WEBVTT 00:00:00.099 --> 00:00:02.720 JACK: Well, let’s start with what’s your name and what are you known for? 00:00:02.720 --> 00:00:06.060 FC: Okay, so my name is FC. 00:00:06.060 --> 00:00:08.370 My hacker alias is Freaky Clown. 00:00:08.370 --> 00:00:14.500 I’m known for being the co-founder and co-CEO of Cygenta, a cyber-security company here 00:00:14.500 --> 00:00:15.710 in the UK. 00:00:15.710 --> 00:00:22.780 I’ve been in the industry for twenty-mumble years and I’ve done a lot of hacking, a 00:00:22.780 --> 00:00:25.740 lot of social engineering, physical assessments, that kind of thing. 00:00:25.740 --> 00:00:30.340 JACK: I was half-expecting you to say I’m known as the guy who breaks into banks. 00:00:30.340 --> 00:00:37.660 FC: Yes, I do rob rather a lot of banks, probably more than anyone in history if I’m gonna 00:00:37.660 --> 00:00:39.520 be honest, actually. 00:00:39.520 --> 00:00:40.809 Quite a lot. 00:00:40.809 --> 00:00:49.600 JACK (INTRO): [INTRO MUSIC] These are true stories from the dark side of the internet. 00:00:49.600 --> 00:00:54.210 I’m Jack Rhysider. 00:00:54.210 --> 00:00:58.390 This is Darknet Diaries. 00:00:58.390 --> 00:01:07.500 [INTRO MUSIC ENDS] 00:01:07.500 --> 00:01:13.190 JACK: As you heard, today we’re gonna hear a story from FC. 00:01:13.190 --> 00:01:15.350 That’s his name; FC. 00:01:15.350 --> 00:01:18.670 But over time he’s taken on the name Freaky Clown as well. 00:01:18.670 --> 00:01:22.189 Now FC, or Freaky Clown, grew up in England. 00:01:22.189 --> 00:01:24.189 He sort of raised himself. 00:01:24.189 --> 00:01:25.960 His family just wasn’t around. 00:01:25.960 --> 00:01:27.560 You could say it was dysfunctional. 00:01:27.560 --> 00:01:31.800 FC: Grew up in an area which didn’t even have a village name. 00:01:31.800 --> 00:01:38.310 It was in-between two villages; it was two miles either way before you got to anywhere. 00:01:38.310 --> 00:01:43.070 Computers were my only communication with anyone that had any real sense, you know? 00:01:43.070 --> 00:01:46.969 My parents were around, but not talking to me. 00:01:46.969 --> 00:01:49.770 Computers became my life. 00:01:49.770 --> 00:01:54.399 They were the only thing I knew, and the only thing I interacted with for many years. 00:01:54.399 --> 00:01:56.120 It became a passion. 00:01:56.120 --> 00:02:01.969 It’s a part of me and I can’t ever imagine my life without computers because of that. 00:02:01.969 --> 00:02:06.190 JACK: He borrowed computers from friends at first and then saved up enough to get his 00:02:06.190 --> 00:02:07.190 own. 00:02:07.190 --> 00:02:10.430 He had the opportunity to go to college so he went, at first studying auto-mechanics, 00:02:10.430 --> 00:02:12.440 and then he got into science. 00:02:12.440 --> 00:02:17.600 But along the way he realized he was really good at computers and sort of shifted to an 00:02:17.600 --> 00:02:19.400 IT job in his early twenties. 00:02:19.400 --> 00:02:24.819 FC: I was working as a sysadmin at the time doing some security stuff as well, ‘cause 00:02:24.819 --> 00:02:27.069 they always cross over. 00:02:27.069 --> 00:02:32.800 When the company that I was working for was going under, the guy had made – the guy 00:02:32.800 --> 00:02:40.460 who ran it was a terrible person in general but he was terrible at running a company. 00:02:40.460 --> 00:02:45.230 When he started to go downhill, he kind of went off the rails a bit and he started blaming 00:02:45.230 --> 00:02:46.980 everyone else for it. 00:02:46.980 --> 00:02:51.740 JACK: This didn’t make sense to FC, but the owner was blaming a bunch of different 00:02:51.740 --> 00:02:56.500 people for things that they did which was why the company was going out of business. 00:02:56.500 --> 00:02:59.909 It seemed obvious the owner was trying to find a scapegoat. 00:02:59.909 --> 00:03:09.099 FC: He accused me of wiping a PC [MUSIC] of data that he had loaned to an employee who 00:03:09.099 --> 00:03:10.659 had given it back. 00:03:10.659 --> 00:03:14.720 He actually called the police on me and said he has done all this stuff, and he’s hacked 00:03:14.720 --> 00:03:17.879 all this stuff, and wiped all this stuff. 00:03:17.879 --> 00:03:22.489 It was just part of my job to wipe it clean ‘cause why would he want any of their data 00:03:22.489 --> 00:03:23.569 on it? 00:03:23.569 --> 00:03:26.090 It was part of the policies and procedures that we had. 00:03:26.090 --> 00:03:31.010 I don’t know what he was expecting to happen there. 00:03:31.010 --> 00:03:36.900 I remember the police phoned me up and said we want to arrest you, which is very weird. 00:03:36.900 --> 00:03:39.519 They said can you come down to the station? 00:03:39.519 --> 00:03:43.810 I went down to the police station and they said oh, have you got a lawyer? 00:03:43.810 --> 00:03:44.810 I said no. 00:03:44.810 --> 00:03:47.500 They said well, go away, get a lawyer and come back, and then we can arrest you. 00:03:47.500 --> 00:03:51.750 I’m like [00:05:00] okay, this isn’t going how it normally looks, like in the movies, 00:03:51.750 --> 00:03:52.750 right? 00:03:52.750 --> 00:03:54.000 I go back with a lawyer. 00:03:54.000 --> 00:03:59.780 We talk about it, they officially arrest me and yeah, it was a little bit scary because 00:03:59.780 --> 00:04:04.709 they were looking through the computer system and they didn’t have the crime that they 00:04:04.709 --> 00:04:08.519 were saying that I did on the computer system. 00:04:08.519 --> 00:04:11.810 So, what they did was, they looked it up and they were like okay, we’ll just put it under 00:04:11.810 --> 00:04:17.449 ‘attempted murder’ and just put a note saying it’s actually about computers. 00:04:17.449 --> 00:04:21.880 At that point, I started to get very worried and so did my lawyer, in fact. 00:04:21.880 --> 00:04:26.830 But there was nothing else we could do. 00:04:26.830 --> 00:04:31.490 Just went through the ringer for like, six months, a year, almost. 00:04:31.490 --> 00:04:38.050 Thankfully, all the charges were dropped and the case got thrown out, basically, but it 00:04:38.050 --> 00:04:43.259 really did make me see like, yeah, it’s very easy to cross that line if you don’t 00:04:43.259 --> 00:04:44.729 know what you’re doing. 00:04:44.729 --> 00:04:50.169 But because I had completely always stayed within the law, I had no problems there. 00:04:50.169 --> 00:04:55.240 JACK: After this sysadmin job fell apart, he got a new job doing sysadmin work again 00:04:55.240 --> 00:04:59.830 but with a different company; this time with a little bit more focus on security. 00:04:59.830 --> 00:05:04.180 Here, he learned a lot about how to make computers secure or insecure. 00:05:04.180 --> 00:05:10.039 The security side of things really interested him so he quit that job and became a full-on 00:05:10.039 --> 00:05:14.360 penetration tester [MUSIC] for an information security company. 00:05:14.360 --> 00:05:18.720 This is where clients would hire him to come and try to break into their place, or steal 00:05:18.720 --> 00:05:22.510 things, or get access to stuff that he shouldn’t be able to get access to. 00:05:22.510 --> 00:05:27.000 This typically involves a lot of social engineering; calling people on the phone and lying to them 00:05:27.000 --> 00:05:31.130 to get info, or posing as someone else to get access. 00:05:31.130 --> 00:05:35.480 One day, he got assigned to do a physical penetration test on a bank. 00:05:35.480 --> 00:05:41.410 FC: My first engagement with an actual bank was absolutely terrifying. 00:05:41.410 --> 00:05:46.720 It was a massive building in London and it’s not a normal bank, right? 00:05:46.720 --> 00:05:48.610 It’s not even a normal high street bank. 00:05:48.610 --> 00:05:54.420 This is a international bank that does finance stuff with other international banks. 00:05:54.420 --> 00:05:57.160 All they do is shift vast amounts of money. 00:05:57.160 --> 00:06:01.320 This one in particular had a gold bullion vault. 00:06:01.320 --> 00:06:05.880 The client came to us and said look, can you break in and maybe steal like, a bar of gold? 00:06:05.880 --> 00:06:12.139 JACK: Well, that’s an ambitious objective; to grab a gold bar from within this bank and 00:06:12.139 --> 00:06:13.199 to get it out. 00:06:13.199 --> 00:06:17.620 But by that point Freaky Clown had already done many physical penetration tests where 00:06:17.620 --> 00:06:21.030 he’s paid to test the physical security of a building to see if he can break in and 00:06:21.030 --> 00:06:23.320 gain access to stuff he shouldn’t be allowed to. 00:06:23.320 --> 00:06:28.220 He’s confident in himself and has a variety of tricks and skills he can use to bypass 00:06:28.220 --> 00:06:29.640 weak security. 00:06:29.640 --> 00:06:33.259 Now, this bank has asked him to rob them. 00:06:33.259 --> 00:06:35.810 FC: I’m like okay, that sounds interesting. 00:06:35.810 --> 00:06:36.900 Let’s do it. 00:06:36.900 --> 00:06:39.060 JACK: [MUSIC] First, he does some reconnaissance. 00:06:39.060 --> 00:06:43.400 He wants to go down to this bank to see what security is like but instead of going down 00:06:43.400 --> 00:06:48.699 during the day, he waits until 2:00 in the morning to go down there. 00:06:48.699 --> 00:06:52.330 The reason why he’s going so late is because maybe you can tug on a few doors to see if 00:06:52.330 --> 00:06:54.060 any of them were left open. 00:06:54.060 --> 00:06:57.979 There might be a back service door or a window left open, or something. 