help support it We'll like we'll give you whatever you need and and I just looked at Bart and I was like let's go shopping So him and Bart the other guy who runs the knock with him Realized that every vendor would love for them to use their equipment for free because each vendor would love to be able to say We're trusted by black hat if a hacker conference uses our equipment Surely that's gotta mean something and this made building the black hat knock even more fun Knowing that they could just walk down the hall and get any equipment they wanted to help secure this network That's cool. And once vendors heard that grifter was doing this. They started begging him to use their equipment We've been offered money from vendors before where they're like, we'll cut you a check like personally not to black hat Like they're like, hey grifter, I'll cut you a check for a hundred grand if you'll Put our stuff in the knock and I'm like, why don't you take that $100,000 and invest it in your product and make it better and maybe I'll choose it um, I say that for two reasons one because I'm a dick but two because Um integrity right like I mentioned that earlier is it's like no like you can't buy my Like, you know influence in this space, right? Like it's like I I choose what I believe are the best technologies to go in here to Do the job and if you want to be in here be better and then maybe you'll be in here Of course grifter sees tons of crazy things on the black hat network Like speakers might be on stage demoing an exploit and it'll trigger all kinds of alerts and knock A normal knock might freak out seeing that kind of stuff coming from inside their network But black hat realizes oh, that's fine since the speaker is just demoing the exploit on stage Or sometimes you'll see a vendor release a patch and uh 10 d's are trying to reverse engineer What was fixed in the patch and they'll find a new vulnerability and they'll start attacking with it the same day the patch is released So they've got to hurry up and patch everything as soon as a new patch comes out Or sometimes they see students in classes doing illegal things on the wi-fi and of course grifter will go in there and warn them Hey, you shouldn't be doing that stuff and then there are things where it's just folks who are they think they're secure and they show up to black Already compromised and we look for stuff like that again. It's an incredibly modern security operation center People will get on the network and they're immediately beaconing out to known c2 or they're hitting malicious sites Or doing whatever and we will go and look and be like, okay Is this something that looks like it's part of a lab? Is this something that happened when they first got on and so people will often say oh don't get on to like the black hat network Because you'll get attacked when I honestly think in reality more people leave secure than they do Compromised from black hat because we're looking for it And if we see any kind of communication to known C2 if we see crypto mining activity or we see clear text credentials coming from a device We send a captive portal to that device that is doing it They'll they'll get a pop-up the next time they go to browse to something that will say hi This is a message from the black hat knock this device is showing signs of communication to known command and control servers like If this is expected behavior you ignore this message If not, please stop by the knock for more information And they'll come by and we can show them packets or or logs or whatever they need to like let them know like hey You actually showed up compromised They've even seen speakers on stage who are showing signs of infection on their laptop And then they have to like go and wait for the speaker to come off stage and then say by the way your computer is very infected Okay, I'm going to ask you some stories about defcon Um, is it true that someone repelled off the roof to try to sneak into a party at defcon? What happened was a year at the rift the year of the skyboxes. We had different parties and different Skyboxes and at some point one of the organizers of the party actually like he He came up to me and he was like hey so We picked the lock on the closet And there's a panel in there and if you open that panel we can get on the roof and I was like I don't want to hear about it All right, and then I left and then a bunch of people went up on the roof and they basically like extended the party up onto the roof of the Riviera and There was a whole bunch of folks hanging out up there And this was just the conference center. So we're not talking like 20 floors up. They were probably 30 40 feet up whatever it was and some people growing in and out and all whatever and then at one point security showed up The way that I understand it is somebody went off the roof in order to avoid security Multiple people got caught by security though And they were asked to leave the property. They got 86 on on saturday night. Is it true that people will put malicious ATMs around defcon to steal people's money. It has happened I don't know how often it happens, but it has happened They're like somebody brought an ATM in on a dolly like they rolled it in on a dolly and set it up like in the the like lobby area of the convention space Like trying to to get defcon attendees. That was also at the Riviera Is it true that there was a A federal agent who was there to try to Like