WEBVTT

00:00:01.330 --> 00:00:08.260
JACK: Using a computer to gain unauthorized access to data, otherwise known as a hack;

00:00:08.260 --> 00:00:13.150
some people do it for greed. Some do it for knowledge. Some do it because they’re just

00:00:13.150 --> 00:00:17.590
plain bored and they can. Then there are those people who do it because they’re pissed off,

00:00:17.590 --> 00:00:20.440
really pissed off and they want things to change.

00:00:20.440 --> 00:00:24.730
EIJAH: Sometimes it falls on us to just decide we’re going to change the world,

00:00:24.730 --> 00:00:27.760
or just decide that we’re going to take a stand, just decide that we’re fed up.

00:00:27.760 --> 00:00:33.820
JACK: Sometimes those fed up people do something so daring it propels them into a whole new world.

00:00:33.820 --> 00:00:40.510
EIJAH: I was approached by a secret group of hackers. I know this sounds like,

00:00:40.510 --> 00:00:43.570
Hollywood-crazy, I know this sounds like Mr. Robot but it’s true.

00:00:43.570 --> 00:00:47.950
JACK: But this isn’t Hollywood. This is real life where happy endings don’t come easy,

00:00:47.950 --> 00:00:50.290
especially deep in the heart of the web.

00:00:50.290 --> 00:00:53.990
EIJAH: [INTRO MUSIC] My hacker name is Eijah.

00:00:53.990 --> 00:00:58.070
Welcome to a true story from the dark side of the internet.

00:00:58.070 --> 00:01:05.924
JACK (INTRO): My name is Jack Rhysider. This is Darknet Diaries. [INTRO MUSIC ENDS]

00:01:05.924 --> 00:01:23.210
JACK: Eijah is a smart guy. In fact, his whole family is smart.

00:01:23.210 --> 00:01:28.280
EIJAH: My father’s an electrical engineer. My entire family has at minimum, Masters Degrees.

00:01:28.280 --> 00:01:34.580
My mother, my sister, and her husband have PhDs, I have a Masters. For some reason my

00:01:34.580 --> 00:01:39.770
entire family loves universities. I don’t know why, but we all have multiple degrees.

00:01:39.770 --> 00:01:43.760
JACK: Eijah got his Master’s Degree and worked his way up. He was on a

00:01:43.760 --> 00:01:48.260
good path. By 2007 he was sitting pretty in a sweet job at a Fortune 500 company.

00:01:48.260 --> 00:01:54.560
EIJAH: My job at that time which was a pretty big job, I was in charge of American Express’

00:01:54.560 --> 00:02:02.780
security portfolio. I did all the strategy and all the internal documentation for application

00:02:02.780 --> 00:02:06.980
security vulnerability analysis, prevention of hacks, stuff like that,

00:02:06.980 --> 00:02:11.930
but even more importantly building out their internet and intranet security systems.

00:02:11.930 --> 00:02:16.730
We’re talking identity management, access management and control, things like that.

00:02:16.730 --> 00:02:20.060
JACK: For someone like Eijah this job wasn’t that fulfilling. Tasks

00:02:20.060 --> 00:02:23.270
were mundane, dry, and not very exciting.

00:02:23.270 --> 00:02:29.660
EIJAH: When I came home at night – you can imagine I hated my job because it was boring as hell.

00:02:29.660 --> 00:02:37.130
Nothing against American Express; they treated me like any numbered employee, fine. It was boring,

00:02:37.130 --> 00:02:43.205
it was really boring. I stayed up late and I was trying to find something to do. [MUSIC]

00:02:43.205 --> 00:02:48.560
JACK: At night Eijah would tinker with various electronics and do different coding projects.

00:02:48.560 --> 00:02:54.530
EIJAH: I had an Xbox 360 which, by the way, was a great gaming console. Somebody told me

00:02:54.530 --> 00:03:01.340
about this little-known peripheral called the Xbox HD DVD Drive. I got curious and

00:03:01.340 --> 00:03:10.680
decided to buy one. I spent $300 and I plugged it in and I could watch my video on – through

00:03:10.680 --> 00:03:15.750
my Xbox 360. I think it came with King Kong which was a terrible movie but nonetheless,

00:03:15.750 --> 00:03:24.060
it worked. [KING KONG GROWLING] Then I was reading on FlashDot and some of the forums

00:03:24.060 --> 00:03:33.180
that Toshiba drivers were available for Windows. You could plug your HD DVD drive for your 360 into

00:03:33.180 --> 00:03:39.210
your computer ‘cause it had a USB interface and you could watch videos on your computer.

