WEBVTT 00:00:00.090 --> 00:00:07.600 JACK: Man, last Defcon was wild. It is up there with one of the top ten best moments of my life, 00:00:07.600 --> 00:00:12.320 and I don't think I ever told you about what happened. See, Defcon is an annual hacker 00:00:12.320 --> 00:00:17.600 conference in Las Vegas, and it’s my favorite conference in the world. It’s just so inventive 00:00:17.600 --> 00:00:23.920 and fun and brilliant and weird. Defcon is just built different. Like, of course there’s talks 00:00:23.920 --> 00:00:29.040 and places to get hands-on doing hacking, [music] but at night, most conferences just shut down. 00:00:29.040 --> 00:00:35.320 Not Defcon. Defcon goes all night long. At night, they clear out the chairs and the lecture halls, 00:00:35.320 --> 00:00:40.200 and they turn them into party spots. There’s not just one party going on; 00:00:40.200 --> 00:00:45.440 there’s a DJ in Track 1, and there’s an arcade set up in Track 2, and there’s nerdcore rappers 00:00:45.440 --> 00:00:50.520 on stage live in Track 3. Keep walking, and you find even more parties around the conference. 00:00:50.520 --> 00:00:55.040 It’s an adventure to find all the things happening, and that’s just at Defcon. There 00:00:55.040 --> 00:01:00.920 are literally dozens of other parties all over town, too; hotel room parties, bar meet-ups, pool 00:01:00.920 --> 00:01:05.840 parties, and vendor parties. The vendors sometimes spend over $100,000 on a party by renting out a 00:01:05.840 --> 00:01:10.920 whole nightclub and giving out free drinks and food to their customers. With all these parties, 00:01:10.920 --> 00:01:16.760 I got to thinking; you know what? I should throw a party, a Darknet Diaries party. Now, 00:01:16.760 --> 00:01:21.560 you might be wondering, Jack, I heard you're a private person, and nobody really knows what you 00:01:21.560 --> 00:01:27.200 look like. That’s true. Well, then how do you go to these conferences and meet people? Ah, 00:01:27.200 --> 00:01:33.160 here’s my secret; I wear a disguise. I put on a big black hat, dark sunglasses, 00:01:33.160 --> 00:01:38.920 and a bandana over my face. I kinda look like an old-time bandit in this costume, and it’s perfect. 00:01:38.920 --> 00:01:44.080 Nobody knows what I actually look like, and I can still meet hundreds of people if I want. In fact, 00:01:44.080 --> 00:01:49.760 I’ve worn this costume so much that everyone seems to know me when I wear it. It’s my brand. It’s my 00:01:49.760 --> 00:01:54.560 look, and when it’s on, people stop me all the time and say hi and talk with me. It’s great. I 00:01:54.560 --> 00:01:59.200 love that. I can't walk ten feet in Defcon without someone shouting my name and saying hi. [Music] 00:01:59.200 --> 00:02:05.840 But when I take that costume off, nobody knows it’s me, and suddenly I’m an anonymous face in 00:02:05.840 --> 00:02:12.760 the crowd, and I love that anonymity is my default state, and I can turn on the notoriety whenever I 00:02:12.760 --> 00:02:18.960 want. I don't want people to know what I look like so that I can live a nice, private life. 00:02:18.960 --> 00:02:23.960 I love the attention I get from this show, but I also love that I can turn it off when I want. 00:02:23.960 --> 00:02:30.320 So, my big idea for this party at last Defcon was to step up that anonymity even more. 00:02:30.320 --> 00:02:34.400 Everyone knows I’m the guy with the big black hat, the sunglasses, and the bandana around my 00:02:34.400 --> 00:02:43.400 face. What if I gave everyone that same costume when they came to my party? That way everyone is 00:02:43.400 --> 00:02:49.120 Jack Rhysider. I pitched the idea to Defcon. They accepted it and showed me which ballroom I get, 00:02:49.120 --> 00:02:54.680 and I rounded up twenty of my friends, and we had it all planned. We had four DJs, two video DJs, 00:02:54.680 --> 00:03:00.040 and so much more. It was great. I ordered 800 black hats, sunglasses, and bandanas, 00:03:00.040 --> 00:03:05.160 and the party got underway. The room filled up instantly. 400 people came pouring in through the 00:03:05.160 --> 00:03:09.960 door, and they were all given these costumes, and they put it on. They played the game. 00:03:09.960 --> 00:03:16.520 But the real test was could any of them find me in this crowd now, where we're all wearing the exact 00:03:16.520 --> 00:03:24.360 same costume? Amazingly, no. I was extremely hard to find. Actually, some people came in, 00:03:24.360 --> 00:03:29.320 looked all over for me, couldn't find me, and then left, and then tweeted; I just went to 00:03:29.320 --> 00:03:34.560 Jack Rhysider’s party. He wasn’t even there. I was going up to people and I was asking them, 00:03:34.560 --> 00:03:38.800 hey, where’s Jack? Nobody knew. I tried to convince a bunch of ladies — like, 00:03:38.800 --> 00:03:43.880 hey, I’m actually the real Jack Rhysider, and they just laughed at me and walked away. It 00:03:43.880 --> 00:03:49.640 was amazing to have all these people come to my party, but I just had this very calm and happy 00:03:49.640 --> 00:03:55.400 and serene kind of experience to it because I could just float through the crowd and enjoy 00:03:55.400 --> 00:04:02.160 it without being mobbed by everyone — that usually happens, and I wasn’t even mask-less. 00:04:02.160 --> 00:04:07.280 This is my party and no one can find me. It was hilarious to me. But it didn’t stop 00:04:07.280 --> 00:04:12.680 there. I thought, you know what? I want to put my fans to the test. I believe that my fans, 00:04:12.680 --> 00:04:18.640 you, the listeners of this show, are the best, sweetest, nicest people in the world, 00:04:18.640 --> 00:04:24.000 and I want to prove that. I want to somehow be vulnerable to them, 00:04:24.000 --> 00:04:30.040 to give them a huge amount of power over me and to see how they react 00:04:30.040 --> 00:04:35.440 to such power. I want to give them so much power than they could ruin me, and I want to see if any 00:04:35.440 --> 00:04:42.720 of them abuse it. So, I thought, okay, I’m here at Defcon. What’s the worst idea I can come up with 00:04:42.720 --> 00:04:51.040 to do in this party? It hit me; let the party attendees control my Twitter account. Sheesh, 00:04:51.040 --> 00:04:54.600 if everyone looks like me already, they might as well be able to tweet as me, too, right? 00:04:54.600 --> 00:04:58.280 So, I set up this ‘if’, ‘this’, and ‘that’ trigger so that when you text a phone number, 00:04:58.280 --> 00:05:04.880 it automatically tweets what you texted it. No moderation. No filters. Just trust. Well, I 00:05:04.880 --> 00:05:10.160 couldn't figure out how to get photos to work, so it was just text, and I did block URLs; kinda the 00:05:10.160 --> 00:05:15.600 one thing I blocked. Yeah, we set up a projector on the wall and we had a live feed of my Twitter, 00:05:15.600 --> 00:05:23.160 and it said, ‘Text this number and it will tweet as Jack’. People texted. Holy cow, dozens of texts 00:05:23.160 --> 00:05:28.480 started flying in, but the automation kept up and it just tweeted everyone that it got. People were 00:05:28.480 --> 00:05:33.560 testing it at first, just seeing if it was real. Like, someone said, ‘Meow’, and someone said, 00:05:33.560 --> 00:05:37.720 ‘Does this work?’ Then people started writing their names up on there. ‘David was here’, 00:05:37.720 --> 00:05:43.680 and ‘I love you, Andrea’. Then ASCII art started showing up and memes started getting posted. 00:05:43.680 --> 00:05:48.040 I was real nervous watching the screen, but a bunch of people were standing around watching 00:05:48.040 --> 00:05:52.720 the tweets come in with me. They had no idea it was even me, and they couldn't believe that Jack 00:05:52.720 --> 00:05:57.520 was so stupid enough to hand over his Twitter to Defcon. I mean, they're right, you know? Of 00:05:57.520 --> 00:06:03.000 all the places to do that, Defcon is the worst. These hackers deface anything for fun and delete 00:06:03.000 --> 00:06:08.600 and destroy stuff. This is a terrible idea. I’m gonna get cancelled. Something is gonna be posted 00:06:08.600 --> 00:06:15.160 that is going to be absolutely awful for me. But like I said, it was a test to see how awesome my 00:06:15.160 --> 00:06:21.120 fans are, to be vulnerable with them and to see if they abuse that power. You know what? They 00:06:21.120 --> 00:06:27.560 didn’t disappoint me. I think the spiciest tweet I saw was, ‘I’m so horny right now’. 00:06:27.560 --> 00:06:33.680 But after a couple hours and hundreds of posts to Twitter, Twitter rate-limited me and they ruined 00:06:33.680 --> 00:06:40.040 the fun. They busted the party and blocked me from tweeting for twenty-four hours, which I think is 00:06:40.040 --> 00:06:45.920 a fitting way of ending that whole experience. It went out nicely. I didn’t get banned. I just 00:06:45.920 --> 00:06:51.160 got rate-limited. But by that point, the place was packed and word got out of which one was me, 00:06:51.160 --> 00:06:55.760 and I was just surrounded by people and it was great fun. We were having a blast. But what I 00:06:55.760 --> 00:07:01.000 didn’t know is that there were another thousand people in line trying to get into this party. I 00:07:01.000 --> 00:07:05.000 know it was a thousand people because someone grabbed a box of pencils that had a thousand 00:07:05.000 --> 00:07:10.960 pencils in the box, and handed one to each person in line, and they ran out of pencils by the end. 00:07:10.960 --> 00:07:15.600 We ran out of everything; hats, bandanas, stickers, sunglasses, bracelets. I think I 00:07:15.600 --> 00:07:23.320 met 1,500 people total in that weekend because I brought 1,600 bracelets and I gave them all away. 00:07:23.320 --> 00:07:28.960 Defcon is known for long lines, but there were so many people in line for my party that even 00:07:28.960 --> 00:07:34.520 Defcon told me they have never seen a line that long for a party ever. That line was possibly 00:07:34.520 --> 00:07:39.320 the longest line of the whole conference that weekend, barely being longer than the merch line, 00:07:39.320 --> 00:07:44.520 which is always super, super crazy. We eventually couldn't hold them back anymore. We just opened 00:07:44.520 --> 00:07:48.760 up the doors and let it rip, and it was a mad house in there. I think the party went 00:07:48.760 --> 00:07:54.800 on for like six hours, all night long, and I used every drop of energy I had. 00:07:54.800 --> 00:08:00.400 But man, was it worth it. That was the best time I’ve ever had at Defcon. 00:08:00.400 --> 00:08:05.320 You know, to this day, I still get people sliding into my DMs on Twitter [music] asking, 00:08:05.320 --> 00:08:10.080 why did you say this tweet, man? They're mad at some hot take I had or something, 00:08:10.080 --> 00:08:14.120 and when I look at the tweet and I wonder, I don't remember ever saying that — but then I 00:08:14.120 --> 00:08:21.400 look at the date and I see that it was posted on August 10th, 2024, and that was the night 00:08:21.400 --> 00:08:29.440 I will never forget. It always puts a big smile on my face whenever I see a tweet from that day. 00:08:29.440 --> 00:08:46.360 (INTRO): [INTRO MUSIC] This is Darknet Diaries. 00:08:46.360 --> 00:09:00.520 JACK: Grifter; how’d you get that name? 00:09:00.520 --> 00:09:07.520 GRIFTER: So, I always cringe a little bit when someone asks me this question because like many 00:09:07.520 --> 00:09:13.200 nerds out there, I used to read the dictionary as a kid. I’d look for interesting words, words that 00:09:13.200 --> 00:09:18.960 I liked, and the definition that I came across of ‘grifter’ was, ‘A person at a circus or carnival 00:09:18.960 --> 00:09:25.720 who runs freak shows or games of chance’. I was like, ooh, that’s badass. Then it said, again, 00:09:25.720 --> 00:09:31.320 also, the more widely-known, a con artist. I was like, also cool. I’ll take it. So, 00:09:31.320 --> 00:09:35.060 yeah. So, I started using it for names on video games, and I would put in Grifter. 00:09:35.060 --> 00:09:36.980 JACK: You grew up in New York. 00:09:36.980 --> 00:09:38.960 GRIFTER: Yeah, Long Island. 00:09:38.960 --> 00:09:41.340 JACK: What was computers like for you growing up? 00:09:41.340 --> 00:09:48.120 GRIFTER: I was — I grew up part of the Nintendo generation, so I was really into video games, 00:09:48.120 --> 00:09:55.040 and my parents are divorced. My dad and — live with his brother. So, his brother, 00:09:55.040 --> 00:10:00.440 my uncle, was a computer tech back in the eighties. So, he had a computer. 