arrest hackers or spy on hackers or learn from hackers or whatever But got so impressed by what they were doing that he quit his job as a federal agent and switched to the dark side Oh, I haven't heard that one You're gonna have to tell me that That's wild. Is it true that there's a secret room at defcon where you can buy zero days Uh, I don't think there's a secret room. Maybe that was true in the past And it it wouldn't have been it wouldn't have been a secret room It would have just been like you can talk to this person and I know who the person is but I won't mention their name Um, I'm sure those kinds of things still go on everybody could get together and have a conversation in a place That was kind of like a demilitarized zone for hackers. Yeah. Yeah. Yeah demilitarized zones for hackers That's a really interesting way of putting it. I agree. Yeah Um, is it true that every year hackers take over a elevator at some hotel and trap someone in it? Um, I don't think they trap people in it. We have definitely taken over elevators all the time I actually got a talking to from This is this actually having a black hat It was right after the mandalay bay had installed the card reader so that then you had to tap your room key to go to your floor I was messing with it because that's what we do and I knocked the cover off of it And underneath it was there was an open like Pinout, but I was like, oh cool. We could probably connect to this and like get to any floor We want I'm like that's wild and then I ran my thumb across the pins And it shorted out and the light blinked green and I could tap any floor and so I took a video with my phone really quickly where I just I ran my thumb across it it blinked green and then I tapped Like four different floors it the video was probably Six to eight seconds long. I mean super quick and I just posted it to my twitter And said like oh solid whatever system they've got going on in the elevators and Seriously within five minutes my phone rang And it was the head of security for mandalay bay who we work with because we're in the socket So we have meetings with them and tell them the type of stuff we're seeing and all whatever And he's like grifter And he's like you're supposed to be on our side And he's like will you please take that down? And I was like I can't And he is like no, please take it down and I was like, I'm sorry. I can't I've already posted it It goes against everything like I believe as far as like It it should be better than you should call whoever installed that system on the elevators and make it better And he was like oh and then he like he hung up and he called me back and he was like, okay Look, I talked to this person mobile out Would you be willing to take it down for x amount of time? Oh, and then he said the words I didn't want to hear which he was like under responsible disclosure You have now let us know that a vulnerability exists Please give us time to fix it and I was like damn it So I deleted the tweet and then played your game Yeah, he totally did he totally did and then uh and so yeah, so I took it down And they fixed it. Is it true that someone set the pool on fire one year set the pool on fire? Yeah, like there was smoke coming off. Oh, no, no, it wasn't fire. Um, it was a massive amount of liquid nitrogen So it was at def con 8 9 or 10 somewhere in there It was at the alexis park this pool too And the beverage cooling contraption contest had done their Their cooling contest like out by the pool earlier that day And a lot of people had liquid nitrogen like they just like that was the go-to like how they're gonna make it cold fast And then they took all the containers of the stuff that was left over and put them in the little pool house Like area that was next to the pool Just for storage and then when it was at night there was like a party going on out there and like one of the Guys was like, oh shit. We've got all this liquid nitrogen Let's let's see what happens And they just dumped Like gallons and gallons of liquid nitrogen into the pool and it it was it was awesome And it made this cool like steam like effect. There's some pictures of it out there somewhere Like another year then the next year they did it again and a bunch of people threw Blocks of dry ice in to try to like, you know Increase it like of course like everything we'll try to one up ourselves every time After decades of going to hacker conferences, there are hundreds of stories like this that grifter has It's truly a unique experience and you never know what to expect when you go I once saw will smith at def con and Dead mouse was just there last year just walking around checking the place out I am what I consider what I define myself as as a high functioning introvert so I can I can get on stage in front of 10 000 people and Crack jokes and have a good time and all whatever and it's fine I can go out into the hallway and have a inflatable dinosaur battle with my friends And have a blast I can act like a complete lunatic for the entire time that I'm in vegas with my friends And it's great But then I Crawl into a cave and recharge for weeks afterwards or I go back to my hotel room even during def con I I I did it a couple times this year Where it's like I'll just go to my room and lay on the bed I actually did that right before your party this year where I was like, I'm just going to go back to my room I'm going to take a shower I'm going to lay on the bed