WEBVTT 00:00:02.590 --> 00:00:07.750 JACK: [MUSIC] Okay, so this one time at Defcon – see, Defcon is in Las Vegas and Vegas 00:00:07.750 --> 00:00:08.750 never sleeps. 00:00:08.750 --> 00:00:10.410 Well, neither does Defcon. 00:00:10.410 --> 00:00:14.920 After the conference ends for the night, the place morphs into a night party, so after 00:00:14.920 --> 00:00:18.670 me and some friends spent the whole day at Defcon, we went and ate dinner, freshened 00:00:18.670 --> 00:00:21.650 up, and headed back to Defcon to check out the scene. 00:00:21.650 --> 00:00:25.440 We were told there was this rocking party in this one conference room so we all pop 00:00:25.440 --> 00:00:27.470 in and check it out. 00:00:27.470 --> 00:00:29.160 It was loud, like really loud. 00:00:29.160 --> 00:00:33.250 The room was actually quite small, about the size of a small classroom, and at one end 00:00:33.250 --> 00:00:35.230 of the room was a DJ spinning tunes. 00:00:35.230 --> 00:00:37.800 He looked bored as he was doing it. 00:00:37.800 --> 00:00:42.070 The room had bright red lights everywhere with intense blacklights shining in your face. 00:00:42.070 --> 00:00:47.470 I looked around; there were like me, my three friends, the DJ, and two other guys in this 00:00:47.470 --> 00:00:48.470 room. 00:00:48.470 --> 00:00:51.739 The two other guys were bumping their heads to the DJ but their eyes looked like they 00:00:51.739 --> 00:00:52.989 were lost in deep thought. 00:00:52.989 --> 00:00:54.030 That was it. 00:00:54.030 --> 00:00:55.250 The place was dead. 00:00:55.250 --> 00:00:59.340 Pretty much as soon as I came into the room, I knew this; the music sucked, the lights 00:00:59.340 --> 00:01:00.340 were blinding. 00:01:00.340 --> 00:01:01.340 I wanted to leave right away. 00:01:01.340 --> 00:01:03.110 I scanned the room to look around. 00:01:03.110 --> 00:01:04.860 There’s an ice chest over there. 00:01:04.860 --> 00:01:06.819 Let’s go check it out; it’s empty. 00:01:06.819 --> 00:01:08.189 There’s a photo booth in the corner. 00:01:08.189 --> 00:01:09.189 No, no thank you. 00:01:09.189 --> 00:01:12.210 I told the boys let’s go, this sucks. 00:01:12.210 --> 00:01:13.840 We head for the door. 00:01:13.840 --> 00:01:18.759 I take one last look over my shoulder and I see four girls and two guys come out of 00:01:18.759 --> 00:01:19.759 the photo booth. 00:01:19.759 --> 00:01:24.729 This was a regular sized photo booth, way too small for six people to fit into it. 00:01:24.729 --> 00:01:29.679 The room was so disorienting but I didn’t put that together so we walked out and looked 00:01:29.679 --> 00:01:31.189 for another party. 00:01:31.189 --> 00:01:33.679 We ended up going down to the pool and hanging out there. 00:01:33.679 --> 00:01:36.930 The next day my friend told me about this banging party at Defcon last night. 00:01:36.930 --> 00:01:38.150 I was like where was it? 00:01:38.150 --> 00:01:40.289 He’s like oh, it was in this one conference room. 00:01:40.289 --> 00:01:43.919 I’m like, I was in that exact conference room and that party was not banging. 00:01:43.919 --> 00:01:47.109 He’s like well, did you go through the photo booth? 00:01:47.109 --> 00:01:52.420 Yeah, the photo booth was the doorway into the actual party. 00:01:52.420 --> 00:01:58.799 They staged an entirely fake party just outside the real party to fool me and I was properly 00:01:58.799 --> 00:01:59.799 fooled. 00:01:59.799 --> 00:02:00.799 What a smokescreen. 00:02:00.799 --> 00:02:04.200 Why didn’t I register that six people coming out of a photo booth was weird? 00:02:04.200 --> 00:02:09.180 I don’t know but I feel like this story kind of sums up what Defcon is like. 00:02:09.180 --> 00:02:11.971 There’s crazy stuff happening all over, right in front of your nose. 00:02:11.971 --> 00:02:17.610 You kind of need the right set of eyes to see exactly what’s happening or you’ll 00:02:17.610 --> 00:02:19.180 miss it. 00:02:19.180 --> 00:02:26.350 JACK (INTRO): [INTRO MUSIC] These are true stories from the dark side of the internet. 00:02:26.350 --> 00:02:31.599 I’m Jack Rhysider. 00:02:31.599 --> 00:02:35.040 This is Darknet Diaries. 00:02:35.040 --> 00:02:41.959 [INTRO MUSIC ENDS] 00:02:41.959 --> 00:02:48.890 JACK: It’s summertime. 00:02:48.890 --> 00:02:50.290 You know what that means? 00:02:50.290 --> 00:02:51.549 Summer hacker camp. 00:02:51.549 --> 00:02:55.769 [MUSIC] There’s so many stories that come out of summer hacker camp and I want to talk 00:02:55.769 --> 00:02:56.769 about a few. 00:02:56.769 --> 00:02:58.939 What’s summer hacker camp, you say? 00:02:58.939 --> 00:03:02.180 This is what we call the week around Defcon in Las Vegas. 00:03:02.180 --> 00:03:06.689 See, Defcon is the largest hacking conference in the world but there are like, four or five 00:03:06.689 --> 00:03:11.219 or six or twelve security conferences all happening at the same time that week. 00:03:11.219 --> 00:03:12.510 It’s just crazy. 00:03:12.510 --> 00:03:14.689 First, the week starts out with Black Hat. 00:03:14.689 --> 00:03:17.739 Black Hat is a security conference but it’s more geared towards professionals. 00:03:17.739 --> 00:03:20.749 You’ll see people here wearing the typical business-casual attire. 00:03:20.749 --> 00:03:24.569 There are a lot of vendors all over the place, trying to sell you solutions on keeping your 00:03:24.569 --> 00:03:25.859 network more secure. 00:03:25.859 --> 00:03:29.269 Of course, there’s talks and workshops at Black Hat, too. 00:03:29.269 --> 00:03:34.080 But Black Hat is super expensive so another conference started up at the same time that 00:03:34.080 --> 00:03:36.150 Black Hat is going on but it’s more community-ran. 00:03:36.150 --> 00:03:38.129 It’s called B-Sides. 00:03:38.129 --> 00:03:41.640 While Black Hat is happening, B-Sides, the security conference, is happening just a few 00:03:41.640 --> 00:03:44.110 blocks away and it’s completely free. 00:03:44.110 --> 00:03:48.170 It’s a great place to meet people and socialize with other security-minded folks. 00:03:48.170 --> 00:03:51.069 Here, the dress is more casual; cargo pants, t-shirts, that’s more common. 00:03:51.069 --> 00:03:56.180 At B-Sides you’ll see a lot of amazing talks too from fantastic security professionals. 00:03:56.180 --> 00:04:00.200 A lot of these talks are rejected from Black Hat so some are really great, and only a handful 00:04:00.200 --> 00:04:03.779 of vendors are here so you’re not overwhelmed with [00:05:00] people selling you stuff. 00:04:03.779 --> 00:04:08.079 I should also mention that there are security B-Sides conferences all over the world and 00:04:08.079 --> 00:04:11.200 they’re all community-ran so you might want to check to see if there’s a B-Sides in 00:04:11.200 --> 00:04:13.739 your town and go to that because it’s great. 00:04:13.739 --> 00:04:16.230 Now, as the weekend comes, so does Defcon. 00:04:16.230 --> 00:04:18.010 Defcon is Friday, Saturday, Sunday. 00:04:18.010 --> 00:04:20.120 Defcon at its core is a hacker conference. 00:04:20.120 --> 00:04:22.280 The people you see here are sometimes wearing mohawks. 00:04:22.280 --> 00:04:26.920 They often dress in all black and have a bunch of electronics dangling out of their backpacks. 00:04:26.920 --> 00:04:28.819 The crowd is younger compared to Black Hat, too. 00:04:28.819 --> 00:04:32.440 I’ve ran into many high school kids at Defcon but I’ve never seen a high schooler at Black 00:04:32.440 --> 00:04:33.440 Hat. 00:04:33.440 --> 00:04:35.250 Defcon has talks, a lot of talks. 00:04:35.250 --> 00:04:38.150 There are tracks all over the place on so many subjects. 00:04:38.150 --> 00:04:41.810 There are speakers there who will show you how they’ve hacked into so many things. 00:04:41.810 --> 00:04:43.830 But Defcon is also big on being hands-on. 00:04:43.830 --> 00:04:47.229 There are a ton of villages with all kinds of things to try hacking into. 00:04:47.229 --> 00:04:51.220 There’s a car-hacking village, a picklock village, a voting machine village, a bio-hacking 00:04:51.220 --> 00:04:53.930 village, a social engineering village, and so many more. 00:04:53.930 --> 00:04:57.350 In each of these places you get to learn hands-on how to hack stuff. 00:04:57.350 --> 00:05:00.979 It’s a fantastic way to learn and you can spend your whole time at Defcon never going 00:05:00.979 --> 00:05:03.889 to see a single talk because there’s so much to do. 00:05:03.889 --> 00:05:06.090 Defcon has vendors but these vendors are different. 00:05:06.090 --> 00:05:09.120 They aren’t selling you solutions to keep your network secure. 00:05:09.120 --> 00:05:14.670 They’re selling you hacks and exploits to break into networks; things like antennas, 00:05:14.670 --> 00:05:17.960 lockpicks, electronics, rubber duckies, key loggers, Pwn Plugs, and so much more. 00:05:17.960 --> 00:05:21.580 It’s so much fun to wander the vendor hall and see all the latest tech that you can just 00:05:21.580 --> 00:05:24.840 pick up for a few bucks and start practicing hacking in just a few minutes. 00:05:24.840 --> 00:05:30.300 Oh, and while at Defcon, there are many other conferences happening within and around Defcon. 00:05:30.300 --> 00:05:37.509 It’s weird but there’s Queercon, Hushcon, Vetcon, Gothcon, and even Deafcon, as in D-E-A-F 00:05:37.509 --> 00:05:38.509 for those hard-of-hearing. 00:05:38.509 --> 00:05:41.129 There’s Roots which is a conference just for kids. 00:05:41.129 --> 00:05:45.069 There’s also Diana Initiative which is a conference that focuses on women in security 00:05:45.069 --> 00:05:46.069 careers. 00:05:46.069 --> 00:05:49.630 Yeah, there’s a dozen cons going on all over town. 00:05:49.630 --> 00:05:54.169 The week of August 5th in Las Vegas, Nevada is the place to be for security professionals 00:05:54.169 --> 00:05:55.169 around the world. 00:05:55.169 --> 00:05:59.020 I could go on and on about all there is to do at Defcon but what I want to talk about 00:05:59.020 --> 00:06:01.039 for the rest of this episode are the contests. 00:06:01.039 --> 00:06:05.470 There are so many contests at Defcon too, and here is where I learned the most. 00:06:05.470 --> 00:06:09.640 I love joining contests with one goal; the goal is to not get last place. 00:06:09.640 --> 00:06:12.960 If I can beat anyone else, I feel like it’s a victory for me. 00:06:12.960 --> 00:06:15.970 But let me tell you, it’s not so easy to do that. 00:06:15.970 --> 00:06:19.259 There are contests on cracking passwords like who can crack the most amount of passwords 00:06:19.259 --> 00:06:20.259 in a weekend. 00:06:20.259 --> 00:06:25.110 There’s writing contests, and beard contests, and scavenger hunts, and a bunch of trivia 00:06:25.110 --> 00:06:26.110 contests, and so many more. 00:06:26.110 --> 00:06:29.080 But one year there was a contest I just couldn’t ignore. 00:06:29.080 --> 00:06:32.659 The thing is, I didn’t even know it was a contest. 00:06:32.659 --> 00:06:34.360 Here’s what happened. 00:06:34.360 --> 00:06:36.000 [MUSIC] This was Defcon 19. 00:06:36.000 --> 00:06:37.580 The year was 2011. 00:06:37.580 --> 00:06:40.270 Upon registering into Defcon, you’re given a little badge. 00:06:40.270 --> 00:06:43.879 Now this badge serves one purpose; it’s your pass into Defcon. 00:06:43.879 --> 00:06:46.090 Without it, security will stop you and throw you out. 00:06:46.090 --> 00:06:50.272 But being a hacker con, a paper badge is kind of easy to counterfeit, right? 00:06:50.272 --> 00:06:55.250 The organizers started making electronic badges, ones that had little blinking lights at first, 00:06:55.250 --> 00:06:56.729 and then LCD screens. 00:06:56.729 --> 00:07:00.289 Then one year a badge had a microphone built into it, and eventually these badges became 00:07:00.289 --> 00:07:03.190 pretty elaborate little electronic devices. 