The sim swappers don't care. If they can spend 20 minutes and take $3,000 from you, that's pretty good payoff. But at this point with all these data breaches, it's made it so easy that everybody's become a target. ["The Bitcoin Podcast"] Greetings and salutations, my fellow pubs. My name is Walker and this is The Bitcoin Podcast. The Bitcoin time chain is 852632 and the value of one Bitcoin is still one Bitcoin.
Two days episode is Bitcoin Talk where I talk with my guest about Bitcoin and whatever else comes up. Today, that guest is Mark Kreitzman. Mark has over 20 years of experience in enterprise cybersecurity and is currently the general manager at Afani Secure Mobile. Afani is a cybersecurity focused mobile service provider that offers secure plans on Verizon and AT&T networks. But unlike Verizon and AT&T, Afani protects you from sim swap attacks.
You may have heard of some high profile Bitcoiners like Mark Moss, Preston Pish, and Jeff Booth. All get sim swapped fairly recently. So I thought it would be a great idea to do an episode devoted just to this. If you do not know what a sim swap attack is, that's okay. Don't worry, you're about to find out how it works, why you should care, and how you can protect yourself.
Mark also gives some great general tips on how to lock down your digital life, which I think you're gonna find really useful. I've also partnered with Afani. So if you wanna get $99 off your plan, go to afani.com slash walker and the promotion code will automatically be applied. That's E-F-A-N-I dot com slash walker or just go to the show notes.
Speaking of show notes, if you'd rather watch this show than listen, head down to those show notes for links to watch on YouTube, Rumble, and now on Noster via highlighter. But if you're like me and you prefer to just listen to your podcasts, I highly recommend you check out fountain.fm. Not only can you send Bitcoins your favorite podcasters to give value for value, but you can earn Bitcoin just for listening to this and other podcasts.
And if you're already ahead of the curve listening to the Bitcoin podcast on fountain, consider giving the show a boost or creating a clip of something you found interesting. Finally, if you are a Bitcoin only company, interested in sponsoring another fucking Bitcoin podcast, hit me up on social media or through the website, bitcoinpodcast.net. Without further ado, let's get into this Bitcoin talk with Mark Kreitzman. Mark, thanks so much for joining.
I'm excited to pick your brain a little bit today. I think there's a lot to dig into here. Absolutely, looking forward to it. You know, so I was pretty eager to take this call with you because I think that the topic of simswap attacks is one I've been personally aware of for a decent amount of time, but then it feels like in the past six months or so, I personally know multiple people, some of whom are higher profile folks who have run into some really significant issues with this.
And I think it's one of those topics that people maybe don't educate themselves too much on until it's too late. So I've got a lot of kind of questions about getting into the nitty gritty of that, how you guys do things at Afani. But I wanna maybe just start out so people kind of know you, know your background, know what you're bringing to the table here and why this is so important to you.
Can you just start us off by just telling us, who are you, how did you get here today to be doing what you're doing? Yeah, absolutely. So I was born a tucky and I got into the startup game in the cybersecurity business before it was called cybersecurity. I think I joined 2001, company called Big Fish thinking, what did I do? Because I worked for AT&T at the time and changed the name to Frontbridge. And I worked for a couple of different founders.
So Frontbridge was an email security company and that got purchased by Microsoft. So I had the taste for startups. So I went to a cloud based web security company called ScanSafe that was acquired by Cisco Systems. And so again, the thought of going back to a big company just wasn't something I wanted to do. So I went to another startup out of Southern California that was in mobile security. And so I worked for them for a couple of years, for about six or seven years.
And then I was kind of in between projects. And then I ended up getting SimSwap myself. And so I was kind of playing around with my own startup in crypto. Around 2016, I started getting into Bitcoin. And then in 2017, 18, I wanted to have my own startup. Then I got SimSwap and then that became my career. And it was a painful experience. But I searched out the only person who would claim that they had solved it. He happened to be part of a startup that was building a big Bitcoin ATM network.
So he hit it off. And he had solved it for himself. So the first thing that was done was established the name of Afani. And it's been now almost five years under the Afani brand. We're coming up on five years, somewhere around November of this year. And so I've been involved with this will be probably my 10th or 11th year involved security in around. You've got the pedigree for it. And unfortunately, the personal negative experience with it to kind of move you in this direction.
And it's funny to me because we still call these phones. But it's our lives in our pockets, basically. And I think that's what people we kind of intuitively know it. But we still call them phones. And that's maybe it's a computer that holds basically all the secrets of your life, all your access to everything. And you carry it around with you everywhere you go. And then you trust some big companies that you assume are pretty secure to take care of the back end of that.
And obviously, problems happen. I'm wondering if you don't mind discussing a little bit of the specifics of what happened. So you were sim swapped. You were in fact a victim of what now your company Afani is working to prevent. Can you talk about that experience a little bit for anybody who hasn't gone through that? Hopefully you never will. But you might. So can you kind of just walk through like what happened? How did you figure out it was happening? What did you do? Yeah, absolutely.
So at the time, I had 19 years experience of building cybersecurity companies. So I thought I had it totally covered with my carrier. And I had actually changed the rules and my profile that to make any changes on my account, I had to be there in person with both the driver's license and a passport. And you know, the pen and everything. So I thought it was the last thing on my mind. So I was driving to visit my parents.
And I happened to be in the middle of the Arizona desert between Phoenix and Tucson. And so I was talking to my dad. And I was like, oh, I'm going to be there in about 50 minutes. And then the call gets cut off. And so I thought, well, I'm out in the middle of nowhere. So the carrier must have just lost coverage. And then an air came up, said no network detected. And so I started to think, oh, no, did my mobile account get stolen away? And I started to kind of get panicked.
And I'm looking around. I don't always see the desert. So there's no Walmart. There's no pay phones at gas stations anymore. And so I either had to go to the nearest Walmart. It was like 30 minutes away and beg somebody to use their phone. Or just 45 minutes and go to my parents' house. So I chose to go directly to my parents' house. When I got to the garage, the Wi-Fi kicked in. Six passport resets went up right at my phone. And that's when I knew, OK, I suspected that's what happened.
Now I know that's what happened. My mobile account is stolen away. So I run in the door. And my dad wanted to hug me. And like, oh, because he hadn't seen me in a while. I'm going into your office. I got an emergency. And I called the carrier. So they thought I was the hacker. And that's what they were saying. Like, how do we know you're not the hacker? So the verification took longer. And then I'm like, you know, I panicked. And I called you on my phone. I dialed the 6-on-1 and get to him.
And I'm like, how am I even talking to you? Is there some feature on the phone that allows me to call you even though my son is in it? And he's like, no. That's a good question. So he looks. And he says, oh, what they did was they moved your account back. So they stole my mobile account for 61 minutes. And then they moved it back to my phone to hide it. And at the time, I was like, OK, great. Well, I have my account back. But then as every hour on 5, I have to sleep at some point.
So for the next 90 days, I wasn't sleeping. Because every time I went to bed, I was like, man, are they going to take my mobile account away and push it back? And so if I woke up at 3 in the morning, 5, 7 in the morning, every time I look at my phone, do I have LTE? And so I didn't use Wi-Fi for a couple months because I thought that would mask the issue. I'd wake up and I'd have my Twitter updates, emails, and I think nothing was wrong.