00:06:57.979 --> 00:07:00.180 He just goes down to take a look. 00:07:00.180 --> 00:07:05.780 So, he drives to this bank which is right in the middle of London, and walks up to the 00:07:05.780 --> 00:07:06.780 building. 00:07:06.780 --> 00:07:10.129 FC: I’m wearing sort of dark clothes, and I’m mesmerized by this building. 00:07:10.129 --> 00:07:15.569 I’m just looking at it like holy crap, this place looks like Fort Knox but worse, right? 00:07:15.569 --> 00:07:19.300 I’m like, oh my god, how am I gonna break into this place? 00:07:19.300 --> 00:07:24.360 I stood there just completely mesmerized for like, ages, when I hear someone from behind 00:07:24.360 --> 00:07:29.639 me sort of give a cough, like sort of, you know, just interrupting me. 00:07:29.639 --> 00:07:32.330 I’m still mesmerized by this building so I’m like, what? 00:07:32.330 --> 00:07:35.370 He’s like excuse me mate, what are you doing? 00:07:35.370 --> 00:07:40.139 I’m like, well, I’m trying to work out how to break into this bank. 00:07:40.139 --> 00:07:45.110 Then I turn around and see the two policemen that have just asked me this question. 00:07:45.110 --> 00:07:52.970 It was like oh, hang on, let me explain my job right now because this is gonna go really 00:07:52.970 --> 00:07:53.970 sideways. 00:07:53.970 --> 00:07:58.199 JACK: He had to spend the next hour explaining to the police what he does. 00:07:58.199 --> 00:08:03.599 There were a few phone calls that were made to confirm his story too, but eventually they 00:08:03.599 --> 00:08:05.110 let him on his way. 00:08:05.110 --> 00:08:10.000 Freaky Clown knew this night was ruined so he left and came back the next day, this time 00:08:10.000 --> 00:08:11.569 in broad daylight. 00:08:11.569 --> 00:08:14.960 The night guards were onto him so he had to try a new approach. 00:08:14.960 --> 00:08:20.040 This particular bank had just spent a million British pounds upgrading the security on the 00:08:20.040 --> 00:08:21.900 front of this building. 00:08:21.900 --> 00:08:27.379 It was absolutely airtight in every way; he literally could not make any progress coming 00:08:27.379 --> 00:08:32.099 through the front, but this isn’t a regular bank where customers are just walking in off 00:08:32.099 --> 00:08:37.040 the street; this is more of a business-to-business kind of bank, where there aren’t any tellers 00:08:37.040 --> 00:08:39.979 at all and nobody’s in the lobby except for security guards. 00:08:39.979 --> 00:08:44.970 If you go through the front door, there’s no place to go if you don’t have the right 00:08:44.970 --> 00:08:45.970 access. 00:08:45.970 --> 00:08:52.010 The front was just not going to be [00:10:00] the way in, but in the back was a service 00:08:52.010 --> 00:08:55.839 entrance that didn’t get the same security upgrades. 00:08:55.839 --> 00:08:58.940 [MUSIC] FC figured out a way around back. 00:08:58.940 --> 00:09:02.029 He got past some restricted areas and into the building. 00:09:02.029 --> 00:09:06.720 FC: I managed to get in through the back of this building. 00:09:06.720 --> 00:09:11.779 I got onto this floor where the security vault was, where the gold bullion is stored. 00:09:11.779 --> 00:09:13.660 I thought it’d be like, super secure, right? 00:09:13.660 --> 00:09:16.300 You’re expecting guards with guns or something. 00:09:16.300 --> 00:09:20.769 But I just walk up and the vault was just open. 00:09:20.769 --> 00:09:24.300 They just leave it open during the day because they need to get in and out, right? 00:09:24.300 --> 00:09:25.360 They only shut it up at night. 00:09:25.360 --> 00:09:28.279 If you’re in there during the day, you just walk in. 00:09:28.279 --> 00:09:32.600 Then I picked up a gold bar and believe me, they’re really heavy. 00:09:32.600 --> 00:09:34.959 They’re nothing like you see in the movies. 00:09:34.959 --> 00:09:38.540 I wasn’t gonna carry two out; let’s put it that way. 00:09:38.540 --> 00:09:42.690 JACK: He picks one gold bar up and puts it in his backpack. 00:09:42.690 --> 00:09:47.529 It’s major progress here but now he’s gotta get out of the building because if he 00:09:47.529 --> 00:09:50.339 gets caught, security wins. 00:09:50.339 --> 00:09:54.890 But if he can get out with the gold bar in his backpack, he wins. 00:09:54.890 --> 00:09:59.421 Now, keep in mind, this is a place that customers don’t get to walk around in and there’s 00:09:59.421 --> 00:10:02.620 this massive security at the front door. 00:10:02.620 --> 00:10:06.839 If you’re seen in the building, chances are people are gonna think you’re supposed 00:10:06.839 --> 00:10:07.839 to be there. 00:10:07.839 --> 00:10:10.829 FC: I don’t tend to get nervous around things like this. 00:10:10.829 --> 00:10:15.360 It always happens after the fact, so in the wash-up calls or in the wash-up meetings later, 00:10:15.360 --> 00:10:18.851 I’m just dripping with sweat and looking like a homeless person. 00:10:18.851 --> 00:10:23.810 But during the test it’s just, I switch off and I do the job. 00:10:23.810 --> 00:10:26.640 I get this gold bar and I’m like cool, I’ve got the gold bar. 00:10:26.640 --> 00:10:29.030 I’ve got it in my backpack. 00:10:29.030 --> 00:10:32.930 I go down two flights of stairs and I’m going to the exit. 00:10:32.930 --> 00:10:39.850 At any moment I’m expecting someone to jump on me, but nobody is giving any glance at 00:10:39.850 --> 00:10:40.850 me. 00:10:40.850 --> 00:10:42.580 I’m just walking out of the building. 00:10:42.580 --> 00:10:46.589 I hit the Exit button, I go through the turnstile, and that’s it. 00:10:46.589 --> 00:10:48.030 I’m out on the street. 00:10:48.030 --> 00:10:49.800 It was honestly that easy. 00:10:49.800 --> 00:10:53.700 It sounds incredible but that’s what it was. 00:10:53.700 --> 00:10:55.860 JACK: Whoa, he did it. 00:10:55.860 --> 00:10:57.220 He robbed the bank. 00:10:57.220 --> 00:10:59.720 FC: It’s an odd thing. 00:10:59.720 --> 00:11:05.850 Yeah, I just went around the corner, I called the client, said I’ve got all of the things 00:11:05.850 --> 00:11:07.310 that we needed to get done. 00:11:07.310 --> 00:11:11.110 Let’s meet up in the lobby and then we’ll go through it all. 00:11:11.110 --> 00:11:13.050 It’s not like it was in my possession for a long time. 00:11:13.050 --> 00:11:16.240 It was like maybe ten, fifteen minutes at most. 00:11:16.240 --> 00:11:22.670 But the feeling I get when I achieve all of the goals that a client sets out is kind of 00:11:22.670 --> 00:11:24.410 like a bit of ambivalence, really. 00:11:24.410 --> 00:11:30.139 It’s like well, I knew that was gonna happen ‘cause that’s what we do. 00:11:30.139 --> 00:11:33.680 Our job is to go in and get it. 00:11:33.680 --> 00:11:38.500 This trouble with a lot of social engineering is you’re almost always gonna succeed. 00:11:38.500 --> 00:11:45.579 I’ve been doing this for a long time and apart from two issues with clients screwing 00:11:45.579 --> 00:11:48.720 up things, I’ve got 100% record of doing this. 00:11:48.720 --> 00:11:54.870 It’s not because I’m like this super amazing social engineer; it’s just, that’s the 00:11:54.870 --> 00:11:56.480 way it goes. 00:11:56.480 --> 00:12:00.850 You only have to slip in, you only have to get in once. 00:12:00.850 --> 00:12:07.090 It’s really not that difficult to do if you’ve got the time and the patience to 00:12:07.090 --> 00:12:08.090 do it. 00:12:08.090 --> 00:12:11.940 JACK: We’re gonna take a short break but stay with us because coming up, more bank 00:12:11.940 --> 00:12:14.190 robbery stories. 00:12:14.190 --> 00:12:17.600 Freaky Clown sort of loves these weird missions and who wouldn’t, right? 00:12:17.600 --> 00:12:18.790 This is exciting work. 00:12:18.790 --> 00:12:22.190 But there’s one physical penetration test that he’ll never forget. 00:12:22.190 --> 00:12:26.930 FC: Yeah, so, we had a hospital, actually. 00:12:26.930 --> 00:12:34.930 Fairly new; they had just built a helipad at their hospital and they wanted to know 00:12:34.930 --> 00:12:36.090 if it was secure. 00:12:36.090 --> 00:12:40.100 They called us up and they said can you steal a helicopter for us? 00:12:40.100 --> 00:12:43.540 I’m like, I’ll give it a shot. 00:12:43.540 --> 00:12:44.540 Why not? 00:12:44.540 --> 00:12:47.480 JACK: [MUSIC] Whoa, a [00:15:00] helicopter? 00:12:47.480 --> 00:12:48.480 This is gonna be good. 00:12:48.480 --> 00:12:52.579 But it’s not just about the helicopter; the helipad itself is what really should be 00:12:52.579 --> 00:12:53.670 secure. 00:12:53.670 --> 00:12:57.449 The hospital wanted to make sure that there was no access to this by anyone other than 00:12:57.449 --> 00:12:59.220 who was supposed to be using it. 00:12:59.220 --> 00:13:03.329 They don’t want some drugged-up patient accidentally wandering onto the helipad and 00:13:03.329 --> 00:13:07.450 getting hurt, or some bad actor out there sabotaging it, or some hooligans doing something 00:13:07.450 --> 00:13:08.450 else. 00:13:08.450 --> 00:13:09.450 FC: I go to this hospital. 00:13:09.450 --> 00:13:18.510 I spend like, one-night recon, freaking myself out in medicine places under the hospital. 00:13:18.510 --> 00:13:21.839 We got into some tunnels and stuff. 