It's.

Hey, everybody. It's Thanksgiving 2023. We're releasing our Thanksgiving special. We were actually going to break this up into several portions because the episode is that good, but me and the team decided to release it and give it to you all in one shebang because we know there are a lot of you out there who are spending this day alone. So we want to give you something to enjoy it with. My next guest, man, what a fascinating gentleman. The hacker community, it is a community that I am very unfamiliar with but am becoming more and more familiar with with each interview that has to do with this stuff. And I'm not going to stop. I've said it multiple times. I believe that the warfare in the world is changing. I think that conventional military is becoming obsolete in a hurry. And gentlemen like this, with the knowledge that this man possesses is what it's all going to come down to. I'm just so thankful that I got the opportunity to meet this guy. He has the country's best interest. He always has. In fact, he tried to get the country's attention by exposing vulnerabilities when he was just a kid, 1617 years old.

Nobody took him seriously until he successfully hacked into NASA and defaced their homepage on the website, which then they sent strike teams to come find them. That got their attention and then they fixed the problem. Ladies and gentlemen, I hope you have a wonderful Thanksgiving. I'm thankful for my team, my family, my country and all of you. Please head over to Apple podcasts and spotify. Leave us a review like comment and subscribe to the channel. And without further ado, please welcome Mr. Bryce Case Jr. One of the premier, top hackers in the entire world, to the Sean Ryan Show. Happy Thanksgiving, everybody. Much love. One last thing. We see a lot of you taking our content, making reels, putting them on your channels. We love it. There's a link below. It's got thousands of reels, raw, uncut. Download them for free. Put them on your channel, monetize them, make money. All we ask is tag the Sean Ryan show. Happy Thanksgiving. We love you. Enjoy the show. Bryce case, Jr. Welcome to the Sean Ryan Show, man.

Pleasure is mine.

It's an honor to have you here.

It's an honor to be here. I'm sitting in a chair that has been graced by so many luminaries. I feel a little under honored. I don't know. There's so many heroes that have been here. I just feel out of place.

Oh, man. Please don't look. Everybody that sits there thinks the same thing, okay? So you very much deserve to be sitting in that chair, but I appreciate the thank you, but so you kind of came on my radar. I interviewed your buddy, your friend Ryan Montgomery, who's now a good friend of mine. I love that guy.

Great.

I mean, just a huge heart and doing a lot of good in the world, but he described you as his mentor when he was coming up. And so I was like, oh man, I got to meet this guy. And so we got connected, and here you are. This subject, hacking in general is just so foreign to me, and I'm super interested in it. So we got a lot to talk about.

Sounds good.

But man, how did you get into this?

Well, when I was young, I had a computer in my house, and it wasn't entirely common. I'm 41 now, and so when I was a kid now kids have everything. They got tablets, phones, whatever else. But yeah, my father worked in the defense industry. He worked at Hughes Aircraft Company. And then Martin Marietta became Lockheed Martin. But he was more on the hardware side. He did a lot of stuff with rockets. He designed the guidance system for the Tow missile, which is out of the Bradley tanks. And then he moved on to the Titan and Atlas rockets, which carried spaceship up there, the satellites and stuff. But he obviously had access to computers at a time when it probably wasn't as common for people to have computers in their home. And so I just fell in love with the computer from a very young age. My mom was a stay at home mom, and she was big into interacting with me and kind of keeping me precocious and whatnot. And so I learned how to read when I was two. And then by four, I was already just infatuated with how computers worked and programming them and stuff.

So there used to be these books and magazines that would have basic programs that you would transcribe line by line into these computers. And so if you wanted to run games or applications or something, they would have just a printout of all of the lines of code that you would need to enter. And so it was kind of like a learning by doing type thing, like you're mimicking and you're kind of seeing how these things work and interoperate. And so started out obviously changing the names in the game to myself or whatever else, fun stuff I wanted. If I wanted more ammunition for my spaceship, then I knew how to change those things. So, yeah, just really curious about computers.

From so it all started with coding for games, trying to get the cheat codes.

That's it.

Right on, man. Yeah, that's where my hacking career started. It was very short lived. But before we get too in the weeds because I want to cover your whole life story, okay? So I want to cover where you grew up, how you grew up, what it was like, what you were into, getting into your hacking career. I know you did some black hat stuff, and hopefully we can talk about some of that. Then you defaced some government websites, which I think is incredible, and especially the way you did it. And so I want to get into all that, but let me give you a quick intro real quick before we get into your life story. So bryce Case Jr. Also known as Whitey cracker. Whitey Cracker, which we'll get into that. Is that a call sign?

It comes from a cyberpunk novel, but it's sort of a in joke amongst computer professionals. It means whitey cracker obviously means something to, I think, most people, but people that are in the know YT comes from a book called Snow Crash, which is this seminal cyberpunk novel. And there was a character called Yours Truly who went by YT in that and she was a courier, which is and I had a pretty storied career in spamming. And then cracker used to be the term for a black hat, basically. Hackers were always kind of known as the curious computer technicians and stuff. Like you're trying to just find out how a system works, so it's more about the curiosity thing. And then the media even in the, started to take the hacker word and change it into this nefarious, malicious connotation. And I think recently hacker has kind of become more back to where its roots like, you'll hear about things like hackathons, which are just where they'll set up a bunch of coders in a room for 48 hours and have them just write code. And so it's kind of become a little bit less pointed than the term used to be.

But cracker in the hacker jargon file and stuff, used to be a malicious person who's cracking into systems.

Oh, okay. Do all hackers have a call sign or code name?

Yeah, generally we know each other, we're calling store for nickname. But for a long period of time on the internet before Facebook and everything, when it was cool to put your real name online, everybody existed with handles. And there's people even to this day, I feel more comfortable calling them by their handle than their real name. But it's a very common trope, I think now with gaming as popular as it is, people's gamer tags is very similar that people refer to each other as what they play Call of Duty under. But all that stuff kind of stemmed from the hacker.

I mean, this is kind of how it is at CIA. You know, somebody's call sign, but you don't know their real name. Power know, there's like a joke when a guy there's a lot of drama within that agency.

Oh, I imagine.

And it's funny, you'll see like a guy that hooks up with a girl in there and they always fall in love and then it's like, come on, man, you don't even know a real name. It's basically the same conversation as you have when your buddy falls in love with somebody at the strip club.

I understand.

It's like you don't even know their real name.

Yeah, come on, three in the morning. What are you doing?

You just know the call sign. But let me finish your intro. So the original digital gangster cybersecurity hacker. The forefather of nerdcore, which is a hip hop genre, first generation anonymous hacker group hacked into multiple international government and corporate networks. You're a published mathematician now. You develop cyber weapons to me. After our dinner conversation last night, I talked to Ryan Montgomery, obviously, because he's the only other hacker that I know. Now. I know, too. Yeah, perfect. But you seem to be like the Obi Wan Kenobi of the hacking community, which you probably don't.

I don't appreciate that.

Yeah, but to me, that's the way you but anyways, everybody starts off with a gift that comes on the show. So here it is. I know you've watched a bunch of these. We take mental health very seriously on this show.

Beautiful.

Those are performance mushroom. It's a performance mushroom blend. You can dump that into your coffee.

Beautiful.

It's layered, superfood. So we partnered with them because we're so into mental health and brain health. And part of mental health is keeping your brain sharp, and that will do it very important. And then there's some other stuff in there. Sounds like you like flavored coffee so that's a coconut creamer can go with it for fall. And there's another one in there that's an instant late. It's got all kinds of adaptogens in it. Basically all the products there have the cleanest they just have the cleanest ingredients known to man.

Sounds good.

It's good for brain health.

Well, my brain is probably my most important instrument, so I'm 110% on board with that.

I think we can all say that. At least, I hope.

Thank you very much.

Yeah, you're welcome. But let's just dig into it. So I want to dig into your childhood, and we covered a little bit of it, how you got into hacking. But where did you grow up?

I was born in California because, again, my dad worked in the defense industry. He absolutely hated California, and he was born in Colorado Springs and my grandparents were there. So pretty much the two years that we lived in California, when I was a kid, he did nothing but try to get back to Colorado. And so then when I was two, we moved to Denver, which was closer to the facility that he worked at, at Martin Marietta, and then two years later in Colorado Springs. And that's pretty much where I spent most of my life, was there. And Carl Springs had a lot of military I'm still does to this day. There's. Shrever Peterson, NORAD Fort Carson, the Force Academy. Lots of kind of military influence there. Funnily enough, in computer hacking, like, War Games had come out, I think, the Year I was born, which is a movie about a kid who's breaking into government systems, and there's a huge focal point of NORAD. And as a result of that, I think there were these weird laws that existed, like kind of anti hacking laws that were in Colorado, that area specifically in Colorado Springs.

That just pertained, I think, to because of that movie. I'm assuming it's probably where a lot of this comes from. Back then, phones used to be how you would connect to you would just dial them up with a modem, and there's a concept called war dialing, which is where you would just take a prefix and an area code and then try to dial systems and you'd see if you get a carrier tone on the other end. That was a computer, but that was illegal in Colorado Springs. It wasn't illegal most other places, but for some reason they made it illegal there. So grew up in this kind of where the environment, I guess, wasn't necessarily too friendly, I think, to that type of exploration, which is something that I think some kids growing up in different areas had different experiences. But yeah, again, I just really loved computers. I used to just sit in the computer lab. I was pretty good student early on in all the gifted whatever programs, but just, like, finish my work and I would just go to the computer lab and, like, writing software on Apple II Basic.

I mean, how old are you?

Oh, school age. Like elementary school, probably.

Let's rewind. Yeah, let's rewind. Two years old. You've claimed to know how to read at age two years old.

I didn't believe it myself. My mom has cassette tapes and pictures and everything like that, so I mean, she was very documentarian, obviously. I think most mothers are at that age type thing, but yeah, learn how to read.

What were you reading it to?

Oh, just basic stuff. Not know. Cat in the hat level. Bryce eats watermelon. Bryce Pets. Just very simplistic. Not like Tolstoy or Shakespeare or anything.

Yeah, but still two years old.

I know. I wish I was still that smart. It'd be great. But yeah, I don't know. There's just some sort of whatever.

I well, hold on. Yeah, hold on. I have that you learned to read at age two.

Yes.

And that you learned to program at age four.

That's correct. Yeah.

So are you one of these geniuses that we read about?

To be honest, I wouldn't go that far. I don't think it's so weird. Obviously, it's something that you can't call yourself or something. I don't see it that way. But a lot of it is because I'm exposed to hyper, just insanely intelligent people at all times, and I see the way their mind works in some senses. I've heard the feedback that I'm a genius and stuff, but it's not something I think I really I think the.

Taller it's not something you can run around and call yourself.

Yeah. And it's not humble or anything. I just believe that it's weird if you think about just this mountain of skill. And the people on the bottom of the mountain are looking up the mountain and they see just this pantheon of human beings or whatever that's engaging in all this intelligent behavior. But it seems like the higher up the mountain that you go, the mountain gets taller. There's people that I think some would consider we're in the same realm of skill set or whatever, and they are know, it's like LeBron James in the, like everyone's in the NBA and they're all amazing. But there's just some people that Wayne Gretzky hockey. There's people that are just so far like even at this very elite level. And I think those are the people that I consider geniuses. So it's not a term that I really throw around very lightly, but I stand in deference to all these I stand on the shoulders of giants as well. A lot of where I came from and the knowledge that I have if it wasn't there for me to learn and kind of build on top of. I mean, I'm sure most people feel the same way, but yeah.

It's not something I'm very comfortable.

I'm not trying to make you uncomfortable by any means, but I found look, I'm extremely green in the space. Obviously. I don't even know a lot of the terminology that you're throwing at me in the EDC pocket dump that you did. But when I talked to Ryan Montgomery, who is the only other hacker that I know at this point, and I consider him to be extremely intelligent, very talented, and a very intelligent human being. And when he is sitting here because I talked to him about you before you came, obviously, because I wanted to learn a little bit more. And when a guy like that, when a man like that tells me, yeah, this was my mean, that resonates. And then even during your EDC pocket dump, when you're talking about the forum that you had created, which we'll dig what these guys mean, I don't know what they're learning from you yet. We're going to find that out. But when you have guys that are inventing that cable that you showed me that looks identical to literally identical to an iPhone, just hold it up identical to an iPhone cable and basically enables you to manipulate and access anything that that's plugged into.

And the NSA is selling it for $20,000 a pop. I mean, that's impressive. And then you got the guy who came from your forum that invented that phone, which we'll talk about later, which sounds like it's about as hacker proof as you can possibly get. I mean, this is people that have started learning off of your.

Mean.

How does that even feel when somebody puts that into perspective for you? Have you ever even thought about that? At Grand Canyon University, they believe that the military, men and women are the unique among the uncommon. You fought for our freedom, your bravery and leadership are celebrated by all Americans. GCU matches your commitment to excellence with our counselors specializing in military benefits and over 260 flexible degree programs online. As of March 2023, GCU makes higher education possible for our nation's protectors and their families. To pursue your next journey, GCU salutes you. God bless America. Find your purpose at Grand Canyon University. Private, Christian and affordable. Visit gcu.edu military. Hey, everybody. I want to talk to you about two products from First Form. One is optigreen's 50. The other is Optoreds 50. We all know how life can get very busy hectic. It turns into a lot of stress. Next thing you know, a whole month has gone by and you don't even realize it because you've just been going so fast. And when you get in these situations or these little sections of life that are like that, what's the first thing that always goes to the wayside your diet?

I'm guilty of it, too. My diet goes to complete when I'm stressed out, when I'm busy, when life gets hectic. And you know, what the first thing to go for my diet? It's always greens. Just how it is. I don't know why. It's just always greens. And so I started trying this new product from First Form, Optigreens 50. These are great. They are processed with low temperature. That way they don't affect the ingredients. There's no synthetic colors, flavors, sweeteners, or preservatives. It's 100% non GMO and gluten free. Here's the cool thing. They come in these little travel packets now, right? So you can keep these in the truck, keep them at work, keep them at home, open one up, dump it into a bottle of water, and there's your daily vegetables, greens, whatever you want to call it, intake, right? Then on top of that, they also have Optoreds 50, which is your daily reds intake. These are also amazing. They actually taste pretty good, too. So if you're looking to get your diet back on track, or at least supplement vegetables and reds and greens when you're busy and you don't have time to cook the way you'd like to, I suggest you try First Form.

Check out Opta Greens and Optoreds 50 from First Form. It can help fill those gaps and give support to your hectic life. Visit firstform.com SRS to get yours today. That's Firstform.com SRS to get yours today and get free shipping on orders over $75. That's Optigreens and reds 50 from first form.

Sometimes it's something I've considered, obviously, but it's kind of like a mama bird in her nest sort of thing. That a lot of the times you'll just find these chunks of coal and then you sort of fuse them into diamonds in some senses. And I think that that's pretty much the duty of anyone that's good in a field or whatever, is to identify talent and then try to make it something that's better than it is. But largely the accomplishments of everybody. I think that has come from something that I've done. They own that. I don't want to take credit for any of the work that they've done, like the work that Ryan's doing and stuff. I do see myself as it's just like a daycare, practically.

It sounds like you are the inspiration for many the muse of these guys that are out there doing just incredible things. You know what I mean? That's cool, man.

It's an honor.

That's a compliment.

I know. Even, like, the tactical training or something that you've done or somebody that wins a shooting competition or something, and they attended a class of yours. How do you feel about that type of thing?

It's cool that I was the one that was able to inspire their career. I understand what you're saying. I'm not giving you credit for what they've accomplished. I'm just saying you are what sparked that inspiration, it sounds like, for a lot of these guys. And that's cool, man.

It's an honor. I said that's very cool.

So back to reading at age two and programming at age four. Reading at age two. Did you just pick it up? Yeah, I think were your parents teaching you?

My mom just very involved parent. She used to have these kind of note card pieces of poster board and stuff that she would draw circles on and then have me recognize how many circles were on the page. So I just had a site, like one to 100, and I got really good at recognizing just the patterns. I knew which ones were which. And so she did a lot of just seminal work on me, I think. And there's some of it it's that nature versus nurture type thing. So I give my mother a lot of credit. I think she just really wanted to inspire some type of greatness in me. And so, I mean, I'm sure she read to me, but there's obviously whatever innate thing you can actually have it to was present in me to want to do those types of things. But there wasn't, obviously the distractions that there are today. There wasn't any YouTube dating myself. It's not exactly the Stone Age, but there wasn't a whole lot of I mean, there was television and stuff, but I wasn't really watching that. It's just kind of hands on and things that I found interesting.

But yeah, then the computer was something that I said, I don't know, I can't describe some people you take to an instrument or start playing the piano type thing. I just really was fascinated that you could make these things do whatever you wanted to do. That was just, I think, a huge reason why I got into programming was just that you can actually make these machines do what you tell them, and if they screw up, it's because you screwed up.

What kind of programming were you doing at age four?

So there's a language called Basic, and it's basic like it sounds. It was developed john Kameni, I think his name was, polish or not Polish sorry, Hungarian. He'd come over kind of like Leo Zillard and John von Neumann and a lot of the scientists. But he had developed this language that it was designed to get people into kind of programming computers. And it had line numbers. There was Pascal and Cobalt and Fortran and C. You may have heard those, but those are for business applications. Whereas Basic was designed more just for people to kind of get into programming. They'd started to do these classes in schools prior to even my being born. But the home computing revolution is kind of where a lot of this stuff came from. So I had a Texas Instruments 99 four A, which is a cartridge loader. You could take a tape drive instead of a disk drive. You could use cassette tapes on it. But the operating system, like what you would consider when you boot the computer up, was just a Basic interpreter. So it allowed you to just enter the code into these machines just right off the bat.

Apple two S were very similar. Those were in pretty much all of the schools. But if you booted the Apple up and just let it go to a prompt, it would just be a Basic interpreter. So that was kind of the lowest, just the most interactive thing you could do with the computer, like right as soon as you booted it up. I had a Timex Sinclair, which is 1 memory. It's kind of little a hobbyist computer that my dad and I had worked on. But it also, like, said the basic thing that you would once you booted the computer up, it was this Basic interpreter, and then you could just kind of input your code and do stuff with it. So, as I said, there was a plethora of books and computers and stuff that came out, computer books that came out that had this code just transcribed in it. And so instead of passing around floppy disks or CDs or anything like that, you would just write the code line by line. So it was a good way to learn what the code kind of did. And that's pretty much the I said entry level for a lot of people.

I think they'll get into programming around then. That was how they learned.

Interesting. What else were you into as a kid, outside of computers?

Baseball cards. Magic. The Gathering. I don't know, just magic itself. Kind of a normal kid, sucked at sports, complete dork. I tried played football, played baseball, but was absolutely horrendous at it. Computers were really just the thing that I gravitated towards mostly in my teens. I got into cars and doing engine swaps and that type of thing.

Yeah, it sounds like you grew up in a great home. Oh, yeah, a family oriented.

My dad, he's from the old school, I think I showed you a picture of him. It was obviously some things in my upbringing that probably wouldn't be too kosher today. I mean, my dad wasn't like a super violent person by any stretch of the imagination, but he got beat a couple of times, that type of thing. My mom too, I think she came from military household as well. So there was a little bit of strictness. But all in all, the intentions of my parents I think were always really good. My dad wasn't around a whole lot just because he was working and traveling and going to rocket launches and stuff. But I said I have my mom there pretty much and she was always really good about growing up. Any types of extracurricular programs I wanted to do, there's these competitions like Odyssey of the Mind. I don't know if you're familiar with.

That, but I was in Odyssey of the Mind.

Oh, hell yeah. All right then. Yeah. So I took State one year, but.

Yeah, just no way. What was your project? Did you do the balsa wood thing there's? The bridge ping pong ball has come out.

Yeah, I'm trying to remember the that's cool, dude.

I did that.

Right on. But yeah, those were just after school type stuff. There was these kind of plays that you had to do and then you had to have certain elements in them and you'd like kind of design machines to go with the play. There was different categories, but yeah, they had the bridge strength ones where they would try to break them. Just any of those types of weird math engineering programs that were extracurricular then.

So you were a super creative type as well?

Probably. I mean, I loved poetry and writing too. That was like a huge thing. I used to just write stories all the time and stuff, but yeah, I just say that I don't know, for whatever reason, computers have just always been this thematic thread. Luckily they're everywhere now.

This is interesting because it sounds like things went kind of array maybe as a teenager.

Yeah.

For somebody who Odyssey of the Mind was for creativity. It was for extremely creative kids. And the other stuff that you're talking about, computer programming, learning to read it too, poetry writing to dropping out of high school. Sounds like maybe there was some car theft.

Yeah.

Stabbed in the neck.

That's true.

What happened? What happened here?

Well, I think like most teenagers, I got in this rebellious. There's some things I can pinpoint because I wanted to be an astronaut. I think growing up there and everything that was just wanted to be a know in the Air Force, go to the Air Force Academy. My grandfather, my mom's side was in the Air Force and it was right up the road, so I was obviously exposed to it. And then in 6th grade, this dude, Chris Ray told me that you needed 2020 Vision to. Be a pilot. And my vision is not that bad, but at that age, it just destroyed me. I was like, oh, okay, well then I can't I guess I'm not going to be a pilot. So that was a left turn there. In some senses that was a right turn, but a left turn. Then in my teenage years, I was obviously, I think every teenager kind of goes through a rebellious phase. And I said we lived in a pretty modest middle class household. There was no reason to really get into too much trouble. But I don't know if it's the rap music that I would listen to.

Whatever. You just had this identity crisis and pretty much everybody that I hung out with from that era wound up in debt or in jail and I think.

That'S hold on, we got to go back. Okay, so you got into crime?

Yeah.

What age?

Well, probably like 15 is when I was arrested for the first time.

Hold on. What did you get arrested for?

I was spray painting buildings. So yeah, I was in the graffiti. But the thing is there's a simultaneous the computer stuff, like I said, happened in parallel, like the entire time that this is going on. But kind of the crowd that I got involved in was, they said, more traditional crime. I don't know if you know those can safes that you can hold drugs in and stuff. We'd made all these devices to help us shoplift better. So like these lined cans that had PVC pipe in them so you could still pour liquid out of them. If anybody ever came up to you and told you that, hey, what's in the drink? But we exacto knife the top out and have like a foam covering and PVC and then just use it to steal jewelry and stuff from the store. I haven't thought about this.

My gosh.

Yeah. Again, I had no real some people have to steal to eat and feed their family and kind of go out and do those things, but this was just all I've always loved crime for some reason. I don't know why. It's something that also is just inherent in my life. It's the hacking thing. You find out how systems work, find out the things that you can do to exploit them, and then kind of carry on.

So it's a challenge.

Challenge, yeah. Can you do this without getting caught? I never got caught shoplifting.

Walk me through this. So you would take like a soda can?

Yeah, take like a soda can. And then I just cut take the aluminum top part off and then hot glue a PVC pipe to that section of the can and then have a bottom on it. And so I could pour liquid in there but in the can, line the can with foam so it wouldn't clatter or anything. But we used to go to place steel, jewelries, anything like little that could actually fit into a can that was like kind of high dollar item and then the top would fix over it. And so if anyone ever questioned or whatever it looks like a cannon, they have to see me putting it in there. So it's just this kind of spy craft, whatever you can call it at that age. But yeah, it's just these devices to help us shoplift better anyway.

Interesting. Very innovative.

Yeah. Tried to be. Yeah. Necessity is the mother of invention. But in this case, like I said, there was no real necessity. It was all just about what could you get away with.

Necessity was the challenge.

Yeah, I suppose so. That's it.

What did that lead into?

Well, there's another turning point that happened when I was around that age and I had gotten a so I was on what would have been considered like the Internet at that time. It wasn't like anything super crazy. But I was working with these people on Internet Relay Chat, and there was a company called Network Associates in the Bay Area. Like Santa Clara, I think. And they did antivirus software and stuff. But they had seen some of the work that I had done and I was years old, and they had offered me a job. So I went to my parents and I was like, can you emancipate me so I can go out to California and take this job? Because this would have been 98, I guess. And both my parents were like, no, you're too young, too stupid, like all this stuff. Well, that's the thing, is that my parents were the type of people that could say, you could do anything, you could be anything you want. But then the moment moment those opportunities start to come up, it's like, you can't do that, you can't do that, you can't do that. And I was like, how are you going to sit there and tell a kid?

Because she's like, you need to finish school. My mom was huge on that. She didn't want to be the mom of somebody who dropped out of high school because she knew idiots that graduated high school. And so how could you do this and stuff. But in my estimation, I'm like, well, the entire reason that people go to college and graduate high school and go to college is because they're going to get a job at the end of it. So I might as well just skip all that stuff. And I would have been in Silicon Valley, like when kind of the.com boom was sort of percolating. And again, if it didn't work out, I could have always come home and stayed on my parents couch again. But the opportunity had presented itself and yeah, they were all just totally against it. And so that kind of just made me well, and I don't really care anymore. I'm just going to do whatever I'm going to do. So I started getting into the rave scene really hard. The first rave I went to was in 96. I think I was like 14 or 15, might have been 97.

But yeah, that was an entire world that I adored because I loved music and electronic music and stuff and I'd been making it. But obviously that culture. I think Ryan had talked about that in some of his upbringing, but that lends itself to a lot of kind of weird behaviors, especially at that age formative kind of teenage years. I do recommend it for anybody because it's a blast, but at the same time, you got to be able to pull yourself out of it when it comes. But that's where I said I got involved with a lot of drug dealers and drug users and doing a lot of stupid things myself.

What kind of drugs?

Ecstasy, cocaine, meth. I tried heroin, like, once. Snorted it. I'm deathly afraid of needles entering my skin, so I totally missed that boat. Unlike I said Ryan, I think that was his drug. But yeah, the crowd I was involved in, I said, was the way that none of them really had gainful employment or anything at the time. And so trying to find a way to get stuff. And I was the brains of the operation in some senses. So did, like, breaking and entering in businesses. Like what?

Let's get into some specific examples.