And so it was through that pain that I thought somebody had to solve it. And there's reactive solutions. There's mobile apps that'll claim that they'll let you know that you've been since swapped. But after you've been since swapped, and it's kind of irrelevant. And so made the right connection, had the right level of pain that I was willing to do this whole new start-up and drop what I was doing. That's how painful it was. And so now, 4 and 1 half years later, here we are.
And we've grown a big amount this year. These data breaches that keep happening are pretty scary. So every time one of these happens, I'm just very thankful that I'm working for a FONI, but that a FONI exists. I can imagine that 90 days was not very pleasant whatsoever. Worried and sleep deprived. I lost cloud information. I lost some crypto. They got into a bank app, but they chose. I had a few bank apps on my phone, but they chose the bank app to get into that.
I barely had any funds in it anyways. And so, yeah, it's kind of scary when they get it, when they get that kind of access to think, like, who could that be sold to? Am I going to get attacked a year from now, or a year from now? It definitely plays on your mind. No, I believe it. And I mean, it's one of those things too, where it was probably almost a little bit more disconcerting that they were the ones who gave you the access back. Like, they flip-flopped it back.
So it's like, okay, they were only in here for 61 minutes. They clearly got something that they wanted, and then got back out. If you would have just been in the middle of the desert, and maybe you didn't have the service from the carrier in general, maybe you just wouldn't even have noticed if you hadn't been on the phone with your dad. So I guess that's a fortunate thing.
And I'm wondering, because I want to get into, as well, exactly how a FONI works, and kind of what your mission is there, and how you're taking care of people. But I think first, just for anyone, they've heard this personal experience of yours, but they still may be wondering, like, okay, wait, what do you mean, sim swap attacked? Like, how does that actually work? So can you kind of walk through a little bit of the mechanics of the typical sim swap?
Are we talking just general social engineering? Are we talking some sort of a technical hack? Are we talking inside jobs? How does this actually work for most sim swap victims? Yeah, so it's always good to define what a sim swap is. So there's a legal sim swap that sometimes people call it port. And so let's say you have an iPhone 11 today, and you go by the iPhone 15.
So when you go to the store, obviously the store, when you get the new phone, and you say, okay, I want to move my phone number over to this new phone. So that's a legal sim swap. They're changing your mobile account to point from your 11 over to your 15. And each of those phones has a sim or e-syn that your mobile account points to. So what a sim swap attack is, is where a nefarious person gets your carrier to point from your iPhone 11 over to their phone.
And they could be your next door neighbor, they could be 4,000 miles away. And now your phone goes dead, but your mobile service is now pointing to their phone. And now they have access to your voice, your data, your SMS. When they call somebody, it's coming up your phone number when they text somebody so they can impersonate you.
But what the main thing they're trying to do is to figure out then what applications you use, and then just say forgot password, forgot password, forgot password, all the way down the line, and also then it was like an authenticator app. And so if they say, hey, I forgot my password, and it says enter your six-digit authenticator code as an example.
So now they know that, okay, this person was using authenticator code so they can try and get into your emails and daisy-changing that, and then try and reset your authenticator app. And so if they're a professional and you give them enough time, then they're gonna break into everything that they possibly can.
And it's not always about money, it's not always about crypto, it can be just about pictures and data and tax information, something to harass you, something to blackmail you with, dating apps, anything that they can, to either gather your information for a later attack or to sell it, including trying to rip you off at that moment. And in terms of how they're doing it, so social engineering is the easiest one, where they would call up and pretend to be me.
And there's really no penalty for this, right? So if I went into a phone store and I pretended to be Mark and pretending to be somebody, and they can't verify me, then there's no penalty, I just leave, I go to another store, try it over and over and over. And each time they may learn, like what information do I need?
And, but they'll go in there with fake IDs or they have a buddy that works at the store, like a third party store, who will do a fake, the verification and just pretend like it's the right person and verify it. But there's also insiders, there's also bribes, that you can find this online, cops have arrested a number of people that have taken bribes and that we've seen it range from anywhere from $300 to $3,000 just repetitively like since a lot of people.
And I'm sure like these insiders, where they work at a carrier, they're probably got to cut and target people and go for a big amount. Because people are losing, especially in the crypto space, Bart Stevens, the founder of blockchain ventures, he lost $6,000 a bitcoin on a SIM swap. And what somebody did with him was they impersonated him, they went into a store and then he bought a phone and a line off of his account.
And so a lot of people don't think, they kind of forget, they've given the carrier their social security numbers. So in a sense they signed up for traffic. So somebody went in buys a phone and a line as account, then they go home and call the 800 number and say, and they're calling from a line on your account now. And they've got a phone, they didn't, the device ID and the NZ number is gonna match the record with the carrier, it's as much easier to impersonate.
So they call the carrier and say, oh, I wanna move my old line to my new phone. And so that's what they did to Bart Stevens, that's one of the faster growing methods. And I thought about doing a video on it, but I don't wanna create like 10,000 more SIM swappers by telling them how easy it is to do that. But the one thing that's really, there's two things that are feeling this though, is one is AI tool.
And so, a lot of people kind of forget that their entire life is a profile and related to their mobile number. Like I don't need to know somebody's name, their history, if you just give me their mobile number, then it's very easy to use these tools to go three layers deep, but every job you've had, every address you've had, every landline, every email associated with you.
And so people can now like test ahead of time, they can figure out what are all your emails associated with you, then go into Coinbase and just say forgot password and test each one. And you know, see what they kinda, you know, they get. The other big thing that's feeling are these data breaching. And so I don't know if you've read about this data breach that happened, but they just announced last Friday. But it was a company called Snowflake.
And there was 160 companies that had loaded customer data up into Snowflake. It's Snowflake's one of these big data companies that allows analysis of this data. And AT&T was one of those. So AT&T loaded up 110 million records into Snowflake. And they also used call records and SMS records as well. And Snowflake only used the login and password. They didn't use an authenticator app. They didn't use even SMS verification, no UBIKI, nothing.
And so these hackers find out about their lack of security and they start sending out malware to people's devices to gather login information. And so AT&T's 110 million customers. And it was dated in 2022. So it wasn't recent data, but it was the second half of 2022. And hackers took 110 million records from that. Of just AT&T, but they got Ticketmaster, all their customer data, advanced auto parts had 2.3 million people.
And that includes social security, all this PII information about the people. And so the total amount of millions, it must be like 150 million plus, I'm guessing, but AT&T took the brunt of the news. And this actually happened, they discovered it in April. But our federal government said, well, for public security, we have to hold this announcement. And so they finally announced it last Friday.
So I don't know how that is helpful to not let everybody know, but it uses these companies, it's like a lot of big name companies. And it's crazy that they would load up all of their customers' data in a third party tool without asking them like how secure is that. So that's information where these AI tools, you run it on that. And social engineer now, these carriers.
So imagine the information to do like tax fraudsters where they file early, your taxes early and have the refund sent to certain address or identity fraud, taking out loans, people's names. These companies, there's gonna be a massive loss. It's gonna be a massive loss. It's insane to me that this snowflake didn't, that their own internal security to protect 150 million records was so lax. I mean, that's just insane.
