#164 Mike Grover - How Hacking Tools Are Changing Cyber Warfare

2h 34m
Start listening Download the MP3
Mike Grover is a security researcher, InfoSec expert, and the creator of the infamous O.MG Cable. He gained prominence in 2019 when he showcased his malicious USB cable prototype at DEF CON, capable of recording keystrokes and executing remote commands. Grover's O.MG Cable looks identical to a regular charging cable, but contains a tiny implant that creates a Wi-Fi hotspot, allowing attackers to access the connected device from up to 300 feet away.

Since its inception, Grover has refined the O.MG Cable design, making it indistinguishable from normal USB cables and expanding its capabilities. The latest iteration includes features such as geofencing, self-destruct mechanisms, and support for various connector types including Lightning and USB-C. Grover's work aims to raise awareness about hardware security risks while providing tools for red teams and security researchers to test and improve organizational defenses.

Shawn Ryan Show Sponsors:
https://ROKA.com | Use Code SRS
https://ExpressVPN.com/SRS
https://ZipRecruiter.com/SRS
https://RocketMoney.com/SRS
https://prizepicks.onelink.me/LME0/SRS
https://ShawnLikesGold.com | 855-936-GOLD #goldcopartner
https://americanfinancing.net/srs
NMLS 182334, nmlsconsumeraccess.org. Call 866-781-8900 for details about credit costs and terms.

Mike Grover Links:
Website - https://o.mg.lol/
X - https://x.com/_MG_
LinkedIn - linkedin.com/in/mgrover

Please leave us a review on Apple & Spotify Podcasts.
Vigilance Elite/Shawn Ryan Links:
Website | Patreon | TikTok | Instagram | Download
Learn more about your ad choices. Visit podcastchoices.com/adchoices

Jump to transcript

Press play and read along

Runtime: 2h 34m

Transcript

Speaker 1 Ah, the sounds of an Etsy holiday.

Speaker 2 Now that's special.

Speaker 1 Want to hear it again?

Speaker 2 Get original and affordable gifts from small shops on Etsy. For gifts that say, I get you, shop Etsy.
Tap the banner to shop now.

Speaker 3 This Marshawn Beast Mode Lynch. Prize Pick is making sports season even more fun.

Speaker 4 On Prize Picks, whether you're a football fan, a basketball fan, it always feels good to be right.

Speaker 3 right now, new users get $50 instantly in lineups when you play your first $5.

Speaker 4 The app is simple to use. Pick two or more players.
Pick more or less on their stat projections.

Speaker 3 Anything from touchdown to threes. And if you write, you can win big.
Mix and match players from any sport on Prize Pix, America's number one daily fantasy sports app.

Speaker 3 ProzPix is available in 40 plus states, including California, Texas, Florida, and Georgia. Most importantly, all the the transactions on the app are fast, safe, and secure.

Speaker 6 Download the PrizePicks app today and use code Spotify to get $50 in lineups after you play your first $5 lineup. That's code Spotify to get $50 in lineups after you play your first $5 lineup.

Speaker 6 PrizePicks is good to be right. Must be present in certain states.
Visit PrizePicks.com for restrictions and details.

Speaker 7 Mike Grover, welcome to the show, man.

Speaker 1 Thanks. Thanks for having me, dude.

Speaker 7 We just knocked out one of the most fascinating everyday carry pocket dumps I've ever seen. And

Speaker 7 the fact that you designed all that hardware is just astounding. It's awesome.
And so we got connected through mutual friend Bryce Case Jr. Yeah.
And thank you, Bryce.

Speaker 7 And man, we've been trying to make this happen for

Speaker 7 I think a year. Yeah.

Speaker 1 Over a year.

Speaker 1 Yeah, over a year now.

Speaker 7 So, yeah, because I interviewed, he was our he was last year's thanksgiving episode yep and uh we got connected right after he told me about the omg cable yeah which you developed and uh we'll get into that but

Speaker 7 real quick let me uh let me let me kick it off with an intro here sweet so mike grover aka mg

Speaker 7 you're a hacker red teamer entrepreneur, artist, security researcher, and educator. You work for Fortune 500 companies conducting red team operations to test and enhance their security.

Speaker 7 You design and build covert hardware implants that bypass and challenge computer security.

Speaker 7 You also run a business that manufactures and sells your hardware designs, which are now used by countless companies and governments to strengthen their own security.

Speaker 7 The most well-known hardware design is the OMG cable, a malicious USB cable. You're also a husband and a father.

Speaker 7 And I'm sure I'm missing a whole slew of stuff, but at least that paints the picture.

Speaker 7 But, you know, I want to do a life story on you, you know,

Speaker 7 some of the things that you have developed,

Speaker 7 and then probably go down some rabbit holes with cybersecurity. Maybe I love knowing what China and Russia are up to if you have any insight into that.
But

Speaker 7 before we start anything,

Speaker 7 everybody gets a gift. So,

Speaker 1 all right.

Speaker 1 Gummies.

Speaker 7 Vigilant Sleek Gummy Bears. So made right here in the USA, legal in all 50 states.
All right. So, you know, I know you guys got some fun gummies down there in California, but this is just candy.

Speaker 1 Oh, I'm going to eat some now, man. These are.

Speaker 7 Go right ahead.

Speaker 1 Want some?

Speaker 7 Yeah, I'll take some of those.

Speaker 1 Thank you.

Speaker 1 I'll see if I can not eat these by the end of the show.

Speaker 1 Good luck.

Speaker 1 Nice. Those are good.

Speaker 7 Not bad, huh?

Speaker 7 But,

Speaker 7 sorry, I'm going to talk with my mouth full.

Speaker 7 Mike, I got a, so I got a Patreon account. It's a subscription account.

Speaker 7 They were a major, we were just talking about before, you know, right before we kicked this off about

Speaker 7 starting businesses and how this started in my attic. And we're both entrepreneurs.
And

Speaker 7 so

Speaker 7 developed a Patreon very early on.

Speaker 7 They have been the key component to how I've built my business.

Speaker 7 And a lot of them have been here since the very beginning. So one of the things that I do is I give them the opportunity to ask each and every guest a question.

Speaker 7 And so this is from somebody anonymous.

Speaker 7 What's the simplest trick hackers use that 99% of people still fall for every day?

Speaker 1 Asking.

Speaker 1 Just ask them. Ask them for access.

Speaker 1 Granted, you got to kind of cloak it a little bit, but you pretend to be somebody you're not. And for instance, like I'm your IT department.
I'm your HR.

Speaker 1 You call them up, you email them, and you say, I need you to do a thing real quick.

Speaker 1 And

Speaker 1 that process will generally have them maybe entering their password, for instance.

Speaker 1 Except it's into something you control. And at that point, you've got their password.

Speaker 1 That is a method that is still heavily used and constantly works.

Speaker 7 No, kidding. That actually happened to us here.

Speaker 1 Oh, yeah.

Speaker 7 Yep. Yep.
We had to have Brian Montgomery jump in and save the day. But

Speaker 7 yeah.

Speaker 7 We got an email saying,

Speaker 7 we want you to be on this podcast. Yep.
And

Speaker 7 I thought it was bullshit.

Speaker 7 We had a staff member that

Speaker 7 kind of like pushed me to do this. And of course, everything was in a rush.
And

Speaker 7 boom. We saw that.
Then my guy, they got into our Facebook and almost hacked everything. Yep.
Took it all. And Ryan was able to jump in and save the day kind of last minute there.
So nice.

Speaker 7 Thank you, Ryan. But

Speaker 7 what's another one, though?

Speaker 1 I mean, that is like the go-to, right? Like,

Speaker 1 I mean, you can walk into a building, but why do that when you can just ask from halfway across the world, right? Yeah.

Speaker 1 Like, I mean, most companies, you'll still be able to walk in and do all that stuff.

Speaker 1 It's just not worth the risk unless they've got that level of security kind of lockdown where it's like, okay, you can ask anybody in the company for their password.

Speaker 1 They can give it to you, but you can't do anything with it because you know, we've got like two-factor turned on or stuff like that.

Speaker 1 Different security controls and detections that suddenly require physical access. So

Speaker 1 you got to take more risks to do that. And that's, it's a lot more skilled, a lot more work to make happen.

Speaker 7 Interesting. Interesting.
Well, you know, I had a little chat with Bryce before

Speaker 7 he got here today, and we were talking. And by the way,

Speaker 7 have you ever seen that video of him at the Dead Mouse concert? He's up there. He's rapping and falls off the stage.

Speaker 7 I got to roll this club.

Speaker 1 You've seen this, right? I believe so, yeah.

Speaker 7 I got to roll the club. It's hilarious.

Speaker 7 He brought something up that wasn't in your outline. Oh, shit.
And so might be a little uncomfortable, but I got to ask it.

Speaker 7 And I think it's a good question because it sets the stage for the entire interview and everything

Speaker 7 we're going to talk about. But he says,

Speaker 7 in case he chickens out,

Speaker 7 ask Mike about his design being so good that they were copied by the most well-known hacker of all time, Kevin Midnick, also known as Condor. So I got to hear about this, man.

Speaker 1 Okay.

Speaker 7 Is this the OMG cable?

Speaker 1 Predecessor, right? So I had been doing lots of

Speaker 1 designs of malicious cables, right? And I had some really early proof of concept just to... just to show it's possible.

Speaker 1 No wireless connection, really tiny payload capability, you know, a few dozen, maybe 100 keystrokes, right? Really limits what you can do. It's really slow.

Speaker 1 I mean, we're not hitting that thousand keystroke per second thing or maybe a dozen.

Speaker 1 Really slow, right? But it's like, it worked, right? You can't remotely update it. It can't do anything, but it worked.

Speaker 1 I want to show the world because, you know, hacker, you want to share the information stuff and work with other people. I didn't see it as like a product.
It was just more like...

Speaker 1 project, more like art. Like, hey, cool, look at this thing.
And yeah, he reached out and wanted to kind of collaborate and, you know, have me, you know, build one for him.

Speaker 1 And I started on that process, but

Speaker 1 I didn't have enough time to complete it with his work constraints as well because he didn't have time and stuff.

Speaker 1 And eventually what happened, I didn't know about it, but he went to someone else and said, make this for me. And

Speaker 1 it was not, like, I didn't know about it until it came out. And then the thing is,

Speaker 1 it wasn't very good. And I was just like, dude, first of all, it's not very good.
This sucks. I wish

Speaker 1 making this a proper product. But also it was like, hey, if you had the the resources, like fucking, I could have used that.
Um, because I was just doing this on the side, right? But we have,

Speaker 1 you know, solved things since then. You know, I think there's certain levels of communication and misunderstanding.

Speaker 1 So I don't want to be like, oh, he's, he's the worst, but, you know, lessons learned as well of like, you know, if it's something you can turn into a product, maybe

Speaker 1 wait until it's ready, you know, things like that,

Speaker 1 which is exactly what I did with the OMG cable, right that that that's where it's like thousands of times better i mean as uh enraging as i'm sure that was it's also pretty flattering that uh oh yeah you know the is he really like the world's most renowned hacker i mean well so rap he's no longer around oh really yeah exactly but uh yeah he the the way he would be introduced um i like i don't know but it was always the world's most famous hacker is the uh the tagline that was used what made him so famous

Speaker 1 So, well, he,

Speaker 1 God,

Speaker 1 I need to refresh around this, but basically he had

Speaker 1 gotten the attention of the FBI and they were hunting him down for getting into various places. A lot of social engineering tricks and stuff like that.
And

Speaker 1 kind of a cat and mouse game. There's a movie called Takedown, right? So good movie.
Check it out.

Speaker 1 But he

Speaker 1 went to prison then and was pretty unfairly treated.

Speaker 1 There was a whole free Kevin movement where they were doing, I think they put him like solitary or something because they thought he could like whistle into the phones and like launch ICBMs or some shit.

Speaker 1 Oh my God.

Speaker 1 This is like back when everybody's like, oh my God, hackers, just evil wizards. It's still like that today, but it was much worse back then.
They had no idea it was even possible.

Speaker 1 So yeah, I like he was held for much longer. I don't think.
yeah,

Speaker 1 I don't want to misspeak here because I don't forget the particulars, but he was held for a very long time, pretty unfairly, eventually got out and

Speaker 1 then went into Infosec as like a profession using that.

Speaker 7 And then tried to

Speaker 7 take your own GK.

Speaker 1 I mean,

Speaker 1 I guess he knew what looked good. So

Speaker 1 he's good at that.

Speaker 7 Hey, you got the world's most renowned hacker taking, you know,

Speaker 7 your stuff.

Speaker 7 That's pretty cool. Yeah, you know, it sounds like everything worked out today.

Speaker 1 Oh, yeah, definitely. And just for the record, he had a pretty unfair shake at life.

Speaker 1 He ended up, I think he got pancreatic cancer, and he died before his first kid was born, which is just fucking terrible.

Speaker 1 So, yeah,

Speaker 1 I've since met up with his wife and cleared the air. So

Speaker 1 we're good.

Speaker 7 Good for you, man. Well, let's get to you.

Speaker 1 So, you know,

Speaker 7 like I said, I want to do a life story. We got to get into the OMG cable stuff and all the other stuff that you're designing, some red team stuff.

Speaker 7 But actually, actually, in your bio, I know what red team operations are. Yes.
Red cell operations. But could you explain that to the audience?

Speaker 1 Yeah, definitely. So there's a lot of, it depends where we're talking about red teaming because there's military red teaming, which I would love for you to give me a couple of stories on.

Speaker 1 Because, I mean, I'm sitting in a room with a guy who probably knows that really well, way more than me. So it would be a little ridiculous for me to explain that to you.

Speaker 1 But red teaming in terms of like corporate cybersecurity is

Speaker 1 a subset of pen testing. Pen testing is find the holes, tell us the holes, right? I mean, that's cool, but it doesn't quite test

Speaker 1 how someone responds. I think there's this like, I think it's a Mike Tyson quote where everybody has a plan until they get punched in the face, right?

Speaker 1 It's like, okay, well, it's maybe a little aggressive in context of cybersecurity, cybersecurity but uh you know how do you solve that like in boxing you you train you get punched in the face right and then well okay now it's not going to be new when it happens so you might have a plan but are you going to execute on the plan are you going to like miss some steps is motion going to get involved and also you know i can

Speaker 1 find holes at different layers, but red teaming is going to be repeating exactly the entire chain.

Speaker 1 It's often called a kill chain, where it's you're connecting all of these different vulnerabilities to go from completely outside to completely to the crown jewels, take them out and succeed.

Speaker 1 And then you show how you did it after the fact.

Speaker 7 How did you get into that?

Speaker 1 Good question.

Speaker 1 So kind of almost don't even know, but over the course of just life and

Speaker 1 I started off as just help desk IT sysadmin where you learn a lot of things.

Speaker 1 And at the time, I didn't think it was very applicable, but like those are all the systems and the nuances and like just the weird compromises you learn like oh i don't have enough budget so i'm going to do it this way or you learn about the end users that you're supporting as help desk and all the problems they run into and oh they're running into like policy that stops them from working so oh they're going to do this that's going to cause a degradation in security but it's really common you know that having been in help desk and sysadmin.

Speaker 1 So you start to connect these things together and it becomes this really

Speaker 1 valuable just bucket of information for oh how would i get into the company using that and you know got really into security for a while it's just it's it's also a piece of that role like you're gonna run all the systems for it you got to keep them secure too especially in small companies where you don't have dedicated security it's like no you you are the security so you got to learn it that way which requires you to think also how does an attacker do it because

Speaker 1 you got to defend against that right so eventually, I just kind of got bored of doing IT and made the jump into security.

Speaker 1 Started learning

Speaker 1 actually, Bryce. So good connection on this as well.
So

Speaker 1 I had known Bryce

Speaker 1 for a long time. And I think it was like 2013, first time I went to DEF CON hacker security conference, biggest one in the world in Vegas, every year.

Speaker 1 And

Speaker 1 I decided, decided, oh, God, what was this? So there's these unrecorded talks they also do in certain areas.

Speaker 1 He was on stage. I think he was doing something with like Bitcoin at the time.
And he had this like, uh, like telepresence robot on stage for a guy who was on house arrest. Like he couldn't come.

Speaker 1 So he brought a telepresence robot to be like. Bryce's partner on the stage.
And it was just wild watching this. And so I'm in the audience.
I'm just like, oh yeah, Bryce, you know, whatty cracker.