and play a game for a little bit and then I'll go out and be social blackout used to have a thing they called the gala reception which was basically just drinks and it was like an open bar And it was a couple of hours and all the attendees were invited and you'd just hang out and chat And I was in my room after like, you know volunteering all day and I was like, oh, I don't want to go to this thing I forced myself to go And I walk into the reception and I hear some guys that are near me mention a book that I had just read and I stopped And I was like, oh that book sucks And like and the guy kind of chuckles and he was like, oh, yeah, why and I was like, okay Well, the structure of it is this it's lacking this it doesn't talk about these things Oh, blah, blah, this book is better if you're looking at that topic and he's like, oh, okay So I was like, hey, it's been a pleasure chatting with you guys, you know, it was nice to meet you And the guy was like, wait, let me give you my card and he hands me his card And he was the vice president of the publishing company whose books I had just been Eviscerating for the last 45 minutes and I just looked at him and I was like, oh and he was like, oh And he's like, hey, look man, I really appreciate all the candid feedback And he's like, like I want to put you on a list that I have where like when we put out a new book We'll just automatically send it to your house. You let me know what you think of it or whatever That's he like, would you be would you be down to do that? And I was like, absolutely Well, that relationship grew stronger between grifter and his publisher to the point that the publisher asked grifter Hey, if you were to write a book, what would you make? And grifter said there should be a book on how to defend your network By attacking back at the people attacking you Which I think is ridiculous defenders can't be on the offense. They can't be aggressive But he was pitching this idea and the publisher was liking it Um, and I was like look dude, I don't know how to write a book. I don't know how to do that or whatever And he's like, that's fine. We got editors will teach you he's like, why don't you do it with like A few other authors just co-author it then you can break it up into chunks You'll act as the technical editor and and make sure that that everything is legit And I said, yeah, I'd like to do that fine. Let's do it And then I picked a few of my friends that I wanted to to do it with me And when I gave him the list of friends, he was like these are some pretty heavy hitters So we're gonna get these people and I'm like, they're just my friends like I don't know and so it was like dan kaminsky bruce potter Pyro like, you know chris hurley He's like, all right, let's see what we can do and all of them agreed to do it And then we we put out a book But that was the thing about putting out a book was I was like, am I really just gonna put grifter On the cover of this thing? I was like, I cannot publish a book and not put my name On it for me personally, it was like, I want to see it on the shelf in a library and be like that one's mine So I I made the decision that I was gonna put on there neil weiler aka grifter and that was That was it man the cat's out of the bag. So the book is called aggressive network self-defense and For for 10 years. I was a network security engineer and I had read quite a lot of books and this one This one never showed up on my desk and I think is because I wasn't interested in aggressive self-defense Network, this is crazy. This is a crazy book aggressive self-defense network style. Yeah, because in this book Well, it was essentially like there's this thing that we deal with as defenders like every day within these companies We work for and as individuals where you're being attacked constantly, right? and you're like When do I get to swing back and because of my upbringing, right because of the way that was I wanted to swing Right and so I didn't like the idea that we were in this defensive position where somebody could not just poke us in the chest Because like getting port scanned was like getting poked, right? This is not a big deal. Somebody looks at you sideways gives you a dirty look But it's not just getting poked. They're full on attacking you and you just have to go Well, how do I block that? How do I make that stop? How do I do whatever or they break in and you just go? Oh, I've got to get them out and in my head. I was like stop them for good like Like, you know cut them off at the knees attack what they're attacking you with And like and I would get so much heat from people about that because they were like Well, you don't know if you're actually attacking some grandma's computer because it's not, you know, it's a jump box It's not likely that the person that you're attacking is that that's their machine and I'm like, yeah But then let's let's get rid of their resources then if we if we knock the machine that's doing the attack offline Then the attack stops and that's that's what I'm concerned about Because they're costing us money by launching these attacks against so they're costing us time They're costing us stress and all these other things. So If I don't care if it's If it's some grandmother's computer, I need it to stop attacking my network because it's eating up bandwidth It's eating up cycles of my analyst is eating up all this stuff It's like, okay, you've lost control of your machine