00:07:03.190 --> 00:07:07.020 People loved it but it was kind of a pain to design a new cool electronic gizmo every 00:07:07.020 --> 00:07:11.840 year so the organizers decided to do an electronic badge one year, and a non-electronic badge 00:07:11.840 --> 00:07:12.840 the next. 00:07:12.840 --> 00:07:18.550 At Defcon 19, the badges that were given were simply a solid metal, non-electronic. 00:07:18.550 --> 00:07:20.580 Some say it was even made out of titanium. 00:07:20.580 --> 00:07:24.970 I paid for my ticket into Defcon and was given one of these metal badges. 00:07:24.970 --> 00:07:27.870 It was a dark grey, metallic-looking thing. 00:07:27.870 --> 00:07:33.180 It was round and had an eye of Horus cut out in the middle of it and it simply said H3 00:07:33.180 --> 00:07:34.409 on it. 00:07:34.409 --> 00:07:37.909 No mention of Defcon on the badge itself which was kind of weird. 00:07:37.909 --> 00:07:41.759 The H stood for human which is what the standard admission is to Defcon. 00:07:41.759 --> 00:07:45.539 Some said V and that’s for vendors, and some said S; that’s for speakers. 00:07:45.539 --> 00:07:46.729 Some said G for goon. 00:07:46.729 --> 00:07:48.259 Those are the security guards. 00:07:48.259 --> 00:07:50.409 Yeah, even the security guards have badges. 00:07:50.409 --> 00:07:54.949 But connected to the badge was a lanyard, and on the lanyard, it said Defcon 19. 00:07:54.949 --> 00:07:57.449 That’s the only English it had. 00:07:57.449 --> 00:08:01.419 But what it also had was a lot of strings of ones and zeroes. 00:08:01.419 --> 00:08:06.539 These strings were thirteen characters long and there were fifteen strings of these. 00:08:06.539 --> 00:08:08.630 These ones and zeroes weren’t printed here by accident. 00:08:08.630 --> 00:08:11.719 I knew this was some kind of puzzle so I started poking at it. 00:08:11.719 --> 00:08:14.639 Nothing in my mind is thirteen characters long, though. 00:08:14.639 --> 00:08:19.300 It’s not IPv4 or IPv6, not ASCII, not hex. 00:08:19.300 --> 00:08:21.090 Hm. 00:08:21.090 --> 00:08:24.270 When you register at Defcon, you’re given a schedule, too, a little black book. 00:08:24.270 --> 00:08:27.699 I was looking at the book and on Page 4, something stood out. 00:08:27.699 --> 00:08:30.699 It said HACKUPONXYLEM. 00:08:30.699 --> 00:08:35.330 For some reason, the way it looked, it had similar symbols as the lanyard so I copied 00:08:35.330 --> 00:08:38.270 all the ones and zeroes off the lanyard and put them in a row. 00:08:38.270 --> 00:08:41.730 I tried to put the clues together somehow. 00:08:41.730 --> 00:08:46.650 Strangely enough, HACKUPONXYLEM also had thirteen characters in it. 00:08:46.650 --> 00:08:51.830 By arranging it all in the right way, HACKUPONXYLEM became the key to unlock what the lanyard 00:08:51.830 --> 00:08:53.030 was saying. 00:08:53.030 --> 00:09:00.090 By doing this I discovered the hidden message was LAUNCHKEYNOPMYX. 00:09:00.090 --> 00:09:02.070 Now I have a launch key, but what’s this for? 00:09:02.070 --> 00:09:05.460 [00:10:00] There was a strange URL in the book with X’s in it. 00:09:05.460 --> 00:09:11.800 I typed the URL with NOPMYX in where the X’s are and boom, it gave me a secret web page. 00:09:11.800 --> 00:09:14.350 The secret website said something like ‘You have discovered us. 00:09:14.350 --> 00:09:16.310 We are the Brotherhood of Horus. 00:09:16.310 --> 00:09:19.370 We have accepted your launch code and the sleeper agents are now active.’ 00:09:19.370 --> 00:09:23.660 It went on to say that there are sleeper agents at Defcon that are infiltrating Project Xylem 00:09:23.660 --> 00:09:26.430 and that I must find them and expose them. 00:09:26.430 --> 00:09:30.390 The website went on to show me ten pictures of these agents, and each picture looked like 00:09:30.390 --> 00:09:31.890 a spy took them. 00:09:31.890 --> 00:09:33.160 This was getting serious now. 00:09:33.160 --> 00:09:36.830 There was a note saying that I was now part of the Brotherhood of Horus. 00:09:36.830 --> 00:09:39.200 I think I just got recruited to help out. 00:09:39.200 --> 00:09:42.930 I think this Brotherhood of Horus group was trying to send a message out to get someone 00:09:42.930 --> 00:09:47.350 to help but didn’t want it to be too obvious or the sleeper agents would know. 00:09:47.350 --> 00:09:48.350 It was on. 00:09:48.350 --> 00:09:49.660 I was ready for this. 00:09:49.660 --> 00:09:51.420 Forget about the talks I wanted to go to. 00:09:51.420 --> 00:09:53.520 I wanted to play this game. 00:09:53.520 --> 00:09:54.870 Time for the next clue. 00:09:54.870 --> 00:09:59.200 The website told me I had to get an Ace of spades and hand it to one of the sleeper agents 00:09:59.200 --> 00:10:02.550 but I have to write the password on the card. 00:10:02.550 --> 00:10:04.910 When I give it to the agent, they will look at the Ace of spades. 00:10:04.910 --> 00:10:09.400 If it’s the right password, they’ll then give me the inside information I need. 00:10:09.400 --> 00:10:15.020 I was told to do this as discrete as possible or else the agents will not do it. 00:10:15.020 --> 00:10:18.300 Okay, this is getting good but I need a password. 00:10:18.300 --> 00:10:19.600 What’s the password? 00:10:19.600 --> 00:10:20.600 NOPMYX? 00:10:20.600 --> 00:10:21.650 No, that’s just the launch code. 00:10:21.650 --> 00:10:24.013 I don’t want to blow this and try NOPMYX and it not work. 00:10:24.013 --> 00:10:27.320 I think I better look for another password. 00:10:27.320 --> 00:10:29.780 The bottom of the pages in Defcon had a little puzzle. 00:10:29.780 --> 00:10:33.900 It took me a long time but I solved what it said and it said ‘Find code word ghost.’ 00:10:33.900 --> 00:10:36.260 I looked all over the conference for a ghost. 00:10:36.260 --> 00:10:40.960 I didn’t see one but there were huge pieces of artwork stuck to the floor of the conference, 00:10:40.960 --> 00:10:46.070 giant circles with the words Defcon on them, but with lots of strange symbols, too. 00:10:46.070 --> 00:10:50.480 One had Japanese writing on it so I stood there and profiled people, looking for anyone 00:10:50.480 --> 00:10:52.630 who I might know they speak Japanese. 00:10:52.630 --> 00:10:56.610 I asked people and eventually found someone who could read Japanese. 00:10:56.610 --> 00:10:59.600 He told me the Japanese symbol on the floor said ‘ghost.’ 00:10:59.600 --> 00:11:03.260 Hah, I found the code word ghost. 00:11:03.260 --> 00:11:08.050 This led me to a logic puzzle which I had to solve to find another clue, but I still 00:11:08.050 --> 00:11:09.570 didn’t have the password. 00:11:09.570 --> 00:11:12.950 At this point, running all over the conference, looking for clues and standing on top of them 00:11:12.950 --> 00:11:17.270 for thirty minutes at a time, writing things down and asking people for help, I started 00:11:17.270 --> 00:11:21.000 finding other people who were solving the same puzzle as me. 00:11:21.000 --> 00:11:23.860 [MUSIC] We started trading information. 00:11:23.860 --> 00:11:28.500 I told them how I solved one thing and then they would tell me what that password was. 00:11:28.500 --> 00:11:30.430 The password was ‘little sister.’ 00:11:30.430 --> 00:11:31.430 Excellent. 00:11:31.430 --> 00:11:34.790 Me and a friend found an Ace of spades and we wrote ‘little sister’ on it and started 00:11:34.790 --> 00:11:36.440 looking for sleeper agents. 00:11:36.440 --> 00:11:38.300 But this was hard. 00:11:38.300 --> 00:11:42.840 I was looking for one of ten people in a crowd of ten thousand people. 00:11:42.840 --> 00:11:46.810 All I had was their picture, too, not like I can ask for names or anything. 00:11:46.810 --> 00:11:52.090 I stood in the hallway staring at every person walking by, trying to recognize if any of 00:11:52.090 --> 00:11:54.340 them matched the faces in the photos. 00:11:54.340 --> 00:11:56.380 Nothing. Nobody. 00:11:56.380 --> 00:11:58.680 People were a little weirded out by me too, staring at everyone. 00:11:58.680 --> 00:12:02.530 Then I met another team solving the puzzle and they told me they just saw one of the 00:12:02.530 --> 00:12:03.740 agents in the vendor area. 00:12:03.740 --> 00:12:06.120 Quickly, I ran down and spotted them. 00:12:06.120 --> 00:12:09.410 He had a Z on his badge which was really strange. 00:12:09.410 --> 00:12:13.920 At this point I realized I’m playing an ARG, an Alternate Reality Game, a game that 00:12:13.920 --> 00:12:17.820 combines the real world with fantasy and I was having a blast. 00:12:17.820 --> 00:12:20.810 I very casually walked up to him, handed him the card. 00:12:20.810 --> 00:12:21.810 I said nothing. 00:12:21.810 --> 00:12:26.490 He looked at the card, looked around for a moment, and told me the code. 00:12:26.490 --> 00:12:28.490 ‘Candy.’ Candy? 00:12:28.490 --> 00:12:30.070 That’s it? 00:12:30.070 --> 00:12:35.350 I typed it into the website, that mysterious URL we saw earlier, and ‘candy’ worked. 00:12:35.350 --> 00:12:40.130 I was supposed to send a message to something, but the something was garbled. 00:12:40.130 --> 00:12:43.410 I had the message but I didn’t know where to send it. 00:12:43.410 --> 00:12:46.640 I had to solve this little puzzle to figure out what it was, and it turned out to be an 00:12:46.640 --> 00:12:47.640 e-mail address. 00:12:47.640 --> 00:12:51.880 I sent the message to the e-mail address and somebody responded on the e-mail which gave 00:12:51.880 --> 00:12:53.500 me the next clue. 00:12:53.500 --> 00:12:58.730 That clue made me believe that I needed to gather all the different badges at the conference, 00:12:58.730 --> 00:13:03.360 stack them up on top of each other, and then that will give me the key to unlock the code. 00:13:03.360 --> 00:13:08.220 [MUSIC] Me and a few friends started going to every person at the conference, looking 00:13:08.220 --> 00:13:11.980 at their badge to see if it was one I hadn’t seen before, or a new one, or a different 00:13:11.980 --> 00:13:12.980 one. 00:13:12.980 --> 00:13:16.690 I wanted to see the vendor one, the human one, the contestant ones, the black badges, 00:13:16.690 --> 00:13:20.670 the goon badges, and I took a photo of every one and I traced it on a piece of paper. 00:13:20.670 --> 00:13:24.050 I documented it as best I could, every single badge. 00:13:24.050 --> 00:13:25.670 This took hours and hours and hours. 00:13:25.670 --> 00:13:30.495 Finally, I felt like I got them all traced on a piece of paper and when I did that, I 00:13:30.495 --> 00:13:33.080 noticed there were certain notches in some positions. 00:13:33.080 --> 00:13:35.860 I’m starting to think these notches mean something. 00:13:35.860 --> 00:13:39.800 The notches are the key or the code or something but this is madness; I mean, what kind of 00:13:39.800 --> 00:13:42.630 key is a bunch of notches in thirty different badges? 00:13:42.630 --> 00:13:45.210 How do you use that to decipher a string of numbers? 00:13:45.210 --> 00:13:48.920 I couldn’t do it, my friends couldn’t do it, and at this point it’s Sunday now. 00:13:48.920 --> 00:13:50.350 The conference is almost over. 00:13:50.350 --> 00:13:51.350 I gave up. 00:13:51.350 --> 00:13:52.490 I wouldn’t be able to solve this. 00:13:52.490 --> 00:13:54.130 I’ve got to go home soon. 00:13:54.130 --> 00:13:55.370 I start asking around. 00:13:55.370 --> 00:13:57.740 None of the teams have actually solved it. 00:13:57.740 --> 00:14:00.770 We were all stuck on that same exact last step. 00:14:00.770 --> 00:14:04.860 We grabbed a corner [00:15:00] of a conference room at Defcon and all the teams came together 00:14:04.860 --> 00:14:06.200 to try to figure it out. 00:14:06.200 --> 00:14:09.940 We brought a big screen TV in and started putting all the clues on it and discussing 00:14:09.940 --> 00:14:11.330 all the possibilities. 