Speaker 1 I don't like it. I'm going to go see what he's doing.
And then, you know, he gives the talk. And after it's done, I'm like, hey, yo, what's up? Like,

Speaker 1 never met you before. But

Speaker 1 from that point on, we kind of, you know, our relationship grew, got to know him a lot better. But he also DJs, as you know, and he was DJing for a guy called Fuzzy Knop who,

Speaker 1 or sorry, flip that around.

Speaker 1 Fuzzy Knop was DJing for him because he also MCs and sings songs, right? So he needs someone, you know, to play that. So Fuzzy Knopf was DJing for him on a lot of his shows.
So I met him.

Speaker 1 And, well, he is the one who had built out a red team for a new company.

Speaker 1 Not a new company, new red team for a company, large company. And he ended up pulling me over into that team.
Oh, cool. Yeah.

Speaker 7 I love that guy, man. Price is great.
I love that guy.

Speaker 5 Buckle up because the biggest Black Ops ever is available now. Call of Duty Black Ops 7.

Speaker 5 With three epic game modes across co-op, campaign, multiplayer, and zombies, it's pushing the franchise into bold new territory.

Speaker 5 The all-new co-op campaign lets you play solo or with friends as you infiltrate Avalon, a high-tech stronghold on the brink.

Speaker 5 At launch, jump into 18 explosive multiplayer maps with exciting, fast-paced movement. If you're looking for some undead action, the round-based zombies mode is back again with a twist.

Speaker 5 You'll fight through hordes of zombies as you drive the new wonder vehicle named Old Tessie and wield a brand new wonder weapon. Black Ops 7 doesn't just evolve, it reinvents.

Speaker 5 If you thought you knew Call of Duty, get ready for something even bigger. Call of Duty Black Ops 7, available now.
Rated M for mature.

Speaker 5 True Classics started with a simple mission to bring premium, comfortable clothing to the masses. Because looking and feeling great shouldn't come with a designer price tag.

Speaker 5 With over 25 million shirts sold to 5 million customers, True Classic has become a staple in closets everywhere. But this brand isn't just about fit.

Speaker 5 It's about confidence and helping people look sharp without the effort. That's what makes True Classic the perfect gift this holiday season.

Speaker 5 Whether you're shopping for your dad, your brother, your partner, or now even the woman and kids in your life, True Classic has something for everyone.

Speaker 5 And now, True Classic is available for the whole family and won't break your holiday budget. I've been wearing True Classic for a while now, and the moment you throw one on, you feel it.

Speaker 5 Tailored where it counts, relaxed where it matters. No bunching, no stiffness, no nonsense.
Just a clean, easy fit that looks good and holds up through my long days in the studio.

Speaker 5 So skip the guesswork and the overpriced designer stuff. Give comfort.
Give confidence. Give True Classic.

Speaker 5 You can find that at Amazon, Target, Costco, Sam's Club, or head to trueclassic.com slash SRS to grab the perfect gift for everyone on your list.

Speaker 7 Well, let's

Speaker 7 took a little sidetrack there, but let's

Speaker 7 get to you and let's get get to your event.

Speaker 1 I'll let you get to it eventually.

Speaker 7 Where'd you grow up?

Speaker 1 All right. So I grew up in Wisconsin.

Speaker 1 Brothers, sisters. Yeah, I got a younger sister, four years.

Speaker 7 You guys tight?

Speaker 1 Yeah, we don't keep in touch as much. Both like super busy, but we could definitely be a lot closer.

Speaker 7 Is she a hacker, too?

Speaker 1 No, she culinary. Culinary.
Yeah, I picked that up for my dad as well. So my dad,

Speaker 1 yeah, so

Speaker 1 he was in the Navy as a corpsman for a while. I think it was like four years, submarine stuff.

Speaker 1 But medicine, both my parents in medicine were in medicine, and they did a lot of DIY stuff. So they built their house from the ground up, designed it from the ground up.

Speaker 1 So I was in that kind of raw materials environment.

Speaker 1 Like the house never actually fully got completed, which is actually kind of cool because there's constant like tools, raw materials around growing up. I thought that was an amazing experience.

Speaker 1 Dude, I remember uh shoveling out the uh the house because it snowed before we got the roof on.

Speaker 1 Yeah, it was pretty cool. I was, I was pretty young at the time, but it was still like you know, impacting.
Like, oh, look, you can just you can just do stuff, right?

Speaker 1 And like, that wasn't their profession, but they just picked it up, learned it, how to design it, built nearly everything. I think they didn't do was the masonry for the basement, because

Speaker 1 yeah,

Speaker 1 um,

Speaker 1 the trusses, and then they were rushed with the weather to get the drywall up

Speaker 1 so they paid for that um everything else they did by hand wow wow pretty cool so but yeah culinary right that's going back there um

Speaker 1 yeah he's really into he was really into just cooking and uh really really good at it my uh both of my parents uh were doing um barbecue competitions for a while as well and just

Speaker 1 yeah just get into it and go. And I think that was a pretty good learning experience.
And obviously that had an impact on my sister

Speaker 1 who got into culinary as well and did some, did some great, great stuff there. I didn't pick that skill up.

Speaker 7 So what were you into as a kid?

Speaker 1 Oh, God.

Speaker 1 Definitely electronics type stuff. So it depends on the stage.

Speaker 1 Video games first, lots of video games.

Speaker 7 What video games?

Speaker 1 What platform? I guess it depends over time. So there was the console stuff like Nintendo, et cetera.
So let's go all the way back. So Atari,

Speaker 1 and this is kind of like the first hardware hack, actually. My dad,

Speaker 1 so if you remember the Atari joysticks, it's a joystick and a single button, right? That's the whole controller.

Speaker 1 And we were playing the game Tank, right? And you just move around like you're in a tank and you fire at stuff, right?

Speaker 1 My dad took some

Speaker 1 speaker wire, a tongue depressor, medicine, right?

Speaker 1 And a random button probably from Radio Shack and just taped it to a stick to the tongue depressor, ran the wires off and soldered it to the controller so that I could have access to my own little like button when I, I don't know, it's like four or something.

Speaker 1 So I could fire the tank while he steered it around, right?

Speaker 1 I thought that was pretty cool and it kind of stuck with me, right? Like you just modify stuff, like hacking stuff. So

Speaker 1 very simple, but you know that was first video game first hardware hack right that was kind of exposed to and yeah spent lots of time on like nintendo super nintendo and then i got into

Speaker 1 quake quake was extremely impactful for me that's where i went from

Speaker 1 you know consoles to the computer in the house that we had you know used it for like encyclopedia like you could chat with people online cool but it's more just a tool right then quake you got to start learning things back when Quake came out.

Speaker 1 This is late 90s, right? You got to learn like how dial-up works, how to connect to other people so you could do multiplayer. Like that wasn't just like a button or two.
It's you got to learn stuff.

Speaker 1 And even running Quake, it's like, oh, you, you just don't launch it. You know, reboot the computer in DOS mode and stuff like that.

Speaker 1 And so you're learning how a computer works, but that also kind of, that's where we get into hacking as well. That's, that's kind of like the inflection point of a lot of things.

Speaker 1 Also, you know, Ninish Nails was built in that game. They did all the sound effects.
And

Speaker 1 you can see see the Ninish Nails logo on the crates of nails as well. If you look in there, um,

Speaker 1 but yeah, that was also kind of uh impactful for me with the stylistic stuff and the art.

Speaker 7 Damn, so you started the hacking stuff at like how old were you?

Speaker 1 Same age. That was that was high school.

Speaker 7 Atari was high school, no, Atari.

Speaker 1 Oh, god, I don't, I don't even know when that was.

Speaker 1 Uh,

Speaker 1 yeah, I mean, just really

Speaker 7 like five or six, yeah.

Speaker 1 Yeah, I don't, I don't even know. Damn, 80s.
It was 80s.

Speaker 1 But yeah, Quake was high school.

Speaker 7 Right on, right on.

Speaker 1 So,

Speaker 7 well, let's fill in the gaps.

Speaker 7 Were you into anything other than electronics or was it always just electronics? And I shouldn't say just, was it all electronics?

Speaker 1 I mean, it's all connected in some way. Like, I was into cars as well.
Like, you know, part of it was just like

Speaker 1 making the car continue to run,

Speaker 1 but also, you know, like, let's add sound systems to the cars and learn how that works, which is, you know, electronics in some way.

Speaker 1 Also got into water cooling the computer to overclock it, but that required learning like water cooling.

Speaker 7 Yeah, water cooling.

Speaker 1 So these days you can just buy a kit and install it, right?

Speaker 1 But most computers are air-cooled. You got a little fan in there blowing out the heat, right?

Speaker 1 If you overclock a computer, you can get a lot more power out of it, especially back in, you know, 90s, early 2000s, but it would dump a lot of heat, lots more heat, and air cooling couldn't keep up with that.

Speaker 1 So what you do, you take little water blocks, basically, like a little piece of copper, strap it to the processor,

Speaker 1 the video card, and run water loops through it.

Speaker 1 I don't know how to better explain that, but

Speaker 1 it's like a little maze that the water would take through the channels on this block, and it would pull the heat out and you would dump it.

Speaker 1 And at the time uh god it was a chevy chevelle heater core that was just like the perfect size and you could use that as a radiator with a larger fan on it so instead of using the small fans that you'd find on like laptops or even desktops that you know maybe it's like that big you get a fan that big and it keeps it quieter while dumping heat and you can just run these things really hot and yeah i i had to learn how to make those things right so you know you get a pond pump from like a fish store you get the chevelle heater core get a little tubing wire together.

Speaker 1 But I had to mill out, or I didn't mill it, I drilled it. I'll use a drill press because I could not afford access to that.
It was like a hundred dollar drill press at the time.

Speaker 1 You just do like cross drilling through all different directions, plug it up and get this cool spiral pattern where the water would go through it and pull heat out of all your devices.

Speaker 1 And you got to learn about things like corrosion. Like you got copper and brass and aluminum and like, you know, these things are going to start to corrode.

Speaker 1 So you learn, you know, the chemistry behind how to prevent that from happening because you don't want corrosion because then your computer is going to have water all over it when it leaks, just for example, right?

Speaker 7 So, wow, so you're like a jack of all trades, yeah, you like taking stuff apart, putting it back together, figuring out how it works, how to fix things at a very young age, and it just exploded.

Speaker 1 Yeah, so yeah, basically

Speaker 1 now,

Speaker 7 how'd you get into hacking?

Speaker 1 Uh, so I'm gonna put that on Quake as well. So, you're playing online games right

Speaker 1 and you learn you can do like interesting things you start controlling things in weird ways and it kind of escalates you're like wait a second there at the time there was no what we call like client-side security or client-side like integrity checking like the game files i had on my machine were unique to me you know like you would download them from you know the author at this time we were actually installing it from cd drives um and you just you know expected to not mess with that but nobody's stopping you you go and mess with the uh the player models for instance and you can like add a really large cross that goes like 10 feet above below and all sides to this per this person right so now you can see them running around a corner because you know this this post is sticking out them and you see them coming from the corner They don't know that, but it was a good, good approach.

Speaker 1 Or a lot of dark spaces, right? You can't really see people in the dark. You're like, cool, I'm going to add a fluorescent color to their skin.
And there they are, they're glowing in the dark, right?

Speaker 1 See-through walls, right? Like, you've got these textures that would go on the walls, and you know, they're opaque, but they don't have to be.

Speaker 1 You just set them to transparent, and suddenly you're seeing through the walls. And you know, that type of stuff was.

Speaker 1 I had more fun like figuring out how to do it than actually doing it.

Speaker 1 But that kind of just opened the door of like

Speaker 1 there's rules and there's expectations, but there's also not

Speaker 1 many people checking. Like,

Speaker 1 best way to kind of,

Speaker 1 God, I don't want to get like philosophy, get into philosophy here, but there's this kind of beautiful, I think it's Jacques Rancier who defines like police politics, right?

Speaker 1 As like, you got, you got a road, right?

Speaker 1 And it's painted. There's lines and everybody just obeys those, right? And he connects that back with politics of like, oh, you're told to vote and do all these things.

Speaker 1 It's like, okay, but like, what if you don't follow the paint on the road? What if you go off the road? What if you get really close to the edge?

Speaker 1 And most people are, they see those lines are going to get right in the center of the road because it's what you're supposed to do. It's like, what happens if you don't?

Speaker 1 That's, that's interesting to me. That's where weird things start to show up, like unintended designs, unintended powers and capabilities.

Speaker 1 just unintended failures, unexpected failures.

Speaker 1 It's really fascinating to play with that, play on the edges, see how close you can get. And And I guess now that you make me kind of

Speaker 1 say this, that's probably a good descriptor for how I think about a lot of things, like art, everything across the board is

Speaker 1 find the boundaries and what happens if you go on either side of it.

Speaker 7 Interesting. Interesting.

Speaker 7 Did you get involved in any of these like hacking type communities?

Speaker 1 Oh, yeah.

Speaker 1 So

Speaker 1 yeah, so like early, late, late 90s, more, more, early 2000s. There's a lot of online communities.
Some are big.

Speaker 1 I mean,

Speaker 1 I think the really big ones you would know of,

Speaker 1 that most people would know of are other, like 4chan and like something awful, right? Big places that had like the bigger names at the time. But there were also

Speaker 1 much smaller, like

Speaker 1 specific topics, water cooling, right?

Speaker 1 There was a water cooling, there was a bunch of them, but you know, there would be water cooling communities where people just share their techniques and stuff so they could all just improve upon it.

Speaker 1 And

Speaker 1 yeah, there were also hacking themed ones. So Bryce and Digital Gangster was one of those.

Speaker 1 That is one of the several communities I have

Speaker 1 known him from.

Speaker 1 And yeah, there's

Speaker 1 this was also at the time where online space and meat space

Speaker 1 were very separate, right? Like

Speaker 1 Like online dating, for instance. That was like, what?

Speaker 1 Now it's like, that's all the kids do these days.

Speaker 1 It's really weird.

Speaker 1 But I met my wife from one of those online communities.

Speaker 1 But

Speaker 1 eventually those worlds start to blend together when you spend more time in there and you're spending most of your time in there and just talking to these people.

Speaker 1 Eventually, I mean, it depends on the community. Maybe not so much like Digital Gangster, where it's like just raw crime happening is maybe not the

Speaker 1 best idea to meet up

Speaker 1 for many reasons. But, you know, certain lesser criminal communities

Speaker 1 meet up with people and those worlds start to blur together. And it's a little bit different than the, you know, 2024 is where it's just everything is just mixed together now.
Yeah.

Speaker 7 How'd you meet your wife?

Speaker 1 Yeah, I mean, so

Speaker 1 we posted on some of one of the communities out there. I think it was like from hardware over clocking.
Yeah, I can't remember exactly what it was, but

Speaker 1 we

Speaker 1 I moved out to California.

Speaker 1 That's its own story we can go into. But when I moved out, I think it was like the first week, I'm just like, hey, anybody in this community, like around, want to hang out? Show me around the town.

Speaker 1 And she was one of those people. It was like, yeah.

Speaker 1 And yeah, it just kind of grew from there.

Speaker 7 Is she a hacker too?

Speaker 1 Not a hacker per se. Gamer, photography, art.

Speaker 1 Cool. Yeah.

Speaker 7 How long have you guys been married?

Speaker 7 Sorry to put you on the spot with that one.

Speaker 1 What year is it anymore?

Speaker 1 I think it's 10, 14 years.

Speaker 1 It's 2009. 15 years?

Speaker 7 2009.

Speaker 1 14. Yeah, so almost 15.

Speaker 7 15 years.

Speaker 1 Yeah, it's crazy. Yeah.
I haven't known her since 2004.

Speaker 7 What do you think the secret to a successful marriage is?

Speaker 1 Oh my God.

Speaker 7 Bet you weren't expecting that one.

Speaker 1 No, I was not expecting that one. I'm going to have to think about that one, man.
I I don't know, man. Just,

Speaker 1 I guess I can connect this back with everything is just kind of understanding.

Speaker 1 I mean, humans are a mystery to me, but at the same time, there's so much complexity and it creates

Speaker 1 like a

Speaker 1 everybody's different. Like everybody wants to put everybody into a bucket.
Like there's, there's the us and there's the other, but like, dude, humans are messy and complicated and unique.

Speaker 1 And understanding that

Speaker 1 helps a lot with everything, whether it's being in a marriage or attacking somebody to get into a company. It's like, yeah, same thing, right?

Speaker 1 Like understanding, but, you know, very different motives and goals behind that. One is just truly understanding the person and working with them.

