Man, last DEF CON was wild. It is up there. was like one of the top 10 best moments of my life. And I don't think I ever told you about what happened. See, DEFCON is an annual hacker conference in Las Vegas, and it's my favorite conference in the world. It's just so inventive and fun and brilliant and weird. DEFCON is just built different. Like, of course, there's talks and places to get hands-on doing hacking, but at night, most conferences just shut down. Nah, DEFCON.
DEF CON goes all night long. At night, they clear out the chairs and the lecture halls, and they turn them into party spots. And there's not just one party going on. There's like a DJ in track one. And there's an arcade set up in track two. And there's nerdcore rappers on stage live in track three. Keep walking and you'll find even more parties around the conference.
It's an adventure to find all the things happening. And that's just at DEF CON. There are literally dozens of other parties all over town to hotel room parties, bar meetups, pool parties, and vendor parties. The vendors sometimes spend over $100,000 on a party by renting out a whole nightclub and giving out free drinks and food to their customers. With all these parties, I got to thinking, you know what?
I should throw a party. A darknet diaries party. Now you might be wondering, Jack, I heard you're a private person and nobody really knows what you look like. That's true. Well then, how do you go to these conferences and meet people? Ah, here's my secret. I wear a disguise. I put on a big black hat, dark sunglasses, and a bandana over my face.
I kind of look like an old-time bandit in this costume, and it's perfect. Nobody knows what I actually look like, and I can still meet hundreds of people if I want. In fact, I've worn this costume so much that everyone seems to know me when I wear it. It's my brand. It's my look.
And when it's on, people stop me all the time and say hi and talk with me. It's great. I love that. I can't walk 10 feet in Defcon without someone shouting my name and saying hi. But when I take that costume off, Nobody knows it's me. And suddenly, I'm an anonymous face in the crowd. And I love that anonymity is my default state.
And I can turn on the notoriety whenever I want. I don't want people to know what I look like so that I can live a nice private life. I love the attention I get from this show, but I also love that I can turn it off when I want. So my big idea for this party at last Defcon was to step up that anonymity even more. Everyone knows I'm the guy with the big black hat, the sunglasses, and the bandana around my face. What if I gave everyone that same costume when they came to my party.
That way everyone is Jack Recider. I pitched the idea to Defcon. They accepted it and showed me which ballroom I get. And I rounded up 20 of my friends and we had it all planned. We had four DJs. two video DJs, and so much more. It was great. I ordered 800 black hats, sunglasses, and bandanas and the party got underway. The room filled up instantly. 400 people came pouring in through the door. And they were all given these costumes. And they put it on. They played the game. But the real test was
Could any of them find me in this crowd now, where we're all wearing the exact same costume? Amazingly, no. I was extremely hard to find. Actually, some people came in, looked all over for me. couldn't find me, and then left, and then tweeted, I just went to Jack Resider's party, it wasn't even there. Then I was going up to people and I was asking them, hey, where's Jack? And nobody knew. I tried to convince a bunch of ladies, like, hey, I'm actually the real Jack Rees Hider.
and they just laughed at me and walked away. It was amazing to have all these people come to my party, but I just had this very calm and happy and serene kind of experience to it because I could just float through the crowd and enjoy it. without being mobbed by everyone that usually happens. And I wasn't even maskless. This is my party and no one can find me. It was hilarious to me.
But it didn't stop there. I thought, you know what? I want to put my fans to the test. I believe that my fans, you, the listeners of this show, are the best, sweetest, nicest people in the world. And I want to prove that. I want to somehow be vulnerable to them. To give them a huge amount of power over me. and to see how they react to such power. I want to give them so much power that they could ruin me, and I want to see if any of them abuse it.
And so I thought, okay, I'm here at DEF CON. What's the worst idea I can come up with to do in this party? And it hit me. Let the party attendees control my Twitter account. Sheesh if everyone looks like me already might as well be able to tweet at me too, right? So I set up this if this and that trigger so that when you text a phone number, it automatically tweets what you texted it. No moderation. No filters. Just trust.
Well, I couldn't figure out how to get photos to work, so it was just text. And I did block URLs, kind of the one thing I blocked. and yeah we set up a projector on the wall and we had a live feed of my twitter and it said text this number and it will tweet as jack and people texted
Holy cow, dozens of texts started flying in, but the automation kept up, and it just tweeted everyone that it got. People were testing it at first, just seeing if it was real. Like someone said, meow, and someone said, does this work? And then people started writing their names up on there. David was here, and I love you, Andrea. And then ASCII art started showing up, and memes started getting posted.
I was real nervous watching the screen, but a bunch of people were standing around watching the tweets coming with me. They had no idea it was even me. And they couldn't believe that Jack was so stupid enough to hand over his Twitter to Defcon.
I mean, they're right, you know, of all the places to do that, Depcon is the worst. These hackers deface anything for fun and delete and destroy stuff. This is a terrible idea. I'm going to get canceled. Something is going to be posted that is going to be absolutely awful for me. But like I said, it was a test to see how awesome my fans are. To be vulnerable with them and to see if they abuse that power.
And you know what? They didn't disappoint me. I think the spiciest tweet I saw was, I'm so horny right now. But after a couple hours and hundreds of posts to Twitter, Twitter rate limited me. And they ruined the fun. They busted the party and blocked me from tweeting for like 24 hours. Which I think is a fitting way of ending that whole experience. Like, it went out nicely. I didn't get banned. I just got great limited.
But by that point, the place was packed, and word got out of which one was me, and I was just surrounded by people, and it was great fun. We were having a blast. But what I didn't know is that there were another thousand people in line trying to get into this party. And I know it was a thousand people because someone grabbed a box of pencils. I had a thousand pencils in the box. and handed one to each person in the line, and they ran out of pencils by the end.
We ran out of everything, hats, bandanas, stickers, sunglasses, bracelets. I think I met 1,500 people total in that weekend because I brought 1,600 bracelets and I gave them all away. Defcon is known for long lines, but there were so many people in line from my party that even Defcon told me they have never seen a line that long for a party ever.
And that line was possibly the longest line of the whole conference that weekend, barely being longer than the merch line, which is always super, super crazy. We eventually couldn't hold them back anymore. We just opened up the doors and let it rip. And it was a madhouse in there. And I think the party went on for like six hours all night long. And I used every drop of energy I had. But man, was it worth it. That was the best time I've ever had at Defcon. And you know,
To this day, I still get people sliding into my DMs on Twitter asking, why did you say this tweet, man? And they're mad at some hot take I had or something. And when I look at the tweet and I wonder, I don't remember ever saying that. But then I look at the date. And I see that it was posted on August 10th, 2024. And that was the night I will never forget. And it always puts a big smile on my face whenever I see a tweet from that day. This is Darknet.
This episode is sponsored by Prelude Security Do you know how your security investments are performing? Reload Security helps you maximize those tools you already have, your EDR, your identity management platform, email security, and more. With continuous monitoring of these disparate tools, Prelude ensures they're fully deployed, healthy, and configured for optimal performance against modern threats. And if these security tools stop working as intended, Prelude will alert you.
Stop chasing peace of mind and know the tools you're paying for are working as expected. Darknet Diaries listeners get 10% off when they sign up for a free trial at PreludeSecurity.com slash Darknet. That's Prelude, spelled P-R-E-L-U-D-E. PreludeSecurity.com slash Darknet. This episode is sponsored by Black Hills. Black Hills Information Security has earned the trust of the cybersecurity industry since John Strand founded it in 2008, who I had on this show. That's episode 67.
John teaches all the basics like penetration testing, the core skills of being a SOC analyst, and how to defend your network with traps and deception through their anti-siphon training program. Black Hills loves to share their knowledge through webcasts, blogs, zines, comics and training courses.