00:03:39.210 --> 00:03:44.310
I thought this was great because who wouldn’t want to watch high-def videos while you’re working at

00:03:44.310 --> 00:03:49.140
home on your computer, especially as a geek? That just sounds really cool. I plugged it in,

00:03:49.140 --> 00:03:58.020
downloaded the free drivers [00:05:00] from Toshiba, plugged in a disc, started

00:03:58.020 --> 00:04:05.790
an HD DVD media player, and proceeded to play my legally purchased content,

00:04:05.790 --> 00:04:15.630
HD DVD movies, and guess what happened. All of a sudden the software decided that I was

00:04:15.630 --> 00:04:26.520
a bad person and it punished me. [MUSIC] It downresed from 1080p down to 480p.

00:04:26.520 --> 00:04:35.910
Because my monitor was too old to support the newest HDCP handshake between the computer and

00:04:35.910 --> 00:04:45.420
the monitor itself, it assumed I was a pirate and it downresed me even though I’d spent $300 on the

00:04:45.420 --> 00:04:54.240
drive and spent twenty, thirty bucks per movie it punished me and treated me as a criminal.

00:04:54.240 --> 00:05:02.010
At that moment I looked and I said this isn’t fair. I’ve done everything right. I’ve bought

00:05:02.010 --> 00:05:08.730
the drive, I’ve bought the movies. I have a licensed copy of Windows. Everything is legit

00:05:08.730 --> 00:05:16.050
and yet I am being treated like a criminal and at that moment – here’s what happens with me;

00:05:16.050 --> 00:05:29.490
I started to rage a bit. [KING KONG ROARS] The paranoia of groups like Toshiba and Microsoft

00:05:29.490 --> 00:05:38.460
and the AACS LA and these groups that try to enforce DRM upon the masses, they do all this

00:05:38.460 --> 00:05:45.090
out of fear. They’re so afraid they’re going to lose money and what they don’t realize is there’s

00:05:45.090 --> 00:05:53.580
a greater fear that they should have and that is pissing off smart people. To piss off a small

00:05:53.580 --> 00:06:00.300
group of minority, very intelligent hackers, is the worst thing you can do as a company.

00:06:00.300 --> 00:06:08.040
I decided in that moment that this was basically bullshit, that I was not going to downres my 1080p

00:06:08.040 --> 00:06:13.110
video to 480p and not going to sit there and take it. I was going to do something about it.

00:06:13.110 --> 00:06:16.530
JACK: You might think this sounds dramatic but pretty much all of

00:06:16.530 --> 00:06:20.220
us have felt frustrated with the stuff we’ve bought before and we’ve all been

00:06:20.220 --> 00:06:26.340
wronged by a corporation and felt powerless. Eijah bought an HD DVD player but it would

00:06:26.340 --> 00:06:32.730
only play at normal DVD resolution. There’s nothing HD about it. The product wasn’t doing

00:06:32.730 --> 00:06:36.300
what it promised it could do and all because of some anti-theft protection?

00:06:36.300 --> 00:06:41.770
Or consider this, sometimes when you buy a DVD and try to watch it, you have to sit through

00:06:41.770 --> 00:06:47.710
five minutes of commercials. This infuriates some people so badly that they just pirate the

00:06:47.710 --> 00:06:53.140
movie instead because the pirated copy doesn’t have ads. People want to be treated with respect

00:06:53.140 --> 00:06:58.540
and they want the stuff they bought to work. When companies put protections in place that

00:06:58.540 --> 00:07:03.130
get in our way and keeps us from being able to use the things we bought, it makes us mad.

00:07:03.130 --> 00:07:06.730
EIJAH: That’s why I’m against Digital Rights Management because at the end of

00:07:06.730 --> 00:07:14.500
the day it doesn’t protect illegal use of the content by hackers or malicious

00:07:14.500 --> 00:07:19.780
or nefarious individuals. All it does is upset law-abiding,

00:07:19.780 --> 00:07:26.200
good consumers like me that just want to watch it and just paid for the content to watch it.

00:07:26.200 --> 00:07:32.740
JACK: The frustration Eijah had sat heavy with him. He felt wronged by these companies and felt

00:07:32.740 --> 00:07:39.700
powerless but in an instant he realized he wasn’t powerless. He was a smart guy and thought maybe,

00:07:39.700 --> 00:07:44.890
just maybe, he could circumvent all the security checks and find a way to play the

00:07:44.890 --> 00:07:50.770
movie at full resolution anyways. But there were a few challenges. He had to figure out

00:07:50.770 --> 00:07:57.010
how an HD DVD worked. The problem is DVD and Blu-ray movies encrypt the movies that

00:07:57.010 --> 00:08:00.580
are on there so if you were to copy the movies off the disc onto your computer,

00:08:00.580 --> 00:08:03.640
you wouldn’t be able to read it because the whole thing is encrypted.

00:08:03.640 --> 00:08:09.550
This is put in place to keep people from making copies of the movies and pirating it. The company

00:08:09.550 --> 00:08:13.900
that created the encryption is the Advanced Access Control System Licensing Administrator

00:08:13.900 --> 00:08:20.920
which we’ll just call the AACS LA from now on. The AACS LA has figured out a way to encrypt the movie

00:08:20.920 --> 00:08:28.060
on the HD DVD in a unique way and any company that wants to make a player to play HD DVDs has

00:08:28.060 --> 00:08:33.580
to purchase a license from the AACS LA so they can get the decryption key to play the movie.