and I need that machine to stop attacking me So I'm gonna send it to the bottom of the digital ocean That book is 20 years old at this point. So it's it's it's useless, but it was fun to do All this experience running the black hat knock has given him a very sharp skill set to be able to detect and stop Some of the most crazy attacks ever Volunteering there gave him fantastic experience which gave him great opportunities in his career. So now um, I I recently uh, took a position at a company called kolfo Fire as the vp of defensive services prior to that I was with ibm's x4 for three years running their global threat hunting program Prior to that for the seven years before that I was at rsa security Where I I started and ran their threat hunting program around the world so I spent a lot of the last over a decade at this point really focused on on threat hunting on going in and finding attackers when they've already bypassed your security and they're in the environment So I would go into a company and I'd sit down with their security team and I'd be like tell me about your environment And they'd be like well, we have these technologies that are deployed in these ways our network set up this way This is how we do these things. It's segmented this way. We have this we do this blah blah blah blah And I go okay great if it was me attacking you I would hit you here here and here So let's go look and see if somebody did that and then we'd go and see if they Were attacked somewhere or got breached somewhere and In the decade plus that I've been focused on hunting We always find something whether it's an active attack or it's evidence of a previous attack Or it's an employee who's doing something outside of policies or whatever Of course, I wanted to hear a story about a threat. He found in the network We were doing an engagement where we were asked to come into a really large financial organization and myself and Another hunter pope, you know pope pope and I went out on this hunting engagement I do know pope. He's the organizer at st. Khan in utah fantastic conference You should definitely go if you're in utah. So him and pope go to this client It's massive and they have huge security teams there no expense spared to keep this place secure Which has to be stressful, you know to walk into a company with this level of security And you're expected to find things that they didn't already find And so he sits down with their director of security and starts looking through the traffic He's looking for protocols that shouldn't be there or outliers and he sees ftp traffic in there ftp is the file transfer protocol It's just a way to move files from one place to another But it's insecure and has mostly been replaced by more secure protocols now It's like there's a really low number of ftp sessions So we could go through those fairly quickly and he goes. Oh, we don't use ftp and I was like Well, great like this is a good example then because we can And go through this really quickly and he was like no, you don't understand. We don't we don't allow ftp There are no clear text protocols and I was like Okay, well, that's great, but it's here like I can see it I can see it and I was like, so why don't we just look at it and he's like, all right and we look and it's ftp traffic going to A host name not even an ip address, but a host name that ends in dot r u. I mean, we're not even trying to hide, right? and I was like, is that normal? He's like No, and I'm like, okay. Well, let's see what's happening and it's like, okay It looks like it's sending out these files at like one o'clock in the morning Do you want to see what it's sending and he's like, yeah, and so we just did file extraction Like it's a zip file even like Not an encrypted container in kind of just a zip file I'm like, well, I can't open it because it's not my company, but you can open it if you want So he opens it he opens it up He looks at the document and then it sounded like somebody punched him like this sound came out of him like this Like the wind just got knocked out of him and then he closed it And he goes you didn't see that and I was like, okay. Well just out of curiosity What didn't I see and he was like that is every financial Transaction and trade that we've made in the last 24 hours and I was like, oh so Bad like and he's like how long how long has that been going on and I was like, okay let's take a look, you know, and we start digging into the logs and They only had six months worth which was wild that Connection to an ftp server in Russia the IP address was also geolocated to Russia like so we're like, okay Like it looks like that's where it's going that happened every night at one in the morning for six months And that's as long as we had logs for so we were like, who knows how long it's been happening and this is an organization that has Hundreds of people on their security team 30 plus people actively working in a sock just down the hall all of the different technologies that you could possibly ask for but they Had tunnel vision because they were like we don't use that so we don't even look Now you would think that if something like ftp is not allowed in their network that there should be a firewall rule blocking it I mean, that's exactly what a firewall's job is to block network traffic that shouldn't be allowed And who knows maybe they did put a block in at some point But it wasn't blocked now Maybe a new rule superseded