No, I've been in a startups where I know, you can just know there's probably one guy that multiple people went to and said, like, don't you think we should have security? And there's probably one guy who's like, yeah, we don't need it or we'll do that. And it's like, yeah, it's very unfortunate. People just don't really know about it. I mean, it's hit the news, but not like, it's not like a national. And that I've seen anyway, but like security publications is pretty big.
I mean, and again, it's because we are in a digitally connected world, I think, we as humans maybe still haven't caught up to the fact that perhaps some of the younger folks have, like they've just grown up as digital natives. They may be intuitively know a little bit more, hey, it's out there.
But for folks that are on the older end or middle age into the spectrum, like this is still all kind of a new frontier where literally there are fingerprints and footprints to everything you have done, like you said, to all of your past addresses, to anything you were connected to, and it's just out there. And odds are you've probably been involved in one or two or more data breaches that you're not even aware of.
Like, unless you're, and even if you are monitoring these things, you know, you're checking to see, OK, is my information appearing on various dark websites. Even then, there's not so much recourse for you. It's like, it's out there. You know, the genie doesn't go back in the bottle. You're kind of screwed.
And so I think the more information that's out there about people, it's like, well, that becomes a lot easier to construct target maps of, OK, what kind of, if you are, if we're talking about a sophisticated group of people who are doing this as a, you know, a business, an illegitimate business, but a business operation where they're saying, OK, let's find the best possible targets to then take and go simswap these people and strip their lives from their mobile devices.
Like, it's kind of a terrifying thing. And I feel like most folks would rather just not think about it, like, OK, it's not going to happen to me. It's, but, I mean, but this isn't just big name celebrities that we're talking about. This isn't just, you know, Bitcoin millionaires that we're talking about. Like this happens to normal people. I don't know if there's just any kind of stories that you have to bring that home a little bit.
So people understand, like, just because you're not a big name or some public, you know, some public figure, like you're not immune to this. In fact, they may look for that because it's some lower hanging fruit. You probably have lower security. Maybe you're not as attuned to these threats that are coming your way. Yeah, so it certainly if you go back like four or five years, it was it was mainly like VIP sort of really like celebrities.
And then it became the targets and influencers are trying to take their YouTube account away. People spent eight years building up and then rancid in the back. When crypto came along, then that took, you know, that was basically like 99% of the target for a while. And so definitely if you're into crypto in any way, then you are a target and it doesn't like if you, you know, own your own jet or you only have like $2,000 with crypto, the sim swappers don't care.
If they can if they can spend 20 minutes and take $3,000 from you, you know, that's pretty good payoff. But at this point with all these data breaches, it's made it so easy that ever that everybody's become a target. We've all been, you know, in data breaches. I mean, we we're actually releasing a tool and we're hoping to do it by the end of July, but we call it phone number scan, we put in your mobile number and it's going to show you how easy it is just to get some basic information on you.
And we actually released this body of data breaches this about 18 months ago is kind of like a pilot. And at that at that point, it searched these databases for like, is your information part of any data breach? And so, you know, I did it on my number and I was part of one of the biggest data breaches there is.
And and so I would be surprised at this point if somebody could be alive today and have a mobile phone for four or five years and not have been part of some kind of debris, whether it's like a travel bureau or the government or, you know, hospital system at this point. And so it's just it's kind of a matter of just kind of when you're going to be the target. And there's only so many, you know, hackers out there.
I guess that's the good thing is so much data has been released and it's made so many targets. So that may be the only defense that somebody has is that so many people not going to be targets and there's only so many hackers.
But, you know, the more that these hackers have tools to break in, you know, certainly AI, I mean, I had a long conversation with this guy from AI and I just ended up, you know, scaring me more about what, you know, where he said AI was going and, you know, his prediction is that it won't be very long where a hacker could actually ask AI, you know, how would I have mark, how would I hack this person after us?
And that it would look at their profile and what applications they use or mobile service they use and look at all these elements and actually come up with a plan of like, here's the weakest link and here's where they may be the most horrible and here's where you may be to get, you know, the most money. And it's really just a matter of time like all our information gets uploaded into, you know, these AI tools. And I don't know how you prevent it.
I think that's kind of what Elon Musk is warning about. It's like, you know, right now, like if our information gets loaded into like one of these data brokers, like your criminal record, you know, you can pay services to go and have it removed, right? And then 30 days later, it'll be loaded back in because they have web crawlers. So you can pay people that continually, that they're going to look for that and delete it.
But once information gets loaded into AI, you know, who are you going to go to at that point and say, hey, you got to remove that? And right now I'm out of order of that, you know, existing. And so I'm sure somebody's going to turn AI into, it's kind of in a very small bit. But, you know, right now that, you know, the AI is not really needed. I mean, it's just going to make it easier. There's just too much information on all of us out there to, for these bad people to, so easy for them.
It's like, why not do it? Like the risk of them getting caught. Like I said, like you could call on me, you know, somebody can call and say they're me to every carrier to try it 20 times and there's no penalty. Well, I mean, that's the thing is that, you know, we're using terms like hacker and things like that.
And for when we're talking about these large data breaches, like, yes, that's people who have some, usually significant proficiency are doing, are executing those breaches, are, you know, putting that, you know, sending out that malware and are extracting data afterwards. But it seems like when it comes to, to sim swap attacks, it's really actually not like, it is more of a social engineering game.
So if, yeah, if, you know, anyone without any, you know, you don't have to be a, a genius computer programmer to go and buy some information off of the dark web to then put together a list of people you want to try to hit and to make a bunch of phone calls. Like that's a, that's a pretty low, low skill, maybe high effort for now, but pretty low skill endeavor. So I think that's the, that's kind of the scary part to me is like these aren't necessarily geniuses executing this.
They've just figured out how is this system working? What do I need to say? What are the right things I need to, to tell the customer service agent or you're working with, or even better, you've got a man on the inside, perfect, that that's going to save you a few steps. But it's, it's worrisome. And I think that it's something that people do need to be thinking about. And especially, you know, as, as bitcoins price continues to rise, which we all know that it will over a long enough time price.
And it's like, you're what you may think of as, you know, yourself as an insignificant little, little fish swimming amongst these whales. Well, you start to become an even more attractive target to people. And again, that's, that's a little disconcerting, you know, a little bit of Bitcoin now is going to be worth a lot of fiat a few years down the road. So it's like, these are things you want to be thinking about now kind of putting best practices in place.
And, and with that, I'd love if you could just talk a little bit about, okay, because we've now terrified everybody a little bit with the problem. Uh, you know, hopefully not too much, but can you talk a little bit about how does Afani work? What exactly makes this different than a traditional plan that you have directly with a carrier? Why is this something that people should be looking at?
And, and what sort of, you know, assurances do they have that the same sort of thing isn't just going to, to happen, you know, with, with Afani that does with AT&T or T-Mobile, Verizon, whatever carrier they may have. Yeah, absolutely. And then just to address a really good point you made is, because I've often said like hackers is actually complimenting these people too much, just making it seem like they're smart. Cause, cause, uh, there's a 15 year old kid that stole around 26 million.
And, and, and there's been a bunch of teenagers that have, that have been busted, you know, they, they made mistakes. They went out and spent too much money and, and then ended up getting caught cause they just sounded very smart. But, uh, but that was a very, very good point. It's not about coding. It's about, uh, really social engineering and, uh, and, and if anything 15 or 16 year old kid may be better at AI tools than a, I don't know, a 50 year old.