00:14:11.330 --> 00:14:15.470 We went over everything we tried with each other, and this gave us new ideas to try but 00:14:15.470 --> 00:14:17.140 those ideas weren’t working, either. 00:14:17.140 --> 00:14:20.100 The conference was pretty much done now; there were no more talks happening. 00:14:20.100 --> 00:14:21.490 The place was starting to clear out. 00:14:21.490 --> 00:14:22.490 It was closing. 00:14:22.490 --> 00:14:27.330 We were at the end of our time but we needed to solve this so we kept at it, plugging away 00:14:27.330 --> 00:14:29.390 at this last puzzle. 00:14:29.390 --> 00:14:33.440 At this point there were about twenty of us from eight different teams all in the same 00:14:33.440 --> 00:14:35.340 room, sweating over this puzzle. 00:14:35.340 --> 00:14:37.390 At some point one guy squeaked. 00:14:37.390 --> 00:14:40.830 We all looked and he was furiously writing something out on a piece of paper and he said 00:14:40.830 --> 00:14:42.940 hang on, hang on, this might be it. 00:14:42.940 --> 00:14:46.920 He wrote out a string and just like that, the puzzle was solved. 00:14:46.920 --> 00:14:50.350 We quickly e-mailed the clue in and got a response. 00:14:50.350 --> 00:14:51.350 Infiltration successful. 00:14:51.350 --> 00:14:54.010 Congratulations on completing the badge puzzle. 00:14:54.010 --> 00:14:55.010 Yes! 00:14:55.010 --> 00:14:58.180 We all roared with excitement and there were high-fives. 00:14:58.180 --> 00:14:59.530 We solved it. 00:14:59.530 --> 00:15:02.920 The puzzle was created by a guy named Lost and he said he’ll come to us and give us 00:15:02.920 --> 00:15:03.920 the reward. 00:15:03.920 --> 00:15:07.420 We told him we’re in this conference room and he shows up and gives us the prize, a 00:15:07.420 --> 00:15:08.830 black badge. 00:15:08.830 --> 00:15:12.480 It was also made of titanium and looked like The Punisher skull. 00:15:12.480 --> 00:15:16.560 Holy cow, the black badge is the most coveted prize at Defcon. 00:15:16.560 --> 00:15:19.490 Only a few contests have the black badge as a reward. 00:15:19.490 --> 00:15:21.800 It’s like a gold medal for hackers. 00:15:21.800 --> 00:15:27.760 It actually has real value; your black badge gets you free entry to Defcon for life. 00:15:27.760 --> 00:15:29.560 Lost handed it to us. 00:15:29.560 --> 00:15:34.360 We were all smiling and loving this moment, but then he said ‘but we can only have one.’ 00:15:34.360 --> 00:15:36.510 We were like, but there’s twenty of us. 00:15:36.510 --> 00:15:38.790 How are we supposed to split one amongst us all? 00:15:38.790 --> 00:15:41.420 He’s like well, you’ll have to figure that out. 00:15:41.420 --> 00:15:42.420 Sorry, guys. 00:15:42.420 --> 00:15:46.570 We were all pretty mad at this because this is not a puzzle that one person can solve, 00:15:46.570 --> 00:15:48.700 but only one person gets a prize? 00:15:48.700 --> 00:15:49.850 It’s just not fair. 00:15:49.850 --> 00:15:53.470 But that was that, one badge for our group of twenty people. 00:15:53.470 --> 00:15:57.860 Well, we agreed which team should get the badge based on their performance and they’d 00:15:57.860 --> 00:16:00.170 figure out something special to do with it. 00:16:00.170 --> 00:16:03.200 We all exchanged e-mail addresses, went home. 00:16:03.200 --> 00:16:06.280 The next year, lo and behold, that winning team came through. 00:16:06.280 --> 00:16:10.800 [MUSIC] They spent the year making replicas of the black skull badge. 00:16:10.800 --> 00:16:15.200 It looked the same in every way except it was about three-quarter size and they printed 00:16:15.200 --> 00:16:20.260 on the top of it, Brotherhood of Horus, which is what we called ourselves during this challenge. 00:16:20.260 --> 00:16:24.490 This was a cool little trophy to keep and I still have it right here in front of me, 00:16:24.490 --> 00:16:27.291 on my desk, and I look at it all the time. 00:16:27.291 --> 00:16:29.330 You tell me, did I win the black badge? 00:16:29.330 --> 00:16:30.750 I don’t think so. 00:16:30.750 --> 00:16:35.610 I don’t get free passes to Defcon but did I help one-twentieth of the way to get the 00:16:35.610 --> 00:16:36.930 black badge for the team? 00:16:36.930 --> 00:16:38.020 Hell yes, I did. 00:16:38.020 --> 00:16:42.640 I spent my entire Defcon weekend on that one puzzle and I don’t remember a single other 00:16:42.640 --> 00:16:44.480 thing from Defcon 19. 00:16:44.480 --> 00:16:46.690 But that’s what it takes to win these contests. 00:16:46.690 --> 00:16:50.900 If you’re going to compete to win in a contest, it’ll be one of the hardest, craziest weekends 00:16:50.900 --> 00:16:53.160 you’ll ever experience. 00:16:53.160 --> 00:16:56.110 Today the badges at Defcon have gone nutso. 00:16:56.110 --> 00:16:59.250 Because people love those electronic badges so much, people just started making their 00:16:59.250 --> 00:17:00.630 own badges. 00:17:00.630 --> 00:17:04.040 Some designate what hacker group you’re with and some designate what city you’re 00:17:04.040 --> 00:17:05.040 from. 00:17:05.040 --> 00:17:06.490 Others show what skills you have. 00:17:06.490 --> 00:17:10.860 Most people wear them because they’re just fun; blinking lights, little video games, 00:17:10.860 --> 00:17:12.929 swappable parts, Wi-Fi strength meters. 00:17:12.929 --> 00:17:14.509 These things add up quick. 00:17:14.509 --> 00:17:18.649 Many people will just wear ten or more badges around their neck at Defcon, kind of like 00:17:18.649 --> 00:17:19.959 collecting them. 00:17:19.959 --> 00:17:21.600 This is what’s called ‘badge life.’ 00:17:21.600 --> 00:17:27.049 That’s the story about how I kinda, sorta, almost won a black badge. 00:17:27.049 --> 00:17:35.250 But after the break we’ll talk to a guy who won four of them. 00:17:35.250 --> 00:17:39.759 Carnegie Mellon is a university in Pittsburg, Pennsylvania and one of the schools they have 00:17:39.759 --> 00:17:42.429 there is the School of Computer Science. 00:17:42.429 --> 00:17:43.529 Here is where they teach IT. 00:17:43.529 --> 00:17:48.799 TYLER: Basically, there was a computer research group at Carnegie Mellon and it was David 00:17:48.799 --> 00:17:50.000 Brumley’s research group. 00:17:50.000 --> 00:17:54.340 JACK: David Brumley is a professor at Carnegie Mellon who teaches courses on computer security 00:17:54.340 --> 00:17:57.470 and has a research group there who does analysis on security threats. 00:17:57.470 --> 00:18:02.380 TYLER: There are a bunch of people there doing all sorts of interesting computer security 00:18:02.380 --> 00:18:03.380 research. 00:18:03.380 --> 00:18:04.929 One of the researchers was like you know what’d be fun? 00:18:04.929 --> 00:18:07.190 Is if I was playing in CTF or something. 00:18:07.190 --> 00:18:08.860 He’s like oh, you know, maybe I’ll look. 00:18:08.860 --> 00:18:13.059 JACK: He wanted to look around for students to join another CTF team. 00:18:13.059 --> 00:18:14.720 CTF stands [00:20:00] for Capture the Flag. 00:18:14.720 --> 00:18:16.409 It’s a hacker competition. 00:18:16.409 --> 00:18:20.420 Basically, whoever is running the competition hides a flag somewhere in a computer and you 00:18:20.420 --> 00:18:21.420 have to find it. 00:18:21.420 --> 00:18:24.870 It’s not usually an actual flag; it’s like a secret word or something and it’s 00:18:24.870 --> 00:18:27.120 just to prove that if you know it, then you’ll get the points. 00:18:27.120 --> 00:18:31.190 But here’s the thing; in a hacker CTF, they often tell you exactly where the flag is on 00:18:31.190 --> 00:18:34.929 the computer but you just don’t have permission to see it. 00:18:34.929 --> 00:18:38.289 You need to hack into the machine somehow to see it. 00:18:38.289 --> 00:18:42.629 This is great fun because it teaches you how to hack with real hands-on experience. 00:18:42.629 --> 00:18:46.660 One student really wanted to play these and asked his professor, David Brumley. 00:18:46.660 --> 00:18:51.070 David looked around for some online CTF teams for this student to join but came up with 00:18:51.070 --> 00:18:52.070 a different idea. 00:18:52.070 --> 00:18:57.710 TYLER: He was like well, actually, we’ve got all these security researchers here. 00:18:57.710 --> 00:19:02.100 Maybe we should just form a team ourselves and see how that goes. 00:19:02.100 --> 00:19:03.600 Maybe that’d be more fun. 00:19:03.600 --> 00:19:06.289 JACK: The CTF team at Carnegie Mellon was formed. 00:19:06.289 --> 00:19:10.759 The first big CTF that was coming up they all wanted to compete in was called Seesaw. 00:19:10.759 --> 00:19:14.529 This is sort of an entry-level CTF and it only allows students who are undergraduates 00:19:14.529 --> 00:19:15.529 to compete. 00:19:15.529 --> 00:19:20.460 It was at NYU just a few states over but the team needed more people to help and compete. 00:19:20.460 --> 00:19:25.200 TYLER: They were like oh, we should find a couple other people that we know who are in 00:19:25.200 --> 00:19:26.200 security. 00:19:26.200 --> 00:19:29.429 Then myself and one other person joined up. 00:19:29.429 --> 00:19:33.809 JACK: Oh, I should mention this is Tyler we’re talking to and in 2009 he was an undergrad 00:19:33.809 --> 00:19:35.809 student at Carnegie Mellon. 00:19:35.809 --> 00:19:38.389 He just joined this CTF group. 00:19:38.389 --> 00:19:43.429 TYLER: At that time, the captain was a guy called Brian Pak and then there were a few 00:19:43.429 --> 00:19:52.820 other, just a handful of other people so myself and then two other undergrads, and then a 00:19:52.820 --> 00:19:56.380 few grad students who were all interested in computer security stuff. 00:19:56.380 --> 00:20:00.070 JACK: This team wasn’t even studying computer security at this university. 00:20:00.070 --> 00:20:05.279 TYLER: I think we’re all studying computer science in general but happened to be interested 00:20:05.279 --> 00:20:09.200 in security things so that’s how it started, yeah. 00:20:09.200 --> 00:20:12.840 JACK: They started studying for their first CTF, Seesaw. 00:20:12.840 --> 00:20:16.639 When they went to register to compete, they had to come up with a name for themselves 00:20:16.639 --> 00:20:19.559 so they named it PPP which stands for… 00:20:19.559 --> 00:20:21.249 TYLER: Plaid Parliament of Pwning. 00:20:21.249 --> 00:20:26.159 The school color for Carnegie Mellon is plaid which, you know, one could argue isn’t a 00:20:26.159 --> 00:20:27.170 real color. 00:20:27.170 --> 00:20:32.179 Instead of doing PPP it used to be PPoP, Plaid Parliament of Pwning, and we eventually shortened 00:20:32.179 --> 00:20:33.179 that. 00:20:33.179 --> 00:20:36.850 JACK: The Seesaw competition, it was a ways away so in the meantime they began practicing, 00:20:36.850 --> 00:20:37.850 well, hacking. 00:20:37.850 --> 00:20:43.039 TYLER: I remember one of my friends, Andrew, who is one of the first people on the team, 00:20:43.039 --> 00:20:48.269 he’d basically go and we’d be walking around campus or something similar and he’d 00:20:48.269 --> 00:20:52.309 just list off some assembly to me and be like, ‘What does that do?’ 00:20:52.309 --> 00:20:57.129 I’d have to sit there and think or he’d ask me, ‘What’s a function prolog look 00:20:57.129 --> 00:20:59.029 like in an X86 assembly?’ 00:20:59.029 --> 00:21:01.679 Or just kind of weird things like that. 00:21:01.679 --> 00:21:06.200 JACK: [MUSIC] For the team to practice, they would sit down and solve some Jeopardy-style 00:21:06.200 --> 00:21:07.360 CTFs. 00:21:07.360 --> 00:21:10.960 This is where you’re given a challenge to solve and you solve it; maybe something like 00:21:10.960 --> 00:21:14.620 read the contents of this file that you don’t have permission to read or find the hidden 00:21:14.620 --> 00:21:19.049 message in this file, or decrypt these files that you don’t have the key to, or find 00:21:19.049 --> 00:21:21.000 a way into this web server. 