Oh, God. There was this stereo shop that was kind of near that was so dumb. There was a stereo shop, it's called Sunshine Audio. I don't even think they're in business anymore. But we had rammed my homeboy's truck through because they had an install bay, like, where they would do all the installs of the stereos and stuff. And we backed my Homie's truck into it and we just took out the garage door and then just ran in. It was like probably six or seven of us and we were able to jack everything that we can get our hands on and get out of there. But then, like I said, just to tell you how dumb the crew I was hanging out with was. Then about two weeks later, the same group of friends, a couple of them were like, let's do it again. And it was just like me and my budy Jason were just like, that's stupid. You don't want to, like, lightning striking twice. They had like a board over where we had kind of wrecked into it last time.

So you guys didn't even get caught.

I didn't get caught that time. I didn't get caught for any of this stuff, which is like very but it's where now if things happen, we used to take the spark plugs, the porcelain off spark plugs and shatter windows and just grab shit out of people's cars. But I said in retrospect, it's where the karma any negative karma I've incurred, I try to spend the rest of my life sort of whitewashing it as much as possible because it wasn't an immediate need to really do any of these things. Like I said, it wasn't like I needed to feed myself or anything. This was just the thrill of the adrenaline rush, I guess, of all this stuff. But, yeah, most of the homies wound up getting caught the second time. I don't know if they'd install a better security system or what had happened, but, yeah, the cops swarmed everybody and said, my budy Jason and I just weren't there that time and we were able to avoid prosecution. Man, I haven't thought about this stuff in a long, long time. That's so crazy. Yeah, it's getting it back. But, yeah, the car thing before Fast and the Furious came out, there was a ton of us that were into this import tuning shit.

There was a few shops in the area, but they were also kind of notorious chop shops and stuff. And so you had friends that you knew that we liked these people and we would never jack their cars and stuff like that. But the Hondas and Acuras around that, that was my focus. I had a 98 GSR that I bought with spam money. I can get into that later, but that was when I was 18. Just a little bit kind of going up. And I had an 89 CRX with a B 16, a front clip from Motorswap from Japan. But car is another engineering fascination, so I loved working on them. But then those motors were just the cream of the crop. So, like other Integras, the GSRs and Type Rs and the that OBD One series, an OBD Zero series, is just really easy to steal. And so we're like stealing cars and.

Then we how would you steal cars?

We'd find them. Just be like cruising around. And again, if it was somebody that we didn't know or didn't care about, then I said the whole, smash the window, get in there, call them out, screwdriver, take off. And then they said, Just take it to one of the shops.

What would you do? Just dismantle it?

Yeah, just dismantle it. Because some of these things you said, just add the good exhaust. Or they had but the motors on those ones were just like, insanely expensive. So they said the heads people would do these Frankenstein swaps with the LSS and the GSR heads. I don't know how much you know about these rice racers. Yeah, it was just this and this is before. Then, like, movies like Gone in 60 Seconds and Fast and the Furious are coming out and we just felt like, Vindicated, this is it what we've been training for. But, yeah, that whole I said a lot of those. I don't know, all those people again, in and out of jail. There was one time I know, even if they were investigating me and they'd gone to my friend and they were asking her about my involvement and she didn't snitch. She was like, he's just a computer nerd. He doesn't really do any of this stuff. And I had the pedigree, obviously, to back that up, but it was just living this kind of weird double life for no reason at all. Like I said, it was just simply, I think, just a teenage angst and whatnot.

Yeah.

It sounds like you had premonitions that you were going to die by your 18th birthday.

Yeah, that's part of it. So I have these dreams and everything, like when I was super young, teen, 1314, that I just was going to die before I turned 18 for some reason. And so I think that did you.

Know how no kind of dreams.

Yeah, it was in a lot of ways it was like car accident shooting, but that was kind of the overarching theme something. I just felt that it was going to happen. I mean, I talked to a lot of my friends about it and stuff, and they were just like, whatever. Obviously it didn't happen. But yeah, a month before my 18th birthday, a bunch of the car nerds, like, we were out in the back of the Best Buy parking lot, and my homeboy had done like a burnout and he left and there was a ton of people there. We're just kind of hanging out. And then these two workers come out from Cub Foods, which is like a supermarket. I don't know if it exists anymore, but they're like, you guys smoking up our we're trying to work, like all this other stuff. And I was talking to my ex wife's sister at the time, and all of a sudden I just see this fracus break out and one of the guys has my buddy in a headlock and he's like, doing this to him. And I didn't even react. I just saw kind of what was going on.

So I left the conversation. I just ran straight up to the dude and I punched him three times and he let go of my friend and then he came after me. And like I said, I didn't know he had a box cutter in his hand. And so he was cutting my buddy up. He had, like, just sliced over. So he was yelling like, he's cutting me. Oh, he's cutting me. And I didn't even react to that. I just reacted because I saw that happen. And then he sliced my arm. And then when I dropped down to hit him, I opened, exposed my neck, and he sliced me twice. There's one big one here and then one little one here, but it was like 3 mm from my carotid artery, so I'm like, bleeding everywhere. My buddy Jason was able to pull the dude, so he kind of suplexed the dude. Not the same Jason that was another Jason, but he got him off me. And then the other dude was off fighting my friend Adrian, and then they took off. I remember just, like, looking at my friend, I was like, Is this bad? And I'm just bleeding all over the place.

And he's like, no, that's no good. So we hopped in this car and we went to the hospital. And I remember passing out on the way to the hospital, but I wound up getting like 18 stitches. And I was like this close. I almost died just to say, had I leaned into it just a little bit more or anything, I would have been a goner. But yeah, that was just one of those, again, just said, you are who you hang out with type thing. And so it was dangerous, but yeah, I survived.

Was that a wake up call for you?

Not at all.

No kidding.

That's the part of the problem, is I think that if anything, it just galvanized my false invincibility at that point. Again, you're a teenager, you think nothing's going to happen to you type thing. It sort of made me spiral even more, in a sense, because there was a period of indestructibility, I think, that I was inheriting, because it's like, man, it couldn't even kill me and my neck is like sliced open stuff.

What was it that finally scared you out of it? Or you grew out of it or what was it?

I would say that my daughter being born was probably the one thing that really because there was a so after that had happened. There was this year that I had spent, and it was like a personal challenge to myself, but I was like, can I deal drugs and support myself just off of dealing drugs for a year? My apartment, my car, like, all this stuff. And this is like even after I'd hacked NASA and stuff, I was just still in this kind of mentality. But that was before my daughter was born. So I was, like, kind of 18 to 19. I worked three months at Gateway Computer, which was a computer company. I was doing tech support for them. I got hired shortly after, stabbed in the neck stuff. And then I worked the floor for three months. But everybody that I met there loved cocaine and meth. I pretty much just got this clientele from the tech support world. And then I had the rave people and stuff. And so I had like a decent rolodex of people that I could trust that weren't necessarily violent or anything, just this was personal challenge. I had all this seed money from spamming the Internet, and then so I used that to parlay it into drug dealing.

But that got it mad annoying because it's like tweakers and stuff. Would call you at like two in the morning. They don't care what you're doing. You drive them like a gram. Then you'd be like, halfway back home and they're calling you and they're like, Can I get another gram? Or whatever and it's like, why don't you just buy them both way there? It's going to be cheaper for you. So that type of stuff, it's not conducive to a very restful lifestyle. So shout out to all the drug dealers out there. I don't know how you do it, I'm very proud of you sticking to it. But again, everything I said, there's a lot of stuff I've done in retrospect, even saying it now, I just sound stupid. But yeah, it's sort of what you're the sum of your experiences type thing. So kind of just engaging in all this type of behavior, I think showed me quite a bit.

So the birth of your daughter, how old were you when she was born?

I was 2020.

Wow, that's young.

Yeah.

So the birth of your daughter is what got you to the realization, hey, this is a dead end road.

There was a little bit of a tapering, yeah, shortly after she was born. I think there was still some kind of remnants of stupidity, but yeah, the realization that you now have this other life that you're responsible for. So I encourage everybody out there who doesn't have kids. To some people, I guess it's like having a baby to save your marriage is always a bad idea, but I'd always wanted to be a father, so it's just one of those things that might as well get it right. So that was probably like a huge turning point. And definitely all that type of behavior.

Going through all of your I'm sure we didn't touch on. There's a lot we didn't touch on. But on a serious note, there's a lot of kids that go down this road. What would your advice to them be?

That part of what's problematic is that, and I think some people have a gift for this, but learning vicariously through other people, and that with me. No one could tell me anything. That's the thing. And that's even somewhat true to this day. If somebody tells me something's impossible, let me take a stab at it first and see if it's impossible. I'm not just going to take people's word for it in a sense. And I think that's part of the problem is you can't really tell anybody. The advice that I would give, again, is that it's a very personal kind of experience. And of course I knew things were wrong. I had mensria. I understand what's good and evil and what's right and wrong and stuff. And I still kind of made the choices to act those ways anyway. But I will say that you can always turn it around. I don't think it's ever too late, even if you've murdered somebody and you're coming out of the other end and you want to make a conscious change. But people have to want to help themselves type thing. And so the biggest thing is for the people that kind of want to get out of that lifestyle or whatever, just know that it's possible.

It just takes discipline and dedication. And again, I also wasn't really forced into that. These are just things that I for whatever reason, found fun, for lack of a better word. I mean it was exhilarating, it had a good component to it that made it very fun, but and interesting and obviously gets the adrenaline pumping. The same thing I said, I probably joined the military and get shot at or something. Would have been a little bit different, but yeah, military couldn't take me anyway though.

Well, I appreciate you sharing that because a lot of kids go down that road and then I think a lot of kids wind up deep into it and then they just continue. It's unfortunate they never pull themselves out.

Plenty of friends that yeah, there's people that still from that era that are in and out of jail to this day and just don't want to get their act together. One of the first businesses that I had, I had a call center, but one of the biggest things I try to do is hire convicts and stuff. Not only do you get some cool associated tax breaks, but it's like I think everybody deserves a second chance. Sometimes a third, sometimes a fourth. You got to just work with people and I see people just kind of go through weird stuff in their life. I would say that the perspective I gained from that. There's a lot that I understand sort of from that end, like why people behave the way they do or what they do. And again, there's people that are forced into it and there's people that are just kind of doing it as a hobby. And so both of those obviously have different reasons and outcomes and stuff, but I have that.

It's also under childhood that you were starting businesses and selling them. When did your kind of entrepreneurial career begin?

So that one of the I think one of the services that was really prevalent to get on the Internet was America Online. It was pretty much the only game in town for a really long time and it made the internet accessible to just normal people. My first exposure to the Internet was through my father had what's called a Slip account serial line Internet protocol. It was an account through work and there wasn't really a World Wide web or anything to that nature yet. It was all like Archie and Gopher and FTP and these antiquated protocols that people rarely even use anymore. But AOL was this kind of gateway for people. CompuServe, Prodigy, there was a few services, but America Online had kind of the biggest user base and it was just for the everyman to kind of see what was going on on the internet. And with that, obviously the technical competency of the people that were on that service was drastically different than the people who came on the internet before. There was this concept that started in news groups called the Eternal September. And it was something that the early internet nerds had noticed that when kids got back into school and would use the university computers, then the posting quality would go drastically down in these news groups and stuff.

And so people would just say like, oh, September, it must be September or something because obviously everyone's back in school. And so there's this concept that's been know attributed to different places in Internet history. But the eternal September is kind know what's considered when there's a corollary to when AOL kind of came on the scene because then you just have all these normies that are using the internet now and they're posting on these news groups and doing this stuff. So it's the September that never ended with America Online. They made it very easy to programmatically extract because they had chat rooms and they had member directories and so they had all these ways to basically cultivate the members of that service. And so unsolicited commercial email like spam became just a giant force of nature to be able to make money off these people. Because you knew they had credit cards, obviously, and they are on the internet, so you could go through programmatically like we'd write programs to go and grab the names out of the chat rooms and grab the names from the member directory and just harvest all this stuff and then you could just email just constantly.

So whatever products that you wanted to sell and at the time, obviously pornography and the internet kind of go hand in hand. So I was doing affiliate programs. So you'd get like a cut of the sales after you would drive traffic to these sites when they'd put their credit card in or whatever, you'd get a certain amount of money per sale or they would pay you per click, but you had to have a certain ratio of clicks to sales. You couldn't just send garbage clicks or whatever. But when I was I'm a teenager in high school, most people are having summer jobs. Like I worked at the movie theater for a little while with my friends, but even when I worked at the movie theater, it was all of us, we're all friends. So if we were working the ticket counter and two people came up and wanted to buy a ticket to a movie, we would sell them one, rip the ticket in half, give them each a stub pocket, the other half we'd shortcount the there was a scams everywhere, there's always running scams. But that I didn't have a regular job. How I made money was like I'd go home and I would dial up, I was on EarthLink.

Which is another ISP that I stole those accounts and then I would just use AOL accounts that we would crack and then I would use those to send out all these spam messages, I guess, to porn sites at that age. I'm doing this maybe like one 2 hours a day and I was making about $1,000 a week as a kid. And this is like 1990s money.

So these affiliate programs go all the way back to the 90s.

Yeah. And again, porn. The thing about pornography is it is the genesis of a lot of internet technology and these types of concepts that the affiliate program was really birthed and metastasized from porn industry. I mean, the VHS Beta masks, I don't know if you remember the tape format stuff. Yeah. And then VHS wound up winning largely due to porn. Broadband internet, you can attribute pretty much to pornography. Pornography has always been this weird sort of vanguard odly enough in the industry itself. You would always refer to porn as porn and mainstream as mainstream, like these kind of these two pieces. Even though that it was weird, a lot of the advertising techniques and everything that were being employed in porn sort of eventually found their way into what we consider mainstream. And that's just been true since maybe the dawn of time, but especially in the internet.

So porn is like the pioneer to advertising and the affiliate programming.

Big time. Yeah. A lot of the ways that the operating models that the affiliate programs used in porn now they're ubiquitous and you find them in a lot of different programs now. Any type of affiliate program you're going into, there's some sort of ancestral thread that goes back to the porn industry. But at the time, again, it was just one of the more lucrative. You could sell most products and stuff, but it just seemed to be, it was always the one and you knew that they paid on time and you knew that they had the coffers to do it. And so I wasn't even really old enough to look at porn at that age. So signed up with fake information, but I'd had to be able to cash the checks and stuff. So that was it. Just to lie about my age and started slinging that.

This is the snapshot I'm getting. So basically you infiltrate some of these chat rooms or whatever messaging services, extract all the email addresses out of them, create some kind of a marketing email with porn clips in them, something to capture somebody's attention. You send it out, they click on it, it does capture their attention, drives them to the site, and then there's some kind of tracking that goes from your email or like a cookie trail or something, and then you get paid off of that.

A lot of times there was these things called thumbnail gallery posts and movie gallery posts, TGPS and MGPS, and those were considered like the kind of the clean ways to generate traffic. There was a huge one, thehun net, I don't even know if it's around anymore, but it was the repository and it just had. Like daily lists. But the affiliate programs, the porn companies would basically post these landing pages that just had links to them on these TGPS and MGPS. So this was like more of a direct the way we'd set it up is the same way, kind of, OnlyFans and things like that are done now. They're based around single structures. And so we'd have a landing page that looked like a girl, like using a webcam or something like that. Our friend Lindsay was like, love her. She was, like the model for a lot of our stuff. Willfully we could use her pictures. I don't even know how much porn Lindsay sold back in the day, but her handle was magic. But create a page that looks like it's just her kind of homepage, and then, hey, if you want to see me naked, click here, type thing.

And so in the query string back then, it was done more with that. Aside from cookies. As part of the URL, you would have, like, an affiliate ID that kind of get put in the code. And so then that's how it would track you when you clicked on that link and it sent you to the page. That's how the affiliate program tracks that. You're the one that sent that and who you sent it to. Optionally. But yeah, you're basically just pretending to be that girl. Emailing people like, hey, it's me, Magic, or Lindsay or whatever, she's going to love that I dropped. Come see my pictures or Come see me live, whatever it was. And so then they would click on that link. And then usually the thing is that you'd get paid on free trials. So whether or not somebody which is another thing that porn started and then mainstream kind of picked up on because it's in the nutraceutical industry and all types of things now, where you get the free bottle and then they hit you every month. It's called a continuity offer, where they will rebuill you. They'll hit you for $40 a month and keep sending you bottles until you cancel.

It was a similar thing with the porn sites, is that they'll pay you as an affiliate on the free trial, but then in three days, five days when the trial is up, then they're hitting them for $100 or whatever it was. Because there was usually all these cross sales and network sales and stuff that were working out. But yeah.

What age did you get into that?

Why?

What age?

What age? 1516. Yeah.

Wow.

Yeah.

That was on, like, the cutting edge of all this.

Yeah. And back then, there were no rate limits. Now if you try to send a ton of emails, it'll say, no more of that. You price see it now. Especially with CAPTCHAs and stuff. Like, if you try to do something too much, it'll pop a captch up. I mean, there was nothing like that. A lot of the reason that those technologies were developed was because of people like myself that were just having a field day on these sites, kind of doing whatever. Because there was no limitation to how much all you had to do when you pulled somebody's screen name out of these chat boxes and stuff is just add@aol.com and then you have their email address. And so they had an entire, basically, directory, like just a list of the chat rooms that were open at the time. And so you could click this who's online or who's chatting button. All this is done with a computer program. So you subclass the windows and then you would basically simulate the click to these buttons and then read these text boxes. And so this was all done programmatically. Visual Basic was the this has almost nothing to do with the Basic I was talking about, but Visual Basic was kind of the language that a lot of kind of AOL hackers were using to create these programs.

But yeah, the AOL just made it insanely easy to blanket carpet bomb their whole service and iteratively they improved on it over the years, but there was always some sort of workaround to kind of get in.

Very interesting. Let's take a break and when we get back, I was going to say let's start with the beginning of your hacker career, but I think we just did that. We'll just pick up right here. Those of you that have been around SRS for a while know that we take mental health very seriously here. So seriously that in almost every episode you'll find a segment where we discuss how to improve your mental health. And part of improving your mental health is keeping your mind sharp. And part of keeping your mind sharp is giving it the fuel that it needs to balance energy, focus, cognition, and just regenerating your brain. That triggered me to go on a journey to find the supplement that supports brain health with the cleanest of ingredients on the planet. And I found it. I was actually going to start my own company and do this, but I found Laird Superfoods. I've partnered with them. Now I'm a partial owner and I really believe in these products. Here's my favorite product performance mushrooms by Laird superfoods brain fuel. Put this in your coffee. You can put it in your tea, you can drink it raw, you can mix it with their greens, you can do all kinds of stuff.

Bottom line is this is the best possible supplement with the cleanest ingredients, all sourced in the United States that supports brain health. And here's two other products that I'm a fan of, laird Superfoods Creamer. Guess what? Contains functional mushroom extracts. Put this in your tea or coffee. And most of you know I'm not a caffeine or coffee drinker, but a lot of you are. And they just happen to have layered superfoods coffee, organic Peruvian coffee with, you guessed it, functional mushrooms that support and regenerate your brain. Go to Laretsuperfoods.com. Use the promo code SRS. You'll get 20% off. Guys, this is the real deal. These are the finest of ingredients. Check it out. Lairdsuperfoods.com promo code SRS 20% off. When I first started this whole podcasting thing, an online store was about as far from my mind as you can get. And now, most of you already know this, but I'm selling Vigilance Elite Gummy Bears online. We actually have an entire merch collection that's coming soon. And let me tell you, it is so easy because I'm using a platform that is extremely user friendly, and that's Shopify. Shopify is the global commerce platform that helps you sell at every stage of your business.

What I really like about Shopify is it prompts you all the things that you want to do with your Web store, like connect your social media accounts, write blog posts, just have a blog in general. Shopify actually prompts you to do this. You want people to leave reviews under your items. You can do that on Shopify. It's very simple. Shopify helps you turn browsers into buyers with the Internet's best converting checkout 36% better on average compared to the other leading commerce platforms. Shopify is a global force for millions of entrepreneurs in over 175 countries and power 10% of all ecommerce platforms here in the United States. You can sign up right now for one dollars a month@shopify.com. Sean. That's all lowercase. Go to shopify.com. Sean now to grow your business, no matter what stage you're in, that's Shopify.com.

Sean.

Thank you for listening to the Sean Ryan show. If you haven't already, please take a minute, head over to itunes and leave The Sean Ryan Show a review. We read every review that comes through and we really appreciate the support. Thank you. Let's get back to the show. All right, Bryce, we're back from the break. We're getting ready to dig into kind of how you got into hacking, even though I guess we talked a little bit about it with the porn industry and AOL. But I want to talk about some of the beginnings. What first caught your interest in hacking?

As I said, I think it was a natural progression of, you know, insert thing, get system to do thing type mentality. But the the first hack that I remember doing so there was before the Internet, there were these things called bulletin board systems that you would call into with your computer and then you access information. They had file libraries and rudimentary chat and kind of threaded stuff similar to bulletin boards now that are on the Web, but except you just basically call these systems and there's a ton of hobbyists that ran them. Some companies ran them and stuff. So I ran a couple myself. And the way to kind of get files and knowledge like The Anarchist Cookbook, I don't know if you've ever heard of that, but it was this book to taught you how to create bombs and do all this ID theft and all these different things. It was a print, I think it was in print. But then the online is kind of where it was disseminated. But pre Internet, these systems were linked through a thing called FidoNet for a while, where you could send electronic mail to different systems, but there were just these sort of local nodes.

And so it was this cool little community because a lot of times you'd dial in as BBS, and it would just be people that we'd have meetups at Denny's, smoke cigarettes and drink coffee all night type thing. But it was kind of the precursor to what we know as the Internet. And the public library the system ran one of these bulletin board systems so you could see what books were checked out and it had news and all types of things. But it was a multi node system meaning that it had multiple phone lines that you could dial into. And so it was a multi user environment. A lot of times it was kind of a one to one thing. If you had a single node BBS, only one person could be on it at one time and so you usually had a time limit that you could stay on there and other users would try to call in but you'd call and you'd get busy and you just know you had to call back later. But the public library had a bulletin board system that it was running and it was running some custom software.

But I found out how to drop into an executable shell which basically like a command prompt that would allow me to type in and do anything with the system that I wanted to. And so I had used it to set up an egg drop bot which back then it was hard to find computers that were online all the time because again, the whole thing when you call in the systems and stuff then you get knocked off if somebody picked up the phone line type thing. So universities, obviously companies, they had these dedicated lines that were set up and have persistent connection to the Internet. And so this was a way for me to have a machine that was online all the time. And Internet Relay Chat was this is kind of like where a lot of hackers and stuff hung out computer enthusiasts period, but think AOL chat rooms but it was way more bare bones than that and predates it, but you would have these channels that were assigned to different interests or groups or whatever. And the thing is, if the last person left the channel then the channel would shut down. And so you want to have computers that were in there at all times that would basically hold the channel for you while you were gone.

And so the thing that I had set up on this library computer was basically a persistent connection to allow me to have a robot online all the time that was monitoring these channels. And that was cool. But then AOL was kind of this breeding ground for a lot of hackers too. There was a software that had come out called Winnuk that it took advantage of. There's a port that's open on Windows systems even to this day, but it's used for file sharing. Like if you're sharing information between two computers. But there's a specialized out of band packet that you could send a port 139 on a system that was online. And if you send it this malformed packet, it would basically blue screen the computer, meaning that it would lock it up and you couldn't use it anymore. And so if you had someone's IP address, this is before consumer firewalls or people usually plug their computer directly into the internet. There wasn't routers or anything. So anything that you're sending to that machine is direct to that machine. So this Winnuke software, when it had come out, it just allowed you if you knew somebody's IP address and they had a Windows machine, you could always knock them offline and crash their entire computer, basically.

And so that had kind of come out. And some other people on the bulletin boards that I was talking to, one of the you know, I said, man, this tool is really neat. I can't believe it works this way. And he's like, have you ever been on AOL? And I kind of dabbled on it, but hadn't really ever taken anything seriously. He's like, you got to check this out, because on there people are just you can knock people offline all the time. And it's like again, with the computer enthusiast crowd, it's like one thing, but then to do it to just completely normal people is another. And so that's where I got into America Online and doing the spamming and everything kind of sort of came out of this curiosity. But you could send malformed HTML over instant message and it would have the same effect, like where it would knock people's computers or there were certain reserved directories in Dos, which was the operating system that things ran at the time. There's certain protected directories that if you tried to access files on those directories, it would knock people offline. And so you could play sounds on AOL like you could make, say Goodbye or welcome or the Im sound, and you just do a curly bracket s and then a directory of a sound.

And then some of them were just built into AOL, but that using that formatting and then trying to access like concon or a parallel port or something would knock an entire room offline. So you could get into a chat room, 23 people are in there, and then you drop this sound file that's fake and then it would just kick everybody off. And so it was just hijinks, like stupid stuff like that.

Was it just the thrill that caught your attention?

Oh, yeah.

It doesn't seem like there's really a point to it other than getting a thrill out of it.

Yeah. The Internet's always been a source of acrimonious behavior in some senses and flame wars and people talking shit to each other and stuff. So the ability to just screw someone's computer up after you get into a fight with them over who is the best Power Ranger, which Ninja Turtle was your favorite or whatever, then you just knock them offline. That was the appeal, I think of it, is that it's powerful. You're able to just kind of it's your playground, like you own this stuff. And again, back then, you know, it wasn't very common. You know, your screen name baby. Like some people would pick screen names that would give away their birthday. You know, they'd be like Bryce 1982 or whatever. And so you'd infer a little bit of information about some people, but a lot of times it was completely anonymous as far as you were concerned. And so it kind of became more of our focus to hack the system itself. And there were these private rooms that were on AWOL that were just sort of in the back channels. And it was all people that were kind of interested in these types of things or making programs that interfaced with AOL to do the spamming or these programs that would automate the punting.