Um, but in terms of what Afani does, it's very simple. So we're set up as a reseller of AT&T and Verizon. And, and I'll use the AT&T option as a, as an example. So, uh, obviously you can go up by eight directly from AT&T. And that means AT&T has all your information, your address, your payment information, your social security number, all the things that they would collect today and all the carriers do, but you could also buy AT&T through Afani.
And what that means is that Afani owns that account. They're not an AT&T customer. There are customers. And so one of the differences is that, um, when you, when you put your number over to Afani, we then, we lock it down and then everything we do after that is manual. And the reason that's important is because this industry is barely loose in a sense that like we have portals that give us access into every mobile operator in the
U.S. So if somebody calls us and they're like on Mint Mobile or, um, Google Fire, you know, T-Mobile, Verizon, they say, like, okay, I want to move my account to Afani. We don't need to talk to their carrier in neither today. They give us a couple bits of information and we can pull them over. And so that's the reason why when we port somebody over, we're separating basically the world from being able to do that.
But all the carriers have done this because they have so many people that leave and come, you know, to their service every single day that they want to make it super cheap if you want to leave. They don't want to have to talk to you and just like, okay, we're going to leave. And so the other thing that we do, it's different, is that so we don't give the carrier information. But the carrier doesn't have your name.
We don't even take your social security, but they don't have your name, your address, your payment information that they normally would. And so our customers are hidden behind Afani. And then Afani, we also use a front for ourselves too. So to the carrier, like AT&T, it just looks like you're an autonomous executive that works for a company that they don't know who they are. And so we're trying to make it as anonymous as possible.
So we're also locking out all of AT&T and Verizon, all their employees, their stores, their third party stores, independent retailers, and independent stores, because those stores don't vet people as much as a national owned store. And what we're doing is we're eliminating all the middlemen who can be tripped, bribed, part of the deal, they can be the hacker themselves. Or every time you call the 800 number, they can be collecting your verification information.
And then get a list of that and then sell it to StemSwap hackers or put it on the dark web and sell it. And so we're eliminating all of those people in the middle that have some control and influence over being able to report somebody's number out. So we provide the 24 by 7 support. And that's by phone, chat, messaging. And we also provide people any support email when they become a customer. And then we have just more stringent verification process.
So we're doing things that they would not be able to afford to do. The carriers would become non-profit if they were trying to do what we did. And so we're providing the network. So we're providing the voice data, SMS. And we provide it globally for anyone that travels globally. Wi-Fi calling, hot spot, and all of that. But you give the privacy from the carrier and all their marketing, and they sell data, third parties. And then you also get a StemSwap security.
But we also provide a $5 million insurance policy. And so the easiest way to sum up our business is we sell mobile security. And our job is to protect that insurance policy from ever being used. Because that's our business. That's our reputation. That's our business. Whereas what the carriers have done is they've slipped in arbitration clauses. And so if you get StemSwap, like let's say Bart Stevens wanted to sue his carrier, he's most likely going to find that there's arbitration clauses.
He's going to have to get an arbitration attorney, sue him. And so I talk to a number of attorneys. Because I've been asked to be an extra witness a number of times. And I've never accepted it. But I have attorneys that contact me to represent their victim. But because I don't have time for it, and I'm not trying to make money by the hour. But what the attorneys are telling me, they're settling for around 35% to 40%. And then they take their fee out of that.
So if you lose 100 grand, you're probably going to be lucky to get 40. And you're going to have to pay your attorney a percentage of that as well. And then you get probably an apology letter from Gary. And that's about it. And it was interesting the last time I got asked to go. The attorney had eight cases. And the same judge in all the cases. And so he said that the attorney had no idea where StemSwap was, wasn't technical. And the carriers defense was that every carrier is StemSwap.
And therefore, it's been normalized. And because it's normalized, we should not be held accountable for something that is just normal in the industry. Like tires go flat. And things happen. And I thought, that's kind of an interesting defense. I've never really knew that normalizing something could actually be used as part of the defense. And he said, you guys had never been StemSwap, right? Yeah, I said, that's why I want you guys extra wages.
And I also know one of the main guys that gets called into the report to the carriers. He's also one of our biggest fans, too. And so it's interesting to see what's going on. There's law firms out there that are now specializing in StemSwap law. And he's, and especially that data breaches that result in StemSwap. So it's bad enough for attorneys. And of course, I get a lot of attorneys to call me up saying, OK, I'd love to be your partner when you get to talk to a victim and send me a victim.
And I'll help and recover their money. So I get to see both sides of the victimhood, which happens even by the attorneys, too. It's interesting to hear that they would use that as defense. Well, it's like a company that sells poison food, being like, well, all the companies sell poison food. But I guess then again, if you've got, I mean, we're talking about carriers make a massive amount of money. They're incredibly interconnected into everything that we do.
They're obviously working hand in hand with the federal government. And they also obviously have incredibly powerful lobbyists that work for them. So you know. And they're the second largest advertiser behind Big Pharma on national news. And that's one of the reasons that's my theory as to why you never see this on national news.
But if you search on YouTube for local news, StemSwap will see the Dallas channel, Los Angeles, cities, all local news all over, born like their elderly people, like Grypto, and that kind of news is all over the place. So on national news, the only person who's ever really talked, made it that I've seen that made a negative statement about the carriers was Lou Dobbs.
It's been on Fox Business News, where he did a news clip on how federal government bought everybody's location data without a warrant. And then three days later, he was let go by Fox News. Probably not related, but you probably don't want to say anything negative about the pharma industry or the telecom industry, because they're paying like 97% of your advertising for the stations. So that's kind of the environment that we're in. They're great companies. It's kind of amazing talk, right? Right.
You have this cellular device anywhere in the world. So I don't want to like, I mean, they're not bad. They're not bad people. A lot of great people have worked at them, but they're huge and there's too many vendors. Like I was going to do a video on all the different vendors that make up just to make a text call, make a phone call. And I sort of map all this out of a call, all the different areas that companies, if they got hacked, you lose this. And the video would have been a three hour.
And I thought nobody's going to want it too much. And people think ATT owns their own cell towers. And Verizon, they don't. Like there's 108 different cell tower providers. And these cellular companies, these space, all these towers. And text messages are outsourced to different companies that handle fax. And so we're relying on so many companies that do one transaction on the internet. And all it takes is one rote person at one of those companies. And that's why we used to not sell on privacy.
We used to really just sell on sense swapping. And the fact that Carrier didn't have your information was really more of a quiet thing where it makes it harder for somebody to ever sense swapping. Because they can't walk into a store and pretend they're me. Because the store can't eat can't access my mail. But after T-Mobile got breached multiple times and Verizon then breached, now AT&T said two breaches in the last. They've announced two breaches in the last 90 days.
So they announced just three months ago, two months ago. I think it was in May. They lost 74 million records. And now 110. So some people's information's out there twice. And so now also the privacy, the fact that Carrier doesn't have information, he can steal what doesn't exist is now one of the reasons people are switching to a phone.