Speaker 1 And, you know, the other is kind of the inverse of that.

Speaker 7 Right on. Right on.

Speaker 7 Let's talk about, you know, some of the stuff that you did. Did you, what are some of the big hacks? Were you involved in any big hacks?

Speaker 1 Not like hands-on keeper. I'd like to watch those.

Speaker 1 So

Speaker 1 for most,

Speaker 1 most of my time, like any of the hacking stuff, that was me.

Speaker 1 I kind of viewed it as like entertainment. It wasn't like power, money, or anything like that for me.
It's just like, let's just have some fun, right?

Speaker 1 Yeah, you can mess around. Like, I would do stuff in like some of the communities as well.

Speaker 1 Like, I knew the people who would run the servers, so you know, you can mess around in there, and like what kind of stuff? I mean, okay, for instance, um,

Speaker 1 this I gotta remember all the complexities here, but uh,

Speaker 1 this community was like very liberal with like temporary bans and stuff like this. You know, I got myself banned, and I'm like, I can get around that, right?

Speaker 1 And then they could

Speaker 1 not get me banned in this in this environment because they had some add-ons that they were using for this this VBulletin uh I think it was VBulletin might have done PHP BBB um PHP BB

Speaker 1 anyway one of the large platforms at the time just had a lot of plugins that just gave me raw right access to the database effectively and you know I could post through that and you know they they had a lot of fun chasing me down in that situation I'm just like how are you still here so very you know light heighter lighthearted in that instance.

Speaker 1 You know,

Speaker 1 they were more interested in how it was done than like, oh, you're, you're breaking into my stuff. So,

Speaker 1 yeah.

Speaker 7 Right on, Brian. Well, let's move into

Speaker 7 because

Speaker 7 I don't know, you know, a whole lot about hacking. So,

Speaker 7 you know, I would love for you to expound on, you know, how you got into it, or not how you got into it, but some of the things that you just found fascinating that, that, that kept you going all the way up until building your own hardware.

Speaker 1 Yeah, definitely. And actually, you know, going back into the youth for a little bit,

Speaker 1 something probably important. I had a phase where I was really into magic, right?

Speaker 1 Sleight of hand, deception, that type of stuff. I think that was middle school, right? Actually, got my first taste of authority not being super ideal for me.

Speaker 1 Brought in a...

Speaker 1 fake cigarette to middle school, right? And it's the peak of the dare, dare situation, right? It looked perfect.

Speaker 1 Looked like it was actively lit and you blow on it and like, you know, talc, I think powder came out, but it looked like smoke.

Speaker 1 That got confiscated. We got, friend and I got pulled down to the principal's office.

Speaker 1 I don't know. I think I got suspended for not taking the situation seriously enough.
I'm like,

Speaker 1 how you can take this seriously?

Speaker 1 fake cigarette, but I think my friend pointed out, oh yeah, that's right. They brought on the cops to test it because some of the talc powder came out.
And they're like, that might be cocaine.

Speaker 1 and uh my my friend made probably an unhelpful comment of like that's not even how you would smoke cocaine on leaf

Speaker 1 but uh yeah um anyway

Speaker 1 sleight of hand you know that gets into like deception and the human aspect which is often forgotten a lot in in hacking people are like oh yeah it's just knowing computers really well Definitely a huge piece, but like

Speaker 1 it's people as well that have to be kind of like manipulated. You got to understand them.
You got to convince them to do things, which is the most common way of getting into so many systems.

Speaker 1 You say, hey, like, I'm from your IT department. Let me in.
And you got to know how to make that sound legit. And, you know, if somebody is like, I don't know, like,

Speaker 1 okay, let's do some urgency to like make them kind of panic a little bit where their decision making goes down and they're panicking and they're like, oh, I just got to do the thing or, you know, I might get fired.

Speaker 1 This bad thing is going to happen.

Speaker 1 Or, you know, there's, there's so many different like psychological triggers that come into play and create this misdirection interesting and you're like oh it's it's it's like sleight of hand for you know psychology right so you you push people into different directions and you get them to you know reveal their password or run an application on their computer that just gives you access to everything and that overlaps with the technical and the hardware and all these other things.

Speaker 1 And just, I guess being a generalist, now that you make me think about it, it just allows you to kind of glue all of those things together. And I guess, yeah,

Speaker 1 at the time before I officially got into like paid security, I always thought that was a weakness of like, oh, I've never specialized in anything.

Speaker 1 I just, I couldn't possibly keep up with people who did specialize. And that is true.
There's like every person I work with that specializes, they go so far into just absolute wizardry that amazes me.

Speaker 1 And I could never keep up because I just cannot sit down and focus and be like, I'm going to do this thing and that's all I'm going to do.

Speaker 1 And I get 80% of there and I want to go play with another thing. But yeah,

Speaker 1 it worked out. It's great for the entrepreneur type perspective as well.
We're going to take all the things, keeps you busy, right? Yeah.

Speaker 7 Yeah.

Speaker 7 Well, Mike, let's take a quick break. Yeah.
And when we come back, I want to get into some of the hardware that

Speaker 7 you've made. Yeah, absolutely.
And how that happened and who's using it, what governments, all that kind of good stuff.

Speaker 1 See what I can say.

Speaker 5 You maintain your gear so it lasts and your skin's no different. It's the first thing exposed to the elements every single day.

Speaker 5 Caldera Lab is built to help repair and protect your skin so you can look and feel your best every day.

Speaker 5 Caldera Lab creates high-performance skincare for men by combining cutting-edge science with powerful natural ingredients. It absorbs quickly with no greasy mess.

Speaker 5 You guys know I'm a stickler for clean ingredients and Caldera Lab really delivers on that.

Speaker 5 Each product is backed by science built for impact and thoughtfully formulated with safety and sustainability at the forefront. I know, I know.

Speaker 5 Guys don't have time for a skincare routine, but Caldera Lab makes it easy with four simple steps that actually work.

Speaker 5 There's the clean slate balancing cleanser, the eye serum that helps reduce dark circles and fine lines, the base layer that's a deep hydrating moisturizer, and then there's the good,

Speaker 5 a powerhouse serum that has over 3.4 million antioxidant units per drop to help reduce signs of aging. Take care of your skin like you take care of your gear.

Speaker 5 Go to calderalab.com slash SRS and use code SRS for 20% off your first order. That's calderalab.com SRS.
These statements and products have not been evaluated by the FDA.

Speaker 5 These products are not intended to diagnose, treat, cure, or prevent any disease or condition.

Speaker 5 My days don't slow down. Between work, the gym, and time with the kids, I need eyewear that can keep up with everything I've got going on.
And that's why I trust ROCA.

Speaker 5 I've tried plenty of shades before, but these stand out. They're built for performance without sacrificing style.
I've put them through it all, on the range, out on the water, and off-road.

Speaker 5 They don't quit. They're lightweight, stay locked in place, and are tough enough to handle whatever I throw at them.
And the best part, they don't just perform, they look incredible.

Speaker 5 Sleek, modern, and designed for people who expect more from their eyewear. No fluff, no gimmicks, just premium frames that deliver every single time.

Speaker 5 And that's why ROCA is what I grab when I'm heading out the door.

Speaker 5 Born in Austin, Texas, they're American designed with zero shortcuts, razor-sharp optics, no glare, and all-day comfort that doesn't quit.

Speaker 5 And if you need prescription lenses, they've got you covered with both sunglasses and eyeglasses. One brand, all your bases.
ROCA isn't just eyewear, it's confidence you you can wear every day.

Speaker 5 They're the real deal. Ready to upgrade your eyewear? Check them out for yourself at Roka.com and use code SRS for 20% off site-wide at checkout.
That's R-O-K-A.com.

Speaker 7 All right, Mike, we're back from the break. I missed a couple of things in our outline here, so I'm going to have you pick it up with,

Speaker 7 we're always going to start with 2,600, whatever the hell that means.

Speaker 1 Oh, yeah, yeah. So

Speaker 1 all the security stuff I was doing,

Speaker 1 the times I was, you know, doing help desk with stuff like that, security, for the most part, anything security connected was a hobby.

Speaker 1 So, you know, even the overclocking and water cooling, that was a hobby too. But yeah, 2600 is, you know, kind of a hackerzine.
I think they're quarterly.

Speaker 1 There's lots of people writing in to show, you know, tricks they've done, whether it's with payphones, you know, freaking, phone freaking.

Speaker 7 Wait, so what is 2600?

Speaker 1 It's a hackerzine, basically. You can, you can go

Speaker 1 yeah, like a little magazine. You can you can go to uh like Barnes and Nobles and get it.

Speaker 7 Um, okay, so yeah, wait, so what is it? Is it a book?

Speaker 1 Uh, it's just uh, I think it's quarterly where they will just publish a new set of like little like kind of articles written by different people that talk about how to hack something, how they hack something, uh, just cheats on systems, uh, just sometimes politics, just you know, hacker-minded stuff, right?

Speaker 7 Gotcha.

Speaker 1 It's pretty cool, but uh, that was also when I first got into that, you know, phone freaking and stuff was more popular then as well.

Speaker 7 What is that?

Speaker 1 Yeah, so that's that's hacking with phones, basically. So, this goes back way, way long ago.
Um,

Speaker 1 God, uh, I think the guy's name was Joy Bubbles, actually. Deaf guy, or sorry, not deaf, that wouldn't make any sense, blind.
Um, and he

Speaker 1 noticed that there were like tones on a phone when, you know, connecting to overseas and stuff. Like this is way back when, you know, you just, you had to pay long distance and stuff like that, right?

Speaker 1 Yeah. But phone calls cost a lot of money.
But he noticed they made like certain tones and stuff. So he, he had perfect pitch and he would just whistle them back.

Speaker 1 And then he noticed like the phone network would do stuff when you did that. So yeah,

Speaker 1 there's what we call inband signaling. When you can hear the signal, the other end, you know, there's the, like the switch panel of the phone networks hear these tones.

Speaker 1 And And it's like, you know, when you push

Speaker 1 numbers on the keypad and they make a tone, right? If you do it in a certain sequence, it's like, oh, it hears that. There's other tones that the keypad doesn't make that tell it to do other things.

Speaker 1 It's where the 2600 comes from, actually, 2600 hertz.

Speaker 1 I can't remember what that does.

Speaker 1 at the moment, but it would allow certain administrative type functions. And it's like routing around like, oh, you paid and now you can go long distance or something like that, right? No shit.

Speaker 1 So hold on, on, hold on.

Speaker 7 So, the so it actually has nothing to do with the keys that you're pushing, it has to do with the tone that they're programmed to make.

Speaker 1 Yeah, I mean, at least at the time, things have changed since then. But, yeah, it was just the tones.
You could literally whistle those tones or hum them or whatever.

Speaker 1 So, blue boxing was the other thing it's called.

Speaker 1 There's many boxes, many colors, but blue boxing just replicated that.

Speaker 1 You could literally quickly dial a number or whatever you wanted to do, do the administrative codes, play it right into the mouthpiece, and you would dial and do all these things um holy shit i pretty cool idea believe it or not that's how apple started um

Speaker 1 woz and jobs made some of their first money selling blue boxes and what is a blue box so it's it's the device that would allow you to more or less get free phone calls in the age of you know having to pay for long distance and stuff like go to a payphone just pull out your blue box hold it up to the uh mouthpiece press some buttons make it do what you want call whoever you want um

Speaker 1 It was illegal at the time.

Speaker 1 There was a magazine I got into by a guy named Captain Crunch at the time. He got that name because there is a whistle inside of the Cap and Crunch cereal

Speaker 1 that just happened to make that 2600 tone when you blow it. So he didn't have perfect pitch like Joy Bubbles did, but he had the whistle.
So you just

Speaker 1 blow that into the phone, then you open up certain access with Cracker Jack, or not Cracker Jack, but Cap and Crunch style toy,

Speaker 1 which is really cool. But yeah, you can electronically reproduce those sounds.
And that's what they were doing with the blue box. And there was like red boxes and rainbow box.

Speaker 1 There was so many different boxes that would do different things that people would figure out. And they would share that with each other.

Speaker 1 And yeah, it was technically criminal, but a lot of people did it at the time. And yeah,

Speaker 1 Woz and Jobs took that money and started apple with it so no kidding that's pretty cool i had no idea very cool and did what was i i i would love to meet that guy one time but he's a great example of like the the old school hacker that was way more about like mischief and just figuring out what things work um and not necessarily anything criminal so interesting great great example interesting so you were working at this at this magazine yeah no so i wasn't working there i was just enjoying it and there were uh a lot of a lot of

Speaker 1 different cities would have like meetups, like, hey, 2600 meetup. And you go and, you know, meet people that are into that stuff.
And really tiny where I was from. So I didn't really go anywhere.

Speaker 1 But that, that was cool. It would get you into just more like, hey, here's other ways of hacking that you didn't know about.

Speaker 1 And just gets you to think like, wait, if I can do that, if they did that, what... What else can you do? Like, let's play.
Like, it's just, it's all about exploration, experimentation.

Speaker 1 Like, what is this frontier too. Like, there's just unexplored space.
Like, what, what else can you do? And

Speaker 1 outside of 2600, there's like, there's all the tools that people knew of the early online days, like Sub7 or Netbus. What's that?

Speaker 1 Kind of like a software Trojan, more or less. Basically, you get somebody to run it or you run it on their computer.
And it gives you remote access, right?

Speaker 1 You can fully control those machines over the internet, right?

Speaker 1 open up their uh, the CD trays, close it up, just do all kinds of wonky stuff that can be for pranks or it could be criminal. Um, God, okay, there

Speaker 1 reminds me of one of the ways we used it. So, again, we, I was way more about just pranking and having fun.
Um,

Speaker 1 my friend, uh, in high school, her name was Heather. Uh,

Speaker 1 she

Speaker 1 was really into like

Speaker 1 just

Speaker 1 spiritual stuff. And like, you know, she thought like spirits were in her house and stuff like that.

Speaker 1 It was a phase, right?

Speaker 1 But a friend and I had that running on our computer and you could play noises the middle of the night and shit. And just like, it was terrible.
It was so bad. And, you know, the CD drives would open.

Speaker 1 She's like, you know,

Speaker 1 she was terrified at the time, but later on thought it was funny.

Speaker 1 But yeah, for an example, right? Like you can just have fun. You can play with people.
You don't, you don't have to actually straight up to crime.

Speaker 1 um crime crime does occasionally pay though so some people would get into that

Speaker 1 how would they use it um for criminal yeah um

Speaker 1 uh

Speaker 1 god this goes way back we're i mean we're talking like 20 over 25 years ago so i'm not 100 remembering this, but it would have been, you can do like file system modification, stuff like that.

Speaker 1 So you can get access to cookies,

Speaker 1 you know, that'll contain like login information you can just you know get into people's accounts send mail as them and like so you know spamming was a huge thing back then uh i mean this that's where bryce has gotten a lot of uh

Speaker 1 reputation from from those early days spamming um my my friend at the time uh paid for his first computer by spamming for a porn company actually which is funny because he's uh cashing a check sizable check for a porn company and he's like i don't know know, he's probably like 14 or something at the time, getting like weird eyes from the bank.

Speaker 1 So yeah, that happened. But

Speaker 1 what else? Yeah, I mean.

Speaker 7 Did you ever do any,

Speaker 7 did you ever do anything illegal that's past the statute of limitations?

Speaker 1 That you can share. So a common misunderstanding about the statute of limitations is it's not just about the time in which has passed since you committed the crime.

Speaker 1 Depends on the crime, but many times the clock starts from discovery. Interesting.
It's a common

Speaker 1 misconception

Speaker 1 that is good for a lot of hackers to realize.

Speaker 1 But

Speaker 1 I mean, I'm sure. So the CFAA's Computer Fraud and Abuse Act, literally any access to any electronic interface that is not explicitly allowed, that's a federal crime.

Speaker 1 So literally what I described, you know, getting onto my friend's computer,

Speaker 1 that's a federal crime, even though they're cool with it and all this stuff.

Speaker 7 Yeah. Gotcha.

Speaker 1 So, literally, any of those things can be heavily punished. Gotcha.
So, yeah, it's tricky, but

Speaker 7 well, let's get into your first job.

Speaker 1 Yeah. So,

Speaker 1 first job, IT.

Speaker 1 Again, like security was not really a huge thing

Speaker 1 for the most part. All that was side stuff, but you know, you still have to be conscious of secure design.

Speaker 1 My co-worker was kind of my mentor at the time. He

Speaker 1 was ex-DOD, ex-Navy,

Speaker 1 had a lot of fun stories, but also got me more into security. We actually did our first security presentation for the company kind of using some classics here.