00:13:21.839 --> 00:13:25.650 There are certain areas of a hospital that when you do a hospital test, you’re not 00:13:25.650 --> 00:13:26.650 allowed to go. 00:13:26.650 --> 00:13:29.620 You’re not allowed to go into the children’s ward, you’re not allowed to go into the 00:13:29.620 --> 00:13:32.830 maternity wards, you’re not allowed to go into surgery. 00:13:32.830 --> 00:13:37.029 But everywhere else is basically free to reign. 00:13:37.029 --> 00:13:41.160 But there are certain areas that are restricted to hospital staff. 00:13:41.160 --> 00:13:47.860 What you have to do is look at the maps and the great thing about most hospitals is they 00:13:47.860 --> 00:13:51.839 have like, massive public access areas. 00:13:51.839 --> 00:13:55.029 You can just wander around and pretend you’re a patient. 00:13:55.029 --> 00:13:58.500 Then there’s loads of fire marshal maps around. 00:13:58.500 --> 00:14:02.460 Once you study those, you can kind of work out the areas that you’re allowed to go 00:14:02.460 --> 00:14:04.810 in and the areas that you’re not allowed in. 00:14:04.810 --> 00:14:08.680 Once you figure out the areas that you’re not allowed into, it’s very easy to sort 00:14:08.680 --> 00:14:11.000 of steal scrubs, for example. 00:14:11.000 --> 00:14:17.230 Once you get that sort of, almost uniform, then you can tailgate people into the areas 00:14:17.230 --> 00:14:18.259 that you probably shouldn’t. 00:14:18.259 --> 00:14:22.620 A lot of doctors and nurses, they do a fantastic job and they’re massively overworked. 00:14:22.620 --> 00:14:26.870 They’re not thinking about security and they’re especially not thinking about some 00:14:26.870 --> 00:14:30.010 guy trying to break in, right? 00:14:30.010 --> 00:14:33.380 Tailgate your way into these areas, look around a bit. 00:14:33.380 --> 00:14:39.050 Eventually you find the areas where they only have very restricted staff. 00:14:39.050 --> 00:14:44.550 That’s where it becomes a little bit more difficult because it’s not general-purpose 00:14:44.550 --> 00:14:48.190 medical staff that have access to these areas; there’s only very specific people. 00:14:48.190 --> 00:14:53.540 You have to work out where those areas are and then figure out a way to get in. 00:14:53.540 --> 00:14:57.920 JACK: Cool, this is some good recon; maps of the building, scrubs? 00:14:57.920 --> 00:15:01.690 He knows where the helipad is, but it’s not publically accessible. 00:15:01.690 --> 00:15:07.110 He thinks he now has a good idea of where he needs to go the next day, so day one is 00:15:07.110 --> 00:15:08.110 over. 00:15:08.110 --> 00:15:13.070 FC: Went back to my hotel room, weirdly tripped over something in the night, and hurt my foot. 00:15:13.070 --> 00:15:15.350 JACK: Specifically, his toe hurt a lot. 00:15:15.350 --> 00:15:19.079 He tried to sleep the pain away but in the morning his toe still hurt a lot. 00:15:19.079 --> 00:15:22.509 He’s hoping it’ll just go away because after all, he’s got a helicopter to steal 00:15:22.509 --> 00:15:26.259 today and there’s no time for a hurt foot to be slowing him down. 00:15:26.259 --> 00:15:32.100 He goes back to the hospital but now he knows exactly where to go to try to get to the helipad. 00:15:32.100 --> 00:15:36.040 He gets to the door that he thinks will lead him there, but the door is locked. 00:15:36.040 --> 00:15:41.000 He doesn’t have a key and he doesn’t think it’s safe enough to try to pick the lock. 00:15:41.000 --> 00:15:44.199 [MUSIC] So, he does a different trick. 00:15:44.199 --> 00:15:50.610 FC: One of the ways I got into the area that I needed to was I used a pen. 00:15:50.610 --> 00:15:57.610 What you do is, if you want access to a door and no one’s around, and you want to tailgate 00:15:57.610 --> 00:16:05.500 through it, and you don’t have any kit to bypass the RFID reader or whatever, you place 00:16:05.500 --> 00:16:11.190 a large pen up against the doorjamb, so the crack between the door and the doorjamb itself, 00:16:11.190 --> 00:16:12.190 right? 00:16:12.190 --> 00:16:14.100 Then you walk away. 00:16:14.100 --> 00:16:19.560 When someone comes through the door, the pen falls into the gap and then it stops the door 00:16:19.560 --> 00:16:21.730 from shutting again. 00:16:21.730 --> 00:16:27.250 That’s the trick that I used to get to the area that led me up to the helipad. 00:16:27.250 --> 00:16:33.120 I used this gigantic pen, put it up against the gap of the door, someone came through 00:16:33.120 --> 00:16:35.050 a couple of minutes later, the door didn’t shut. 00:16:35.050 --> 00:16:38.490 I went up to it, opened it, walked through. 00:16:38.490 --> 00:16:40.779 It’s a really nice, simple trick. 00:16:40.779 --> 00:16:45.440 I’m going up the stairs towards the helipad and I suddenly realize I’ve – other than 00:16:45.440 --> 00:16:49.130 being told the model of it, I know nothing about helicopters. 00:16:49.130 --> 00:16:53.550 I phone my friend, a colleague at work, and I’m like, hey dude, I need to know how to 00:16:53.550 --> 00:16:56.860 get into this make and model of helicopter, right? 00:16:56.860 --> 00:17:04.050 I swear to god, I have never had a moment that has been more like the Matrix than this 00:17:04.050 --> 00:17:08.910 moment, where I’m running up to the stairs and I’m asking how to get into this helicopter, 00:17:08.910 --> 00:17:10.199 just like Trinity does. 00:17:10.199 --> 00:17:16.459 We get up on the helipad and there’s no helicopter. 00:17:16.459 --> 00:17:19.579 It’s literally just not there. 00:17:19.579 --> 00:17:23.100 I phone the client and he’s like oh my god, I didn’t think you’d actually get there. 00:17:23.100 --> 00:17:25.880 We haven’t actually taken delivery of the helicopter yet. 00:17:25.880 --> 00:17:29.429 So, it’s like oh, great, thanks. 00:17:29.429 --> 00:17:31.799 Well, that’s over, then. 00:17:31.799 --> 00:17:36.270 JACK: Whoa, this almost seems like a mission from Grand Theft Auto. 00:17:36.270 --> 00:17:40.419 But it seems like this was a success even though he didn’t actually steal a helicopter. 00:17:40.419 --> 00:17:46.670 FC: So, my toe, I’d hurt my toe overnight and it’d been getting more and more [00:20:00] 00:17:46.670 --> 00:17:50.240 painful throughout this test, right, and you do a lot of running when you’re doing social 00:17:50.240 --> 00:17:53.610 engineering tests; running up and down stairs and running through corridors and whatever, 00:17:53.610 --> 00:17:55.620 and running away from security guards. 00:17:55.620 --> 00:18:00.500 But my toe was absolutely killing me so when the client, after I’d spoken to him about 00:18:00.500 --> 00:18:05.440 the missing helicopter, he’s like okay, come up to my office which is up this massive 00:18:05.440 --> 00:18:06.440 hill. 00:18:06.440 --> 00:18:07.440 I was like, do you mind if I don’t? 00:18:07.440 --> 00:18:08.600 ‘Cause my foot really hurts. 00:18:08.600 --> 00:18:11.000 He was like okay; I’ll meet you at the hospital. 00:18:11.000 --> 00:18:14.370 So, he came down to the hospital and he’s like, how’s your foot? 00:18:14.370 --> 00:18:16.450 I’m like, it’s absolutely throbbing. 00:18:16.450 --> 00:18:20.780 So, he has a look at it and he’s like, I think you’ve broken your toe. 00:18:20.780 --> 00:18:22.159 I’m like, what? 00:18:22.159 --> 00:18:30.900 So, he escorts me to where the A and E entrance is, so emergency room section of the hospital. 00:18:30.900 --> 00:18:32.610 I go into the emergency room. 00:18:32.610 --> 00:18:37.320 I have to wait for a bit and then go and get x-rays and it turns out I had actually broken 00:18:37.320 --> 00:18:46.470 my toe which is annoying, but what was funny was a lot of the staff, they knew that I was 00:18:46.470 --> 00:18:52.280 there for doing this attack ‘cause word had already got ‘round. 00:18:52.280 --> 00:18:56.200 They were actually really cautious with me because they thought this was actually part 00:18:56.200 --> 00:18:57.350 of the assessment. 00:18:57.350 --> 00:19:04.130 I’m like, I am not gonna break my own toe to get into somewhere I shouldn’t. 00:19:04.130 --> 00:19:09.659 There are some lines I just won’t cross and destroying myself to do that is one of 00:19:09.659 --> 00:19:10.659 them. 00:19:10.659 --> 00:19:15.740 JACK: He had his foot treated at the very hospital that he broke into. 00:19:15.740 --> 00:19:16.950 Crazy. 00:19:16.950 --> 00:19:22.890 [MUSIC] He did penetration testing for that company for a number of years and it wasn’t 00:19:22.890 --> 00:19:24.480 always physical penetration testing. 00:19:24.480 --> 00:19:28.850 Often, he would find computer vulnerabilities in their network too, which made him get better 00:19:28.850 --> 00:19:31.700 and better at hacking into computers. 00:19:31.700 --> 00:19:35.950 Over and over he was given the green light to try to hack into a company, and many times 00:19:35.950 --> 00:19:40.130 he found something which got him access to data that he shouldn’t have access to. 00:19:40.130 --> 00:19:46.140 With all this practice, he was getting really good at offensive hacking and breaking into 00:19:46.140 --> 00:19:47.610 buildings. 00:19:47.610 --> 00:19:52.789 After a while, he was able to get a job at Raytheon which is a research and manufacturing 00:19:52.789 --> 00:19:59.180 company that develops technologies like aircraft engines, avionics, and yeah, cyber-security 00:19:59.180 --> 00:20:00.180 software, too. 00:20:00.180 --> 00:20:04.220 FC: Based out of the US, but they have a UK contingent over here. 00:20:04.220 --> 00:20:05.980 JACK: FC joined their team. 00:20:05.980 --> 00:20:07.059 His job was… 00:20:07.059 --> 00:20:08.690 FC: Head of offensive cyber-research. 