But they're also great at doing penetration tests. If you need a penetration test for your company, consider Black Hills. Or maybe you need 24-7 monitoring of your organization. They have an active SOC team. Or you might need advanced testing through their continuous pen testing services. If you need any of that, then reach out to Black Hills to see if they can help you. They also have a gift for you. While supplies last, all you got to do is visit Black Hills Info slash darknet. Bye.
have to trust their merch shop, which is called Spearfish General Store. That's blackhillsinfosec.com slash darknet. I'll tell you one more time, blackhillsinfosec.com slash darknet. Go grab your free gift. Grifter. How'd you get that name? So I always cringe a little bit when someone asks me this question because like many nerds out there.
I used to read the dictionary as a kid. I looked for interesting words, words that I liked, and the definition that I came across of Grifter was a person at a circus or carnival who runs freak shows or games of chant. And I was like, oh, that's badass. And then it said, again, also, the more widely known, a con artist. And I was like, also cool. I'll take it. So yeah, so I started using it for names on video games. I would put in Grifter. You grew up in New York? Yeah, Long Island.
And what was computers like for you growing up? I grew up part of the Nintendo generation, so I was really into video games and My parents are divorced. My dad lived with his brother. And so his brother, my uncle, was a computer tech back in the 80s, so he had a computer. And I have ADHD on a fantastic level. But sitting in front of the computer or putting electronics in front of me was one of the things that could keep me still. And so he encouraged me to do that as often as possible.
I started playing games on the computer, which eventually led to my first online experiences, which were dialing into pirate bulletin board systems to download pirated games.
Back then you were really, really lucky if you had a computer at all in your house. Nobody understood how they worked and they were very expensive and the problem with pirating games is that riddled with malware and viruses so grifter would download a pirated game install it and then suddenly his uncle's computer was all screwed up
Of course, Grifter didn't want to get in trouble for messing up the family computer, so he sort of had to learn by fire how to troubleshoot the problem he caused, and this forced him to skill up at understanding computers. He wasn't just a user anymore. He was becoming... super user Yeah, I think that's the thing is like we were forced to learn a lot of different things at those ages because we had to learn a little bit of everything. Like it wasn't just done for you.
Even being able to get online at that time alone required a certain amount of skill in order to... configure a modem and dial the right numbers and get everything put in correctly and connect to different BBS software required. settings and stuff and because it was like that it meant that There was an assumption that if you were online that you were an adult.
I could post things and nobody knew that I was 10 years old, and I really liked that. But Grifter was quite a mischievous troublemaker, and he gravitated towards the darker parts of the internet. So the pirate bulletin board stuff and posting on there eventually led to somebody on one of the BBSs saying like, hey, just based on the stuff that you're posting, I think that you would really be interested in this other bulletin board. And they posted a number.
And I dialed it up, and it was a hacker BBS. And I... went crazy basically I thought it was the best thing ever I read everything on that BBS like all of the text files about the different systems that were out there, basic commands for different things. I was fantasizing about operating systems I'd never contacted before and being like, oh, I can do this, I can do this.
And it wasn't just different operating systems. It was, oh, the computer viruses and how to write a virus and do all these different things. And I was fascinated by it. And I just loved all of it. And that was it. I was in. I know exactly what he means by being in. I got on bullet report systems too when I was young, or BBSs, and it was strange and weird, and I didn't get it, so I didn't enjoy it.
But when I got in AOL, I found some chat rooms where a bunch of people were just talking all at once in real time, and that blew my mind. I was instantly hooked. on chat rooms and would spend countless hours just talking with tons of people. That's when I fell in love with the internet. I was in. I soon discovered IRC after that, and I've been in ever since.
And living where I did, I thought, okay, well, I'll probably never leave New York. The idea of traveling the world and doing things like that was as foreign to me as those places were. but a computer changed all of that. I could dial into a system and hop from one to the next to the next across networks that were traversing undersea cables and ending up in other countries I never thought I'd get to travel to. And I thought...
Well, if I access a system, let's say in Amsterdam, I know that when I do that and I'm interacting with that machine, the lights on the modem or network card are flashing and the hard drive is spinning up because I'm accessing files from there. 12 and 13 year old brain I felt like
I was there. It was my way of touching a place that I didn't think I'd ever make it to physically. I knew that It was in a closet somewhere and nobody could see it, but somehow and in some way, I was physically affecting that environment. So that's what he was up to online. But in normal life? In a meat space?
He was constantly getting in trouble. So growing up without a lot of money in an area where people didn't have a lot of money, I would say I wasn't a good kid. I've been trying to make up for it ever since. Bye.
We did crime. I got shoplifted like crazy. I ran every scam you could run. We would steal cars. We would break into cars and steal stereos and speakers. I lived near a marina. We would go rob the boats. We'd break into houses. We fought people constantly for fun like it was okay tell me about one of these fights okay so i i like fighting like i like physical fighting i don't know why i think it's just something i i I enjoy it. I know that makes me sound like a psychopath, but I like
facing off against somebody else and seeing where you come out on it. At the time, it was just, we would get in fights with either random people or people from rival gangs, that kind of stuff, where it was just like, okay, You're in some part of town that you're not supposed to be in. I'd just get into fights. I'd go.
pick a random fight. I'd fight two people at once. I liked fighting and a lot of my friends were the same way and sometimes we would just go out and just get into as many fights as we could get in. He says the area he was in had a lot of this stuff happening. As a kid, if that's all you see, then you kind of assume that's what everyone's like.
I thought that was normal when I watched TV and I saw the types of things that you'd see on the Disney Channel or something like that, some Disney Channel original movie. I was like, That's fantasy like this is a fantasy world that people wish existed I didn't realize that there were people who grew up in towns that one looked like that or that people behave the way that they did and
I didn't know any different, right? I didn't know that it wasn't normal to walk home at night and if a car is coming, dip behind a tree or a telephone pole because you might end up... hurt right like you might end up in a bad situation like i didn't know that that wasn't a normal thing And so it was in part survival, and in another part you make a reputation or get a name for yourself where it's like, oh, okay, well...
yeah, don't get in a fight with him because you'll lose. My thing was, like, I can take a punch, and I can get hit a lot, and it's really hard to knock me out. grifter's world was rough and to get ahead it felt like you had to break some rules there was a chain of stores that are they're kind of department stores um like a kmart type of thing actually or something like that where a couple of friends we'd all go on a saturday
And we'd go out to the store and we'd do the barcode swapping, so sticker swapping. So you'd just go out. swap the sticker on something so you'd see like a crystal bowl and then there'd be another glass bowl and so you'd take that and you'd swap the price tags on it so the glass the crystal bowl that should be three hundred dollars You go buy for $30.
And then you swap the tags back and then you go return it. And we'd just go out on a Saturday and we'd hit like seven or eight stores. And we'd go buy it at one store, return it at the next one, buy some other stuff at that store, go return it at the next one, go do... stuff like that and for a small crew of people we were pulling in some pretty decent money
None of my friends were into computers at all, but I was, and so I knew how to do some things that they had no knowledge of, like carding is what we called it back in the day, which is basically just really identifying identity theft and like credit card fraud. and then order a bunch of stuff like computer parts or clothes or different things and get them shipped or mailed to abandoned houses. I just leave a note on the door that said like, hey, UPS guy, like not home.
Please leave the package under a blanket. So that was something that my friends wouldn't know how to do naturally. I kind of taught them, right? Like, here's how we do this, and then we can make some money. And so then we had essentially stolen goods that were sent to us, and then we would just, some of the stuff we got that we wanted to keep and other things were. things that we would then go and resell and get money that way.