00:21:21.000 --> 00:21:24.690 The team would try these things and learn all about hacking, and they got better as 00:21:24.690 --> 00:21:25.690 they went. 00:21:25.690 --> 00:21:26.870 Their confidence was building. 00:21:26.870 --> 00:21:28.411 They were getting better and better. 00:21:28.411 --> 00:21:32.399 Then they headed out to Seesaw to compete in New York for this CTF. 00:21:32.399 --> 00:21:35.280 There were a bunch of other teams competing but there were only three questions. 00:21:35.280 --> 00:21:39.610 You had eight hours to complete it and there was no scoreboard so it was hard to know if 00:21:39.610 --> 00:21:42.539 anyone was doing right or wrong the whole time. 00:21:42.539 --> 00:21:44.580 They did their best, submitted some answers. 00:21:44.580 --> 00:21:45.960 Time was up. 00:21:45.960 --> 00:21:52.380 TYLER: I remember sitting there at the award ceremony and you know how they always go third, 00:21:52.380 --> 00:21:53.380 second, first? 00:21:53.380 --> 00:21:55.990 We were like okay, I hope we did well, I hope we did well. 00:21:55.990 --> 00:21:58.419 They announced third and we were like ah, shoot. 00:21:58.419 --> 00:22:00.870 Okay, well we didn’t get third. 00:22:00.870 --> 00:22:05.929 Then they announced second and we were like oh, that’s the team I would have expected 00:22:05.929 --> 00:22:07.929 to win. That’s weird. 00:22:07.929 --> 00:22:11.580 Then they announced first and it was our team and we were like oh, man. 00:22:11.580 --> 00:22:15.630 We were so excited ‘cause we were very much not expecting that. 00:22:15.630 --> 00:22:18.240 JACK: Whoa, nice, their first big win. 00:22:18.240 --> 00:22:20.029 They actually won money for this competition. 00:22:20.029 --> 00:22:21.990 TYLER: Something really small, I don’t remember. 00:22:21.990 --> 00:22:24.110 It was probably like $500 and a plaque. 00:22:24.110 --> 00:22:31.879 It was a pretty short-lived celebration ‘cause we had to go back to classes after the weekend 00:22:31.879 --> 00:22:37.999 or whatever, so we didn’t get to spend much time doing anything fun but we were all super 00:22:37.999 --> 00:22:43.350 excited because it was a success for us, which we weren’t even expecting. 00:22:43.350 --> 00:22:45.269 JACK: But this win wasn’t small. 00:22:45.269 --> 00:22:49.620 It proved that this small team they formed had big potential so they immediately started 00:22:49.620 --> 00:22:52.690 looking for more CTFs to join and play. 00:22:52.690 --> 00:22:56.429 Winning is addictive and they were going to as many of these hacker competitions as they 00:22:56.429 --> 00:22:57.429 could. 00:22:57.429 --> 00:23:00.169 TYLER: One of the things that was kind of funny for our team that we always joked about 00:23:00.169 --> 00:23:04.070 is we played in all these really obscure Korean CTFs. 00:23:04.070 --> 00:23:11.190 I guess South Korea has always had more of this kind of CTF scene, or at least in the 00:23:11.190 --> 00:23:13.259 early days they did. 00:23:13.259 --> 00:23:20.830 Brian Pak, [00:25:00] who is the founder of PPP, speaks Korean so he’d find us these 00:23:20.830 --> 00:23:25.669 weird CTFs and we’d start playing them and we’d get all these weird things. 00:23:25.669 --> 00:23:29.889 Throughout the year we were playing all these weird obscure CTFs where we’d have to have 00:23:29.889 --> 00:23:33.090 him translate stuff ‘cause we don’t understand what’s going on. 00:23:33.090 --> 00:23:37.249 We started doing pretty well at most of those during the year. 00:23:37.249 --> 00:23:41.330 For some of them we were getting at least Top 3 or so. 00:23:41.330 --> 00:23:47.649 There were a few other competitions; there was ICTF which is run by the University of 00:23:47.649 --> 00:23:51.830 California Santa Barbara which is a super popular one for universities. 00:23:51.830 --> 00:23:54.909 We played in that and did – I think we did okay our first year. 00:23:54.909 --> 00:23:57.750 JACK: This became their obsession for everyone on the team. 00:23:57.750 --> 00:24:01.200 CTF, CTF, CTF all the time, everywhere. 00:24:01.200 --> 00:24:05.240 They were qualifying through online challenges and then when they’d get accepted, they’d 00:24:05.240 --> 00:24:07.039 fly to that place to compete. 00:24:07.039 --> 00:24:09.010 New York, California. 00:24:09.010 --> 00:24:13.230 Many of these CTFs would pay for their flight, and room, and entry if you qualified. 00:24:13.230 --> 00:24:17.190 The team wasn’t winning all that much money but they were still doing really well and 00:24:17.190 --> 00:24:20.190 they were starting to get to know some of the other teams they were competing against, 00:24:20.190 --> 00:24:21.190 too. 00:24:21.190 --> 00:24:23.490 PPP was doing so many more CTFs than anyone else. 00:24:23.490 --> 00:24:32.011 TYLER: If you looked around at the time, most of the other teams would play in maybe three 00:24:32.011 --> 00:24:38.899 competitions a year whereas PPP was playing in twenty or thirty competitions a year. 00:24:38.899 --> 00:24:45.590 It was mostly just a trial by fire where we were just jumping in and doing all the CTF 00:24:45.590 --> 00:24:49.630 problems that we could, and it turns out that that’s a really good way to get very good 00:24:49.630 --> 00:24:50.630 at CTFs. 00:24:50.630 --> 00:24:54.440 JACK: This student-ran team at Carnegie Mellon was picking up some new students, too. 00:24:54.440 --> 00:24:59.749 The only requirement to be in PPP was just to be a student and be interested in security. 00:24:59.749 --> 00:25:02.779 People were fascinated with what this team was doing and they wanted to learn hacking 00:25:02.779 --> 00:25:05.510 too, so they’d come by to a practice session and join up. 00:25:05.510 --> 00:25:09.509 The team started growing a little bit, and because the sheer number of competitions they 00:25:09.509 --> 00:25:13.740 competed in, they learned a lot of tricks on hacking and really refined their skills. 00:25:13.740 --> 00:25:17.860 They were writing their own exploits, learning classic cryptography, and solving cyphers, 00:25:17.860 --> 00:25:20.539 and learning how to reverse-engineer software like pros. 00:25:20.539 --> 00:25:22.700 Let’s talk about reverse-engineering a little bit. 00:25:22.700 --> 00:25:25.159 This is an extremely important skill for these hackers. 00:25:25.159 --> 00:25:30.540 See, what a typical penetration tester does is scan a computer for known vulnerabilities. 00:25:30.540 --> 00:25:34.360 Then when they find that vulnerability, they exploit it using a tool that someone else 00:25:34.360 --> 00:25:35.360 already made. 00:25:35.360 --> 00:25:40.260 But see, here’s where these CTFs are different than penetration tests; some of these advanced 00:25:40.260 --> 00:25:44.809 CTFs, you’re told to exploit some software to get a flag, but the thing is, that software 00:25:44.809 --> 00:25:50.059 was just created specifically for this challenge, meaning it was just created last week and 00:25:50.059 --> 00:25:51.960 there’s no known vulnerability for it. 00:25:51.960 --> 00:25:53.850 Your scanners won’t work here. 00:25:53.850 --> 00:25:58.250 Your off-the-shelf hacking tools don’t work here and you have to somehow find vulnerabilities 00:25:58.250 --> 00:25:59.250 yourself. 00:25:59.250 --> 00:26:01.740 That’s where reverse-engineering comes in. 00:26:01.740 --> 00:26:04.909 Since you can’t look at the source code to see what the software is doing, your only 00:26:04.909 --> 00:26:08.289 option is to look at the machine code in assembly language. 00:26:08.289 --> 00:26:12.270 This is very low-level commands, like you’re almost looking at the ones and zeroes going 00:26:12.270 --> 00:26:14.029 across the wire. 00:26:14.029 --> 00:26:15.820 Not quite, but almost, right. 00:26:15.820 --> 00:26:21.110 You’re looking at where the data is stored and moved and how it’s changed in the memory, 00:26:21.110 --> 00:26:24.749 then piecing all this together to get an idea of what the program does. 00:26:24.749 --> 00:26:29.559 This is what’s called reverse-engineering and you use a disassembler like IDA Pro to 00:26:29.559 --> 00:26:33.690 do that with, completely taking the software apart, looking inside of it, and looking for 00:26:33.690 --> 00:26:34.940 its flaws. 00:26:34.940 --> 00:26:37.350 The team has to do that on some of these challenges. 00:26:37.350 --> 00:26:42.289 It’s crazy hard, super technical, and intense to try to get this done within the time allotted. 00:26:42.289 --> 00:26:47.250 But they kept at it, getting better at it and better at it, doing CTF after CTF for 00:26:47.250 --> 00:26:50.999 a whole year, doing as many challenges that they could. 00:26:50.999 --> 00:26:55.360 One of the big competitions they wanted to compete in was called Codegate which is a 00:26:55.360 --> 00:26:56.910 really big competition in Korea. 00:26:56.910 --> 00:27:02.659 TYLER: We managed to qualify for the competition and managed to convince a bunch of our teachers 00:27:02.659 --> 00:27:09.700 to give us some time off to travel to Korea to play in a hacking competition. 00:27:09.700 --> 00:27:18.910 We went there and you know, all the teams there were the big names in CTF at the time. 00:27:18.910 --> 00:27:23.900 But especially as university students who were going there, these were more like people 00:27:23.900 --> 00:27:28.169 who were in industry or professionals, or things like that. 00:27:28.169 --> 00:27:31.090 JACK: They get all set up and begin the competition. 00:27:31.090 --> 00:27:36.539 TYLER: I know we were doing pretty well through most of it and actually at some parts of the 00:27:36.539 --> 00:27:42.960 game, we ended up getting – we were in first for a little bit but then in the last thirty 00:27:42.960 --> 00:27:49.739 minutes of the twenty-four hour competition, the Swedish team managed to solve something 00:27:49.739 --> 00:27:53.250 else and they got up to first place. 00:27:53.250 --> 00:27:58.769 The end of the competition, it was the Swedish team, and then us, and then a Spanish team. 00:27:58.769 --> 00:28:04.509 But again, for us, the fact that we even got Top 3 was mind-blowing and shocking. 00:28:04.509 --> 00:28:06.419 It was super exciting. 00:28:06.419 --> 00:28:13.050 Also, in contrast to Seesaw where it’s a bunch of American universities which [00:30:00] 00:28:13.050 --> 00:28:19.809 is good, it’s tough competition, but this felt like the real deal. 00:28:19.809 --> 00:28:26.169 Then in the end, I don’t remember exactly, but I think the prize was something like $5,000 00:28:26.169 --> 00:28:34.190 or $10,000 in addition to having all our flights and hotels paid for to South Korea, which 00:28:34.190 --> 00:28:36.799 is a lot. 00:28:36.799 --> 00:28:39.259 Kinda sexier than going to New York from Pittsburg. 00:28:39.259 --> 00:28:41.409 JACK: Now things are heating up. 00:28:41.409 --> 00:28:45.360 For the members of PPP to travel to a prestigious hacker conference, see a lot of the other 00:28:45.360 --> 00:28:49.399 top CTF teams competing there too, and to get second place among them? 00:28:49.399 --> 00:28:50.399 Whoa. 00:28:50.399 --> 00:28:54.230 That means his team really does have a lot of potential and they’re just getting started. 00:28:54.230 --> 00:28:58.289 Soon as they got back home, they immediately started looking for more CTFs to do. 00:28:58.289 --> 00:29:05.340 TYLER: [MUSIC] We basically, almost every weekend, we’d hole up in some building on 00:29:05.340 --> 00:29:10.499 the corner of campus and we’d work on these competitions for twenty-four, forty-eight 00:29:10.499 --> 00:29:11.860 hours straight. 