00:08:33.580 --> 00:08:36.490
EIJAH: With this key you could decrypt the Blu-ray,

00:08:36.490 --> 00:08:41.770
the entire Blu-ray and you could watch the video without any sort of digital

00:08:41.770 --> 00:08:48.400
rights management which includes the code that would downres the video.

00:08:48.400 --> 00:08:52.340
JACK: Eijah started looking for ways to find this encryption key. [00:10:00]

00:08:52.340 --> 00:09:01.670
EIJAH: [MUSIC ] When I decided that I was going to break Blu-ray encryption to the extent that

00:09:01.670 --> 00:09:07.880
I could at the moment, the first thing I did is I said okay, I’m gonna do it. The second thing is I

00:09:07.880 --> 00:09:15.710
said okay, how am I gonna do it? I know nothing about this. I have to somehow become a quote,

00:09:15.710 --> 00:09:22.790
unquote “expert” or at least a fake expert in this entire space where I have zero experience

00:09:22.790 --> 00:09:30.080
with it. How do I learn what I don’t even know? You do research and you find out okay,

00:09:30.080 --> 00:09:34.250
here’s the site. Here’s the legal entity and then you’ve got to find out which one

00:09:34.250 --> 00:09:38.780
of these PDFs do I need to read? What’s the technical specification of the protocol?

00:09:38.780 --> 00:09:46.970
So you find that PDF out and then you start going through it. It’s boring. It’s boring. If

00:09:46.970 --> 00:09:52.220
you’ve ever read through an academic journal, this was far worse because this was written

00:09:52.220 --> 00:09:59.420
by – it sounded like it was written by lawyers. That’s just how boring and dry it was. Each of

00:09:59.420 --> 00:10:05.930
these pieces of software, pieces of hardware have these built-in virtual machines because AACS uses

00:10:05.930 --> 00:10:11.480
an internal virtual machine to try to protect the memory and try to disguise the transaction

00:10:11.480 --> 00:10:17.300
of the decryption routine. You have to figure out how the virtual machine works and then you

00:10:17.300 --> 00:10:22.220
have to actually figure out the encryption exchange ‘cause there’s a lot of hashing and

00:10:22.220 --> 00:10:29.210
encryption that goes on in order to arrive at the key. Keep in mind there are no device keys

00:10:29.210 --> 00:10:34.910
released at this time so there’s no way to verify that my decryption code works right.

00:10:34.910 --> 00:10:41.840
At this whole time you have no test data that’s real. Everything is an assumption based on a

00:10:41.840 --> 00:10:49.550
whitepaper. All I had was this whitepaper and it was funny because when I was at work

00:10:49.550 --> 00:10:53.930
designing architectures for American Express, I was thinking about this. I’d be sitting there at

00:10:53.930 --> 00:11:00.050
lunch and I’d thinking about different ways that I could exploit the software, different ways that

00:11:00.050 --> 00:11:05.810
I could hook in. I was a Java programmer at that time but I actually ran out of memory with Java.

00:11:05.810 --> 00:11:12.110
The tools that I was writing in Java – I needed to manipulate memory directly which Java doesn’t do

00:11:12.110 --> 00:11:19.520
very well, so I actually switched to a C and C++ utility pipeline just to be able to have

00:11:19.520 --> 00:11:27.080
raw access to the memory to pull this content from the Blu-ray player. That was a lot of fun.

00:11:27.080 --> 00:11:33.800
These utilities I wrote, they would stop and resume the process. Another one would scan memory,

00:11:33.800 --> 00:11:38.720
look for pattern. Another one would output the history. Another one would merge different

00:11:38.720 --> 00:11:47.480
files. Another one would try to inject content and perform key derivation. If you’re curious

00:11:47.480 --> 00:11:53.240
what it’s like to hack, it’s kind of like going into a dark building without any sort

00:11:53.240 --> 00:11:59.930
of light and assuming you’re walking in the right direction but not even sure that you’re

00:11:59.930 --> 00:12:06.830
in the right room let alone the right city block, let alone the right state. You go down a path as

00:12:06.830 --> 00:12:13.820
a hacker and you make a lot of assumptions and most of the times those assumptions are wrong.

00:12:13.820 --> 00:12:19.760
All it takes is one wrong assumption to steer you in a totally different direction but you have to

00:12:19.760 --> 00:12:26.150
have faith in your analysis and you have to have faith in what you believe you’re going to find,

00:12:26.150 --> 00:12:32.780
even if all the evidence is against you. Even then, there’s zero guarantee that you’re ever

00:12:32.780 --> 00:12:38.150
going to find what you think’s there or you’re ever going to be rewarded. Sometimes you go down

00:12:38.150 --> 00:12:43.280
a path and you don’t know where you need to stop. You don’t know if it’s an infinite path

00:12:43.280 --> 00:12:49.970
going in the wrong direction or you don’t know if you’re two steps away from finding the keys.