He was ordering things like Tommy Hilfiger jackets, fearless shoes, and other streetwear at the time. So he was looking fresh everywhere he went. And he would sell it for cheap, too. He would be your hookup. And of course, along with this lifestyle came drugs. So he dabbled in that, partaking in it himself for a while. But then he quit. He didn't like how it was ruining his brain. He saw his brain as a very important thing that he didn't want to lose.
But he saw that other people were doing drugs, and he saw this as an opportunity to make money from it. so i sold it i did all this like physical like meat space like crime normal crime during the day like i was like just a like i said kind of a kind of a shitty person like a kid doing all this random stuff. But at night, I was still completely wrapped up in the hacker world, right? But then...
Eventually, I was just breaking into different systems, and I got into a system that ultimately turned out to be a large credit card provider, a credit company. At first he didn't know he was in a credit card provider. The internet's a dark place. You don't always get to see where you're going. And hacking back then was barely even hacking. And that's the thing that is different about the time that we grew up in versus I think what we have with
like hackers now is that we do talk about these things like their massive achievements like it's like oh when I was a kid I broke into NASA and it's like when you were a kid you logged into NASA you just had to know an IP address or a phone number to connect to you and if
If they had security at all, it might ask you for a username, but it didn't always. You could just type anything in and it might let you in, or you could just wait and it might just time out and then let you in. It wasn't hard to hack back then, but nobody knew what they were doing.
So it kind of was hard because there weren't tutorials on how to do any of that stuff. So if you just tried enough places, you might end up finding something that did let you in. And that's how he got into this company, a credit card provider.
while he's in that network he was looking around to see what files were there and he found some training manuals for how to process a new credit card so basically after someone passes their credit check an employee at this company needs to issue them a card And this training manual shows exactly how to do that. And so here Grifter is inside the company, inside the computer that is used to internally create a new credit card for a customer. And he has the tutorial on how to process it.
And I went looking for the database. And then when I found it, you know, it was not too difficult to then figure out what I needed to fill in and where. And the initial one was I was just like, I wonder if I could do this. I wonder if I could.
in if I fill in these fields if I could get them to send me something and I filled out the fields appropriately and put in an address that I had been using as a drop for some of the carding stuff and then I waited and then a couple I just watched that house and I checked the mailbox and you know every couple days or something to see if anything had been delivered and eventually I one day I opened the mailbox and there was an envelope in it from the credit card company and it had a card
in the name that i had put and i was elated and horrified um in equal measure i was like oh my gosh like it created this kind of like excitement mixed with panic because I was like oh this is this is real crime like this is actual this is actual bad even though all of the other stuff was real crime something about that made it very real to me like holding it in my hand And I remember running home, going into my room, opening up, holding the card in my hand, and then just being like, oh my gosh.
He laid on his bed and just held it up, staring at it. his very own credit card and one he doesn't have to pay back because he put a fake name on it and the credit card company has no idea who he is to try to come after him. And the letter said, there's a $5,000 limit on this car. After daydreaming about it for a day or two, I realized You can't ever use this. You're not going to be able to walk into a store in a mall at 15 years old.
and walk up with your credit card and buy whatever. It just didn't seem... I didn't realize also that people, there are kids that did that in other places in the world. But I just thought there's no way anyone's going to believe that you should have a credit card. So I just sat But I was like, I wonder if that was a fluke. Let me see if I can do it again. Again, I sent another one to a different house, and again it showed up.
And I was like, okay, I've got something here. I'm not quite sure what, because I know I can't use these. What can I do with them? There was a guy he knew. The dad of one of his friends. And this dad was part of a group that did organized crime. Like, in New York, fireworks were illegal. But this dad would have Grifter and some other kids go around and see who wanted fireworks. Almost like they're going around selling groceries.
And then you put your order in of what fireworks you want, and then a few weeks later, Grifter would come back and deliver the fireworks to you. In fact, this guy was so into organized crime that he was often hanging out with mafia-type people and had connections to some pretty serious criminals. Because I knew that he had some connection to actual criminals, I approached him and said, hey, so I can do this thing where I can get access to credit cards.
with higher limits on them, and I don't want to use them, I don't want to be on camera in stores, I don't want to do anything. Is that something that you or your people would be interested in? And he was like, yes. He just said to me, like, yeah, yeah, I would. And I'm like, okay. And he's like, let me talk to some people or whatever. And he's like, what are we talking here? And I'm like, I don't know, $5,000, $10,000, whatever, whatever. And he's like, let me find out what I can get you.
and then he came back and said oh well i need to know it's real do you have do you have something to prove it i said sure i got him one of the cards that i'd gotten and i was like that one's you know five thousand dollars and he's like well i'm i can I can give you 10% for that. And I'm like, okay, so I get 500 bucks? And he's like, yeah. And then he peeled off $500 bills and said, This better work. And I was like, it'll work.
And then I was terrified because I was like, what if it doesn't work? Oh my gosh, right? So I was like, don't spend the money, right? Like, don't spend the money. But now I'd been handed money for something that I was like, okay, this is actually a little bit nerve-wracking. But it worked, right? And then he came back and he was like, okay, great.
can you do it again? And I was like, well, I already have, I have one right now. He's like, all right, go get it. Right. And I went and got it. And then I gave it to him. And then he, again, he peeled off another 500 bucks and he's like, just come to me whenever you got it. And I was like, all right.
So Grifter logged back into the credit card company and processed another card under another fake name, and that was going to another abandoned house. And this was making money for him. But this guy wanted more.
much more and grifter would get in arguments with him saying man if we do too much they're gonna know and they're gonna shut us down but if we take it slow we can keep things going for a while and grifter was right he would only give himself a new credit card every two weeks and that allowed him to keep it going for two whole years. I don't know how long that worked because I eventually just stopped doing it. At about 17 years old I decided that I needed to get out of my town.
was sitting in the back of my friend's car, and he said, just wait until we're like 25. We're going to own this town. I said, own what? Are you kidding me? Holy shit. If I'm still here when I'm 25, you guys kill me. I was like, oh my gosh, I have to get out. I have to get out of this town.
And so I didn't have money, right? I didn't have a way to pay for college. I didn't have a way out. And a common response to that is I went to the military. What? You went to the military? Yeah. This is a... I would not expect a life of crime, hacking, drugs And then suddenly, military.
Yeah, this was a massive shift in my brain. And I just said, like, I have to go and I have to do this immediately. And while I was still a senior in high school, I signed the papers, man, and committed to go. My parents had to sign me over because I wasn't. 18 and I went into the military when I was 17 years old so as soon as I graduated I went to the Air Force
And that was an incredibly eye-opening experience for me as well because right into basic training, I met people who they've never been in a fist fight before. And I was like, how? Like, I just could not comprehend how. How did you not run your mouth at some point to a level that somebody wanted to put their fist in it? And then I'd hear the stories about how they grew up, and I was like, what?
My mom tried to raise me with morals and whatever, and I did pretty good in some areas and really poorly in others. but the Air Force core values are integrity. service before self and excellence in everything you do. And I took that to heart. I didn't even really know what integrity meant at the time. Like I'd heard the word, but I didn't really know what it meant. And essentially to me, the way that I took it was it's like doing the right thing, even if nobody's looking.