00:29:11.860 --> 00:29:19.770 Then we’d go back to class on Monday but again, if you think about it, running forty 00:29:19.770 --> 00:29:24.409 hours a week for a year, that’s like, two thousand hours. 00:29:24.409 --> 00:29:29.730 Spending two thousand hours or something a year on this after a few years, you start 00:29:29.730 --> 00:29:32.029 to accrue skills pretty quickly. 00:29:32.029 --> 00:29:35.989 JACK: That brings us to Defcon. 00:29:35.989 --> 00:29:36.989 Remember Defcon, right? 00:29:36.989 --> 00:29:40.460 The largest hacker conference in the world with tons of competitions all over the place? 00:29:40.460 --> 00:29:44.470 Well, the most prestigious competition at Defcon is the CTF. 00:29:44.470 --> 00:29:45.950 It’s the main event. 00:29:45.950 --> 00:29:49.270 The Defcon CTF is like the world series of CTFs. 00:29:49.270 --> 00:29:53.059 It’s the most challenging, most competitive, and it earns you the most bragging rights 00:29:53.059 --> 00:29:54.990 of any other CTF. 00:29:54.990 --> 00:29:57.640 The team at PPP decided to give it a try. 00:29:57.640 --> 00:30:00.950 Now, months before Defcon is a qualification for CTF. 00:30:00.950 --> 00:30:03.440 They only accept a certain amount of teams. 00:30:03.440 --> 00:30:05.759 This is played online from anywhere in the world. 00:30:05.759 --> 00:30:09.139 You have a limited amount of time to solve the problems and hack as much stuff as you 00:30:09.139 --> 00:30:10.139 can. 00:30:10.139 --> 00:30:11.519 PPP gave it a shot to qualify. 00:30:11.519 --> 00:30:14.740 TYLER: I think it was a seventy-two-hour competition. 00:30:14.740 --> 00:30:21.259 We played it and we did, I mean, I’d say we did pretty respectable, but we ended up 00:30:21.259 --> 00:30:26.440 in something like 11th or 12th place which was kind of shocking to us ‘cause up to 00:30:26.440 --> 00:30:34.952 that point we had been doing Top 5 or something for most of the competitions we played. 00:30:34.952 --> 00:30:39.809 But one of the things we didn’t realize is there was this second group of people who 00:30:39.809 --> 00:30:46.049 play CTFs but only play in Defcon and a couple other competitions. 00:30:46.049 --> 00:30:53.480 A lot of the people who were in industry didn’t bother playing these smaller contests. 00:30:53.480 --> 00:30:54.480 They’d only play Defcon. 00:30:54.480 --> 00:30:58.159 I wouldn’t say we got our butts kicked, but we didn’t do very well. 00:30:58.159 --> 00:30:59.159 JACK: Whoa. 00:30:59.159 --> 00:31:00.159 See what I mean? 00:31:00.159 --> 00:31:05.179 Even though PPP was hot stuff, winning competitions all over the world, they didn’t even qualify 00:31:05.179 --> 00:31:06.629 for the Defcon CTF. 00:31:06.629 --> 00:31:10.330 Defcon only accepted the Top 10 teams that year and they didn’t make it. 00:31:10.330 --> 00:31:14.100 The teams here are just that high caliber, best in the world at hacking. 00:31:14.100 --> 00:31:16.379 PPP had to go back to practicing. 00:31:16.379 --> 00:31:20.620 [MUSIC] Around this time the school year started back up at Carnegie Mellon which brought some 00:31:20.620 --> 00:31:23.639 new students interested in hacking to help. 00:31:23.639 --> 00:31:27.880 With the summer being over, the PPP team was excited to get back into CTFs. 00:31:27.880 --> 00:31:29.850 TYLER: Everyone’s always excited after summer. 00:31:29.850 --> 00:31:36.519 They’re like this year I’m gonna play CTFs even harder than I did last year, things 00:31:36.519 --> 00:31:37.519 like that. 00:31:37.519 --> 00:31:40.710 JACK: They decided to hit up all the same competitions they did the previous year. 00:31:40.710 --> 00:31:41.809 They went back to Seesaw. 00:31:41.809 --> 00:31:44.659 TYLER: We ended up getting first place for the second time in a row. 00:31:44.659 --> 00:31:49.279 JACK: They did a bunch of smaller online CTFs but then Codegate came up again and this is 00:31:49.279 --> 00:31:51.330 the biggest CTF in Korea. 00:31:51.330 --> 00:31:53.970 Remember last year they got beat out by that Swedish team? 00:31:53.970 --> 00:31:56.879 This year they qualified for it and flew to Korea again to compete. 00:31:56.879 --> 00:32:02.970 TYLER: We managed to get first place which was I think, $20,000 prize money. 00:32:02.970 --> 00:32:06.299 We were quite ecstatic with that. 00:32:06.299 --> 00:32:11.909 Kind of early on, our team has had a lot of Korean influence. 00:32:11.909 --> 00:32:17.440 We played on the early Korean CTFs, a lot of the grad students we had in our early team 00:32:17.440 --> 00:32:22.970 were Korean, so we always had traditions about going out for Korean food and stuff to celebrate 00:32:22.970 --> 00:32:23.970 things. 00:32:23.970 --> 00:32:28.289 We went out, grabbed a whole bunch of food. 00:32:28.289 --> 00:32:33.309 All the other teams, after the conference is done and they break everything down, they 00:32:33.309 --> 00:32:37.230 throw a huge party because the conference is a little bit smaller. 00:32:37.230 --> 00:32:44.639 All of the CTF teams that played in the conference go out to a bar and drink and talk about the 00:32:44.639 --> 00:32:45.639 competition. 00:32:45.639 --> 00:32:52.950 Everyone’s still kind of dreary from not sleeping but excited from the award ceremony 00:32:52.950 --> 00:32:55.129 and everything that just happened. 00:32:55.129 --> 00:33:02.239 It was just really cool to do that and just a lot of fun to hang out and drink and get 00:33:02.239 --> 00:33:07.149 to know all the other teams, and eat delicious food and things like that. 00:33:07.149 --> 00:33:10.269 JACK: This was the biggest victory yet. 00:33:10.269 --> 00:33:13.681 Codegate is a very competitive competition and they walked home with the [00:35:00] grand 00:33:13.681 --> 00:33:20.019 prize of $20,000 which by the way, they saved all this money to use to travel to more CTF 00:33:20.019 --> 00:33:21.019 competitions. 00:33:21.019 --> 00:33:25.049 PPP was definitely making a name for itself in the hacker competitions but they still 00:33:25.049 --> 00:33:27.030 wanted a shot at competing at Defcon. 00:33:27.030 --> 00:33:29.070 Winning that would be a dream come true. 00:33:29.070 --> 00:33:34.240 They kept practicing, CTF after CTF, doing as many competitions as they could. 00:33:34.240 --> 00:33:40.419 TYLER: [MUSIC] At this point it was like, maybe not a CTF every single weekend, but 00:33:40.419 --> 00:33:44.259 it was getting close to it. 00:33:44.259 --> 00:33:49.989 We had done so many CTFs that when the last time that you’ve played in a competition 00:33:49.989 --> 00:33:54.809 is like, two weeks ago, or the week before, you’re not very rusty. 00:33:54.809 --> 00:33:58.570 You’re like, I’m in pretty good shape to play this. 00:33:58.570 --> 00:34:03.330 JACK: [MUSIC] Many of these CTF competitions lasted a full twenty-four hours or forty-eight 00:34:03.330 --> 00:34:05.590 hours, or even seventy-two hours. 00:34:05.590 --> 00:34:09.480 The team had to learn how to manage their time effectively to perform best during this 00:34:09.480 --> 00:34:10.480 time. 00:34:10.480 --> 00:34:13.450 For instance, they’d have their food all picked out and ready to go just so they can 00:34:13.450 --> 00:34:14.610 grab it and keep going. 00:34:14.610 --> 00:34:18.890 They had to figure out other interesting logistics to keep them going the whole time. 00:34:18.890 --> 00:34:22.680 Defcon qualifications came around again and PPP gave it a shot. 00:34:22.680 --> 00:34:25.600 This time they did much better and did qualify. 00:34:25.600 --> 00:34:26.600 Yes! 00:34:26.600 --> 00:34:30.030 Now they’re on their way to the most prestigious hacking conference in the world. 00:34:30.030 --> 00:34:33.470 TYLER: We were finally ready to actually make it to Defcon. 00:34:33.470 --> 00:34:38.740 JACK: Unlike the Seesaw and Codegate hacker challenges which paid for the PPP’s flights 00:34:38.740 --> 00:34:41.590 and hotels, Defcon didn’t pay for anything. 00:34:41.590 --> 00:34:44.320 But it’s okay because they had a decent amount saved from all the winnings of their 00:34:44.320 --> 00:34:45.990 other competitions. 00:34:45.990 --> 00:34:50.000 But another thing that’s different about the Defcon CTF is that this one isn’t Jeopardy-based 00:34:50.000 --> 00:34:52.250 where you have to find the clues. 00:34:52.250 --> 00:34:58.000 This style is called Attack/Defend which was not something PPP had much experience at. 00:34:58.000 --> 00:35:00.990 TYLER: Defcon is completely different. 00:35:00.990 --> 00:35:07.900 It’s pure attack/defense; there’s none of this Jeopardy sit-and-relax and think about 00:35:07.900 --> 00:35:10.000 a problem for a long time. 00:35:10.000 --> 00:35:15.300 Everything is kind of hectic and everything’s on fire. 00:35:15.300 --> 00:35:21.750 You’re in Vegas which honestly kind of sucks, so it’s like everything’s different from 00:35:21.750 --> 00:35:28.520 what we had been used to with like, you go into a room and there’s quiet music in the 00:35:28.520 --> 00:35:33.820 background and you sit and stare at your computer screen, thinking for a long time. 00:35:33.820 --> 00:35:38.880 Defcon’s very much you go in, everything’s loud and there’s bright lights, and you 00:35:38.880 --> 00:35:43.570 have to work as fast as you can before someone breaks into your server and starts breaking 00:35:43.570 --> 00:35:44.570 stuff. 00:35:44.570 --> 00:35:48.620 JACK: Yeah, in the Attack/Defense style of CTFs, other teams are trying to hack into 00:35:48.620 --> 00:35:51.250 your computers and you have to block them from getting in. 00:35:51.250 --> 00:35:55.010 At the same time, you have to attack their servers to see if you can exploit them. 00:35:55.010 --> 00:36:00.650 TYLER: The general setup at Defcon, or most Attack Defense CTFs, is all the teams are 00:36:00.650 --> 00:36:04.540 running a set of network services, up to ten or something. 00:36:04.540 --> 00:36:10.850 JACK: These network services might be a webpage or an FTP server or an e-mail server. 00:36:10.850 --> 00:36:14.790 TYLER: Each of these network services, any team that’s playing in the competition can 00:36:14.790 --> 00:36:17.120 talk to them. 00:36:17.120 --> 00:36:21.880 You have to find the hole by analyzing the code that was given for your service. 00:36:21.880 --> 00:36:27.301 You look at your own thing and you need to find all the security holes in it, or as many 00:36:27.301 --> 00:36:31.470 as you can, and use those to start exploiting other teams. 00:36:31.470 --> 00:36:37.360 When you start exploiting other teams, you can inject backdoors or do whatever clever 00:36:37.360 --> 00:36:42.810 tricks you can to make yourself stay inside of their system no matter what they do. 00:36:42.810 --> 00:36:47.150 As you’re doing this, you have to pull out some data from their system in the form of 00:36:47.150 --> 00:36:52.660 a flag which is basically just a single file that will stay on disk and then rotate every 00:36:52.660 --> 00:36:53.870 five minutes or so. 00:36:53.870 --> 00:36:59.290 Every five minutes you want to prove that you have access to the system by continuously 00:36:59.290 --> 00:37:01.510 stealing the contents of that file. 00:37:01.510 --> 00:37:07.430 Then simultaneously you need to defend your own network either by patching your services, 00:37:07.430 --> 00:37:12.540 by analyzing network traffic, anything like that so that you can prevent other teams from 00:37:12.540 --> 00:37:16.750 using the same attacks that you’re trying to develop against you, or any other attacks 00:37:16.750 --> 00:37:17.750 that they find. 00:37:17.750 --> 00:37:20.280 JACK: This puts a whole new twist on the CTF game style. 