00:10:00.440 --> 00:10:08.160 I have ADHD on a fantastic level, but sitting in front of the computer or putting electronics 00:10:08.160 --> 00:10:14.120 in front of me was one of the things that could keep me still. So, he encouraged me to do that 00:10:14.120 --> 00:10:21.640 as often as possible. I started playing games on the computer, which eventually led to my first 00:10:21.640 --> 00:10:28.460 online experiences, which were dialing into pirate bulletin board systems to download pirated games. 00:10:28.460 --> 00:10:34.240 JACK: Back then, you were really, really lucky if you had a computer at all in your house. Nobody 00:10:34.240 --> 00:10:38.680 understood how they worked, and they were very expensive, and the problem with pirated games is 00:10:38.680 --> 00:10:42.920 that they're riddled with malware and viruses. So, Grifter would download a pirated game, 00:10:42.920 --> 00:10:46.800 install it, and then suddenly his uncle’s computer was all screwed up. Of course, 00:10:46.800 --> 00:10:50.400 Grifter didn’t want to get in trouble for messing up the family computer, so he sort 00:10:50.400 --> 00:10:56.040 of had to learn by fire how to troubleshoot the problem he caused, and this forced him to skill 00:10:56.040 --> 00:11:02.440 up at understanding computers. He wasn’t just a user anymore. He was becoming a superuser. 00:11:02.440 --> 00:11:07.400 GRIFTER: Yeah, I think that’s the thing, is we were forced to learn a lot of different things 00:11:07.400 --> 00:11:13.360 at those ages because we had to learn a little bit of everything. It wasn’t just done for you. 00:11:13.360 --> 00:11:18.960 Even being able to get online at that time alone required a certain amount of skill in 00:11:18.960 --> 00:11:24.320 order to configure a modem and dial the right numbers and get everything put in correctly, 00:11:24.320 --> 00:11:30.920 and connect to different BBS software required different settings and stuff. Because it was 00:11:30.920 --> 00:11:37.640 like that, it meant that there was an assumption that if you were online, that you were an adult. 00:11:37.640 --> 00:11:43.200 I could post things and nobody knew that I was ten years old, and I really liked that. 00:11:43.200 --> 00:11:46.520 JACK: But Grifter was quite a mischievous troublemaker, 00:11:46.520 --> 00:11:50.983 and he gravitated towards the darker parts of the internet. 00:11:50.983 --> 00:11:54.800 GRIFTER: [Music] So, the pirate bulletin board stuff and posting on there eventually 00:11:54.800 --> 00:11:59.440 led to somebody on one of the BBSs saying, hey, just based on the stuff that you're 00:11:59.440 --> 00:12:03.280 posting, I think that you would really be interested in this other bulletin board, 00:12:03.280 --> 00:12:12.680 and they posted a number. I dialed it up and it was a hacker BBS. I went crazy, 00:12:12.680 --> 00:12:19.240 basically. I thought it was the best thing ever. I read everything on that BBS, like all of the 00:12:19.240 --> 00:12:25.680 text files about the different systems that were out there, basic commands for different things. 00:12:25.680 --> 00:12:31.400 I was fantasizing about operating systems I had never contacted before and being like, 00:12:31.400 --> 00:12:36.640 oh, I can — oh, I can do this, I can do this. It wasn’t just different operating systems. It was, 00:12:36.640 --> 00:12:41.160 oh, the computer viruses and how to write a virus and do all these different things, 00:12:41.160 --> 00:12:47.860 and I was fascinated by it. I just loved all of it, and that was it. I was in. 00:12:47.860 --> 00:12:53.000 JACK: I know exactly what he means by being in. I got on bulletin board systems, 00:12:53.000 --> 00:12:57.800 too, when I was young, or BBSs, and it was strange and weird, and I didn’t get it. So, 00:12:57.800 --> 00:13:04.360 I didn’t enjoy it. But when I got in AOL, I found some chat rooms where a bunch of people were just 00:13:04.360 --> 00:13:11.640 talking all at once in real time, and that blew my mind. I was instantly hooked on chat rooms, 00:13:11.640 --> 00:13:17.400 and would spend countless hours just talking with tons of people. That’s when I fell in love 00:13:17.400 --> 00:13:24.720 with the internet. I was in. I soon discovered IRC after that, and I’ve been in ever since. 00:13:24.720 --> 00:13:30.520 GRIFTER: Living where I did, I thought, okay, well, I’ll probably never leave New York, 00:13:30.520 --> 00:13:36.480 right? I didn’t — the idea of traveling the world and doing things like that was as foreign to me as 00:13:36.480 --> 00:13:44.280 those places were. But a computer changed all of that. [Music] I could dial into a system and hop 00:13:44.280 --> 00:13:51.160 from one to the next to the next across networks that were traversing undersea cables and ending 00:13:51.160 --> 00:13:58.800 up in other countries I never thought I’d get to travel to. I thought, well, if I access a system, 00:13:58.800 --> 00:14:05.360 let’s say in Amsterdam, I know that when I do that and I’m interacting with that machine, 00:14:05.360 --> 00:14:11.600 the lights on the modem or network card are flashing and the hard drive is spinning up 00:14:11.600 --> 00:14:17.800 because I’m accessing files from there, and in my twelve and thirteen-year-old brain, 00:14:17.800 --> 00:14:24.720 I felt like I was there. It was my way of touching a place that I didn’t think I’d 00:14:24.720 --> 00:14:30.400 ever make it to physically. I knew that it was in a closet somewhere and nobody could see it, 00:14:30.400 --> 00:14:36.300 but somehow and in some way, I was physically affecting that environment. 00:14:36.300 --> 00:14:39.160 JACK: So, that’s what he was up to online, 00:14:39.160 --> 00:14:44.140 but in normal life, in a meet space, he was constantly getting in trouble. 00:14:44.140 --> 00:14:51.400 GRIFTER: So, growing up without a lot of money in an area where people didn’t have a lot of money, 00:14:51.400 --> 00:14:56.960 I would say I wasn’t a good kid. I’ve been trying to make up for it ever since, but we 00:14:56.960 --> 00:15:02.680 did crime. [Music] I shoplifted like crazy. I ran every scam you could run. We would steal cars; 00:15:02.680 --> 00:15:08.120 we would break into cars and steal stereos and speakers. We would — I live near a marina; 00:15:08.120 --> 00:15:15.960 we would go rob the boats. We’d break into houses. We fought people constantly for fun. It wasn’t… 00:15:15.960 --> 00:15:17.540 JACK: Okay, tell me about one of these fights. 00:15:17.540 --> 00:15:24.920 GRIFTER: Okay, so, I like fighting. I like physical fighting. I don't know why. I think 00:15:24.920 --> 00:15:29.680 it just — something — I enjoy it. I know that makes me sound like a psychopath, 00:15:29.680 --> 00:15:35.240 but I like facing off against somebody else and seeing where you come out on it. At the time, 00:15:35.240 --> 00:15:42.440 it was just — we would get in fights with either random people or people from rival gangs, 00:15:42.440 --> 00:15:47.640 that kind of stuff, where it was just like, okay, you're in some part of town that you're 00:15:47.640 --> 00:15:54.200 not supposed to be in. I’d just get into fights. I’d go pick a random fight. I’d fight two people 00:15:54.200 --> 00:15:59.120 at once. I would just — I liked fighting, and a lot of my friends were the same way. 00:15:59.120 --> 00:16:03.480 Sometimes we would just go out and just get into as many fights as we could get in. 00:16:03.480 --> 00:16:08.560 JACK: He says the area he was in had a lot of this stuff happening. As a kid, 00:16:08.560 --> 00:16:12.640 if that’s all you see, then you kind of assume that’s what everyone’s like. 00:16:12.640 --> 00:16:18.160 GRIFTER: I thought that was normal. When I watched TV and I saw the types of things that you'd see 00:16:18.160 --> 00:16:24.280 on the Disney Channel or something like that, some Disney Channel original movie, I was like, 00:16:24.280 --> 00:16:28.960 that’s fantasy. This is a fantasy world that people wish existed. I didn’t realize that there 00:16:28.960 --> 00:16:33.320 were people who grew up in towns that, one, looked like that or that people behaved the way that they 00:16:33.320 --> 00:16:40.000 did. I didn’t know any different, right? I didn’t know that it wasn’t normal to walk home at night, 00:16:40.000 --> 00:16:46.840 and if a car is coming, dip behind a tree or a telephone pole because you might end up hurt, 00:16:46.840 --> 00:16:53.120 right? You might end up in a bad situation. I didn’t know that that wasn’t a normal thing. So, 00:16:53.120 --> 00:16:59.520 it was in part survival and another part — you make a reputation or get a name for yourself where 00:16:59.520 --> 00:17:07.360 it’s like, oh, okay, well, yeah, don’t get in a fight with him because you'll lose. My thing was, 00:17:07.360 --> 00:17:13.160 I can take a punch and I can get hit a lot, and it’s really hard to knock me out. 00:17:13.160 --> 00:17:18.300 JACK: Grifter’s world was rough, and to get ahead, it felt like you had to break some rules. 00:17:18.300 --> 00:17:24.520 GRIFTER: There was a chain of stores that are kind of department stores, like a Kmart type of thing, 00:17:24.520 --> 00:17:29.040 actually, or something like that, where a couple of friends — we’d all go on a Saturday 00:17:29.040 --> 00:17:33.040 and we’d go out to the store and we’d do the barcode swapping. [Music] Like, so, 00:17:33.040 --> 00:17:39.120 sticker swapping. So, you just go out, swap the sticker on something. So, you'd see a crystal 00:17:39.120 --> 00:17:45.120 bowl and then there’d be another glass bowl. And so, you'd take that and you'd swap the price tags 00:17:45.120 --> 00:17:53.760 on it so the crystal bowl that should be $300, you go buy for $30, and then you swap the tags back, 00:17:53.760 --> 00:18:00.400 and then you go return it. We’d just go out on a Saturday and we’d hit like, seven or eight stores. 00:18:00.400 --> 00:18:04.160 We’d go buy it at one store, return it at the next one, buy some other stuff at that store, 00:18:04.160 --> 00:18:10.760 go return it at the next one, go do stuff like that. For a small crew of people, 00:18:10.760 --> 00:18:18.280 we were pulling in some pretty decent money. None of my friends were into computers at all, 00:18:18.280 --> 00:18:25.640 but I was, and so, I knew how to do some things that they had no knowledge of. Like, 00:18:25.640 --> 00:18:29.240 carding is what we called it back in the day, which is basically just 00:18:29.240 --> 00:18:37.080 really identity theft and credit card fraud, and then order a bunch of stuff like computer 00:18:37.080 --> 00:18:42.320 parts or clothes or different things and get them shipped or mailed to abandoned houses. 00:18:42.320 --> 00:18:47.160 I’d just leave a note on the door that said, ‘Hey, UPS guy, not home. Please 00:18:47.160 --> 00:18:52.760 leave the package under a blanket.’ So, that was something that my friends wouldn't know 00:18:52.760 --> 00:18:57.840 how to do naturally that I kind of taught them, right? Like, here’s how we do this, 00:18:57.840 --> 00:19:03.400 and then we can make some money. So, then we had essentially stolen goods that were sent to us, 00:19:03.400 --> 00:19:07.000 and then we would just — some of the stuff we got that we wanted to keep 00:19:07.000 --> 00:19:13.200 and other things were things that we would then go and resell and get money that way. 00:19:13.200 --> 00:19:18.600 JACK: He was ordering things like Tommy Hilfiger jackets, FILA shoes, and other streetwear at the 00:19:18.600 --> 00:19:22.200 time. So, he was looking fresh everywhere he went, and he would sell it for cheap, too. 00:19:22.200 --> 00:19:27.400 He would be your hookup. Of course, along with this lifestyle came drugs, so he dabbled in that, 00:19:27.400 --> 00:19:32.840 partaking in it himself for a while. But then he quit. He didn’t like how it was ruining his 00:19:32.840 --> 00:19:39.920 brain. He saw his brain as a very important thing that he didn’t want to lose. But he saw that other 00:19:39.920 --> 00:19:44.340 people were doing drugs, and he saw this as an opportunity to make money from it, so he sold it. 00:19:44.340 --> 00:19:50.960 GRIFTER: I did all this physical meet-space crime, normal crime during the day. I was 00:19:50.960 --> 00:19:56.760 just a — like I said, kind of a shitty person, like a shit kid doing all this random stuff, 00:19:56.760 --> 00:20:00.600 but at night I was still completely wrapped up in the hacker world, 00:20:00.600 --> 00:20:08.840 right? But then eventually I was just breaking into different systems, and I got into a system 00:20:08.840 --> 00:20:20.626 that ultimately turned out to be a large credit card provider, a credit company. 00:20:20.626 --> 00:20:25.000 JACK: [Music] At first he didn’t know he was in a credit card provider. The internet’s a dark place. 00:20:25.000 --> 00:20:29.720 You don’t always get to see where you're going, and hacking back then was barely even hacking. 