00:20:08.690 --> 00:20:14.270 Basically, Raytheon are a kinetic company. 00:20:14.270 --> 00:20:22.250 They’re the people that build things that fall from things, or get shot from things. 00:20:22.250 --> 00:20:28.530 They have offensive cyber capability as do many other defense firms. 00:20:28.530 --> 00:20:33.690 JACK: He wasn’t willing to go into any details about what he did at Raytheon as head of offensive 00:20:33.690 --> 00:20:34.690 cyber-research. 00:20:34.690 --> 00:20:41.450 But just judging by that name alone, offensive cyber-research, it seems like Raytheon is 00:20:41.450 --> 00:20:48.820 possibly building cyber-weapons, like maybe a vulnerability or some software to attack 00:20:48.820 --> 00:20:49.960 an enemy with. 00:20:49.960 --> 00:20:55.970 Let’s not forget they also make missiles and other kinetic weapons for the US government 00:20:55.970 --> 00:20:56.970 and other governments. 00:20:56.970 --> 00:21:02.780 Let’s also keep in mind that places like NSA and US Cyber Command carry out cyber-attacks 00:21:02.780 --> 00:21:04.110 all the time. 00:21:04.110 --> 00:21:09.380 Yeah, I guess there is a market for this and I guess it makes sense that Raytheon might 00:21:09.380 --> 00:21:11.250 be building cyber-weapons, too. 00:21:11.250 --> 00:21:16.429 At the very least, I can imagine Raytheon is pretty well-equipped to build software 00:21:16.429 --> 00:21:19.050 to exploit airplane systems, right? 00:21:19.050 --> 00:21:20.850 Since aviation is one of their specialties. 00:21:20.850 --> 00:21:24.450 FC: They’re very intwined, obviously, with governments all around the world like foreign 00:21:24.450 --> 00:21:26.200 and domestic ones. 00:21:26.200 --> 00:21:29.380 That’s very much part of my life. 00:21:29.380 --> 00:21:31.930 JACK: Hm, I think I see where this is going. 00:21:31.930 --> 00:21:34.380 I’m just now connecting the dots, here. 00:21:34.380 --> 00:21:39.770 FC was doing offensive cyber-research at Raytheon, and Raytheon’s biggest customers are governments 00:21:39.770 --> 00:21:43.810 which he said became a big part of his world. 00:21:43.810 --> 00:21:47.820 Did you work for any of the intelligence agencies of the UK, though? 00:21:47.820 --> 00:21:50.450 FC: I can’t comment on that, actually. 00:21:50.450 --> 00:21:53.390 JACK: Okay, fine, I won’t push on this anymore. 00:21:53.390 --> 00:21:58.370 But what seems obvious to me is that the tech and InfoSec experience he was getting was 00:21:58.370 --> 00:21:59.970 some top-level stuff. 00:21:59.970 --> 00:22:03.780 FC: Working with a massive defense prime is phenomenal. 00:22:03.780 --> 00:22:06.659 You have everything you ever need. 00:22:06.659 --> 00:22:13.510 Trouble is, it isn’t wrapped up in red tape and whilst I know that the work that I did 00:22:13.510 --> 00:22:21.740 with them was really beneficial to a lot of people; saved a lot of lives, saved a lot 00:22:21.740 --> 00:22:28.039 of things happening, took a lot of drugs off the street. 00:22:28.039 --> 00:22:29.860 All of the good things, right? 00:22:29.860 --> 00:22:31.659 I know that I did all of that. 00:22:31.659 --> 00:22:37.860 I knew that when I was in that role, I was serving a lot of good things. 00:22:37.860 --> 00:22:40.480 However, it wasn’t what was in my heart. 00:22:40.480 --> 00:22:46.250 I wanted to go out and do more things that would help more people. 00:22:46.250 --> 00:22:48.100 Help the [00:25:00] nation as a whole, right? 00:22:48.100 --> 00:22:53.440 Help the nation of the UK and others and just improve their security, because it’s all 00:22:53.440 --> 00:22:58.760 well and good spending loads of time building these things that help in an offensive manner 00:22:58.760 --> 00:23:04.530 or defensive manner, but it’s all for naught if the whole country isn’t good. 00:23:04.530 --> 00:23:05.930 JACK: He quit his job at Raytheon. 00:23:05.930 --> 00:23:11.510 Him and his wife started a new company called Cygenta which is a cyber-security company. 00:23:11.510 --> 00:23:18.660 FC: We built this phenomenal company; it’s global, and we do a ton of outreach. 00:23:18.660 --> 00:23:23.159 This is the big thing for me, is it really reaches back into my childhood. 00:23:23.159 --> 00:23:28.390 I had no one there to guide me, no one to tell me what was a good thing to be doing, 00:23:28.390 --> 00:23:30.700 no one to give me that moral compass. 00:23:30.700 --> 00:23:33.419 I had to find that myself. 00:23:33.419 --> 00:23:36.929 We see – we just released that today, actually. 00:23:36.929 --> 00:23:42.100 We have seen over 6,000 children face-to-face this year alone. 00:23:42.100 --> 00:23:47.510 JACK: Actually, we recorded this last year so those are 2019 stats. 00:23:47.510 --> 00:23:50.289 But he still goes to a lot of schools to meet these kids. 00:23:50.289 --> 00:23:54.169 FC: That’s going to schools, doing events with schools. 00:23:54.169 --> 00:24:00.210 We’re part of the NCSC’s school’s help program, we’re part of TeenTech, we’re 00:24:00.210 --> 00:24:05.760 part of a whole bunch of other things that get us in front of kids to talk to them and 00:24:05.760 --> 00:24:11.441 inspire them about cyber-security and show them that there’s this fantastic career 00:24:11.441 --> 00:24:14.840 that they probably don’t even know about and the teachers probably don’t even know 00:24:14.840 --> 00:24:15.840 about. 00:24:15.840 --> 00:24:19.559 JACK: I like this because teenagers committing computer crimes is a big problem that not 00:24:19.559 --> 00:24:21.980 many people are willing to try to tackle. 00:24:21.980 --> 00:24:26.750 Teens can stumble on a powerful and dangerous weapon like an exploit or denial-of-service 00:24:26.750 --> 00:24:30.919 tool, and launch it upon someone, not even knowing it’s illegal or malicious. 00:24:30.919 --> 00:24:36.200 Or they might have a curiosity towards tech or just need guidance to use that curiosity 00:24:36.200 --> 00:24:37.320 for good. 00:24:37.320 --> 00:24:40.120 FC goes to school and gives free talks to teens. 00:24:40.120 --> 00:24:45.279 FC: Generally, they start with ‘I rob banks for a living’ which always gets everyone’s 00:24:45.279 --> 00:24:48.330 attention ‘cause they’re like hang on, isn’t that a criminal thing? 00:24:48.330 --> 00:24:54.049 Then we go into it like how do I do it, why I do it, why it’s not illegal when I do 00:24:54.049 --> 00:24:57.059 it but it would be illegal if other people did it. 00:24:57.059 --> 00:25:02.110 It just tries to capture their imagination a little bit about – there are some interesting 00:25:02.110 --> 00:25:05.110 jobs out there that you may not have heard from your careers advisor. 00:25:05.110 --> 00:25:09.980 JACK: Very cool, but some talks he gives students are really quite powerful and eye-opening 00:25:09.980 --> 00:25:10.980 to them. 00:25:10.980 --> 00:25:14.909 FC: One of the things we do is we’ll get people up to show them how spear phishing 00:25:14.909 --> 00:25:16.409 works. 00:25:16.409 --> 00:25:22.960 This is all well and good; if I get on stage and I perform a spear phishing attack or any 00:25:22.960 --> 00:25:26.560 kind of hack, I’ve already introduced myself as a hacker. 00:25:26.560 --> 00:25:29.950 I’ve been doing it for many years, I’ve got loads of skills. 00:25:29.950 --> 00:25:35.179 If I get up and do a thing, then everyone’s like well yeah, he’s a hacker; he’s gonna 00:25:35.179 --> 00:25:36.179 do that, right? 00:25:36.179 --> 00:25:41.620 But if we get someone up from the audience and we talk them through how to do the procedures, 00:25:41.620 --> 00:25:46.169 even if it’s something simple like a spear phishing attack using the SE toolkit, then 00:25:46.169 --> 00:25:50.830 it becomes really more impactful for them and for the audience because the audience 00:25:50.830 --> 00:25:56.751 is like oh my god, this person who has never done this before is able to put in all of 00:25:56.751 --> 00:26:03.309 these commands and then take over this network like, really easily, in like, twenty minutes. 00:26:03.309 --> 00:26:05.990 How easy is it for someone with actual skills? 00:26:05.990 --> 00:26:11.790 It becomes a lot more impactful when you see someone who doesn’t have those skills originally. 00:26:11.790 --> 00:26:16.390 It doesn’t take a lot to really show someone how easy it is to do. 00:26:16.390 --> 00:26:20.440 JACK: I mean, I’m betting some of my audience is wondering wait, aren’t you teaching some 00:26:20.440 --> 00:26:22.909 of the bad kids to do bad things? 00:26:22.909 --> 00:26:27.260 FC: Yeah, I always get this question, like oh, shouldn’t you be careful what you’re 00:26:27.260 --> 00:26:28.260 telling people? 00:26:28.260 --> 00:26:31.000 You shouldn’t be teaching people how to pick locks; you shouldn’t be telling people 00:26:31.000 --> 00:26:32.620 how to break into places. 00:26:32.620 --> 00:26:35.470 It’s like, okay, criminals are gonna crim, right? 00:26:35.470 --> 00:26:37.330 It doesn’t matter what you do. 00:26:37.330 --> 00:26:42.360 You can teach them stuff and they may go and use it, but there’s gonna be a whole bunch 00:26:42.360 --> 00:26:46.450 of kids that will take it and make a good thing out of it. 00:26:46.450 --> 00:26:52.860 It’s more important to decimate that information and hope that most people are gonna be good 00:26:52.860 --> 00:26:58.300 guys than it is not giving that information on the off-chance that there might be someone 00:26:58.300 --> 00:27:00.480 maybe that does something bad with it. 00:27:00.480 --> 00:27:04.340 JACK: Now, while teaching kids about hacking is something FC does a lot, it’s not the 00:27:04.340 --> 00:27:05.520 primary goal of Cygenta. 