00:12:49.970 --> 00:12:54.080
JACK: Eijah spent long hours deep into the night trying to crack the encryption keys on

00:12:54.080 --> 00:13:01.400
the HD DVD. The programs he wrote were furiously running through the data looking for the keys. His

00:13:01.400 --> 00:13:06.020
computer screen was scrolling with tons of text as his programs tried to decipher the encryption.

00:13:06.020 --> 00:13:10.280
EIJAH: I’m sitting there, multiple console windows are up. I think it’s early Friday or Saturday

00:13:10.280 --> 00:13:17.070
morning and all this data is going through the screens. It looks like something out of The Matrix

00:13:17.070 --> 00:13:23.250
or something out of an episode of Mr. Robot. Way too many screens up. I’m drinking coffee. I’m

00:13:23.250 --> 00:13:27.210
probably sitting there in my underwear ‘cause I didn’t even take the time to go get dressed

00:13:27.210 --> 00:13:33.570
yet. All these things happen and then bang; no more scrolling output. Everything freezes

00:13:33.570 --> 00:13:41.490
and there’s this key on the screen. I look at it and I’m like okay, I must have screwed up. Okay,

00:13:41.490 --> 00:13:48.060
clearly I’ve screwed up the code. It output a key and so something’s wrong with my code.

00:13:48.060 --> 00:13:54.570
This is after ten days of planning and [00:15:00] reading whitepapers and figuring out how I’m going

00:13:54.570 --> 00:14:00.510
to attack programs and do I need to hook into the kernel? And all this work to get

00:14:00.510 --> 00:14:06.000
up to this one point and I’m a hundred percent confident that I screwed up something in the

00:14:06.000 --> 00:14:14.760
code. At that point I’m like well, crap. Okay, well let me restart the process. So I restart

00:14:14.760 --> 00:14:23.070
the process. Bang. Same execution abort at the same line outputting the same key. I’m

00:14:23.070 --> 00:14:29.040
thinking well, I really screwed something up. Maybe it was the code I added last night. Then

00:14:29.040 --> 00:14:36.540
after the third time that the same value was printed to the screen I finally thought well,

00:14:36.540 --> 00:14:46.050
maybe that’s the key. Could that actually be the key? I thought wait, did I just find it? [MUSIC]

00:14:46.050 --> 00:14:52.700
JACK: Eijah stared at the key that was displayed on the screen.

00:14:52.700 --> 00:14:52.964
COMPUTER: AA856A1B8A…

00:14:52.964 --> 00:15:01.760
JACK: This was the key that would allow someone to decrypt a Blu-ray movie and make a copy of it.

00:15:01.760 --> 00:15:01.874
COMPUTER: …6AEFBE1C04.

00:15:01.874 --> 00:15:08.240
JACK: Eijah didn’t have a good way to test if this key was what he was

00:15:08.240 --> 00:15:11.870
looking for. This made it hard to know whether this was it or not.

00:15:11.870 --> 00:15:15.830
EIJAH: There’s no guarantee that the keys that I found were correct,

00:15:15.830 --> 00:15:23.720
except cryptographically they said they were correct. According to my algorithm I was able

00:15:23.720 --> 00:15:32.600
to derive a key from a series of routines and mathematically it was unlikely that

00:15:32.600 --> 00:15:38.660
that derivation would have happened from random data. You stick to the math, you stick to the

00:15:38.660 --> 00:15:50.870
crypto. Mathematically this was correct. The end result was correct. Then the panic set in.

00:15:50.870 --> 00:15:55.460
For anybody who hasn’t really been in that moment where you’re angry,

00:15:55.460 --> 00:16:02.810
you’ve spent two weeks deciding you’re going to literally fuck over Sony and fuck over AACS,

00:16:02.810 --> 00:16:12.770
and you’re just enraged and you’ve got this mission. Everything you’re doing, it’s obsessive

00:16:12.770 --> 00:16:19.760
at that point. Then you suddenly think oh, wait. I’ve done it. I’ve actually done it.

00:16:19.760 --> 00:16:28.430
I have something in front of me that nobody else in the world has. What do you do with it? That is

00:16:28.430 --> 00:16:35.030
when the panic hits. The heart starts beating and you start assuming that at any moment the

00:16:35.030 --> 00:16:39.695
feds are gonna bust in the door because for some reason the feds care about Blu-ray encryption.

00:16:39.695 --> 00:16:45.050
[MUSIC] I don’t know why, but in that moment it all sounds logical. You start to sweat,

00:16:45.050 --> 00:16:53.270
you start to panic, and you’re like holy shit, what have I done? You’re like oh my god,

00:16:53.270 --> 00:17:01.510
I’m in trouble. They’re going to sue me. They’re going to come after me. Then after about an hour

00:17:01.510 --> 00:17:05.380
of pacing frantically throughout the house thinking about what you’re going to do,

00:17:05.380 --> 00:17:09.580
you then calm down enough and you realize there’s really only two things you can

00:17:09.580 --> 00:17:15.910
do. You can either do nothing or you can release it to the world.