There was terms of service violation programs. I mean, these types of things work on Instagram and stuff today. Like if you have we used to call them network tosses. But if I have a ton of Instagram accounts and then I report you and I say you've been harassing me, then if there's multiple people that are saying you're harassing us, then what they'll do is they'll just take your account offline. There's automated systems that do this type of thing. So we used to submit reports that somebody's harassing my children or whatever. So you crap these custom mails, you'd send them from a bunch of different accounts and then you'd kill people's accounts. These are just kind of hassles. But this is all just figuring out how to manipulate the system for our advantage. Progressively what had happened is started to investigate the internals of AOL. So with these groups, we'd get together and there was one of my partners, Glitch, that I lost touch with. But we got into hacking into assets like AOL, like internal assets, ones that only the employees could access. And we found kind of debug tools that allowed us to use the America Online interface the same way an employee would.

Or we could access hidden forms, like sometimes instead of when they deprecated, like a mail form or something like that. It might still be in the code and there might still be a way to interact with it. But as far as the front end is concerned and anyone else that was using this system, they're getting the normal one. But then we have this kind of alternative version that we could manipulate and use. And things back then too wasn't like a lot of people had AOL keywords instead of websites. And so if you look at any kind of video from the late 90s, early 2000s, they'll say, see us on AWOL keyword NFL or whatever. So instead of NFL.com being a place where a lot of people got their stuff because America Online had so many people on it, you'd go to keyword NFL and that would be where you'd get all your information on football. So progressing through that, it was fun to take those keywords over. And if you could find the accounts that were basically view ruled to edit those keywords, then you could make it so that NFL keyword was whatever you wanted to put on it.

And so we would edit keywords and deface keywords with these empowered accounts. And again, AOL just had this most of the member base was just regular everyday people type thing. So it was insanely easy, just because they're non tech, to take advantage of a lot of kind of just misassumptions about how the technology really worked. That even though they would have notices on instant messengers, AOL staff will never ask for your username or password. That you could craft a name that looked like it could be an employee, like Staff Engine 92345, and then say, you know, this is AOL tech support, we need your username and password. Again, these attacks still persist today, but this was the sort of the proving grounds for how all this stuff worked. And so we got into actually breaking into AOL employees accounts, as well as what's called overhead accounts. These were ones that AOL, if you were advertising on AOL, they basically gave you a free account. And they had certain powers because they were able to edit keywords and stuff. But after targeting employee accounts, then we were able to pivot into the internal network of America Online.

And they had some compensating controls, but me and this guy Carbox and Casey developed well, I wrote the software for it, but it was a reverse tunnel. So I was saying there's not a lot of systems that were persistent on the Internet at that time. So I had a university jump box. And what it would do is it would tunnel into AOL's internal network and then it also had an outgoing connection that we could connect to and then it would basically get us into the local area network of America Online. And so if I connected to that jump box, then I could log on to employee accounts without any secure ID, any type of two factor authentication. And so from there you were able to access Chris, which was the customer relations information service. I forgot exactly what it stood for, but from that panel, you could type in someone's screen name and it was like customer service. You could get your address, phone number, credit card, all the accounts, everything that had to do with those accounts. And so it evolved into, now if I'm having a flame war with someone on the internet, I can just look them up and be like, you live here, this is where you ended up.

You see people just because your buddy list would show you when people are online, when they came online, when they didn't and said messenger, everything kind of stems from this. But yeah, you wouldn't see them sign on for weeks. They'd just be terrified because again, this is information that's supposed to be secret, but you're accessing it from AOL's control panel, basically. But the major thing that we used it for was to take screen names that we wanted. So I had my first name, like I had Bryce@aol.com, all of the homies all had their first names and they had their handles. And some people's handles are a lot less, I guess. Like Oday for instance, is a term in computing that I actually know multiple ODays besides Ryan, but if he wanted that screen name, I would get it for him type thing. So we used it more for that type of stuff. Again, we weren't stealing people's credit cards to charge them or anything, but it was just fun to have that type of access because again, it was very imagine you could just look somebody up that you were having an internet fight with and you knew exactly where they lived and how often they paid their bills and stuff.

Man, it sounds like you were really on the precipice of packing. In the very beginnings, I would say.

In the 80s is like when it really took flight. There was a lot more you could do with phone systems and computers back then. There was absolutely no compensating controls at all. And so glory days in New York, there was like Masters of Deception, legion of doom. There's these hacker wars of the 80s that were just legendary, but I would say a lot of kind of the modern twists and stuff. It was very cool to be a part of that time because again, the internet was just barely coming into itself and it was just starting to get available to normal people. And that's kind of why I really like the era I grew up in, because I had that kind of the giants that came before me and sort of set that foundation. But the stuff that we were doing around then is a lot more kind of analogous to the types of threats and everything that we're dealing with today.

When you talk about some of your buddies that you were hacking with, I think you mentioned somebody named Glitch.

Yeah, Glitch.

Do you know these people or are these online connections? You don't know what they look like.

I've never met Glitch in my life. We had talked on the phone and we do conference calls a lot. That was another big thing in the hacker scene, is we would hijack conference lines and then everyone would just kind of call in. But he had the deepest voice of anybody I've ever heard. But I don't know if he was white, black, like, nothing about him, never saw a picture of him. And he was like my boy. We were super, super tight and I don't even know where he is now.

I mean, how does this work? How do you meet? So, like, oh, I'm Bryce. I'm a fellow hacker. Let's be like, how does this work?

So like I said, we had these private rooms. So once you kind of get into the network and the fabric, then you sort of spider out into the other kind of corners. But because of the programs that were being released on AWOL at the time, there were rooms that were named after programs that people would go to. Like you would just type in the name of the program. Like, Fatex was a huge program, havoc was a huge program. That's the first room that I was really a part of. But they had a ton of software piracy rooms. So if you wanted to get what we called Wares, it was short for software. Some people pronounce it Juarez, but it's Wares because it comes from software. And you would go in these rooms and they were like numbered. So there's like server one, server two, server three, server four, DA. DA. But any type of software that you wanted to get, they basically would use AOL as a file distribution service. IRC has an analogous system called DCC, but on AOL it was stored on their servers and you would just basically get emails with pieces, chunks of a file.

So if you wanted photoshop or something, you could go into these server rooms and then download sequentially each chunk of this file. But going into these rooms, there was just a network, I would say, of like, this person would be in these two rooms, this person would be in these three rooms, type stuff. So you just get to talking and collaborating. And I was already a pretty good programmer at that time. So I was going in there and it was like the open source community. There's software that is released now that you can look at the source, you can contribute to it. Anybody can contribute to this stuff. Linux, the operating system, is an example of this open source software where everything's available to you. You can see all the code, you can edit it. If there's a feature that you want in there and you can code it, you can submit a pull request and then they'll put it in. AOL had that same type of culture, except very early, where we would share methods with each other. If I found a cool way to punt somebody, then I could copy paste my code to somebody else.

And so you just sort of gain a name for yourself in that community.

So it's just sharing information and innovation.

Yeah, it was very collaborative in those years, too. Of course, you had some things you kept close to the chest, some secret sauce. But the things that I was famous for writing were I had like an all in one chat command program. But then I wrote a program called Concert that allowed you to get free AOL accounts. It was when AOL Instant Messenger had been released and used to not be able to have lowercase screen names. Everything had to be uppercase. But when America Online released Aim, then you could take your Aim account and you could turn it into an AOL account. And we called them I cases because lowercase I or capital I looks like a lowercase L, like in the font that was in the font that AOL displayed in. And so these were kind of desired screen names to have because everyone else had these uppercase screen names and you get these lowercase screen names. But the program that I wrote, it leveraged Canadian registration to create free AOL accounts that would last for about three to five days. And so people that didn't I never paid for AOL in my life.

Like, I always used stolen accounts or cracked accounts or something. So a lot of us were like that too. And this program would just basically defraud AOL to make these free accounts that were just burner accounts. They would last for a few days, but it leveraged a problem in the way the Canadian registration system was set up and how it validated credit cards that you could basically get these burner accounts that would stay alive for a few days. And then I made this series of animated movies in Visual Basic that were kind of about what was going on at AOL at the time. And the music was kind of adjacent to it too. But that's sort of how I got a name for myself.

Do you have any of those videos?

Which ones?

Any of the ones that you created.

Yeah.

Can we put one in the episode?

Because I converted them to Flash, and now Flash is not really a thing. But yeah, fine. They're stick figures and stuff. It's just really dumb.

But it would just be cool to put that history in here.

Yeah, that's fine.

Somebody has seen it. Somebody watches.

Somebody has seen it. Yeah, they were micro popular. But then once AOL's hacking sort of taken seriously, then I said it was more about breaking into the actual systems that AOL ran on, rather than reverse engineering the protocols and how it talked to each other. Like, we were building thin clients that could emulate America Online pretty closely without actually having to use AOL software. So that was kind. Of the progression of how we weaponized the hacking stuff. But there's a ton of people on AOL that this day it was like an academy. There's a ton of people that came from that era that moved on to my form at DG and are doing insane things now. But they got their start. I think Mark Zuckerberg even talked about like he used to hack into messenger and that's like he wrote what was called a fader and what it would do is it would change the text color so as you typed it, it would just be like a cute rainbow type thing. And I think that was one of the programs that he'd mentioned writing.

But that sounds like something Zuckerberg would you mentioned. I got a couple of questions actually. So in these online communities, would you call it a forum of hackers?

These were more chat rooms.

Chat rooms, yeah. How many hackers would be in a chat room?

Very 1015 and people of all varying skill levels. There was maybe a couple of handfuls of us that were really that got to the kind of the upper echelon. Yeah, but then you had a lot of people that were just again learning. Some people didn't care to learn too much. They just really liked running the programs that we would make and make themselves look cool and stuff. But yeah, there was a group that I looked up to Insanely that were somewhat local called Lithium Node and those guys came up with some of the just most gangster things. There was like limitations on the amount you had to have at least three characters in your screen name. That was kind of a bare requirement. And they found out how to make one and two character screen names. And they also had found exploits in AOL's web server. The way the software that they used to serve all their web traffic actually exploited a bug in that I think it was in TCL. But just that even know there was people that were kind of a strata above my crew. There was just a ton of different groups but all of various kind of skill level.

Node was probably the most elite but I was part of AWOL Files and Observers and those were probably like I said, the second tier. The hierarchy of I'm sure there's one special forces or something but the groups that I was a part of were up there but not like the top.

Top tippy top, not the tip of the spear.

Yeah, maybe other people have different opinions and they'd be like oh yeah, you were at the top. But yeah, I remember just at the time there'd be things that people were pulling off and I was like how the hell did they do that?

You had mentioned you don't put everything out. Some stuff you keep close to the chest. Did you have anything you were keeping close to the chest that was for your eyes only.

By the end of it, probably not. There were certain, I would say, internal websites that I knew about that I didn't want anybody else scraping or knowing because then it would just raise the signal on them type stuff. But as far as we call them methods, as far as any of that stuff goes, eventually I would just try to share that type of knowledge because generally it'll come back to you. If people aren't super greedy, they'll take your stuff and then they might mutate it in some way and then you're going to get back something cool later. A very sharing economy. People that weren't like that, that just kind of consumed you don't deal with them.

But they didn't last long.

Didn't last, yeah. So it was more about the people that were really forthcoming with all the cool technology that they were developing.

Give take relationships.

Exactly. Yeah.

Right on. With the stuff that you were doing in AOL, would that be considered black hat hacking?

100%. Yeah, there was nothing benevolent about any of that stuff. It was all just and the way I think about it now and there's no way I terminated on the order of hundreds of thousands of accounts, probably. And the member base of AOL was in, I think, the eight figures, I don't know, it was 20 million, I forgot 25 million, but significant chunk of those. I mean, I definitely spammed everybody on AW at one point. But the Hassle thing I was saying earlier about when your credit card gets canceled, that if your AOL account got terminated because I happened to break into it or something, that's 3 hours on the phone that somebody had to. It's not far fetched to think some 90 year old grandma who just wanted to see pictures of her grandkid is sitting on the phone for 3 hours and had a stroke because she was so frustrated with talking to customer service. There may have been some ancillary deaths, I could take it to the Nth degree on any of it, but yeah, there was nothing. I mean, I'm learning about the system and it was really cool because you know things that maybe most of the internal employees don't even know and you're kind of consuming all this very selfishly and yeah, there was no way to characterize that as anything but black hat.

Did you meet any of these like Glitch or any of these other people? Did you meet any of them in person?

Yeah, so a couple of my best friends of all time, we started out on AOL together and most of my friends that I still hang out with today, they came from some facet of online. But that AOL, like my friend Egod, my friend Flow, my friend Haretzu, like all them, they all came from America Online. That's where we met and known each other. So we've known each other for whatever it is, 25 years how long did.

It take you to meet them in person?

Probably in adulthood, mid 20s type thing is like, when we finally came together.

We weren't really and this stuff was starting at age 15.

Yeah.

So it took a decade, right, to start meeting people.

But we'd been Internet. Well, some of it was earlier than that. I should probably say like 22, 23 even, I think when Taylor was in college at UCSB. Yeah, so maybe it was a few of them. Yeah, we met, but grand majority of them. Yes. I would say throughout my 20s is kind of when we started kicking it.

Man, that's weird. You think about nowadays and people that they made all their friends on social media and you were doing this, what, 30 years ago? 25, 30 years ago.

And back then, you don't meet weirdos off the Internet type thing. That was the attitude that a lot of people had, and they're my best friends now to this day. People that I've known through that scene, and it's cool, but they're the people that I identified with the and, you know, we had a lot of common interests and.

But this is fascinating to me. Do you think that look, everybody has a stereotype, right? Stereotype in the special operations community, stereotype at CIA, stereotype at NSA, all these different places I've worked at. There's definitely a stereotype that kind of fits the mold. Would you say there is a stereotype in the hacking community?

Oh, yeah. I think everybody sort of pictures the guy in the hoodie with the anonymous mask on and cans of Red Bull or Monster or whatever just polluting the desk. And that's what's so crazy, is that a lot of know, ultra nerdy, like, super, you know, coke bottle glasses, like any of that type of that archetype is just you see it as a trope in Hollywood pretty consistently. But what I found is it's a really eclectic I said all races, all creeds, religions, whatever different looks, a lot of people that you wouldn't even know are looking at them, that they had anything to do with computers. It was a wake up call. I think, even then that's, like, not everybody's just a dork. Pretty cool people here.

What about personality traits?

I think everybody that's on the computer as much as we are has some mental illness. You just have to that stereotype is true. There's no going anywhere. Everybody's subject to some idiosyncratic behavior or trait. There's a lot of depression, anxiety, schizophrenia, bipolar, all that type of stuff. Coalesces in the hacking world fairly regularly. I said that stereotype, I would say, is pretty true about everybody I know. And autism is, like, super big. It's an in joke within a lot of us. The more autism you're showing, the better you are type thing. The Asperger's just focused and just super meticulous and everything. It's a quality that I see as a superpower in a lot of ways when it comes down to it.

Interesting. All right, so let's move past the AOL stuff. What started coming next?

So I had started doing the web page defacement type stuff in parallel. Like I said, the keyword defacement was one thing, but I would watch television and there'd be an ad for a car dealership or something, and then I would just go type it into my computer and then I would just hack the car dealership or whenever I'd see any sort of indicator. So I wasn't very prescriptive about which targets I was doing just to see if I could do it. But eventually, after doing a lot of those types of defacements, what would you.

Do to a car?

I there was a Honda dealership called Empire Honda and I had posted a picture of Christina Aguilera on the site and I said that I demand that they give me a Honda so I could drive around with Christina Aguilera. So I just had their webpage hostage because I had a crush. But things like that just to where anybody else that would go to the website would see what I'd put up there.

Okay, so let's dissect this. So you put an image up on the homepage of Christina Aguilera. Where does the reaction come?

The I would love to see what people's faces would look like when they saw that or when the people that own the website, would you be the.

One to take it down?

What do you mean?

Like, eventually? Would you just be like, all right, fine.

No, I would leave it up until they fixed it, just do it and.

Then drop the mic and I'm out.

Sure somebody's going to notice eventually. Yeah, but it was just funny things like that. And I'd infected my high school pretty well and it was eventually part of what I got investigated for. But I hacked every school district in Colorado. I had all there anything that was Internet facing or Internet appropriate. I had either defaced or I had some sort of foothold in because I could bounce my connections through them, all kinds of stuff. But after doing the company stuff for a while but the govs and Mills were that's the top level domain for government and military sites. And that was the progression. Again, got to give an addict more and these were just shinier targets than car dealerships and stuff.

So pride started getting in the way.

Yeah, in the challenge. I'm just a dorky high school kid. Can I break into the military? These websites, and I was part of a group called Global Hell that famously hacked likewhitehouse gov and Army Mill. And we I don't know, we looked at it, people were like, well, why'd you hack this? Were you looking for UFOs or nuclear secrets or anything like that? And it wasn't really like that. Everything that I was doing was just.

Whoa, let's backtrack for a minute here. So I think we're going into when you defaced all of the gov, mil, big government agency websites.

Right.

So let's go down the list. Okay, I know this is what I have. You deface NASA's Goddard Spaceflight Center website, a cartoon of a hooked hacker, a hooded hacker, a peace symbol, and a warning of website security holes. Did you also hack the FAA, DCA, NATO, Colorado Springs Police Department, Texas Department of Public Safety, honda, Nissan and At T?

Yeah.

Am I missing anything?

I'm sure you are, but it was a crime spree at that point. Yeah. Again, it's done great things for me, obviously. It's a fantastic resume to have, but in retrospect, that again, it was the juice worth the squeeze.

How old were you when you're hacking these?

1716, 1716 years old.

And you're hacking NASA?

Yeah.

Was the juice worth the squeeze?

I mean, the consequences weren't really that bad. I didn't do prison time, and they didn't keep the computer away from me or anything. What was really telling about it was my investigation. I had seven different agencies investigating me at the same time, and I wasn't really careful about I wasn't deleting logs, I was really kind of upfront. I figured the more transparent I was about the crime I was doing and whether or not that worked in my favor is debatable. But I knew specifically how to keep myself out of it. If I would have done it under a different handle. There's things that I did under different handles, but everything I did here, I was pretty much looking to get caught in some senses. And I'm a minor, what are they going to do to me? So that's the attitude that I have. But that I think about it now says an adult on the other side of stuff. And I don't even know how many days I ruined people chewed out by their boss or people got fired. I'm sure it was probably not very fun.

You did expose a vulnerability.

Yeah. This is the turn of the millennium, and I've always been insanely patriotic. Love my country, fear my government type kind of guy. And that it was sort of I just saw the way that the winds were blowing and that if somebody with some high school kid with free time on his hand is sitting there and just doing this massacre of all these government websites and huge companies that if I was a concerted state actor and I wanted to get persistence in these machines or I really cared about doing more than instead of being loud about it and defacing the front pages. If I wanted to get in there secretly and stay there secretly, that would have been very easy for me to do. And so as just, again, a kid with free time on his hands able to do this, imagine if you were paying me quarter million dollars a year to do this type of thing and do it nefariously. That's the logic I had walking into it is like, why isn't people fixing this? Because I would email Webmasters and I'd be like, hey, this is wrong. You need to fix this.

Nothing. But the moment you break it, then all of a sudden it's a rush to fix it. So that was the onus for a lot of what I was doing is just to raise this awareness that this illusory power structure that exists that you think is all impenetrable is being defeated.

By so you actually had a positive motive here.

100%. Yeah, but again, so I said the means by which I accomplish these goals probably considered criminal or black hat, but yeah, I'm on record and I've quoted that since then. It was absurd to me that you have companies with all this money or governments with all these resources weren't paying attention to this type of stuff. Now it's even more of a death sentence than it was. There's just so much that's hinging on technology.

Well, let's walk through the beginning then. Just walk me through step by step. So you said you started to see the way the winds were turning and all these agencies were extremely vulnerable to being hacked. So what got them on your radar? Just at the very beginning, you were just up in the ante seeing if you could do it. Then you realized, oh, this is atrocious.

Yeah, that hacking a car dealership, a local car dealership and holding the ransom for Christina Aguilera or something is one thing, but then, yeah, being able to do these types of things to government websites is totally different. But you realize it's the same in a sense that the amount of protection that that car dealership has is almost the same amount of protection that this has. So there's an asymmetrical value to where you would think the people would be paying attention to. But again, it was the same type of thing. It was just as a hip hop fan, the elements of hip hop are like turntalism, break dancing, MCing graffiti was always considered an element of hip hop. And so the first ticket I got, like I said, was spray painting. And so it's just the same type of behavior except using the Internet as a medium for my graffiti. And so, yeah, whatever manifestos I had about the state of security or whatever dumb thing I was ranting about at the time, it was called hacktivism was the kind of term that had emerged as that whatever political message you're trying to send or trying to drive traffic to a cause.

But my evangelization of security was more, hey, look, I'm a dumb kid and I'm hacking this stuff, so what are you going to do about it?

What was the first website that you hacked, government wise?

The first one I don't remember because the one that said it was the three that NASA and the Defense Contract Audit Agency and the Federal Aviation Administration were all done in the same think it was November 23, 1999.

Man you remember the exact day?

Yeah, I'm pretty sure I might get skill checked. Nerd Sniped but that was like what caught the attention of mainstream media. Yeah.

This one everywhere, correct?

Yeah, it was on Wired, CNN, Fox. It got pretty big traction. Yeah, but that's the one I know because I said I was doing local government stuff. The thing that was crazy that I found out later was that the police department systems that I hacked actually if I would have traversed the network, I would have been able to pull up access NCIS, I think it is, be able to look at warrants, like international or national warrants. And I could have manipulated actual police records, like speeding tickets and DA DA DA that for whatever reason, their website was on the same network that all the rest of that stuff was. So I didn't find that out until after the fact. Again, my mission was basically to go in. Sometimes I would install some amount of some kind of persistence. That way I could get back in. But for the most part, it was just I would deface the website and then it would have instructions on how to fix it and how to remediate what was going. Just I'm trying to remember. I'm pretty sure that some of that stuff, some state government stuff had happened before that, but the NASA one was the one that kind of blew up.

But I didn't stop after that. I still kept going.

How long did it take you to hack into NASA?

Not long. So the thing that was I think people have a misconception about what hacking really is like. Think you're just grinding out passwords or anything. There was an exploit that I was leveraging in a database service that came on. Like if you had a website that was running on a Windows system, there was a Msadc DLL. It was for data connections, but it was a dynamic link library that was accessible from the Internet. The problem is the way that it was configured out of the box is you could send it shell commands and basically issue commands to the box as if you were sitting there if you had an account on the machine and it would run under the web user permissions. So I had modified a lot of people when they were using this way of defacing. All they were doing is they would echo a text string to the index page of the website. So you would just get this black and white screen that said Sean Ryan was here type thing. The way I did it was I would basically manifest network shares on the machine that I could connect to and then I had full directory access.

So it was basically more robust than what was originally designed, like the proof of concept type thing. So it was an exploit. Somebody else. This guy, Rainforest Puppy had developed and found and then I just kind of did my own little spin onto it. But it's really easy because you could just grind out sites and if you saw that this library existed on the website you were investigating, then you knew it was probably vulnerable. So I would write Grinders that would take like Seanryanshow.com, Vigilance, Elite.com, all these different websites and then I could just plug in and see, is this file present? Is it not present? Type things. So it was carpet bombing the Internet. If I saw one that if I was more focused on something, then it was easy for me to just kind of go in there and look. But I was just loading up domain lists, anything that ended in had there was a site called Netcraft back then that would kept a repository of what operating systems and versions and stuff that sites were running. And so you can get good DNS intelligence from that and find out what not only top level domains but subdomains that belong to the government or the military.

There's different ways to do it now through passive DNS scanning and stuff, but that was how I got the laundry list back then.

How many government organizations did you hack at once?

20 something, a lot.

How did you get approached? I got a lot of questions. How did they approach you when they were on to you?

So there was this kid again, these hacker groups, we all have these little clicks and shit. We had this one called Sesame Street Hackers. It was a joke on Secure Shell because SSH is a software that you use to log into a machine securely. But we had the same initialism, but it was Sesame Street Hackers. And there was this kid, his name was Darkness, and he was 15, so a little younger than I was, and he broke into a satellite and instead of deleting the logs, he accidentally deleted everything on the machine. Like completely screwed up. And the administrator of that machine was named Black Dog. And he came into our IRC chat and he was like, you're, all of you, they're after you. You don't understand. He even put this site back up and he had edited the stuff that we edited. So he redefaced our defacement. But he said, they know all about you. And he knew way too much for it to be a troll because sometimes obviously, we'd be messing with each other. But this guy was 100% for real. Logs on from you could see the IP address that he'd logged in from and it was an ASIC of one.

And he just knew way too much information about what was going on. And so he was know, you should probably contact them before they contact you. And so I was like, all right, I'll call. So he gave me the number of NASA has an investigative arm called OIG, the office of the Inspector General. I think a lot of government agencies have a similar thing, but it's like the law enforcement arm of NASA. And so I called Sheila Brock, I think was her. Yeah. And I just basically I'm mighty cracker. I heard you're looking for know how can we make this said all the information came out that so the Texas Department of Public Safety was after me, which is their sheriff's department, because I had hacked them. There was the FBI.

You hacked the FBI?

Well, I didn't hack the FBI, but they were obviously investigators. Yeah, there was DCIS, which I forgot what that stands for, defense Criminal Investigative Service or something like that. I think they handled like DoD stuff. There was NASA office, the Inspector General. There was the Carl Springs Police Department. I know there was seven, like that number seared into my head. And the case report file was huge. But what I found, that it was nuts because it said after all this stuff, NASA came in. It was two agents sat down at the kitchen table. We went over everything but the interagency coordination. I mean, I'm sure you know how this stuff works. I cannot believe that it happened, but the FBI was supposedly two weeks away from kicking my door in the local police department. They'd been set up across the street. And just how when I would go in and out of school and stuff, they were getting ready to kick it in. Somehow NASA was able to contact all the agencies that were at open cases against me and tell them it was their caller or whatever. So I never wound up getting my door kicked.

Like it was just nice, invite them in, have coffee or whatever. And we just kind of discussed everything. But they took all my computers and back for forensic investigation. A lot of that stuff had emerged during the case, and the case report was just huge. But yeah, all the different agencies, they were investigating me. Like each had a little kind of section in this file, which was insane to me, just like how much manpower had been wasted on little me. But yeah.

Did you see the news break with all the website defacing before you had these meetings?