00:20:29.720 --> 00:20:31.240 GRIFTER: That’s the thing that is different about 00:20:31.240 --> 00:20:37.040 the time that we grew up in versus I think what we have with hackers now, 00:20:37.040 --> 00:20:42.200 is that we do talk about these things like they're massive achievements. It’s like, 00:20:42.200 --> 00:20:46.320 oh, when I was a kid, I broke into NASA. It’s like, when you were a kid, you logged into NASA. 00:20:46.320 --> 00:20:49.720 JACK: You just had to know an IP address or a phone number to connect to, 00:20:49.720 --> 00:20:55.160 and if they had security at all, it might ask you for a username, but it didn’t always. You 00:20:55.160 --> 00:20:59.640 could just type anything in and it might let you in, or you could just wait and it might just time 00:20:59.640 --> 00:21:05.640 out and then let you in. It wasn’t hard to hack back then, but nobody knew what they were doing, 00:21:05.640 --> 00:21:10.960 so it kinda was hard because there weren't tutorials on how to do any of this stuff. So, 00:21:10.960 --> 00:21:15.840 if you just tried enough places, you might end up finding something that did let you in, 00:21:15.840 --> 00:21:20.920 and that’s how he got into this company, a credit card provider. While he’s in that network, 00:21:20.920 --> 00:21:25.600 he was looking around to see what files were there, and he found some training manuals for how 00:21:25.600 --> 00:21:32.560 to process a new credit card. So, basically, after someone passes their credit check, an employee at 00:21:32.560 --> 00:21:38.920 this company needs to issue them a card, and this training manual shows exactly how to do that. So, 00:21:38.920 --> 00:21:44.440 here Grifter is, inside the company, inside the computer that is used to internally create a 00:21:44.440 --> 00:21:50.280 new credit card for a customer, and he has the tutorial on how to process it. 00:21:50.280 --> 00:21:56.760 GRIFTER: I went looking for the database, and then when I found it, it was not too difficult 00:21:56.760 --> 00:22:02.720 to then figure out what I needed to fill in and where. The initial one was — I was just like, 00:22:02.720 --> 00:22:06.440 I wonder if I could do this. I wonder if I put in — if I fill in these fields if 00:22:06.440 --> 00:22:11.440 I could get them to send me something. I filled out the fields appropriately and 00:22:11.440 --> 00:22:16.960 put in an address that I had been using as a drop for some of the carding stuff, 00:22:16.960 --> 00:22:23.760 and then I waited. Then a couple — I just watched that house and I’d check the mailbox every couple 00:22:23.760 --> 00:22:29.440 days or something to see if anything had been delivered, and eventually I — one day I opened 00:22:29.440 --> 00:22:34.640 the mailbox and there was an envelope in it from the credit card company, and it had a 00:22:34.640 --> 00:22:45.480 card in the name that I had put. I was elated and horrified in equal measure. I was like, 00:22:45.480 --> 00:22:53.200 oh my gosh. It created this kind of excitement mixed with panic because I was like, oh, this is 00:22:53.200 --> 00:23:00.520 real crime. This is actual, bad — even though all the other stuff was real crime, something 00:23:00.520 --> 00:23:07.760 about that made it very real to me, like holding it in my hands. I remember running home, going 00:23:07.760 --> 00:23:14.700 into my room, opening it up, holding the card in my hand, and then just being like, oh my gosh. 00:23:14.700 --> 00:23:21.680 JACK: He laid on his bed and just held it up, staring at it, his very own credit card, 00:23:21.680 --> 00:23:25.680 and one he doesn't have to pay back because he put a fake name on it, 00:23:25.680 --> 00:23:29.040 and the credit card company has no idea who he is 00:23:29.040 --> 00:23:35.860 to try to come after him. The letter said there’s a $5,000 limit on this card. Wow. 00:23:35.860 --> 00:23:43.800 GRIFTER: After daydreaming about it for a day or two, I realized you can't ever use this. You're 00:23:43.800 --> 00:23:52.600 not going to be able to walk into a store in a mall at fifteen years old and walk up with your 00:23:52.600 --> 00:23:58.080 credit card and buy whatever. It just didn’t seem — I didn’t realize also that people — there are 00:23:58.080 --> 00:24:04.360 kids that did that in other places in the world, but I just thought there’s no way anyone’s gonna 00:24:04.360 --> 00:24:14.320 believe that you should have a credit card. So, I just sat on it. [Music] But I was — I was like, 00:24:14.320 --> 00:24:17.320 I wonder if that was a fluke. Let me see if I could do it again. Again, 00:24:17.320 --> 00:24:23.480 I sent another one to a different house, and again it showed up. I was like, okay, I’ve got 00:24:23.480 --> 00:24:30.520 something here. I’m not quite sure what, 'cause I know I can't use these. What can I do with them? 00:24:30.520 --> 00:24:36.160 JACK: There was a guy he knew, the dad of one of his friends, and this dad was 00:24:36.160 --> 00:24:40.920 part of a group that did organized crime. Like, in New York, fireworks were illegal, 00:24:40.920 --> 00:24:45.480 but this dad would have Grifter and some other kids go around and see who wanted fireworks, 00:24:45.480 --> 00:24:48.400 almost like they're going around selling Girl Scout cookies, and then you put your 00:24:48.400 --> 00:24:52.000 order in of what fireworks you want, and then a few weeks later, Grifter would come back and 00:24:52.000 --> 00:24:56.400 deliver the fireworks to you. In fact, this guy was so into organized crime that he was 00:24:56.400 --> 00:25:01.320 often hanging out with mafia-type people and had connections to some pretty serious criminals. 00:25:01.320 --> 00:25:08.920 GRIFTER: Because I knew that he had some connection to actual criminals, I approached 00:25:08.920 --> 00:25:19.240 him and said, hey, so, I can do this thing where I can get access to credit cards with higher limits 00:25:19.240 --> 00:25:24.400 on them, and I don't want to use them. I don't want to be on camera in stores. I don't want to 00:25:24.400 --> 00:25:30.960 do anything. Is that something that you or your people would be interested in? He was — then he 00:25:30.960 --> 00:25:36.720 was like, yes. He just said immediately, like, yeah, yeah, I would. I’m like, okay. He’s like, 00:25:36.720 --> 00:25:40.960 let me talk to some people or whatever. He’s like, what are we talking here? I’m like, I don't know, 00:25:40.960 --> 00:25:48.320 $5,000, $10,000, whatever, whatever. He’s like, let me find out what I can get you. Then he came 00:25:48.320 --> 00:25:53.680 back and said, oh, well, I need to know it’s real. Do you have something to prove it? Dadda-dadda-da. 00:25:53.680 --> 00:26:00.360 I said, sure; got him one of the cards that I had gotten, and I was like, that one’s $5,000. 00:26:00.360 --> 00:26:08.200 He’s like, well, I’m — I can give you ten percent for that. I’m like, okay. So, I get five hundred 00:26:08.200 --> 00:26:16.240 bucks? He’s like, yeah. Then he peeled off five hundred-dollar bills and said, this better work. I 00:26:16.240 --> 00:26:23.040 was like, it’ll work. Then I was terrified 'cause I was like, what if it doesn't work? Oh my gosh, 00:26:23.040 --> 00:26:26.720 right? But so, I was like, don’t spend the money, right? Like, don’t spend the money. 00:26:26.720 --> 00:26:32.360 But now I had been handed money for something that — I was like, okay, this is actually a little bit 00:26:32.360 --> 00:26:38.520 nerve wracking, but it worked, right? Then he came back and he was like, okay, great. Can you 00:26:38.520 --> 00:26:42.520 do it again? I was like, well, I already have. I have one right now. He’s like, alright, go get it, 00:26:42.520 --> 00:26:47.120 right? I went and got it and then I gave it to him and then he — again, he peeled off another 00:26:47.120 --> 00:26:54.306 five hundred bucks and he’s like, just come to me whenever you got it. I was like, alright. 00:26:54.306 --> 00:26:58.520 JACK: [Music] So, Grifter logged back in to the credit card company and processed another card 00:26:58.520 --> 00:27:03.760 under another fake name, and that was going to another abandoned house. This was making money 00:27:03.760 --> 00:27:10.120 for him. But this guy wanted more, much more, and Grifter would get into arguments with him saying, 00:27:10.120 --> 00:27:13.920 man, if we do too much, they're gonna know and they're gonna shut us down. But if we take it 00:27:13.920 --> 00:27:18.080 slow, we can keep things going for a while, and Grifter was right. He would only give himself 00:27:18.080 --> 00:27:24.900 a new credit card every two weeks, and that allowed him to keep it going for two whole years. 00:27:24.900 --> 00:27:29.640 GRIFTER: I don't know how long that worked because I eventually just stopped doing 00:27:29.640 --> 00:27:39.160 it. At about seventeen years old, I decided that I needed to get out of my town. I was 00:27:39.160 --> 00:27:44.360 sitting in the back of my friend’s car, and he said, just wait until we're like, 00:27:44.360 --> 00:27:51.920 twenty-five. We're gonna own this town. I said, own what? Are you kidding me? Holy shit, 00:27:51.920 --> 00:27:58.920 if I’m still here when I’m twenty-five, you guys kill me. I was like, oh my gosh, I have to get 00:27:58.920 --> 00:28:05.160 out. I have to get out of this town. So, I didn’t have money, right? I didn’t have a way to pay for 00:28:05.160 --> 00:28:10.780 college. I didn’t have a way out, and a common response to that is — I went to the military. 00:28:10.780 --> 00:28:12.740 JACK: What? You went to the military? 00:28:12.740 --> 00:28:14.160 GRIFTER: Yeah. 00:28:14.160 --> 00:28:17.880 JACK: This is a — I would not expect a life of crime, 00:28:17.880 --> 00:28:21.620 hacking, drugs, and then suddenly, military. 00:28:21.620 --> 00:28:26.040 GRIFTER: Yeah, this was a massive shift in my brain and I just said, 00:28:26.040 --> 00:28:31.200 I have to go and I have to do this immediately, and while I was still a senior in high school, 00:28:31.200 --> 00:28:36.720 signed the papers, man, and commited to go. My parents had to sign me over because I wasn’t 00:28:36.720 --> 00:28:41.640 eighteen, and I went into the military when I was seventeen years old. So, as soon as I graduated, 00:28:41.640 --> 00:28:47.720 I went to the Air Force. That is — that was an incredibly eye-opening experience for me as well, 00:28:47.720 --> 00:28:53.240 because right into basic training, I met people who — they’d never been in a fist fight before, 00:28:53.240 --> 00:28:58.160 right? I was like, how? I just — I could not comprehend how. How 00:28:58.160 --> 00:29:02.880 did you not run your mouth at some point to a level that somebody wanted to put their fist 00:29:02.880 --> 00:29:08.960 in it? Then I’d hear the stories about how they grew up, and I was like, what? 00:29:08.960 --> 00:29:13.320 My mom tried to raise me with more wholesome — whatever, and I did pretty good in some areas 00:29:13.320 --> 00:29:20.000 and really poorly in others, but the Air Force core values are integrity, service before self, 00:29:20.000 --> 00:29:25.640 and excellence in everything you do. I took that to heart. I didn’t even really know what integrity 00:29:25.640 --> 00:29:29.640 meant at the time. I had heard the word but I didn’t really know what it meant. Essentially 00:29:29.640 --> 00:29:35.800 to me, the way that I took it was it’s like, doing the right thing even if nobody’s looking, 00:29:35.800 --> 00:29:40.480 right? I was like, okay, do the right thing even if nobody’s looking. Great. Service before self; 00:29:40.480 --> 00:29:45.320 okay, so, put others before you. Always try to put others before you. Okay, I’ll try to do that. Then 00:29:45.320 --> 00:29:50.200 excellence in everything that you do, that was something that my mother had already instilled 00:29:50.200 --> 00:29:53.720 in me as well, where she was like, if you're gonna be — she’s like, I don't care what you are. 00:29:53.720 --> 00:29:57.280 If you're gonna be something, be the best at it, whatever it is. You're gonna grow 00:29:57.280 --> 00:30:01.400 up and you're gonna be a janitor? Be the best janitor there is. You're gonna be a 00:30:01.400 --> 00:30:04.840 surgeon? Be the best surgeon there is. But if you're gonna put effort into something, 00:30:04.840 --> 00:30:11.280 if you're gonna spend your time on it, be the best, right? So, those core values, 00:30:11.280 --> 00:30:17.640 those Air Force core values really took hold, and the military was really good for me because it 00:30:17.640 --> 00:30:24.040 forced me to be an adult. It put me in a situation where it was like, oh, you have to — you can't 00:30:24.040 --> 00:30:29.560 just