00:17:15.910 --> 00:17:26.170
JACK: Eijah was faced with a difficult decision. He knew that if he posted the keys online it would

00:17:26.170 --> 00:17:31.630
likely damage movie distributors like Sony, which is what he wanted, but he knew this also meant

00:17:31.630 --> 00:17:38.020
they might come after him and try to arrest him. But his fear was overcome with anger. He

00:17:38.020 --> 00:17:43.000
was still angry at that anti-theft DRM that kept him from being able to watch his movie at full

00:17:43.000 --> 00:17:49.300
resolution. He decided to post the encryption key he found on a popular hacker forum called Doom9.

00:17:49.300 --> 00:17:54.340
EIJAH: But then there’s this other moment of panic that sets in that all the hackers have

00:17:54.340 --> 00:18:00.790
and that is what if I’m wrong? [00:20:00] Because when you release it online you’ve

00:18:00.790 --> 00:18:06.910
gotta be absolutely certain. There’s no room for error. When you release it it’s gotta be right,

00:18:06.910 --> 00:18:11.770
it’s gotta be solid because you’re going to be having hundreds of people looking

00:18:11.770 --> 00:18:17.260
at this. You’ve gotta be certain because if you release something and it’s not right,

00:18:17.260 --> 00:18:23.560
your credibility is screwed. That’s the way it works in our world. You craft a message,

00:18:23.560 --> 00:18:30.700
a paragraph or two, you explain what you found, you create a new forum post and you release it.

00:18:30.700 --> 00:18:39.850
You see what happens. [MUSIC] The post right after mine is can somebody else confirm it,

00:18:39.850 --> 00:18:45.460
please? Once it was released a variety of people tested almost instantly.

00:18:45.460 --> 00:18:50.500
JACK: The community tested Eijah’s key and confirmed it worked. This would be the very

00:18:50.500 --> 00:18:55.960
first decryption key ever made public for the HD DVD and Blu-ray discs. Other keys

00:18:55.960 --> 00:19:01.210
had been posted for regular DVDs but not the decryption keys for the HD DVDs. This

00:19:01.210 --> 00:19:05.080
was a bit of ground-breaking information for the hacker community to take and use.

00:19:05.080 --> 00:19:09.670
EIJAH: Right around this time, I don’t know if this is coincidence or not,

00:19:09.670 --> 00:19:19.340
but literally I think it was two days after I released the key, I got a knock on my door one

00:19:19.340 --> 00:19:28.010
morning. I don’t answer knocks on doors just for so many reasons. I’m not a paranoid person but if

00:19:28.010 --> 00:19:33.440
somebody wants to get in touch with me and they’re legitimate, they know ways to do it. Knocking on

00:19:33.440 --> 00:19:41.060
my front door is not one. There’s a knock on my door. I didn’t answer it. After the person left,

00:19:41.060 --> 00:19:46.370
some time went by and I was going out to go grocery shopping or whatever. I looked;

00:19:46.370 --> 00:19:54.980
there was a sticky note left on my front door. It was from the police and it was the weirdest note.

00:19:54.980 --> 00:20:08.725
It said please call us, we think your identity was stolen. I kid you not. This was within 48,

00:20:08.725 --> 00:20:15.010
72 hours of me releasing the keys. At that time I was living in Arizona so this would have been

00:20:15.010 --> 00:20:22.180
probably somebody from Peoria Police Department which is a suburb of Phoenix. At this time I was

00:20:22.180 --> 00:20:27.520
in a hyper-state of paranoia because of the hack and the release of the information. Why

00:20:27.520 --> 00:20:35.950
would an officer put that specific message on a little note on your front door? I didn’t get a

00:20:35.950 --> 00:20:43.150
call on my phone. I didn’t get a piece of mail delivered from the police. Instead the officer

00:20:43.150 --> 00:20:51.310
made an in-person visit within 72 hours of my hack specifying he thinks my identity was stolen,

00:20:51.310 --> 00:20:58.450
please call him. This whole thing had got me on edge to the point where I

00:20:58.450 --> 00:21:07.670
was looking over my shoulder a little bit more. [MUSIC] Here’s where it gets exciting.

00:21:07.670 --> 00:21:18.770
The moment I released this key I was approached by a secret, I don’t know what to call it,

00:21:18.770 --> 00:21:28.340
a secret group of hackers, a secret group of DRM code breakers and invited into this secret

00:21:28.340 --> 00:21:35.930
society. I know this sounds like Hollywood-crazy, I know this sounds like Mr. Robot but it’s true.