Well, I was interviewing with the press, so that's what I mean. They'd contacted me through. There was a site that mirrored all of the hacks that people were doing, called it was Attrition. Attrition.org. They still have the mirror. They're up, but they're password protected. But they used to kind of keep track of all of the different defacements that were happening. And so it became this leaderboard amongst hackers, like, who could hack the most stuff, the different groups. But there's a whole just chronicle of every website defacement that has ever happened. Pretty much Attrition was keeping kind of record of that. And so we would be sending stuff to them to make sure that they mirrored it and showed that we had done it. And so a lot of times, media would contact them and say, how can we get in touch with this hacker or that hacker or whatever? And again, if you're looking for that fame and that recognition, then it was a no brainer. And a lot of us around that time, they were kind of pointing out the insecurities in government all shared that same ethos. And so talking to the press was just another way of getting the word out of what we were doing.

So did you talk to the press.

Before or after I talked to the press? Before I got busted. Yeah.

Wouldn't that be cat out of the bag right there?

Well, like I said, I didn't really care that I'm 17. I was like, what's the worst going to happen to me type stuff. And I wasn't thinking about the consequences in that way. And I'd written an article for Hacker News too about that. It's like the best time to do things, obviously, is when there's no real repercussions. And this was before 911, so there wasn't a whole lot of and it was apparent what I was doing. Like I said, I was very open about the way I was getting in, how I was getting in, what I was doing. There wasn't much clandestine secret behavior going on. I was really upfront about the how and the why, which I believe saved me in a lot of ways. But yeah, I didn't do any jail time. I was on probation for a really long time and I had to pay a shitload of restitution. But other than that, there wasn't much fallout in the sense that it didn't affect my professional career at all.

What is that conversation like when NASA walks into a 17 year old's home and is asking you why you hacked their website and defaced it?

They had just a wealth of evidence and they had chat logs. They were monitoring our chats, and they had a list of people that they were asking me if I knew. And even if I did know them, I said I didn't know them. I was real cagey. Again, anything that I did, I was taking responsibility for and ready to go down for. But conversation was super cordial, and I said they left with all of my hard drives and equipment and stuff and off for analysis and imaging or whatever they did to it. But they had most of the evidence, obviously know in my confession. But the most impressive thing was that somehow they were able to coordinate with all the rest of the agencies. So I didn't get my door kicked in seven times and be like, oh, the computer's already gone, NASA's already got them. So that was nice.

Did they fix the did they did they need your assistance to fix any of the problems?

No. And that's. Something people ask me all the time is like, why didn't the government offer you a job? And the answer that I actually got was an odd one, but it made sense at the time, and it was just that justifying the catch me if you can type philosophy, can you justify to taxpayers that we now have a criminal kind of overseeing the security of our systems? And so how do you go from being this prolific hacker and then all of a sudden change of heart, now you're working for them type thing? So that was the justification that they use that they never did. There's some stuff that I had done for the FBI later, because I have a strict code of no snitching, I will never go down on my boys, even to this day. Something never sits right with me. But like technical type of consultations, how does this attack work? Or something like that. Those are the types of things that I would wound up offering to agency as part of my community service that I had to work know. How does this credit card attack work? How are they finding these numbers?

I don't know if you know how.

That what's going through your hip when you have the FBI and NASA and all these government websites or just government agencies asking a 17 year old kid, how does this work?

The movie Matrix had come out that same year, and it's just those things that are fused into your head that it's just weird because you just feel like you're living in a movie in some senses. And that was probably the weirdest takeaway from it because a reality set in. It's like, well, you do the crime, do the time type thing. But it was fascinating to me that I can't even imagine the amount of manpower and resources it was taking to Compile, because the stuff that they had, I mean, again, it's like a King James Bible just thick full of all this chat logs and pictures and images and things. They had already had informants that had flipped on us and stuff, so they had documentation from other people that they'd already kind of encountered and talked to. One of the leaders of the group, I don't think he ever got busted. He was a Canadian national. Maybe RCMP did hit him up, but one of my homies missing link rack Mount, he never got caught. That's part of the reason that the Anonymity was super important for a lot of us is that, again, if we didn't know who each other really was, you're just a name.

And we just respected each other's skills. So you don't know what race somebody is. You don't know what gender they are. You're just a name on a computer screen as far as I'm concerned.

I guess where I was going is, did the incompetence of the government agencies as far as cybersecurity, did that register with you at that age.

Oh, yeah. But again, with age comes experience type thing. I understand the defender's dilemma. I brought that up when we were eating dinner, but that a defender has to be successful against all points of ingress where an attacker only needs to be successful with one. And it's very hard to maintain a decent security posture with all of the attack surface that might be going on. And some of these systems that I was breaking into were probably just overlooked on the Internet, some kind of well.

I mean, you had mentioned earlier that you were sending them emails or messages or something saying, hey, there's a hole here, you guys might want to fix this. Okay, you don't want to fix it, then I'll expose it. So you gave them the opportunity to fix it. Did that come up in the interviews?

Oh, yeah. That's why I said my sentence, as far as I think most of my contemporaries, was really lenient, that pretty much the restitution was charged. It was a quarter million dollars. But it was like that. They basically justified it through the salaries of how much time they wasted. And you know how government math is like, where toothbrushes $500 and screwdrivers a billion. So, yeah, there was some kind of guerrilla math that had gone on with how they calculated it. But looking at it now, especially just the resources, I think, that were available and the types of professionals that were doing it, knowing then what I know now is just that of course a kid is going to be able to do these things like I have all the time in the world. I'm on the bleeding edge of this stuff that my adversary on the other end may have been a longtime computer user or something like that, but they have no idea of the realm that I'm operating in type thing. And each generation that comes after me is going to be better than mine was type stuff. So I forgive them. But in a sense, these are the stakes.

You don't want to be playing, especially today in this day and age. You want the best and brightest protecting that type of stuff because just the opportunity cost well, anything that would go to the contrary has catastrophic consequences if you're not.

I'm just really curious how the conversation when you told them I don't know if you remember I realized this is a very long time. This is a while ago, but 24 years, I guess. But yeah, when you tell them, because they're sitting there telling you, hey, all the adding up, their guerrilla math on, oh, well, we had to expend this amount of money because of salaries and whatever. And your response could have been, well, actually, this issue could have been fixed with zero yeah, with zero money. Had you been on the other end of my message, email said, you might want to fix this. I could have done this an easier way. And so I'm just curious. They have to feel relatively foolish talking to a 16 year old, 17 year old kid who just broke into NASA's website after giving them warnings about what you're going to do. I assume I would feel like a fool. Well, I told you guys to fix this, but you didn't pay attention to your customer service platform. So I had to hack it to get your attention because this is a matter of national security.

If the administrator had come to my house let's just say this is just a couple of agents that just have all this information. I'm sure the conversation would have been completely different from the tech side. But it just blows my mind because a lot of these you think that it's the government and it's got to be secure, like just some sort of inherent just feeling that you have. And I don't know the reasoning why there could have been a huge patch backlog or maybe that email isn't monitored as closely or something. There's a million reasons as to why they didn't act upon the messaging that I was giving. And I said after a period of time, I was shoot first, ask questions later type guy, because that's what happened. It started out as I was emailing people and like, this is fucked up. And then they wouldn't respond or fix it. And then so that's when I just went on the war path. There may have been other agencies that I hacked that would have been more receptive to that type of exchange, but I had a few of those ones where no one did anything.

And so I was like, all right, you know what? The best way to fix it is to break it. Because then somebody's going to see it. Somebody's going to be like, oh, okay, this guy's for real. He wasn't just pulling our chain. You can imagine that they might get people trying to prank them all the time or fake ransoming them or whatever. So PC is believing. So you got to demonstrate the sometimes.

Yeah, fair enough. Well, let's move into your forum, Digital Gangsters. So it sounds like this was a very prolific forum.

Yeah. So there was some other internet forums around that time that I was kind of a part of, but there wasn't one that kind of brought together the hacker community that we had fostered during the AWOL days. So there was a period of time kind of between the AWOL heyday and Digital Gangster. So in 2005, Digital Gangster, I'd started it out as a production company. I was throwing raves because I was DJing and all this stuff. So it started out as this local production company that I was throwing raves and stuff on Earth. The website used to just point to whatever club nights and things I was throwing. But I had stopped doing that. And so the website was just sitting defunct. Nothing pointed to it. And there was a couple other forums. There was this one called General Mayhem that was kind of big and it started out as a computer gaming kind of forum. And then there was one called GFY stood for Go Yourself. And it was an adult oriented for adult webmasters and stuff for the internet. So I had this semi community from the work I'd done in the adult industry and then the gaming stuff and then all these people from AOL that didn't have a home.

And so that's when I started Digital Gangster. And then all the kind of the elder statesmen who were already quit hacking AOL elder statesmen meaning like 23 24 year old type came to the forum and the current kind of AOL hacking scene was more shifted to Aim. And then they had joined and then I had the internet marketing people join and some gaming people join and it just started to snowball and gain traction. We were hugely active on kind of just the more of that data sharing, collaborative tactics, techniques and procedures that will be useful against places. I think one of the first things that we did was we created a bunch of fake coupons that would say like, thank you for being an e trade investor. Take this coupon into McDonald's to get a free extra value meal and we just make them look like super legit. And so people were always taking videos of them. This is before social media was really prevalent. But yeah, using these coupons at places like getting free pizzas and free McDonald's and Taco Bell. I had a guy that works for me now that had no idea that that was us that had started doing that.

And he was like, I fed myself for a whole year with this shit. It got to the point where these stores were putting up do not accept these coupons type thing. But it was all just this disruptive kind of bullshit that we were doing. But there was a guy. Camo. Cam Zero. And he had hacked into Paris Hilton's sidekick. Sidekick was a phone before the iPhone that had like a full keyboard and it was sort of the Phone of the Stars before the iPhone became big. But her password was her dog's name was Tinkerbell. And the thing was that that address book was just full of celebrities and then had a bunch of images on it and so that hack had happened. And that kind of came from your forum. That came from my forum, yeah. So then my forum got known for doing just things like that.

Hold on. So what did you guys do with the information?

We posted it, we just shared it.

So it had all these celebrities names, addresses, phone numbers.

Yeah, emails, and then there's private pictures. And I said in retrospect it became a huge sensitive thing. Especially recently. I don't know if you remember the fapping like when people had their they were getting their iclouds hacked and celebrities had their sex taste posted.

Was that you guys?

That wasn't us. But by that these are the things I think about it now and it is a serious invasion of privacy type thing. I totally see the wrong in it. And whether or not people are media figures or not, it doesn't necessarily give you the right to be posting the stuff. So of course regrettable behavior. But at the time it was juicy and the media was just all around it.

So did that break the news cycle too?

Oh yeah, that totally did. And tangentially that's. The thing that's funny is that on the porn side of things, one of my buddies is the dude who brokered because remember her sex tape is kind of what launched that. I mean, theoretically by Butterfly Effect, it launched Kim Kardashian's career in some senses. But there was an entire deal being brokered between Rick Solomon and Paris Hilton and this porn company that basically released the sex tape to buy it. So all of this press I think was in a way it was good. But at the same time the methodology for what we had done with it, it's not something I would condone now or whatever, but that's kind of what our board was doing for a while is MySpace was really huge. And so we'd hacked Tom's MySpace, who was the founder, he was everyone's friend. And we'd hacked his website and we directed a bunch of people, the digital gangster. We hacked Tila Tequila's MySpace and she was like the starlet. This is all ancient internet history stuff.

How much of this stuff hit the news cycle?

Quite a bit of it.

Yeah, we're going to put it all.

Up here and that's where that's where it really started to snowball because then members would come in that were fresh blood that had heard about this hack that had happened.

It.

So everybody wants to be a part of this.

Exactly. Yeah. But the thing that was funny is that people would come in and then just like any club, there'd be just insane amounts of hazing that would happen because you'd get all these newcomers and then it would be everyone who was sort of veterans on the board. It would be their job to kind of weed out and find who's opposer who's just here, who's trolling like whatever, and would just run these people through psychological torture practically. And then anyone who ended up staying made the grade and then they would be the person that would make fun of the next batch of people that would come in. So this revolving door of just idiots. But what's cool is then people would come and they'd be like, how did you do this? What was the method? And they'd really be curious. And then we would actively mentor these people and teach them exactly what we were doing and how it worked. Some people would stick with it and some people wouldn't, but that was what was most awesome, is that you basically had this pipeline of fresh talent at all times, and people were just really curious about what was really going on.

Is the Digital Gangster forum still in existence?

It is. Not anymore. I took it offline a while ago. There's remnants of it. There's a lot of stuff that was posted there. I mean, I still have backups of it, but successfully taking off the internet like Ryan even, I'm sure has a lot of embarrassing things on there that shouldn't see the light of day. Like what? Who knows?

Help me out here. What would be on a hacker forum that you wouldn't want to see the life by today? That's humiliating.

Maybe not humiliating, but we're very self snitching on, very public about the types of things that we were doing and engaging in just the behavior.

So self incriminating?

Self incriminating, yeah, very much so. And there's some some people may not want that out. Like I said, I don't care personally. But the other thing is, too, is that all the private messages that were sent between people and stuff in the forum, I'm sure I have a copy of, there's ones that when we got hacked a few times. There's dumps that exist of all this stuff, too, so it's not like it's completely out of the record. But yeah, I just felt like when I sunseted it, I sunsetted it.

Wasn't big, but in its prime. What is the most amount of users you had on there?

Oh, millions.

Millions?

Yeah.

Millions of hackers?

Well, just that the user base was probably like in the hundred thousands, but the page views were just astronomical because we had really good page ranking on Google and stuff. So people would type in anything and they'd wind up finding their way to the mean. Like, at any given moment, there might be a million people active on the was it was the the big one that actually happened was when Miley Cyrus's email got hacked and she was still, like, a teenager, but there wasn't any naked pictures or anything like that, but they were just, like, silly because she was still Disney kind of person. There was one hacker on my forum who had released those pictures and that made it on to Nancy Grace. And it was just funny because you ever notice in the news that if there's a story that you happen to know kind of what really happened, none of it matches? The narrative matches, but you read another article about something you have no idea about, and you're like, okay, it's this weird cognitive dissonance, and there's so much stuff that got published about us that was completely false. But it's like, what's in the news?

And then again, if you don't apply that same heuristic analysis to other articles that you read about in the news, it trains your brain to think like that, where there's a disconnect behind what's reported and what's really, really happening. So I tend to look at news through a different lens that way. But yeah, with respect to the Miley Cyrus one was probably what got us the most traffic and traction. But there was, I said, a series that formed had just a ton of different stuff that was attributed to members on it. Barack Obama's Twitter got hacked and what? Yeah, my homie.

That came from digital gangsters too.

Yeah.

This is incredible.

You can look it up. Okay, so the guy, he had access to Twitter admin panel. And I think there's a guy's, mark Sanchez or something. He was a reporter. But Barack Obama? So remember I said that there was this amalgamation of hackers, internet marketers and gamers that were kind of form the core group. So the bleed in our skill sets started to become apparent because we had this section of the form that was called was well, Margorp, which is programmed backwards and why work. And those were actually AOL chat rooms that existed back in the AOL days that I had had a sub form that was just named after those. And it was for business talk and things. I said, if you're doing Internet marketing or anything like that, it was like kind of the forum, the sub form for that. But when they took control of Barack Obama's Twitter account, they were tweeting out gas card affiliate links. It's just too stupid to think about because how are you going to get paid? They have to know who you are because that's where they send the checks. But he was like, yeah, barack Obama was like, get your free gas card here at this.

Just so you had that on Barack Obama's Twitter?

Yeah, on said there's there is news articles about that that.

Hold what? Just delve it down for me. Explain to me why of all the things you could have put on Barack Obama's Twitter account, why was it free gas?

GMZ was a dude. You have to ask him what he was thinking because well, as I said, the other ones, they were just like tweeting out homophobic slurs. Some of this stuff is financially motivated, obviously. Some of it's just motivated what we call for the lulls. It's just for the hell of it. You're just doing things just to do it. But yeah, the gas card thing was just funny because it's an affiliate link, so you're supposed to get money off of it, but they're going to bust you because it's like, what other you're totally tying it to yourself. Not everybody's completely brilliant in these arts, but a lot of times everything was just kind of done for really. There wasn't a monetary gain for a lot of those things. They just get us and Nancy Grace and that crowd thought that we were a gorilla paparazzi site. That was what we specialized in is just outing celebrities. But that was only really like a small subset of the types of things that we were really doing.

What are some other things you were doing in there?

What I said, we had just this factory of mentors mentees type stuff. Ryan, he was an administrator on that forum eventually, but he had come and he was really young at the time. He's younger than most of the people that were there. And he just kind of took to a lot of the Internet marketing stuff and learned how that game worked and said he applied it to his rehab centers and everything. It's just the school there is that. We just had ways of making money on the internet. And how do you take advantage of the systems that existed and maximize the amount of profit that you can get from? And at this time, I was kind of 1ft in and 1ft out of the porn sites. I'd still getting mailbox money from it, but I was focused more on diet pills like Garcinia diet and acai berry stuff, and business opportunity leads, like people that how to make money from home type stuff. There's all these plethora of programs out there that, again, you just kind of find out what converts with your traffic and you'd focus on those verticals. But yeah, it was mainly, I said, a training ground.

Teaching people how to program, teaching people how to hack, teaching people how to market on the Internet and stuff. Because a lot of us again, saw the value in you get some fresh eyes on it, and then all of a sudden they're coming up with new methods and stuff, and it becomes this cool collaborative community where everyone's sharing things. And so a lot of that, the illegal activity was sort of inconsequential to the actual mission or what was actually going on in the like one of the crazy things I think Ryan had spoke about at the bitcoin drive by malware that he, uh that was like infecting it was infecting systems.

Yeah, he had mentioned that you were in the hotel room and saw the actual amount of money.

Yeah, it was ridiculous. Well, I remember, like, the computer that he had on his wall that was naked. That was a very intelligent that's what I'm saying. It's like he had this really cool way of spinning. You had all these different components, these pieces, but to put them all together and to create an operation like he did was one of a kind. It was millions of dollars in those days of just bitcoin, and he exited his position. He might still have a little bit, but as far as I know, all that I remember when he got rid of it, but if he would have sold it now, or even at the all time high type thing, it was ten x or 20 x than what it was then. I don't think he has any regrets about it because it was still like a good chunk. But yeah, that was just such an insane coup Dugra the way that he had done because he was using pretty much instead of each element, the driving Internet traffic to things and having this malware on. So it used all of those elements pretty much what Digital Gangster represented, and he packaged them, and he wound up making a good amount of money off of it.

Did you have a lot of what do you call them, users in the yeah, members.

Yeah, yeah, of course.

Did you have a lot of people in there that impressed? Mean, it sounds like that hack that Ryan did impressed?

Oh, yeah, of course. Constantly. And there's one of my friends, Glue Bag. We all have dumb names. His real name is Nate, but Glue, he had come on. There was another form member that played World of Warcraft with him. My other friend told him, like, hey, you should join this board or whatever. And he was just a teenager from Ohio, never coded anything in his life type stuff. And we used to have this it was called Adopt a Noob program, where you'd be designated like, mentor for someone depending on what they wanted to learn. And so Glue really wanted to learn how to program. And I think he was under this dude Audio, and within three months, he'd already blown past kind of what Audio had been teaching him. And he started doing a lot of the affiliate stuff. We had a porn program that was kind of like I didn't really get any cuts of it, but it was a good friend of mine and this other dude that I just sort of let them advertise and have what do you call kind of their support forum was sort of on my board. But Glue just started writing all of the software for the spammers and stuff that would do all this hosting, posting, messaging type, and he was just giving this programs away for free for a while.

And then another one of my buddies picked up on it and was like, dude, this stuff is solid gold. We need to package it up and market it and just do it with my program exclusively. And to this day, he's one of the most insane programmers on planet Earth. Like, hands down. Yeah. And the stuff that he did just because I had worked really closely with him, because he basically kind of worked for me, he was under me in the organizational structure. But the stuff I learned from him even, and I said, I've been coding my whole life, and he's what, like ten years younger than me or a little bit more than that and just mind blowing. Like the stuff that this dude come up with and just the ideas he would have. And it was fun because he would think he invented something. And then I would be like, actually, this is like a huge problem in computer science that has existed. Or this is a really cool solution for it. Or he would just self discover it's, like learning how to make fire. Everybody knows how to do it now, but imagine inventing your own way to make fire and stuff and that's the type of person that wow, you would just somewhat attract some of the people on there to this day.

Just surprised and impressed me. One of the guys who's super big in the bug bounty scene now is world class, but yeah, he came from the forum and just did a lot of business. I don't know, I'm just really proud of everybody. I said Ryan being another shining example of that, that there's a lot of people that took everything that they learned there and applied it correctly in some way that brought fame and fortune and all sorts of stuff.

Can you explain Ryan's hack into the cryptocurrency stuff?

Yeah, it was just that bitcoin mining has to do with if you think about your computer just doing solving Sudoku's or something, I don't want to try to draw the best analogy for it, but there's a well, I'll do the technical. So there's a cryptographic hash. So there's functions that exist in mathematics and cryptography where you input something into the function and then you get something out, but there isn't a way to get it back. It's not bi directional, it's unidirectional. So you insert this garbage and you get this garbage out that even if you alter this data, very little change a bit, like just change a letter, any of that stuff, the output of this function is going to be drastically different than what went in. So there's even small perturbations in the input of the function leads to drastically insane output of a function. And so one of the ways that the way that Bitcoin is mined, like how you get allocated Bitcoin off of the network, is that, depending on the difficulty, you have to find an input that combines the transactions as well as a nonsense value, and you input it into this function.

And you want to get a ton of zeros at the beginning of this output. The more zeros, the less difficult. But it's very hard because it's not deterministic like what you're going to put in here and get out the other end. And so that's the proof of work. That how bitcoin works is basically, unless you found a way to hack mathematics itself, the way that the function operates, you need to go through this process manually. Like, it just has to be done. You have to do an exhaustive search of give me random number versus this block and then you get out this output. There's these pools that exist for mining bitcoin where it's a shared work of a bunch of people. So we could each be mining bitcoin. And so we're both. Solving Sudoku's our computers are doing like a percentage of the work that everybody else is doing. But let's say you and I are in a group of 100 people and we've all contributed a certain amount of computing time towards this effort. But instead of the guy that mined it actually getting all of that money, it goes to the pool and then we all share it as piece of a portion to the amount of work that we did.

So even though you weren't successful in finding that you would still put in x amount of computer hours or whatever, so you should get your piece of the pie as it fits with the entire pool. What Ryan was doing was basically kind of the penny jar type analogy thing where it's like one for you, one for me, where they would be mining bitcoin for themselves but then they would also be doing work for his pool. He's taking a slice of all the work that's being done. So instead of all the computing resources being devoted to your mining operation and what you're doing, there's a slice of it that's kind of cut out and carved out for him. But he had a botnet basically of distributed computers that are all doing this slice. So while everyone else is doing something individually, like, he's got a little piece of everyone's action and it's with that piece of action that when scaled and it goes along. But you could basically just visit this site. And that was the thing, is that before, Java used to just run in your browser without any types of prompts or anything and so it was called a drive by, where again, if you just visited this site so I could put this plugin on one of my porn landers or I could put it on, I could have a game, a flash game running or whatever, where you're just playing Tetris, but I have it running in a little corner.

You can't even see it. And it's basically just cooking your processor, making you mine. Bitcoin interesting. Yeah, that's how that operation kind of worked.

How many computers did this go out to?

Hundreds of thousands at least. But the way he could see that's the thing is it's where that line is drawn that with that same the same technology he could have done different stuff with like he could have taken over people's computers and downloaded all their banking information. The access that this virus Trojan Horse would institute would be the same as any other type of malware. But as I say, he chose to use it to mine cryptocurrency instead of key log you and steal all your passwords and stuff so that it's like the lesser of multiple evils. I guess in his case it is burning some nontrivial amount of power mining coins for him. But yeah, the way that he had done it, it was the nicest way that you could probably get hacked it was a very gentlemanly hack, if you will.

Nice. Do you have something that you did that was a major payout for you? Similar to that?

Yeah. Well, not similar to that, but in the same a lot of what I was able to take advantage of with the marriage of hacking knowledge and then also the marketing stuff is being able to find exploits in site account creation and things like Mean. There was a race condition in Google that I was taking advantage of for a long time because Google has one of the best anti spam filters on the planet. It's called botguard. Mike heard, I think, is who developed it, but the amount of work and research that these things have, like botguard is like one of the toughest. I would say. Technically it runs its own microcode inside a JavaScript virtual machine, but it's a way to detect if people are making automated accounts or just making stupid actions. And if you think about the intelligence network that Google has in usage of its site, it's very easy to identify patterns that exist that human beings are doing versus ones that bots are doing. And so them and facebook obviously has a huge network of being able to detect anomalous behavior. What are human beings doing when they're on Facebook as opposed to an automated program?

Google similarly. And so one of the biggest things obviously is account creation. And I had found a way, like using the path with older android phones, they had a way to basically make accounts without captcha things. And so captcha is just a speed bump in a lot of cases. You can usually send CAPTCHAs over to Bangladesh, and you can pay people pennies to fill out CAPTCHAs and click them and stuff. So they're not really a huge barrier to account creation and stuff. All the bot protections, that's usually how it's done is if it's not done through programmatic, optical character recognition or anything, there's usually a human being that's just getting paid pennies that's playing it like a video game, but finding bypasses and things like that. Where I could defeat capture. There was race conditions where I could create sub accounts off of. Like how Tinder, for instance, if you use a Facebook account to sign up to Tinder. Similarly, like Google has single sign on type stuff that you could do, but there's a period of time before the account gets deleted and detected by botguard that you're able to sign up to sites with that Google single sign on and you get a valid token.