Speaker 1 So the movie Sneakers, a lot of amazing movie still holds up today. If you haven't seen it, go watch Sneakers.

Speaker 1 It's it's awesome um but they did a lot of like physical security stuff like you know if the doors got the hinges on the inside you can kick it open it's on the outside you know then you got to do something different but um what else there's like the social engineering aspect where they wanted to get through like a front lobby attendant who had to like buzz them in so they had someone else come in with like

Speaker 1 I think it was like a delivery, like just creating a lot of stress. So one guy's like, yo, I got this delivery.
Other guy's like, hey, I got my cake and my balloons. Can you just ring me up?

Speaker 1 And it just goes and escalates until he's like, ah, just pushes the button and gets in. Right.
Of course, you know, he didn't have a cake or anything like that. The balloons were to cover the camera.

Speaker 1 And the cake was, I think it was like a briefcase of some hardware that he had to like infiltrate into the company that would go attack things, right? Great demo. We use that.

Speaker 1 Like, hey, here's some physical security things. Get you, get you to think about it.
And catch me if you can. Another thing where it's,

Speaker 1 you know, social engineering was used.

Speaker 1 And and believe it or not that uh movie based on frank abignal most of the stuff he said is actually made up it was like the con on the con

Speaker 1 but anyway uh yeah that was kind of a classic thing that still a lot of security presentations today will still use those anyway uh long story short kind of got me into the idea of educating on security instead of just playing and having fun and just the entertainment values like oh you got to actually teach people and like you know there's a responsibility here of like teach people how to not

Speaker 1 fall victim. Also did some like live password cracking.
Like back in the day, people were using real terrible passwords. So just adding some extra characters and stuff.
We were able to, you know, do

Speaker 1 password cracking just in the middle of this presentation of like, hey, this password you can get in 15 seconds. This one's going to take us 10 hours.

Speaker 7 In reality, that's. How do you begin to crack a password?

Speaker 1 Basically, I mean, there's a lot of different ways. The way we were doing it was just brute forcing, being able to have the ability to just retry like word sets, like common password sets.

Speaker 1 You can just get those.

Speaker 1 There's a lot of

Speaker 1 password lists, what we call them, that will,

Speaker 1 when you're going to brute force and you just want to try them, well, like, hey, we know these are the common passwords. We know these are passwords from leaked breaches.
Just shove them all together.

Speaker 1 Good chance somebody's reusing that somewhere.

Speaker 1 Good approach. There's cryptography and stuff, but.

Speaker 7 Do you use the password manager? Oh, yeah, definitely.

Speaker 1 Highly recommended.

Speaker 7 Which one?

Speaker 1 OnePassword's pretty good.

Speaker 1 There's different ones depending on what you need.

Speaker 7 Is Keeper any good?

Speaker 1 I haven't looked too heavily into that one.

Speaker 1 I know somebody who's very into

Speaker 1 that space that speaks fairly highly of one password, but it's been a while. So I wouldn't want to be like, yeah, this is the one because that space is always changing.

Speaker 7 What constitutes a good password?

Speaker 1 One that you don't know.

Speaker 7 So a password manager.

Speaker 1 Exactly. So if you don't know your password, it should be unique per site and it's long as hell.

Speaker 1 And that means you're going to have to use your password manager to autofill that or copy pay. However, you're going to do it.

Speaker 1 You're going to need the password manager to feed that back and log into the site.

Speaker 1 That combined with proper two-factor is going to secure so much. uh when it comes to you being compromised by social engineering and phishing okay that's good know.

Speaker 7 Yep. Let's move on.

Speaker 1 Yeah, yeah. So

Speaker 1 yeah, after that job,

Speaker 1 I was kind of born in Wisconsin. And my friend at the time, the one who made the money,

Speaker 1 spamming, he

Speaker 1 moved out to San Francisco a year earlier and worked for a company called Long Now. They're the ones doing the 10,000-year clock that a lot of people are associated with.

Speaker 1 I think Bezos is on there, but Stuart Brand.

Speaker 7 Hold on, what's the 10,000-year clock?

Speaker 1 Yeah, so it's this idea.

Speaker 1 I don't think they've built it yet, but still working on it. But the idea is that they're going to put a clock, like an analog clock, in a mountain that stays accurate for 10,000 years.

Speaker 1 It's really to get people to think really long term.

Speaker 1 What do you mean? Just like,

Speaker 1 who's really, you know, it's hard for people to think more, like, like even like one one election out of consequences, right? Yeah.

Speaker 1 Like four years, 10 years, maybe you think as far as your kids, okay, cool. Well, how about a thousand years? How about 10,000 years?

Speaker 1 Like it just changes how you think about the future and what you do, what matters, what doesn't. And

Speaker 1 it's kind of, it's almost like a thinking prompt for people. It's like, nobody does it, like start doing it.

Speaker 1 This was also, I think it was formed shortly after the Y2K bug, which was hilarious because, you know, computers started, a lot of the systems at the time were kind of birthed in the 70s.

Speaker 1 And, you know, they had two digits for the year, right? Like the last two. So, you know, 78, 79, you know, eventually what happens when you get to 99 and it rolls over to 0, 0.
Is that 1900?

Speaker 1 Is that 2000? Oh,

Speaker 1 neither did the computers, right? But people were only thinking, you know, a couple decades. That's enough.
Somebody's going to rewrite my software. No, no, it's not.

Speaker 1 No, we're still using that software today.

Speaker 1 So that's where the Y2K bug came from and it's like cool you needed to at least think you know thousand year scale so you can have four digits of space for your years that was that was the entire y2k bug but i believe the that was kind of around the same time that okay thousand years what about 10 000 it's probably where that came from so hold on they want to make a clock yeah that's accurate for 10 000 years and put it put it in a mountain yes basically the mountain i think is to keep it safe um

Speaker 1 They have to like keeping time for that period of time, like you can't use any other timekeeping system. Like, you know, the atomic clocks and stuff like that aren't accurate over that time span.

Speaker 1 So you have to account for

Speaker 1 like orbit variation, shift in the poles of the Earth, and all of these other things. Like they have a whole CAM system that readjusts.
the calibration of where that clock will be in X years

Speaker 1 over that span. It's absolutely crazy to like engineer with that in mind.
It's like,

Speaker 1 you don't, nobody thinks about like orbit variance over time of the Earth or the pulse shifting

Speaker 1 for the clocks they use. Like it's just not a factor, but

Speaker 1 what if you had to? I think it's really cool.

Speaker 1 Interesting. Yeah.
So yeah, my buddy got a job just doing system and for them and web development. And it's like, hey, if you want like a few weeks on my couch, go for it.
I'm like you know what

Speaker 1 i'm gonna take you up on that i'm gonna use that to just move out there i had no plan i just like i brought three no plan no plan i'm just like i'm just gonna do it and figure it out um

Speaker 1 which i guess is a very red team approach too it's like you you you can't plan anything you're just gonna

Speaker 1 move and figure out what's in your bag of tricks as you go um and work around the problems but yeah i'm like i'm gonna bring three suitcases uh i prioritized one of them uh was like my gaming system like i a whole suitcase was dedicated to just a computer.

Speaker 1 Like, I don't know what I was thinking, but yeah, that was

Speaker 1 30% of my

Speaker 1 luggage when I moved out. Stayed out of this cache for a bit, got some random odd jobs doing like audio QA testing and stuff like that just to make it.

Speaker 1 And eventually got into the game industry doing sysadmin, IT, help desk stuff.

Speaker 1 And it just kind of grew from there. And yeah, I stayed there for like, I don't know, 15 years in the game industry.
But on the side, being in San Francisco gave me a lot of unique perspectives.

Speaker 1 So first of all,

Speaker 1 Stuart Brand is kind of the guy that was running the show over at Long Now. Stuart Brand is one of the original people on like the hippie bus with like Timothy Leary and all this other stuff, right?

Speaker 1 They're doing runner, going around the country, doing the acid tests and stuff like that, but lots of just divergent thinking coming from that.

Speaker 1 And

Speaker 1 that was interesting just to kind of see like i didn't get that in wisconsin um

Speaker 1 this is also kind of where like you know the pc revolution came from that type of

Speaker 1 people right or just divergent thinking what can we do what mischief can be made all this this stuff uh the maker space uh maker fair was out there as well so this is just this is more like hands-on hardware hacking, not like security hacking, just like hobbyist hacking, like 3D printers.

Speaker 1 Let's just build some stuff. The kind of stuff you'd find at like Burning Man, right? Like the arts, where you start mixing all these things together.
That

Speaker 1 opened my eyes to just like different, different

Speaker 1 focuses and aesthetics. There's

Speaker 1 a really good point to kind of

Speaker 1 deviate here. Something called beam bots.
Actually, I'm going to pull up this laptop here to show you a picture because it makes way more sense when you see it.

Speaker 7 Beam bots.

Speaker 1 yes you're like what um

Speaker 1 so beam bots b e a m uh biology electronics aesthetics mechanics it's just a kind of a design philosophy around building little robots so

Speaker 1 i just kind of had to show it because it i don't know you're probably picking up a bit of an insect vibe from this i would assume right so

Speaker 1 It does a couple of things. First of all, there's no PCB on here.
It's just freeform soldering.

Speaker 1 And and all of these components there's nothing extra for the aesthetics it's it's all functional so on the back you've got a solar panel soaking up energy this like thorax here that that's that's holding the charge from it and then these this is really cool uh these are leds but leds when you shine light on them actually emit a little bit of energy on the lines

Speaker 1 like a reverse solar panel right they're inefficient solar panel but you can literally use them as eyes for this. So depending on what direction it's facing,

Speaker 1 one eye is going to see more light than the other. That's where the light source is coming from.
And there's a really tiny brain in the middle. It's literally four logic gates,

Speaker 1 which is tiny. Like your phone has millions of logic gates in it, right? Like a calculator,

Speaker 1 Mike Hable has hundreds of thousands of logic gates. This thing has got four, okay?

Speaker 7 What is a logic?

Speaker 1 So we we call it a logilate.

Speaker 7 Logic gate.

Speaker 1 So basically all computing comes down to the concept of

Speaker 1 binary on or off. Like think of it like a light switch, right? It's on or off.

Speaker 1 You can do math with that.

Speaker 1 Let's go through it real quick, actually.

Speaker 1 We got

Speaker 1 three light switches, right? Yeah.

Speaker 1 Got to think which direction we're going here. So

Speaker 1 we got

Speaker 1 one on, two off.

Speaker 1 That can give us a one. Turn them all off, that's a zero, right? Easy.
Now we put two in the picture. You turn two on, you basically double the last one.
So if two are on, that's going to be

Speaker 1 three.

Speaker 1 Basically, the first switch is the value of one or zero. The next one is two or zero.
And then the next one would be four or zero. Next one is eight or zero.

Speaker 7 That's binary math, right?

Speaker 1 Okay.

Speaker 1 And all decision-making can kind of be based on this. So in this sense, it's very analog, but basically, this will eventually fill up

Speaker 1 and have enough energy charged that these four logic gates are suddenly making a decision. Like,

Speaker 1 this side's filled. Which eye is sensing the most?

Speaker 1 Light. And at that point, it's going to fire the opposing leg.

Speaker 1 with all the energy it's gotten here to steer towards that. So you have this little bug-looking thing that walks, right? And it just constantly steers towards the light source.

Speaker 1 And to me, I thought that was really cool because A, it focuses on aesthetics, which is not super common.

Speaker 1 And B, it uses really cool hardware hacks, like I said with the lights here, that normally it's for emitting light, but no, you can reverse that and use it in an unintended way.

Speaker 1 And you can use really minimal logic to do what you want. And, you know, I've applied some of that to my cables as well.
Not this specifically, just the mindset of like,

Speaker 1 you don't need 10 things in this cable. You can strip it down to one if you're really creative.
Wow. That's how you, that's how you shrink things.

Speaker 1 So

Speaker 1 that's, that's kind of where that connects with, you know, like, hey, let's fake, let's focus on aesthetics, but also minimizing and just using things in unintended ways to get more out of it.

Speaker 1 So that was

Speaker 1 kind of a good

Speaker 1 point in which it kind of just opened my eyes to also soldering and electronics, but also the art of it and all that. So yeah, beanbots, that was a good pausing point for my

Speaker 1 many hobbies that I would pick up over time that eventually led into what would become the OMG cable.

Speaker 7 I know everybody out there has to be be

Speaker 7 just as frustrated as I am when it comes to the BS and the rhetoric that the mainstream media continuously tries to force feed us.

Speaker 7 And I also know how frustrating it can be to try to find some type of a reliable news source. It's getting really hard to find the truth and what's going on in the country and in the world.

Speaker 7 And so one thing we've done here at Sean Ryan Show is we are developing our newsletter.

Speaker 7 And the first contributor to the newsletter that that we have is a woman, former CIA Targeter. Some of you may know her as Sarah Adams, call sign super bad.

Speaker 7 She's made two different appearances here on the Sean Ryan show.

Speaker 7 And some of the stuff that she has uncovered and broke on this show is just absolutely mind-blowing. And so I've asked her if she would

Speaker 7 contribute to the newsletter and give us a weekly intelligence brief.

Speaker 7 This is going to be all things things terrorists: how terrorists are coming up through the southern border, how they're entering the country, how they're traveling, what these different terrorist organizations throughout the world are up to.

Speaker 7 And here's the best part: the newsletter is actually free. We're not going to spam you.

Speaker 7 It's about one newsletter a week, maybe two if we release two shows. The only other thing that's going to be in there besides the Intel brief is if we have a new product or something like that.
But,

Speaker 7 like I said, it's a free

Speaker 7 CIA intelligence brief. Sign up.
Links in the description or in the comments. We'll see you in the newsletter.

Speaker 7 Let's move into Defense Distributed.

Speaker 1 Yeah. So I think this was about 2013.

Speaker 1 So first Defense Distributed.

Speaker 1 It's the company behind the Liberator, which is a 3D printed gun, and also the Ghost Gunner, which is a mill, desktop mill, that you can mill out a lower receiver AR-15 platforms.

Speaker 1 It was the first commonly.

Speaker 7 You're the one that did that?

Speaker 1 I did not, no.

Speaker 1 So I got very interested in that.

Speaker 1 That was done by Cody Wilson.

Speaker 1 So

Speaker 1 let's crack that whole topic open a little bit more. So I think it was 2013.

Speaker 1 There was a lot of experimentation in like the 3D printing space with like firearms, right?

Speaker 1 Cody

Speaker 1 introduced it to the world. He basically inflicted this idea upon like the public psyche in like this amazing way that just caught my attention in a couple ways.
First,

Speaker 1 it's this approach of like, hey, we're going to give this to the world in a way that is irrevocable. Like going back to that, like the police politics concept I was mentioning, it's just like, okay.

Speaker 1 What if you create something

Speaker 1 that like there's voting voting and opinion having but you create something and put it in the world that nothing can change that at that point I just thought that was just amazing from like the political standpoint regardless of what topic or what what opinion you may or may not have on firearms the politics of it and the power of creation was amazing to me

Speaker 1 um and he did it with like a level of like art and bravado that was just

Speaker 1 like perfect for the delivery of this and And

Speaker 7 so what fast?

Speaker 7 So what you're saying is bringing something to the world that cannot be taken back, like

Speaker 1 Bitcoin. Yeah, great.
Another great example of like

Speaker 1 no opinion on that is going to change its existence. It exists.

Speaker 1 And

Speaker 1 like if you're thinking about like real politics and participating, like creation is one of the most powerful things you can do.

Speaker 1 And that's what I kind of learned from watching that. But yeah, I decided, like, hey, I want to know more what they're doing.

Speaker 1 And I've helped out with

Speaker 1 security and just computer stuff in general.

Speaker 1 Use what I had, like, hey, can I help?

Speaker 1 To a lot of different places, whether it's like Ninas Nails communities, just to get more insight of how the artistic process works there, or in the case of Cody,

Speaker 1 just helping out with the security of that, just to kind of, you know, see, see how they work. You know,

Speaker 1 a bunch of anarchists getting together, building a company and

Speaker 1 just

Speaker 1 just just the whole like fight that they were in it was very fascinating to me just to observe that and uh that kind of stuck with me both the creation the power of creation and the artistic approach they took to it uh that that

Speaker 1 was one of the things I kind of had in mind when I first created the the OMG cable. It's like, hey, at the time, I thought I was just going to open source this thing and put it out there.