00:21:35.930 --> 00:21:45.410
I was approached – by breaking this encryption and by releasing this key I was somehow entitled

00:21:45.410 --> 00:21:52.880
to an invitation. I had won my invitation into this dark, secret hackers group. They reached

00:21:52.880 --> 00:22:00.230
out to me in a very secret way a few days after I released the key and invited me into

00:22:00.230 --> 00:22:10.910
their private group. We spent the next few weeks furthering our hacks and working together which

00:22:10.910 --> 00:22:18.320
was flattering because I never set out to be a DRM hacker. I was just pissed at Sony, that’s all.

00:22:18.320 --> 00:22:23.060
I didn’t really care initially about the movement, or I didn’t really care initially

00:22:23.060 --> 00:22:33.200
about DRM but the deeper I got into this the more I realized that DRM is crap. It’s draconian;

00:22:33.200 --> 00:22:39.530
it’s a form of enslavement. It’s not fair and it’s not consumer-friendly. The deeper I got into this

00:22:39.530 --> 00:22:46.160
the more I realized that I was on the right path and that even though my motivations to start this

00:22:46.160 --> 00:22:53.990
journey was selfish and was based out of anger and rage, I transitioned to a much more mature

00:22:53.990 --> 00:23:01.490
and a better state and [00:25:00] motivation in that this was bad for consumerism and this was

00:23:01.490 --> 00:23:07.520
bad for privacy and this was bad for everybody in the world who didn’t have the skills to do

00:23:07.520 --> 00:23:14.930
something about it. Sony and the AACS and Toshiba and all those companies that treat us like numbers

00:23:14.930 --> 00:23:23.870
and value us only to the extent that our dollars are handed over to them, need to pay and will pay.

00:23:23.870 --> 00:23:30.200
I was invited to this secret hacker group which was really cool. We shared all of

00:23:30.200 --> 00:23:35.330
our insights and all of our strategies with one another and I helped other hackers get

00:23:35.330 --> 00:23:43.730
better at breaking DRM and they did the same for me. An interesting thing about

00:23:43.730 --> 00:23:51.860
the hacking scene is if we think we’re first to do something, we might only be first to release

00:23:51.860 --> 00:23:57.350
it. We might not have been first to find it. There’s value in not releasing information

00:23:57.350 --> 00:24:05.420
because if companies like Sony and Toshiba and others think that the current version of their

00:24:05.420 --> 00:24:12.560
protocol hasn’t been broken yet, they’re under no obligation to change anything.

00:24:12.560 --> 00:24:18.200
JACK: When Eijah posted his key on the forum it triggered a chain of events. The key is

00:24:18.200 --> 00:24:22.310
first picked up by software developers who create the software that can easily rip or

00:24:22.310 --> 00:24:27.890
copy a Blu-ray disc. Then the rippers get ahold of that software and begin making copies of their

00:24:27.890 --> 00:24:32.870
Blu-ray movies. Then they post and distribute the movies to torrent sites like The Pirate

00:24:32.870 --> 00:24:37.160
Bay and then pirates can download movies and watch them without having to buy them.

00:24:37.160 --> 00:24:42.320
Eijah’s key caused a serious ripple effect that rang through the pirating community.

00:24:42.320 --> 00:24:49.610
The AACS is the organization that created the encryption on the Blu-ray and they had

00:24:49.610 --> 00:24:54.200
a plan in the event that a key like this got leaked. As soon as they became aware the key

00:24:54.200 --> 00:24:58.550
was being used by pirates and hackers, they would change the algorithm. Yes,

00:24:58.550 --> 00:25:03.200
the key that Eijah found would continue to work to copy Blu-ray movies up until then,

00:25:03.200 --> 00:25:08.750
but the AACS made it so that key wouldn’t work on any new Blu-ray movies that were made after

00:25:08.750 --> 00:25:12.890
that. The hackers would have to find a new key and break the encryption again.

00:25:12.890 --> 00:25:20.630
EIJAH: It’s this cat-and-mouse game that goes on infinitely as long as they know the latest version

00:25:20.630 --> 00:25:28.580
has been compromised. There’s a lot of power in breaking a system but keeping that break quiet.

00:25:28.580 --> 00:25:32.930
JACK: But the AACS did more than just change the algorithm. They

00:25:32.930 --> 00:25:36.320
tried hitting back at websites that posted their keys publically.

00:25:36.320 --> 00:25:44.330
EIJAH: When the processing key was released, something funny happened. The AACS LA thought

00:25:44.330 --> 00:25:50.960
that they could impose upon the internet their will of take-downs. They had their lawyers send

00:25:50.960 --> 00:25:57.050
all these take-down notices to all these different sites who posted the key in articles like Dig,

00:25:57.050 --> 00:26:04.430
FlashDot, and others. We look at it and laugh, just completely discarding this idea as utter

00:26:04.430 --> 00:26:10.520
crazy. But that’s the world the lawyers live in; somehow they think this makes sense. They

00:26:10.520 --> 00:26:19.340
think they are entitled to this because it is right but to them it still makes sense.