And I was like, okay, do the right thing even if nobody's looking great. Service before self. Okay, so put others before you always try to put others before you Okay, I'll try to do that and then like excellence and everything that you do That was something that my mother had already instilled in me as well, where she was like, if you're going to be, she's like, I don't care what you are. If you're going to be something, be the best at it, whatever it is.
grow up and you're going to be you know janitor be the best janitor there is you're going to be a surgeon be the best surgeon there is but if you're going to put effort into something if you're going to spend your time on it be the best right and so like those those core values those like air force core values really like took hold and the military was really good for me because it like forced me to be an adult
It put me in a situation where it was like, oh, you can't just tell somebody what you think of them. Just because you think it, you can't. swing on someone because they mouthed off to you. You have to show up here on time and you have to come ready to do the hard things and all whatever the military was. Super, super good for me. He got stationed in Utah, and in the Air Force, he was assigned to fix F-16 avionics.
He wanted to do computers, but you don't really get a choice. They just tell you what to do. But it was cool to sit in a cockpit and swap out instruments. And he was even deployed to the Middle East for a while. But after a while, the whole thing was starting to frustrate him. If there's anything that just riles me up or a pet peeve of mine, it's like inefficiency.
and the military is really inefficient. So I would be like, hey, if we change this process, it would save us this many hours and probably this many parts and all this or whatever. And they would be like, just do it the way the Air Force tells you. And I hated that. Oh, I hated it.
And then also, in a lot of cases, you get ranked because you've been there longer or you test better than other people. It's not about leadership experience. And so you'd have to take orders from people who were making poor decisions. And I just couldn't do it. I was like, one, I can't keep my mouth shut. Two, I just can't handle it as a person. And so I was like, I've got to get out.
And so when I got out of the military, I only knew how to do two things, and it was work on F-16s or break into computers. And so I was like, okay, well, I guess I'll go back to breaking into computers. Stay with us. We're going to take a quick break, but when we come back, we have to break some new computers.
This episode is sponsored by Cloaked, a digital privacy tool that every one of my listeners should know about so you don't end up becoming a victim of the cybercrime stories I talk about on this show. Cloaked offers $1 million in identity theft insurance in case you're ever a victim of a data breach or hack. They also remove your personal information like home address, social security number, phone number, and more off the internet. And the best part?
Cloaked offers you unlimited phone numbers, emails, and virtual credit card numbers so you never have to put your personal information out there on the internet. Easily browse the web, sign up for services, and make payments completely anonymous. Plus, Cloaked lets you disguise your identity, so when a company is inevitably breached, your privacy is protected and personal information is hidden. My listeners get 20% off a Cloaked subscription. The URL is Cloaked.
dot com slash darknet that's spelled c-l-o-a-k-e-d cloaked.com slash darknet. The link is on Darknet Diaries' sponsorship page. And if you want to save your phone number as exposing your private information, try calling 1-855-752-5625. Now Grifter was stationed in Utah, and one state over from Utah is Nevada. where the biggest hacker conference in the world is, DEFCON. So I knew about DEF CON from the first DEF CON, but being poor and being like 14 years old or something when...
When DEFCON started, I was like, well, my parents are never going to take me to Las Vegas, and I can't afford to go there myself. It was like a month or two months before I was separating from the military. defcon 8 happened in 2000 and i was like screw it i'm going military be damned i'm gonna go and so i i did i went i went out to defcon and you know met my people essentially it was great it was incredible experience. What makes you connect with the people at DEFCON?
So yeah, I'd been to small hacker meetings before, but going and at the time it was probably, I don't know, there might have been a thousand of us or something like that at DefCon 8, if that. I love the fact that you could just...
Anybody could be talking about anything. You could walk up to somebody and be like, what you guys talking about? And they'd start talking about something and whatever it was, it was interesting. Like, you know, there was something interesting or there'd be people crowded around a table. with like computers and like some electronics or something or whatever. And they're like, oh, we're trying to get this thing to do this.
I had this idea in my head that I was like, oh man, if we could actually take all these people and stick them on an island and just be like... Here's the problem that we have. Can you solve it? There was like nothing that couldn't be solved. And so I knew from that first time I went that I would always go to DEF CON, that that would be it.
I felt the same way. The first DEF CON I went to was DEF CON 17, and that was back in 2009. And yeah, the place feels magic. It's electric. It's amazing. And I was hooked.
from that first visit and i've been going for 15 years now at defcon 8 a buddy of mine had brought 20 t-shirts or something that he had brought and i was like what's the t-shirts for and he said oh i'm gonna sell the t-shirts when we get there and we road trip down right so he was like i'm gonna sell the t-shirts when we get there 20 bucks a piece
And that will fund my weekend. So it'll pay for the hotel. I'll get to eat really good. Oh, whatever. It'll pay for DEF CON. And I'm like, oh, what a cool idea. So the next year, I decided I was going to make t-shirts. But I... don't do anything halfway. And so I was like, okay, well, I'm going to get a table in the vendor area. I'm going to make a t-shirt. I had a really nice design put together and I ordered 320 t-shirts.
20 to trade to friends and to other t-shirt vendors and 300 of them to sell. So I took them down and we sold them all in the vendor area. It was a really nice design. They were gone. And I was like, sweet. I just made a bunch of money off of it. selling t-shirts, and then I met Russ Rogers. Russ Rogers is one of the conference organizers, and I was grifter to goon next year, which basically means to volunteer, to help with the conference. There's a lot of different types of goons.
There's crowd control goons, speaker assistance, technical support, and other things like helping with the vendors or contests. But at the time, everyone had to start at security, which is like crowd control and checking badges. And there are massive lines at DEFCON, and someone has to keep them all in check. So he took the role of Goon and was part of the DEFCON staff.
At DEFCON 10, I was a security goon. And then at DEFCON 11, I went and I was a vendor goon. And yeah, and then I've been a goon ever since. So from DEFCON 10. So now this year will be DEFCON 33. Gosh, that's 23 years of being with DEFCON at this point. And because of his attitude of being excellent in everything he does, He quickly started taking on more responsibility at DAF CON.
I started doing things like I ran the Defcon forums with another guy who went by Null Tone. The two of us were the administrators for the Defcon forums. At the same time that I was gooning, I was a vendor as well. I never stopped selling t-shirts, so I was a goon, a vendor. I was an administrator for the DEFCON forums. I ran the DEFCON scavenger hunt. Oh, and then starting at DEFCON 10, I started speaking. So I spoke at DEFCON 10, 11, 12, 13, or whatever.
And so I was busy, right? And then somewhere in there as well, I eventually started running all the technical operations for Black Hat. Black Hat is another hacker conference in Vegas, and it's happening the same week as DEF CON. And they're both started by the same person, Dark Tangent. But Black Hat has an entirely different vibe over there. It's more professional and corporate compared to DEF CON.
I describe it as, at Black Hat, there are tons of companies all there saying, hey, if you buy our products, it'll make your company safe and secure. Well, at DEF CON, the overall message is, everything is vulnerable. Nothing is safe and secure. And here's how to
So, black hat, you see more people wearing collars and even ties. While at DEF CON, everyone just wears all black. Cargo pants are common, mohawks are common, and wires and antennas are sticking out of everyone's backpacks. So, Grifter started volunteering. both conferences. I got busy fast, right? And then I had a day job on top of it. I did become, I guess, part of what would be considered to be like the DEF CON inner circle, right? Like where it's like, okay, we need to decide what DEF
Defcon's vision is going to be, what direction are we going to go in, what are we going to, like, coming up with new ideas to keep Defcon fresh. Like, I came up with the idea for Defcon Groups. So Defcon Groups is hacker meetups that happen in different cities and different countries all over the world they are very similar to the 2600 meetings that I used to go to like when I was younger and the reason that we kind of departed from from 2600 was because they
they started to get political and kind of let their politics get involved and like they were like telling hackers like you should vote for this person or vote for that and i didn't like that i didn't like the idea of of saying like yeah vote this way and so I approached Dark Tangent and Jeff Moss and said, like, hey, I don't like this about the way that 2600 is going.