Speaker 1 That ended up not making sense because it was really hard to make. You can't just DIY it.
But

Speaker 1 yeah,

Speaker 1 it was one of the motivators in my head at the time when I was first kind of putting it out into the world.

Speaker 1 So, yeah, one of the many things is just like, hey, this is a fixation. I want to know more and I'm just going to focus on it for a while.

Speaker 1 So, yeah, they're still doing their thing.

Speaker 1 Still mixing. So what did you do there? I just helped out with some security stuff.
Like I didn't have security stuff. Uh, network and IT, I mean, every company's got to have that, right?

Speaker 1 So, I'm like, hey, you know, you're probably a small shop, probably don't have the level of security and understanding and

Speaker 1 for your systems, but I don't know, maybe I can help. So, it just helped out and it allowed me to get more insight on how they run things and just

Speaker 1 more exposure to like how the artist works, right?

Speaker 1 Because that, that, uh, allows me to just just kind of figure out

Speaker 1 there's there's a lot of things i would experiment with but i never found like my medium right like as an artist right like i

Speaker 1 you know gotten to music you know i'm not not that great with music you know visual arts not that great i mean 3d printing is everywhere now yeah you know and so you were at the forefront of this you were on the i mean i so i wasn't doing anything besides like the security for them it's just just kind of uh even if i didn't do any work for them just that just being a small part of it.

Speaker 1 Yeah, exactly. But even just seeing it happen would have been enough for me

Speaker 1 to

Speaker 1 kind of kickstart some things.

Speaker 7 It's another thing. How did that come across your radar?

Speaker 1 I mean, it was everywhere at the time. It was like in Wired and all these other places.
Like

Speaker 1 3D printed gun, you know, firing. Like, it's.

Speaker 1 Everyone can print a gun now, like, regardless of laws.

Speaker 1 And that's, you know, that was kind of the

Speaker 1 message going around in the press.

Speaker 1 This was also kind of another pivotal time

Speaker 1 when

Speaker 1 the NSA Ant Catalog. So Snowden happened around the same time.

Speaker 1 This is often incorrectly misattributed to him, but there were a lot of leaks that happened around that time, both with and without Snowden, that kind of opened my eyes to the level of games.

Speaker 1 and just technology happening in computing.

Speaker 1 Yeah, I mean, I already knew a decent amount of it, but the ant catalog, oh, man, that had, it was just like, you know, when you're growing up and there's like the spy tools in the back of the magazine, you know, disappearing ink and,

Speaker 1 you know, all those things. This was like that on crack, dude.
It was like, they, they had a malicious cable in there.

Speaker 1 Uh, this,

Speaker 1 when was it?

Speaker 1 It was leaked in 2013.

Speaker 1 The catalog was

Speaker 1 dated 2008 and they were announcing in 2009 they would have these cotton mouth cables available for you know purchase to their ecosystem of you know whoever they sell to in the NSA um

Speaker 1 the price on those I think it was a minimum order quantity of 50

Speaker 1 with a $20,000 per cable price tag it's like wow amazing but you know had all these electronics inside a radio inside and

Speaker 1 that that was cool um and actually, yeah, pull this up again

Speaker 1 so

Speaker 1 uh, cotton mouth. That's this, this is the page out of the catalog where it shows uh really chunky cable, like really,

Speaker 1 really thick hood, but they sandwich a whole bunch of different PCBs and inside of this thing. And you know, that stuck in my head, obviously.

Speaker 1 Um,

Speaker 1 so what does that do they weren't super specific about the exact capabilities but you know it had a radio it had some ability to manipulate usb i i mean i would based on all of my reading in here it's the the latest generation omg cable is basically a dead match to its capabilities um from what can be deciphered from this page so all the way down to like covert exfiltration and stuff like that.

Speaker 7 What were they using it for?

Speaker 1 That's a good question.

Speaker 7 What's the thing? What does she say?

Speaker 1 It doesn't, it just, it just, it's more of a capabilities thing, like getting through and breaking security effectively.

Speaker 1 So I, I mean, I would imagine this gets implanted into spaces that are higher security. Like, you know, if you can't just walk in and do stuff or

Speaker 1 If you can't do the easy things, you're going to start having to use these types of tools to get into a place, have somebody plant a cable, and then you've got remote access.

Speaker 1 There were a lot of other tools in this space.

Speaker 1 Like

Speaker 1 implanted video cables that you would implant on a monitor so you could remotely read what's being displayed on the monitor.

Speaker 1 Lots of cool tricks like that.

Speaker 1 Some were long range, some were short range, but all kinds of crazy spy gear that would allow

Speaker 1 impressive capabilities that very few people in the

Speaker 1 private civilian space even consider defending against.

Speaker 7 Interesting. Yeah.
So what is the AND catalog?

Speaker 1 Yeah, I forget

Speaker 1 if there was ever a mention of what ANT stands for, but it was just this leaked catalog with all of the different

Speaker 7 catalog.

Speaker 1 Yeah, somebody leaked it.

Speaker 1 A lot of people say it was from Snowden, but like if you actually trace it back, it wasn't. It was never at least attributed to Snowden.

Speaker 1 Yeah, that just came out, and you get to look at the amazing spy gear that is out there.

Speaker 7 What's some other stuff that caught your eye?

Speaker 1 Definitely those video cables. I'm trying to remember all the different things.
We can pull it up, actually.

Speaker 1 But

Speaker 1 yeah, you want to pull it up right now? I can pull it up on the internet. Pull it up.
Sweet.

Speaker 1 All right, cool. So, yeah, let's go through just a few of the pages of the catalog.
I haven't done this in a while, so

Speaker 1 rusty. But yeah, so let's look at just the hardware stuff.
We got,

Speaker 1 let's see, what is this? This is a short to medium range implant for RF transceiver.

Speaker 1 This is a component that adds RF to one of the other pieces they have in here, which they call a digital core,

Speaker 1 to provide a complete implant. So it's kind of like a customizable build your own.
What kind of implant do you need? put this into various pieces of hardware. There's actually, I think it's over here,

Speaker 1 here's kind of another implant. They call this the Flux Rabbit.
It's a hardware implant designed specifically for Dell PowerEdge servers, like a specific one

Speaker 1 hooks to,

Speaker 1 it's called a JTAG debugging interface. Basically, a lot of hardware has like a debugging interface.
If you get access to that electrically, you can do a whole bunch of stuff.

Speaker 1 You You can implant things at a really low level on that machine that gives you all kinds of access, right? It gives you lots of data. So if you've got

Speaker 1 an implant that goes into there and hooks up to it, you've got like permanent access.

Speaker 1 Similar to I was describing with the USB cable with that covert exfiltration mechanism.

Speaker 1 But this is baked into the machine. So I would imagine the way this happens is during mailing interdiction.
so you know dell ships a server over to the customer right and

Speaker 1 our government knows this is happening they grab it in the mail crack it open put one of these inside close it back up send it off to the intended target and uh now they've got long-term access inside there even if they wipe everything

Speaker 1 like down to the hard drives put new hard drives in you can still get right back in they would have to crack everything open and look at all the hardware to find this type of stuff really cool really cool types of hint plants wow and there's no way to know that i mean there are ways

Speaker 1 yeah

Speaker 1 yeah uh you got to know what you're looking for basically do you worry about that stuff at all i mean

Speaker 1 uh

Speaker 1 it depends like i i me personally no um i know the types of targets that this is destined for and like you know i i i'm not one of those targets what kind of targets is that i mean well i mean the Israeli pager situation.

Speaker 1 Great example of like,

Speaker 1 do I worry about my pager exploding? Like, I'm not Hezbollah, so no, I'm not worried.

Speaker 1 Just for example, just to put a very

Speaker 1 pointed, like

Speaker 1 answer to a very current topic, for instance, right? Now, there are certainly lots of gray area. We've seen lots of gray area where it's like, wait, you're doing surveillance on U.S.
citizens.

Speaker 1 And, like,

Speaker 1 that

Speaker 1 generally isn't happening like with hardware implants and stuff like that that's access to telcos

Speaker 1 um

Speaker 1 internet providers and yeah that's

Speaker 1 i i operate very openly so it's not you know i'm i'm i'm

Speaker 1 i'm a little less concerned but i it's more of a political and philosophical like you know when nobody's got privacy it changes society in ways that aren't very good that's where i'm more worried how often do you think the u.s was used on this on its own citizens i mean this specifically like i would suspect these types of things um

Speaker 1 well hardware implants let's go with hardware i i don't know how often hardware implants would be used that tends to be super targeted like and super targeted also generally i would assume i would hope means significant more legislative kind of not legislative legal oversight where you know you're getting the warrants and all these other things whereas these really wide net things, which hardware is much harder to make wide net, wide nets where you can collect all the things because you've got access to

Speaker 1 telco, phone, internet type providers, and you're just slurping everything up. Yeah, everybody would then be pulled into that.
That's the kind of stuff that Snowden showed, right?

Speaker 1 That's a different story. That's that's

Speaker 1 everybody's get pulled into that one way or the other

Speaker 1 type problems that occur.

Speaker 1 So

Speaker 1 do you have to worry about people breaking into your network and just causing problems in your life?

Speaker 1 That's a complicated topic. It's more privacy invasion at that point.
And it's like, yeah,

Speaker 1 what are we worrying about? Are we worrying about our personal safety, our personal freedoms,

Speaker 1 society as a whole and the health of it? If they, you know, and a free press. Like it's, yeah, it's, it's a very large, complicated topic.

Speaker 7 Do you think China's putting this stuff into the electronics electronics that we're buying from them?

Speaker 1 I mean, not like in the sense of like consumer levels. I mean, it depends, right? Like.

Speaker 7 Could it be accessed from that far away?

Speaker 1 If they wanted to, anyone, if anybody wanted to do that, yes. But the thing is, doing it to just like off-the-shelf consumer stuff is a lot harder to do in terms of hardware implants.

Speaker 1 If you wanted to do it that way, that's where we get more into the software level, like software backdoors, which we've seen in things like cryptography, right?

Speaker 1 You know, it's posited that a lot of

Speaker 1 cryptography backdoors were put in by cooperation with like the NSA, for example.

Speaker 1 I'm a little rusty on this stuff, but basically that becomes very valuable when you're slurping up all the internet data and a lot of that's encrypted.

Speaker 1 But if you know how to quickly break the encryption, well, no, you can see the contents. And that's where that comes in.
And yeah, it's

Speaker 7 i mean a lot of people say that that kind of hardware is uh

Speaker 7 installed into our power grid

Speaker 1 um

Speaker 1 depends i would say well god uh i have forgotten i think i think china makes a lot of our like power transceivers and stuff but make a ton of it i honestly from what i've seen and

Speaker 1 the people I talk to that work in all this stuff, I don't think physical amplitudes are quite needed. Like it's things are just not secure remotely, like externally.
Like if you, you know, want to

Speaker 1 literally, I think it was yesterday, maybe. I don't know.
It's something that news that has come over the last few weeks where our own government is saying everyone,

Speaker 1 I think it was actually to their own government employees to use signal.

Speaker 1 use iMessage, use encrypted chat, do not use text messages, because China has, they're just in all of the telco systems right now which means they would be able to read the text messages right they didn't need hardware implants that I know of to do this maybe they did that to get in

Speaker 1 but now they're in that system right like they're I've I mean I've

Speaker 1 helped uh in environments that a foreign adversary had gotten into and it took a bunch of time to evict them and find where they are I was done all remotely right like there's a lot of this stuff doesn't require like the James Bond type hardware to get in.

Speaker 1 And interesting. Yeah, that's that's a tricky topic.
Interesting.

Speaker 7 Do you worry about it?

Speaker 1 I mean, there's so many things to worry about, though.

Speaker 1 Like, yes, kind of.

Speaker 1 There's once you've seen enough like horror shows, though, you're like, oh, wow, everything's just broken. And

Speaker 1 society as a whole, it's amazing that it operates. Just the levels of trust.
Like one person is all it takes with enough well-placed like damage.

Speaker 1 And whether it's security or just electrical power grids, all these things, there's all of it can just tip over, right? With just enough of a push.

Speaker 1 And like everything's that way. It's not just security.

Speaker 1 Yeah, so I don't know. I kind of just lump it all together of like,

Speaker 1 this is a really good experiment for humanity. I mean, humans have been what on this planet for some say 300,000 years, right? Like, we're living in the best time.

Speaker 1 There's, like, I don't think there's a single person alive today who would be like, yeah, bring me back at random

Speaker 1 more than 100 years ago.

Speaker 1 Sign me up. Like, that's, that's, that's not a good, uh, the odds are not good, right?

Speaker 1 Like, we're the most comfortable we've been, most well-off on average across the earth in this last hundred years. And it's a good experiment and things are volatile.

Speaker 1 I mean, that's kind of the consequence of freedom too, right? Like it's

Speaker 1 the people gotta gotta maintain it.

Speaker 7 What text messaging app do you use? Do you use?

Speaker 1 I like Signal. Signal is great.

Speaker 7 You know, there's a lot of rumors that the CIA created Signal.

Speaker 1 I'm sure they did. I mean, so

Speaker 1 I think they helped fund it, actually, but they helped fund a lot of things, our government, in many ways. But I mean, Signal is an amazing tool if you're an agent as well.

Speaker 1 Like you're going to be overseas in hostile environments and you need to communicate. How are you going to do that securely?

Speaker 1 Are you going to use a secure tool that stands out like a giant red flag because nobody else is using it? Probably not the greatest thing. It's like, hi, I'm an agent.

Speaker 1 I don't know what you're saying, but there's an agent right there, right? Like.

Speaker 1 I mean, obviously there's answers to that and stuff, but it's valuable as like, oh, that's just the tool everybody uses. Signal.
Everybody's got that, right? Like that's that's valuable. Um,

Speaker 1 you know, obviously, there's always trade-offs, right? It's like it can be used for bad, it can be used for good, and you know, who's bad and who's good and whose perspectives.

Speaker 1 Yeah, right.

Speaker 7 I mean, that's how we communicate via signal. Yeah, yeah, exactly.
Is that how you communicate with everybody?

Speaker 1 A lot of people, yeah. I mean, I will meet them where they're at, right?

Speaker 1 Like, my manufacturers and stuff don't use Signal. Um, they've got different governments over them and things like that.
That uh,

Speaker 1 yeah, it's it's interesting.

Speaker 1 So, yeah, whatever, whatever you use, I'll meet you there. But contextual, contextually, it matters.
Like, okay, I'm on this platform, which can be seen by these adversaries. Cool.

Speaker 1 Um, noted, I'll make sure I keep that in mind, which is kind of the

Speaker 1 whole point of like the psychology when you know you're being watched changes how you behave in ways that can be negative. Um,

Speaker 1 like, what's you know, if you're always being watched by somebody, what, what does that make you? How does that make you behave? So,

Speaker 7 yeah,

Speaker 1 so yeah, yeah, I mean, there's there's lots of other cool things in this catalog, like uh

Speaker 1 oh, reptile reflectors. So, this is for picking up uh

Speaker 1 audio, this is standard audio bugs, right? Like, you know, spying on what's happening in the room.

Speaker 1 Uh, what else we got?

Speaker 1 Uh, lots of um cellular-based stuff.

Speaker 1 Now, this is like 10 years old at this point, so a lot of this stuff is well known. Really tiny implant.
So, this is this

Speaker 1 is like a probably a VGA cable here, or like an older monitor,

Speaker 1 which made more sense back in 2008.

Speaker 1 Really tiny implant into that cable tapped to one of the color signals,

Speaker 1 and it would allow somebody to kind of energize it with like a radio pointed at it, more or less, and then receive the signal bouncing back with the

Speaker 1 video signal encoded in the bounce. So then you'd be able to see what's on their screen.

Speaker 7 Wow.

Speaker 1 Really cool stuff, right?

Speaker 7 What do you think was in the spy balloon that was traversing the I don't know?

Speaker 1 I haven't studied those well enough, but I mean, there's a lot of amateurs that just do that. Like it's, they'll just set up a balloon and

Speaker 1 it's kind of like the ham radio space kind of in a way where they're just like, oh, you know, we can track it. And there it goes.
It goes around.

Speaker 7 Let me rephrase that question. What could have been? What could it have been?

Speaker 1 I mean,

Speaker 1 I don't, I don't know, man. There's, that, that's probably outside of my skill set and awareness and research, but I mean, it could be used like a balloon.
I mean, I'd probably...