tell somebody what you think of them just because you think it. You can't swing on someone 00:30:29.560 --> 00:30:34.760 because they mouthed off to you. You have to show up here on time and you have to come ready 00:30:34.760 --> 00:30:39.760 to do the hard things and all — whatever. The military was super, super good for me. 00:30:39.760 --> 00:30:45.680 JACK: He got stationed in Utah, and in the Air Force he was assigned to fix F-16 avionics. He 00:30:45.680 --> 00:30:49.280 wanted to do computers, but you don’t really get a choice. They just tell you what to do. 00:30:49.280 --> 00:30:53.720 But it was cool to sit in the cockpit and swap out instruments. He was even deployed to the 00:30:53.720 --> 00:30:57.920 Middle East for a while, but after a while, the whole thing was starting to frustrate him. 00:30:57.920 --> 00:31:04.440 GRIFTER: If there’s anything that just riles me up or a pet peeve of mine, it’s inefficiency, 00:31:04.440 --> 00:31:08.680 and the military is really inefficient. So, I would be like, hey, if we change this process, 00:31:08.680 --> 00:31:12.440 it would save us this many hours and probably this many parts and all this sort of whatever. They 00:31:12.440 --> 00:31:18.080 would be like, just do it the way the Air Force tells you. I hated that. Oh, I hated it. Then 00:31:18.080 --> 00:31:22.920 also, in a lot of cases, you get rank because you've been there longer or you test better 00:31:22.920 --> 00:31:27.320 than other people. It’s not about leadership experience. So, you'd have to take orders from 00:31:27.320 --> 00:31:32.880 people who were making poor decisions, and I just couldn't do it. I was like — one, I can't keep my 00:31:32.880 --> 00:31:40.720 mouth shut, and two, I just — I can't handle it as a person. So, I was like, I’ve gotta get out. So, 00:31:40.720 --> 00:31:47.120 when I got out of the military, I only knew how to do two things, and it was work on F-16s or 00:31:47.120 --> 00:31:52.840 break into computers. So, I was like, okay, well, I guess I’ll go back to breaking into computers. 00:31:52.840 --> 00:31:56.600 JACK: Stay with us. We're gonna take a quick break, but when we come back, 00:31:56.600 --> 00:32:01.200 Grifter breaks into computers. Now, Grifter was stationed in Utah, 00:32:01.200 --> 00:32:08.200 and one state over from Utah is Nevada where the biggest hacker conference in the world is, Defcon. 00:32:08.200 --> 00:32:15.520 GRIFTER: So, I knew about Defcon from the first Defcon, but being poor and being fourteen years 00:32:15.520 --> 00:32:21.000 old or something when Defcon started, I was like, well, my parents are never gonna take 00:32:21.000 --> 00:32:25.480 me to Las Vegas and I can't afford to go there myself. It was like a month 00:32:25.480 --> 00:32:32.680 or two months before I was separating from the military, Defcon 8 happened in 2000. I was like, 00:32:32.680 --> 00:32:37.920 screw it. I’m going. Military be damned, I’m gonna go. So, I did. [Music] I went 00:32:37.920 --> 00:32:45.000 out to Defcon and met my people, essentially. It was great. It was an incredible experience. 00:32:45.000 --> 00:32:47.820 JACK: What makes you connect with the people at Defcon? 00:32:47.820 --> 00:32:52.880 GRIFTER: So, yeah, I had been to small hacker meetings before, but going — and at the time, 00:32:52.880 --> 00:32:58.280 it was probably — I don't know, there might have been a thousand of us or something like that 00:32:58.280 --> 00:33:03.360 at Defcon 8, if that. I loved the fact that you could just — anybody could be 00:33:03.360 --> 00:33:05.960 talking about anything. You could walk up to somebody and be like, 00:33:05.960 --> 00:33:09.880 what are you guys talking about? They’d start talking about something, and whatever it was, 00:33:09.880 --> 00:33:14.360 it was interesting. You know? There was something interesting. Or there’d be people crowded around 00:33:14.360 --> 00:33:19.920 a table with computers and some electronics or something, whatever, and they're like, 00:33:19.920 --> 00:33:25.800 oh, we're trying to get this thing to do this. I had this idea in my head that I was like, oh man, 00:33:25.800 --> 00:33:32.520 if we could actually take all these people and stick them on an island and just be like, 00:33:32.520 --> 00:33:39.280 here’s the problem that we have; can you solve it? There was nothing that couldn't be solved. So, 00:33:39.280 --> 00:33:44.520 I knew from that first time I went that I would always go to Defcon, that that would be it. 00:33:44.520 --> 00:33:48.560 JACK: I felt the same way. The first Defcon I went to was Defcon 17, 00:33:48.560 --> 00:33:54.160 and that was back in 2009. Yeah, the place feels magic. It’s just electric. It’s amazing, 00:33:54.160 --> 00:33:59.120 and I was hooked from that first visit, and I’ve been going for fifteen years now. 00:33:59.120 --> 00:34:04.440 GRIFTER: At Defcon 8, a buddy of mine had brought twenty t-shirts or something that he had brought, 00:34:04.440 --> 00:34:06.862 and I was like, what’s the t-shirts for? He said, oh, I’m gonna sell the t-shirts when we get there. 00:34:06.862 --> 00:34:11.600 We road-tripped down, right? So, he was like, I’m gonna sell the t-shirts when we get there, 00:34:11.600 --> 00:34:16.960 twenty bucks apiece, and that will fund my weekend. So, it’ll pay for the hotel, 00:34:16.960 --> 00:34:23.240 I’ll get to eat really good, oh, whatever, it’ll pay for Defcon. I’m like, oh, what a cool idea. 00:34:23.240 --> 00:34:30.560 So, the next year, I decided I was gonna make t-shirts, but I don't do anything halfway. So, 00:34:30.560 --> 00:34:35.000 I was like, okay, well, I’m gonna get a table in the vendor area. I’m gonna make a t-shirt. I got 00:34:35.000 --> 00:34:41.200 a — I had a really nice design put together, and I ordered 320 t-shirts, twenty to trade to 00:34:41.200 --> 00:34:46.760 friends and to other t-shirt vendors, and 300 of them to sell. So, I took them down and we 00:34:46.760 --> 00:34:52.440 sold them all in the vendor area. It was a really nice design, so they were gone, and I was like, 00:34:52.440 --> 00:34:58.480 sweet, I just made a bunch of money off of selling t-shirts. Then I met Russ Rogers. 00:34:58.480 --> 00:35:03.080 JACK: Russ Rogers is one of the conference organizers and asked Grifter to goon next year, 00:35:03.080 --> 00:35:07.320 which basically means to volunteer, to help with the conference. There’s a lot of different types 00:35:07.320 --> 00:35:13.280 of goons. There’s crowd-control goons, speaker assistants, technical support, and other things 00:35:13.280 --> 00:35:18.240 like helping with the vendors or contests. But at the time, everyone had to start at security, 00:35:18.240 --> 00:35:23.440 which is crowd control and checking badges. There are massive lines at Defcon, and someone 00:35:23.440 --> 00:35:27.640 has to keep them all in check. So, he took the role of goon and was part of the Defcon staff. 00:35:27.640 --> 00:35:30.640 GRIFTER: At Defcon 10 I was a security goon, 00:35:30.640 --> 00:35:34.720 and then at Defcon 11 I went and I was a vendor goon. Yeah, 00:35:34.720 --> 00:35:41.180 and then I’ve been a goon ever since. So, from Defcon 10 ‘til now, this year, will be Defcon 33. 00:35:41.180 --> 00:35:45.160 JACK: Gosh, that’s twenty-three years of being with Defcon at this point. 00:35:45.160 --> 00:35:48.400 Because of his attitude of being excellent in everything he does, 00:35:48.400 --> 00:35:51.180 he quickly started taking on more responsibility at Defcon. 00:35:51.180 --> 00:35:56.160 GRIFTER: I started doing things like — I ran the Defcon forums with another guy who went by 00:35:56.160 --> 00:36:01.680 Nulltone. The two of us were the administrators for the Defcon forums. At the same time that I 00:36:01.680 --> 00:36:05.600 was gooning I was a vendor as well. I never stopped selling t-shirts. So, I was a goon, 00:36:05.600 --> 00:36:11.760 a vendor, I was administrator for the Defcon forums, I ran the Defcon Scavenger Hunt — oh, 00:36:11.760 --> 00:36:16.080 and then starting at Defcon 10, I started speaking. So, I spoke at Defcon 10, 11, 00:36:16.080 --> 00:36:22.840 12, 13 or whatever. So, I was busy, right? Then somewhere in there as well, 00:36:22.840 --> 00:36:27.226 I eventually started running all the technical operations for Black Hat. 00:36:27.226 --> 00:36:30.280 JACK: [Music] Black Hat is another hacker conference in Vegas, and it’s happening 00:36:30.280 --> 00:36:35.320 the same week as Defcon. They're both started by the same person, Dark Tangent, 00:36:35.320 --> 00:36:40.840 but Black Hat has an entirely different vibe over there. It’s more professional and corporate 00:36:40.840 --> 00:36:46.960 compared to Defcon. I’d describe it as — at Black Hat there are tons of companies all there saying, 00:36:46.960 --> 00:36:51.560 hey, if you buy our products, it’ll make your company safe and secure, while at Defcon, 00:36:51.560 --> 00:36:56.640 the overall message is everything is vulnerable. Nothing is safe and secure, and here’s how to 00:36:56.640 --> 00:37:02.320 hack anything. So, Black Hat, you see more people wearing collars and even ties, while at Defcon, 00:37:02.320 --> 00:37:07.880 everyone just wears all black. Cargo pants are common, mohawks are common, and wires and antennas 00:37:07.880 --> 00:37:12.480 are sticking out of everyone’s backpacks. So, Grifter started volunteering at both conferences. 00:37:12.480 --> 00:37:19.520 GRIFTER: I got busy fast, right? Then I had a day job on top of it. I did become, I guess, part of 00:37:19.520 --> 00:37:25.000 what would be considered to be the Defcon inner circle, right, where it’s like, okay, we need 00:37:25.000 --> 00:37:30.640 to decide what Defcon’s vision is gonna be, what direction are we gonna go in, what are we gonna 00:37:30.640 --> 00:37:37.440 — like, coming up with new ideas to keep Defcon fresh. I came up with the idea for Defcon Groups. 00:37:37.440 --> 00:37:43.920 So, Defcon Groups is hacker meetups that happen in different cities and different countries all 00:37:43.920 --> 00:37:50.840 over the world. They are very similar to the 2600 meetings that I used to go to when I was younger, 00:37:50.840 --> 00:37:58.240 and the reason that we kinda departed from 2600 was because they started to get political and 00:37:58.240 --> 00:38:03.120 kind of let their politics get involved in — they were telling hackers, you should vote for this 00:38:03.120 --> 00:38:09.640 person or vote — and I didn’t like that. I didn’t like the idea of saying, yeah, vote this way. 00:38:09.640 --> 00:38:17.080 So, I approached Dark Tangent, Jeff Moss, and said, hey, I don't like this about the way that 00:38:17.080 --> 00:38:23.240 2600 is going. Defcon has a lot of clout. We could probably do something like that, and we’ll do it 00:38:23.240 --> 00:38:28.840 by area code, and we could just — we’ll come up with a name for it or whatever. He’s like, 00:38:28.840 --> 00:38:33.640 I love it. Love the idea. Talk to Russ — again, Russ Rogers — and he’s like, yeah, let’s do it. 00:38:33.640 --> 00:38:39.120 We came up with all the ground rules and concept and all, whatever, and the structure for it, 00:38:39.120 --> 00:38:44.400 and then we started running Defcon Groups, our meetups. I think it was February of 2003, 00:38:44.400 --> 00:38:49.920 I want to say, and it was Salt Lake City and Colorado Springs, which is where Russ is from. So, 00:38:49.920 --> 00:38:57.040 we had DC801 and DC719, and those were the first two Defcon Groups. We ran them until Defcon, 00:38:57.040 --> 00:39:01.980 and then we announced Defcon Groups at Defcon, and it spread like wildfire. 00:39:01.980 --> 00:39:06.360 JACK: Defcon Groups has grown to over a hundred chapters worldwide, and there, 00:39:06.360 --> 00:39:09.960 typically really cool people go to these things. A lot of people ask me, hey, how do I get started 00:39:09.960 --> 00:39:14.920 in cyber security or where can I find a mentor? I always recommend them to look to see if there’s 00:39:14.920 --> 00:39:19.720 Defcon Groups in your area. It’s a great way to meet people who are super passionate about cyber 00:39:19.720 --> 00:39:24.120 security. I attended one just the other day, and it was great. I met so many cool people. 