The absolute best and only way to make sure your Bitcoin are truly safe from hackers, sim swappers, and 15-year-old kids with way too much time on their hands is to head to bitbox.swiss. Slash Walker and use the promo code Walker for 5% off the fully open source Bitcoin only Bitbox O2 hardware wallet. Then get your Bitcoin off the exchange and into your own self-custody. Again, if your Bitcoin is in cold storage, even sim swappers can't touch it.
The Bitbox O2 is easy as hell to use, whether you're brand new to Bitcoin and it's your very first hardware wallet or you're a seasoned psychopath. And you've got more wallets than you'd like to admit. It is Bitcoin only. And yet again, it is fully open source. You can head to their GitHub and verify that for yourself. There's no need to trust me or Bitbox.
When you go to bitbox.swiss.walker and use the promo code Walker, not only do you get 5% off, but you also help support this fucking podcast. So thank you. Now, a lot of you listening to this show may already be deep down the Bitcoin rabbit hole, but if you're listening to this podcast and feeling a bit overwhelmed by all of this, don't sweat it. Bitcoinconsulting.us has you covered.
Some people go down the Bitcoin rabbit hole completely solo, but others want someone to guide them on their journey. If you are one of the latter, go to bitcoinconsulting.us.
Whether you're an individual and you want someone to help you with your personal Bitcoin strategy, getting everything set up and figured out, or you're a company and you want help integrating Bitcoin payments, implementing private projects, or just need some general contractors services, Bitcoin Consulting can take care of you. So go to bitcoinconsulting.us and book a consultation today. Again, that's bitcoinconsulting.us.
Well, I think, you know, for, especially just knowing the folks I know across the Bitcoin space, there's obviously a lot of desire to remain pseudonymous or anonymous or to at least, you know, it's a spectrum, right?
Cause if you're interacting with any sort of digital services, like as we said, at some point along the way, you've been fingerprinted, you've left a footprint somewhere, even, you know, perhaps the best example of somebody being really, really good at this was Satoshi Nakamoto, right? Who managed to somehow still, like, but that is the exception, obviously not the rule.
And I mean, this seems like something that if you are wanting to at least maintain some shred of privacy in one of the most important areas in your life, which is again, your mobile life, your mobile digital life, this is something you need to seriously look at. Because if not, it just seems like a massive security hole with so many different points of failure. Like there, there's just so many places along that spectrum.
And I, you know, until kind of looking in this a little bit prior to the interview, I wasn't even just aware of like the, how easy it is for numbers to be ported over. Like you get a couple of, of malicious actors who have been bribed at some local reseller and that, that's all you need. I mean, they, like you said, you know, you guys have the ability to go in there as long as you've got the permission and to pull this stuff out.
And luckily, you know, you guys are good actors in this space, but obviously there's a lot of bad ones too. And so if you're complete, like digital life is reliant on, boy, I hope one of these hundreds of thousands of people across this potential chain of attack vectors doesn't screw me over. It's like, that's kind of, boy, you gotta be pretty lucky not to get screwed over at some point, it seems. So it's, yeah.
Yeah. And then people, you know, make do simple, people don't really think about it, but they make simple mistakes. Like one of the things I tell people, you know, don't do this, which is like, they'll, they'll set up their, their phone with an email account, like an iCloud or like a Gmail on the Android account. And they, they use an email, which is the email they set up their Coinbase account, their Exodus account. They send emails to friends, they sign up on websites.
They, they use that for their bank account. And, and so, you know, people really need to spread that out. So, you know, I always tell people, set up your phone with an iCloud account, but only use it for that. Don't use it for anything else. You know, we're a Gmail account under the Android device, only use it for that. And you can, you can use other emails on it, but in terms of the account, just don't use that account.
And, because if you think about when you email somebody, you're sending them your login. And, and so a lot of people don't really think about the fact that, you know, they're using emails and, and it's become, and it's the login information from, for so many of their accounts. And they also, people tend to use the same, you know, pin codes for different accounts. And there's companies out there right now.
So one of the things that's happening is that, you know, the hackers are trying to, you know, they'll call you up and say, like, they're AmEx, or they're your, your cable company. But they've actually gone a step further than that. What they started to do is actually pay for advertising. So let's say you're, you have a problem with Cox Cable, and you want to call them, so you search Cox Cable support, and there, and there, a number comes up. So you call it thinking you're calling Cox Cable.
And of course, when they answer, they got a warehouse somewhere, you know, cheap labor, and it's Cox Cable, I'm gonna help you. And I'm not picking on, I'm not saying this happened to Cox. And so it's like, okay, what's your username? Okay, that matches our records. What's your, what's your pin code? Oh, that matches our records. What's your local number? Like, and then they gather the information. So okay, you're verified.
And then, and now, meanwhile, some, you know, they're shipping that off to somebody else, who's then gonna try and hack, you know, with that information. And so they're actually trying to get people to just proactively call them. And these are the kind of things that are happening. And, you know, you can imagine, like, if you're 70 years old, you don't really think about this thing.
You just, you know, assuming that, well, the internet told me that this was the number for, you know, Warner, Warner Cable, or whatever it is. And then people call it volunteer their information. I mean, and that's the thing, like, this is a problem even for, quote, tech savvy people. This is a huge problem for folks who are not at all tech savvy, who don't really barely understand how to use their phone and don't understand how much things have progressed, how much they are potentially at risk.
And like that, that kind of just like makes me sick to my stomach to think about all the people that are just incredibly vulnerable out there, who are, you know, probably a lot of them on the older end of the spectrum. And we're talking about, you know, having your identity stolen, having your life completely turned upside down, just because, you know, you weren't aware that this was even a threat factor for you.
And it's- And people in Bitcoin are some of the most technical people, you know, on average, I would say, they're much easier to talk to because they tend to be on the more technical side. And yet, you know, they're probably most victims of this like right now. And so, you know, even if you are technical, it's like, you know, the best story is cold story. And you can't hack that, but if you got, you know, crypto on an exchange or on a online wallet, then, yeah, it's vulnerable.
Yeah, that is a great reminder for folks. It's like, if you had, you know, to get your Bitcoin off the exchanges, take it into your own self-custody in cold storage, use a Bitbox 02, Bitcoin only hardware wallet. If you want to support the sponsors of this show, just throw that little plug in there. But really like that's the only way, so you get SIM swapped, if you're Bitcoin sitting in cold storage, okay, fine.
The rest of your life may still get turned upside down, but at least you've got, yeah, and you're going to be dealing with that for a while, but at least you've got that. So, I mean, at least that is the nice thing about Bitcoin. There are ways that you can take that offline so that that hardware signing device is the only way that you have to move that around, and at least you're protected there.
But if you've got Bitcoin that's on an exchange, and especially if people are targeting you for this, that's the first thing that they're going to do. And to strip that off, oh, you need to authenticate before you can transfer the funds out because we don't recognize this device or whatever. And then they've got all the means to authenticate that they are in fact you, and then you're screwed. Because once that's sent out, it's like, it's kind of the whole point.
You're, you know, it's not going back. Every day as it rises, you have to sit there and you do the math in your head and you're like, you know, when I got ripped off, it wasn't that big of a deal, but you know what? I sure would be nice to have that, you know, six figures now. You know, for what, for a second.
So that's the painful part for people that have been victims is, you know, at one point, you know, and Bitcoin was, you know, even when it was just, you know, $3,000 of somebody owned, you know, 10 Bitcoin that's gone, they have to do that math today. Be like, yeah, it would have been 600,000. And that's the hard part about being a victim.