Speaker 1 probably be using a drone more uh because the problem with balloons is that they're much more higher altitude which causes problems for a lot of electronic circuitry because it gets really cold and stops functioning.

Speaker 1 Also, you know, you've got power that you got to deal with. So the best you can get is battery.
That's not going to, batteries also start to fail at that, that level of cold, right?

Speaker 1 So you need special batteries, something to keep it warm, which means more energy. So you're getting from solar power, probably.
This is really low power stuff, right? Like

Speaker 1 I don't know.

Speaker 1 Maybe just the value of how does someone respond to putting something in their awareness, which is absolutely a thing, right? How does someone respond?

Speaker 1 Which I don't know, similar to the drones that are popping up. And I'm just like, I don't know where that's coming from.

Speaker 1 Jersey had one recently, but there's lots of like drones in the sky. I'm like, I don't know what that is, but I would love to find out.
And

Speaker 1 is it collecting data or is it just seeing how people respond to? unknown, unreported drones in the sky. Yeah.

Speaker 1 For, you know, tactical knowledge in the future.

Speaker 7 All right, Mike, let's get into some of the stuff that you make. I know you have have exploding hard drives.
You got the OMG cable.

Speaker 7 You're making all kinds of just crazy wazoo wizardry gadgets that I am just fascinated with. And so where did this kind of start? Did it start with the exploding hard drive, USB drives?

Speaker 1 Yeah, I mean, kind of. Like I had always been tinkering with things like those beam bots, right?

Speaker 1 But

Speaker 1 Yeah, so I think it was on Twitter or something. I saw just a picture of somebody with a USB drive.
The shell was open and there's just like a firecracker sitting inside of it.

Speaker 1 No idea if it worked or not, but I'm just like, everybody has like the same visceral response to seeing that. Like, oh shit, it's loading thunder.

Speaker 1 And I'm like, you know what'd be cool? Is if it was worse.

Speaker 1 So

Speaker 1 USB rubber ducky. Got to explain what that is first for this to make sense.

Speaker 1 My now business partner, Hack5, kind of invented the USB rubber ducky, I don't know, like 15 years ago now, something like that.

Speaker 1 It does the same basic keystroke injection that I had demoed with the cable, right?

Speaker 1 Where you plug it in, it types something really fast, whatever you want to control a computer or whatever you want, right?

Speaker 1 I wanted one of those that also exploded. So first thing I had to do is if you open up a rubber ducky, there's not much space in there.
It's all electronics.

Speaker 1 I'm like, okay, how can I shrink this really tiny so I have space for something that goes boom? So I spent a lot of time playing with that, right? Now, I didn't recreate a rubber ducky exactly.

Speaker 1 Like it's a really, really limited version, like a few hundred keystrokes, really slow, done, right? That's it. Really hard to use, but it was tiny.

Speaker 1 And I shrunk it and shrunk it, shrunk it, shrunk it. And it's just, I don't know, I think it was like eight by 10 millimeters when I was done, like

Speaker 1 a pill basically. That left the rest of the thumb drive empty that I could hook up with a little mini detonator and some maybe maybe a firecracker two and a bunch of confetti and i rig this up

Speaker 1 to a keystroke injection payload that opens a browser to an animation of uh jack in the box and he's cranking it right on the screen except it goes for an awkwardly long amount of time to build up tension

Speaker 7 and it's going it's going that's what shows up on the screen uh-huh

Speaker 1 so you're watching that

Speaker 1 and then

Speaker 1 pop

Speaker 1 the drive blows up, confetti goes everywhere. And I'm like, yeah, that was cool.
I just viewed that as fun. Yeah.
Another type of art or something like that. Put it out on the internet.

Speaker 1 And it was like, that's crazy. A lot of people asked me to sell that.
Now,

Speaker 1 no, that's a terrible idea for so many reasons, liability, etc.

Speaker 1 When you put something into the world that can be used negatively, it's always worth gaming out. Like,

Speaker 1 how bad can it go and can you prevent some of it?

Speaker 1 Which I've done a lot with the cable. But in this case, it was just something I wanted to put out there.
But now at that point, I had a really tiny ducky, right, that I could,

Speaker 1 well, maybe I could put it in other things. And eventually, I got the idea probably in like doing my IT job, looking on Amazon for spare parts for hardware and stuff.
I noticed there were

Speaker 1 like USB cable repair ends and boots. I'm like, wait, what? You can

Speaker 1 just get those? You know, at the time, I didn't know much about manufacturing, right?

Speaker 1 Got some of those and realized there was enough space in them for the cables and this really tiny, you know,

Speaker 1 fake ducky, right? Shove it in there and I get the very first proof of concept of a malicious USB cable.

Speaker 1 Yeah, I put that out. And, you know, I already told the story about that one where, you know, it gets out there and a lot of people like it.
And then a lot of people wanted it.

Speaker 1 I think almost a year goes by before I'm like, you know what? I could make that way better. Like, that's, that was a toy.
Like, this is like a cool gimmick to show like a very basic prank.

Speaker 1 Barely even worked for that. What would a proper tool look like? And

Speaker 1 I was getting way more into like the concept of I want to do red teaming as well. So I'm combining those things.

Speaker 1 And

Speaker 1 yeah, I was like, okay, well, I need Wi-Fi, I need remote control to update payloads after it's already in play. Because the idea is you can either deploy a cable, like physically get inside or

Speaker 1 you could just leave it in somebody's bag uh leave it just leave it around and eventually you know people are gonna take a cable sometimes and they'll bring it in with them yeah to the secure space you're like cool I didn't have to even go in great

Speaker 1 which creates some interesting legal problems which we can get into that I've also solved

Speaker 1 but uh that yeah that kind of is just how it kept evolving and then at that point it's like okay this is a real tool at the time I was thinking I should do this in a way that I just make it open source and everyone could make their own.

Speaker 7 Are we still talking about the USB?

Speaker 1 Yeah, the USB cable. Okay.
And that's,

Speaker 1 I

Speaker 1 thought about that, right? Like, I was prototyping this cable, this new one, like

Speaker 1 on a desktop mill for cutting PCBs, right? Like, I was pushing the limits on this machine where you can mill a PCB. So the PCB, actually, I got a little problem with this.

Speaker 1 so a pcb like here is here's a complete product this is a raspberry pi right when i say pcb i'm talking about just the green part here okay that's just it's basically a fiberglass and epoxy with a thin layer of copper on it that gets turned into traces and it connects all of these components these like the black thing there that's a component and all all the little things you see on there they're soldered on that's components with copper traces connecting them together electrically, right?

Speaker 1 Oh, good.

Speaker 1 So I used a mill to kind of cut out the

Speaker 1 copper traces.

Speaker 1 And I would assemble in

Speaker 1 my garage lots of different test versions of what this cable could look like. And I got the idea,

Speaker 1 kind of going back to the defense distributed concept

Speaker 1 where, oh, open sources,

Speaker 1 people can make it on a desktop mill, go that direction.

Speaker 1 What I learned over the

Speaker 1 A,

Speaker 1 12 months months of revising and revising is it's really hard to do this. Like DIY was just not in the cards.
Like nobody was going to be able to do this.

Speaker 1 I'm like, okay, well, let's throw out the DIY. I can just turn up the complexity.
There's

Speaker 1 PCBs with two layers, like copper on each side, right? That's the common one. Those are, I can make those in my garage, but okay, what if I want eight layers or something like that?

Speaker 1 That, like, that gets really expensive. We're talking every time I want to do a run of an eight-layer PCB, six-layer PCB is like a minimum of a thousand dollars.
Okay.

Speaker 1 Like, I have to send that off to a factory. They're using lasers and all kinds of crazy x-ray inspection stuff to do this.
So I'm like, okay, if I can use that,

Speaker 1 how far can I go? And that kind of is how I evolved into making a more and more and more complex cable that is like the latest generation OMG cable. It does all of these different things.

Speaker 1 And

Speaker 1 yeah.

Speaker 7 Very interesting. Very interesting.

Speaker 1 So

Speaker 7 how did you go? So you went from the exploding USB

Speaker 7 to the to the, what do you call it? What do you call the USB?

Speaker 1 The exploding USB?

Speaker 7 The other one.

Speaker 1 The OMG cable?

Speaker 7 Yes.

Speaker 1 Yeah.

Speaker 7 I just OMG cable. But there was a hard drive.
There was a USB cable that did what the OM.

Speaker 1 Oh, yeah. So I guess I just kind of call it like early prototype tests.

Speaker 1 uh I was I was referring into it kind of at the time as like bad usb cable which is not an accurate description it was more of a nod to some uh research at the time that was called bad usb that's where you would take an actual thumb drive there's a spec there's a few old old thumb drives that you could take and reprogram the controller on it and actually do keystroke injection among many other things it could it was also a worm that would replicate to other thumb drives you would plug in cool concept but what was the first product you took to market?

Speaker 1 OMG cable, definitely.

Speaker 7 The OMG cable.

Speaker 1 So here's the thing: I was making a lot of these things for personal use, but I would also kind of sell them to friends and stuff. It's kind of like the back alleys of DEF CON type situation.

Speaker 1 I wasn't advertising this, but it's like, if you know me, I know you.

Speaker 7 I'll give you some of these things.

Speaker 1 Gotcha.

Speaker 1 But it became clear, like, I had to start scaling up like the first batch of prototype omg cables i think it was uh 2019 i brought as many as i could they they took me

Speaker 1 it was like eight or 16 hours per cable

Speaker 1 and 50 of them were failures because like that that which is terrible like when you make something uh like an electronic product usually you get like 95 99 yields which means you know one to five percent are failures that you throw away uh these things were so hard to self-assemble that I was throwing away 50% of what I made.

Speaker 1 So that automatically doubles the amount of time invested to make a cable. So, you know, I'm doing like 16-ish hours per cable to make them.

Speaker 7 Wow. Like that's 16 hours of cable.

Speaker 1 Silly. So, yeah, I was kind of hitting my limit of like what I could accomplish with the time I had.
And it's like, you know what?

Speaker 1 I need to learn how to like delegate this outsource manufacturing assembly.

Speaker 1 Because I was also doing this like hand placing things.

Speaker 1 You go to an assembler.

Speaker 1 So there's a couple steps here. So I'm going to run you through basically the manufacturing pipeline that I slowly learned is important here.
But first, Hack5.

Speaker 1 It's really important to mention Hack 5 here. So USB rubber ducky already mentioned, you know, that's Darren.
Darren Kitchen is the founder of Hack 5.

Speaker 1 He, you know, that was his, his baby invented about 15 years ago. He's got so many other things like the the Land Turtle, the Wi-Fi pineapple, just packaging.

Speaker 1 They're similar to the ANCA.

Speaker 1 Exactly, right? So all of these are different kind of like hardware implants or hardware tools for

Speaker 1 they're multi-purpose, but often used for offensive security.

Speaker 1 So like the Land Turtle is like a network implant that can control a computer, but also like sniff up network data or just do malicious network stuff.

Speaker 1 What else? Wi-Fi pineapple. This is a little box with antennas on it that allows you to do network attacks, right? Really cool stuff.

Speaker 1 Network what? Network-based, so Wi-Fi attacks. Like you break into Wi-Fi.

Speaker 1 They call him like man in the middle concept.

Speaker 1 I like to refer to it as mischief in the middle.

Speaker 1 But

Speaker 1 basically,

Speaker 1 you know, you've got your device here and like the wireless access point here, right? They're talking, but you bring in a Wi-Fi pineapple and it can kind of intercept in between the two.

Speaker 1 There's so many different ways you can do this. There's no one single way.
It's lots of Wi-Fi based tooling. Another example, it's not so much relevant these days, but

Speaker 1 you know, when you connect to like your free Wi-Fi access points, coffee shops and stuff, your phone remembers that. Typically, you've told it to remember that usually.

Speaker 1 So next time your range is going to automatically connect, right?

Speaker 1 the wi-fi pineapple for instance can say guess what i'm that wi-fi too right so if i pull up one right here and put it next to you or just anywhere you know you happen to be your phone's gonna be like oh that that i know that wi-fi let me connect to it right so that type of stuff um there's just so many different attacks that i i couldn't possibly run through all of them um but that just as an example like there's so many different approaches to security like we we think about computers and you're like plug in usb in but yeah yeah, there's other things.

Speaker 1 There's the network, there's the wireless,

Speaker 1 there's near field communication with like badges and things like that. Totally, totally different tools, totally different specialties and focuses.
Like the

Speaker 1 badge readers, you don't think of as computer security for the most part. It's just building access, right? But that's all one whole thing.

Speaker 7 Interesting.

Speaker 1 You're doing proper complete security awareness and testing.

Speaker 7 Well, let's take a quick break. Yeah.
When we we come back, I want to get into what is the actual OMG cable.

Speaker 1 Oh, yeah, good point. Perfect.

Speaker 5 For 10 years, Patriot Mobile has been America's only Christian conservative wireless provider, and they stand by their values.

Speaker 5 Patriot Mobile has been a great supporter of this show, which is why I'm proud to partner with them.

Speaker 5 Patriot Mobile offers dependable nationwide coverage, giving you the ability to access all three major networks, which means you get the same coverage coverage you've been accustomed to without the compromise.

Speaker 5 When you switch to Patriot Mobile, you're choosing more than a wireless provider. You're supporting a company that stands for American values and that proudly honors our veterans and first responders.

Speaker 5 Their 100% U.S.-based customer service team makes switching easy. Keep your number, keep your phone, or upgrade.
Their team will help you find the best plan for your needs.

Speaker 5 Just go to patriotmobile.com slash SRS or call 972 Patriot. Get free activation when you use the offer code SRS.
Make the switch today. PatriotMobile.com slash SRS.

Speaker 5 That's patriotmobile.com slash SRS or call 972 Patriot.

Speaker 2 Tito's handmade vodka is America's favorite vodka for a reason.

Speaker 2 From the first legal distillery in Texas, Tito's is six times distilled till it's just right and naturally gluten-free, making it a high-quality spirit that mixes with just about anything.

Speaker 2 From the smoothest martinis to the best Bloody Mary's. Tito's is known for giving back, teaming up with non-profits to serve its communities and do good for dogs.

Speaker 2 Make your next cocktail with Tito's, distilled and bottled by Fifth Generation Inc., Austin, Texas, 40% alcohol by volume, savor responsibly.

Speaker 2 Chronic spontaneous urticaria, or chronic hives with no known cause. It's so unpredictable.
It's like playing pinball.

Speaker 2 Itchy red bumps start on my arm, then my back,

Speaker 2 sometimes my legs. Hives come out of nowhere

Speaker 2 and it comes and goes. But I just found out about a treatment option at treatmyhives.com.
Take that, chronic hives. Learn more at treatmyhives.com.

Speaker 7 All right, Mike, we're back from the break.

Speaker 7 We're talking about the OMG cable, but, you know, we need I want you to discuss and talk about exactly what it is that the OMG cable does and show us an example.

Speaker 7 And for those that are listening, if you go to Mike's Everyday Carry does a phenomenal job at actually showing what it does real time on computers, on phones, it's fascinating.

Speaker 7 go ahead and give us the uh you know show us what it is and and and and walk us through what exactly it does yeah definitely let's let's pull one off

Speaker 1 the visual

Speaker 1 there's a good one

Speaker 1 so

Speaker 1 ong cable right

Speaker 1 looks exactly like one of the many usb cables you've got if and if it doesn't i got a whole bunch more hair to guarantee it does here yeah pull that oh let me see that

Speaker 7 yeah so it's got a whole uh a whole line of them yep

Speaker 7 and I got the complete set. Yeah, you did.
Watch out. But yeah, so what is so each one of these fit a different phone or and or USB drive?

Speaker 1 Yeah, I mean, so basically, think about like, I should say. Yeah, I mean, think about all the different, and it's, think of it as camouflage, basically.
It's like, what's the environment?

Speaker 1 Did they use white cables? Do they use USB-A, USB-C?

Speaker 1 Is it a Mac shop? Cool. They're going to have Lightning on one end, maybe, if they got the older phones.
If it's newer phones, cool and usbc um

Speaker 1 and it's really about blending in to fit what's already in place so you could swap it out or you can do other things uh there's a lot of different approaches and techniques you can have when you have a device that is physically invisible um and it and just hiding in plain sight so that's that's the physical aspect of it and that took me a huge amount of time of shrinking down the components which i will describe in just a second.

Speaker 1 But shrinking it down is, it just took absurd amounts of time just designing the PCB that goes in here. And then beyond that, just the entire process of integrating the PCB into a cable.

Speaker 1 That just took like a year, basically.