00:39:24.120 --> 00:39:27.800 GRIFTER: I mentioned all of the stuff that I did previously, right; so, it was like, 00:39:27.800 --> 00:39:32.600 Defcon administrator, vendor, goon, running the Defcon Scavenger Hunt — oh, 00:39:32.600 --> 00:39:40.240 we also ran the Defcon movie channel. It was a lot. I was doing a lot, and I said to DT after 00:39:40.240 --> 00:39:48.360 Defcon 13 — I was like, I’m gonna stop gooning. It’s just too much. It’s too much. He was like, 00:39:48.360 --> 00:39:52.760 please don’t. You know, he’s like, don’t stop. What’s the problem? I was like, I’m just burning 00:39:52.760 --> 00:39:59.000 out. I can't run all of these things. He was like, okay, well, how about this? He’s like, 00:39:59.000 --> 00:40:05.440 we're moving to a new venue next year and it’s gonna be at the Riviera. He’s like, 00:40:05.440 --> 00:40:12.640 and there’s this space that are — they're these sky boxes that overlook the convention floor. 00:40:12.640 --> 00:40:21.040 He’s like, I think — what if you were in charge of whatever we put in that space? 00:40:21.040 --> 00:40:25.240 You can just — it’ll be a small portion of the conference. You can do whatever you 00:40:25.240 --> 00:40:30.320 want with it. Come up with something cool that people will want to do. I was like, 00:40:30.320 --> 00:40:34.820 okay. He’s like, I’m sure people will want to have parties or whatever. I’m like, okay, great. 00:40:34.820 --> 00:40:38.640 JACK: So, he goes to the Riviera, the place where Defcon was gonna be held that year, 00:40:38.640 --> 00:40:43.640 and he looks at the space and tries to decide what to do with it. It’s a cool set of rooms. 00:40:43.640 --> 00:40:48.200 They're up high and they overlook the whole conference. Like I was saying in the intro, 00:40:48.200 --> 00:40:53.200 Defcon has a lot of parties. The conference goes on all day and parties go on all night. In fact, 00:40:53.200 --> 00:40:57.720 there’s so much going on at Defcon it’s actually hard to remember to eat and shower 00:40:57.720 --> 00:41:02.400 and even sleep. It’s the best conference in the world. So, of course, these sky box rooms 00:41:02.400 --> 00:41:08.200 are perfect party rooms. But that’s a nighttime thing. What do you do in them during the day, 00:41:08.200 --> 00:41:13.000 and which parties are gonna be up there? That’s when Grifter got the idea. He posted on the 00:41:13.000 --> 00:41:18.840 Defcon forums; we have a place for you to host a party, but if you want the space, you have 00:41:18.840 --> 00:41:23.400 to fill the room with something cool during the day. You can't just come party at night. 00:41:23.400 --> 00:41:27.440 GRIFTER: The first ones to say, okay, we’ll do it, was TOOOL, 00:41:27.440 --> 00:41:33.640 the open organization of lock-pickers. They were like, we want one of those sky box spaces so we 00:41:33.640 --> 00:41:39.080 can have a party, and we’ll come in and we’ll put out tables and we’ll put a bunch of locks 00:41:39.080 --> 00:41:43.560 on the tables and we’ll teach people introductory lock-picking, [music] and we’ll bring all kinds 00:41:43.560 --> 00:41:48.480 of examples of things to bypass, and we’ll just — we’ll show people how to do it. I was like, 00:41:48.480 --> 00:41:54.800 great. That sounds awesome. Then it was — again, it was Russ who said, hey, I’ll get some folks and 00:41:54.800 --> 00:42:01.160 we’ll set up a hardware-hacking area and we’ll have people come in and they can learn how to 00:42:01.160 --> 00:42:07.280 solder and learn how to do basic electronic stuff, and we’ll teach them how to do that. I was like, 00:42:07.280 --> 00:42:13.680 great. 303 was like, we’ll do talks, but we're gonna do talks that aren't allowed to be recorded, 00:42:13.680 --> 00:42:18.560 that — you can't have your phone out, that you can't — nothing can be — like it doesn't exist, 00:42:18.560 --> 00:42:22.520 right, type of thing. I was like, that sounds cool. Let’s do that. So, that’s how the 00:42:22.520 --> 00:42:27.120 villages started, was — the first ones to call themselves a village was the Lockpick Village. 00:42:27.120 --> 00:42:32.440 JACK: Not only is that where Defcon Villages was born, but it’s also where Skytalks was born. 00:42:32.440 --> 00:42:37.200 That name came to be because there were talks in those sky boxes at the Riviera, 00:42:37.200 --> 00:42:39.920 because all the Defcon talks are recorded and posted to YouTube, 00:42:39.920 --> 00:42:45.600 but Skytalks is where no recordings are allowed, which allows people to give talks that are more 00:42:45.600 --> 00:42:50.920 secretive or maybe even incriminate themselves. I’ve probably been to a dozen of these Skytalks, 00:42:50.920 --> 00:42:55.280 and I’ve heard some pretty wild stories. But what’s more is Skytalks has kinda made its way 00:42:55.280 --> 00:43:00.200 into many other conferences, where there’s a smaller room off to the side and no video or 00:43:00.200 --> 00:43:04.160 recordings are allowed in there. So, that idea also has stuck and spread. 00:43:04.160 --> 00:43:10.000 GRIFTER: So, the next year when it came around, the hardware-hacking people called themselves 00:43:10.000 --> 00:43:14.800 the Hardware Hacking Village. They adopted the name ‘village’ from the Lockpick Village. Then 00:43:14.800 --> 00:43:20.720 another group started the Wi-Fi Village, and they just immediately adopted the name ‘village’ with 00:43:20.720 --> 00:43:24.560 theirs, too. So, they started calling themselves the Wi-Fi Village. So, the second year, so, 00:43:24.560 --> 00:43:31.120 Defcon 15, we had the Lockpick Village, the Wi-Fi Village, and the Hardware Hacking Village. Then 00:43:31.120 --> 00:43:37.480 that concept of having these broken-out areas spread to other conferences. People were like, 00:43:37.480 --> 00:43:40.280 oh, we're gonna have a lockpick area. Oh, we're gonna have whatever, 00:43:40.280 --> 00:43:47.400 and they started calling them villages. So, the village concept or those little community areas 00:43:47.400 --> 00:43:53.000 that you see at all of these other InfoSec and conferences and stuff all came from 00:43:53.000 --> 00:43:59.680 people wanting to throw a party in a sky box at Defcon 14, and then the villages were born. 00:43:59.680 --> 00:44:05.080 JACK: Now, when Grifter first started getting involved with Defcon, everyone only knew him as 00:44:05.080 --> 00:44:09.640 Grifter. That’s the thing about this conference, is it’s not unusual that people just know you 00:44:09.640 --> 00:44:14.240 as your alias or your hacker name, and nobody even questions it. If you say you're Grifter, 00:44:14.240 --> 00:44:17.880 then you're Grifter. Nobody’s gonna be like, oh, that’s funny. What’s your real name, 00:44:17.880 --> 00:44:23.020 though? No, Defcon folks are different. They get it. Privacy is important for all of us. 00:44:23.020 --> 00:44:27.960 GRIFTER: I had been Grifter — like I said, basically I picked that name when I was 00:44:27.960 --> 00:44:33.880 about eight years old, and I used it in the hacker community, and nobody knew my name. When I went to 00:44:33.880 --> 00:44:40.360 hacker meetups, 2600s, when I — anything I did, no one knew my name. I had no online presence at all, 00:44:40.360 --> 00:44:46.240 and I was proud of that. People didn’t know who I was. Then at Defcon 9, my wife at the time, 00:44:46.240 --> 00:44:51.560 my ex-wife, she came with me. I had said something to her, and she was selling 00:44:51.560 --> 00:44:55.400 t-shirts. I said something to her and I was like, alright, I’ll be back in a little while, and I 00:44:55.400 --> 00:45:02.120 walked away. I started walking away and I got a few tables away, and she said, oh, wait, Neil. 00:45:02.120 --> 00:45:07.680 I was like, [gasp]. It — like, [gasp], and I turned around, and the look on my face must have 00:45:07.680 --> 00:45:13.520 just been like, oh my gosh, are you kidding me? Then she — and I’m staring at her, and she goes, 00:45:13.520 --> 00:45:22.720 oh, sorry, Grifter. I was like, oh my gosh, 'cause now even people who weren't looking turned their 00:45:22.720 --> 00:45:30.320 heads and were like, what? Then there were guys that I had known seven, ten years, and they were 00:45:30.320 --> 00:45:37.720 like, your name’s Neil? I was like, yeah. They were like, huh. You don’t look like a Neil. 00:45:37.720 --> 00:45:49.230 I’m like, cool. I was like, oh my gosh. So, that anonymity, to some degree, it flew out the window. 00:45:49.230 --> 00:45:53.280 JACK: So, after a while, Grifter got put in charge of running the Wi-Fi and network at Black Hat, 00:45:53.280 --> 00:45:57.920 that other conference that’s happening in Vegas the same week as Defcon. They call it the Black 00:45:57.920 --> 00:46:02.920 Hat NOC, which stands for network operations center, and I should say even though Black Hat and 00:46:02.920 --> 00:46:07.680 Defcon happen the same week, they don’t actually overlap. Black Hat is Monday, Tuesday, Wednesday, 00:46:07.680 --> 00:46:12.680 Thursday, and Defcon is Friday, Saturday, Sunday. I should also mention that there are many other 00:46:12.680 --> 00:46:16.280 conferences happening that same time, as well. There’s BSides, which is a big one, 00:46:16.280 --> 00:46:20.040 and it’s on Wednesday and Thursday, and there are other ones happening around town. 00:46:20.040 --> 00:46:24.000 Like, there’s Toxic BBQ, which is where a bunch of people meet up in a park and barbeque, 00:46:24.000 --> 00:46:27.560 and there’s a Defcon Shoot, which is where people go to the desert and shoot guns, 00:46:27.560 --> 00:46:32.240 and there’s just meetups all over the place like Diana Initiative and Queercon. At any given 00:46:32.240 --> 00:46:38.160 moment during that week, there are fifty things happening, and it’s overwhelming and awesome. So, 00:46:38.160 --> 00:46:42.400 anyway, Grifter was tasked with setting up the Wi-Fi at Black Hat, which you can 00:46:42.400 --> 00:46:48.583 imagine trying to get a Wi-Fi network up and usable at a hacker conference is challenging. 00:46:48.583 --> 00:46:51.200 GRIFTER: [Music] Yeah, it is. It’s actually incredibly difficult, 00:46:51.200 --> 00:46:57.520 but it’s also super satisfying to do it. It makes it fun. You're going up against 00:46:57.520 --> 00:47:02.600 multiple different types of attacks ongoing throughout the conference at different times, 00:47:02.600 --> 00:47:07.160 trying to hit you in different ways, people learning new things and getting creative. We’ve 00:47:07.160 --> 00:47:12.120 had stuff where somebody discusses a vulnerability for a piece of equipment that we're using at 00:47:12.120 --> 00:47:16.360 the conference, and we’ve gotta scramble to try to make sure that the network stays up, 00:47:16.360 --> 00:47:22.080 because they just told 500 people in a ballroom how to do something against a piece of equipment 00:47:22.080 --> 00:47:27.240 that we’ve got running in the NOC. We call it the Black Hat NOC because it is a NOC. 00:47:27.240 --> 00:47:33.440 It is — we replace every router, every switch, every firewall in every access point at whatever 00:47:33.440 --> 00:47:38.680 venue we go to. So, now that’s Mandalay Bay. It’s the Marina Bay Sands in Singapore and 00:47:38.680 --> 00:47:45.640 it’s the ExCeL Centre in London. But we bring all of our own equipment because it allows us to have 00:47:45.640 --> 00:47:50.120 control over the environment, mitigate attacks if they come. We can't be opening a support ticket. 00:47:50.120 --> 00:47:54.200 JACK: Oh yeah, the hotel would not have a chance against this, would they? 00:47:54.200 --> 00:47:56.440 GRIFTER: Not a chance in hell. 00:47:56.440 --> 00:47:59.480 JACK: What do you tell them, just shut it all down while we're here? 00:47:59.480 --> 00:48:04.240 GRIFTER: Yeah, we actually do. We just say, please shut the Wi-Fi in these areas, yeah. 00:48:04.240 --> 00:48:04.471 JACK: [Laughs] 00:48:04.471 --> 00:48:09.234 GRIFTER: So, yeah, it’s an interesting challenge. 00:48:09.234 --> 00:48:13.200 JACK: You'd think that they’d want to hire you to set up their Wi-Fi to be resilient against 00:48:13.200 --> 00:48:17.480 stuff like this and say, wait, just leave what you have here, because we’ll just use it from now on. 00:48:17.480 --> 00:48:20.600 GRIFTER: Yeah, they're getting better. Again, it’s like, years have gone on and stuff. They're 00:48:20.600 --> 00:48:24.680 getting better, not to the point that we're willing to let them run things, 00:48:24.680 --> 00:48:30.520 because again — well, one, we call ourselves the NOC, but we are a full-fledged SOC. We have 00:48:30.520 --> 00:48:35.560 every piece of equipment that a modern-day security operations center has in there, 00:48:35.560 --> 00:48:41.560 and when we initially started out, we were running everything with open-source hardware, 00:48:41.560 --> 00:48:48.180 open-source scripts and software and commercial stuff that you could just buy at Best Buy, right? 