00:37:20.280 --> 00:37:24.090 Now you have to strategically think which teams to attack, when to attack them, how 00:37:24.090 --> 00:37:25.270 to attack them. 00:37:25.270 --> 00:37:29.170 It’s probably better to attack yourself first, learn how you’re vulnerable, and 00:37:29.170 --> 00:37:33.180 then use that vulnerability against another team, and at the same time try to figure out 00:37:33.180 --> 00:37:35.850 how to defend yourself from that vulnerability. 00:37:35.850 --> 00:37:39.170 If you do it this way, you’re very quick, in and out of the network before they even 00:37:39.170 --> 00:37:40.170 know it. 00:37:40.170 --> 00:37:43.490 But here’s the other aspect you have to consider; any team that is attacking you, 00:37:43.490 --> 00:37:47.960 you can sniff their incoming packets and try to see how they’re attacking you. 00:37:47.960 --> 00:37:52.730 From here you can sometimes steal their vulnerabilities because they just showed you their hand. 00:37:52.730 --> 00:37:57.170 TYLER: We were playing and during Defcon, because it’s Attack/Defense, you have to 00:37:57.170 --> 00:38:03.670 look at network traffic of things that other teams are sending over the network to your 00:38:03.670 --> 00:38:05.280 machine. 00:38:05.280 --> 00:38:12.740 One of the things we saw was some clear version of a backdoor. 00:38:12.740 --> 00:38:17.990 Sometimes after a team exploits [00:40:00] a challenge, they’ll put in, in addition 00:38:17.990 --> 00:38:23.090 to their exploit which gets them a flag, they’ll put in something that will persist after their 00:38:23.090 --> 00:38:26.710 exploit terminates, and keeps sending the flag back. 00:38:26.710 --> 00:38:29.960 We saw something and it was installing a crontab entry. 00:38:29.960 --> 00:38:35.250 JACK: A crontab entry is a command that’s just set to run at a certain interval. 00:38:35.250 --> 00:38:39.070 Maybe every five minutes it checks to see what’s in a file and then sends the contents 00:38:39.070 --> 00:38:40.520 of that file to that team. 00:38:40.520 --> 00:38:43.730 TYLER: We were like oh, this looks interesting. 00:38:43.730 --> 00:38:47.830 We went to our machine and we did crontab-L or whatever to list our crontab. 00:38:47.830 --> 00:38:50.210 It was like okay, there’s nothing here. 00:38:50.210 --> 00:38:54.280 They didn’t pwn us with this so we’re fine. 00:38:54.280 --> 00:38:59.120 [MUSIC] But as we kept going throughout the day, we realized that we were definitely getting 00:38:59.120 --> 00:39:03.770 exploited on that service and we had no idea how anyone was doing it. 00:39:03.770 --> 00:39:05.570 We kept looking and looking. 00:39:05.570 --> 00:39:08.140 We couldn’t figure it out. 00:39:08.140 --> 00:39:13.140 Eventually what happened was, it turns out they did add a crontab entry but after they 00:39:13.140 --> 00:39:17.981 put in the malicious code for the backdoor, they put in a raw carriage return and then 00:39:17.981 --> 00:39:21.300 they put in No Crontab Entries Found, or something. 00:39:21.300 --> 00:39:28.370 If you cat the file, it’ll read out the – the exploit will get displayed but then 00:39:28.370 --> 00:39:32.240 the carriage return will bring the whole thing back to the beginning of the line, and then 00:39:32.240 --> 00:39:35.830 over the exploit it’ll print No Crontab Entries Found. 00:39:35.830 --> 00:39:40.740 If you just cat the file you don’t see anything, but if you cat the file and pipe it to a hex 00:39:40.740 --> 00:39:44.230 dump, then you’ll see there’s a whole bunch of other hidden stuff inside of there. 00:39:44.230 --> 00:39:46.350 JACK: You see how crazy this is getting? 00:39:46.350 --> 00:39:50.860 You’re in a room with some of the best hackers in the world attacking your systems like crazy, 00:39:50.860 --> 00:39:53.840 and they’re doing everything they can to hide the fact that they’re hacking into 00:39:53.840 --> 00:39:54.840 your box. 00:39:54.840 --> 00:39:58.600 There’s a feeling you get when you find out hackers are in your computer. 00:39:58.600 --> 00:40:00.350 It’s crazy stressful and intense. 00:40:00.350 --> 00:40:04.781 The blood rushes from your face when you find out someone else is in your computer, even 00:40:04.781 --> 00:40:06.270 if it is just a competition. 00:40:06.270 --> 00:40:10.210 Tyler was kind of upset that this team was sneaking backdoors into their server, so he 00:40:10.210 --> 00:40:12.300 wanted to do some sort of payback. 00:40:12.300 --> 00:40:15.520 They watched the network traffic for that team and saw that whenever they would grab 00:40:15.520 --> 00:40:20.460 a flag, they had a server open and ready for listening for incoming flags. 00:40:20.460 --> 00:40:21.650 Tyler had a plan. 00:40:21.650 --> 00:40:28.560 TYLER: We started sending zip files, so basically compress a gigabyte of null bytes, which will 00:40:28.560 --> 00:40:33.540 compress down to like, a few kilobytes of compressed data because it compresses very 00:40:33.540 --> 00:40:34.540 well. 00:40:34.540 --> 00:40:37.930 Then we’d send that to their server that was listening for flags. 00:40:37.930 --> 00:40:42.630 Then on their end, they’re gonna decompress this gigabytes and gigabytes of stuff and 00:40:42.630 --> 00:40:44.880 try to submit it as a flag. 00:40:44.880 --> 00:40:51.580 It actually started bringing down their internal infrastructure for getting these flags and 00:40:51.580 --> 00:40:54.290 sending them off to the server. 00:40:54.290 --> 00:40:58.400 Not quite perfect payback but it was still pretty funny. 00:40:58.400 --> 00:41:00.540 JACK: Now there’s some sabotage going on. 00:41:00.540 --> 00:41:01.540 I love it. 00:41:01.540 --> 00:41:05.530 The other team thought they had captured a flag and spent a bunch of time trying to unzip 00:41:05.530 --> 00:41:09.270 this file but it was just a large junk file that Tyler sent them. 00:41:09.270 --> 00:41:12.930 It just wasted their time and ended up bogging down their systems. 00:41:12.930 --> 00:41:13.930 Brilliant. 00:41:13.930 --> 00:41:17.150 This gives you a little idea of what’s going on in the Defcon CTF. 00:41:17.150 --> 00:41:21.791 TYLER: Yeah, it’s like every second there’s something new going on where someone’s like 00:41:21.791 --> 00:41:24.450 wait, which version of the binary did we do? 00:41:24.450 --> 00:41:25.670 Did we patch this one? 00:41:25.670 --> 00:41:27.630 What is this network traffic? 00:41:27.630 --> 00:41:29.589 This looks like an exploit. 00:41:29.589 --> 00:41:31.800 The whole competition goes like this. 00:41:31.800 --> 00:41:35.260 It goes on as a three-day competition. 00:41:35.260 --> 00:41:40.490 By the end of it we’re exhausted and the score board’s open the whole time so we 00:41:40.490 --> 00:41:41.490 can see that. 00:41:41.490 --> 00:41:44.870 I don’t know what we got our first year, like seventh place or something. 00:41:44.870 --> 00:41:47.080 Kind of no hope pretty early on. 00:41:47.080 --> 00:41:51.630 It was pretty clear that we were getting screwed in that event. 00:41:51.630 --> 00:41:52.640 JACK: Bummer. 00:41:52.640 --> 00:41:53.640 Seventh place? 00:41:53.640 --> 00:41:54.760 That means nothing. 00:41:54.760 --> 00:41:56.570 There are only prizes for first place. 00:41:56.570 --> 00:42:00.400 How many more CTFs and practicing does this team need to do to win this thing? 00:42:00.400 --> 00:42:05.170 But I guess they’re just college kids after all and still have a lot to learn. 00:42:05.170 --> 00:42:07.090 Back home to Carnegie Mellon they went. 00:42:07.090 --> 00:42:11.500 [MUSIC] A new school season started up which means more people joining PPP, and again they 00:42:11.500 --> 00:42:13.760 make their rounds to all the CTFs for the year. 00:42:13.760 --> 00:42:17.350 They go compete in all the ones they can, pretty much every weekend again, dedicating 00:42:17.350 --> 00:42:19.040 another year to CTFs. 00:42:19.040 --> 00:42:23.140 But this time they focus on things that will help them prepare for Defcon. 00:42:23.140 --> 00:42:26.120 The year goes by, and the Defcon qualification comes up again. 00:42:26.120 --> 00:42:27.780 PPP tries and qualifies. 00:42:27.780 --> 00:42:31.600 They fly out to Vegas again to compete, but they didn’t do so great. 00:42:31.600 --> 00:42:33.340 They got something like fifth place that year. 00:42:33.340 --> 00:42:35.370 So, they have to wait another year. 00:42:35.370 --> 00:42:39.880 Back to doing another twenty CTFs in the year, back to Korea to compete, back to California, 00:42:39.880 --> 00:42:43.120 back to New York, and then back to Pittsburg to practice. 00:42:43.120 --> 00:42:47.540 Then Defcon comes up again, PPP qualifies, and they head out to Vegas for the competition. 00:42:47.540 --> 00:42:54.440 TYLER: This year some combination of being more relaxed about the competition or the 00:42:54.440 --> 00:42:59.910 organization running more smoothly, or whatever, we were doing super well. 00:42:59.910 --> 00:43:04.850 I think at the end of the first day we were already in first place. 00:43:04.850 --> 00:43:07.000 The end of the second day we were already in first place. 00:43:07.000 --> 00:43:11.220 We’re still in first place when we came to our lead. 00:43:11.220 --> 00:43:15.570 We’re like oh man, we’re finally [00:45:00] gonna win Defcon. 00:43:15.570 --> 00:43:16.570 This is great. 00:43:16.570 --> 00:43:18.540 We’ve been working on this for so long. 00:43:18.540 --> 00:43:23.100 We’re up at night, we’re like okay guys, we’ve just gotta keep doing what we’re 00:43:23.100 --> 00:43:24.100 doing. 00:43:24.100 --> 00:43:25.100 Don’t screw anything up. 00:43:25.100 --> 00:43:27.980 We totally got this in the bag. 00:43:27.980 --> 00:43:29.790 The last day, we go in. 00:43:29.790 --> 00:43:37.570 We’re running through stuff, and just before the end of the competition, it was either 00:43:37.570 --> 00:43:43.150 an hour before or thirty minutes before or something, the team that was in second place 00:43:43.150 --> 00:43:48.180 manages to solve some weird challenge that we didn’t even look at because we only had 00:43:48.180 --> 00:43:49.180 eight people. 00:43:49.180 --> 00:43:53.470 They managed to solve that challenge and they shot up past us and they won the competition. 00:43:53.470 --> 00:43:55.920 We got second. 00:43:55.920 --> 00:44:03.220 Then we were talking to them afterwards and we learned that their – you know, they had 00:44:03.220 --> 00:44:08.580 a lot of good people on their team and everything but their team was actually a group of eighty 00:44:08.580 --> 00:44:09.580 people. 00:44:09.580 --> 00:44:14.440 Literally eight times more people than we had, and they beat us, but they only beat 00:44:14.440 --> 00:44:15.440 us barely. 00:44:15.440 --> 00:44:19.240 JACK: There was no limit on the size of your team that year, but PPP had a taste of blood 00:44:19.240 --> 00:44:20.240 in their mouths. 00:44:20.240 --> 00:44:21.670 They were so close to winning. 00:44:21.670 --> 00:44:25.261 They knew if they practiced a little more and they come back again, they have a really 00:44:25.261 --> 00:44:27.780 good shot at winning this. 00:44:27.780 --> 00:44:31.800 Another year of hardcore practicing; more analyzing of binaries, more practicing of 00:44:31.800 --> 00:44:34.870 machine code, more learning cryptography, more reverse-engineering. 00:44:34.870 --> 00:44:40.330 TYLER: One of the other people on our team, Ricky Zhou, he went to high school with George 00:44:40.330 --> 00:44:41.330 Hotz. 00:44:41.330 --> 00:44:43.880 They both went to high school in New Jersey together. 00:44:43.880 --> 00:44:46.830 They actually kind of knew each other. 