Yeah. And you know, I do want to ask you, because you know, you walked through a bit just how you had a funny, separate your customers from the rest of the vulnerabilities, right? But obviously then, okay, you've removed a bunch of points of failure, but one could make the argument that now perhaps aren't you creating a single point of failure? What happens if somebody, because obviously there are still just humans that work at Afani, good humans I would imagine, but you never know with people.
So, you know, without, I guess, giving away the goods entirely, because I'm sure some of this stuff you guys keep under wraps, but can you tell us just at a higher level or a surface level, kind of what's the methodology for you guys to making sure that, okay, we're now entrusted with these people's information, how do we make sure we don't fall victim to the same social engineering, the same bribery, the same points of failure that exist in that wider industry? Yeah, great question.
And so some people will say like, oh, you guys have great technology. And you know, and I kind of explain it the opposite way, which is what we've done is we've stripped out the tab. Like there's no free Hulu, there's no free Disney, there's no free Netflix. You know, that's data stealing, you know, allows third parties to profile you and get information from you. And so we don't sell data as well, though. And then also we don't collect data.
So we're not collecting call records, we're not collecting SMS records. And the only thing that we do collect is payment information. And then separately is we collect the verification information. And then also internally, even for our own employees. So even in my position, if you be, let's say you were a customer and three months from now you called me up and said, hey Mark, can you tell me how much data I've used this month? I can't access that. And so it's a need to know basis.
And so even our customer support, tier one, tier two, so it's tier one, tier three, our tier one support doesn't have access into a customer data. And so they can only do a certain level of verification and limited to granting you things and not being able to do any kind of risky transaction. And the riskiest transaction is the port out. And so that's in a sense where like all our focus is is when somebody says like, I got our new phone or I want to port out.
That's where we're laser focused on that and making sure that that can't be done without multiple humans involved. And so for the risky transactions, it takes two different humans. And I don't want to say who they are, but it's limited to that. So I couldn't even, you could beg me, you could bribe me, you could pay me a million dollars to port here, trying to port your number out. And I have zero access to look at your account.
And in our tier ones also don't have any access to look at people's account either. But the fact that we don't collect data and that we're separating out information from people into two different encrypted, siloed databases as well.
So you can never say never, like, is it possible that somebody just flips out for some reason, but the way that we built it and designed it, like it would be even difficult, even if a few handful of people, if one of them decided that they were going to try and do something, I just, the way we got it designed, I can't see it happening.
I appreciate the acknowledgement that it's like never say never, because obviously, you know, nothing is going to be, it's an inherently, I guess, vulnerable system. And you guys have done what you can to make it less vulnerable than certainly the run-of-the-mill carrier does, which is great. I am curious about one thing you said, because you said you guys aren't, you're not like storing extra data, you're not storing, I think you mentioned even like message traffic and things like that.
Does that mean, because, okay, if I'm thinking of like three letter agencies, the various intelligence agencies, we all know, perhaps not the details, but we know that to an extent, they have various backdoors, either at hardware, OS level, or certainly more like walking in the front door with most carriers. So how does that work with you guys?
I mean, is it like if they come to you with a FISA warrant, you know, or a warrant that basically you are required legally to comply, then you have to, but otherwise they, do they have less visibility actually into at least the personal details of your users than somebody, if I'm just using a traditional carrier? Yeah, it's a great question. I get asked that all the time by certain people.
So there's this law called the Khali'a law, and it requires all the telecom operators to collect information. So all the carriers are collecting call records and SMS directors, not the content of it. At least they're not legally allowed to collect it, but they're required to collect call records. So, but we're not. So in the example that you're talking about, like if somebody came to us with a FISA warrant and said, like, okay, tell me everything on this mobile number, it happens to be mine.
And they'd got a warrant for it and be like, okay, great. Well, here's my payment information, here's my verification. And there would be no other information. But in theory, they would just go to the carrier. And the carrier would deliver them information and just wouldn't have your name attached, your information attached to it. But then they could, in theory, just say, like, okay, well, this is what it is. And so, best case, there'd be plausible deniability.
But yeah, Fani's not meant to try and get around the law or the skirt like the intelligence agencies. It's like the most regulated industry. At least one of them. And so, it would make it more difficult for them. They would have to take extra steps to get information. But we would have to comply. We haven't had a job. We haven't had anybody come. Yeah, not trying to put you in a weird position in there, just was honestly curious because of the structure. I get asked that all the time.
Yeah, and for any three letter agencies listening, I'm in no way trying to skirt any of your surveillance. I'm a very compliant person and do everything that Gleason told. I'd be more worried if I said, like, oh yeah, we wouldn't comply. Right. Because there's companies out there where they're anonymous. You can buy like data sends, for example, to travel all over the world, like via crypto. And they don't take any of your information. Or you can buy a phone line from them.
Problem is, is that if you use that phone line for verification of like your crypto or anything proprietary, and they're not following or they're going to ignore federal laws, then they could actually be shut down, like out of the blue. And so, you wouldn't want to be in that situation either, where all of a sudden, like, your mobile account doesn't work because they weren't following the laws. And is then who you call. Right. Quite literally who do you call. So, yeah.
A lot of these crypto companies, especially like they don't have customer support. And that's one of these, like when I talk to victims, they tell me how they got ripped off. And it's like, oh, I got this message and it was from Coinbase. So I called Coinbase and they answered the phone. I know immediately. You weren't talking to Coinbase. No. Good luck getting somebody on the phone there. Like that should be your first red flag.
It's like saying, yeah, you got somebody on the phone at Google, like it's not happening. Yeah, I talked to one person. This is just a couple months back. Somebody, what they did was they initiated a wire transfer into the bank account of what the owner grant. And then they notify him and pretended to be Coinbase. And they said, hey, it looks like $100,000 of crypto is being removed from your Coinbase account and sent to your bank account. So please check on that.
So the guy calls his bank account and shows a pending inbound wire transfer. And I'm sure they then canceled the inbound wire transfer. So he calls back and they answer. And that's when I knew, like, okay, you're in trouble. And he's like, what can I do? They're like, oh, we've got this other Coinbase wallet. So set it up on the Coinbase wallet and transfer your crypto over there. It'll be protected. And so he sends me the URL and it's set up.
It looks just like, it just looks like it's Coinbase. So of course, but of course it's like Coinbase. Something.com. And so the guy voluntarily transferred $100,000 of crypto into the wallet that was probably, you know, out of South Africa or somewhere that wasn't KF, KYC. And they got to voluntarily do it. It doesn't have to be, you know, really even a half. They can social engineer you as the end user and trick you out of your account.
So yeah, people need to be aware of all these different different tricks. And it's painful to hear these kind of stories. I'm sure you hear them literally all the time, but it's like every time you hear it, there's just that, like there's a certain point in the story where you just go, oh, I know which way this, I know which way it's going. I was talking to another cybersecurity company earlier today and they were talking about how these people call in and they're live. Nothing to do with money.
It's just start getting digitally hacked. And I told them, like, yeah, I have like probably one person crying on the phone to me each month. It has nothing to do with crypto or money. It's literally somebody's hacking into their phone or mobile account or wifi. And it can be just really, I don't know if people are bored or, you know, there's a lot of tools out there to easily hack into like your wifi account.