00:27:05.520 --> 00:27:09.740 A company needs to make money and going around giving these free lectures is just a dream 00:27:09.740 --> 00:27:10.799 come true for him. 00:27:10.799 --> 00:27:15.950 But to enable him to do that, Cygenta works with clients to improve their security. 00:27:15.950 --> 00:27:17.740 FC: Yeah, essentially. 00:27:17.740 --> 00:27:24.299 But we wanted to do it in a way that encompasses physical, digital, and the human side of cyber-security. 00:27:24.299 --> 00:27:29.120 JACK: Yes, the human side of security is still an important factor to test and make sure 00:27:29.120 --> 00:27:33.640 that the people in the office are able to stop potential attacks or criminals, which 00:27:33.640 --> 00:27:36.880 leads us back to another penetration test that Freaky Clown did. 00:27:36.880 --> 00:27:45.669 FC: I was asked to go and do a physical assessment against a very large government site in a 00:27:45.669 --> 00:27:47.390 European country, [00:30:00] so not in England. 00:27:47.390 --> 00:27:52.360 It’s in a country that I don’t speak their language. 00:27:52.360 --> 00:27:57.690 I didn’t have time to reconnaissance myself; I had to rely on someone else that was there. 00:27:57.690 --> 00:28:03.390 I phoned up my colleague and I said look, I know you don’t do physical stuff but can 00:28:03.390 --> 00:28:04.909 you go and check out this building for me? 00:28:04.909 --> 00:28:07.510 You’re in the country, it’s not far away from you. 00:28:07.510 --> 00:28:13.010 Just go and check it out and then look at all of the security issues and just relay 00:28:13.010 --> 00:28:15.490 them back to me. 00:28:15.490 --> 00:28:18.769 He phones me back up about it and he’s like hey man, I’ve checked out this building 00:28:18.769 --> 00:28:21.200 and it looks cool. 00:28:21.200 --> 00:28:26.050 There’s loads of entrances, there’s no cameras, there’s very few security people 00:28:26.050 --> 00:28:27.050 around. 00:28:27.050 --> 00:28:28.050 It’s gonna be a breeze. 00:28:28.050 --> 00:28:31.799 I’m like okay, that’s a bit different to what I was expecting, but cool. 00:28:31.799 --> 00:28:36.570 JACK: Freaky Clown hops on a train a week later to head to this country to do the work. 00:28:36.570 --> 00:28:42.510 While on the train, he looks over his objectives and it’s simply to gain access to the building. 00:28:42.510 --> 00:28:46.440 He thinks he could probably at least get into the front door and from there, he might be 00:28:46.440 --> 00:28:50.059 able to convince reception that he wants to use the restroom or something. 00:28:50.059 --> 00:28:54.940 Okay, but at the same time, why not try to go to every floor on the building and all 00:28:54.940 --> 00:28:59.300 the buildings in the campus and just try to access as much as possible, just to show his 00:28:59.300 --> 00:29:01.790 client how successful he was? 00:29:01.790 --> 00:29:03.309 He arrives at the building. 00:29:03.309 --> 00:29:07.929 FC: [MUSIC] I turn up at this site and I swear to god, it is the most secure building I have 00:29:07.929 --> 00:29:09.500 ever seen in my life. 00:29:09.500 --> 00:29:14.700 I don’t know what building this guy had looked at, but it wasn’t this one. 00:29:14.700 --> 00:29:23.220 It turned out, afterwards I found out they have three hundred CCTV cameras, internal 00:29:23.220 --> 00:29:24.220 and external. 00:29:24.220 --> 00:29:25.440 They’re watched 24/7. 00:29:25.440 --> 00:29:34.169 They’ve got one really well-guarded entrance and within the building are policemen moving 00:29:34.169 --> 00:29:36.220 in groups of two, and they have guns. 00:29:36.220 --> 00:29:38.630 JACK: These are security guards? 00:29:38.630 --> 00:29:43.370 FC: No, no, no, these are actual, genuine police in this building. 00:29:43.370 --> 00:29:44.799 This is a government site. 00:29:44.799 --> 00:29:47.179 They have proper people in there. 00:29:47.179 --> 00:29:51.880 It’s not just like a flyboy, third-party security group. 00:29:51.880 --> 00:29:53.539 It’s like, genuine people. 00:29:53.539 --> 00:29:55.779 JACK: Okay, this does sound hard. 00:29:55.779 --> 00:29:59.860 FC doesn’t speak the language so his social engineering tricks just don’t work here 00:29:59.860 --> 00:30:02.120 because of the language barrier. 00:30:02.120 --> 00:30:06.179 He can’t even read what any of the signs say on the building. 00:30:06.179 --> 00:30:10.660 So, he takes a closer look at the front door to assess the situation. 00:30:10.660 --> 00:30:12.660 FC: Can’t walk through the front door. 00:30:12.660 --> 00:30:16.840 They’ve got a revolving door with RFID. 00:30:16.840 --> 00:30:20.400 JACK: You need an RFID card just to walk into the front door. 00:30:20.400 --> 00:30:25.100 Yeah, while it’s possible to clone one of these badges and get through the front door, 00:30:25.100 --> 00:30:27.230 the security measures didn’t stop there. 00:30:27.230 --> 00:30:31.011 FC: Once you get into the door, it’s all made of glass so you can see there’s reception 00:30:31.011 --> 00:30:36.700 to your right, there’s two reception staff, there’s four security guards, then there’s 00:30:36.700 --> 00:30:41.840 further security gates like the tiny little sliding glass ones. 00:30:41.840 --> 00:30:45.630 I’m not gonna be able to jump over them, or I’m not gonna be able to distract one 00:30:45.630 --> 00:30:47.980 of the – or both of the security staff. 00:30:47.980 --> 00:30:51.970 There’s only me onsite so I can’t use any distraction mechanisms. 00:30:51.970 --> 00:30:54.169 That’s gonna be really difficult. 00:30:54.169 --> 00:30:56.820 JACK: Front door is out; it’s just too heavily guarded. 00:30:56.820 --> 00:30:59.490 He walks around the back of the building to see what else is there. 00:30:59.490 --> 00:31:01.909 FC: The back door, side door, all of the side doors are shut. 00:31:01.909 --> 00:31:04.669 They’re all one-way exits. 00:31:04.669 --> 00:31:06.200 Everyone has to go through this thing. 00:31:06.200 --> 00:31:11.419 They’ve got a loading bay but that’s pretty well covered with cameras. 00:31:11.419 --> 00:31:14.250 It was like, can I get into the building? 00:31:14.250 --> 00:31:18.270 At this point, I’m thinking no, I literally can’t. 00:31:18.270 --> 00:31:21.960 There’s no way I’m getting into this building whatsoever. 00:31:21.960 --> 00:31:26.700 I actually phoned up my account manager and I said to him look, I can’t do this. 00:31:26.700 --> 00:31:28.190 I’m not getting into this place. 00:31:28.190 --> 00:31:34.169 I’m not even gonna try because to be honest, I can’t speak their language and the only 00:31:34.169 --> 00:31:40.309 thing that is stopping them from shooting me is a letter that’ll be in my back pocket. 00:31:40.309 --> 00:31:43.899 I don’t know if you can picture the scene that was in my head at that time which was 00:31:43.899 --> 00:31:49.710 I break in, I get seen by two policemen who pull guns, who are yelling at me in a foreign 00:31:49.710 --> 00:31:55.370 language, and then I go to pull something out of my pocket as proof that I should be 00:31:55.370 --> 00:31:56.370 there? 00:31:56.370 --> 00:31:58.260 I don’t think that’s gonna go well at all. 00:31:58.260 --> 00:32:00.780 I’m like, I’m not doing it. 00:32:00.780 --> 00:32:01.889 I’m just not doing the thing. 00:32:01.889 --> 00:32:07.260 He goes, I knew you’d say this but you always pull it off, so just think about it overnight 00:32:07.260 --> 00:32:08.500 and go back. 00:32:08.500 --> 00:32:09.980 So, I’m like alright, whatever. 00:32:09.980 --> 00:32:14.350 I recon the building for a couple more days, putting it off as much as I can. 00:32:14.350 --> 00:32:17.110 I’m like shit, how am I gonna get into this building? 00:32:17.110 --> 00:32:19.389 This is truly well-guarded. 00:32:19.389 --> 00:32:26.990 JACK: [MUSIC] FC kept going back to the building to look around at different times of day, 00:32:26.990 --> 00:32:31.110 trying to figure out if there’s any weaknesses at all in this building so that he can get 00:32:31.110 --> 00:32:32.110 in. 00:32:32.110 --> 00:32:36.700 He notices something at the loading bay where the trucks pull up for deliveries. 00:32:36.700 --> 00:32:42.050 He looks around there for any opportunity to get in, but he’s not sure. 00:32:42.050 --> 00:32:45.860 FC: But it has a unique physical layout. 00:32:45.860 --> 00:32:50.760 It’s these [00:35:00] two ramps that come down to the door, so it’s an underground 00:32:50.760 --> 00:32:52.960 loading bay. 00:32:52.960 --> 00:33:00.110 As I’m looking through options into how to get in, I’m up really early one morning 00:33:00.110 --> 00:33:01.269 and I’m looking at the building. 00:33:01.269 --> 00:33:07.139 I just happened to be around the back of the building when I noticed that the sun, at a 00:33:07.139 --> 00:33:13.900 particular time of day, is shining down one of these ramps and is basically just highlighting 00:33:13.900 --> 00:33:14.929 one of the cameras. 00:33:14.929 --> 00:33:21.889 It’s then that I realized that if that sun is shining on that camera at that time, it’s 00:33:21.889 --> 00:33:25.809 probably whited out and it can’t be actually doing anything. 