00:44:46.830 --> 00:44:53.820 George ended up at Carnegie Mellon for a little while trying to study stuff so we were like 00:44:53.820 --> 00:44:56.890 – we quickly were like okay, you need to play CTFs with us. 00:44:56.890 --> 00:44:58.020 Trust me, you’ll love it. 00:44:58.020 --> 00:44:59.300 It’ll be lots of fun. 00:44:59.300 --> 00:45:00.810 JACK: Whoa, George Hots? 00:45:00.810 --> 00:45:02.840 You remember this guy, Geohot? 00:45:02.840 --> 00:45:05.420 At seventeen years old, George unlocked his iPhone. 00:45:05.420 --> 00:45:08.530 When you buy an iPhone, it’s set to a specific carrier. 00:45:08.530 --> 00:45:11.920 Yeah, well George jailbroke it so he could use any carrier he wanted. 00:45:11.920 --> 00:45:15.800 You might be thinking big deal, I’ve jailbreaked my iPhone, too. 00:45:15.800 --> 00:45:20.330 Yeah, but George was the first person ever to do it, ever. 00:45:20.330 --> 00:45:23.500 Well, the first person to publically admit to doing it. 00:45:23.500 --> 00:45:24.850 That made huge news. 00:45:24.850 --> 00:45:29.260 Then, a few years later, George reverse-engineered the PlayStation 3 and was able to read and 00:45:29.260 --> 00:45:31.030 write memory within it. 00:45:31.030 --> 00:45:32.300 This was a monumental feat. 00:45:32.300 --> 00:45:34.420 Those things were locked down really tight. 00:45:34.420 --> 00:45:39.720 Again, this made news, so much news that Sony actually sued him for doing it which created 00:45:39.720 --> 00:45:41.780 a huge backlash against Sony. 00:45:41.780 --> 00:45:47.290 Now this famous hacker was there at Carnegie Mellon and the PPP really wanted him on the 00:45:47.290 --> 00:45:49.290 team. George joined. 00:45:49.290 --> 00:45:51.790 TYLER: [MUSIC] He’s just a really fun and hilarious guy. 00:45:51.790 --> 00:45:58.530 As soon as he shows up to our team meetings, it’s really exciting ‘cause he totally 00:45:58.530 --> 00:46:00.540 goes all-in for the CTFs. 00:46:00.540 --> 00:46:07.510 Like most of the people that do well at CTFs, part of it is just being able to sit and concentrate 00:46:07.510 --> 00:46:12.830 on a really difficult problem and do that for extended periods of time. 00:46:12.830 --> 00:46:15.650 He’s just very good at doing that. 00:46:15.650 --> 00:46:21.240 We’d have some problems where – I think we had some problem that was some really hard 00:46:21.240 --> 00:46:25.910 crypto problem that I think during the competition, no team solved. 00:46:25.910 --> 00:46:30.080 This was just some random competition we were playing in the year. 00:46:30.080 --> 00:46:33.650 That was the problem that he was working on at the end of the event and he was like, you 00:46:33.650 --> 00:46:35.700 know what? Screw this. 00:46:35.700 --> 00:46:39.230 I’m gonna go back to my room, I’m gonna lock the door, and I’m gonna keep working 00:46:39.230 --> 00:46:43.190 on this problem until I solve it. 00:46:43.190 --> 00:46:46.080 That was kind of his attitude for a lot of these things. 00:46:46.080 --> 00:46:48.820 JACK: Okay, so this was a great boost for PPP. 00:46:48.820 --> 00:46:52.730 Now, with a few new teammates, more practice under their belts, they headed back to Defcon 00:46:52.730 --> 00:46:55.480 for their fourth attempt at the competition. 00:46:55.480 --> 00:46:58.900 They have their food orders all on a spreadsheet, and two helpers just running around getting 00:46:58.900 --> 00:47:03.020 them the things they need so they can focus more on just hacking as much as possible. 00:47:03.020 --> 00:47:06.180 They made sure to get a hotel room at the conference so that they didn’t have to spend 00:47:06.180 --> 00:47:09.570 any time driving around, and they even got rooms as close together as possible. 00:47:09.570 --> 00:47:13.940 TYLER: We tried to get a suite to have all of our teams so they can work in a single 00:47:13.940 --> 00:47:19.040 place instead of having to work across a few different hotel rooms or sitting on a bed 00:47:19.040 --> 00:47:20.500 in someone’s hotel room. 00:47:20.500 --> 00:47:25.700 JACK: Tyler, now the captain of PPP, and the team is feeling better than ever to compete. 00:47:25.700 --> 00:47:29.610 What they also liked that year was the team size limit was set to eight people. 00:47:29.610 --> 00:47:31.020 They think this was to their advantage. 00:47:31.020 --> 00:47:35.610 The team is prepared to spend as many waking hours as possible throughout the entire Defcon 00:47:35.610 --> 00:47:37.820 weekend to attempt to win this contest. 00:47:37.820 --> 00:47:40.750 It takes a toll on their body each time they go through it. 00:47:40.750 --> 00:47:48.650 TYLER: Most people know that if we’re going there, they’re prepared to lose a lot of 00:47:48.650 --> 00:47:51.620 sleep and drink a lot of caffeine and all that. 00:47:51.620 --> 00:47:53.230 JACK: They begin the competition. 00:47:53.230 --> 00:47:57.650 They see a lot of the same teams and faces that they’ve known before; some Korean teams, 00:47:57.650 --> 00:47:58.650 some American. 00:47:58.650 --> 00:48:01.730 These are the top teams they were expecting to see, and at this point they’re starting 00:48:01.730 --> 00:48:04.240 to understand their attack style and defend style a little more. 00:48:04.240 --> 00:48:07.200 Tyler thinks some of the other teams might even be sleeping in shifts so there’s always 00:48:07.200 --> 00:48:09.460 a group hacking while another group is sleeping. 00:48:09.460 --> 00:48:12.730 You never know what kind of operating system the organizers will have you hacking on. 00:48:12.730 --> 00:48:15.460 It could be Windows, [00:50:00] it could be Linux, it could be Unix. 00:48:15.460 --> 00:48:19.400 But when the contest started, all the servers were using ARM. 00:48:19.400 --> 00:48:22.700 My computer and your computer, it runs using X86 architecture. 00:48:22.700 --> 00:48:26.460 That’s just what desktop computers use in their processing. 00:48:26.460 --> 00:48:29.990 But ARM is what cell phones use, or microcontrollers. 00:48:29.990 --> 00:48:31.340 It’s just a bit weird. 00:48:31.340 --> 00:48:35.810 It meant they were on computers that they hadn’t really written many exploits for 00:48:35.810 --> 00:48:37.070 or understood really well. 00:48:37.070 --> 00:48:39.540 But Tyler thought this might be to their advantage. 00:48:39.540 --> 00:48:45.750 TYLER: One of the things that our team usually tends to be good at is obscure weird things. 00:48:45.750 --> 00:48:52.740 If it’s ARM or MIPS, or just weird architectures that people don’t see every day, that tends 00:48:52.740 --> 00:48:55.750 to benefit our team more than others. 00:48:55.750 --> 00:49:04.920 We went into it and right away, on the first day, right out of the boat, we started winning. 00:49:04.920 --> 00:49:09.510 We shot up immediately and we were like okay, this is a good start. 00:49:09.510 --> 00:49:12.030 JACK: PPP is looking good on Day One. 00:49:12.030 --> 00:49:16.150 There are a lot of game mechanics you have to think through the whole time. 00:49:16.150 --> 00:49:20.310 The contest shuts down at night and the conference room doors close so you can’t hack other 00:49:20.310 --> 00:49:21.310 people at night. 00:49:21.310 --> 00:49:25.780 What the teams do is they take these puzzles upstairs into the suites and try to find exploits 00:49:25.780 --> 00:49:28.620 all night long offline, basically. 00:49:28.620 --> 00:49:32.290 What if you find an exploit right before the room is going to close? 00:49:32.290 --> 00:49:35.360 TYLER: Should we save this for tomorrow or should we throw it now? 00:49:35.360 --> 00:49:38.720 ‘Cause if we start attacking people with it now, they’ll have more time to analyze 00:49:38.720 --> 00:49:45.150 the network traffic overnight, but also if we wait tomorrow, maybe other teams will find 00:49:45.150 --> 00:49:46.910 the same bug overnight. 00:49:46.910 --> 00:49:50.820 There’s all these kind of weird game theoretic questions. 00:49:50.820 --> 00:49:53.380 JACK: There’s lots of strategy that has to go on. 00:49:53.380 --> 00:49:58.080 TYLER: I’ve heard from a lot of people that some teams don’t like to throw exploits 00:49:58.080 --> 00:50:04.120 at us because they’re worried that we’ll find the exploit and turn it around and throw 00:50:04.120 --> 00:50:06.140 it back at them real fast. 00:50:06.140 --> 00:50:12.450 Similarly, we usually don’t throw exploits against the top teams until we’ve thrown 00:50:12.450 --> 00:50:18.770 it against the teams we think are weaker for maybe thirty minutes, and then we’ll start 00:50:18.770 --> 00:50:20.180 to throw it against everyone. 00:50:20.180 --> 00:50:21.710 JACK: Day Two now begins. 00:50:21.710 --> 00:50:25.060 They have a few hours of sleep and are ready for the caffeine to carry them through the 00:50:25.060 --> 00:50:26.060 day. 00:50:26.060 --> 00:50:30.260 I’ve talked to a bunch of organizers and players of this Defcon CTF and let me tell 00:50:30.260 --> 00:50:32.850 you, there’s so much craziness that goes on during these things. 00:50:32.850 --> 00:50:33.850 It’s bonkers. 00:50:33.850 --> 00:50:38.120 For instance, one year, one person from a team hid under the desk of another team to 00:50:38.120 --> 00:50:41.440 listen in on the chatter and the exploits they found. 00:50:41.440 --> 00:50:45.600 Another story I heard was that one team snuck an Ethernet cable into another team’s router 00:50:45.600 --> 00:50:48.990 so that they could be on the same network and try to hack into things that way. 00:50:48.990 --> 00:50:53.190 The stories are endless and all the shenanigans that go on during the competition. 00:50:53.190 --> 00:50:55.170 Most of this kind of hacking is allowed. 00:50:55.170 --> 00:50:57.760 Really the only thing you can’t hack are the organizers. 00:50:57.760 --> 00:50:59.380 Day Two completes. 00:50:59.380 --> 00:51:03.420 The score board shows that PPP is still in the lead but now the scores are hidden so 00:51:03.420 --> 00:51:05.150 they don’t know how much of a lead they have. 00:51:05.150 --> 00:51:10.000 On Day Three, the scoreboard is completely hidden so nobody knows who’s in the lead. 00:51:10.000 --> 00:51:13.040 The contest ends on Sunday and the scores are tallied. 00:51:13.040 --> 00:51:16.190 The team goes to the award ceremony where the winners will be announced. 00:51:16.190 --> 00:51:21.560 TYLER: [BACKGROUND TALK] We just sit down and they go through all the competitions and 00:51:21.560 --> 00:51:26.640 we’re mostly just exhausted and nodding off to sleep during the whole ceremony ‘cause 00:51:26.640 --> 00:51:28.190 we haven’t really slept in a few days. 00:51:28.190 --> 00:51:30.240 GUY: Alright. Hi. 00:51:30.240 --> 00:51:32.820 I’m Guy from Legitimate Business Syndicate. 00:51:32.820 --> 00:51:34.370 First place will receive eight black badges. 00:51:34.370 --> 00:51:35.370 In third place we have Rayon ASRT. 00:51:35.370 --> 00:51:36.370 [APPLAUSE] In second place we have The Men in Black Hats. 00:51:36.370 --> 00:51:45.310 [APPLAUSE] And in first place we have PPP, the Plaid Parliament of Pwning. 00:51:45.310 --> 00:51:46.690 [APPLAUSE] 00:51:46.690 --> 00:51:55.020 TYLER: We were expecting it because we worked pretty hard, we were doing well, but it was 00:51:55.020 --> 00:52:01.830 just a ridiculous feeling after working for so many years. 00:52:01.830 --> 00:52:08.810 This is year four of doing CTFs and year three or something of doing Defcon. 00:52:08.810 --> 00:52:13.569 We had put in so much time and energy into working at this competition that it was like 00:52:13.569 --> 00:52:18.660 – a relief isn’t quite the right word, but it’s a mixture of relief and excitement 00:52:18.660 --> 00:52:19.660 and happiness. 00:52:19.660 --> 00:52:22.270 JACK: They went onstage to receive their awards. 00:52:22.270 --> 00:52:25.310 All eight of them got their own black badge. 