And it just, people are making software, they're making hardware tools and it's like, you live in an apartment. That's why my first question is when somebody says, like, oh, I'm getting hacked like seven different ways. Like, oh, do you live in an apartment building or condo building? You know, because it could be somebody that is above you, below you, next to you, you know, that are using these tools to be able to hack into your wifi or your mobile.
Yeah. No, I'm curious, and maybe I want to be conscious of your time here, but one thing that I think would be helpful for folks is I appreciate the breakdown on SIM swaps and I hope people really do pay attention to this and to check out Afani as well. I'm happy to be partnered with you guys, because again, I think this is something that's really necessary for people to at least be aware of.
But outside of kind of, okay, so let's say somebody does make the switch over to Afani, outside of just SIM swap protection, I mean, you've got a lot of experience in this field. In general, you've seen a lot of these scams go down or these hacks go down. Do you have just some more, like kind of general advice for people in terms of, similar to what you mentioned earlier about, you know, don't use your go-to daily driver email for your iCloud or for, you know, your Google account.
Like, are there any other tips like that that you can share just that you think are kind of, like, bedrock best security practices to at least try and reduce that potential attack surface? Yeah, so I use several emails, for example. And so, you know, one for bank, one for, you know, proprietary stuff, and then I use one throw away that if I'm gonna register on a website, I don't do anything other than, you know, register, so you separate that out. You know, I use a VPN 100% of the time.
And a lot of YouTubers will say that, oh, you don't need a VPN anymore, or, you know, they're all just traffic-saccripted, but the problem is, is that, like, your DNS queries aren't encrypted. So, like, when you wanna go to bankofamerica.com, what's happening is your phone or your browser is sending a request to the DNS server to say, like, I wanna go to bankofamerica.com, and that DNS cloud server then sends back an IP address. And that's how your browser knows where to go.
And that's what exploded the internet, because you don't have to remember with 197.42, that it's like, okay, it's just, you know, Bank of America, but what they can do is hijack that, and return an IP address that takes you to Bank of America, and then you put your login information, and you're like, how come it's not logging in? And now, and then they're over, like, logging in your bank.
And so, when you have a good VPN, it'll have its own private DNS, and the encryption is protecting those DNS, sorry. And then, of course, just, like, be wary of what people, what you're clicking on, because there's websites that are hosted outside the US, for example, where, let's say I look up your address, and I see a restaurant three miles from you, and I get the website linked to that.
I take that website URL, and I put it in one of these databases, and say, give me a tracking link, and it gives me a link. So now I send that to you, and say, hey, you should check out this restaurant. So you click on it, and it goes to the restaurant. And you're like, oh, thanks for the advice, I'll check it out. Not realizing that that link now just set you up for tracking, and from now on, wherever you drive, I can watch you on my phone.
And they can hide these tracking pixels in an image, too. So if somebody sends you some random image, you don't know who they are, don't even open up the image, because it can have a tracking pixel in there. These SMS messages you get, they're like, UPS package waiting for you. Click here, or we're gonna send it back. Those can execute code, but do things like grab off your phone, what's your device ID, MC number, what carrier do you use, and what phone model.
And so now when somebody calls in your name, and says, my name is Mark, and I lost an iPhone 12 Pro, and this is the device ID and the MC number, and I'm calling the right carrier, they're gonna already be convinced it's me. And then they'll say, like, oh, what's your pin? Like, oh, my phone got stolen, it's on the phone. So they're like, oh, no problem, Mark, we'll verify you another way. Well, I've already done the research and had your address, if others made a name, and all of that.
And so a lot of it comes down to just being really careful about what you click on and what you don't, and who you give your information of. And so I'm a victim, so I live on the paranoid side, and I wouldn't expect very many people to follow what I do. So I've actually gotten multiple phones, and I use one for social media that I don't even have connected to a cellular network. I have one for a FONI that lives, it's in its own little bubble, its own VPN, I don't share it with anything else.
At a FONI, we have our own security protocols for all the devices. And then I have one that I use for banking and crypto, and I separate it out. But I don't think people have to go that far, they just really have to invest in AV, VPN, separate things out as much as they can. Just so if you do get hacked, you're only gonna get part of it.
Yeah, I think I appreciate all the advice there, because again, I think sometimes you throw some of these horror stories at people, and then it's like, you go into a little bit of a panic, like, oh, shit, I'm probably vulnerable, what do I do?
And so I think there's some really, really good tips in there, and I had done some reading about the embedded tracking pixels within photos too, and when I read that, I was just like, it was a decent amount of time ago, I think now that, I mean, in the tech world, but that kind of became public.
When I read that, it was just made me second guess absolutely anything I was getting that had any sort of image, because it's like, oh, that's not even gonna come close to getting opened, like, that's going. I did a video on our on our fun YouTube channel talking about the dangers of people sending you these links and digital tracking and how to prevent it, and actually Google gave me a strike port to that video down.
And it's like, all these videos about how to do it, how to track somebody, and I couldn't understand that. And so I did a video on my KB Wear this, and these are the kind of tools being used to track you and here's how to prevent it. And I got a strike on it and they took it and they took it down. Seriously? So yeah, I know I appealed and they rejected it.
And that's kind of odd, like, I mean, there's so many videos about how to hack somebody, how to track them, how to find your location, how, you know, do this or that. But yeah, they show us made it. They take that video down. I mean, that is very strange to me. And I mean, perhaps it was more so they were worried that if people got too much information about how to not be digitally tracked that a lot of their advertising might be a little bit moot. Yeah, I don't know. That's weird.
I mean, Google is tracking everybody. I mean, if you Google a restaurant and you see the little make the little bar chart there that shows, you don't have to guess anymore. Like what's the best night you go to a bar? You can Google the bar and a lot of times you'll see the, you can search out by day, when's the busiest hour? 10 p.m., 11 p.m., 11 p.m. Well, and what they're doing is they garden wall off that digitally and they're collecting data from people's homes.
And that's how they get that data to show. That's how they know how many people were at this restaurant last Thursday, you know, because they're tracking that information. And so it's kind of crazy to think. I mean, it's helpful. I mean, I don't really go up to bars anymore, but 10 years ago that would have been a really helpful tool for me to, to know like one day, what time every time was to go to go somewhere.
One other related question for you just because that's kind of made me think of this, because there are so many ways that people can snoop information when you are physically close to them. I like you can, you can download any number of programs and be able to go and extract MAC addresses from anybody nearby you like pretty, pretty easily. Do you have any tips for in-person security? We've got the Bitcoin conference coming up in Nashville.
You know, it's about as big of a honeypot as you could have. Any tips for folks just to be on the lookout for or to extra precautions they can take? Yeah, I guess. So that's a really, it's a really good question. I guess we could probably have an hour-long call.
Yeah. To give you an example, like if I was a nefarious person and I wanted to go to a Bitcoin conference like the one in Miami, you know, I would probably, the easiest way to gather information from somebody would be to take a cell tower suit, like an NZ catcher with, and just carry it to backpack because they're about the size of a iPad mini with a couple antennas on it. And then you just walk around the conference with that and it can collect NZ numbers of all the different from.