00:33:25.809 --> 00:33:29.370 You can’t be able to see anything unless they’re really lucky and got some really 00:33:29.370 --> 00:33:30.789 good light optics on it. 00:33:30.789 --> 00:33:36.049 It’s probably gonna be the only way in, so I had to wait until that time the next 00:33:36.049 --> 00:33:41.799 day and then quickly run down that ramp and get in through the loading bay whilst it was 00:33:41.799 --> 00:33:45.540 open, and then hope that nobody saw it. 00:33:45.540 --> 00:33:50.330 JACK: Sure enough, that camera wasn’t able to see at that exact time of day because the 00:33:50.330 --> 00:33:51.690 sun was blinding it. 00:33:51.690 --> 00:33:55.850 If you were staring at the footage from that camera, you wouldn’t have seen him walk 00:33:55.850 --> 00:34:00.029 up, you wouldn’t have seen him open the door or go in, but all you would have seen 00:34:00.029 --> 00:34:04.060 is one frame where his foot went into the door. 00:34:04.060 --> 00:34:05.149 This worked. 00:34:05.149 --> 00:34:09.810 FC was in the building and nobody saw him or stopped him. 00:34:09.810 --> 00:34:14.570 FC: I get into the building, I’m into the loading bay, and it’s pretty much empty. 00:34:14.570 --> 00:34:19.290 [MUSIC] There’s some glass doors right at the back going into the offices. 00:34:19.290 --> 00:34:22.450 Yeah, I’m like okay, I’m pretty relieved. 00:34:22.450 --> 00:34:26.369 I’m still expecting someone to turn up any second ‘cause they’re probably pretty 00:34:26.369 --> 00:34:31.710 much on the ball, and I see some people walking past this glass door. 00:34:31.710 --> 00:34:37.349 The door’s locked, right, so it can’t be opened from the loading bay side ‘cause 00:34:37.349 --> 00:34:39.350 I don’t have a key or anything like that. 00:34:39.350 --> 00:34:44.480 I’m banging on the glass trying to get someone’s attention and eventually someone sort of sees 00:34:44.480 --> 00:34:47.190 me and is like, looks at me quizzically through the door. 00:34:47.190 --> 00:34:48.690 I’m like, I forgot my pass. 00:34:48.690 --> 00:34:54.409 I can’t get back in, hoping that they sort of understand English, and I’m gesticulating 00:34:54.409 --> 00:34:56.290 with my arms as much as I can. 00:34:56.290 --> 00:34:58.930 Eventually, he just opens the door for me. 00:34:58.930 --> 00:35:00.910 I’m like okay, cool. 00:35:00.910 --> 00:35:03.390 This is actually pretty cool. 00:35:03.390 --> 00:35:10.540 I walk into the main office area and I walk about, I don’t know, twenty, thirty feet 00:35:10.540 --> 00:35:15.230 to my left, and I take a right. 00:35:15.230 --> 00:35:20.070 Standing in front of me are two of these security guards. 00:35:20.070 --> 00:35:22.420 All I can fixate on is their handguns. 00:35:22.420 --> 00:35:27.160 They’re looking at me and then they sort of just say hello. 00:35:27.160 --> 00:35:31.640 I sort of nod at them and wave, thinking this is never gonna work. 00:35:31.640 --> 00:35:35.130 This is gonna last like, two seconds, and I’m arrested. 00:35:35.130 --> 00:35:37.920 They just nodded at me and walked off. 00:35:37.920 --> 00:35:42.060 I was like, oh my god, have I just got away with that? 00:35:42.060 --> 00:35:44.550 Is that how easy this is gonna be today? 00:35:44.550 --> 00:35:48.680 I wait until they’re out of sight, and I just run. 00:35:48.680 --> 00:35:56.390 I run off, like just peg it down this corridor, up some stairs, until I can find a toilet 00:35:56.390 --> 00:36:02.069 to sort of sit in for a bit and just gather myself and be like oh my god, how the hell 00:36:02.069 --> 00:36:03.290 did I get away with this? 00:36:03.290 --> 00:36:06.609 This has like, been fluke after fluke. 00:36:06.609 --> 00:36:09.550 That was one of the scariest moments, I think, for me. 00:36:09.550 --> 00:36:11.360 JACK: Well, he’s in the building. 00:36:11.360 --> 00:36:15.530 This was his mission but of course, he wants to see what other things he can access. 00:36:15.530 --> 00:36:20.230 After he calms down in the bathroom for a minute, he comes out and carries on, walking 00:36:20.230 --> 00:36:23.990 down the halls, looking for any interesting rooms to pop into. 00:36:23.990 --> 00:36:29.700 FC: This government building had a really nice sort of auditorium for hosting other 00:36:29.700 --> 00:36:33.910 governments and they had a lot of translation booths, etcetera. 00:36:33.910 --> 00:36:41.850 I managed to get into one of the translation booth parts, so where the interpreters sit. 00:36:41.850 --> 00:36:44.680 Whenever you look at a movie and they’re like – got the people with the earpieces 00:36:44.680 --> 00:36:46.530 talking, translating, and stuff. 00:36:46.530 --> 00:36:49.830 That’s where I was stood, in one of these things. 00:36:49.830 --> 00:36:54.540 I started playing with the kit around me and I noticed that there’s actually some really 00:36:54.540 --> 00:37:01.240 good network kit hidden in the cupboards, so I got the cupboard open and I put in a 00:37:01.240 --> 00:37:04.440 Raspberry Pi into the network. 00:37:04.440 --> 00:37:10.490 I just plugged it in, configured it, and then just left it there so that we could remotely 00:37:10.490 --> 00:37:13.349 access that network from outside the building. 00:37:13.349 --> 00:37:15.980 JACK: A Raspberry Pi is just a mini-computer. 00:37:15.980 --> 00:37:17.640 It’s about the size of a deck of cards. 00:37:17.640 --> 00:37:20.839 It’s easy to hide and is perfect for hackers like him. 00:37:20.839 --> 00:37:24.560 His had a cellular connection on it so he could access it from home or anywhere in the 00:37:24.560 --> 00:37:25.560 world. 00:37:25.560 --> 00:37:30.300 Then, once he accesses this Raspberry Pi, he’s on the network inside this building, 00:37:30.300 --> 00:37:34.420 so he’s got inside access to stuff and from there, he can hack into the place further 00:37:34.420 --> 00:37:35.780 if he needs to. 00:37:35.780 --> 00:37:39.950 He keeps exploring this building and something he saw when he was walking around outside 00:37:39.950 --> 00:37:45.370 is that this building complex actually consists of three buildings, and there’s a little 00:37:45.370 --> 00:37:48.990 bridge that connects [00:40:00] each building from one to another. 00:37:48.990 --> 00:37:55.240 He finds the bridge that goes across to the other buildings but there’s a problem; mantraps. 00:37:55.240 --> 00:38:01.319 [MUSIC] A mantrap is like a little glass room just big enough for one person to enter. 00:38:01.319 --> 00:38:06.099 The goal is to remove the option for people to tailgate through the door with you. 00:38:06.099 --> 00:38:10.180 One person enters, the door closes behind them, trapping them in there, and they have 00:38:10.180 --> 00:38:11.490 to show their ID. 00:38:11.490 --> 00:38:17.300 That might be a badge or a fingerprint, or an eye scan which proves their identity and 00:38:17.300 --> 00:38:20.800 the opposite door opens, allowing them through. 00:38:20.800 --> 00:38:24.420 Many also check the weight to make sure you aren’t carrying anything big through, or 00:38:24.420 --> 00:38:26.400 that two people aren’t coming through together. 00:38:26.400 --> 00:38:30.240 Now, I probably would have looked at this and said forget it; it’s impossible to get 00:38:30.240 --> 00:38:32.480 through that, and go somewhere else. 00:38:32.480 --> 00:38:34.700 But FC thinks of this differently. 00:38:34.700 --> 00:38:37.990 FC: Yeah, but this is the point, right? 00:38:37.990 --> 00:38:41.880 My job is not to get in and do the thing. 00:38:41.880 --> 00:38:47.670 Whatever the goal is, whatever the client wants me to do, that’s not really my job. 00:38:47.670 --> 00:38:51.940 My job is to push the boundaries until I get caught. 00:38:51.940 --> 00:38:56.200 JACK: He’s determined to get across this bridge into that other building, but in order 00:38:56.200 --> 00:39:01.680 to do that, he would first have to go through one mantrap just to get onto the bridge, and 00:39:01.680 --> 00:39:05.530 then once he’s across the bridge, he has to go through another mantrap to get into 00:39:05.530 --> 00:39:06.530 the next building. 00:39:06.530 --> 00:39:11.530 FC: I had to basically tailgate through those and that becomes a little bit more awkward 00:39:11.530 --> 00:39:16.109 because if you’re in a mantrap, you generally don’t have a lot of room. 00:39:16.109 --> 00:39:23.440 I waited until I found someone that kind of looked a bit nervous anywhere; the milk toast-type 00:39:23.440 --> 00:39:28.480 person where they’re just not very confident and you know they’re not gonna answer you 00:39:28.480 --> 00:39:32.200 back or anything like that if you get argumentative with them. 00:39:32.200 --> 00:39:37.700 I saw this one guy and he must have been mid-twenties, something like that, quite young, looked nervous 00:39:37.700 --> 00:39:40.220 as hell, maybe his first week or whatever. 00:39:40.220 --> 00:39:45.980 He goes into the mantrap and I literally just run straight into him, slam straight into 00:39:45.980 --> 00:39:48.932 him and we’re like oh my god, sorry mate, I didn’t see you there. 00:39:48.932 --> 00:39:50.690 I was trying to get through the mantrap door. 00:39:50.690 --> 00:39:57.450 We’re now face-to-face, almost cheek-to-cheek in this little mantrap as it’s revolving 00:39:57.450 --> 00:39:58.450 round. 00:39:58.450 --> 00:40:04.140 We’re like, sorry, that was really awkward. 