defcon has a lot of clout you know we could probably do something like that and we'll do it by area code and we could just you know we'll come up with a name for it or whatever and he's like i love it love the idea talk to russ again russ rogers and he's like yeah let's do it we came
up with all the like ground rules and concept and all whatever and the structure for it and then we started running defcon groups our meetups i think it was february of 2003 i want to say and it was salt lake city and colorado springs which is where russ is from. So we had DC-801 and DC-719 and those were the first two DEFCON groups and we ran them until DEFCON and then we announced DEFCON groups at DEFCON and it spread like wildfire. DEFCON groups has grown to over
over a hundred chapters worldwide. And they're typically really cool people who go to these things. A lot of people ask me, hey, how do I get started in cybersecurity? Or where can I find a mentor? And I always recommend them to look to see if there's DEF CON groups in your area.
it's a great way to meet people who are super passionate about cybersecurity and I attended one just the other day and it was great I met so many cool people i mentioned all of the stuff that i did previously right so it was like a defcon administrator vendor goon running the defcon scavenger hunt oh we also run the defcon movie channel It was a lot. I was doing a lot. And I said to DT after DEFCON 13, I was like, I'm going to stop gooning.
It's just too much. It's too much. And he was like, please don't. He was like, don't. Don't. Stop. What's the problem? I was like, I'm just burning out. I can't run all of these things. He was like, okay, well, how about this? He's like, we're moving to a new venue next year. And it's going to be at the Riviera. And he's like, and there's this space that are, there are these skyboxes that overlook the convention floor. And he's like, I think, you know...
What if you were in charge of whatever we put in that space? There'll be a small portion of the conference. You can do whatever you want with it, like come up with something cool that people will want to do. And I was like, okay. He's like, I'm sure people want to have parties or whatever. And I'm like, okay, great. So he goes to the Riviera, the place where DEFCON is going to be held that year. And he looks at the space and tries to decide what to do with it.
But the cool set of rooms are up high and they overlook the whole conference. And like I was saying in the intro, DEFCON has a lot of parties. Conference goes on all day and parties go on all night. In fact, there's so much going on at DEFCON, it's actually hard to remember to eat and shower and even sleep.
It's the best conference in the world. So, of course, these skybox rooms are perfect party rooms. But that's a nighttime thing. What do you do in them during the day? And which parties are going to be up there? And that's when Grifter got the idea. He posted on the DEFCON forums, we have a place for you to host a party, but...
If you want the space, you have to fill the room with something cool during the day. You can't just come party at night. And the first ones to say, okay, we'll do it, was Tool, the open organization of lockpickers. And they were like, we want one of those skybox spaces so we can have a party.
And we'll come in and we'll put out tables and we'll put a bunch of locks on the tables and we'll teach people introductory lockpicking and we'll bring all kinds of examples of things to bypass and we'll just, we'll show people how to do it. And I was like, great, that sounds awesome. And then it was, again, it was Russ who said, hey,
I'll get some folks and we'll set up a hardware hacking area and we'll have people come in and they can learn how to solder and learn how to do basic electronic stuff and we'll teach them how to do that. And I was like, great.
uh 303 was like we'll do talks but we're gonna do talks that aren't allowed to be recorded that you can't have your like phone out that you can't not like nothing can be like it doesn't exist right type of thing and i was like that sounds cool let's do that And so that's how the villages started was the first ones to call themselves a village was the lockpick village.
Not only is that where Defcon Villages was born, but it's also where Sky Talks was born. That name came to be because there were talks in those skyboxes at the Riviera. Because all the Defcon talks are recorded and posted to YouTube, but Sky Talks... is where no recordings are allowed, which allows people to give talks that are more secretive or maybe even incriminate themselves.
I've probably been to a dozen of these Sky Talks and I've heard some pretty wild stories. But what's more is Sky Talks has kind of made its way into many other conferences where there's a smaller room off to the side and no video or recordings are allowed in there. So that idea also has stuck and spread. So the next year when it came around, the hardware hacking people called themselves the hardware hacking village. They adopted the name village from the lockpick village.
And then another group started the Wi-Fi Village, and they just immediately adopted the name Village with theirs, too. So they started calling themselves the Wi-Fi Village. So the second year, so DEFCON 15, we had... the lockpick village, the Wi-Fi village, and the hardware hacking village.
And then that concept of, like, having these broken out areas, like, spread to other conferences. Like, people are like, oh, we're going to have a lockpick area. Oh, we're going to have whatever. And they started calling them villages. And so like the village concept or like those little community areas that you see at all of these other. Infosec and conferences and stuff all came from people wanting to throw a party in a skybox at DEFCON 14, and then the villages were born.
Now, when Grifter first started getting involved with DEFCON, everyone only knew him as Grifter. And that's the thing about this conference is it's not unusual that people just know you as your alias or your hacker name. And nobody even questions it. If you say you're a grifter, then you're a grifter. Nobody's going to be like, oh, that's funny. What's your real name, though? No, DEF CON folks are different. They get it. Privacy is important for all of us.
I had been Grifter. Like I said, basically, I picked that name when I was about eight years old, and I used it in the hacker community. And nobody knew my name. When I went to hacker meetups, 2600s, when I, anything I did, no one knew my name. I had no online presence at all. And I was proud of that. People didn't know who I was. And then at DEFCON 9, my wife at the time, my ex-wife, she came with me, and I had said something to her, and she was selling t-shirts.
and I said something to her, and I was like, all right, I'll be back in a little while, and I walked away, and I started walking away, and I got a few tables away, and she said, oh, wait, Neil. And I was like...
like it like oh and I turned around and the look on my face must have just been like oh my gosh like are you kidding me and then she and I'm like staring at her and she goes oh sorry grifter and I was like Oh my gosh, because now even people who weren't looking turn their heads and were like, what? And then there were guys that I'd known seven, ten years, and they were like, your name's Neil? And I was like, yeah. Kinda like...
You don't look like a meal. I'm like cool like I was like oh my gosh, so that anonymity to some degree. It flew out the window. After a while, Grifter got put in charge of running the Wi-Fi and network at Black Hat, that other conference that's happening in Vegas the same week as DEF CON.
They call it the Black Hat NOC, which stands for Network Operations Center. And I should say, even though Black Hat and DEF CON happen the same week, they don't actually overlap. Black Hat is like Monday, Tuesday, Wednesday, Thursday, and DEF CON is Friday, Saturday, Sunday. And I should also mention that There are many other conferences happening that same time as well. There's B-Sides, which is a big one, and it's on Wednesday and Thursday.
There are other ones happening around town, like there's Toxic Barbecue, which is where a bunch of people meet up in a park, and barbecue, and there's a Defcon shoot, which is where people go to the desert and shoot guns, and there's just meetups all over the place, like Diana Initiative and Queer Con. At any given moment during that week, there are 50 things happening and it's overwhelming and awesome.
So anyway, Grifter was tasked with setting up the Wi-Fi at Black Hat, which you can imagine, trying to get a Wi-Fi network up and usable at a hacker conference. It's challenging. Yeah, it is. It's actually incredibly difficult, but it's also super satisfying to do it.