And what that NZ number will tell you is what country their mobile service is from, what carrier they're using in that country. So you'd be able to see if somebody's was, had a mobile phone that was, they're from Australia, they're using Telstra, and then there's the rest of it identifies them specifically. And so imagine you walk around and you get a list of a thousand of those people and then they got a buddy at a carrier.
So if I had a buddy at different carriers, like I just, let's say I wanted to pick on everybody at T-Mobile and I had a buddy that worked there and then I could, but I wouldn't need to know your mobile number, I wouldn't need to know anything about you. If I just got that NZ number information and I could go back for a reverse engineer that. And so I would know, okay, all these people are crypto people or they're Bitcoin people.
And so that would be one way to try and gather information on the pool. So, just be aware that they could backtrack it. Now, if you're using a Fani, then they wouldn't be able to backtrack the NZ number, do any of your information because it wouldn't be there. Does even a VPN not protect that number? Cause you're bouncing, cause it's a cell tower spoofer. It would not protect that phone number.
So there's certain things about the protocols used by your phone and the cell tower center, the cell towers, which are not encrypted. And so, you know, somebody who's really sophisticated, like they would go in like the big conference, like the ballroom at the Bitcoin conference when there's like 3000 people sitting in there. And you'd flip on a cell jammer, which puts all the phones to sleep.
So all the cell phones, say battery, have this feature or when there's no activity, you'll just kind of put it to sleep. And but you jam it, it's gonna cause this kind of effect. Then you turn up your nefarious network and unjam it. And then every cell phone wakes up and then says, hello, I'm here. Are there any cell towers? And it's trying to find cell towers and it finds, it picks the strongest signal, which happens to be used in the middle of with an NZ capture.
And the only way that it can make that connection is to say like, here's the information about me, my NZ number. And that's how it knows to connect to like 18D or the team all over the horizon. And so these are kind of the nefarious ways. And what NZ captures are, they're do-it-yourself home aid stingrays. So the US intelligence uses stingrays. And every government around the world uses stingrays. And so a lot of airports might have them. You go to like UAE, for example, I'm sure.
Now that I've talked to intelligence, so they've told me that for a lot of these countries, as soon as you land, you're being monitored like that. But these NZ captures, somebody put directions online. It's kind of like, this is an educational video. And here's how to build a crock-pot phone, but it's illegal to do it, sort of up to it. So they've done that with NZ capture. And so now you can, it tells you where to order the parts and software.
And so I had an MSP that a man service provider that we partnered with that said they had a couple of them and they built their own, and the last one they built cost $350. And so I said, okay, but that would make a great story. Can you give me an example? And he's like, oh yeah, last week we got hired by a hotel out of Atlanta, one of the big chains. And they wanted to see how vulnerable their network was. So they went into the lobby and they did a Deniala service.
What they did is they used the NZ catcher in Wi-Fi for this instance. Because if you do it for cellular, get caught, you can go to jail. So they did it for Wi-Fi. They did a DDoS attack on their guest Wi-Fi network. But they had already set up a duplicate name. So it was like hotel gas, Wi-Fi. So they set up a Wi-Fi network, the exact same name.
So they took that on the guest Wi-Fi network of the hotel and then everybody's device that was set on auto connect, reconnected to their nefarious Wi-Fi network, which was not connected to the internet. And so they immediately shut it off and then let the guest network come back up. So they showed literally in 90 seconds how they could take over the entire guest network.
And most people, that's another thing people should do is go look at your phone, see how your phone's Wi-Fi setting is, is set to auto join. And you should really only auto join like your own home network. But if it's like auto join, like let's say you went into a coffee shop and you logged in and you have auto join, next time you go into that coffee shop, it's gonna automatically join. So you can set up Wi-Fi routers as in the guest.
And so you can flash them with software, but then just don't put a password on it. So anybody that walks by it, their cell phone will auto join it and all it takes is a second or two and they can gather a couple bits of information about you and then Ryan and use that to attack them later on. It's another good piece of- You can do air pods, you can be tracked by your air pod. Right. Right. Yeah, there's a lot of different things you can be tracked by.
And short of, you know, bringing a mobile small EMP with you and detonating it in every room you walk into, it may be difficult to avoid some of that, but it's so- I mean, you can make a living at this point. Like you can't make, you know, a W2 income without having a- You know, I mean, certainly if you're already, you know, super rich, you can golf grid it, but yeah, I mean, it's hard to make any money anymore without having a regular cell phone.
So you may as well protect yourself, at least as much as you can. Well, Mark, I really appreciate your time here. This was quite enlightening and for anybody who is interested in listening to this, you can go to affani.com slash Walker because I've just partnered with these guys because I like what they're doing and as terrifying as a lot of this stuff is, it's good to know that there are companies out there who are offering some protection, but I really appreciate your time here.
Any last tips, tricks, words of advice besides maybe just be vigilant out there? Yeah, well, I would like to say that yeah, please do use that URL you talked about, the affani.com slash Walker. So what we've done is we actually added a promo code there. And so you want to, if you're interested in affani, then go to that page because you're gonna get a good deal. You're gonna get a discount off.
And we really appreciate people like you who are trying to educate people, not only on Bitcoin, because we're big crypto people, but we're data privacy advocates. Our CEO has spoken in front of Congress a couple times and he's part of a group that tries to fight for all of our rights. And so we appreciate people like you that are out there, they're trying to educate people not only on how to make money, but also how to secure themselves with cold storage wallets and other methods.
And it's very key for all of us to make the crypto, to make it successful, we all have to figure out a way to also make it secure. So if you're listening also, get your Bitcoin off the exchange and into cold storage. So you can at least have that little bit of peace of mind. Once you're done with that, go check out Affani. And see if you like what you see. But Mark, thanks so much for your time. This was quite illuminating.
And I'm not gonna have to go dig into that most recent Snowflake AT&T hack, because I hadn't even heard, I'd heard about the one a few months ago, I hadn't heard about this new one. So yeah, gonna have to see what the news is saying about that. Yeah, definitely. You probably do 10 minute clip just on that. Yeah, yeah, it's gonna be interesting. It's a wild digital frontier that we live in, but at least we've got some tools to keep ourselves safe. So thanks so much for your time, Mark.
Really appreciate it. Absolutely. Thank you. And that's a wrap on this Bitcoin Talk episode of The Bitcoin Podcast. If you are a Bitcoin only company interested in sponsoring another fucking Bitcoin podcast, head to bitcoinpodcast.net slash sponsor. If you are enjoying The Bitcoin Podcast, consider giving this show a five star review wherever you listen or sharing the show with your network.
Cut. If you're enjoying The Bitcoin Podcast, consider giving the show a five star review wherever you listen or sharing the show with your friends, family and strangers on the internet. Or don't, Bitcoin doesn't care, but I always appreciate it. You can find me on Noster by going to primal.net slash Walker. If you wanna follow The Bitcoin Podcast on Twitter, go to at Titcoin Podcast and at Walker America.
You can also find the video version of this podcast at youtube.com slash at Walker America and at Walker America on Rumble. Or just go to bitcoinpodcast.net slash podcast and find links everywhere. Coin is scarce. There will only ever be 21 million, but Bitcoin podcasts are abundant. So thank you for spending your scarce time to listen to another fucking Bitcoin podcast. Until next time, stay free.