the ftp block rule or maybe someone accidentally took out that ftp block rule These firewalls can sometimes have hundreds of rules of what's allowed or not allowed And it's confusing to know exactly what it's doing sometimes But what's more is how did these file transfers get triggered? It must have meant that someone got in this network and set up an automatic script to scrape the data and send it out That's scary to realize that someone did that in their network right under the nose of the their 30 engineers all looking for that threat How did this hacker get in and how do they get them out? There's millions of things to do once you discover something like this and it feels devastating to experience it It really does feel like you're getting punched in the gut And you know as I think about this story This is this is one of those typical I heard at defcon stories Which here's grifters telling me so it practically is like something I heard at defcon But it's one of these stories that I that I hear that was never told publicly You know a major finance company was hacked and every financial trade was being spied on by some foreign entity That sounds like a big deal And I wonder what the fallout would be if if that story were to go public, you know Like would there be lawsuits would the with the government slapped fines on them? Or to think how bad does that company not want that story to go public? And what drastic lengths might they take to hush it up and keep it quiet, you know I have a dream about this show That one day someone will tell me a banger level story That would be huge news when it gets published Some wild whistleblower type thing that would be fun, wouldn't it? I mean, I've heard some pretty insane stories that would be really big news stories if they came out but The people who told it to me. I promised I wouldn't ever repeat it But I think it's just a matter of time though that a story does come across this show that Really makes some waves Someday but it like the threat hunting thing was great. Like I I ended up I wrote a framework with a friend and that created some really cool opportunities like we you know consulted You know congress and like NATO like I've gotten to consult foreign governments some of the largest companies in the world It's a strange space this Info sec space because we're like hanging out with criminal hackers like you were a criminal hacker And then you become this consultant for congress and and governments and you're there to stop the bad guys and you're there Stopping threats But at the same time you're going to dev con which is where you're meeting even more hackers and more criminals hackers And it's and I don't know of any other thing that it It it We're just as friendly with the bad guys as we are with the good guys as it is with cyber security Yeah, I it is kind of a it is a weird world that we live in and I think ultimately the thing that ties it all together is that we We like to learn we like to chase we like to hunt Cyber security is an incredibly stressful field to be in but it also is incredibly Satisfying as far as like the cat and mouse game that we play about the opportunities to learn new things About how one day you wake up and everything is fine and the next day of vulnerability drops and somebody Has exploit code for it within hours and you're and everybody's hair is on fire And when those things happen when those moments come and everyone's freaking out I don't know something about that situation. It just makes me go. All right game on I got really really lucky the thing that I started doing when I was 11 years old because I thought it would be cool turned into A career that allowed me to you know, put food on the table for my kids Put a roof over their heads and has allowed me to travel to all of the places that as a kid I used to go to only digitally because I thought I would never get to go there A Big thank you to grifter for being so gracious and kind to give me his time and his busy schedule and to talk with us like this He has so many more interesting stories and I feel like we barely got started with him I mean I've had dinner with him a few times and I've heard so many more and they are hilarious I mean you can imagine all the shenanigans going on at Def Con and black hat every year and he's given a ton of talks at conferences So if you want to hear more from him, just go to grifter.org and you'll see tons of stuff that he's done Real quick before you go. Do you know that you could have 11 bonus episodes of this show in your ears right now? Yeah, 11 all you got to do is support the show I did the math less than 1% of you support the show and that's cool No shade because I love making stuff and giving it to you for free So I'll keep doing what I love But man when people do pitch in and give me a little something back It feels damn good. It's like one of those hugs that feels extra genuine And you can feel it long after it's over So please consider supporting the show visit plus dot dark net diaries dot com I'm just asking for you to buy me a cup of coffee once a month. Actually, I switched to matcha, but you get it This episode was created by me the space bar jack reid sider our editor is the key master tristan ledger Mixing done by proximity sound and our intro music is by the mysterious breakmaster cylinder My girlfriend she said she needed more space So I got her a four terabyte drive. This is dark net diaries