Speaker 7 Well, before we get into how you manufactured it, let's talk about what it does. Yeah, exactly.

Speaker 1 So the PCB inside of here, what it does is when you plug it into a, it's primarily targeting laptops and desktops.

Speaker 1 it's got a pcb that will wirelessly kind of light up and it'll connect back to you there's so many different ways you can configure it but this wireless connection allows remote connection into the cable get a full web ui in your web browser right whether it's on your phone or laptop um can even connect out to the internet and you can connect to this thing from anywhere anywhere on earth if you if you do it that way

Speaker 1 what's what's it do though you got control of this wirelessly uh the main when you say it can connect to the internet Does it does it bypass passwords?

Speaker 1 No, um, you still gotta have like a wireless network it can connect to or or you bring one in like if I if I opened my phone right now and looked at all the wireless networks I bet there's probably one in there I could connect to if not like are you gonna notice like a free coffee shop Wi-Fi nearby?

Speaker 1 No

Speaker 1 For instance, right? There's the flexibility is the name of the game with this. There's no one way to use it.

Speaker 1 There's so many ways because in a red team scenario, you don't know what you're up against, and you're going to need some options to circumvent a problem. But, yeah, still, what does it even do?

Speaker 1 You're connected to it, but um, it primarily emulates a keyboard, says I'm a keyboard and it types really fast. So, what does that do?

Speaker 1 Literally, anything I could do sitting at the computer at the keyboard,

Speaker 1 yeah. So, whether that's implanting malware or whatever it may be, right? That's that's kind of the basic functionality of it.
But, I mean, that's not it.

Speaker 1 USB cables can often connect a keyboard to a computer. You're sitting at a desk.

Speaker 1 Swap out that cable, and this can now intercept the keystrokes, which is really good. Just like one classic use case is

Speaker 1 if the machine is locked, I mean, you can type all you want, but you're at a lock screen. You need to get past the lock screen.
What do you need to get past the lock screen?

Speaker 1 You need the password, right? How do you get the password? There's a lot of ways. I mean, you could call up the person and effectively ask them for it by saying I'm IT or something like that.

Speaker 1 But if you're deployed between a keyboard, you can just pull it right off the lines. They're going to type that password every single time they log into the computer.
You remotely see that.

Speaker 1 You rebuild a new payload that...

Speaker 1 Maybe when they go to lunch in the evening, when you know they're not at the machine anymore, it's just going to type in that password, automatically unlock the machine, and then do all the nefarious things you want it to at that point.

Speaker 7 So you just have full access to the

Speaker 7 to the computer. Yeah, at that point, you can see everything, you can access anything so long as you capture the password from the keystrokes.

Speaker 1 Yeah, not so much seen, not well,

Speaker 1 there's a lot of it depends, right? But it's more likely to be.

Speaker 7 Is it like a screen share, like that team viewer thing?

Speaker 1 No, not at this stage. So at this stage, we're just blindly sending keystrokes in, right?

Speaker 1 So as long as you know, you know, what OS it is or something like that,

Speaker 1 that's all you need on a desktop. Like, I know if I hit command space, it's going to open up spotlight on a Mac and I can open up Chrome and then go to the address bar, do some things, right?

Speaker 1 For example, like that's a very repeatable series of keystrokes and you can do them really fast once you know it, just for an example.

Speaker 7 Okay. All right.

Speaker 1 So that's, that's the basics of the very core functionality. And then you, you combine that with key logging, and suddenly

Speaker 1 you're getting a bigger picture here. But there's also other.
Hold on.

Speaker 7 I want to go down. Yeah, yeah, totally.
I'm a dummy with the shit.

Speaker 1 Yeah, let's go deep.

Speaker 7 So, yeah. So what would you so now I didn't even understand that, to be honest, when we did the EDC pocket dump.
So basically

Speaker 1 you're.

Speaker 7 So in that little window, you said there will be a window that might pop up for

Speaker 1 a window blink, right? That's basically your terminal. In that case, there's a lot of things I could do.
But in that case, on that, I think it was.

Speaker 7 So you could put some type of a Trojan horse or something in there

Speaker 7 and implant it in the computer, like very

Speaker 7 through a series of keystrokes.

Speaker 1 Exactly. And then if you...

Speaker 1 detect the Trojan on there and you remove it and the cable's still in play, which it's designed to be, just put it right back on.

Speaker 7 No shit.

Speaker 1 Which is absolutely a thing that has happened with a bunch of my customers that they have told me that, you know, they did an engagement with a very high-profile client.

Speaker 1 We can go into these types of things, but that re-infection vector is exactly what they used.

Speaker 7 Do you prompt it or does it just automatically do it when you put it in the computer?

Speaker 1 Either or. So all about flexibility.
So you can program this a couple different ways. So what I showed was me remotely connecting to it and I hit go.

Speaker 1 But this can be configured that when it powers up, it gets plugged in, it powers up. It can immediately run a payload.
It can wait a series,

Speaker 1 you know, however long you want and then run a payload.

Speaker 7 Is the payload the actual keystroke?

Speaker 1 Yeah, exactly. So when I say payload, it's the series of keystrokes that gets run.

Speaker 7 And the malware or the Trojan horse or whatever?

Speaker 1 You can. There's ways of typing out.
Like if you've got like a small executable that you want to transfer over, there's a couple of ways to do that.

Speaker 1 Like you just use the keystrokes to download it, right?

Speaker 1 You can download stuff from like the terminal for instance or i could use chrome and download it there and go to the downloads folder and open it up there um through keystrokes yep i can navigate everything with keystrokes so you could

Speaker 7 i have no idea what the hell i'm doing with this shit but i'm learning we need to do some fun stuff so you could

Speaker 7 send somebody an email and

Speaker 7 with a with a downloadable whatever yep that's one way yep and then

Speaker 7 plant that cable on them they plug the cable in. It does the keystrokes automatically to open Chrome, log into their email, download the thing.

Speaker 1 Yeah, it's one way. Yep.

Speaker 7 Go to the downloads folder, download it, then you're in. Yep.
And it all happens within like a couple of seconds. Yep.

Speaker 1 That's one way. I mean, I probably wouldn't email it to them because if I was going to email it, I probably include an email that convinces them to just run it for me.

Speaker 1 But if I'm up against a hardened target where they're not as susceptible to that, they're unlikely to do it. I'm like, okay, well, let's get a cable that'll do it for me.
Um,

Speaker 1 as an example, right? This can also do mouse movements too, if we need. Um, lots of control there.
And yeah, it's that you can also, yeah, so

Speaker 1 the malware, right? You can download that. You can also type it back out.
Um,

Speaker 1 it's called base64. It's just a whole bunch of, it looks like random garbage characters.
If you open, like if you open up

Speaker 1 an executable with a notepad, roughly,

Speaker 1 staying high level here you're going to see a bunch of garbage text right but you type that same text out into notepad and save it it's that executable so i can type that back into the computer and boom there's there's the executable which is something we've done quite a bit uh in environments where they're checking what is being downloaded from the internet okay you're looking at the internet cool i'm going to just type this this little piece of malware back into the computer

Speaker 1 Lots of cool tricks you can do like that.

Speaker 7 Wow.

Speaker 7 It's fun.

Speaker 1 And so

Speaker 1 there's other aspects of this too. So, you know, keystroke injection, mouse injection.
I showed you the key logging. Oh, you were asking about the ways of triggering it.
So I showed you remotely.

Speaker 1 I can click go. We can have it boot up and go.
There's also...

Speaker 1 what I refer to as geofencing. Basically, it's got wireless in there.
So it can just look at the nearby networks and figure out where it is and where it isn't.

Speaker 1 And you can trigger or block things on that.

Speaker 1 And

Speaker 1 there's a self-destruct function where it'll erase everything on it. Now, it sounds super nefarious, but it's actually prompted by legal.

Speaker 1 A lot of places have strict controls. So with the USB rubber ducky, it does the keystroke injection.
It looks like a thumb drive by Hack5.

Speaker 1 That's my business partner.

Speaker 1 They invented that 15 years ago, ish.

Speaker 1 What they would do is you could put like salaries.xls on it. So it's like, oh, that must be the company's salaries and litter it in the parking lot, right?

Speaker 1 That's one way that people would be convinced to pick it up in the parking lot, bring it inside, plug it in, see what's on it, right? And boom, they've just infected themselves with malware, right?

Speaker 1 There's a downside to that, which is depending on how bad that payload is,

Speaker 1 If you're a red team, you're an employee of this company, right?

Speaker 1 You've got malware sitting on a loose object that anyone could pick up and bring it home, bringing it to another business, and now you have just infected another business. That's not ideal, right?

Speaker 1 So, certain environments, their legal team is like, no way. You put geofencing on this, you have a payload where it boots up and it just says, Am I in the office? Is the corporate Wi-Fi present? Cool.

Speaker 1 If not, completely wipe everything.

Speaker 7 Are you shitting me? So you

Speaker 1 Wow.

Speaker 7 Wow. So it knows where it's at.
Yep.

Speaker 1 And where it isn't.

Speaker 7 Holy shit.

Speaker 1 So this, this scan right here, this was done by Lumafield. They've got a CT scanner, which is basically an x-ray scanner that takes a lot of x-rays,

Speaker 1 little slices across a product, and then assembles it into a... 3D object.
So Lumafield actually just did some work with them to sit down and talk about their machines.

Speaker 1 They use for all kinds of things.

Speaker 1 Manufacturing inspection, but also starting to get into like a lot of security stuff, like where you can literally see inside. This is a scan of the end of one of my cables.

Speaker 1 So right here is the connectors, USB connectors. And over here, we got the components.
So this is the main processor, and this little thing over here is the antenna.

Speaker 1 You can kind of see the USB wires run out the bottom there.

Speaker 7 Wow.

Speaker 1 And the cool thing is, let's see if I can turn this.

Speaker 1 There it is. That is

Speaker 1 the whole internal and lots more components kind of on the back.

Speaker 1 You can use this to step through every layer and just see literally every little detail about something. So if you got untrusted hardware,

Speaker 1 for instance, that scanner would reveal all of the internals. In this case, it's just really cool and it shows off.

Speaker 1 Here's what's inside my cable that's doing all the magic.

Speaker 7 You got to get that framed.

Speaker 1 I think I'm going to. it's a beautiful scan.

Speaker 7 That is very cool. Yeah.

Speaker 1 They, they have done a lot of work to

Speaker 1 kind of democratize, democratize the access to CT scans. Uh, CT scanning machines are normally this industrial machine that's really hard to use and really expensive.

Speaker 1 Like we're talking like a million plus dollars for machines, roughly. Um,

Speaker 1 they do a subscription where it's like the cost of a

Speaker 1 like maintenance contract and they did some amazing stuff to make it super usable. Like you can see me turning this.

Speaker 1 Um, it's super easy to use the outputs and set it up. And uh,

Speaker 1 they did something magic, and I don't know that they communicate this, but uh, the sensor in a x-ray machine normally decays, and you have to replace it.

Speaker 1 They've somehow made like an eternal scanner, so that reduces the cost as well.

Speaker 1 Which I don't, I don't know, I'm completely obsessed with your technology right now, so sorry for the momentary splurge on that.

Speaker 7 But oh, that is super cool, super cool. Good stuff.
Who are your customers?

Speaker 1 I kind of, everyone, basically.

Speaker 1 So here's the thing.

Speaker 1 Me personally, I've got one customer, Hack5.

Speaker 1 And we can probably go into the story about how we met. But basically,

Speaker 1 when I was making these things by myself and I needed to take the jump into manufacturing, I had a lot of bad experiences, but Hack5 was amazing.

Speaker 1 They're like, let me just kind of show you the ropes, right? Like manufacturing, running a business, all this stuff. Darren has been great to me.

Speaker 1 So I sell all of my stuff to him and all of my products are available on Hack5 as a result. They take care of who gets it.
And they have very tight expert controls.

Speaker 1 There's a lot of countries they would just will not ship to.

Speaker 7 Can I just go on there and buy it?

Speaker 1 Yeah, you can. You're not in a prohibited country.

Speaker 7 Wow.

Speaker 1 So yeah, you can just go on there and buy it and hobbyists can use it,

Speaker 1 security researchers, awareness training. So that's where you go on stage and kind of just show off concerning things so that people will change their behavior.
And primarily red teams.

Speaker 1 There's lots of red teams in the private space, you know, Fortune 500s, military, industrial, government, all have their own equivalencies to that.

Speaker 1 And again, the red team is where you are emulating what an actual attacker does from end to end.

Speaker 1 penetrating to the comp getting into the company and all the entire chain of hopping around and getting to the crown jewels pulling those back out, that that is red teaming. And

Speaker 1 this is used a lot there. So

Speaker 1 I have a lot of customers who will also reach out just for advice on how to use the cables, or maybe they've run into a situation like that legal constraint.

Speaker 1 Like, hey, this is cool, but like, oh, yeah, cool. Let me just fix that and solve that legal problem.
Now, I don't know like the full scope of what they're doing, but it's like, oh, here's a problem.

Speaker 1 I could solve that for you.

Speaker 1 There's, yeah, every

Speaker 1 they are the people I've talked to, and now I, I've, I know a lot more than I can talk about here, but there are plenty of people who have said, yeah, you're going to Sean Ryan, go ahead and you can talk about it this way.

Speaker 1 Um, a couple people, who are those people, yeah. So, uh,

Speaker 7 is it my former employer?

Speaker 1 I mean, possibly. So I don't know that level of detail and don't really want to, but as long as they're part of like the okay

Speaker 1 entities,

Speaker 7 are there any okay entities?

Speaker 1 Yeah, I know exactly right. The ones who are

Speaker 1 this is going to be defined on who is or isn't going to put me in prison. So let's, that's, that's my definition of good in this scenario is keeping those people happy.

Speaker 1 Um, but, and, but to be clear, there's another advantage here, which is some of these places are critical infrastructure that they work at or are tasked with securing or improving the security.

Speaker 1 So we all benefit from that.

Speaker 1 Like, I don't want a place that has some form of nuclear material in it getting compromised because the people who want to compromise those places are probably looking to hurt me in some way, right?

Speaker 1 So let's help them. So

Speaker 1 the other feature kind of added to these cables recently is call it HIDX stealth link. It's kind of the branding of it to explain what it is.

Speaker 1 Ultimately, still acting as a keyboard, but now it's got bi-directional data transfer.

Speaker 1 So, like a network interface, but without ever showing as a network interface, you can send data back and forth between the computer,

Speaker 1 and it just looks like a keyboard to the target system. This was used by quite a few people in a lot of environments, but

Speaker 1 in this case, you know,

Speaker 1 the critical infrastructure was not looking for this type of exfiltration.

Speaker 1 technique and it worked really well got them in and they achieved their objectives with this critical critical infrastructure and got it fixed.

Speaker 1 You know, I was told that my name got put into a report that I will never have access to, but that is, that's extremely cool.

Speaker 1 It's like, cool, I got my name into a report to fix some critical infrastructure with a technique that we developed with my team. And honestly, I'd love to pause and even talk about that team because

Speaker 1 while I make the hardware and the manufacturing to run the business,

Speaker 1 all the tricks this does heavily about the actual firmware that runs on this and that requires multiple people to pull off.

Speaker 7 Let's talk about your team.

Speaker 1 Yeah. So

Speaker 1 there's a couple of pieces of this, but one guy is retired and just loves working on hardware.

Speaker 1 Prior to this, I mean, he did a lot of things, but prior to this, he was working on the firmware for police body cameras. So

Speaker 1 very interesting background there. Another guy is blind, and he does kind of the UI you've seen.
It's kind of poetic.

Speaker 1 He's the blind guy is in charge of the UI. He's got a lot of experience.
What is UI?

Speaker 1 Yeah, so the visual interface. When you open it up in the control panel and you got all the buttons and stuff in there.

Speaker 1 Are you

Speaker 1 hold on?

Speaker 1 Pick that cable up. Yes.

Speaker 7 When you open that thing up and look at the control panel and the buttons.

Speaker 1 Wirelessly. So when you connect to it wirelessly with your web, and then you open your web browser and then connect to the IP address, you get like a web web page, right? Okay.

Speaker 1 With all the buttons on it that give you the controls. You can view the key logs, open the hundreds of payloads you can save on here and run them.
All that's purely visual.

Speaker 1 Click on stuff. It doesn't have to be.
You can automate it. But yeah, it's primarily visual

Speaker 1 and it allows all the cool controls to happen. So

Speaker 1 got another guy who, you know, in education and a lot of them are familiar with the government contracting spaces as well.