And so even though the account eventually dies, you wind up getting spidered accounts on a bunch of different services and using those to do whatever. But a lot of say, what was lucrative for me is just staying ahead of the technologies that people were trying to institute. Because the cool thing is, when they do change something, like change a rate limiter, they change the way software works, it becomes a new playing field, because everybody that knew the method that was doing it, they're taking advantage of it. Then they change something. Now all of a sudden, all these people can't do it anymore. And so now you're the only one on that site that's able to spam or whatever. It's big with the dating sites because obviously the cam I'm a girl like sign up to my webcam, prove that you're 18 type stuff worked really well. It was lucrative. So those are the types of things that I did. Finding just idiosyncrasies in the way that sites operated to either create accounts or how their protocols worked, what order do things need to be in? What's the timing that they have to be in? How do I emulate a human being as accurately as possible so that way that their detections don't work?

Damn interesting stuff. Well, Bryce, let's take a break. When we come back, we'll get into some of the equipment that you use to hack, and then we'll get into your professional career.

Sounds good.

You want a killer Black Friday? Deal. I've got one for you. A free MotoG. 5g phone from Pure Talk. No gimmicks, no trade in necessary. Just sign up for Pure Talk's, unlimited talk, text, and 15 gig data plan for just $35 and get the MotoG 5G phone for free. But here's the deal. You need to move fast because these phones will be gone by the end of the month. So if your current phone is on life support, upgrade for free with Pure Talk. Enjoy two day battery life, an exceptional quad pixel camera, and a whole lot more. Just go to Puretalk.com Ryan to get this exclusive offer and to select the plan that's right for your family. Remember, Pure Talk gives you America's most dependable 5G network at half the price. So make the switch today. Go to Puretalk.com Ryan to claim your free MotoG 5G phone with a qualifying plan. Again, Puretalk.com Ryan. PureTalk simply smarter wireless. I want to tell you about a product that personally resonates with me as a former longtime dipper in the military, and that's Black Buffalo. You see, when I was in the Seal teams, almost everybody in my platoon dipped tobacco, including myself.

But I'm the leader of my own pack and I wanted to quit, and that's what I did do. And that is why Black Buffalo chewing tobacco alternative really resonates with me. Black Buffalo is a tobacco alternative that does not contain tobacco, leaf or stem. It's everything you love about dip. Nothing you don't, no compromise. It's made here in the USA with only the finest ingredients, like specific varieties of edible green leaves, food grade ingredients, and comes in classic flavors like wintergreen mint, straight peach, and even blood orange. Black Buffalo delivers the same experience as traditional smokeless products. The Black Buffalo herd never compromises taste, value, or quality. Being part of the Black buffalo herd is not about following. It's about charging ahead on a path to keep and honor the ritual. If you're a smokeless tobacco user, give Black Buffalo a try. I'm very confident I'll see you on the trail. Black Buffalo is available for sale online and in thousands of stores across the country, like racetrack here in Tennessee. Head to Blackbuffalo.com to buy or check the store locator. To find a retailer near you, use code Srs@blackbuffalo.com right now and save 15% off your first order black Buffalo.

No compromise. Different leaf, same ritual. Warning this product contains nicotine. Nicotine is an addictive chemical. Black Buffalo products are strictly intended for use by current adult 21 plus consumers of nicotine or tobacco products. All right, Bryce, we're back from a long lunch break, so I think we left off. We were talking about Digital Gangster. Some of the stuff you and Ryan did together dissected his whole cryptocurrency hack and we're getting ready to dive into your professional career. But I know you and Ryan are super close and so I've actually got him on the line.

Beautiful.

Yeah. And so, what was it like? Ryan, you on here?

Yeah, I'm here.

Welcome back to the man.

Hey.

But we were just talking about how you found the forum. Digital Gangster.

Got it. So back in I guess I couldn't even tell you what year it was, but when I was a very young kid, I was on I'm sure you guys have spoken about it already, but AOL Instant Messenger, there was another way of communication back then called IRC, which he can go into detail, if he hasn't already, about. It's a monumental part of both him and I's upbringing in this field. And on AOL Instant Messenger, there were group chats and then individual chats. And somebody introduced me to Digital Gangster as a platform for affiliate marketers and hackers. And I was just getting myself into cybersecurity at that time. Didn't know much about affiliate marketing and found Digital Gangster. And I don't know what it was because I didn't know anything about Bryce. I didn't know anything about the spam game, didn't know anything about any of that at the time. And I just, like I said, fell in love with it. And I learned from everybody there quickly. Bryce and I got along very quickly and got into marketing and using my, I guess, cybersecurity abilities along with the marketing to automate things. Am I allowed to conversate?

Because this is okay? Bryce, did you already talk about what we sold back then?

Naked women.

Right? Well, I was more on the dating website side of things. But there was a combination of all of it when I was a very young teenager and that was where a lot of the money was made. But there was other things we worked on, too. Business opportunities, like get rich quick advertisements. They would pay out ridiculous. They would call it like a cost per click. I'm sorry, I'm getting a brain fart. A pay per sign up PPS and there'd be pay for free sign ups. Did you already explain all this, Bryce?

Yeah, but let me ask another question. So me and Ryan have become pretty good friends in a very short amount of so I asked him about you and he had said that you were one of his mentors. And so what I'm wondering is it sounds like you had millions of people on Digital Gangster.

At least tens of thousands.

Tens of thousands of people on Digital Gangster. What was it that kind of caught your attention with Ryan out of all the people that you had on there?

Just really sharp. And as I said, as I said in the MySpace era, he was a bit of a force to be reckoned with. So there was already some inherent ability for self marketing. I think that Ryan, again, he wouldn't know this external. Like you'd only know this like it's something I don't know if he kind of recognized his own shining type thing, but obviously just naturally kind of understood everything. You can kind of tell when people already they already have that spark or what's needed to position somebody for success. And so those types of people would try to identify fairly quickly again, because the more money you're making with your friends and the collaborative nature of that stuff, it makes it that much more fun to do. And in Ryan's case, again, he was super young when he was kind of engaging all of us and then also just had the mind for it. And that's what I mean. He was eventually an administrator moderator on the forum where he basically was able to ban people and kind of make decisions unilaterally for the good of the board. But yeah, he just started out as like a user, but you can just tell by people's posts and how they interact and stuff if they happen to have what it takes.

So it's a great proving ground. Some people are just shit posters and that's all they do type thing. But Ryan definitely took a huge interest in the holistic picture of how to make money. Online is like a big thing and as I was saying, investigating methods and trying to figure out ways to outsmart like these dating companies or any type of place where you could possibly get your message out. There's a hacking component to that where you have to figure out how to defeat things like rate limiting and IP restrictions and just whatever protections are in place. And the less amount of people that can target a platform successfully, the more money you're going to make because it's basically no one else has the secret sauce to break into that market.

Interesting, Ryan.

Yeah, he couldn't have explained that better.

One more thing I just want to cover with you guys. We already covered Ryan's crypto hack that seems to be pretty ingenious, but Ryan, I'll let you favorite it sounds like all these hacks happen as a group, a lot of them, you guys are working as a collaborative team. So what was your favorite? What was like the first big exciting hack that you were a part of with Digital Gangsters, ryan and then both you guys can tell the story.

Let me try to think of something that people know about. Yeah, give me a second to come up with something because I don't know what you guys already talked about.

Doesn't matter, just go for.

Well, I don't know if this is even public knowledge.

Even better.

Which one the address book situation?

Whose address book?

I don't even want to say it. Then the celebrity Paris. Never mind.

Paris Hilton.

No, not that.

It'S it's not a big deal.

Come on.

I can't do it. I can't.

You can do it.

No, I shouldn't. Let me think.

The audience is dying right now.

I think that the better thing for me to do would be to talk about how we would put together methods, as he said, to bypass certain restrictions. And back in that time, especially in the early days, there weren't as many restrictions for email. So you could inbox a lot easier than you can nowadays. There was a time in my life when I remember most email providers not even having a spam or junk folder. So you could just send literally a million emails, or you can send out on a different, completely different angle. You could send out a hundred thousand text messages with prepaid SIM cards. So there was these things back in the day called GSM modems that you would I had a little dock for mine, and I don't know if Bryce did too, but most of us did. And we would perform not only these mass email campaigns that would send millions and millions of emails out with ads from acai weight loss berries, to dating websites, you name it, we were spamming the crap out of it. And then that progressed into text messages, which are a felony. You're not allowed to spam via text.

It's a serious crime to go to prison for it. And I think there's a specific court there was at that time, there was a specific court in Virginia you'd have to go to for they used to call a spam court back in our and you know, if you got caught for doing something like that luckily I didn't, and we never ended up on that list.

I didn't. Yeah.

What did you say?

I said I didn't either. Yeah. Tallest Blade of Grass is the first to get cut by the lawnmower type thing. So you got to do just enough.

What was it? It was the Roscoe, right?

Yeah. Roxo. Roxo. Roxo.

So luckily we didn't end up on there. And there was, like a Spammer most wanted list. So I guess that was probably my favorite part, because not only was it fun to send out a ridiculous amount of text messages and millions of emails, but not only the process was fun, but making the money, seeing something digital that you did. That is an automated process where you put in your message, you put in your recipients, you press a button, and then you just sit back and refresh your screen, and you just see money accumulating, and you just wait. Like, let's say that program has a net 15 payout in 15 days, you're getting paid out. Some of them had a net one payout, so you get paid out in one day. So even if they don't agree with the methods that you're spamming, maybe it's against their policies to incentivize somebody to sign up for a product or it's against their policies to do text message spamming. If they have a net one payout, you already got paid out. And sometimes that number is pretty large. So I would say outside of the hacking side of things, we still were hacking and we still were a collaborative effort, but that was my main motivator there was making money in this field.

So hacking was a passion for me, but so was marketing and so was making money. So I would say if you had to ask out of all of the attacks that we've done, some that I won't even bring up, I don't even know what Bryce has told you, I hope it's nothing horrible, but that's it definitely spamming and the money that came from it.

How about the first Swatting experience?

Oh, gosh, this is crazy. Do you remember this, Bryce? When I did become administrator, you gave me administrator to the site and there was this guy, which I won't say his name because he doesn't deserve the attention.

Yeah, he doesn't deserve the attention.

Yeah, this guy sucks. And it's not just because of not just because of me. This guy is just over.

Bad human being. Yeah, bad human.

And one of his friends as well is horrible human being. And if they're watching this, they'll know.

Exactly who they are.

They'll be watching, you know they will be.

I hope they are. So back then, he makes the administrator and that gives me pretty much if not the same abilities that he had. So I could do anything. I could put a picture of me on the front page of the website. I have the same permissions that he did. And when that happened, people got upset because the same way people get jealous nowadays of things and become keyboard warriors. That was the same back in the day, but just maybe a little bit more of a jungle back then. And one of those guys, like I said, name Redacted, decided it was a good idea to use what's called an It relay service, which is a service that is for people that have a disability. And you type into a prompt and you say what you want the person on the other end of the phone to hear. So let's say I wanted to call you, Sean, and I use an IP relay service. I'd say, hey, how you doing, Sean? And then I would hit enter, and then a man or woman would be on the phone and repeat what I typed to you through this IP relay service.

So this guy used an IP relay service to call the local police station of where I lived. And he said that there was bombs strapped to my windows, that there was people tied up in chairs, that I already killed some of my family members, that if anyone came in, they were going to get shot, all kinds of this horrible stuff. But he was claiming to be me. So what happened was I remember the exact number. There was 86 law enforcement officers, bomb squad, snipers, police helicopters, you name it, they were there. So what happened was originally they went to the wrong house. They went to my old address, which.

Was like ten houses down the street.

So they were close, but they had my wrong home address. But what happened after that? Because at this point, no one ever heard of Swatting. No one ever knew what it was. So one of the officers knew me, and he said, I know Ryan Montgomery. And he brought all of those officers, the helicopters, everybody, to my current address and then ran down he ran down to where I was staying at that time and was like, Ryan, are you okay? He's freaking out, and I have no clue what's going on. I had no indication this was even going to you know, it all ends up being didn't I didn't get hurt, I didn't get shot. If you think know the dangers there, it was not only the first Swatting to ever happen in the state of Pennsylvania, but it was one of the first to happen in the country. And I still have the news article on my computer. I'm sorry, not news article. I still have the news clip where it says the exact words are, it's a new incident called Swatting. And it goes into explaining what Swatting is and how he used an IP relay service.

And they talk about what happened. They talk about how I got Swatted. But the dangers here are, what if I did walk outside and I made the wrong movement? They've never heard of any incident like this before. And I went and grabbed, put my arms down, or I made any wrong.

Move, I would have been shot.

They were really believing that I had people dead in the house, bombs on the window, they believed it. So this person put my life in jeopardy because I became the administrator of a website.

Holy cow.

It was funny, I was talking about.

That yesterday without me making myself sound, and I think people would agree with me here. He got revenge, just in a more non life what's the word for it?

Threatening.

Yeah, he got his revenge in a non life threatening way, but I definitely got my revenge.

Well, what was it?

I don't want to say that, but just trust me, you will never do that again to me.

Yeah, right on, man. Right on.

Off the record, are you talking about when we were prank calling, like Lawrence Fishburne and Cameron and all that?

No, I'm talking about his mom's social, everything.

His mom's social?

Yeah.

No, I'm talking about the address book thing.

I'm talking about Paris.

Okay. It was.

Yeah, it was Paris Hilton.

Paris Hilton. Yeah, I talked about that already.

We're going to get back to the interview, Ryan. But, hey, man, I appreciate the call, and when's the last time you guys hung out?

A couple of months ago.

Oh, right on.

Yeah. Or last month, I guess. Yeah, last month.

Cool.

Yeah. And someone hit my car, like, two months before that. Yeah, pretty much right after I seen you. I'm sorry. Right after our podcast started to go viral. Sean, we met at a conference called Hack Miami, and someone hit my car out front, which was not fun. But then we seen each other a month after that, and he was performing at an event called Defcon, which is the largest hacking convention in the world. And it was amazing. I mean, I don't know if you're into nerdcore hip hop. Hopefully you become a fan now. He's the best. There is nobody better than whitey cracker when it comes to nerdcore.

We're getting ready to dive into that subject right now. We're going to have to get both you guys on one show at the same but all right, Ryan. Well, thanks again, man. And be safe, and I'll talk to you soon.

Love you, dog.

Awesome. Love you guys.

Peace. Peace. Yeah, that Swatting stuff I had mentioned that some of us would never, ever go there. It's something that we just never, ever do. But the IP relay service that he's talking about, it was set up for deaf people to be able to communicate. It was a service that was run, but you could instant message a screen name, and then they would call you on the other party's behalf. And so the trick was, I said, it used to be Trucking, which is where you'd send the fire department to somebody's house. And so if you're using IP relay as a vector, you'd get on IP relay and you'd say, hey, my phone's inside. I don't have my mobile, but I have my laptop, and I'm still connected to the Internet, and I need to send the fire department to blah, blah, blah, my address or whatever. I'd give them your address and not the real one, or whatever. And then the fire department would show up. But then it became this I said, the next evolution of that was the Swatting stuff where they make a fanciful story about how you're murdering your family or like you said, making bombs or there's definitely drug activity over here or something.

And invariably what will happen is they send just a million officers over to your house and again, they're jumpy because they don't know what to expect in there. And so, yeah, there's been cases, obviously, since it's one of the things that I said, I wouldn't say it originated on Digital Gangster, but the first swatting, I said his was the first Swatting incident in his state, and there was a lot of that. SIM swapping is another technique that is kind of people do it now, but it's where if I walk into your wireless provider and I'm like, I'm Sean Ryan, I lost my phone. I need to set up a new phone and I know some of your details, or let's say I've made a fake ID that has your picture on it or something. Say I lost my wallet, here's my library card. You're dealing with somebody that's making whatever, 15 an hour or whatever. So what they'll do is they'll swap over, they'll port that number to a different phone. And this is like where two factor authentication and stuff breaks down a little bit because if I'm able to take over your phone number, there's a lot of services now that will text your password to your phone or you can reset your password as long as you have that phone.

And so I got SIM swapped. I was at south by Southwest and I was performing, I think it was in 2011, but this same group, this is when this attack was really kind of in its infancy stages, but they hijacked my phone and then they went and stole all my domains that I had had. Now people use it a lot more to steal crypto wallets and bank details and anything that you can reset via a phone. But obviously it's very difficult because you have a very short window. Like you're going to notice that your phone's not working, especially if you're looking at it all the time, but it's really hard to get that back while that attack is going on. There's a lot that can happen in that short amount of time before you're able to get into the At T store or whatever it is to fix it. But Swatting is a huge problem now. Again, it was something that was reserved for your worst enemies back in the day, but now you'll have kids lose on Call of Duty or Fortnite or something, and they're people, so the police departments are a lot more aware of it.

It was funny because basically the police already knew who I was, obviously, because I had eviscerated the local PD. So my name, I don't know, they might have a plaque of me up in every department or something, but no Swatting attempt against me was ever. Successful because the police knew that if that was going on, it was probably a prank call. Yeah, I got lucky.

Is this SIM swap thing, is this still happening all the time?

Yeah, it happens all the time, but as I said, it's a targeted attack. If somebody knows details about you, your phone number, knows your carrier, and you have something that they need to get from you, you can just go into a store or whatever and I'd be like, I got robbed, I lost everything. It's just about being convincing. It's all social engineering, but you're just taking advantage of the fact that, again, this person wants to be helpful and I'm Sean Ryan, as far as they know. But I can basically just steal your number and then depending on what services usually these attacks are really targeted. Like, I know a reason that I want to attack you on my phone. It's notated like just a bunch. There's nothing that would really stop an employee from doing anything. As far as a compensating control, it's in the system itself. But I just know that in my notes, my cell carrier, it's like I have to bring in two forms of ID at a store in order for anybody to do anything with my account. It's just notated like crazy. So I haven't had a SIM swapping event in a while.

I'm sure if some viewer wants to try and ruin my day, test the security of whatever cell phone carrier I'm using, then that's fine. But please don't the hassle. Please don't. Please don't.

Yeah, well, hey, so we pretty much have wrapped up your black hat or very dark gray hat career, but how I would like to wrap it up before moving into your professional career is talk about some of the equipment that you okay, so wherever you want to start.

Yeah. So similarly, I think that Ryan Montgomery Popularized this Mine doesn't have a lot of the funny antennas on top of it, but this has been part of my everyday carry since it came out. Mostly what I use it for though, is friends that live in condominiums or apartment buildings that have fobs. I just copy them so I can break into their houses, with permission, of course. The other thing it'll do is it'll also write them. So usually apartment complexes and condo associations will charge like thirty dollars to one hundred dollars just to have extras. But I can just make extras for my friends and just subvert the whole process. So it's a good thing. This is a prox mark three. It's more of a grown up version of the Flipper, but it deals with near field communication, RFID devices or chips. It has bluetooth power, I think. Is it on here? Yeah, this one. I have the battery attachment that goes onto it, but you can use this to copy hotel keys. It'll read passports. You can use it to pretty much anything I said the same Fobs apartment fobs that the Flipper can access this access.

But this is more of a grown up version of the Flipper. It just has a lot more functionality and extensibility than the Flipper does, it's not?

What can that do that the Flipper cannot do?

So I don't think like for instance, the passport documents and stuff I don't think that the Flipper can do that. There may be a plugin or something that's some sort of firmware modification but as far as I know it doesn't support that. But this I said pretty much any type of wireless access mechanism. The Proxmark for a long time this was the gold standard for all the NFC type said. Copying, writing, dumping, it all came from this was like the device that most of us hackers used in order to do those types of attacks. But it lacks the IR capability and stuff that the Flipper has. I also have this is a hack RF. I said I don't know if Ryan had the porta pack add on onto it but this is just a software defined radio. I think I have some amount of power. I forgot which firmware I'm running on this one too. But this interface, the HackRF itself, this is kind of an add on that bolts into it and it has another case. But when you buy the porta pack then you kind of use this case and this interface. But it does everything from they said it can send and receive ADSB, which is the airplanes.

Like when they go by, they have a beacon that they send obviously to tell air traffic control where they are, where they're positioned. But with a strong enough antenna you could broadcast those types of signals as well. This is a telescopic antenna, but I don't think here within the studio we're going to have enough juice to do anything interesting with it. But if you just think of this like an Am FM radio for all wireless bands. I mean, you could actually listen to Am and FM radio on this if you want, but you could tune to a TV. The analog television signals not digital anymore. I guess you could technically if you had a decoder. But the firmware that's in the porta pack is different than the actual the SDR software defined radio itself is extensible programmatically through like you can use new radio, you can write custom applications that basically interface with this SDR and use it to decode P 25, which is a trunk to radio that police and fire and stuff use. It's encoded poxag which is remember the old school pagers? Sometimes restaurants use those to keep track of where orders are.

So this is basically a listening device.

It's a listening and a transmitting device. So it does both.

What would you transmit?

You could transmit those signals too. Like I could send a pager message. I could hook it up to a microphone and I could transmit, I could do ham radio off of this if I wanted to. You need a stronger antenna and more power, obviously. But yeah, it's determined both for listening and for transmission. Some of them are built like the RTL SDR is just built, it's more of a dongle and it's built just for receiving, but the HackRF is used for both. But anything that goes over that you can't see is all wireless. All that technology is facilitated by some version of the electromagnetic spectrum. I mean, even infrared is just not visible light, but it's the same kind.

Of and this picks all of that up?

Yeah, it's got a very wide spectrum of frequencies that it can basically tune to. This one down here, this is a spectrum analyzer and this is just a battery operated one, but you can see it's just got like I don't know where the camera would be, but you could tune that to, like I said, same thing. Tune it to a radio frequency. You can see where the peaks would be, but that device is just all in one just monitor frequencies.

For somebody like me that has no idea what the hell you're actually talking about, what would you be monitoring with this and why?

Well, let's say you had a wireless protocol that existing like an off public band. The FCC, like in our case, which is our governing body of Federal Communications Commission or whatever, they have certain bands of frequencies that they've allocated for public use. So like the 900 MHz band, like 2.4, these are the things that wireless technologies exist on. But let's say there was a command and control channel that was happening in some low bandwidth frequency, let's say like 800 MHz range or something. And I wanted to attune to that and pull out the data like what was going over it, analyze what type of data that was. I could basically tune to it the same way you tune a radio and dump basically whatever the signals that are going over that frequency. If you're doing a site survey or whatever, and you're looking at why is a frequency busy or not, is there lots of traffic? Because in those bands that I was talking about earlier that are public use, those are shared by all manners of devices like Bluetooth works over 2.4 GHz, but so does wireless. Like WiFi WiFi has in the states, there's a centering on the channel one, channel six, channel eleven, and the bands kind of overlap, but you could just the band width, which is the width of the band, kind of dumb that down.

And let's say you're in 20 MHz or 40 MHz hops and you can actually see like, okay, how much traffic is what's the signal to noise ratio like on this band in and of itself. So you can pull just signals out of there. I said it's just like tuning a radio is the best way I can explain it. Shut that off. The other thing that I think I told you about is the phone that my buddy manufactures. Sorry, but yeah, this phone is an obelisk one. It's by Obsidian Intelligence Group and it's a hardened Android phone that does it has pretty much a lot of functionality that you would get within a laptop just but it's in a phone. It runs a version of Linux, like a penetration testing version of how would I explain that? Because it is Linux, but it's designed for tablets and phones. It's called Andrax. And so you would use this in the same way that you would use Kali Linux. I don't know if you're familiar with that, but it's a distribution that's designed specifically for kind of hacker tasks. But this also supports software defined radio, so it can do some of the similar things that the flipper and the Proxmark and the HackRF do.

But it's obviously a little more stripped down version just because of the phone itself. But this phone is just available. Like when I go anywhere internationally, this is what I use to tether my communications through. It has a static IP address that's associated with it, so it never changes. So I always know kind of what it's like if I want to contact it inbound, I know exactly what it's always going to be, but it works pretty much everywhere I go and I use it to backhaul data. But it's very locked down version of Android and it only supports secure communications. So it's all voiceover IP, there's no regular phone kind of conversation, it's all done signaleesque, there's like three CX and signal on stuff on here, but I just use it. I said when I'm overseas and I want to make sure that I have a secure Internet connection or backhaul, this is my weapon of choice.

What does the single IP address do for you? I don't understand that.

Well, a static IP just doesn't change. So most times an IP address is dynamic, which means it'll rotate or anybody can kind of come in and take the lease and so it's not consistent. There are services that you can use that will every time your IP address changes, it'll automatically map it to a domain. You'll find these no IP services, netgear routers even have a version of this that they offer their customers to where you can get a subdomain or you can set up a domain yourself that just knows to point to that. So you can always type in home seanryanshow.com and you'd always get your home computer or whatever the idea behind that is. Just if you have I connect to my home network through a VPN. I have a VPN that's set up on my home network. So if I ever need to access files or I need to look at what's going on on my computers, do remote desktop stuff, I have to log in through there. But most of the ISPs like cable providers, you're going to have a dynamic IP address that's subject to change. Static IP address again, stays the same all the time no matter what.

So you know what to expect. I mean, I could refresh it if I want to, but that would be something that I would have to initiate myself. Otherwise I get to keep the same one no matter where I go and what I do. So running services off, it like I could actually run because the way that the internet mapping service works is you have a name and then that name points to an address, the same way your home address would be. But again, if you move then you need to point that name towards your new address. Just like a post office forwarding type thing, but with a static IP address it just stays consistent. So it's the same address every time. And you don't need to have it associated with a domain if you don't want to.

So that's just about as close to 100% secure communications as you can get on the civilian market.

There's no outlandish claims that I'll make, that it's unhackable or anything, but just for the sake of brevity, I'll say that the way that this has been stripped down and built from the ground up, there isn't any. Like with Android, a lot of times you'll have a lot of Google threaded in through there and depending on how you might feel about Google or whatever, there's a lot of telemetry that Android phones wind up sending, invariably debugging reasons, whatever. Some of it is just advertising, tracking, that type of stuff. But a lot of that has been stripped out. So this isn't a phone you would use if you usability is not what this phone is after. It's more after security and the slider. The way I always explain it is if every time you left your house you had to unlock seven deadbolts and then lock them up again and then you realize you forgot your wallet inside, well then you got to unlock seven deadbolts and you got to open it. So you do that enough times, it's going to be a hassle. So the compromise becomes one deadbolt. Is that secure enough? I don't know.