00:26:19.340 --> 00:26:32.090
What was happening was, keys are hexadecimal values so they’re literally strings of A

00:26:32.090 --> 00:26:41.450
through F and 1 through 9, is all they are. It’s text data. It’s something that you can

00:26:41.450 --> 00:26:47.150
hide in so many different ways. A lot of people started disguising the numbers of

00:26:47.150 --> 00:26:54.320
the processing key in colors and images and reversing it and disguising it in a way that

00:26:54.320 --> 00:27:00.140
would make search algorithms impossible to find it. That was where hackers and

00:27:00.140 --> 00:27:06.200
technologists and the community abroad just started taking advantage of the stupidity

00:27:06.200 --> 00:27:18.170
and the lack of social and internet awareness by these executives and by the AACS LA. You

00:27:18.170 --> 00:27:25.400
can’t declare war on an infinite army of smart people who are motivated by a greater cause.

00:27:25.400 --> 00:27:33.530
Our cause is social justice and our cause is bigger than any sort of legal army they’re

00:27:33.530 --> 00:27:39.800
going to be able to mount. That’s why it doesn’t really matter, at the end of the day, how many

00:27:39.800 --> 00:27:47.960
lawyers they send after us. I find it humorous to think that lawyers still think they have any sort

00:27:47.960 --> 00:27:54.770
of strength and any sort of influence compared to an army of hackers and an army of passionate and

00:27:54.770 --> 00:28:04.760
motivated internet users. [00:30:00] I remember seeing at American Express – and keep in mind,

00:28:04.760 --> 00:28:10.310
I was in director level as the security portfolio architect and I reported directly to a VP.

00:28:10.310 --> 00:28:17.330
There was this one day while this was going on. This was probably three, four days after

00:28:17.330 --> 00:28:25.130
I released the information. I had a one-on-one with my VP, my boss. Very, very nice lady. I

00:28:25.130 --> 00:28:34.820
have such a great respect for her. She called me in for our one-on-one and she knew something was

00:28:34.820 --> 00:28:40.760
up. I’m sure I was physically showing signs of stress and tension and nervousness but I

00:28:40.760 --> 00:28:48.110
remember she was very perceptive and she said what’s wrong? Something going on? You don’t

00:28:48.110 --> 00:28:55.460
seem like yourself. I remember that conversation because of course I denied it. I was like no, no,

00:28:55.460 --> 00:29:01.820
maybe I just didn’t sleep well. Insert any excuse here to try to jump to the next topic, but I

00:29:01.820 --> 00:29:07.550
remember thinking about that for years to come and I said you know what? I’m not like my old self.

00:29:07.550 --> 00:29:11.540
I’m different. This has been a – in a lot of ways,

00:29:11.540 --> 00:29:18.590
this has been almost an opportunity to be reborn. It was that moment forward that I

00:29:18.590 --> 00:29:26.060
decided I’m gonna quit American Express because I just wasn’t enjoying the work. The excitement,

00:29:26.060 --> 00:29:35.300
the adrenaline bump that I got from this whole hacker thing was very exciting. I don’t think

00:29:35.300 --> 00:29:40.310
I’d want that sort of adrenaline bump every week in my life because I’d probably fall over dead

00:29:40.310 --> 00:29:48.440
but it was so exciting and it was so invigorating and empowering to know that I had just, on a whim,

00:29:48.440 --> 00:29:58.622
I made a decision to do something totally new and it worked. It’s kind of like that quote from Tron.

00:29:58.622 --> 00:29:58.701
K FLYNN: I kept dreaming of a world I thought I’d never see. Then, one day…

00:29:58.701 --> 00:29:58.721
S FLYNN: You got in.

00:29:58.721 --> 00:30:09.703
K FLYNN: That’s right, man. I got in.

00:30:09.703 --> 00:30:17.690
EIJAH: I got in. It’s that moment of euphoria, that moment where nothing is the same. You’re

00:30:17.690 --> 00:30:24.380
not the same person, you can’t ever go back. You’ve been reborn in a lot of ways. I ended

00:30:24.380 --> 00:30:28.700
up quitting American Express not long thereafter. I think it was about ten

00:30:28.700 --> 00:30:35.000
months after and I went into game programming which ended up being a seven-year journey for

00:30:35.000 --> 00:30:43.850
me where I made games such as Guitar Hero and Max Payne 3 and Grand Theft Auto V. I

00:30:43.850 --> 00:30:47.900
was one of the lead programmers for Grand Theft Auto V for five years with Rockstar.

00:30:47.900 --> 00:30:53.780
Some of my code is still in Red Dead Redemption 2 which is coming out this

00:30:53.780 --> 00:30:57.560
fall. Even though I resigned from Rockstar two-and-a-half years ago,

00:30:57.560 --> 00:31:02.030
very amicably, and I miss that studio and I miss the people I worked with,

00:31:02.030 --> 00:31:07.880
it was part of my evolution and I resigned so that I could become an entrepreneur and

00:31:07.880 --> 00:31:12.740
that I could do things like Demon Saw, and most recently my current company Promether.