It makes it fun. You're going up against multiple different types of attacks ongoing throughout the conference at different times, trying to hit you in different ways. People learning new things and getting creative. We've had stuff where somebody discusses a vulnerable
for a piece of equipment that we're using at the conference and we've got a scramble to try to make sure that the network stays up because they just told 500 people in a ballroom how to do something against a piece of equipment that we've got running in the night. We call it the Black Hat Knock because it is a knock. We replace every router, every switch, every firewall, and every access point at whatever venue we go to. So now that's Mandalay Bay, it's the Marina Bay Sands in Singapore,
But we bring all of our own equipment because it allows us to have control over the environment, mitigate attacks if they come. We can't be opening a support ticket. Oh yeah, the hotel would not have a chance against this, would they? not a chance in hell. What do you tell them? Just shut it all down while we're here? Yeah, we actually do. We just say, please shut the And so... Yeah, it's an
I think that they'd want to hire you to set up their Wi-Fi to be resilient against stuff like this and say, wait, just leave what you have here because we'll just use it from now on. Yeah, they're getting better. Again, as years have gone on and stuff, they're getting better, not to the point that we're willing to let them run
and things because, again, like, well, one, we call ourselves a NOC, but we are a full-fledged SOC. We have every piece of equipment that a modern-day security operations center has in there. And when we initially started out, we were running everything with open source you know, hardware, open source scripts and software and commercial stuff that you could just buy at like Best Buy, right?
Yeah, their budget was very small at the beginning, but if you go to Black Hat, one thing you won't miss is the expo floor. I went last year, and I was blown away at how big Ed has grown. This is a room where if you're a cybersecurity vendor, you can set up a booth there and pitch your products to people who are walking through the conference. I walked through. And it took me hours and hours to just try to walk past every booth and just read their name. It felt like it went on forever.
Every cybersecurity company in the world seemed to be there. And there must have been hundreds. So as this black hat knock grew, it needed more sophisticated equipment. And Grifter wondered. What with all these vendors here?
would any of them let us use their gear, like, just for the week? And so we were like, well, what if we went down to the expo floor and we approached some of the vendors and we say, hey, If you'll let us use your equipment or you can give us a software license, we'll put your logo, like, in the program that says, like, you help, like, partner with the Black Hat Knock. We'd go up to the first vendor that we wanted to talk to. They're like, yeah, oh, absolutely. And they were like, when? Like now?
Like, do you want equipment? Do you need people? And I was like, this response was on a level that I wasn't prepared for. And so I was like, I think we might be on to something here. And they were like, we'd love to help support it. We'll give you whatever you need. And I just looked at Bart and I was like, let's go shopping.
So him and Bart, the other guy who runs the NOC with him, realized that every vendor would love for them to use their equipment for free because each vendor would love to be able to say, we're trusted by Black Hat. If a hacker conference uses our equipment, surely that's gotta mean something. And this made building the Black Hat Knock even more fun, knowing that they could just walk down the hall and get any equipment they wanted to help secure this network. That's cool.
And once vendors heard that Grifter was doing this, they started begging him to use their equipment. We've been offered money from vendors before where they're like, we'll cut you a check, like personally, not to black hat. Like they're like, hey, Grifter, I'll cut you a check for a hundred grand if you'll put.
our stuff in the knock and i'm like why don't you take that a hundred thousand dollars and invest it in your product and make it better and maybe i'll choose it um i say that for two reasons one because i'm a dick but two because integrity right I mentioned that earlier as it's like no like you can't buy my like you know influence in this space right like it's
Like, I choose what I believe are the best technologies to go in here to do the job. And if you want to be in here, be better. And then maybe you'll be in here. Of course, Grifter sees tons of crazy things on the Black Hat network, like speakers might be onstage demoing an exploit, and it'll trigger all kinds of alerts and knocks.
A normal knock might freak out seeing that kind of stuff coming from inside their network, but Black Hat realizes, oh, that's fine, since the speaker is just demoing the exploit on stage. Or sometimes they'll see a vendor release a patch and attendees are trying to reverse engineer what was fixed in the patch and they'll find a new vulnerability and they'll start attacking with it the same day the patch is released.
So they've got to hurry up and patch everything as soon as a new patch comes out. Or sometimes they see students in classes doing illegal things on the Wi-Fi. And of course, Griffith will go in there and warn them, hey, you shouldn't be doing that stuff. And then there are things where it's just folks who are, they think they're secure and they show up to Black Hat already compromised. And we look for stuff like that. Again, it's an incredibly modern security operations center.
People will get on the network and they're immediately beaconing out to known C2 or they're hitting malicious sites or doing whatever. And we will go and look and be like, okay, is this something that looks like it's part of a lab? Is this something that happened when they first got on? And so people will... will often say, oh, don't get on to the Black Hat Network because you'll get attacked.
when I honestly think in reality more people leave secure than they do compromised from Black Hat because we're looking for it. And if we see any kind of communication to known... C2, if we see crypto mining activity or we see clear text credentials coming from a device, we send a captive portal to that device that is doing it. They'll get a pop-up the next time they go to browse to something that will say hi.
This is a message from the Black Hat NOC. This device is showing signs of communication to known command and control servers like if this is expected behavior you ignore this message if not please stop by the knock for more information And they'll come by and we can show them packets or logs or whatever they need to let them know, like, hey, you actually showed up compromised. They've even seen speakers on stage who are showing signs of infection on their laptop.
And then they have to like go and wait for the speaker to come off stage and then say, by the way, your computer is very infected. All right, I'm going to ask you some stories about DEF CON. Is it true that someone rappelled off the roof to try to sneak into a party at DEFCON? What happened was a year at the Riv, the year of the skyboxes, we had different parties and different... skyboxes and at some point one of the organizers of the party actually like he he came up to me and he was like hey
So we picked the lock on the closet and there's a panel in there. And if you open that panel, we can get on the roof. And I was like, I don't want to hear about it. I was like, all right. And then I left. And then a bunch of people went up on the roof. And they basically extended the party up onto the roof of the Riviera. And there was a whole bunch of folks hanging out up there.
And this was just the conference center, so we're not talking like 20 floors up. They were probably... 30, 40 feet up, whatever it was. and some people going in and out and all whatever, and then at one point security showed up. The way that I understand it is somebody went off the roof in order to... avoid security. Multiple people got caught by security though and they were asked to leave the property. They got 86 on Saturday night.
Is it true that people will put malicious ATMs around DEFCON to steal people's money? It has happened. I don't know how often it happens, but it has happened. Somebody brought an ATM in on a dolly. They rolled it in on a dolly and set it up. in the lobby area of the convention space, trying to get DEF CON attendees. That was also at the Riviera. Is it true that there was a federal agent?
who was there to try to arrest hackers or spy on hackers or learn from hackers or whatever, but got so impressed by what they were doing that he quit his job as a federal agent and switched to the dark side. Oh, actually, I haven't heard that one. You're gonna have to tell me that. That's wild. Is it true that there's a secret room at Defcon where you can buy Zero Days? I don't think there's a secret room. Maybe that was true in the past.
And it wouldn't have been a secret room. It would have just been like, you can talk to this person. And I know who the person is, but I won't mention their name. I'm sure those kind of things still go on. Everybody could get together and have a conversation in a place that was kind of like a demilitarized zone for hackers. Yeah, demilitarized zones for hackers. That's a really interesting way of putting it. I agree.
Is it true that every year hackers take over an elevator at some hotel and trap someone in it? I don't think they trap people in it. We have definitely taken over elevators all the time. I actually got a talking to. This is actually happening at Black Hat.
It was right after the Mandalay Bay had installed the card reader so that then you had to tap your room key to go to your floor. I was messing with it because that's what we do. And I knocked the cover off of it, and underneath it was there was an open, like, pin out but I was like oh cool we could probably connect to this and like get to any floor we want I'm like that's wild and then I ran my thumb across the pins and it shorted out and the light blinked green and I could tap any floor and so
I took a video with my phone really quickly where I just, I ran my thumb across it. It blinked green and then I tapped. like four different floors. The video was probably six to eight seconds long, I mean super quick, and I just posted it to my Twitter. and said, like, oh, solid whatever system they've got going on in the elevators. And seriously, within five minutes, my phone rang.