That's the compromise that you reach if you want to have a house door lock on it. But with respect to this phone, it's not necessarily for being a social media, running a social media empire or anything like that on. It's completely locked down. There is no Google Play store, so you have to sideload all the applications that you want to use explicitly. And so it's designed more with the security first rather than usability first, which for most consumer devices is a little bit counterintuitive. But again, I've been using it for a couple of years for my rating or whatever. It goes hard. Like I said, I've never had problems with it been to UAE, been to Europe, been to Asia, like all over and said just, it works as intended all the time and I haven't had any problems with it. And said the phone itself is hardened to a little degree. Sometimes you get these things like they call them know, because they're crunchy on the outside and chewy on the inside. This thing tries to be like a jawbreaker. Right on. Yeah, you gotta suck and suck and suck unless you want something to happen.

These are a this is an OMG cable and it's designed by my friend Mike Grover. But he was also a member of Digital Gangster and he had started out in the It world and sort of came on through to computer security and introduced to it through Digital Gangster and he's become an insane hardware hacker. But this is an OEM iPhone cable that you get from Apple itself. I think this one came actually with my AirPods. And then this one is the OMG cable. And within this little piece right here exists a full computer and full wireless radio to basically connect to. And it winds up being a command and control channel for anything that it's plugged into.

So any phone, any computer.

This more works against the computer that it's plugged into. But functionally it still does all of the same things that an iPhone cable does. So it still charges you can still do data transfer over it and everything. It's just that in this little piece right here, there's a ton of system packed into this little plastic M piece here that allows you to connect. You can connect to it wirelessly and then exfiltrate data. You can take control of any machine that stuff is. So if I gave this to you and I said, hey, I need to charge my AirPods really quick, then I can show I could do it right here. But this is where it's very important to be careful with because looks can be deceiving. Oh yeah, this was the NSA has a I don't know how I should show these to the camera.

Yeah, just point the screen towards me.

The NSA was developing utilities like this. This is one of the data sheets that was in a leak. But they were charging $20,000 for these cables. And so now you can just get them as a consumer for less than $200. But the implant, obviously this is the old USBA B connector and within that you basically have this command and control channel that you're able to access wirelessly even though it's plugged into an unassuming system. With Apple keyboards, they charge the same way that the phones do. So if this cable is actually in between a keyboard and a computer, then it will do all the key logging for you. It'll take any key that's been pressed into the keyboard and exfiltrate it over this channel.

How much range does that have? How close would you have to be.

It obviously depends about the topology of the room and stuff as well. But I mean, I could probably be within just within wireless range. So as much as you would think maybe like 50 to 100ft type stuff with clear line of sight through a Faraday cage or something, obviously there's nothing but yeah, that's obviously one of the problems is union.

So basically in the same house?

Same house would work. Yeah, for sure. But again, it functions perfectly as a charger does. So charging my air pods there you can see the orange circle. I cooked a couple of payloads up. I don't know if this is going to be visible.

You can screen record it too and send it.

Oh, I could do that too, yeah. Wait, let me connect to so I just have it named. I have the cable SSID broadcasting as hotel Wi Fi, so it looks inconspicuous. You wouldn't know that it's anything evil.

If you point that just a little towards me.

Sean Ryan has the best podcast on the internet.

Holy shit. Let him know. And then this right here, I said just loading up a website. So what it's doing is it's emulating a keyboard the same way as if I was there typing in front of it, but it's just inconspicuous. It's still charging the AirPods. This payload here will open up a website.

The football season is underway and Believe podcasts are talking about it.

When he went home and went to sleep, Michael Parsons was terrorizing him.

Believe has podcasts covering all 32 professional teams and many of your favorite college teams too. And to be only producing 15 points a game, that's something that is definitely disheartening. Sideline to sideline, end zone to end zone. As a quarterback, I would expect them to be acting like that. Take the accountability, put that on yourself.

Don'T put it on your teammates.

Search. BL E-A-V. Podcast. Wherever you listen.

Opened up. There you go. I needed to close the other one first, but yeah, easy as pie.

So you're just controlling that entire computer through a phone using strip that's connected to that cable?

Yes, it's set up the same way a wireless network would be set up and it has a web interface and again on engagements and stuff, if you're testing the security of a company. And I somehow I'm able to leave this plugged in a computer or whatever, and I have an employee that's using it to charge our phone. As long as that thing is plugged into that computer, it's basically like having a USB keyboard attached to that computer.

And you can extract whatever you want as well.

Correct. These examples are very low brow type things. That realistically. What I would do is instead of making the computer say something is, I would have it download, I could echo into a script that basically so even air gapped computers, like in a skiff or if they're not connected to a network in any way, I can still manipulate them until they get on a network. There's a payload in the Elite series that I don't have in here, but it can actually do data exfiltration. Once I run a payload on the computer. It can actually do key logging and stuff. And so I can go back and I can exfiltrate it through this cable still. So even if it's an air gap machine, it's never been on the Internet before. I can basically type in the commands that will allow it to store that data for me and then I can zip it back out when I need to. So there's a huge just risk because, again, these things look completely benign, but this is now in the hands of regular human beings. You don't need to be in the CIA to get an OMG cable.

You can buy it as long as supplies last. It's like similar to the Flipper, but it's used more in my line of work. The context is like Red Team engagements where we're testing the physical security of a business, but you can see that there's applications in stalking. If you were an enterprising young lad who was trying to figure something out, it basically has all that utility, but don't recommend using it for those types of activities.

It what else you got? Does that cover it?

I think that covers the toys I.

Got right here, man. You know, I keep saying this, you guys are dangerous.

I think that at a certain age or point or whatever, everyone kind of grows out of the well, most people do. They grow out of the bad aspects of it because it's like the more energy that you dump into negative things, the more negative energy that you kind of get out of it. And so you become a lot more like I was saying back in the day, there'd be, you know, when there'd be fighting on America Online like we're talking about and then turn around and post their home address and stuff that I can't even think of any situation. I mean, you would have to go after my daughter or something like that for me to have that type of angst. I mean, I've seen everything and done everything by this point. But a lot of that sort of that's what's dangerous with a lot of hackers, is when you have that type of power at your fingertips to be able to do things that really are movie worthy and stuff. The same in your line of work that the moment that you can reasonably do these things, it's like the threat of force is just as important as not acting.

On the great power comes great responsibility type thing. And because the field itself is so lucrative in computer security, rather than having to look over my shoulder and wondering if I'm going to get arrested or anything, it's just not really worth it to invest time. And if it doesn't make dollars, it doesn't make sense type thing.

Makes sense. Makes sense to me. Well, let's move into some of your professional career. So I know you're working for a big tech company, one of the biggest in the world, and you are developing cyber weapons.

That is a very sexy way of putting it, but the short answer is yes, but not what you would think. I guess the purpose of these cyberweapons is actually a prophylactic. We're trying to develop cyber weapons or weaponize these exploits and vulnerabilities before somebody who's actually bad gets a chance to do it. But I work mainly in embedded security, device security. So internet of things kind of goes to your home, IP cameras, your thermostats smart homes are everything is smart nowadays. You have toasters that can, washing machines, all that stuff. There's an underpinning. They all share a lot of similar components. And so if you find a bug in one thing, there's a chance that you're going to find a bug in a lot of different things, just how the implementation is. So we do vulnerability research based on what we find interesting selfishly, like look at products that our own company kind of is using, but keep our ear to the streets on anything else that might be emergent. But the objective is to try to protect customers from anybody weaponizing. This before we do type thing, our focus is mainly on what's called zero day vulnerabilities, which is every day that a vulnerability is known.

Then it becomes like a one day, two day, three day, and end day. But zero day vulnerabilities aren't published and no one knows about them. They're completely secret. So it's like discovering a new element or whatever when you find one of these things, because you could be the only person in the world that knows that that vulnerability exists. And so we've found some pretty serious vulnerabilities in software that is used widely throughout the IoT ecosystem. And we've developed patches for them. So not only do we figure out the weapon, but we figure out how to fix against the weapon as well.

Have you ever seen so I get what you're saying. You basically develop the weapon that somebody could utilize against whatever system and then you develop the whatever you want to call it, the antidote.

Yeah, right.

And have you ever developed a cyber weapon and then seen somebody else develop the same cyber weapon, but you already have the antidote for it hasn't happened yet.

In this case, as I said, the research and development it takes to emerge some of these, there's a lot of time and effort that goes into it. And my team is all geniuses and there's some Ven diagram overlap in people's skill sets and understandings, but largely it's a superhero like the Avengers type stuff that they surprise and impress me constantly. But the goal, like I said, the opportunity that we have to. Working so closely with a lot of these products is some of the stuff is open source. So as I said, anybody can look at it and pick it apart and go for it, but how it operates with the rest of the pieces of the system is somewhat important. And so we have products that obviously share all of these components and so we're able to kind of see how they interoperate and then work on something theory, craft but we know how they were built, we know how they were constructed. So there's not much of a need to reverse engineer some pieces of this which shortcuts time considerably. But to date, there isn't anything that we have found that we have noticed was exploited in the wild prior to us discovering it.

That's not to say that it doesn't happen, we don't have any telemetry on it. The cool thing is though is I know a couple of the findings that we have had were super significant, affecting hundreds of millions of devices type thing. And to be able to front run that and get our customers safe and do that is super important. I mean, I use those products in my house, I eat the dog food. I think most of my team does too. And I think that's something that is sort of lost on the public at large is that the people that are actually working on the security for these devices, especially just in my wing of the starship, everyone cares tremendously about privacy, about security, because we're users of this stuff too. So we want to see the best product out there. So it's very important to all of us. We take our jobs very seriously. Just because I think about my grandma or somebody, something happening as a result of a screw up that I probably had the ability to fix at one point. So again, the accountability is there. But it's also just the most interesting stuff just because it really is bleeding edge.

You're finding vulnerabilities and these technologies that are ubiquitous throughout the consumer space.

Yesterday we talked about, I mean, you've been recruited, or maybe not recruited, maybe you apply, I don't know. But you found yourself in yeah, yeah. What were you doing over there?

So the Dubai government, there's a convention called GI SEC that it's kind of like their defcon. They had a CES, like a consumer electronics show that they had a huge security presence as part of that show and then they spun it off to its own show. But they have a security focus conference. But as part of that conference they run a bug bash. The government basically invites they partner with bug bounty programs and they invite a bunch of us hackers to go over there and they give us scopes of systems that we're allowed to attack, basically. And then they pay us bounties based on the severity of the bugs that we find. But. They had us auditing defense contractors and telecoms like things that are very sensitive infrastructure but giving us permission to basically actively penetration test these systems and see if we can find bugs. And they said they pay us out based on the bugs that we find. But one of the coolest things about you can tell how serious their cybersecurities are is as far as the posture, the security posture that they want to take. It's more advanced. I've seen in a lot of other countries is that they're very forward thinking about they know that this is the battleground of the future.

They know what they need to be protecting against the talent that they're flying out to do these types of things is best of the best of the best of the like.

And you're one of them?

Well, like I said, it's like the like there's a lot of people, some people that warm the bench in the NBA they're still better than anybody that played in college but yeah, I don't really consider myself like top top echelon just said just self evaluation. I'll let other people make whatever conclusions they want to but yeah, a lot of companies now do these types of things and governments, UAE's those it's very advanced I would say just the fanfare behind it and how much they are really pushing for security over there.

How many other countries have you been involved in with the Red Cell operations?

Four or five, I guess.

Ever here in the US?

Oh yeah, here in the US.

How do we compare to UAE?

In what way?

In forward thinking.

So it's getting there. I'll say that there used to be a very I don't know how to cautious attitude, I think, towards this type of work. But a few years ago I did a bug bash that was sponsored by the US Air Force and then they had a ton of their assets in scope and again, I would say the tide is changing a lot more. I think the US government's starting to kind of get the idea of how this stuff works. I don't know where they got the inspiration from exactly but the same types of groups of people are also doing again, it's just mercenary work practically so you're doing it obviously if they're on OFAC or some terrorist list then we're not going to work for them. But the mercenary is the best way to put it is that you're hacker for hire.

Well, let me put it this way how would you grade as an overall grade like the US cybersecurity space? Are we a d?

Not to disparage yeah, but C plus there's a huge problem that the United States has and we invented the internet, that's why we have.com and we have Net and number one other country has like Co, UK or whatever we're telephone country number one. You don't have to enter any weird numbers. We're number one on us and canada. When you're dialing our phone numbers, there's a huge concentration of technology. Know, the United States has always been very tech forward in recent years. I think South Korea per capita has the best internet in the world, and that's largely due to their gaming infrastructure. They've taken esports seriously for a really long time. But there's a lot more that you can attack in the United States, if that makes sense. That the systems and the way they're constructed and how they're constructed and there's a website for every division or something that the attack surface is just very large and there's a lot more just exposure than again, the UAE, as an example, has a very small subset of problems compared to what the United States would have infrastructure wise. Gotcha. And I will say that's something that there are things that authoritarian governments, which I mean the UAE would be classified as one, are going to do exceedingly better just because of the bureaucracy, is not as there.

So the trade off that you have for democracy versus autocracy is some things need to be decided in committee here and there's just things get lost in the red tape. But generally if something's a problem in an authoritarian government, they're going to address it very Paradon. But that's, that Churchill saying about democracy is the worst form of government, except all the others. I think he said that. That's how I feel a lot about this. We're victims of our own success in some ways and empires and how they tend to crumble after a little while.

Yeah, I think we might be seeing a little of that happening right now. But you also did a lot of security in the adult industry, correct?

Oh yeah, there was a lot of crossover. I was the head of security for Grindr for a while, and it's a gay dating site, but there's a lot of weird problems that so Grindr. One of the things about it is it was designed so that way, if you walked into a bar, a straight bar, traditionally, then it would tell you that there is another gay man in proximity to you within a certain radius. So the utility of the program all exists in a proximity sense, and as you can imagine, that comes with certain safety risks as well. Because if I was targeting homosexuals, I could just do it via that application. No, I can say like, oh, within 20ft there's a person here. So there's a huge trade off in Usability because we developed these geo boxes, basically bake like the old school maps, how they had like a squares and you'd be like, oh, Franklin is at three five, or whatever, or a five. There's an algorithm to box the world out in the same way. And you can change the resolution up to you can go down it's called a geo hash, but you can go down to inches, centimeters, whatever, macro, micro to macro yeah, but we found, usability wise, that whenever we would make this bounding box a little bit too big, the customers would complain about the usability.

Like, I can't even use this app because it's not doing what I told it to. And so it's a very interesting case study in what the users want and what a security person you would actually recommend in this case, because Tinder had a huge problem with this, with stalkers and what's called Trilateration programmatically. If I emulated a phone, I can make it so that way my location is jumping around. And so if I am 20ft from somebody at this point, and I'm 15ft from them at this point, and I'm 10ft from them at this point, you're kind of able to zero in on Triangulated. Yeah, I think trilateration is the nomenclature for that methodology. But there was a lot of countries that Grinder operated in where those features were completely disabled because it's just illegal to be gay. There was the death penalty just for being gay. It's insane. In those countries, we had nonprofit organizations that were boots on the ground that were going and kind of promoting different safety. Like, don't show your face, meet in public places, just a lot of meat space type protections. But you had government agencies trying to entrap users of Grindr by emulating other gay people on the site, and they were talking, so they would converse with you, and then they'd meet you, and then they'd arrest you type stuff.

So it became this huge human safety issue that was really intense because their lives are at stake. And I'm traditional libertarian guy, do what you want, I don't care. Have fun. If it doesn't bother me, you're not infringing on me, then I don't give a shit what people do with their lives. And so just with that ethos, kind of carrying that into that sphere, it was just nuts. The real world stakes, I think the lives were in danger, and so something that we worked really hard to prevent, but then it was bought out by a Chinese company, and they released pretty much most of the staff that cared at one point. And what was nuts. I think I was only kept around for compliance reasons in some senses, but all of that data technically belonged to the company that bought them. Know, most agencies or organizations within China, state owned, and so who knows? I don't know to what extent, but they did buy the data. But there's a chance that they were looking for Senators Dick Pics and whatever else they could find in there and data mining it, which is high possibility, but there was nothing I could really do about it as far as from my position.

But they wound up eventually getting rid of me. And then the US government stepped in and actually forced them to sell to a US company because of the national security risk. It was very strange.

Is it a little late?

It was a little we'd like to.

Buy all that data back.

Yeah.

Okay.

Chats out of the bag. So maybe the data is a few years old, but that was one of.

The weirdest are we being serious here?

We're being serious here.

They sold the data, and then the US. Government bought the data back thinking that they didn't make a copy.

No, the US government basically forced the company was called Kunlun. They forced them to sell back to an American based company. It was a forced sale. And I forget there was some act that they had. We can edit this part out. The CFIUS, the committee on foreign investment in the United States, informed Kunloon that its ownership of Grindr was a national security didn't. So Kunloon didn't submit its acquisition of Grindr for review. And so then they basically unwound the sale. But I said by that time, they had access to everything if they wanted to. And you can imagine the amount of compromise that's in. I mean, there's a lot of people that are in the closet till this day that don't admit that they're gay and they're keeping on the down low and stuff. I know that Grindr was frequented by politicians and celebrities and stuff that probably wouldn't want that information to be out there, but yeah, all that data basically went somewhere to where we couldn't control it.

Interesting. Wow. I'm really curious. How do you get recruited? I mean, you're at a very prevalent top tech company. Currently, you've been an advisor for four to five foreign governments, including our own. You have worked for the adult industry, grindr app. I mean, these are like pretty high profile, extensive jobs. Are you getting recruited? Do you apply to them? How does this work?

I'm pretty much all inbound.

You're a high school dropout.

Yeah.

No degree has been arrested for defacing NASA. Yeah. And these people are going, we want you to perform red cell operations on our company, on our government, on our applications, obviously extremely sensitive and or classified data. How does this you're asking a black hat hacker to do penetration testing and red cell operations on governments, on super high profile tech companies.

As I said, I think that the maturity level has a lot to do with it. There's a lot of things I did well. I mean, I wouldn't say that even in my mid 20s or whatever, I probably wasn't washing my hands completely clean, and there was always some thread of whatever, but my own moral code and stuff. People can always rely on me, and I've always been very matter of fact, and I never stabbed anybody in the back. I have a very good reputation, and I have a tattoo of a green hat on my wrist that me and my buddy got in China. This means something completely different. But remember we were talking about white hat, black hat hacker that we've always been green hats. Like, we just do it for the money. I don't care who you are, Salam bin Laden, I don't care. You got the money's. Right? But in realistic terms, we all have these codes of honor that we just don't violate for that perspective. The challenge is what's fun. But it's like same thing as Oppenheimer developing this weapon that again, causes mass destruction. It's been something that's huge in the obviously it wasn't just him, but it's in the Zeitgeist.

So I guess I'll mention it. But yeah, on the one hand, you're using this weapon to end suffering in a war, but at what cost? You're like, radiating two cities as a result of it. So there's always kind of these trade offs in a sense, but I've always been really trustworthy, I think is one.

Of the things that I'm not calling you a bad person by any means, but if I had your background and I was applying to CIA, I'm not getting in. No way. They're not going to give me the clearance, they're not going to give me the access. They're just not going to do you're at that level.

Yeah, but this is the problem, and I think this is like mean, there was an article I read a few years ago about how the FBI was maybe thinking about lowering, like allowing people that smoked weed if they were hackers to join. And what's crazy is you're going to find a lot more people like me that are willing again, I'm insanely patriotic. I've been around the world. I love this country. For all of its faults. I still haven't been anywhere else that I love more than this place. So if I was ever called to Cyber Battle or whatever, I know what team I'm associating with. But would they even take me? That's a great question. And I think that that's a misconception that some people in power probably have is, oh, that person can't be trusted or because of their past, they're not going to be good. But it's very short sighted because if anything, the people that are behaving in that way or know that way or they're thinking adversarially at all times and so your mind just works differently. Obviously, if I'm outsmarting government employees as a teenager and then still doing it now say something about the system.

Yeah. So are they recruiting you or are you applying?

I've been recruited for they said I did my own entrepreneur thing for a really long time and then the Grindr thing kind of brought me out of semi retirement and it was just so much fun. And then the company I work for now, it's amazing because the tech I work with is just bleeding edge. The budgets are insane, and there's nothing I could do in the entrepreneurial space that would even compare to what the type of things I can do and have access to and leverage for with the company I work for now.

Did they recruit you?

They did, because they were having some issues with account takeovers and stuff, and that's something that I happen to know pretty well.

How did they find you, do you ask?

Well, I'm pretty well known in the computer security.

I see that. I don't know. I don't think there's very many of you guys out there that have a completely clean background, but I mean, just going down the mean, you deface NASA, the FFA, the DCAA, NATO, colorado Springs Police Department, texas Department of Public Safety, honda, Nissan, at and T, paris Hilton, miley Cyrus Digital Gangsters Forum. I mean, you've got quite the pest. Stabbed in the neck at 17 for stealing. You know what I mean? It's just interesting to me that you're the guy we want running our cybersecurity.

I agree.

But at the same time, you're the guy would run in my cybersecurity. So it's interesting.

I don't really get it at all. My hero, I told you before, is Ben Franklin. People like that don't exist so much anymore, where you try to be an expert at a bunch of different disciplines and study different subjects and try to be a student of the world in some senses, and you wind up having these multiple lives and multiple careers. I don't know what I'm going to be doing in ten years if I'm going to give this type of stuff up, but everything that I've learned up until now has made me really effective, especially from a leadership perspective. I've just seen things that other people haven't in the space, and so the younger people that are coming up now, I said it's a lot less geared. There's just too many opportunities now to make money at this that aren't criminally related. That's not to say that it's not happening insanely, especially in other countries, but that for the most part, there's a path to green now that doesn't require you to hack the government. Whereas back in the day, I think there kind of was. So for me, I couldn't have gotten a college degree in cybersecurity.

It just didn't exist. But now you can pretty much go to a junior college, any community college now, they probably have some sort of cybersecurity offering, so it's a little bit different. Like the school, there wasn't anything before it, and now it exists, and it's a profession and stuff. So I'm just thankful that they look past all that stuff and they notice that, I mean, well, I'm not a terrible person.

We talked about this last night, but I wish we could just say the name. But when the tech company, the current one that you're running red Cell operations for and developing cyber weapons, they give you what sounds like a hell of a deal.

Oh, yeah.

We haven't even gotten into your music career yet, but you're still going to other countries, you're going to all these conventions. You still have your music, your music career, and they allowed you to build your own team. Correct?

I build two teams there.

How many team members do you have?

15, I think.

15. So what are you looking for when they asked you to build a team? Who are you looking for?

Eclectic mix, because if you get a bunch of people that think exactly like you, then you're not going to get sycophantic. Yes. Men, yes. Women that don't offer anything. But the biggest thing that I look for when identifying talent is that what I was discussing with Orion, there's a certain shining, like a passion that you can tell when people really, really care about something, as opposed to they're just showing up for a paycheck. Not that there's anything wrong with people showing up for a paycheck, but that this work. And maybe I said this, it's somewhat subjective, but it's very easy to be passionate about this type of stuff. I don't know what your feelings on the military are, but I'm sure you felt a bit of a calling in some senses and then found out you're good at it and then you're passionate about it. There's always some parts of jobs that we don't like, but again, I think you're just called to do something, in a sense, and that shows in your work. And so a lot of the reason that I'm allowed to do all those things and move around and do the music and evangelize across, travel to different countries and do this stuff is because as a recruitment tool, if there's one thing that I've proven consistently, it's the ability to identify and develop talent.

And that's something that I think a lot of companies are really interested in. And as far as my team goes, they're all super brilliant, super dedicated, super amazing. Just awesome, awesome people. And when you're able to construct a group like that from the ground up, I've had no attrition on my teams either, which is really awesome. So, yeah, it's important to me to find people. I don't care what their background is, if it's academic or if it's self taught, but you have to just show a bit of a love for the game.

Are a lot of these former colleagues of yours or former friends from digital gangster days?

There's a couple from that. There's a few of them that were friends prior to this, but even the ones that some of them were fans of my music and knew of me, but I didn't know of them. Others were just cold coming in because I'm all about opportunity. And in that sense, I don't think that it should be complete nepotism all around. Nepotism is fun, but not all the time. But yeah, it's a wide mix, but just being able to identify and it's a very diverse group of people, too. Races, genders, like, whatever. So we've been good on checking those boxes, but yeah, there's a certain passion I just can sniff out in people. And if it's not there, I find out kind of how everybody's interested in something. And so there's a way to kind of always peel and turn computer security in a way that interesting to people. And if there was one superpower or something like that that I would say that I have, that's probably it. It's just the ability to identify and cultivate talent.

Well, thanks for sharing that.

Thanks.

Let's take a quick break, and when we come back, we'll get into some current events, what you think we need to be concerned about, and then we'll get into your music career. And that'll be a wrap.

Let's do it.

I want to give a big thank you out right now to all the Vigilance Elite patrons out there that are watching the show right now. Just want to say thank you guys. You are our top supporters and you're what makes this show actually happen if you're not on Vigilance lead. Patreon, I want to tell you a little bit about what's going on in there. So we do a little bit of everything. There's plenty of behind the scenes content from the actual Sean Ryan show. On top of that, basically what I do is I take a lot of the questions that I get from you guys or the patrons, and then I turn them into videos. So right now, there's a lot of concern about self defense, home defense, crimes on the rise all throughout the country, actually all throughout the world. And so we talk about everything from how to prep your home, how to clear your home, how to get familiar with a firearm, both rifle and pistol for beginners and advanced. We talk about mindset. We talk about defensive driving. We have an end of the month live chat that I'm on at the end of every month where we can talk about whatever topics you guys have.

It's actually done on Zoom. You might enjoy it, check it out. And if Zoom is not your thing or you don't like live chats, like I said, there's a library of well over 100 videos on where to start with prepping all the firearm stuff. Pretty much anything you can think of that's on there. So anyways, go to www.patreon.com Vigilance Elite or just go in the link in the description. It'll take you right there. And if you don't want to and you just want to continue to watch the show, that's fine too. I appreciate it.

Either way.