00:48:48.180 --> 00:48:52.080 JACK: Yeah, their budget was very small at the beginning, but if you go to Black Hat, 00:48:52.080 --> 00:48:57.440 one thing you won't miss is the expo floor. I went last year, and I was blown away at how big 00:48:57.440 --> 00:49:02.560 it has grown. This is a room where if you are a cyber-security vendor, you can set up a booth 00:49:02.560 --> 00:49:07.480 there and pitch your products to people who are walking through the conference. I walked through, 00:49:07.480 --> 00:49:13.880 and it took me hours and hours to just try to walk past every booth and just read their 00:49:13.880 --> 00:49:20.040 name. It felt like it went on forever. Every cyber-security company in the world 00:49:20.040 --> 00:49:26.720 seemed to be there, and there must have been hundreds. So, as this Black Hat NOC grew, 00:49:26.720 --> 00:49:31.120 it needed more sophisticated equipment, and Grifter wondered, well, with all these 00:49:31.120 --> 00:49:36.160 vendors here, would any of them let us use their gear just for the week? 00:49:36.160 --> 00:49:40.360 GRIFTER: So, we were like, well, what if we went down to the expo floor and we approached 00:49:40.360 --> 00:49:44.720 some of the vendors and we say, hey, if you’ll let us use your equipment or you’ll give us a 00:49:44.720 --> 00:49:51.360 software license, we’ll put your logo in the program that says you helped partner 00:49:51.360 --> 00:49:56.920 with the Black Hat NOC. We go up to the first vendor that we wanted to talk to. They're like, 00:49:56.920 --> 00:50:03.160 yeah, oh, absolutely. They were like, when? Now? Do you want equipment? Do you need people? I was 00:50:03.160 --> 00:50:09.000 like, this response was on a level that I wasn’t prepared for. So, I was like, uh — I was like, 00:50:09.000 --> 00:50:14.320 I think we might be on to something here. They were like, we’d love to help support it. We’ll 00:50:14.320 --> 00:50:20.426 give you whatever you need. I just looked at Bart and I was like, let’s go shopping. 00:50:20.426 --> 00:50:25.240 JACK: [Music] So, him and Bart, the other guy who runs the NOC with him, realized that every vendor 00:50:25.240 --> 00:50:30.480 would love for them to use their equipment for free, because each vendor would love to be able 00:50:30.480 --> 00:50:37.040 to say, we're trusted by Black Hat. If a hacker conference uses our equipment, surely that’s gotta 00:50:37.040 --> 00:50:42.080 mean something. This made building the Black Hat NOC even more fun knowing that they could 00:50:42.080 --> 00:50:48.760 just walk down the hall and get any equipment they wanted to help secure this network. That’s cool. 00:50:48.760 --> 00:50:52.760 Once vendors heard that Grifter was doing this, they started begging him to use their equipment. 00:50:52.760 --> 00:50:57.320 GRIFTER: We’ve been offered money from vendors before where they're like, we’ll cut you a — like, 00:50:57.320 --> 00:51:01.720 personally; not to Black Hat. They're like, hey, Grifter, I’ll cut you a check for a hundred grand 00:51:01.720 --> 00:51:07.800 if you'll put our stuff in the NOC. I’m like, why don’t you take that $100,000 and invest 00:51:07.800 --> 00:51:13.280 it in your product and make it better, and maybe I’ll choose it. I say that for two reasons; one, 00:51:13.280 --> 00:51:21.160 'cause I’m a dick, but two, because integrity, right? I mentioned that earlier. It’s like, no, 00:51:21.160 --> 00:51:29.640 you can't buy my influence in this space, right? I choose what I believe are the best technologies to 00:51:29.640 --> 00:51:36.660 go in here to do the job, and if you want to be in here, be better, and then maybe you'll be in here. 00:51:36.660 --> 00:51:42.040 JACK: Of course, Grifter sees tons of crazy things on the Black Hat network. Like, speakers might be 00:51:42.040 --> 00:51:48.320 on stage demoing an exploit, and it’ll trigger all kinds of alerts in the NOC. A normal NOC 00:51:48.320 --> 00:51:53.000 might freak out seeing that kind of stuff coming from inside their network, but Black Hat realizes, 00:51:53.000 --> 00:51:57.560 oh, that’s fine, since the speaker is just demoing the exploit on stage. Or sometimes they’ll see a 00:51:57.560 --> 00:52:02.040 vendor release a patch, and attendees are trying to reverse-engineer what was fixed in that patch, 00:52:02.040 --> 00:52:05.760 and they’ll find a new vulnerability and they’ll start attacking with it the same day the patch 00:52:05.760 --> 00:52:09.040 is released. So, they’ve gotta hurry up and patch everything as soon as the new patch 00:52:09.040 --> 00:52:13.400 comes out. Or sometimes they see students in classes doing illegal things on the Wi-Fi, 00:52:13.400 --> 00:52:17.440 and of course Grifter will go in there and warn them, hey, you shouldn't be doing that stuff. 00:52:17.440 --> 00:52:21.520 GRIFTER: Then there are things where it’s just folks who are — they think they're 00:52:21.520 --> 00:52:26.520 secure and they show up to Black Hat already compromised. We look for stuff like that. Again, 00:52:26.520 --> 00:52:31.480 it’s an incredibly modern security operations center. People will get on the network and 00:52:31.480 --> 00:52:36.640 they're immediately beaconing out to known C2 or they're hitting malicious sites or doing whatever, 00:52:36.640 --> 00:52:41.920 and we will go and look and be like, okay, is this something that looks like it’s part of a lab? Is 00:52:41.920 --> 00:52:46.120 this something that happened when they first got on? So, people will often say, oh, don’t 00:52:46.120 --> 00:52:52.240 get onto the Black Hat network because you'll get attacked, when I honestly think in reality, 00:52:52.240 --> 00:52:57.640 more people leave secure than they do compromised from Black Hat, because we're looking for it, 00:52:57.640 --> 00:53:03.840 and if we see any kind of communication to known C2, if we see crypto-mining activity or we see 00:53:03.840 --> 00:53:10.000 clear text credentials coming from a device, we send a captive portal to that device that 00:53:10.000 --> 00:53:14.720 is doing it. They’ll get a pop-up the next time they go to browse to something that will say, ‘Hi, 00:53:14.720 --> 00:53:19.680 this is a message from the Black Hat NOC. This device is showing signs of communication to known 00:53:19.680 --> 00:53:25.840 command and control servers. If this is expected behavior, you can ignore this message. If not, 00:53:25.840 --> 00:53:30.920 please stop by the NOC for more information.’ They’ll come by and we can show them packets 00:53:30.920 --> 00:53:36.940 or logs or whatever they need to let them know, hey, you actually showed up compromised. 00:53:36.940 --> 00:53:42.760 JACK: They’ve even seen speakers on stage who are showing signs of infection on their laptop, 00:53:42.760 --> 00:53:46.280 and then they have to go and wait for the speaker to come offstage and then say, hey, 00:53:46.280 --> 00:53:50.480 by the way, your computer is very infected. Okay, I’m gonna ask you some stories about 00:53:50.480 --> 00:53:56.440 Defcon. Is it true that someone rappelled off the roof to try to sneak into a party at Defcon? 00:53:56.440 --> 00:54:00.960 GRIFTER: What happened was the year at the Riv, the year of the sky boxes, we had different 00:54:00.960 --> 00:54:06.920 parties in different sky boxes, and at some point, one of the organizers of the party, 00:54:06.920 --> 00:54:16.440 actually, he came up to me and he was like, hey, so, we picked the lock on the closet and there’s 00:54:16.440 --> 00:54:24.840 a panel in there. If you open that panel, we can get on the roof. I was like, I don't want to hear 00:54:24.840 --> 00:54:31.200 about it. Right? I was like, alright, and then I left. Then a bunch of people went up on the roof, 00:54:31.200 --> 00:54:37.880 and they basically extended the party up onto the roof of the Riviera. It was a whole bunch 00:54:37.880 --> 00:54:43.240 of folks hanging out up there, and this was just the conference in there. So, we're not talking 00:54:43.240 --> 00:54:49.720 twenty floors up. They were probably thirty, forty feet up, whatever it was. Some people are going 00:54:49.720 --> 00:54:53.880 in and out and whatever, and then at one point security showed up. The way that I understand 00:54:53.880 --> 00:55:01.880 it is somebody went off the roof in order to avoid security. Multiple people got caught by security, 00:55:01.880 --> 00:55:08.480 though, and they were asked to leave the property. They got eighty-sixed on Saturday night. 00:55:08.480 --> 00:55:15.480 JACK: Is it true that people will put malicious ATMs around Defcon to steal people’s money? 00:55:15.480 --> 00:55:24.800 GRIFTER: It has happened. I don't know how often it happens, but it has happened. Somebody brought 00:55:24.800 --> 00:55:34.000 an ATM in on a dolly. Like, they rolled it in on a dolly and set it up in the lobby area of 00:55:34.000 --> 00:55:41.920 the convention space trying to get Defcon attendees — that was also at the Riviera. 00:55:41.920 --> 00:55:49.560 JACK: Is it true that there was a federal agent who was there to try 00:55:49.560 --> 00:55:55.360 to arrest hackers or spy on hackers or learn from hackers, whatever, but got so impressed 00:55:55.360 --> 00:55:59.700 by what they were doing that he quit his job as a federal agent and switched to the dark side? 00:55:59.700 --> 00:56:07.140 GRIFTER: No, I haven't heard that one. So, you're gonna have to tell me that. That’s wild. 00:56:07.140 --> 00:56:13.480 JACK: Is it true that there’s a secret room at Defcon where you can buy zero-days? 00:56:13.480 --> 00:56:19.320 GRIFTER: I don't think there’s a secret room. Maybe that was true in the past. It wouldn't have 00:56:19.320 --> 00:56:23.240 been a secret room; it would have just been like, you can talk to this person. I know who the person 00:56:23.240 --> 00:56:28.520 is, but I won't mention their name. I’m sure those kind of things still go on. Everybody could get 00:56:28.520 --> 00:56:34.320 together and have a conversation in a place that was kind of like a demilitarized zone for hackers. 00:56:34.320 --> 00:56:36.840 JACK: Yeah, a demilitarized zone for hackers. 00:56:36.840 --> 00:56:39.120 That’s a really interesting way of putting it. I agree. 00:56:39.120 --> 00:56:39.960 GRIFTER: Yeah. 00:56:39.960 --> 00:56:47.880 JACK: Is it true that every year hackers take over a elevator at some hotel and trap someone in it? 00:56:47.880 --> 00:56:53.000 GRIFTER: I don't think they trap people in it. We have definitely 00:56:53.000 --> 00:57:00.607 taken over elevators all the time. I actually got a talking to from… 00:57:00.607 --> 00:57:00.622 JACK: Oh, geez. 00:57:00.622 --> 00:57:05.320 GRIFTER: [Laughs] This is — this actually happened at Black Hat. It was right after the Mandalay Bay 00:57:05.320 --> 00:57:10.920 had installed the card readers so that then you had to tap your room key to go your floor. I was 00:57:10.920 --> 00:57:15.600 messing with it 'cause that’s what we do, and I knocked the cover off of it, and underneath it was 00:57:15.600 --> 00:57:21.000 — there was an open pin out. But I was like, oh, cool, we could probably connect to this and get to 00:57:21.000 --> 00:57:27.040 any floor we want. I’m like, that’s wild. Then I ran my thumb across the pins, and it shorted out 00:57:27.040 --> 00:57:34.280 and the light blinked green, and I could tap any floor. So, I took a video with my phone really 00:57:34.280 --> 00:57:40.440 quickly where I just — I ran my thumb across it, it blinked green, and then I tapped four 00:57:40.440 --> 00:57:47.160 different floors. The video was probably six to eight seconds long, super quick, and I just posted 00:57:47.160 --> 00:57:56.360 it to my Twitter and said, oh, solid whatever system they’ve got going on in the elevators. 00:57:56.360 --> 00:58:02.600 Seriously, within five minutes, my phone rang and it was the head of security for Mandalay Bay, 00:58:02.600 --> 00:58:06.880 who we work with because we're in the SOC and stuff. So, we have meetings with them and tell 00:58:06.880 --> 00:58:12.280 them the type of stuff we're seeing and all — whatever. He’s like, Grifter! He’s like, 00:58:12.280 --> 00:58:19.760 you're supposed to be on our side! He’s like, will you please take that down? I was like, 00:58:19.760 --> 00:58:25.560 I can't. He was like, no, please take it down. I was like, I’m sorry, I can't. I’ve already 00:58:25.560 --> 00:58:32.560 posted it. It goes against everything I believe as far as it should be better than — you should 00:58:32.560 --> 00:58:37.000 call whoever installed that system on the elevators and make it better. He was like, 00:58:37.000 --> 00:58:40.200 ugh. Then he hung up, and then he called me back and he was like, okay, look, I talked 00:58:40.200 --> 00:58:43.800 to this person, blah, blah, blah. Would you be willing to take it down for X amount of time, 00:58:43.800 --> 00:58:46.880 blah, blah, blah? Then he said the words I didn’t want to hear, which — he was like, 00:58:46.880 --> 00:58:53.000 under responsible disclosure, you have now let us know that a vulnerability exists. 