And it was the head of security for Mandalay Bay, who we work with because we're in the SOC and stuff. So we have meetings with them and tell them the type of stuff we're seeing and all, whatever. And he's like, grifter. And he's like, you're supposed to be on our side. And he's like, will you please take that down? And I was like, I can't. And he was like, no, please take it down. And I was like, I'm sorry, I can't. I've already posted it. It goes against everything, I believe, as far as like.
it should be better than you should call whoever installed that system on the elevators and make it better. And he was like, ah, and then he hung up and he called me back and he was like, okay, look, I talked to this person, blah, blah, blah. Would you be willing to take it down for X amount of time? And then he said the words I didn't want to hear, which he was like, under responsible disclosure.
You have now let us know that a vulnerability exists. Please give us time to fix it. And I was like, damn it. So I deleted the tweet. He played your game. He totally did. He totally did. And so I took it down and they fixed it. Is it true that someone set the pool on fire one year? Set the pool on fire? Yeah, like there was smoke coming off. Oh, no, no, no. It wasn't fire. It was a massive amount of liquid nitrogen.
So it was at Defcon 8, 9 or 10, somewhere in there. It was at the Alexis Park. It was pool two. And the beverage cooling contraption contest had done there. their cooling contest out by the pool earlier that day. And a lot of people had liquid nitrogen. That was the go-to, how they were going to make it cold fast. And then they took all the containers of the stuff that was left over and put them in the little pool house area that was next to the pool.
just for storage and then when it was at night there was like a party going on out there and like one of the guys was like oh shit we've got all this liquid nitrogen let's let's see what happens and they just dumped like gallons and gallons of liquid nitrogen into the pool and it It was awesome, and it made this cool steam effect. There's some pictures of it out there somewhere. Then the next year, they did it again, and a bunch of people threw blocks of dry ice in to try to, you know.
increase it like of course like everything we'll try to one up ourselves every time After decades of going to hacker conferences, there are hundreds of stories like this that Grifter has. It's truly a unique experience, and you never know what to expect when you go. I once saw Will Smith at Def... and Deadmau5 was just there last year just walking around checking the place out. I am what I consider or what I define myself as a high-functioning introvert.
So I can get on stage in front of 10,000 people and crack jokes and have a good time and all whatever, and it's fine. I can go out into the hallway and have an inflatable dinosaur battle with my friends. and have a blast. I can act like a complete lunatic for the entire time that I'm in Vegas with my friends, and it's great. but then I crawl into a cave and recharge for weeks afterwards, or I go back to my hotel room. Even during DEF CON, I did it a couple times this year.
where it's like, I'll just go to my room and lay on the bed. I actually did that right before your party this year, where I was like, I'm just going to go back to my room, I'm going to take a shower, I'm going to lay on the bed and play a game for a little bit, and then I'll go out and be social.
Black Hat used to have a thing they called the gala reception, which was basically just drinks, and it was like an open bar, and it was a couple of hours, and all the attendees were invited, and you'd just hang out and chat. And I was in my room after volunteering all day, and I was like, oh, I don't want to go to this thing. I forced myself to go.
And I walk into the reception and I hear some guys that are near me mention a book that I had just read. And I stopped. And I was like, oh, that book sucked. I'm like And the guy kind of chuckles and he was like, oh yeah, why? And I was like, okay, well, the structure of it is this, it's lacking this, it doesn't talk about these things, blah, blah, blah. this book is better if you're looking at that topic and he's like oh okay so i was like hey it's been a pleasure chatting with you guys
You know, it was nice to meet you. And the guy was like, wait, let me give you my card. And he hands me his card. And he was the vice president of the publishing company whose books I had just been eviscerating. for the last 45 minutes. And I just looked at him and I was like, oh, and he was like, oh, and he's like, hey, look, man, I really appreciate all the candid feedback. And he's like, I want to put you on a list.
that I have where when we put out a new book, we'll just automatically send it to your house. You let me know what you think of it or whatever. Would you be down to do that? I was like, absolutely. Well, that relationship grew stronger between Grifter and his publisher. to the point that the publisher asked Grifter, hey, if you were to write a book, what would you make? And Grifter said, there should be a book on how to defend your network by attacking back at the people attacking you.
which i think is ridiculous defenders can't be on the offense they can't be aggressive But he was pitching this idea and the publisher was liking it. I was like, look, dude, I don't know how to write a book. I don't know how to do that or whatever. And he's like, that's fine. We got editors. We'll teach you. He's like, why don't you do it with a few other authors? Just co-author it. Then you can break it up into chunks. You'll act as the technical editor and make sure that everything is legit.
And I said, yeah, I'd like to do that. Fine, let's do it. And then I picked a few of my friends that I wanted to do it with me. And when I gave him the list of friends, he was like, these are some pretty heavy hitters. So are we going to get these people? And I'm like, they're just my friends. Like, I don't know. And so it was like Dan Kaminsky, Bruce Potter, Pyro, like, you know, Chris Hurley.
He's like, all right, let's see what we can do. And all of them agreed to do it. And then we put out a book. But that was the thing about putting out a book, was I was like, am I really just going to put Grifter? on the cover of this thing I was like, I cannot publish a book and not put my name on it for me personally it was like i want to see it on the shelf in a library and be like that one's mine so i i made the decision that i was going to put on there neil weiler aka grifter and that was
That was it, man. The cat's out of the bag. So the book is called Aggressive Network Self-Defense. And for 10 years, I was a network security engineer, and I had read quite a lot of books. And this one... This one never showed up on my desk, and I think it's because I wasn't interested in aggressive self-defense. This is crazy. This is a crazy book. Aggressive self-defense network style. What is in this book?
Well, it was essentially like there's this thing that we deal with as defenders like every day within these companies we work for and as individuals where you're being attacked constantly right and you're like When do I get to swing back? And because of my upbringing, right, because of the way that I was, I wanted to swing.
Right. And so I didn't like the idea that we were in this defensive position where somebody could not just poke us in the chest because like getting port scanned was like getting poked. Right. It's not a big deal. Somebody looks at you sideways, gives you a dirty look.
But it's not just getting poked. They're full on attacking you and you just have to go, well, how do I block that? How do I make that stop? How do I do whatever? Or they break in and you just go, oh, I've got to get them out. And in my head, I was like, stop them for good. Like, you know, cut them off at the knees. Attack what they're attacking you with.
And I would get so much hate from people about that because they were like, well, you don't know if you're actually attacking some grandma's computer because it's not. It's a jump box. It's not likely that the person that you're attacking is that that's their machine. And I'm like, yeah, but then let's... get rid of their resources then. If we knock the machine that's doing the attack offline, then the attack stops. And that's what I'm concerned about.
Because they're costing us money by launching these attacks against it. They're costing us time. They're costing us stress and all these other things. So if I don't care if it... If it's some grandmother's computer, I need it to stop attacking my network because it's eating up bandwidth, it's eating up cycles of my analyst, it's eating up all this stuff.
like, okay, you've lost control of your machine, and I need that machine to stop attacking me. So I'm going to send it to the bottom of the digital ocean. That book is 20 years old at this point, so it's useless, but it was fun to do. all this experience running the black hat knock has given him a very sharp skill set to be able to detect and stop some of the most crazy attacks ever volunteering there gave him fantastic experience which
gave him great opportunities in his career. So now, I recently took a position at a company called Coalfire as the VP of Defensive Services. Prior to that, I was with IBM's X-Force for three years, running their global threat hunting program. Prior to that, for the seven years before that, I was at RSA Security. where I started and ran their threat hunting program around the world.
I spent a lot of the last over a decade at this point really focused on threat hunting, on going in and finding attackers when they've already bypassed your security and they're in the environment.