Love you all. Let's get back to the show. Thank you. All right, Bryce, we're back from another break.

Another break.

I think we're going to go to 7 hours.

That would be insane.

7 hours, right. But I wanted to talk to you about some current events, some stuff that we should be having, some stuff that we should have our attention on, some stuff we should be concerned about, hopefully some positive stuff too. But first thing I've got is us. Government vulnerabilities. When it comes to cybersecurity, what are some of the top things that you think we need to be concerned about?

I think that a lot of the what's called FUD fear, uncertainty and doubt. I don't know if you've ever heard that term before. It percolates in the media about our infrastructure like power grid and utilities, water purification, those types of things not necessarily have to do with the government themselves, but many of the systems that run our infrastructure are very custom. There's a gentleman that works for me now that he formerly worked for this company, and their entire mission statement was securing all of this kind of these types of systems, SCADA systems. And it's insane just the amount of the horror stories that you hear. Again, everyone's trying their best, but the attack surface is just so large. And then some of these systems that are employed to do this there's a concept called security through obscurity, and it's something that is always considered not a best practice, but just by making something hard to decipher or hard to work on, it technically makes it secure because not as many people know about it. But on the flip side of that coin, not enough people know how to fix it and remediate those problems either.

So you wind up in this sort of nebulous area that is very hard to nail down how exactly you improve these types of systems, but that's kind of where I see the potential collapse of society in some senses. A lot of people don't know how I mean, I was a Cub Scout. I still know how to make a fire with sticks, and I know how to hunt food and feel dress, how to skin a deer, those types of skin. Thanks, dad. But a lot of times I think that a lot of people would just not know what to do with themselves if there was a power outage that lasted.

It's very funny you mentioned this because I had an entire interview on the subject on the power grid. I'd always heard from my previous career as a Seal and mean it's contingencies, contingencies. What if this happens? What if this happens? What if this happens? I didn't realize how vulnerable the US. Power grid actually is.

Oh, it's.

You know, I learned a ton from that interview, but I didn't know that a lot of our transformers, a lot of our power grid equipment is made in China, which I guess I just assumed that because pretty much everything's made in China. But there is no law that forces the power companies. I can't remember I think there's seven major power companies in the US. Don't quote me on that. But there's no law forcing these companies to do some type of an inspection on the equipment that they're importing from China to put into our power grid looking for malware Trojan horses or mean the way that I understood it is basically all they need to do is push a button.

Yeah, I don't want to be alarmist but there is because I think about people that go vegan and then that seems to be somewhat easy. But as a thought exercise I've asked my friends do you think you could go China free? Is there a way that you could live your life and not ingest any know? And if you just look around there's so much stuff that's manufactured over there and it's part of, I think, the chips act. I think Biden's just recently signed in know, to get a lot more of that. Manufacturing of the silicon back here in the States is super important because from a supply chain aspect if you don't have that whole control from seed to sale you could introduce hardware based vulnerabilities that you can't patch with software because it just exists within the chip itself and with a deliberate attack. Part of it you have to look at it from a consumer market standpoint is it worth it? The juice has to be worth the squeeze in that sense. A lot of squeezing but if there's one manufacturing plant or something like that that went rogue you might have some impact there.

But if there was a concerted effort to make devices that were absolutely nefarious the moment you blow that is the moment the trust gets eroded. But all you need maybe is that one burst of this manufacturing these things. Part of it I think is just kept in check because of capitalism and economics but who knows how long that if you're making some sort of longitudinal effort to undermine a nation then obviously the stakes do become worth it. But the brittleness of a lot of our utility systems and again, I have very little experience myself. There's some systems I've played with and some protocols I've messed around with reversing so I'm just again parroting what other experts and stuff have told me on it. But it is pretty scary. Again, sometimes in reverse engineering these systems you become the expert on them just because even the people that have designed it are so disparate and how it's cobbled together. Maybe people don't understand the gestalt they have all their little constituent pieces sort of figured out but then how they work as a whole is a completely different animal. So just knowing that, it's obviously scary.

But do I think you could take down the entire US power grid in one fell swoop without an EMP level event? I don't think that there is because even things like solar flares impact how we adjust power usage because we have to be concerned about solar flares and stuff. There's all sorts of things from space that make you've really researched this. Oh yeah. But again, I wouldn't consider myself a field expert and I have no doctorate in this and I've never hacked a power grid myself but. I just know the pieces of the puzzle in a sense, of how these control systems work and operate. And some of them are, you know.

A hell of a lot more than most people. I would hope. So, on a scale of one to ten, how concerned are you of the vulnerability of our power grid from being hacked?

Probably seven, eight. I mean, it's up there. Just recently there was those maniacs. I think it was in the Pacific Northwest, like we're winning with guns.

I believe that was in North Carolina.

Oh, it was in North Carolina. Then I could be wrong, you could be right. I said maybe it's happening everywhere and we're just kidding. But yeah, I know that there have been even just know, I don't even know if the nature of what they are, if they're just kind of domestic terrorist cells or whatever. But a lot of these systems, like part of it, we had this legendary attack against Iranian's nuclear weapons program called Stuxnet. I don't know if you're familiar with that, but it was a joint Israeli US operation and we were able to get malware in their enrichment plants that it set their nuclear program back a number of years because it basically made the centrifuge spin faster. So I don't remember the particulars of it, but it was a very benign, small change. And these systems, they weren't connected to the Internet in any way. They're air gapped and so they had to infiltrate, get somebody to actually install this stuff on. But in order to build something like that, you need to kind of be able to emulate that environment or build a replica. So the way that that attack could be orchestrated, it's not something that a teenager could probably do in their basement because they just wouldn't have access to the parts of that system in order to figure out how to break it.

And so I think that is somewhat said. The advantage of the security through obscurity type thing is that these systems themselves it's not like you can buy a cheap that some just kid can go off the shelf and buy a system that is going to be employed or would be employed in the power grid or the water treatment or anything like that. But it's not above a state level actor to afford these things. It's a rounding error in a budget somewhere. So that's where it becomes this arms race where obviously we are trying to secure our devices and we need to get these things patched. But there's just an engineering backlog that tends to balloon out. It happens in every organization. And so depending on how they're prioritizing those patches, I know that there's things that have been found that do exist that just haven't been patched because there hasn't been a priority for them to be. But again, this happens all throughout the software ecosystem and hardware ecosystem. It's just in these critical systems, there's a whole likelihood of risk. How plausible is it that somebody is going to be able to infiltrate and implant this type of stuff?

But again, it could be this quiet logic bomb that lays dormant and just pops out one day and completely cripples us. And I don't mean to be conspiratorial, it's just that the nature of how a lot of this stuff works. I said there's very few people that know how to work on these systems and there's very few people that know how to hack them. But there's a cross section there that leaves a lot of room for state level actors if one was so inclined to basically, yeah.

I mean, a lot of companies in China are owned by the state and if they're manufacturing our transformers, putting them into our power grid, we don't even have a law that makes these companies check to make sure they're safe. I mean, I think it's a valid concern no matter what.

Yeah, that's insane to me because even the devices, obviously we have manufacturing in Taiwan, mainland China for sure, but we're still doing pretty comprehensive audits on the internals of these things, making sure that nothing got swapped out. And if the firmware that's on it is usually cryptographically signed, so we know that it is what it purports to be, the hashes match. So there can't be any funny business, nothing added into the system that we don't know about but I did not know about. If there's no scrutiny on the transformers and stuff, it seems like very OD that we would treat it that way because most industries are really highly regulated and you would think that would be one avenue where they would do that. So again though, it's just finding like, being able to audit these transformers comprehensively. You may need a transformer to kind of practice on or something. And that could be something that me and the Homies could look at and see if it's what it purports to be. As I said, my only real comfort or security in the situation is China is not necessarily a like, in a lot of ways, we're not at war with them.

There may be some shadow proxy war and obviously there's a lot of designs that they will we've discovered that time and time again. I think statecraft in general, you're going to have these copycats that come out and the cheap Chinese version is a little bit of a trope, but we are giant trade partners with them. The moment that that balance shifts is the moment I see like, maybe there's going to be a lot more that we need to worry about as far as that the build time supply chain stuff comes in. But it does surprise me that there's no scrutiny over whether or not a.

Transformer you're concerned about our water treatment plants as well?

Oh, yeah, like anything that you could I'm just trying to think of what is the creature comforts of the average American. And I think running clean water is something that a lot of us take for granted. The Flint, Michigan thing just kind of showed even where human error or something can botch. I think it was years. I think it's been fixed since 2013, 2015. I don't want to misquote, but I think they're still having issues. But for the most part, the lead problem was solved. But if you look at that at a grand scale, and again, if you just make these minute tweaks in Filtration software, any of the analysis that's going, I mean, you could ensure that particulate is getting through or added or more of this chemical, less of this chemical within the treatment process. And if you're controlling most of the stuff is all computerized. It's not like there's a guy going out there with an eyedropper every five minutes and, you know, checking it, at least as far as I know. A lot of these things, we are just trusting computer systems to do that stuff. And so by entrusting computers with the ability to kind of make these sort of decisions, then I think it becomes a little bit scary because from my perspective, computers are fallible if the right persons are hacking on them.

There's also recent news about China hacking into a lot of government sites. I think they just hacked into the State Department.

Yeah, China's been it's something that open secret type thing that China and Russia, I don't believe their citizens are prosecuted. They can kind of look at the US. As a playground and act individually, and they don't really have much to worry about domestically. Whereas even in America, I think if you get caught hacking, even what we would consider adversaries like, it's still grounds for prosecution from one end. When you're looking at it, they could be building an active case against whoever they're investigating, or the government might already have a foothold in a system, and then you come in and then screw it up. So you're basically ruining however many years of investigation that they've invested in it. So from that perspective, I see why it's a little bit different. But as I said before, the infrastructure of the United States is a lot more robust. And we've been using I mean, there's countries I'm sure that you've been to where running water and power are super luxury and stuff. So, I mean, they wouldn't miss it. But yeah, it's just so much here that we again take for granted being the first world and just kind of as advanced as we are, that we've installed computers in all of our processes to a point where it's just fused into a place where we're not carrying around water tablets and boiling water to purify it or anything.

It's all just done upstream somewhere and then through some pipes to your house type stuff. But China and like, one of the biggest things that's prevalent now has been ransomware campaigns. I don't know if you're familiar with what that is, but it's really crazy because they actually operate much like a regular business does. They're honest. But what they'll do is they will install malware on your computer. Well, one of two things. They'll install malware on your computer that basically encrypts your entire drive with a key that only they know. And then you have to pay a ransom for them to give you that key to unlock it. So if you have, let's say you don't do cloud storage for your show. It's all stored on some hard drive, and then you run this malware or it's delivered to you through some vector, then it'll encrypt all of your videos, all the Sean Ryan Show videos, and you only have one copy of it, let's say. So you're going to want to pay that ransom to get that key to unlock it. And usually they have an expiration date, like they give you like a week or two weeks or three days or something to pay this ransom, or they don't give you the key.

And if they destroy that key, then there's no way that you're going to get that data back. And so pictures of your kids, whatever. But this is leveraged towards healthcare hospital systems. This is leveraged towards financial institutions. Again, where these records where they're able to pivot the network people have onsite backups instead of cold storage, like where it's sitting in a tape drive in some shelf somewhere, they're able to penetrate the whole network and then even the backups become useless. But the interesting thing about the ransomware gangs is, again, they mainly run out of China and Russia, but they will encrypt your data if you pay them the ransom. Some of them even set up customer support lines. And it's nuts. The other ransomware type thing that they'll do is they'll break in and they'll exfiltrate a ton of the data and then they'll threaten to sell it if you don't pay a ransom. If you don't pay, then what they wind up doing is selling it to the highest bidder. And some of these groups, what they'll do is they'll promise that they'll delete the data so they'll only sell one copy of it.

They won't hoard out and give everybody a copy. But there's these organized crime and again, state sponsored gangs that are making millions of dollars just doing this type of work. And it's generally unheard of here in the United States. It's not something that you can really engage in. It's a great lucrative business opportunity. But yeah, we seem to be falling behind in that department.

We had a really interesting conversation at dinner last night about kind of the imbalance between hacking in the US. Versus hacking in China, Russia. I've been saying that I think that warfare is changing. It's changing very rapidly. I think we're seeing, without getting into all the woke BS that's happening I think we're seeing a shift in the military. And I think that the I'm going to get a lot of flak for saying this, but I think that guys like myself, former Seals, Green, just.

On.

The ground, special operations operators, I think that we're becoming obsolete and that tech is taking over the battlefield. I think cybersecurity or cyber warfare is going to be we're already seeing it. I mean, just the progression from the wars that we've been in over in Afghanistan, Syria, Yemen, Pakistan, Iraq, all these places you've saw AC 130, Specter gunships turn into drones, turn into unmanned drones. And just the tech that I saw at the beginning when I first started, I think I went to think my first time in a war zone was in 2005. And to watch it, how it developed into 2015, when I left, I didn't even recognize it wasn't even the same. Um, anyways, what I'm getting at is this cyber warfare stuff is becoming more and more and more real. And the way you were describing how China and Russia does it versus the mean, that's pretty alarming. And then the military conference that you just sat through where they were recruiting hackers for the US. Army and they were talking about numbers, I mean, just go into all of.

The cool thing is, I would really like it if warfare was just conducted by robots because then none of your friends would die in battle. You basically just have a ton of junk that's just firing stuff at each other. And the stakes, obviously, in cyber war, when you're attacking nuclear power plants or any of that type of stuff, if you're not making them melt down and irradiating human population, there's probably somewhat of an advantage to having UAVs and countermeasures against UAVs and fighting each other. Because then again, it's just people probably just handling joysticks or artificial intelligence doing the fighting. So it may be another mature form of warfare in a sense, but where the human cost is lessened, probably not the way it's going to go. There's always, like these civilian casualties that happen, and I don't think that soldiers are going to go away in that sense.

But let me rephrase this. What I was really getting at was how hacking is becoming so relevant in today's warfare.

Yeah. So what I was getting into is that a lot of the equipment, even, that operators are taking in with smart HUDs and, like, how helicopters, they can fly, like, pretty much where you're looking, and the gunner can just kind of look and the gun points to where they're looking. Everything is so warfare, so technology based now that inherently the ability to control. And if you're able to hack those systems, like I said, even in the supply chain or Saboteur or remotely, because all this stuff, the drones and everything have to be controlled somewhere. And wireless communications, that's what's nuts is wide spectrum jamming will always work. Like you can do things like frequency shift, keying and spectrum hopping and stuff, but realistically, if you don't have a wire like the Tow missile attached to the actual thing itself that's feeding it any type of telemetry or instructions, then it's going to be subject to some sort of electronic warfare. And part of the problem is that in that the way that we've traditionally know our hackers hasn't been favorable. Whereas just a trend I noticed, like we said with China and Russia, they're basically able to use the United States as a playing ground and they don't suffer any consequences for it.

And so they're learning against the best systems, they're sharpening against the Wetstone of America and the systems that we have. And meanwhile, I don't think we are practicing in the same way against them. It's asymmetric as far as how these things are getting handled. When it comes down to it though, what's really strange is that hackers themselves, we don't really exist without with borders. A lot of us don't really think of ourselves as part of a country. Again, it's kind of like soccer or football or something like that. We're part of a team like we are, but in a sense we all are in the same league. There's these rivalries that maybe they don't bubble up so much. I said, within the hacker community, there's russian friends of mine, I have chinese friends of mine type things. And I don't think we really see it as there's animosity, but in the event of if a full scale war broke out, we all kind of know said, like the olympics, you kind of know which country you're going to be fighting for type thing. But again, the development of the skill set and we have very good hackers here domestically but internationally.

I said amongst our allies I also see strong hackers, but there's just more of a I think, what do you say, predisposition or encouragement, I would say over there for adversarial mindset and thinking and doing these scams and stuff that's present in Russia and China that we don't have that in our DNA the same way. And so there's a certain way that they're doing things that I just don't think we can replicate without a complete paradigm shift in how we treat computer security, how we educate on computer security. Because they just have even their hobbyists are of a they're employing way more personnel in their military than we are. We have contractors and stuff to back it up. But as you mentioned, I don't know if my figures are correct, but there was an army recruiter that had come to talk at this hacker convention and was just basically begging like please come to the military if you think you can hack or want to hack for the military. And just looking at the numbers, I said I think it was around 1500. I think they had like 1000 enlisted and 500 officer corps in the Army Cyber group, and that's abysmally low.

If you think about the amount of coverage that we would have to have.

I mean, you were saying the tech company that employs you currently has way.

Over way more, and that's a private 1500 yeah, hackers. So, I mean, again, across Space Force, Air Force, Navy, Marines, army branches, I don't know what the total tally of cyber operators is, but the other thing that is crazy is that the private sector is insanely more lucrative than government work. I make insane amounts of money where I work, and the financial incentive in the military, I'm sure you know, is not super great. So that's the other kind of barrier to entry a little bit is that the talent isn't necessarily going to be drawn naturally unless you have a super sense of duty or something to go into the military to do this type of work. But as I said, if the gauntlet was thrown down and it was called up, I'm fighting for America, I'm going to do my part.

I mean, it just seems very mean to get to your level in this country. You have to do it illegally, it seems like means you have to be looking over your shoulder, you know you're doing something wrong. Whereas in Russia and China, it's encouraged, it's encouraged to hack into our and so, you know, when you have an imbalance like mean, how far behind are we?

It's significant. One of the things that's changed the landscape is that because of bug bounty programs that exist now, which is companies and governments. It's what we like was talking about for the US air Force and Dubai, these types of things where you'll get paid for these vulnerabilities that you find. And based on the criticality of the Bug, you get a certain bounty and award that with the emergence of the Bug bounty programs, you see a lot more. That's real world hacking that's actually happening that people are getting compensated for. And so there's now more of a financial incentive to go the right path. And you're also subject to safe harbor laws, so they agree not to prosecute you. Whatever you're hacking and you find as long as you're doing it in good faith, they won't prosecute you. So back in the day, there was none of that. If you wanted to figure out how system worked, you basically just had to break the law. But now we've gotten to a point where a hacker can actually hack real world systems and then get paid for it. And the Americans that I know that are engaged in this are among the best of the best.

So I know individually, if there was a hacker Olympics, we could probably we'll be taking silver at worst. We still have enough skills in our thing, but it's just morris that the attitude and the trajectory of the way that they've architected their programs, they have legitimized and formed businesses. We call them apt groups, advanced Persistent Threat groups. And they're enumerated, but they'll have office buildings, people show up to work and they're actually just criminal organizations that do nothing but hack us. And some are state sponsored, some are private in a sense, but probably have some kind of attachment to some state apparatus. And it's fascinating to me because I don't think we have an analog here in America so much where you can't just set up some sort of cottage hacker industry and then you just get a blank check to hack the foreign governments. At least if it exists. I've never heard of it.

What are you most concerned about when it comes to China, Russia versus us? Is it the number of hackers that they have on their roster or is it the skills that the hackers have on their roster?

It's a little bit of both, that it's more the culture and how it like they're just ahead of us. A lot of it in how they manifested their computer security programs, their aggression. Yeah, their aggression, how they carry these things out. They're SOPs they've codified this industry a lot better than I think we have. So when it comes to actually fighting a cyber war or something, I don't know how equipped we are just because our side hasn't been cutting our teeth the same way that theirs has. It's like we're playing the same game, but by different rule sets or something. Which is unfortunate. But saying that again, I think that when push comes to shove, the elite hackers that I do know that are at least our ally countries, or that we have, that the talent pool is still really impressive on our side. So I'm not really too concerned that we're going to get it's more outgunned. I think just overwhelming overwhelmed by the amount of attack surface we have and the types of things that they can attack versus the types of stuff that we could attack.

It's very interesting just to hear you say that about the rules, because I will say one thing. This country, one thing I've learned about from being a war is the United States is I don't know why we do it, but we handicap ourselves. We put these stipulations on ourselves. And I mean, you see it in hand to hand combat or just no eye rules of engagement, you know what I mean? And you can't shoot them unless they're shooting at you. If they drop their weapon, you can't shoot at them. And then they're literally decapitating us if we get captured cutting our heads off on camera. We put these stipulations on ourselves in war and now here we are, cyber warfare. Same exact thing. We're handicapping ourselves. We're putting these ridiculous stipulations on our own people when our adversaries have zero and we're just handicapping us.

It's like Geneva Convention type stuff that I mean, that works in civilized warfare. I guess with countries that are respecting some amount of rules. But yeah, I think people think there's nobility in it or something.

We're our own worst enemy.

But yeah, you're not keeping up with the time. And I don't advocate, obviously, like the wholesale murder of civilians or any of that stuff. I mean, that's something that I think that I don't either. Right.

But you know what I mean, if you're going to handicap your people when we're literally being dismembered, having our heads cut off.

Got to fight fire with.

Have got to go.

Yeah. And you have ununiformed combatants and stuff. I mean, you're fighting these are the types of like, that's guerrilla warfare in a nutshell.

All I'm saying though, is it's bleeding over. It's bleeding over into this stuff now too. And it's, oh, we play by a different set of rules. We like to handicap ourselves. We're going to make it tougher on ourselves here. These people are getting ready to take us over.

Oh, yeah.

And we're playing by this ridiculous set of rules.

And I don't think what's OD is I said in the cyber world, the stakes are a little bit different depending on the crimes and everything like that, but it doesn't carry the same interpersonal risk that warfare even does. So I would think maybe not, but.

If they hit our power grid, you're going to see a hell of a lot more people die of that than the amount of people we killed in more, for sure.

No, 100%. Yeah, hopefully. That's one thing I would like to see just shifted. They do need to, as you were talking about earlier, the kind of restrictions on becoming an operative or whatever. I understand if you're deeply in debt and you're a drug addict or something, they don't want you having a clearance. They don't know if you're going to sell nuclear secrets for a bag of coke or whatever. But at the same time, in the cyber world or whatever, a lot of the characters that have these crazy personality flaws are exactly the types of people that you would want on your side, fighting in the cyber trenches type thing. So a lot of that stuff I think, should be looked at through a lens of, sure, there's a cool, calm composure that you definitely want to have somebody have in battle, but behind a keyboard, you might be able to relax those restrictions a little bit just to make sure this shit happens.

Let's move into deep fakes AI stuff.

That's a crazy topic. There's an album that I finished that I just didn't release. It was a prequel to another album that I had done, but it's all about the proliferation of Deep fakes. And I said I'd finished it a few years ago. And it's really weird because a lot of the things that have come out since then were stuff I was talking about. But what's crazy is there's so much media over, even just regular people now, just everyone's TikTok reels or Instagram reels and TikToks and YouTube videos and just even your normal average person is going to have a ton of material out there about themselves. And that the maturity of these models and the ability to, on your own home computer basically create these pretty convincing deep fakes. Some are better than others, obviously, but the technology is only going to get better and it's going to get to the point, listen, you and I are similar age. So when you're going to get picked up by a stranger at school and then your parents have a password that they have to tell the school or you to know that you're supposed to get in this car and leave with them that it's going to get to the point where we're going to have to start having meet space passwords because it's already started where scammers are doing FaceTime calls with people.

Like I could call you as your wife and just say like, hey, I need you to send $200 PayPal to this address or I need you to wire me this money, or just completely nonchalant, but in her voice, with her face. And if there's no kind of secondary authentication of who that person is, then it'd be totally convincing to you. And this technology, I said it's in the consumer space now to a point where people with a decent enough graphics card can train these models. So we're just getting to a point where what you see isn't what you seeing isn't believing anymore so much. There's a lot of things that have been memeified, like with Joe Rogan and the Presidents and stuff. I don't know if you've seen those kind of jokey TikToks and stuff floating around, but it'll be like Trump and Elon Musk and Joe Rogan playing a video game, but they've just made up fake dialog with all of their voices and stuff. And these are things that are being joked about now. But that it's real. It's real. Yeah. And the moment it becomes weaponized against common people, which I said it already started to be, it's going to be nuts.

But the thing that I find how.

Deep does this go? Like how convincing could a deep fake be? Run me through a scenario well, where it would just be perfectly done.

If I had enough. If you think about all the interviews that you've done and shots of angles of you that I could train a model based on you and then have you map to my face and then I can emulate a camera programmatically and then just kind of intercepting the image. It's the same way that Instagram and Snapchat filters work, like where they can just overlay stars on your eyes or make you look younger or whatever. But again, if I had to call somebody, one of your relatives, or if I had to call your bank or anything and just. Pretend to be you depending on the information that's available about you. It's like this combination of social engineering plus technology that I just basically become. So the implications of that are if I wanted to say that I'm being held for ransom, like, Sean, I need you to send money or I need you to come to this place and come and get me. Your imagination is the limit of this. So it's going to be very important for us as people to have like said secondary passwords or things that you'd have to ask them what's something that only this person would know about that I've never told anybody else.

But the DNA thing is weird because their services like 23 ANDME that do the genetic testing to see what your lineage is. But I remember reading an article not too long ago about being able to reconstruct. We're not going to be far off being able to reconstruct deepfakes from DNA. So like being able to model what a human being looks like just based off of some skin cell they left somewhere or some lip print that I can see. That being like a future where people don't even have to have video of you. As long as they have just one of your cells, they're able to just recreate you in the aggregate over, super scary. So you're not going to be able to believe newscasts anymore. You're not going to be able to know, did Trump really say that or did Biden really say that or anything? Because if it seems plausible, biden mumbling is something that happens every. So like how are you going to know if it's real? Him mumbling or some fake shit?

You think we're there already?

We are very close. There's some analysis that you can do on videos. It's the same way you can do noise level analysis on photoshop, pictures and stuff. There's certain artifacts that deepfakes are still kind of wrapping that they're still perceptible even of the human eye. There's ways that you can tell some of these, but the really good ones are getting really good. There's VFX artists out there that have done just fan edits of movies or place another actor in a role or something and just looking at it with the naked eye, you can't tell the difference. You would think that that actor had played that role in those clips. It's mind boggling.

So it won't be long before everything we see is fake.