00:40:04.140 --> 00:40:08.401 He doesn’t know what to do with himself and I’m just trying to make it more and 00:40:08.401 --> 00:40:10.150 more awkward by getting closer and closer. 00:40:10.150 --> 00:40:14.840 I didn’t need to; there was plenty of room for two people in there but the more awkward 00:40:14.840 --> 00:40:22.140 you make it, the more likely they are not to confront you about it. 00:40:22.140 --> 00:40:26.230 We get out of that one mantrap and we go to the next one and obviously, it’s not expecting 00:40:26.230 --> 00:40:29.109 two people so I have to cram in with him again. 00:40:29.109 --> 00:40:33.369 Now it’s slightly less awkward for him; this is now the second time he’s been in 00:40:33.369 --> 00:40:40.089 very close proximity to me, but he still doesn’t know how to react to this, so I’m just trying 00:40:40.089 --> 00:40:44.630 to wait for this door to revolve around and we get out to the other side. 00:40:44.630 --> 00:40:50.990 I know this building is the one that has the main entrance to the main exit point, as well. 00:40:50.990 --> 00:40:55.490 I say sorry to him again and I sort of go off in the opposite direction. 00:40:55.490 --> 00:41:00.680 Probably the weirdest thing that’s probably ever happened to him in his entire career. 00:41:00.680 --> 00:41:02.550 I run down some stairs. 00:41:02.550 --> 00:41:05.359 I get into the main reception area. 00:41:05.359 --> 00:41:07.110 JACK: He’s now at the front entrance. 00:41:07.110 --> 00:41:11.450 He wants to try to leave the building in order to accomplish this mission but to get out, 00:41:11.450 --> 00:41:12.970 there’s a little gate. 00:41:12.970 --> 00:41:18.940 There’s a reception desk and a security desk but remember, you need a badge just to 00:41:18.940 --> 00:41:23.980 open the front door and then another badge to get through this gate to get into the building. 00:41:23.980 --> 00:41:30.380 FC: All I’m doing is thinking oh my god, what if they need the tag to get out? 00:41:30.380 --> 00:41:36.480 [MUSIC] I’m gonna approach a security desk and the security guard’s there, and if it 00:41:36.480 --> 00:41:38.850 needs a tag to get out, I’m kind of screwed. 00:41:38.850 --> 00:41:43.650 I’m trying to put on a brave face as I go up to this exit and thankfully, it’s just 00:41:43.650 --> 00:41:48.450 an infrared beam that detects if someone’s there and it just opens the gate, and I walk 00:41:48.450 --> 00:41:49.730 through. 00:41:49.730 --> 00:41:57.859 Okay, I really hope that I’m gonna make it between these security gates and the door 00:41:57.859 --> 00:41:59.290 which is only like, thirty feet. 00:41:59.290 --> 00:42:04.880 But if someone is gonna stop me at any point, it’s gonna be now. 00:42:04.880 --> 00:42:11.260 I sort of just pushed the door open, walk out, out onto the street, and then run away. 00:42:11.260 --> 00:42:14.190 Like I say, there’s always running to do in social engineering. 00:42:14.190 --> 00:42:15.380 JACK: Nice. 00:42:15.380 --> 00:42:19.339 He did it; he accomplished the objective which was just to get into the building. 00:42:19.339 --> 00:42:23.920 Not only that, he got into two buildings and planted a Raspberry Pi for further exploitation 00:42:23.920 --> 00:42:24.920 later. 00:42:24.920 --> 00:42:28.609 Now, FC likes to try to dress like the people who are supposed to be in that building, and 00:42:28.609 --> 00:42:31.450 this way he can blend in better and looks like he belongs. 00:42:31.450 --> 00:42:36.150 FC: I always dress how my target audience is. 00:42:36.150 --> 00:42:41.690 I broke in the first time, the beginning of the week, into this building, looking exactly 00:42:41.690 --> 00:42:43.369 the same as everyone else. 00:42:43.369 --> 00:42:46.300 No one really paid me any mind. 00:42:46.300 --> 00:42:49.819 Broke out, [00:45:00] went back the next day slightly dressed down. 00:42:49.819 --> 00:42:52.589 Again, no one spotted me. 00:42:52.589 --> 00:42:57.890 By the third or fourth time, I was dressing a complete slob. 00:42:57.890 --> 00:43:02.609 I had like, really ripped jeans, I was still wearing my baseball cap, I had a fake tattoo 00:43:02.609 --> 00:43:09.260 sleeve on, T-shirt with the logo on it, all the stuff that they shouldn’t be allowed 00:43:09.260 --> 00:43:11.380 to wear in this building. 00:43:11.380 --> 00:43:13.790 Nobody was still paying attention. 00:43:13.790 --> 00:43:21.300 [MUSIC] Part of my job is to take photographs of evidence of where I’ve got to so I’m 00:43:21.300 --> 00:43:24.520 thinking okay, I need to step this up a little bit. 00:43:24.520 --> 00:43:30.170 I go back down to reception and I’m like hey, I forgot my jacket. 00:43:30.170 --> 00:43:32.920 It’s upstairs; I need to get something out of my car. 00:43:32.920 --> 00:43:35.150 Can you let me back in when I come back? 00:43:35.150 --> 00:43:37.950 The receptionist is like yeah, sure, no problem. 00:43:37.950 --> 00:43:43.599 I go out to my car and I get a massive SLR camera with a huge lens on it. 00:43:43.599 --> 00:43:47.930 I come back in and the receptionist, funnily, let’s be back into the building ‘cause 00:43:47.930 --> 00:43:50.370 she assumes that I work there, right? 00:43:50.370 --> 00:43:54.850 I walk back up onto the – I think it was the Finance and HR floor and it’s quite 00:43:54.850 --> 00:43:55.850 a restricted floor. 00:43:55.850 --> 00:43:58.820 I’m like alright, how much can I push this? 00:43:58.820 --> 00:44:05.210 I stand on a chair which is not normal office behavior, or at least, the offices I worked. 00:44:05.210 --> 00:44:11.609 I stand on the chair and I start taking photos with this massive camera, of unlocked desktops 00:44:11.609 --> 00:44:15.250 and all sorts of security issues. 00:44:15.250 --> 00:44:18.420 When all of a sudden, this woman appears from out of nowhere. 00:44:18.420 --> 00:44:19.710 She’s like, excuse me, sir? 00:44:19.710 --> 00:44:24.200 I’m like oh great, someone’s finally spotted me and is going to ask what the hell I’m 00:44:24.200 --> 00:44:25.200 doing there, right? 00:44:25.200 --> 00:44:29.290 She’s like excuse me sir, are we gonna be in a magazine? 00:44:29.290 --> 00:44:32.760 I’m like, kind of. 00:44:32.760 --> 00:44:35.309 Let me just carry on taking some photos. 00:44:35.309 --> 00:44:37.490 It’s bizarre what you can get away with. 00:44:37.490 --> 00:44:41.770 JACK: By the time the assessment was over, Freaky Clown had gained access to all three 00:44:41.770 --> 00:44:46.349 buildings and had poked around on every floor of each of them. 00:44:46.349 --> 00:44:51.090 While the front door and exterior looked impenetrable, he still found numerous ways to get in which 00:44:51.090 --> 00:44:54.520 allowed him to build a report for his client who was happy to see all the ways they can 00:44:54.520 --> 00:44:55.520 improve security. 00:44:55.520 --> 00:44:59.190 Obviously, they had taken this very seriously so they wanted to make it better. 00:44:59.190 --> 00:45:03.800 Over time, FC has done many more penetration tests and physical assessments, and one thing 00:45:03.800 --> 00:45:07.010 he keeps getting jobs doing is breaking into banks. 00:45:07.010 --> 00:45:11.990 FC: At one point I was breaking into eight high street banks a week. 00:45:11.990 --> 00:45:15.710 This is how many I was doing at one point. 00:45:15.710 --> 00:45:20.410 We – working down the country to all these banks and one of the area managers didn’t 00:45:20.410 --> 00:45:25.280 understand the test or the point of the test, and he thought we were there to really show 00:45:25.280 --> 00:45:26.869 him up. 00:45:26.869 --> 00:45:32.490 What he did was he called all of his branches and told them that we were coming in which 00:45:32.490 --> 00:45:33.490 is a big no-no. 00:45:33.490 --> 00:45:40.380 I walk up to this high street bank and I’m just sort of ushered to one side which is 00:45:40.380 --> 00:45:45.059 a bit odd for the story that I’ve given them, which I’m not gonna give you because 00:45:45.059 --> 00:45:49.760 that would get you access into basically any bank, right? 00:45:49.760 --> 00:45:53.050 I get ushered to the side and I’m like okay, this is a bit odd. 00:45:53.050 --> 00:45:57.900 Ten minutes go past, twenty minutes go past, and I’m like oh man, this is not going right. 00:45:57.900 --> 00:46:00.420 All of a sudden, blue flashing lights appear. 00:46:00.420 --> 00:46:02.690 They have a armed response coming to the bank. 00:46:02.690 --> 00:46:06.310 It’s like oh mate, what have you done? 00:46:06.310 --> 00:46:11.070 I had to explain to them what my role was and what my job was, and I was there really 00:46:11.070 --> 00:46:17.329 trying to rob the bank but not really as a criminal, which is always an interesting conversation 00:46:17.329 --> 00:46:18.329 to have with police. 00:46:18.329 --> 00:46:21.890 JACK: Now, when a social engineer gets caught, typically they try to figure out a way out 00:46:21.890 --> 00:46:27.250 of this situation, to lie or make up a story just to get out of it. 00:46:27.250 --> 00:46:31.430 But since the actual police were involved, he knew he had to come clean with why he was 00:46:31.430 --> 00:46:32.430 there. 00:46:32.430 --> 00:46:36.660 FC: There’s a couple of fails in this; was one, the client telling the branch that I 00:46:36.660 --> 00:46:39.680 was coming, but two, the branch massively panicked. 