00:58:53.000 --> 00:58:59.740 Please give us time to fix it. I was like, damn it. So, I deleted the tweet and then… 00:58:59.740 --> 00:59:01.425 JACK: He played your game. That’s hilarious. 00:59:01.425 --> 00:59:06.520 GRIFTER: Yeah, he totally did. He totally did. So, yeah, so, I took it down and they fixed it. 00:59:06.520 --> 00:59:10.200 JACK: Is it true that someone set the pool on fire one year? 00:59:10.200 --> 00:59:12.140 GRIFTER: Set the pool on fire… 00:59:12.140 --> 00:59:13.920 JACK: Yeah, like there was smoke coming off… 00:59:13.920 --> 00:59:19.377 GRIFTER: Oh, no, no, no, it wasn’t fire. It was a massive amount of liquid nitrogen. 00:59:19.377 --> 00:59:19.391 JACK: [Laughs] 00:59:19.391 --> 00:59:24.960 GRIFTER: So, it was at Defcon 8, 9, or 10, somewhere in there. It 00:59:24.960 --> 00:59:32.200 was at the Alexis Park. It was Pool 2, and the beverage-cooling-contraption contest had done 00:59:32.200 --> 00:59:39.840 their cooling contest out by the pool earlier that day, and a lot of people had liquid nitrogen. They 00:59:39.840 --> 00:59:45.520 just — that was the go-to, like how they were gonna make it cold fast. Then they took all the 00:59:45.520 --> 00:59:50.800 containers of the stuff that was left over and put them in the little pool house area that was next 00:59:50.800 --> 00:59:56.400 to the pool just for storage, and then when it was at night, there was a party going on out there, 00:59:56.400 --> 01:00:03.680 and one of the guys was like, oh shit, we’ve got all this liquid nitrogen. Let’s see what 01:00:03.680 --> 01:00:12.800 happens. They just dumped gallons and gallons of liquid nitrogen into the pool, and it was 01:00:12.800 --> 01:00:17.680 awesome. It made this cool steam effect. There’s some pictures of it out there somewhere. [Music] 01:00:17.680 --> 01:00:22.680 Another — then the next year, they did it again, and a bunch of people threw blocks of dry ice in 01:00:22.680 --> 01:00:30.420 to try to increase it. Of course, everything — we’ll try to one-up ourselves every time. 01:00:30.420 --> 01:00:34.160 JACK: After decades of going to hacker conferences, 01:00:34.160 --> 01:00:38.560 there are hundreds of stories like this that Grifter has. It’s truly a unique experience 01:00:38.560 --> 01:00:43.120 and you never know what to expect when you go. I once saw Will Smith at Defcon, 01:00:43.120 --> 01:00:47.540 and Deadmau5 was just there last year just walking around checking the place out. 01:00:47.540 --> 01:00:53.760 GRIFTER: I am what I consider — what I define myself as is a high-functioning introvert. So, 01:00:53.760 --> 01:00:58.480 I can get on stage in front of 10,000 people and crack jokes and have a good time and all, 01:00:58.480 --> 01:01:03.800 whatever, and it’s fine. I can go out into the hallway and have a inflatable dinosaur battle 01:01:03.800 --> 01:01:10.640 with my friends and have a blast. I can act like a complete lunatic for the entire time that I’m 01:01:10.640 --> 01:01:17.040 in Vegas with my friends, and it’s great. But then I crawl into a cave and recharge for weeks 01:01:17.040 --> 01:01:22.160 afterwards or I go back to my hotel room. Even during Defcon — I did it a couple times this 01:01:22.160 --> 01:01:27.560 year where it’s like, I’ll just go to my room and lay on the bed. I actually did that right before 01:01:27.560 --> 01:01:32.480 your party this year, where I was like, I’m just gonna go back to my room, I’m gonna take a shower, 01:01:32.480 --> 01:01:36.520 I’m gonna lay on the bed and play a game for a little bit, and then I’ll go out and be social. 01:01:36.520 --> 01:01:40.800 Black Hat used to have a thing they called the Gala Reception which was basically just drinks, 01:01:40.800 --> 01:01:45.840 and it was an open bar and it was a couple of hours, and all the attendees were invited, 01:01:45.840 --> 01:01:52.600 and you’d just hang out and chat. I was in my room after volunteering all day and I was like, 01:01:52.600 --> 01:01:58.720 oh, I don't want to go to this thing. I forced myself to go, and I walk into the reception and 01:01:58.720 --> 01:02:04.480 I hear some guys that are near me mention a book that I had just read. I stopped and I was like, 01:02:04.480 --> 01:02:11.200 oh, that book sucks. The guy kinda chuckles and he’s like, oh yeah? Why? I was like, okay, well, 01:02:11.200 --> 01:02:14.360 the structure of it is this, it’s lacking this, it doesn't talk about these things, 01:02:14.360 --> 01:02:18.280 blah, blah, blah. This book is better if you're looking at that topic. He’s like, oh, 01:02:18.280 --> 01:02:22.560 okay. So, I was like, hey, it’s been a pleasure chatting with you guys. It was nice to meet you. 01:02:22.560 --> 01:02:26.160 The guy was like, wait, let me give you my card. He hands me his card and 01:02:26.160 --> 01:02:31.400 he was the vice president of the publishing company whose books I had just been eviscerating 01:02:31.400 --> 01:02:36.160 for the last forty-five minutes. I just looked at him and I was like, ohh — and he was like, 01:02:36.160 --> 01:02:41.600 ohh, and he’s like, hey, look, man, I really appreciate all the candid feedback. He’s like, 01:02:41.600 --> 01:02:45.560 I want to put you on a list that I have where when we put out a new book, 01:02:45.560 --> 01:02:48.520 we’ll just automatically send it to your house. You let me know what you think of 01:02:48.520 --> 01:02:52.760 it or whatever. That’s — he’s like, would you be down to do that? I was like, absolutely. 01:02:52.760 --> 01:02:57.000 JACK: Well, that relationship grew stronger between Grifter and this publisher to the 01:02:57.000 --> 01:03:00.600 point that the publisher asked Grifter, hey, if you were to write a book, what would you 01:03:00.600 --> 01:03:07.040 make? Grifter said, there should be a book on how to defend your network by attacking back 01:03:07.040 --> 01:03:13.480 at the people attacking you, which I think is ridiculous. Defenders can't be on the offense. 01:03:13.480 --> 01:03:19.200 They can't be aggressive. But he was pitching this idea, and the publisher was liking it. 01:03:19.200 --> 01:03:22.440 GRIFTER: I was like, look, dude, I don't know how to write a book. I don't know how 01:03:22.440 --> 01:03:26.200 to do that or whatever. He’s like, that’s fine. We got editors. We’ll teach you. 01:03:26.200 --> 01:03:30.840 He’s like, why don’t you do it with a few other authors? Just co-author it, 01:03:30.840 --> 01:03:36.080 then you can break it up into chunks. You'll act as the technical editor and make sure that 01:03:36.080 --> 01:03:41.920 everything is legit. I said, yeah, I’d like to do that. Fine, let’s do it. Then I picked 01:03:41.920 --> 01:03:47.320 a few of my friends that I wanted to do it with me, and when I gave him the list of friends, 01:03:47.320 --> 01:03:50.520 he was like, these are some pretty heavy hitters. Are we gonna get these people? 01:03:50.520 --> 01:03:57.040 I’m like, they're just my friends. I don't know. So, it was like Dan Kaminsky, Bruce Potter, 01:03:57.040 --> 01:04:03.480 Pyro, Chris Hurley. He’s like, alright, let’s see what we can do. All of them agreed to do it, 01:04:03.480 --> 01:04:08.000 and then we put out a book. But that was the thing about putting out a book, was I was like, 01:04:08.000 --> 01:04:13.280 am I really just gonna put Grifter on the cover of this thing? I was like, 01:04:13.280 --> 01:04:19.320 I cannot publish a book and not put my name on it. For me, personally, it was like, I want to 01:04:19.320 --> 01:04:25.120 see it on the shelf in a library and be like, that one’s mine. So, I made the decision that I was 01:04:25.120 --> 01:04:33.060 gonna put on there Neil Wyler, AKA Grifter, and that was it, man. The cat’s out of the bag, so… 01:04:33.060 --> 01:04:38.680 JACK: The book is called Aggressive Network Self-Defense, and for ten years I was a 01:04:38.680 --> 01:04:43.920 network security engineer, and I had read quite a lot of books, and this one never 01:04:43.920 --> 01:04:49.560 showed up on my desk. I think it’s because I wasn’t interested in aggressive self-defense… 01:04:49.560 --> 01:04:49.706 GRIFTER: Right. 01:04:49.706 --> 01:04:54.680 JACK: …of a network. This is crazy. This is a crazy book; aggressive self-defense network style. 01:04:54.680 --> 01:04:55.707 GRIFTER: Yeah, because… 01:04:55.707 --> 01:04:56.400 JACK: What is in this book? 01:04:56.400 --> 01:05:01.920 GRIFTER: Well, it was essentially like — there’s this thing that we deal with as defenders every 01:05:01.920 --> 01:05:06.600 day within these companies we work for and as individuals where you're being attacked 01:05:06.600 --> 01:05:13.080 constantly, right, and you're like, when do I get to swing back? Because of my upbringing, right, 01:05:13.080 --> 01:05:21.000 because of the way that I was, I wanted to swing, right? So, I didn’t like the idea that we were in 01:05:21.000 --> 01:05:25.320 this defensive position where somebody could not just poke us in the chest, 'cause getting 01:05:25.320 --> 01:05:29.280 port-scanned was like being poked, right? It’s not a big deal. Somebody looks at you sideways, 01:05:29.280 --> 01:05:34.080 gives you a dirty look. But it’s not just getting poked. They're full on attacking you, and you just 01:05:34.080 --> 01:05:39.240 have to go, well, how do I block that? How do I make that stop? How do I do whatever? Or they 01:05:39.240 --> 01:05:45.777 break in and you just go, oh, I’ve gotta get them out. In my head, I was like, stop them for good. 01:05:45.777 --> 01:05:45.791 JACK: [Laughs] 01:05:45.791 --> 01:05:52.880 GRIFTER: Like, cut them off at the knees. Attack what they're attacking you with. 01:05:52.880 --> 01:05:56.720 I would get so much heat from people about that because they were like, well, 01:05:56.720 --> 01:05:59.680 you don’t know if you're actually attacking some grandma’s computer, 01:05:59.680 --> 01:06:04.520 'cause it’s not — it’s a jump box. It’s not likely that the person that you're attacking 01:06:04.520 --> 01:06:11.040 is that — that’s their machine. I’m like, yeah, but then let’s get rid of their resources then. 01:06:11.040 --> 01:06:16.000 If we knock the machine that’s doing the attack offline, then the attack stops. 01:06:16.000 --> 01:06:20.440 That’s what I’m concerned about, because they're costing us money by launching these 01:06:20.440 --> 01:06:26.280 attacks against — they're costing us time, they're costing us stress and all these other things. So, 01:06:26.280 --> 01:06:31.880 if — I don't care if it’s some grandmother’s computer. I need it to stop attacking my 01:06:31.880 --> 01:06:35.280 network 'cause it’s eating up bandwidth. It’s eating up cycles of my analyst. It’s 01:06:35.280 --> 01:06:39.440 eating up all this stuff. [Music] It’s like, okay, you've lost control of your machine, 01:06:39.440 --> 01:06:44.400 and I need that machine to stop attacking me. So, I’m gonna send it to the bottom of the digital 01:06:44.400 --> 01:06:52.220 ocean. That book is twenty years old at this point, so it’s useless, but it was fun to do. 01:06:52.220 --> 01:06:58.680 JACK: All this experience running the Black Hat NOC has given him a very sharp skill set, 01:06:58.680 --> 01:07:03.360 to be able to detect and stop some of the most crazy attacks ever. Volunteering there 01:07:03.360 --> 01:07:08.540 gave him fantastic experience which gave him great opportunities in his career. 01:07:08.540 --> 01:07:17.040 GRIFTER: So, now, I recently took a position at a company called Coalfire as the VP of 01:07:17.040 --> 01:07:21.960 defensive services. Prior to that, I was with IBM’s X-Force for three years running 01:07:21.960 --> 01:07:26.400 their global threat-hunting program. Prior to that, for the seven years before that, 01:07:26.400 --> 01:07:33.720 I was at RSA Security where I started and ran their threat-hunting program around the world. So, 01:07:33.720 --> 01:07:39.880 I spent a lot of the last — over a decade at this point really focused on threat hunting, 01:07:39.880 --> 01:07:45.560 on going in and finding attackers when they’ve already bypassed your security 01:07:45.560 --> 01:07:49.400 and they're in the environment. So, I would go into a company and I’d sit 01:07:49.400 --> 01:07:52.480 down with their security team, and I’d be like, tell me about your environment. 