Seeing is not believing anymore. It won't be. You'll have to have some sort of consensus on whether or not something is real or not. It's sad, but hopefully this is where man's reach exceeds his grasp a little bit. I think that the ramifications of this technology. One of the things it was used for when it was first coming up is, remember, as I said, porn is the thematic thread through all innovation in this stuff. This deep fake technology was employed a lot of times, like if there was a person you wanted to see naked, you'd find someone with similar body type and then you could map their face onto their body. And so people were using this to basically make fictional porn of people that didn't exist. And that was going on even in the Photoshop era. Like when I was growing, know, people would put Britney Spears'face, know some nude model or whatever and say that that was Britney Spears. But yeah, now it's like know some girl that you met at a bar at the gym or something and you're like I want to see what she looks like naked. And then train a model with I said similar with similar body type and then put their face on it and then boom, fantasy achieved.

But obviously while that is questionable as far as is that ethical or not? Probably not. It's not really doing any harm to that person. But if it leaked out, how would they defend that that wasn't them or whatever? And then said the flip side of that coin though is that you can totally use that same technology to make people say and do things. Like one of the problems where I work is like if people are faking video footage, if people do somehow transmit fake video footage to our back end, how do we know if it's genuine or not? How do we tell? Because law enforcement may use that as evidence. And so I could invent a domestic violence situation that didn't really happen and then that's the evidence that's against me. So the rabbit hole goes deep and.

It'S only as I didn't even think about that.

Oh dear. These are the things I have to think about all the time. So it's scary.

Let's move into machine learning. How does this work? How do machines learn?

Well, artificial intelligence or what we kind of consider artificial intelligence is machine learning. When people think of artificial intelligence, like deep fakes are a product of this. And I think the goal of mankind in some senses is to trend towards generalized intelligence, which is having a computer think exactly like a human does. So being able to learn abstract concepts, not necessarily a lot of what AI is now is regurgitation of training data. Computers are just very good at certain tasks. Like image recognition is huge. It's something that machine learning has been employed on for a long time. How CAPTCHAs work actually is when they're saying pick the pictures of fire hydrants in this block. What they'll do is Google basically for reCAPTCHA. They'll add adversarial noise to those pictures until their own image recognition doesn't recognize it as a fire hydrant. That's why those images sometimes look really grainy or stupid depending on the level of security on the captcha. And then you as a human are basically making that model better by it knows which ones are fire hydrants when it first places them up. For you to see, but it adds a ton of noise to those images that way, until its image recognition software doesn't recognize them as fire hydrants anymore.

And then when you go in there, and then you click the fire hydrants, then that's reinforcement learning for the computer to basically know that. Now, if I see something that's a little boggly, it probably still is fire hydrants. That's just kind of a rundown of how we've employed humans, basically, to make these models better. But one of the fascinating things about ML is that mechanically, how it works is you have intermediary nodes that are all assigned mathematical values. So there's something that goes in, and then you have a desired output. And then these layers. It's like a brain. It's a neural network. It looks like the same way our brains probably process things electrochemically. But we understand how this all works, but we don't really understand if you were to take a snapshot at any one point in the computer's thought process, it's just a bunch of values. So it's meaningless, really, to us, but to a computer, that's how it interprets interpreting the data. So if I have a picture of a dog, and then through all this convolution and it outputs dog, however, the parameters are set up in the model itself to determine that this is a dog.

All of the thought that goes on in the middle there, if you were to take a slice of that, we wouldn't be able to interpret it as human beings. It's a very esoteric concept. So even hardcore engineers in this stuff, again, how it works as a whole, totally understandable. But the real machinations of machine learning are still kind of a mystery to everybody, because it's just mathematical values that somehow the computer outputs. Fakes it, or whatever you want to call it, and then it's able to reach these conclusions the same way that a human would, which is fascinating, obviously, but there's things that computers are really good at doing, and there's things that they're not very good at doing. I'm sure you've heard of Chad GPT. Yeah, for content generation. And these these large language models, super efficient, and they're very convincing. That's part of what Alan Turing had, this positive this thing called the Turing Test, which, in a nutshell is if you were talking to a faceless, something like just a like, would you be able to determine if the person on the other side was a computer or a human or not?

And we're starting to reach that point where even the chat bots and stuff that I was making as a spammer were obviously fooling people, you know, and that was low level stuff. This is much more comprehensive and involved. But these LLMs now that the capabilities that they have are just astronomical because they're basically they can write you college papers. There's lawyers that have been using it and getting caught because it was citing fake cases and stuff. So you're seeing it being trying to be weaponized in the mainstream a lot more. But it still is really impressive to see the types of things that these LLMs are outputting. But again, they're only as good as the data that they're trained on, which is said that what that comes from is the corpus of whatever we've generated in human history. So that's why it has biases towards certain things because we have biases towards certain things. And that's where they're tweaking the knobs and what people say is like wokeifying the AIS and stuff because it's going to spit out racist statistics, it's going to spit out things that just don't make sense, but that's just how the data that's been fed into it.

So it doesn't really know any better. It can't make decisions based on feeling the same way that human beings can.

It can make decisions based off feelings.

Oh, it can't? No, it can't.

I thought you said it that yeah.

The comprehension is different, but it just fakes it well enough now. Who knows where this is going to go, obviously, but ML has a lot.

Of where do you think this is going to go? I mean, you read about it and it seems like just about every profession is going to be replaced. They talk about it replacing attorneys, they talk about it replacing financial advisors. I read something the other day that said that I don't even know what you call it a program is they fed it, I don't know, thousands of mammograms and can diagnose cancer. Like.

99% success rate. That's where a lot of the medical field there's so many applications where ML is super useful in site optimization. There's projects like GitHub Copilot and Amazon has one too that grab some water. Yeah, like there's products like GitHub Copilot and AWS has one too that I should remember that help kind of scaffold code. So it's been trained on lots of different code chat, GPT even can output certain programs like boilerplate type stuff. The way I see it kind of going in the short term is it's definitely going to be a skill to be able to do what's called prompt engineering, like leveraging AI to augment your workflow. I don't know how much it's going to replace workers yet, but being able to those that can use it as a force multiplier in whatever they're doing are going to have a lot higher advantage than those who aren't. So it's just the hammer to the jackhammer type thing where it's the evolution of just another tool that we're using. But again, when it comes down to it, I would love to see computers reach a state of terminator in Skynet. It would be just awesome because hopefully I've treated them nicely enough that they'll see me as a friend and maybe they'll elevate me to Emperor of the Universe or something.

But the realistic, there's a lot of jobs that are going to completely disappear just because you're going to wind up having I think there's a lawyer site called I think it's do notpay.com not affiliated with them at all or anything, but it's an LLM driven lawyer service and it'll fight traffic tickets for you. It'll write divorce paperwork. It has this huge laundry list of things that it will do. So it's kind of a lawyer in a box. But that if you're trying to get something removed from your credit, you have to send letters in snail mail to the company and taking like an LLM GPT, chat GPT or something, and then front ending it and then giving it access to be able to print letters and mail them. Now you've got this entire work stream where you can have an AI fighting your credit card, credit report for you, completely automated. And so what's going to happen is on the other end of that, they're going to have an AI that's reading what's incoming. And so you're basically going to have these AIS that are fighting with each other, just AIS talking to each other, sending each other legal documents, resumes, whatever you can think of.

And so the gatekeepers of both of these sides are going to be artificial intelligence and human beings aren't going to be reading this stuff anymore because it's just considered mundane. So I can see that kind of in the near future where you just have AIS that are talking to each other, that are resolving disputes in a sense because human beings become too lazy to fill out a form to do something. It'll be fun.

But what are some professions that you think are just going away? I guaranteed it's over.

I think that the driving, self driving is going to be a huge. Transportation industry is gigantic. If you think about just logistics from truck drivers and just regular delivery drivers, taxicab, I mean, you name it. The transportation industry just has a ton of people that are working there and probably little by little you're going to see a lot of that stuff automated.

So pilots? Drivers, yeah.

Pilots maybe. Yeah, for sure, definitely. I said road operated private ChuChu's too. The old trains, they're going to see similar thing. I don't know what the timeline is for that. I'm not that much of a futurist, but that's where I see the most economic impact just because of how many people are employed and kind of propped up in this industry. We've been scared about robots for as long as I've been alive. Robots taking over automated factory processes and stuff. But the other thing is to content writers reporting, I think it's going to get to a point where you can just type in a few bullet points about an article and then it'll just crap out something that's totally, you know, you might need a lot less writers on staff. That's part of, I think, what the Hollywood strike is about. But in my estimation, if an AI is writing better content than a human being, then maybe you're not that good to begin with. I don't know. You can't ever fight technology. You always have to embrace it, and you see this just happen throughout human history. There's professions, I think, that we had considered sort of bulletproof at any other time in history, if you were a blacksmith, you were probably the man.

But I don't know too many blacksmiths in 2023. It's just the rapid nature. I mean, we discovered how to fly and went to the moon within 70 years type thing. Dinosaurs ruled the earth for millions of years, and they didn't have any internet. So, I mean, it's just these crazy jumps forward that we're making that it's very hard to tell where things are going to be. Science fiction authors refer to it as the singularity, that there's just going to be a point that we reach where everything you wouldn't be able to explain what was happening to anybody before you, like, even with a phone. Now I can show it to you. It's kind of like smoke signals. If you were a caveman, I'd be like, yeah, this is sort of like that smoke signal thing that you guys do, and like, oh, okay, I get that. But supposedly the singularity becomes this point where it's just completely unrecognizable. There's no language I could use to explain where we're at or what's going on.

Interesting. Not heard of that. Singularity.

Singularity.

Yeah, I got to look into that. That sounds interesting. Let's move into cryptocurrency.

Okay. As far as crypto goes, I was just an early adopter of the technology, and I just like how it operates. I wrote a song about bitcoin in 2012 that became somewhat popular, and it's probably my most played song, but when I had gotten into bitcoin, it was very like, 2009 is kind of when it started, and 2011 1213 is sort of when it was on my radar. And at that time, it was just coffee shop meetings type stuff. It was like, 20 people would come to these meetups. It wasn't this huge phenomenon that it is now. And I just really appreciated the technology aspect of it. It solved this intractable problem in computer science called the byzantine generals problem. But it's basically just how do you solve the ability to double spend currency, and how can you assign authority to somebody, sort of verifying these transactions? And I spoke about earlier that the hashing thing, where you try to find the most zeros in this arbitrary hash that you're pumping values into, and so that's pretty much how it's done. But the cool thing about cryptocurrency or where it came from, I'm not a big fan of banks.

There's been times I've gone to the bank and I've asked them for the money that's mine. And they're like, I got to wait. We got to get it for you, or I tried to send a wire the other day, and they were like, why are you sending this wire? And I said, why do I have to tell you that it's my money. I should be able to do what I want with it. So Bitcoin eliminates all that stuff. But you're in charge of your destiny there. So if you lose your keys or you give somebody your passphrase or whatever and you get wiped out, there's no phone number that you can call to beg for it back. So you have this responsibility that also kind of comes with that. But the problems that people try to for a while, there's a lot of pitch decks floating around Silicon Valley that were trying to solve every problem with blockchain, and that's just not the case. There are certain things that it does really well. And I said the fact that it's distributed decentralized, the purest kind of crypto world that becomes a great alternative currency, alternative value store.

If I want to send money to a foreign country without going to Western Union, without dealing with a bank, it's nice because it's practically immediate within five minutes, and you can do it very cheaply, relatively. I mean, I can send a billion dollars for less than a in less than five minutes type thing. So it's a great concept, but I don't buy into a lot of the hype around cryptocurrency now, the way that it is, it's become kind of taken over by a lot of finance pros and quants and Wall Street types that are just kind of in it to make a buck. But I was always just a purist. I'm just in it for the technology and in it for the do you.

Think this is the future?

I do. And even America, I think our Treasury National Reserve has been discussing making a cryptocurrency to represent our is there's a couple like Tether and USDC. There's a few coins they're called stable coins that are basically pegged to they have a dollar amount associated with them. Just one coin is $1 type thing. But even the US government now has gotten to a point where they've been kicking around starting their own stablecoin, just government backed.

What do you think of that? Central bank digital currency? It's a big topic right now.

It is huge. So one of the advantages to cash, obviously, usually the only time I've ever gone to the ATM was to buy drugs or gamble. Even regular money these days isn't used for maybe you're tipping a valet or something. But for the most part, it's not something that every other cash purchase that you're doing is usually with a card or like a debit or credit. So there's a transaction there. If people were always talking about the government being able to see what you're spending your money on and everything. And that's one of those. Like in China, they have a social credit system. I don't know if you're aware of it.

I am aware, but I could see.

Them instituting something like that over here in the US. Where if you spend money on these vices, then you're demerit or minus three points. And that's where I see the more kind of digitized that we make currency in general, like, the easier it is to track in that sense. And so it becomes just another way for authoritarian minds to data mine or do whatever with. The one thing is though, is even in the existence of that, there's a lot of things that are illegal these days. Like you shouldn't be able to download movies and music illegally, but people do it anyway. You shouldn't be able to pirate satellite signals. People do it anyway. You should be able to jaywalk, people do it anyway. There's no way you can outlaw bitcoin at this point. It's just the network is too robust, and so you can always use that as an alternative. Or there's currencies like monero that are privacy focused. They're designed because with bitcoin, it's pseudonymous, that you can be as public or as private as you want to be with that. But the entire purpose of the blockchain is it's a ledger from end to end of every transaction that's ever happened over the history of the blockchain.

And so it provides that. I think for nonprofits, for instance, it's a really brilliant thing to use because I would have total accountability and anyone could audit me because they could all see which transactions are coming to my address when withdrawals are made, I would have to have some sort of tie in to like, what did I spend this money on? Because everybody will see it go out, everybody sees the money come in. So I think for nonprofits and stuff, it's a super useful tool for accountability. I don't know if people want to adopt it, because people really want accountability in that sense. For those things, it's good. But privacy coins like monero obfuscate the transactions of the blockchain so they can't really see if you and me are sending money to each other, and that's how it's designed. That's kind of the point of the privacy coins. But depending on what you're looking to get out of it, that's the thing. It's good that we have alternatives, but even if the US. Government was trying to outlaw really, I don't think you really could. So you can try. The biggest thing that you'd be able to do is cut off central exchanges, but that's why there's just decentralized exchanges that exist now where the liquidity pool is decided by members of the decentralized community.

So if I have some bitcoin I want to sell, and you have some ethereum you want to sell, then we'll meet in the middle somewhere on this decentralized exchange and then swap it. But it's all just currency is only as good as people that adopt it. Like you can walk into the corner store right now with €5 and the guy's going to laugh you out of the store. But that's real money. It's just the fact that they don't accept it there. And so once cryptocurrency gets to a point where it's in a place that everybody kind of accepts that it's real or not, then we'll see a turning point, I think.

Let's get into we talked about it quite a bit, but we talked about it with your phone. But secure communications, signal, WhatsApp regular text? I mean, what is the most secure method of communication nowadays? Everybody's worried about government overreach and big tech tracking everything we do. And what do you use?

I use signal primarily. I have Telegram and WhatsApp, which both have the end to end encryption features. Purport to Imessage on iPhone actually is also end to end encrypted. What that means is that you and I have the keys to unlock the contents of that conversation. So it's end to end. There's no intermediary server that can take that traffic and decrypt it because the key exchange is like between the two of us. Usually what compromises devices, security, text messaging and stuff is that the actual phone itself is compromised. So it's not necessarily the apps themselves. Signal, that by default is encrypted perfect forward secrecy and it's designed to be really lightweight. Like it doesn't have a lot of the features that Telegram and WhatsApp and stuff have. I think you can do emojis. It has link previews, it's bloated up a little bit over the years. It's not as spartan as it used to be, but for my money, it's all open source. So the code is auditable. And I just said I've been a fan of Signal ever since it came out, largely unless mathematics is broken or quantum cryptography or quantum computing takes a huge step forward, we don't really have to worry about you don't have to worry about Signal as far as that.

But where you're going to have a lot of problems is more in the fact that the device that the software is sitting on is actually compromised. So somebody's hacked your phone and then they can read anything anyway, but Signal.

Will be the most secure.

This is what I use. I'm not sponsored by them or anything like that. But yeah, just endorse just how it works and it undergoes pretty regular audits. And it said the code is anybody can look at it, anybody can see just how it works. And Signal has just been kind of my secure messenger of choice for a long time. But Imessage offers the same protection. The clear text SMS is really bad because that's what I'm saying. Anybody in between can view the contents of those messages. The phone company. That's why when the court subpoenas records or whatever, if they don't have access to the phone, they don't have access to the text records. But if they're SMS green on the iPhone, then they can just get that stuff from the phone company.

Oh, kidding. I didn't know that. So they have to have the actual device with an iPhone message or with Imessage?

With Imessage. Yeah. There hasn't been as far as I know. I don't think the encryption has been broken, but yeah. Would have to have the device to peel anything off of it or control the device.

What are your views on Snowden?

I that's a tough one. I respect what he did, for sure. Like, I love whistleblowers. I think that that's a good thing. But the the nature in which it was done, I think is something I find somewhat problematic. I don't know. Again, being a former member of the intelligence community and stuff like that, there's a lot of information that, you know, why it should be know in a sense, or especially if there's lives at stake. Know anything not too long ago, I forgot, remember it was Trump or what was that? When all those assets got leaked? The foreign assets. It was like the knock list in Mission Impossible, but a ton of deep cover operatives were exposed.

I don't remember who that was.

Yeah, just that there's things I don't live in a of course, I have this hacker ethos of all information should be free and we should have access, and transparency is important and stuff, but there is a certain who decides this. Again, it's imperfect, but should Snowden be the arbiter of that type of information? I mean, yes or no? This is a very personal, subjective thing. He did it through the channels, releasing it to The Guardian. I don't think that he should be prosecuted, but at the same time, I think if everybody behaved in that way, it would be somewhat reckless. You can't just have everybody doing that type of stuff. So personally, do I think he belongs in jail? No. Do I think he should get a pardon? Yeah, but are there questions around what he did and how he did it? I think so, but again, that's for him. And this is just my judgment as far as outside looking in. I don't know.

Let's get into some fun stuff.

Okay.

Nerd core music. What is it? I've not heard of this until you came along.

So nerdcore hip hop is a term that applies to a wide range of music, but all of it is considered nerd culture geeky stuff. So Dungeons and Dragons, Star Wars, Marvel before there was all these movies about it, like just being comic book nerd or anything. And it was music just about these nerdy pursuits. And right around the AOL days is when I started making music. It wasn't called nerd core then, but the same way that you listen to regular hip hop music or mainstream hip hop music and the subject matter that it's rapping about then I was just trying to one of the core tenets of hip hop being to keep. It real. I just thought it was fun to rap about the types of things that we were doing on the computer because there's a lot of correlation between making money on the streets and making money on the Internet. I think there are a lot of the similar qualities that both of those things have. I was pimping on the Internet. They're pimping in the streets. I'm robbing banks and they're robbing banks, but I'm doing it in my underwear and they're doing it with a ski mask on.

It just seemed like the natural progression. But most of my contemporaries are doing it in one of my friends, MC Lars, he has a degree from Stanford in 19th century literature. And so a lot of the contents of his rap is about poets and the poetry and prose of that era. He does songs about a lot of stuff, but that's kind of his focus. And then MC Frontalot is like he's considered the godfather of nerdcore. He's the one who named it, but he was a graphics designer. He's an artist web guy, and he just makes geeky songs about geeky things. But he's not much of a hacker, so has no real insight into computer security. Megaran is another one who he'd started out kind of doing video game raps the same way that I didn't. We took, like, old video game beats and then made music to them. But about nerdy subjects, megaran's probably he's been doing a lot of stuff with the WWE, and he's a huge fan of wrestling. And so he's got songs about wrestling. He's got songs that are in video games, like in the credits and theme songs and stuff.

But everybody sort of has these little even subgenre pockets, nerd core that they occupy. And mine has always just been computer security that I rap about hacking and spamming and all those things that we've talked about today, but just put it in a song form.

You're a forefather of this. Did you start this genre chronologically?

I was probably before everybody considering this in 1990, 819, 99, that the genre really started to become embody. Something I say in the mid 2000s is where the wave started to catch, but I'm sure that it was being done. I don't really know how I'm considered one of the forefathers of the genre, but I think it would be I don't know if I could have said I created it again. I think it was more of a team effort, know, built by a bunch of us, kind of around the same time, independent discovery, like calculus with Newton and Leibns, but leibniz. Yeah.

Well, I mean, it sounds like you've had a hell of a career. You've performed alongside Busta Rhymes, Nelly Three Six, Mafia, George Clinton Two Shorts, Snoop Dogg, Ice Cube, and you released a collaborative single with Dead Mouse this year.

Yeah, that was earlier this year.

Are you on tour with all these guys?

Not really. I do a lot of one off shows and stuff with most of the people on that list. Yeah, we just see each other when we see each other and do shows with each other. I DJ too. I love music. I've been playing guitar for a really long time and it's a lot of fun. But more or less my mission with the music is I've had a lot of people that have listened to it and then they've decided to take up a profession in coding or in computer security or whatever. And that's something I think is very unique to the music that I make. There are how to music out there of how to make crack cocaine and whatnot of course that exists. But the subject matter that I try to attack and things that I say, it's all fairly real world application. It's either something that's happened to me or something that's happened to somebody I know that Keep it Real thread is really important in the music that I make. But my fan base is very intelligent and highly technical because there's a little bit of a barrier to entry to kind of getting in and understanding the music because it uses a lot of technical jargon and the analogies and stuff are just a little more heady and they have to do with hacking and spamming and stuff.

So people that kind of do the deep dive and get in there and figure out what the lyrics are really saying, then they tend to walk away with little nuggets of knowledge. And it's cool to get that feedback from people that have done sort of deep dives on the song lyrics or the content.

How's it working with dead Mouse?

Dead mouse is amazing. He's a great person. The way it all came to be was like right around when COVID was kicking off. And there's a guy, his name is Steve Duda and he good musician in his own right, but he's a plugin developer now, just a software developer that he worked in the music industry for a really long time and was a one time coworker with Dead Mouse. But they had a group project called BSOD together. Blue Screen of Death is what that name comes from. And so a lot of the kind of seminal electronic work that the two of them were collaborating and working together. And so they were in Toronto working on new music and Dead Mouse just had this instrumental that needed lyrics on it. And so Steve had DM'd me on Twitter and he was just like, hey, I'm up here in Toronto working with Joel. And we downloaded one of the acapellas off your website and slapped it on the song because we needed vocals for it. And Joel really likes, you know, what are we going to do about it? And that song is about this group LulSec, that did a ton of they were anonymous adjacent, did a ton of hacks, like, kind of at the turn of the decade, it was really highly publicized, and that song was the theme song for that group.

And then here, whatever it is, twelve years later, to have it like this reemergence and rerelease is just funny because Joel's into Internet culture and stuff. He was there for a lot of this, but never in a million years would I think that song would resurface as a single on his album. But, yeah, the last couple of years, we'd find ourselves in the same places, or I would just go out and perform it with them. So it's been a blast. I said I've been in the music scene pretty much my whole life, and so I've made a lot of friends and kind of rub shoulders with everybody for a while. But I don't really take music as seriously as I think I should, probably. But I think if I took it more seriously, I probably wouldn't find it as fun. But, yeah, Joel is just a trip, bro. I love him. He's a great guy.

Yeah. My wife and I are huge fans of Dead Mouth. Good.

Brilliant.

Yeah, I think that's cool.

Super cool. Yeah, he's a great guy. I'll see if I can get him on here and just twist his arm on here. Yeah, on your podcast. Talk to him.

Yeah, that would be the shit.

Let's do it.

All right. Let's do it. That would be awesome. But, man, we covered a lot of ground.

We did.

Of all the things that you've been involved in, music hacking, black hat hacking, the stuff you're doing with the big tech companies, what's your favorite thing to work on? What gives you the most.

This is going to be cheesy, but being a good dad, I don't think that's cheesy at all. Yeah, it's probably the stupidest answer, like, just easy platitude. But my daughter, she's grown now, but we talk constantly. Just being that close and just watching her kind of grow up, and now she's in college and going to make her own mark on the world type thing. It's just most proud of her and just the fact that she's out there still alive. She didn't starve to death, so I did okay. But, yeah, being a dad is my favorite thing, I think.

Well, man, in my humble opinion, that's the best answer you could have given.

Good.

So that's awesome. Congratulations.

Thank you.

On a successful all right, Bryce, we're wrapping up the interview. Last question. Three people that you want to see on this show.

We mentioned one. Let's see if we can get Dead Mouse on here. I think Connor Daly would be amazing. He's a race car driver. You two would just love each other. And probably Sam Curry. He's one of the younger generation hackers, is really big in the bug bounty scene, but he's one of those guys I was talking about. That's a young gun that's just done so much impressive stuff and he's been with me a lot on more the recent journeys like the UAE and just highly, highly skilled. Insane amazing. Just yeah, brilliant. So I think you would really like him, too.

I'll look him up.

Okay.

I appreciate it. Well, Bryce, man, it was what a fascinating conversation. I think we got to be close to 7 hours.

Yeah. Jeez.

And I'm not going to lie, I could go longer, but I think you're getting tired.

I'm just amazed somebody wants to talk to me this long. It's crazy. So, yeah, I'm having a great time, too.

You are a wealth of knowledge. And we covered it all. Childhood. At least, I think. Is there anything we need to cover that we haven't yet?

Did we do the mathematician thing? Did I qualify it's? That it's funny you say that, because it's not real, but yeah. I have two published sequences with my friend Tony in the online Encyclopedia of Integer Sequences. Yeah, I remember you mentioned that up top.

And I was like, that is real, though.

That it's real? Yeah, it's real. It's not like rigorous scientific, like I proved for Maslav's theorem or anything like that, or the Riemann hypothesis, but at the same time yeah, it's funny how much nerd cred that actually gets you. Like when you figure out a new sequence of numbers that they really seem to enjoy that. But yeah, other than that you could write my biography now. I think you got it. Everything.

Fascinating stuff. Wilbrace, I just want to say thank.

You for and the pleasure is mine, completely. I really, really enjoyed myself. Thank you.

Me too. Cheers.

Cheers. Thank you.