00:46:39.680 --> 00:46:44.040 There’s a whole set of policies and procedures that they should go through if they think 00:46:44.040 --> 00:46:45.510 they’re under attack like this. 00:46:45.510 --> 00:46:50.170 What they did was, they circumvented most of them and went straight to calling the police. 00:46:50.170 --> 00:46:57.160 The interesting there is, if they were charged with wasting police time, and you can only 00:46:57.160 --> 00:47:05.470 have about three to five of those per year before you get blacklisted, so if they had 00:47:05.470 --> 00:47:10.020 any more of those, then they’re not gonna get armed response that quickly ‘cause it’s 00:47:10.020 --> 00:47:12.619 just gonna be – the police will be like well, they’re wasting our time. 00:47:12.619 --> 00:47:17.530 It’s a ridiculous rule but it does happen. 00:47:17.530 --> 00:47:19.980 They really messed up with that one really badly. 00:47:19.980 --> 00:47:26.550 But the interesting thing there is, I obviously have a letter explaining who I am and what 00:47:26.550 --> 00:47:29.220 I’m there to do, and I have authorization, etc. 00:47:29.220 --> 00:47:33.900 But this was one of the very few times that I’ve ever had to produce it. 00:47:33.900 --> 00:47:40.970 But the thing is, I’m always carrying two; the second one is actually a fake. 00:47:40.970 --> 00:47:46.980 That fake one has basically the same information but with numbers that relate to a [00:50:00] 00:47:46.980 --> 00:47:47.980 colleague’s. 00:47:47.980 --> 00:47:52.099 So, when the branch manager phoned it up, they were actually phoning a friend of mine. 00:47:52.099 --> 00:47:56.550 He said no, no, no, he should definitely be there because we’re testing that procedure 00:47:56.550 --> 00:47:57.550 as well. 00:47:57.550 --> 00:48:01.400 Are they doing everything that’s written on the letter which says phone them using 00:48:01.400 --> 00:48:03.030 your internal phone system? 00:48:03.030 --> 00:48:04.910 Don’t use the numbers that are here. 00:48:04.910 --> 00:48:07.680 If they’re not following that, then that’s another fail for them. 00:48:07.680 --> 00:48:12.140 JACK: Yeah, when the police are involved, you just don’t want to play games with them. 00:48:12.140 --> 00:48:15.809 He had to come clean on everything and they called all the people who he said gave him 00:48:15.809 --> 00:48:17.510 permission to do this. 00:48:17.510 --> 00:48:21.500 They found that everything was legit, so they let him go. 00:48:21.500 --> 00:48:25.510 But Freaky Clown doesn’t always go onsite to rob banks. 00:48:25.510 --> 00:48:27.660 Sometimes he can just rob them through the internet. 00:48:27.660 --> 00:48:34.200 FC: [MUSIC] Getting into banks over the internet is probably even easier than physical assessments 00:48:34.200 --> 00:48:41.070 because you can hit anywhere on their environment to get in. 00:48:41.070 --> 00:48:44.990 There’s always loads of little flaws that you can take advantage of. 00:48:44.990 --> 00:48:47.240 JACK: Like, what are some of those flaws? 00:48:47.240 --> 00:48:57.569 FC: A lot of cross-site scripting, a lot of SQL injection, bad configurations of network 00:48:57.569 --> 00:49:06.490 defenses, using some interesting techniques where you blend a bit of the physical and 00:49:06.490 --> 00:49:08.750 the digital side. 00:49:08.750 --> 00:49:14.589 Sometimes what we’ve done in the past is created a physical device, break into the 00:49:14.589 --> 00:49:20.910 bank itself, implant that physical device, and then use that to gain access in. 00:49:20.910 --> 00:49:26.349 This really comes back to the whole core of Cygenta; it’s like, if you don’t have 00:49:26.349 --> 00:49:30.819 physical sorted, then it doesn’t really matter how good your defenses are digitally 00:49:30.819 --> 00:49:35.329 because we’ll just use the physical bit to get past all of that. 00:49:35.329 --> 00:49:40.890 Yeah, there’s a ton of techniques that a lot of pen testers use for getting into sites 00:49:40.890 --> 00:49:46.790 but because it’s a bank, it doesn’t make it any better, to be honest. 00:49:46.790 --> 00:49:51.450 They’re generally a little bit more lax in some areas because of – they’re so 00:49:51.450 --> 00:49:54.510 huge, they can’t always update everything that they need to do. 00:49:54.510 --> 00:49:58.890 JACK: While he’s hacking banks’ networks over the internet, he’s sometimes able to 00:49:58.890 --> 00:50:01.680 fill his bank account with money. 00:50:01.680 --> 00:50:07.839 FC: Yeah, so one of the pitches I love to show to kids when we’re doing a lot of outreach 00:50:07.839 --> 00:50:13.940 and I’m talking about how we rob banks and how we do all these fancy things, is I show 00:50:13.940 --> 00:50:19.960 them a picture I took some years ago of an ATM of my account after doing one of these 00:50:19.960 --> 00:50:21.960 assessments. 00:50:21.960 --> 00:50:29.340 What it does, is it shows a picture of about five or six different accounts and in each 00:50:29.340 --> 00:50:32.880 one is more than a million pounds that we’ve taken out. 00:50:32.880 --> 00:50:37.609 Obviously, we have to give the money bank; that’s part of the ethics of it but it shows 00:50:37.609 --> 00:50:43.490 that once you’re into those systems, you can very easily transfer out money to wherever 00:50:43.490 --> 00:50:45.460 you need to. 00:50:45.460 --> 00:50:51.340 A lot of the defenses that banks use are – it’s very complicated because they have people 00:50:51.340 --> 00:50:56.670 that know how to transfer money, like bulk money, and they have people that know the 00:50:56.670 --> 00:50:57.780 computer systems. 00:50:57.780 --> 00:51:03.250 But they have this weird separation where they go okay, the people that know how to 00:51:03.250 --> 00:51:07.869 transfer the money don’t understand the technicalities that they need to circumvent, 00:51:07.869 --> 00:51:12.740 and the people that know how to circumvent the technicalities don’t know how the money-sending 00:51:12.740 --> 00:51:13.960 process works. 00:51:13.960 --> 00:51:20.110 We’re kind of okay with that, but when you get an ethical hacker that comes in that knows 00:51:20.110 --> 00:51:24.109 a bit of both, then that’s when all sorts of trouble can happen. 00:51:24.109 --> 00:51:29.540 Then you can literally just siphon out millions of pounds out of the bank systems into other 00:51:29.540 --> 00:51:30.540 accounts. 00:51:30.540 --> 00:51:34.711 JACK: After hearing this, I think most companies aren’t ready for a skilled social engineer 00:51:34.711 --> 00:51:38.540 to break into the building to try to steal real assets like this. 00:51:38.540 --> 00:51:42.760 Office workers get a yearly security training where they teach you how to spot phishing 00:51:42.760 --> 00:51:47.119 e-mails, but I don’t think it teaches you how to handle a phishing call, or a person 00:51:47.119 --> 00:51:53.660 asking you to open a door for them because they forgot their keys in their jacket upstairs. 00:51:53.660 --> 00:51:56.869 We want to be nice and helpful to others and often, we are. 00:51:56.869 --> 00:52:01.710 It’s often said that the human is the weakest link in security, and scammers and criminals 00:52:01.710 --> 00:52:06.559 can manipulate people to carry out attacks a lot easier than manipulating a computer. 00:52:06.559 --> 00:52:10.859 But what’s also true is the human is often the strongest link, too. 00:52:10.859 --> 00:52:15.690 With the right set of eyes and a well-trained staff, it can drastically reduce the vulnerabilities 00:52:15.690 --> 00:52:17.059 in the office. 00:52:17.059 --> 00:52:22.530 There are troves of stories about how one person ruined an entire plan for some hackers; 00:52:22.530 --> 00:52:26.360 like for instance, when a hacking group broke into a bank and attempted to transfer money 00:52:26.360 --> 00:52:31.700 to their accounts, it was a human who saw that transfer was a little odd and decided 00:52:31.700 --> 00:52:33.609 to flag it to be followed up on. 00:52:33.609 --> 00:52:38.549 Sure enough, it was not an authorized transfer and this one person stopped this cyber-attack 00:52:38.549 --> 00:52:41.930 which took months of planning and preparations. 00:52:41.930 --> 00:52:46.650 I think if you want to have a secure environment, it really needs to be the job of everyone 00:52:46.650 --> 00:52:52.170 [00:55:00] in the office to help keep things secure, starting with the CEO or president, 00:52:52.170 --> 00:52:56.010 and working its way all the way down to the nightly cleaning crew. 00:52:56.010 --> 00:53:00.599 With proper training and education, the human can be the strongest defense to cyber-threats. 00:53:00.599 --> 00:53:06.090 In fact, a lot of times it’s our only hope. 00:53:06.090 --> 00:53:14.630 JACK (OUTRO): [OUTRO MUSIC] Thanks so much to FC, Freaky Clown, for coming on the show 00:53:14.630 --> 00:53:16.020 and telling us your stories. 00:53:16.020 --> 00:53:19.380 This show is made by me, the hash-smasher, Jack Rhysider. 00:53:19.380 --> 00:53:23.900 Sound design was done by the curator Andrew Meriwether, editing help this episode by the 00:53:23.900 --> 00:53:29.700 devilish Damienne, and our theme music is by the space senpai, Breakmaster Cylinder. 00:53:29.700 --> 00:53:34.940 Even though somewhere in the world, a company was just breached and the CISO said how is 00:53:34.940 --> 00:53:36.020 that possible? 00:53:36.020 --> 00:53:37.599 We’re PCI compliant. 00:53:37.599 --> 00:53:46.720 This is Darknet Diaries.