01:07:52.480 --> 01:07:55.560 They’d be like, well, we have these technologies. They're deployed in these ways. Our network’s 01:07:55.560 --> 01:07:59.800 set up this way. This is how we do these things. It’s segmented this way. We have this, we do this, 01:07:59.800 --> 01:08:05.080 blah, blah, blah. I go, okay, great. If it was me attacking you, I would hit you here, here, 01:08:05.080 --> 01:08:12.000 and here. So, let’s go look and see if somebody did that. Then we go and see if they were attacked 01:08:12.000 --> 01:08:19.240 somewhere or got breached somewhere. In the decade plus that I’ve been focused on hunting, we always 01:08:19.240 --> 01:08:25.920 find something, whether it’s an active attack or it’s evidence of a previous attack or it’s 01:08:25.920 --> 01:08:29.840 an employee who’s doing something outside of policies or whatever. 01:08:29.840 --> 01:08:34.160 JACK: Of course, I wanted to hear a story about a threat he found in the network. 01:08:34.160 --> 01:08:39.000 GRIFTER: We were doing an engagement where we were asked to come in to a really large 01:08:39.000 --> 01:08:44.240 financial organization, and myself and another hunter, Pope — you know, 01:08:44.240 --> 01:08:48.426 Pope. Pope and I went out on this hunting engagement. 01:08:48.426 --> 01:08:52.600 JACK: [Music] I do know Pope. He’s the organizer at Saintcon in Utah. Fantastic conference. You 01:08:52.600 --> 01:08:56.880 should definitely go if you're in Utah. So, him and Pope go to this client. It’s massive, and 01:08:56.880 --> 01:09:03.480 they have huge security teams there. No expense spared to keep this place secure, which has to be 01:09:03.480 --> 01:09:09.360 stressful, to walk into a company with this level of security and you're expected to find things 01:09:09.360 --> 01:09:14.560 that they didn’t already find. So, he sits down with their director of security and starts looking 01:09:14.560 --> 01:09:19.600 through the traffic. He’s looking for protocols that shouldn't be there or outliers. He sees 01:09:19.600 --> 01:09:25.560 FTP traffic in there. FTP is the file transfer protocol. It’s just a way to move files from one 01:09:25.560 --> 01:09:30.320 place to another, but it’s insecure and has mostly been replaced by more secure protocols now. 01:09:30.320 --> 01:09:36.040 GRIFTER: It’s like, there’s a really low number of FTP sessions, so we could go through those fairly 01:09:36.040 --> 01:09:43.960 quickly. He goes, oh, we don’t use FTP. I was like, well, great. This is a good example then, 01:09:43.960 --> 01:09:49.920 because we can go through this really quickly. He was like, no, you don’t understand. We don’t 01:09:49.920 --> 01:09:57.600 allow FTP. There are no clear text protocols. I was like, okay. Well, that’s great, but it’s 01:09:57.600 --> 01:10:02.120 here. Like, I can — it’s here. I can see it. I was like, so, why don’t we just look at it? He’s like, 01:10:02.120 --> 01:10:09.640 alright. We look and it’s FTP traffic going to a host name, not even an IP address but a host name 01:10:09.640 --> 01:10:19.040 that ends in .ru. We're not even trying to hide, right? I was like, is that normal? He’s like, 01:10:19.040 --> 01:10:22.920 no. I’m like, okay, well, let’s see what’s happening. It’s like, okay, it looks like 01:10:22.920 --> 01:10:27.800 it’s sending out these files at 1:00 in the morning. Do you want to see what it’s sending? 01:10:27.800 --> 01:10:34.200 He’s like, yeah. So, we just did file extraction. It’s a zip file, even, 01:10:34.200 --> 01:10:38.400 not an encrypted container of any kind, just a zip file. I’m like, well, I can't open it 01:10:38.400 --> 01:10:42.960 'cause it’s not my company, but you can open it if you want. So, he opens it. He opens it up, 01:10:42.960 --> 01:10:47.360 he looks at the document, and then it sounded like somebody punched him. This sound came out of him 01:10:47.360 --> 01:10:53.520 like this hnggh, like the wind just got knocked out of him, and then he closed it. He goes, 01:10:53.520 --> 01:11:02.120 you didn’t see that. I was like, okay, well, just out of curiosity, what didn’t I see? He was like, 01:11:02.120 --> 01:11:06.920 that is every financial transaction and trade that we’ve made in the last twenty-four hours. I was 01:11:06.920 --> 01:11:14.040 like, oh. So, bad. He’s like, how long? How long has that been going on? I was like, okay, let’s 01:11:14.040 --> 01:11:20.880 take a look. We start digging into the logs, and they only had six months’ worth, which is wild. 01:11:20.880 --> 01:11:27.200 That connection to an FTP server in Russia — the IP address was also geolocated to Russia. So, 01:11:27.200 --> 01:11:32.320 we were like, okay, it looks like that’s where it’s going. That happened every night at 1:00 01:11:32.320 --> 01:11:37.920 in the morning for six months, and that’s as long as we had logs for. So, we were like, 01:11:37.920 --> 01:11:44.760 who knows how long that’s been happening? This is an organization that has hundreds of people 01:11:44.760 --> 01:11:49.960 on their security team, thirty plus people actively working in a SOC just down the hall, 01:11:49.960 --> 01:11:55.640 all of the different technologies that you could possibly ask for, but they had tunnel vision 01:11:55.640 --> 01:11:59.020 because they were like, we don’t use that, so we don’t even look. 01:11:59.020 --> 01:12:03.320 JACK: Now, you would think that if something like FTP is not allowed in their network that 01:12:03.320 --> 01:12:08.360 there should be a firewall blocking it. That’s exactly what a firewall’s job is, to block network 01:12:08.360 --> 01:12:13.360 traffic that shouldn't be allowed. Who knows, maybe they did put a block in at some point, 01:12:13.360 --> 01:12:18.400 but it wasn’t blocked now. Maybe a new rule superceded the FTP block rule or maybe someone 01:12:18.400 --> 01:12:23.480 accidentally took out that FTP block rule. These firewalls can sometimes have hundreds of rules of 01:12:23.480 --> 01:12:29.280 what’s allowed or not allowed, and it’s confusing to know exactly what it’s doing sometimes. But 01:12:29.280 --> 01:12:33.560 what’s more is how did these file transfers get triggered? It must have meant that someone 01:12:33.560 --> 01:12:39.320 got in this network and set up an automatic script to scrape the data and send it out. 01:12:39.320 --> 01:12:44.160 That’s scary, to realize that someone did that in their network right under the nose of their 01:12:44.160 --> 01:12:49.480 thirty engineers, all looking for that threat. How did this hacker get in, and how do they get 01:12:49.480 --> 01:12:54.480 them out? There’s millions of things to do once you discover something like this, and it feels 01:12:54.480 --> 01:13:00.400 devastating to experience it. It really does feel like you're getting punched in the gut. You know, 01:13:00.400 --> 01:13:06.560 as I think about this story, this is one of these typical ‘I heard at Defcon’ stories, 01:13:06.560 --> 01:13:09.560 which here’s Grifter telling me, so it practically is something I heard 01:13:09.560 --> 01:13:15.440 at Defcon. But it’s one of these stories that I hear that was never told publicly. A major 01:13:15.440 --> 01:13:20.720 finance company was hacked and every financial trade was being spied on by some foreign entity. 01:13:20.720 --> 01:13:27.400 That sounds like a big deal, and I wonder what the fallout would be if that story were to go public, 01:13:27.400 --> 01:13:34.280 you know? Would there be lawsuits? Would the government slap fines on them? Or to think, 01:13:34.280 --> 01:13:40.880 how bad does that company not want that story to go public, and what drastic lengths might 01:13:40.880 --> 01:13:47.280 they take to hush it up and keep it quiet, you know? I have a dream about this show, that one 01:13:47.280 --> 01:13:55.320 day someone will tell me a banger-level story that would be huge news when it gets published, some 01:13:55.320 --> 01:14:03.120 wild whistleblower-type thing. That would be fun, wouldn't it? I mean, I’ve heard some pretty insane 01:14:03.120 --> 01:14:08.680 stories that would be really big news stories if they came out, but the people who told it to me, 01:14:08.680 --> 01:14:12.640 I promised I would never repeat it. But I think it’s just a matter of time, though, 01:14:12.640 --> 01:14:19.700 that a story does come across this show that really makes some waves. Someday. 01:14:19.700 --> 01:14:25.360 GRIFTER: But the threat-hunting thing was great. I ended up — I wrote a framework with a friend 01:14:25.360 --> 01:14:33.920 and that created some really cool opportunities. We consulted Congress and NATO. I’ve gotten to 01:14:33.920 --> 01:14:37.180 consult foreign governments, some of the largest companies in the world… 01:14:37.180 --> 01:14:43.240 JACK: It’s a strange space, this InfoSec space, 'cause we're hanging out with criminal hackers. 01:14:43.240 --> 01:14:50.240 You were a criminal hacker and then you become this consultant for Congress and 01:14:50.240 --> 01:14:55.840 governments and you're there to stop the bad guys and you're there stopping threats. 01:14:55.840 --> 01:14:59.680 But at the same time, you're going to Defcon, which is where you're meeting even more hackers 01:14:59.680 --> 01:15:05.240 and more criminal hackers, and it’s — and I don't know of any other thing that — we're just 01:15:05.240 --> 01:15:09.780 as friendly with the bad guys as we are with the good guys, as it is with cyber security. 01:15:09.780 --> 01:15:16.040 GRIFTER: Yeah, it is kind of a — it is a weird world that we live in, and I think ultimately the 01:15:16.040 --> 01:15:23.880 thing that ties it all together is that we like to learn, we like the chase, we like the hunt. 01:15:23.880 --> 01:15:30.000 Cyber security is an incredibly stressful field to be in, but it also is incredibly satisfying 01:15:30.000 --> 01:15:35.280 as far as the cat and mouse game that we play, about the opportunities to learn new things, 01:15:35.280 --> 01:15:39.960 about how one day you wake up and everything is fine, and the next day a vulnerability drops and 01:15:39.960 --> 01:15:45.240 somebody has exploit code for it within hours and you're — and everybody’s hair is on fire. 01:15:45.240 --> 01:15:49.960 When those things happen, when those moments come and everyone’s freaking out, I don't know, 01:15:49.960 --> 01:15:55.240 something about that situation, it just makes me go, alright, game on. I got really, really 01:15:55.240 --> 01:15:59.360 lucky; the thing that I started doing when I was eleven years old because I thought it would 01:15:59.360 --> 01:16:07.320 be cool turned into a career that allowed me to put food on the table for my kids, 01:16:07.320 --> 01:16:13.160 put a roof over their heads, and has allowed me to travel to all of the places that as a 01:16:13.160 --> 01:16:24.920 kid I used to go to only digitally because I thought I would never get to go there. 01:16:24.920 --> 01:16:29.240 (Outro): [Outro music] A big thank-you to Grifter for being so gracious and kind to give me his time 01:16:29.240 --> 01:16:33.480 in his busy schedule and to talk with us like this. He has so many more interesting stories, 01:16:33.480 --> 01:16:36.680 and I feel like we barely got started with him. I mean, I’ve had dinner with him a few 01:16:36.680 --> 01:16:40.960 times and I’ve heard so many more, and they are hilarious. You can imagine all the shenanigans 01:16:40.960 --> 01:16:45.080 going on at Defcon and Black Hat every year. He’s given a ton of talks at conferences, 01:16:45.080 --> 01:16:49.320 so if you want to hear more from him, just go to grifter.org and you'll see tons of 01:16:49.320 --> 01:16:54.240 stuff that he’s done. Real quick before you go, do you know that you could have eleven 01:16:54.240 --> 01:16:59.440 bonus episodes of this show in your ears right now? Yeah, eleven. All you gotta do 01:16:59.440 --> 01:17:04.760 is support the show. I did the math; less than 1% of you support the show, and that’s cool. 01:17:04.760 --> 01:17:09.440 No shade, because I love making stuff and giving it to you for free, so I’ll keep 01:17:09.440 --> 01:17:14.320 doing what I love. But man, when people do pitch in and give me a little something back, 01:17:14.320 --> 01:17:19.880 it feels damn good. It’s like one of those hugs that feels extra genuine, 01:17:19.880 --> 01:17:26.320 and you can feel it long after it’s over. So, please consider supporting the show. Visit 01:17:26.320 --> 01:17:30.400 plus.darknetdiaries.com. I’m just asking for you to buy me a cup of coffee once a month. Actually, 01:17:30.400 --> 01:17:35.160 I switched to matcha, but you get it. This episode was created by me, the space bar, 01:17:35.160 --> 01:17:40.080 Jack Rhysider. Our editor is the keymaster, Tristan Ledger, mixing done by Proximity Sound, 01:17:40.080 --> 01:17:44.760 and our intro music is by the mysterious Breakmaster Cylinder. My girlfriend, 01:17:44.760 --> 01:17:54.840 she said she needed more space, so I got her a four-terabyte drive. This is Darknet Diaries.