00:52:25.310 --> 00:52:26.610 Even Geohot got one. 00:52:26.610 --> 00:52:33.880 TYLER: After a few hours we’re just sitting around and looking at each other and nodding 00:52:33.880 --> 00:52:38.670 at each other like yeah, I guess we finally did it. 00:52:38.670 --> 00:52:44.730 Shit, we finally made it and finished first in the competition. 00:52:44.730 --> 00:52:51.890 JACK: In my mind, this means that you threw your hat in and said we want to prove that 00:52:51.890 --> 00:52:54.750 we’re the best hackers in the world. 00:52:54.750 --> 00:52:58.920 Anyone who wants to challenge us can come here and challenge us and you proved it. 00:52:58.920 --> 00:53:00.460 Do you feel that way? 00:53:00.460 --> 00:53:01.970 TYLER: Yeah, yeah. 00:53:01.970 --> 00:53:11.400 I think one of the cool things for us was also – most of the teams that were playing 00:53:11.400 --> 00:53:17.360 and that had won previously were [00:55:00] these big groups of professionals, people 00:53:17.360 --> 00:53:29.550 who work doing IT security or working as defense contractors doing security, or the real honest-to-God 00:53:29.550 --> 00:53:31.370 people who do this for a living. 00:53:31.370 --> 00:53:35.970 We came in as basically a group of kids. 00:53:35.970 --> 00:53:40.600 We just kept working our butts off until we could get there. 00:53:40.600 --> 00:53:48.130 Then to have this real win, there’s no way anyone can question it when you win Defcon 00:53:48.130 --> 00:53:49.130 CTF. 00:53:49.130 --> 00:53:54.660 It’s like well, if you beat everyone else there and you’re beating everyone else at 00:53:54.660 --> 00:53:58.570 all the other CTFs, you are just the best team. 00:53:58.570 --> 00:54:06.530 JACK: When I go in there and I look around, I don’t know why I don’t see NSA hackers 00:54:06.530 --> 00:54:11.330 or some serious black hat hackers that are just like look, we’re gonna totally smoke 00:54:11.330 --> 00:54:12.330 these guys. 00:54:12.330 --> 00:54:14.830 They’ve got no chance in hell. 00:54:14.830 --> 00:54:18.110 How come I don’t see those competitors? 00:54:18.110 --> 00:54:25.180 TYLER: I can guarantee you that they are there, having talked to some of them. 00:54:25.180 --> 00:54:29.290 There are definitely people from those groups who are there. 00:54:29.290 --> 00:54:33.250 Sometimes they like to stay up in the hotel rooms rather than be downstairs where people 00:54:33.250 --> 00:54:34.700 are taking pictures and stuff. 00:54:34.700 --> 00:54:39.620 You know, it’s not like the whole might of the NSA is up against you or something 00:54:39.620 --> 00:54:41.710 ‘cause that’s a little different. 00:54:41.710 --> 00:54:52.040 But it is absolutely people who work for governments are there, and there are people who do black 00:54:52.040 --> 00:54:56.260 hat hacking for a living who are there. 00:54:56.260 --> 00:55:03.870 It’s probably not the majority of people but it’s not an insignificant proportion 00:55:03.870 --> 00:55:04.870 of it. 00:55:04.870 --> 00:55:06.140 JACK: You see what I mean here? 00:55:06.140 --> 00:55:11.630 Tyler and his PPP team proved they are the best hackers in the world openly, in a fair 00:55:11.630 --> 00:55:13.630 contest, for anyone else to challenge them. 00:55:13.630 --> 00:55:17.930 They beat out people from the NSA, Google, Microsoft, the Koreans, the Russians, you 00:55:17.930 --> 00:55:19.150 name it. 00:55:19.150 --> 00:55:23.070 Not only did they beat them here at Defcon, but they beat them all over the world in hundreds 00:55:23.070 --> 00:55:26.000 of other CTFs they played along the way. 00:55:26.000 --> 00:55:27.630 PPP was number one. 00:55:27.630 --> 00:55:33.960 [MUSIC] But now the team, of course they feel good, but they have these new skills and they’ve 00:55:33.960 --> 00:55:37.520 been doing so many CTFs, they’re like hey, let’s not get rusty here. 00:55:37.520 --> 00:55:38.760 Let’s keep it going. 00:55:38.760 --> 00:55:40.720 We’ve already won in 2013. 00:55:40.720 --> 00:55:43.800 Let’s try again in 2014. 00:55:43.800 --> 00:55:48.770 They go back to Defcon to try to defend their title as the best hacking team in the world. 00:55:48.770 --> 00:55:49.770 TYLER: Yeah, okay. 00:55:49.770 --> 00:55:53.380 So, we won 2013, 2014. 00:55:53.380 --> 00:55:54.380 We lost 2015. 00:55:54.380 --> 00:55:56.000 We were hoping to get three in a row. 00:55:56.000 --> 00:55:58.430 JACK: Bummer, they couldn’t get three in a row. 00:55:58.430 --> 00:56:00.210 But they decided to try again. 00:56:00.210 --> 00:56:04.580 They go back again in 2016 and win the Defcon CTF then. 00:56:04.580 --> 00:56:08.800 They go back again in 2017 and win first place again that year. 00:56:08.800 --> 00:56:12.940 They really, really wanted to win three in a row but they ended up getting second place 00:56:12.940 --> 00:56:15.270 last year in 2018. 00:56:15.270 --> 00:56:19.680 At this point PPP has won the Defcon CTF four times. 00:56:19.680 --> 00:56:22.670 That’s four black badges for Tyler. 00:56:22.670 --> 00:56:26.800 That is the current record for anyone or any team for number of black badges from Defcon. 00:56:26.800 --> 00:56:30.600 PPP is the only one with four wins. 00:56:30.600 --> 00:56:35.570 Tyler and PPP will be competing this year again at Defcon 27 to try to prove once again 00:56:35.570 --> 00:56:37.410 their team is the best. 00:56:37.410 --> 00:56:40.470 Then they plan to go on to try to win three in a row from there. 00:56:40.470 --> 00:56:44.220 They’ve already made a legacy but now they’re trying to become legends. 00:56:44.220 --> 00:56:47.230 But their story just boggles my mind in so many ways. 00:56:47.230 --> 00:56:51.130 Tyler’s been to Defcon nine years in a row now and the only thing he’s experienced 00:56:51.130 --> 00:56:52.590 there ever is CTFs. 00:56:52.590 --> 00:56:57.200 He’s never seen a single talk or wandered through the villages or did any workshop or 00:56:57.200 --> 00:56:58.940 even go to any parties during Defcon. 00:56:58.940 --> 00:57:04.370 TYLER: The one kind of exception was not this year or the year before, but the year before 00:57:04.370 --> 00:57:09.770 that, me and a couple of other people from our team were participants in the DARPA Cyber 00:57:09.770 --> 00:57:16.870 Grand Challenge which was the big machine CTF thing that DARPA ran. 00:57:16.870 --> 00:57:21.930 A couple of us participated in that with a company and we won first place in that, and 00:57:21.930 --> 00:57:25.020 then moved on to the CTF and got first place in that as well. 00:57:25.020 --> 00:57:29.680 JACK: I should point out, the people who participate in these CTFs get a ton of job offers and 00:57:29.680 --> 00:57:32.140 of course, the winners also get even more job offers. 00:57:32.140 --> 00:57:35.100 I mean, who wouldn’t want to hire the best hackers in the world? 00:57:35.100 --> 00:57:37.950 Or even the hackers who came in the Top 10? 00:57:37.950 --> 00:57:42.100 This has been an amazingly great thing for all the members of the PPP’s career. 00:57:42.100 --> 00:57:45.600 Winning a Defcon black badge is just solid gold to have on their resume. 00:57:45.600 --> 00:57:50.390 I even saw the NSA one year at Defcon set up a booth and were actively recruiting people. 00:57:50.390 --> 00:57:55.190 Their booth even said ‘If you’ve won a black badge, please come talk to us.’ 00:57:55.190 --> 00:57:58.390 Another really cool thing that PPP did was they made their own CTF. 00:57:58.390 --> 00:58:02.390 It’s called picoCTF and you can play it anytime in the world. 00:58:02.390 --> 00:58:03.390 It’s on picoctf.org. 00:58:03.390 --> 00:58:05.900 You don’t even need a special computer. 00:58:05.900 --> 00:58:06.900 I’ve played through it. 00:58:06.900 --> 00:58:09.290 It’s great fun and I learned a lot along the way. 00:58:09.290 --> 00:58:13.060 You basically are given a set of little puzzles and you have to try to solve each one. 00:58:13.060 --> 00:58:16.700 It starts you out [01:00:00] with easy challenges and you work your way up to the harder stuff. 00:58:16.700 --> 00:58:21.820 It’s designed for colleges and high schools to get students to learn how to do security 00:58:21.820 --> 00:58:22.820 and hacking. 00:58:22.820 --> 00:58:26.020 Since it’s backed by Carnegie Mellon, it’s played by many schools around the world. 00:58:26.020 --> 00:58:31.180 If you want to get started with hacking, I highly recommend going to picoctf.org and 00:58:31.180 --> 00:58:32.540 start playing around on their CTF. 00:58:32.540 --> 00:58:41.040 TYLER: I guess one other fun fact is that my wife and I actually met on the CTF team 00:58:41.040 --> 00:58:42.770 which is fun, too. 00:58:42.770 --> 00:58:45.380 JACK: She participated on the team? 00:58:45.380 --> 00:58:46.380 TYLER: Yeah. 00:58:46.380 --> 00:58:56.820 She joined the CTF team in 2013 as a Masters student at Carnegie Mellon and we started 00:58:56.820 --> 00:59:01.910 dating and she’s continued to play CTFs with the team. 00:59:01.910 --> 00:59:07.100 Yeah, and then we got married a year ago, so that’s exciting. 00:59:07.100 --> 00:59:08.950 JACK: That is really cool. 00:59:08.950 --> 00:59:09.950 TYLER: Yeah. 00:59:09.950 --> 00:59:17.190 JACK: So, this has changed your life dramatically, being on PPP and competing at Defcon. 00:59:17.190 --> 00:59:19.730 Everything about your life has changed just because of that ride. 00:59:19.730 --> 00:59:20.740 TYLER: Yeah, yeah. 00:59:20.740 --> 00:59:21.760 It’s pretty weird. 00:59:21.760 --> 00:59:24.350 My job is basically due to being in CTFs. 00:59:24.350 --> 00:59:29.600 I work at a security company that has – I’d have to sit down and count, but like, several 00:59:29.600 --> 00:59:32.980 other people from PPP are also part of that company. 00:59:32.980 --> 00:59:40.890 My wife I met from PPP, and yeah, it’s kind of inundated with reminders of CTFs. 00:59:40.890 --> 00:59:48.260 JACK (OUTRO): [OUTRO MUSIC] You’ve been listening to Darknet Diaries. 00:59:48.260 --> 00:59:50.130 Thanks Tyler, for telling us your story. 00:59:50.130 --> 00:59:51.540 Good luck at Defcon this year. 00:59:51.540 --> 00:59:55.430 I’m going to Defcon this year too, and hey, if you’re listening and going too, let’s 00:59:55.430 --> 00:59:56.430 meet up. 00:59:56.430 --> 00:59:57.780 I’ve got a number of meetups going on there. 00:59:57.780 --> 01:00:01.680 Here’s where I’ll be; Thursday, August 8th during the day, I’ll be poolside at 01:00:01.680 --> 01:00:04.640 Mandalay Bay, hanging out with my friends from CMD. 01:00:04.640 --> 01:00:08.070 CMD is inviting you to come hang out with us too, but there are a limited amount of 01:00:08.070 --> 01:00:12.480 people I can get in, so sign up at darknetdiaries.com if you want to come hang out with me there. 01:00:12.480 --> 01:00:17.130 Then again on Thursday night, you can find me at The Linq at the 3535 bar. 01:00:17.130 --> 01:00:19.030 Come on over and we’ll hang out there and get drinks. 01:00:19.030 --> 01:00:21.980 Nothing else is going on Thursday anyway, so let’s do this. 01:00:21.980 --> 01:00:25.210 Then Friday night, I’ll be partying with the folks from Tourcon up in the Chandelier 01:00:25.210 --> 01:00:28.250 Room in The Cosmopolitan from 8:00 p.m. to 11:00. 01:00:28.250 --> 01:00:29.700 You’re all invited to come, too. 01:00:29.700 --> 01:00:30.700 Let’s have drinks there. 01:00:30.700 --> 01:00:34.540 My schedule is going to be posted on darknetdiaries.com so don’t go blowing up my texts trying to 01:00:34.540 --> 01:00:35.540 find where I am. 01:00:35.540 --> 01:00:37.460 Just look for my whereabouts there and you’ll find me. 01:00:37.460 --> 01:00:41.060 This episode is created by me, the benjitsu white belt, Jack Rhysider. 01:00:41.060 --> 01:00:44.510 Theme music is made by the ba-da-ba-ba-ba Breakmaster Cylinder.