00:31:12.740 --> 00:31:22.760
As much as I would love to give a really exciting summary and conclusion, the saddest

00:31:22.760 --> 00:31:32.420
part of the story is that there really hasn’t been anything that came as a result of this.

00:31:32.420 --> 00:31:39.560
It’s almost like there’s been no retribution. There’s been no follow-up. There’s been no running

00:31:39.560 --> 00:31:45.980
down the streets. I want to see a scene from Bourne Identity where Matt Damon’s running from

00:31:45.980 --> 00:31:51.110
a bunch of KGB agents. There hasn’t been anything exciting like that which is probably a good thing,

00:31:51.110 --> 00:31:59.330
right? We don’t need those things in our lives but the AACS never came after me. Sony never came

00:31:59.330 --> 00:32:06.640
after me. It makes sense why they didn’t; they wanted this thing to go away. They wanted the

00:32:06.640 --> 00:32:12.670
fact that their protocol and their specification was insecure and was a terribly written protocol.

00:32:12.670 --> 00:32:18.700
They wanted people to forget that. They just wanted to make money. They wanted Toshiba and

00:32:18.700 --> 00:32:25.030
Sony and Philips and Emerson and all these other companies to just keep paying their

00:32:25.030 --> 00:32:33.370
licensing fee for the specification, the AACS spec. They just didn’t want the publicity. I

00:32:33.370 --> 00:32:39.040
guess it makes sense if you think about it, why they didn’t follow-up, why they aren’t

00:32:39.040 --> 00:32:49.390
making a stink about this or making this very political or very out in the open,

00:32:49.390 --> 00:32:54.280
because they just want it to go away. They just want to make money. That sums up the

00:32:54.280 --> 00:32:58.330
entire reason for the specification. It’s not about [00:35:00] protecting

00:32:58.330 --> 00:33:05.220
us. It’s not about even protecting the content. It’s just about making money.

00:33:05.220 --> 00:33:14.460
I sure as hell hope that there was a board meeting or at least a bunch of executives and some sort

00:33:14.460 --> 00:33:24.810
of dumb-ass executive said why the fuck can’t we stop these hackers? It’s a rhetorical question.

00:33:24.810 --> 00:33:31.290
You wouldn’t have us if you treated us fairly. Most of us are honest people. Most of us will

00:33:31.290 --> 00:33:37.050
pay a fair price for content. Nobody wants to steal and cheat. We don’t want to be pirates.

00:33:37.050 --> 00:33:43.890
The moment companies give us good content at a fair price in a convenient way, piracy is going

00:33:43.890 --> 00:33:50.850
to be destroyed. Just treat us with respect and dignity and we will pay for your content.

00:33:50.850 --> 00:33:57.870
You, whoever you are out there, you are listening to this right now. You are not powerless. You,

00:33:57.870 --> 00:34:06.600
who are listening to this, are far more powerful than I am. It’s just a matter of whether tomorrow

00:34:06.600 --> 00:34:13.200
when you wake up, you’re going to do something about the injustice in the world. I heard an

00:34:13.200 --> 00:34:19.470
interesting quote. I don’t remember who the athlete was but somebody was interviewing this

00:34:19.470 --> 00:34:24.000
Olympic athlete and they asked her, they said how do you do it? How do you achieve

00:34:24.000 --> 00:34:31.740
these great feats? She said it’s really easy. Every morning when the alarm clock goes off,

00:34:31.740 --> 00:34:41.640
I choose not to hit snooze. Sometimes the secrets to life is just not pressing the snooze button.

00:34:41.640 --> 00:34:49.770
JACK: Eijah is currently working on two projects he created himself;

00:34:49.770 --> 00:34:56.520
Demon Saw and Promether. Demon Saw is a secure and anonymous file sharing app. Think of it like

00:34:56.520 --> 00:35:01.140
a decentralized Dropbox that you can run on your own server. Promether is a way to

00:35:01.140 --> 00:35:05.880
transfer files and communicate securely even if you’re operating in an insecure network.

00:35:05.880 --> 00:35:11.222
Both projects are free for anyone to use and Demon Saw is available now to use.

00:35:11.222 --> 00:35:19.290
JACK (OUTRO): [OUTRO MUSIC] You’ve been listening to Darknet Diaries. To learn more about Eijah,

00:35:19.290 --> 00:35:23.400
check out darknetdiaries.com. This show is created by me, Jack Rhysider,

00:35:23.400 --> 00:35:27.210
with editing help from Stephanie Jens. Theme music is created by Breakmaster

00:35:27.210 --> 00:35:31.050
Cylinder. If you like this show and want to help it out, it would mean a lot to me

00:35:31.050 --> 00:35:38.460
if you would tell others about it. Spread the word any way you can. Thanks a lot.