So I would go into a company and I'd sit down with their security team and I'd be like, tell me about your environment. And they'd be like, well, we have these technologies that are deployed in these ways. Our network's set up this way. This is how we do these things. It's segmented this way. We have this, we do this, blah, blah, blah, blah, blah.
And I go, okay, great. If it was me attacking you, I would hit you here, here, and here. So let's go look and see if somebody did that. And then we'd go and see if they... were attacked somewhere or got breached somewhere and In the decade plus that I've been focused on hunting, we always find something, whether it's an active attack or it's evidence of a previous attack.
Or it's an employee who's doing something outside of policies or whatever. Of course, I wanted to hear a story about a threat he found in the network. We were doing an engagement where we were asked to come into a really large financial organization. And myself and another hunter, Pope, you know, Pope and I went out on this hunting engagement.
I do know Pope. He's the organizer at St. Con in Utah. Fantastic conference. You should definitely go if you're in Utah. So him and Pope go to this client. It's massive. And they have huge security teams there. No expense spared to keep this place secure. Which has to be stressful, you know, to walk into a company with this level of security and you're expected to find things that they didn't already find?
And so he sits down with their director of security and starts looking through the traffic. He's looking for protocols that shouldn't be there, or outlines. He sees FTP traffic in there. FTP is the file transfer protocol. It's just a way to move files from one place to another.
but it's insecure and has mostly been replaced by more secure protocols now. It's like there's a really low number of FTP sessions, so we could go through those fairly quickly, and he goes, oh, we don't use FTP. And I was like...
well, great, this is a good example then because we can go through this really quickly. And he was like, no, you don't understand. We don't allow FTP. There are no clear text protocols. And I was like, okay well that's great but it's here like i can it's here i can see it and i was like so why don't we just look at it and he's like all right
And we look and it's FTP traffic going to a host name, not even an IP address, but a host name that ends in .ru. I mean, we're not even trying to hide, right? And... I was like, is that normal? He's like, no. And I'm like, okay, well, let's see what's happening. And it's like, okay, it looks like it's sending out these files at like one o'clock in the morning. Do you want to see what it's sending? And he's like, yeah. And so we just did file extraction. like it's a zip file even like
not an encrypted container, just a zip file. I'm like, well, I can't open it because it's not my company, but you can open it if you want. So he opens it, he opens it up, he looks at the document, and then it sounded like somebody punched him, like this sound came out of him, like this. And the wind just got knocked out of him, and then he closed it. And he goes, you didn't see that. And I was like, okay, well, just out of curiosity.
what didn't I see? And he was like, that is every financial transaction and trade that we've made in the last 24 hours. And I was like, oh, so. And he's like, how long? How long has that been going on? And I was like, okay, let's take a look. And we started digging into the logs. And they only had six months worth, which was wild.
connection to an FTP server in Russia. The IP address was also geolocated to Russia. So we're like, okay, it looks like that's where it's going. That happened every night at one in the morning for six months. And that's as long as we had logs for it. So we were like, who knows how long that's been happening. And this is an organization that has Hundreds of people on their security team, 30-plus people actively working in a SOC just down the hall.
all of the different technologies that you could possibly ask for, but they had tunnel vision because they were like, we don't use that, so we don't even look. Now you would think that if something like FTP is not allowed in their network, that there should be a firewall rule blocking it. I mean, that's exactly what a firewall's job is, to block network traffic that shouldn't be allowed. And who knows, maybe they did put a block in at some point.
But it wasn't blocked now. Maybe a new rule superseded the FTP block rule, or maybe someone accidentally took out that FTP block rule. These firewalls can sometimes have hundreds of rules of what's allowed or not allowed, and it's confusing to know exactly what it's doing sometimes. But what's more is how did these file transfers get triggered?
It must have meant that someone got in this network and set up an automatic script to scrape the data and send it out. That's scary to realize that someone did that in their network right under the nose of their 30 engineers all looking for that threat. How did this hacker get in, and how do they get them out? There's millions of things to do once you discover something like this, and it feels devastating to experience it. It really does feel like you're getting punched in the gut.
And you know, as I think about this story, This is one of those typical I heard at DEFCON stories. Which, here's Grifter's telling me, so it practically is something I heard at Defcon. But it's one of these stories that I hear that was never told publicly. A major finance company was hacked and every financial trade was being spied on by some foreign entity. That sounds like a big deal.
And I wonder what the fallout would be if that story were to go public, you know? Would there be lawsuits? Would the government slap fines on them? Or to think... How bad does that company not want that story to go public? At what drastic lengths might they take to hush it up and keep it quiet, you know? I have a dream about this show that one day someone will tell me a banger-level story that would be huge news when it gets published.
some wild whistleblower type thing. That would be fun, wouldn't it? I mean, I've heard some pretty insane stories that would be really big news stories if they came out, but the people who told it to me, I promised I wouldn't ever repeat it. But I think it's just a matter of time, though, that a story does come across this show. Really make some waves. Someday.
But the threat hunting thing was great. I wrote a framework with a friend, and that created some really cool opportunities. We consulted. Congress and, like, NATO. Like, I've gotten to consult foreign governments, some of the largest companies in the world. It's a strange space, this InfoSec space, because we're, like, hanging out with criminal hackers. Like, you are a criminal hacker.
and then you become this consultant for Congress and governments, and you're there to stop the bad guys, and you're there stopping threats. But at the same time, you're going to DEFCON, which is where you're meeting even more hackers and more criminal hackers. And I don't know of any other thing that we're just as friendly with the bad guys as we are with the good guys.
as it is with cybersecurity. Yeah, it is kind of a, it is a weird world that we live in. And I think ultimately the thing that ties it all together is that we We like to learn. We like to chase. We like to hunt. Cybersecurity is an incredibly stressful field to be in, but it also is incredibly satisfying as far as like the cat and mouse game that we play about the opportunities to learn new things.
about how one day you wake up and everything is fine and the next day a vulnerability drops and somebody has exploit code for it within hours and everybody's hair is on fire. And when those things happen, when those moments come and everyone's freaking out. I don't know, something about that situation that just makes me go, all right, game on. I got really, really lucky. The thing that I started doing when I was 11 years old, because I thought it would be cool.
turned into a career that allowed me to put food on the table for my kids. put a roof over their heads, and has allowed me to travel to all of the places that as a kid I used to go to only digitally because I thought I would never get to go there. A big thank you to Grifter for being so gracious and kind to give me his time.
in his busy schedule and to talk with us like this. He has so many more interesting stories, and I feel like we barely got started with him. I mean, I've had dinner with him a few times, and I've heard so many more, and they are hilarious. I mean, you can imagine all the shenanigans going on at DEFCON and Black Hat every year. He's given a ton of talks at conferences. So if you want to hear more from him, just go to grifter.org and you'll see tons of stuff there.
real quick before you go do you know that you could have 11 bonus episodes of this show in your ears right now yeah 11 all you got to do is support the show I did the math less than 1% of you support the show and that's cool no shade because i love making stuff and giving it to you for free so i'll keep doing what i love but man when people do pitch in and give me a little something back it feels damn good it's like One of those hugs that feels extra genuine.
and you can feel it long after it's over. So please consider supporting the show. visit plus.darknetdiaries.com. I'm just asking for you to buy me a cup of coffee once a month. Actually, I switched to matcha, but you get it. This episode was created by me, The Space Bar, Jackery Sider. Our editor is the key master, Tristan Ledger. Mixing done by Proximity Sound, and our intro music is by the mysterious Breakmaster Cylinder.
My girlfriend, she said she needed more space. So I got her a four terabyte drive. This is Dark Knight Diaries.