Speaker 1 It's a fairly small team, but they've been along for the ride the whole time and just constantly interested in picking up just challenges.

Speaker 1 And like the way the key logger works on here is like, that's not supposed to be possible.

Speaker 7 How did you get this word out? How are you marketing this?

Speaker 1 That's a really good question, actually. I have not done any marketing yet.
This thing kind of has its own legs, which

Speaker 7 I mean, I could imagine, but I mean, what was the first thing? Like, how did

Speaker 1 I put a, I think I just put a video out, a video of like, hey, like, I made this with my mill, check it out. Here's what it can do.

Speaker 1 Excuse me. Yeah, no worries.
And here's what it can do. And then

Speaker 1 it just took off. Like that was mostly in the InfoSec space.
So, you know, it kind of went around the hacker community and the professional security professionals,

Speaker 1 security professionals.

Speaker 1 And at some point, it just kind of goes outside of that bubble because it gets enough traction. Like Vice took it, Forbes took it.

Speaker 1 You know, there's, there's so many different high profile.

Speaker 7 This has been in Forbes.

Speaker 1 Oh, yeah, this has been in Forbes a couple times.

Speaker 1 Look, mom, I made it to Forbes.

Speaker 1 Yeah, it's

Speaker 1 been pretty wild.

Speaker 1 I am at the point, though, where I am starting to think about focusing purely on this because it's just become this awesome monster that

Speaker 1 takes a lot of my time as well as running red team as well.

Speaker 1 So that's probably something I'm going to be pivoting into very shortly and focusing on that, helping the team and seeing what more we can do.

Speaker 1 Probably going to relax for a bit, though. Good for you.
I'm tired.

Speaker 7 How is business? Is it going well?

Speaker 1 It's very good. So

Speaker 1 I'm probably long overdue to jump.

Speaker 7 What do you think you'll grow into with this?

Speaker 1 I have no idea. So

Speaker 1 I've never had a plan ever on any of this. it's just what's the thing and the opportunity at the moment and how can i play with that in an interesting way um

Speaker 1 which you know there's a lot of things why you would want to plan in business but i just yeah i don't know maybe eventually i'll have a plan do you have any fear about this being on the market still available um i mean it's been five six years now and i'm very proud of like the results of it with all the places where it's been fixed in the very low abuse scenarios like we're we're very intentional when we think about, okay, let's add a feature to this, but let's figure out who wants this feature, who's going to make use of it.

Speaker 1 Like, for instance, like the number one that I want to avoid is like stalkerware, it's bounceware stuff. People look at this and they're like, oh, yeah, I need that for that.

Speaker 1 I'm like, no, I'm going to make that hard.

Speaker 1 Like, that's not as valuable to a red team professional. I like, we're trying to get into corporate infrastructure.
We're trying to do like Oceans 11 shit on

Speaker 1 like

Speaker 1 Fortune 10 or something like that.

Speaker 7 This would be so easy to plant in any government facility. Yeah.

Speaker 1 That's

Speaker 7 yeah. I shouldn't say

Speaker 7 I shouldn't say any government facility, but you know, it might be, it's been a while since I've been to a SCIF, but, you know, it's

Speaker 7 they seem to have a pretty

Speaker 7 good

Speaker 7 gauge on what's going on. But I'm talking like DC, Congress, Senate,

Speaker 7 politicians, those types would be,

Speaker 7 it would be a fucking joke just to,

Speaker 7 you could hand them out.

Speaker 1 Yeah. And they'll use them.
Here's the thing, though, is that's the other aspect is there's a lot of very detectable defaults. You have to really know how to use the tool to work around these things.

Speaker 1 But by design, it's supposed to be detectable if you're doing good security. Like this is going to light up.

Speaker 1 And it's literally the, it announces itself as an OMG cable out of the, you know, effectively out of the box, right? So hopefully you're at least checking that.

Speaker 7 And all of your experience is

Speaker 7 doing red cell operations.

Speaker 7 Yes and no. How many people do you think are testing that?

Speaker 1 So here's the thing is the people who are that low on the bar of security, I don't, I don't need these to get in. I just pick up a phone.
I send an email.

Speaker 7 Okay, fair enough.

Speaker 1 That's, that's, that's that sweet spot where it's it's like all, you know, you map out all the desires, the capabilities, and the threats and the negative consequences and just thread the needle to get just that sweet spot.

Speaker 1 And

Speaker 1 we spend a lot of time thinking about that, but

Speaker 1 right now I just point to the last five years of like, look, the results. And

Speaker 1 that way, you know, I can talk all day about how much intent we put into it, but the results are far better than the intent in terms of convincing convincing somebody.

Speaker 1 Another thing, so I think I showed you

Speaker 1 these, these should actually shift deactivated for multiple reasons, which you can imagine. There's a little,

Speaker 1 we call it the programmer. It's kind of a firmware tool.
So you plug this into your computer to activate it, right?

Speaker 1 This doubles for multiple other things. So if you do like a

Speaker 1 self-destruct on it, you recover the cable with this if you wanted to. You have to get it back out of the field.

Speaker 1 But self-destruct, we'll just put it into a neutral cable that's just not harmful at all.

Speaker 1 Really good if you can't pull the thing back out of the field.

Speaker 1 You want to neutralize all your stuff.

Speaker 1 However, if you're blue team and you found this, you can also use one of these to dump every bit of firmware that's running on here, which will uncoop payloads and all this stuff.

Speaker 1 So as long as it hasn't been self-destructed, you can just dump that and do a full forensics on it. So they get to practice as well.
Wow.

Speaker 1 So yeah, we've done a lot of things that kind of show off the forensic capabilities and ways of approaching. So it's it's meant to be holistic for security, not just purely offensive use.

Speaker 1 But it's really about

Speaker 1 raising the bar, basically.

Speaker 7 Interesting.

Speaker 1 I mean,

Speaker 7 when I look at that, you know, I've always heard, you know, I've always heard RIT guys always telling us, you know, don't be buying shit off Amazon.

Speaker 7 If you're going to get an iPhone cable, get it from the Apple store, Store, not from Amazon. If you're getting Wi-Fi extenders, go from the manufacturer, not some shit on Amazon.

Speaker 7 Is China putting this shit into our ecosystem?

Speaker 1 I doubt it. So these are highly targeted.
So it's, it's kind of things like this. Yeah, exactly.
But I think it's good to think about it.

Speaker 1 Like, let's step back to like a different type of crime, like pickpocketing versus like Ocean's 11 bank job, right?

Speaker 1 Like this is more on the, you know, the bank job, whereas pickpocketing, that's what you're more likely to experience as just a random individual. Like

Speaker 1 that's going to be more equal to like phishing emails, like really low-grade commodity malware type stuff that's delivered over email. Like the risk of physically delivering this stuff

Speaker 1 is too high. Or in the case of like, oh, we're going to contaminate.
contaminate the the the shelves effectively uh online or not that's so high cost and so easy to find.

Speaker 1 That's like some, you just need one person to detect that this happened, and we'd all hear the news story. Um, this is which kind of reminds me of that Bloomberg grain of rice story, right?

Speaker 1 Which was complete bullshit. Um, my friend Joe, Joe Fitzpatrick, is a great guy to talk about this.

Speaker 1 Um, but basically, there was this Bloomberg news story that a little grain of rice component was found implanted in a bunch of servers, right?

Speaker 1 And it just doesn't make sense, which is why that story didn't make sense, because there are so many other ways of approaching that that are way less detectable.

Speaker 1 There's anybody, like, how do you control where that goes?

Speaker 1 It's very hard to control where implanted hardware goes. And if you don't have control, anyone's going to find it.

Speaker 1 I think like the the the closest you can get to that might be that Israeli pager story where they had to create a fake manufacturing plant to develop these things and that is how they controlled where it went hold on I don't I'm not familiar with this oh yeah

Speaker 7 yeah totally the Israeli pager story where they blew up all the Hezbollah guys yes exactly so thousands

Speaker 1 thousands of pagers I think it was a batch of five thousand and four thousand went out so yeah a lot of a lot of booms um but basically what they did is set up a fake manufacturing company right and they I think they had their own manufacturing plant and everything.

Speaker 1 They licensed a legitimate

Speaker 1 model of Pager from a legitimate company, well known.

Speaker 1 This is a typical relationship for a lot of hardware. You just license it and you sell it.
And then you're like, yeah, put my name on it. Depends on what it is.

Speaker 1 Like, obviously Apple's going to do their own thing, but

Speaker 1 we're talking pagers, right? This is like 30-year-old technology here.

Speaker 1 So they did that. They had a bunch of, they even went as far as getting a bunch of random customers and gave them good pagers.
But then they got their Hezbollah client.

Speaker 1 And I'm always curious about how they did that. I have some postulations, but

Speaker 1 they got their Hezbollah client and they made

Speaker 1 exploding pages for them. They put high explosives in part of the battery and a detonator in there.

Speaker 1 And basically, it was configured to explode, detonate this thing

Speaker 1 after a specific message was sent to the pager. And the way pager networks work are all like broadcasts.

Speaker 1 So you can send one message that goes to all pagers in the network, which is probably what they did. Anyway, this was in play for, I don't know, I think it was like one or two years.

Speaker 1 Like these are out there and

Speaker 1 slowly going through, you know, the IT operations of, hey, guys, we got new hardware and slowly sending them out to the field. I think they were encrypted pagers.

Speaker 1 It was funny

Speaker 1 in some ways that this

Speaker 1 pager focus was entirely because they knew their cell phones were compromised. Like, oh, I'll start using pages.
Maybe it was the walkie-talkie, I forget.

Speaker 1 But they were moving away from one columns to another to avoid surveillance. And as a result, they got explosions.

Speaker 1 But that's the kind of like level of control. Like if

Speaker 1 those got out to someone else, which I mean, there's still opportunity for that. Like they're not watching one pager go from hand to hand to hand.

Speaker 1 Like it's like, oh, we deployed it to Hezbollah and it's reasonable to assume that this level of dissemination with this margin of error and other people touching them.

Speaker 1 And, you know, they, they probably did the math on that, right?

Speaker 1 I didn't.

Speaker 1 But

Speaker 1 that's kind of a good example of like how far you can go and like the risks of discovery.

Speaker 1 Stuff like Stuxnet. Stuxnet's another good example of, I think it was the Iranian enrichment facilities

Speaker 1 where,

Speaker 1 oh, I can't remember the full story here, but there was like a thumb drive with a worm on it and

Speaker 1 it got in, basically it got carried into this enrichment facility and it would damage the part of the enrichment machinery, right? But didn't do it all at once.

Speaker 1 It would randomly pick one or the other because you don't want to be discovered, right? If you did it all at once, you're like, oh, something's up. It's like, oh, one went up, whatever.

Speaker 1 It must be bad, right? Like, so there's like the psychology of making sure it doesn't seem like it's something to investigate. It's like, oh, bad machines.
It must be bad process.

Speaker 1 So I kept doing that. And eventually, I can't remember how it got discovered,

Speaker 1 but there was a... issue where it started spreading around elsewhere, like the worm or something like that.
And somebody noticed it, I think.

Speaker 1 I can't fully remember, but there was a discovery event because it kind of got too wide. And once it's discovered, okay, now you can defend against it.
Now you can find them in the wild.

Speaker 1 And dude, the moment somebody found anything in our stuff, they're going to tell the world, like, hey, look at this cool thing I found. I'm a security researcher.
So

Speaker 1 that said,

Speaker 1 on the flip side, there's plenty of places we don't look. Most of the stuff you find in there is just vulnerabilities.
Like, oh, I didn't. think there would be a hole on

Speaker 1 whatever some aspect of a product like oh if you just log in 10 times and do this you get in you bypass everything it's like wait what

Speaker 1 you do what that's the type of stuff that's typically well nobody thought to try that so yeah it really depends um

Speaker 1 physical implants are much easier to discover because i mean they're physically there you can't revoke them you can't be like oh self-delete it's there i mean

Speaker 1 not not counting the pager situation it's a different type of delete but uh you know delete in a way that doesn't leave the the evidence around yeah yeah i'm i'm like what's in your head, man?

Speaker 7 What's next for you?

Speaker 1 I don't know yet. I'm just going to.
What are you thinking about? Like, I have been

Speaker 1 focusing more on personal stuff, just like hanging out with my kids, spending more time with them while I got the time and they're growing, you know, once 14. So, you know.

Speaker 7 You can shut it off.

Speaker 1 No,

Speaker 1 yeah. So

Speaker 1 learning how to do that is part of part of it. So

Speaker 7 I haven't learned how to do that. Yeah.
It's

Speaker 7 let me know.

Speaker 1 Dude, it's hard.

Speaker 7 Because you love this. I can tell this is your passion.
Yeah. You're, you, you're moving into this full-time.
This is going to be your full-time business. Yep.

Speaker 7 Give me a snapshot. I mean, here's what, what are some of your ideas? Here's an example.

Speaker 1 So I'm reusing the same implant in a couple of ways. So, I mean, this is an easy one.
So

Speaker 1 USB adapters, basically a cable, right? Cool.

Speaker 1 I had a thing where customers were enjoying the firmware so much for like payload development, they would get the cable and cut the end off. I'm like, dude, no, that's my baby.

Speaker 1 What are you, what are you doing? So, you know, there we go. Keychains that, you know, don't have the cable on it.
Cool. Got that.

Speaker 1 Now, here's another one.

Speaker 1 Are you familiar with USB data blockers?

Speaker 7 No.

Speaker 1 So it's a commonly recommended like secure charging mechanism. You're like, oh, I can't trust the airport charger or something like that.
You're like, well, get a data blocker.

Speaker 7 Can you trust an airport charger?

Speaker 1 Mostly. I mean,

Speaker 1 I'm personally more concerned about the quality of the electricity coming out there frying my phone than I am about like a data situation.

Speaker 1 Because going back to the discoverability, you put something in a wide space like that. Once it gets detected, you hear about it.
We've not heard about it. Gotcha.

Speaker 1 And especially in a secure space like

Speaker 1 all the airport locations, like there's everybody's on camera, right? Like, good luck.

Speaker 1 It would be really hard.

Speaker 1 There's advisories that come out, and I think the FBI was doing them.

Speaker 1 They get a lot of flack for that because there's no like proof it existed, but I don't know. Like, I don't have the intelligence they have either.
So, I mean, there's things you could do.

Speaker 1 I also don't consider my creativity to be all-inclusive in all ways. You can do something negative.
Like, there's plenty of people with different motives and minds than me. So, yeah, we'll see.

Speaker 1 It'd be a cool story. But yeah, data blockers.
That's the idea. You now have safe charging.
I'm like, cool. I'll put one of my things in a data blocker.
Now, you know, cat and mouse. Yeah.

Speaker 1 I just thought it was funny. But just as an example, just kind of chase that a little bit.

Speaker 1 Go from there. I don't know.

Speaker 1 We'll see.

Speaker 7 Do you have any wazoo crazy inventions

Speaker 7 that you're dreaming up?

Speaker 1 I've done a lot with on the manufacturing side. So I've had to invent so many tools and mechanisms, both for creating these cables, which turns into their own products.

Speaker 1 Because I'm teaching other people how to use them and it breaks and I got to do support for those products. And they're their own PCBs and everything.

Speaker 1 It's a hardware product with its own firmware just to test these cables at multiple stages.

Speaker 1 So I'm still packing these at home with the kids

Speaker 1 and the envelopes, right? I got to label those. That gets really annoying over time.
I'm like, you know what? I'm going to create a machine to label these.

Speaker 1 So I just keep chasing that down and seeing how much I can do. You know, there's a, there's a guy called Cliff Stoll.
He does a lot of really cool things, science,

Speaker 1 math.

Speaker 1 He's got a book on security, but he also makes something called Klein bottles.

Speaker 1 Total deviation here, but you'll see why. So Klein bottles are, you know, know, a Mobius strip.
You take a strip of paper and you pull the ends up, rotate, tape them together.

Speaker 1 Now you've got a 1D dimension. So if you follow it around on a pen, it's one dimensional.
Klein bottle is a 3D version of that. Anyway, he,

Speaker 1 I think he lives in Palo Alto, small place.

Speaker 1 He runs like distribution entirely out of his house for that. So under his house, he has built an entire robotic warehouse system with like drives the thing around, pulls the stuff out.

Speaker 1 I think that's cool as hell.

Speaker 1 And it goes back to like the old school hacker mindset of just doing that. I like that kind of stuff just catches me.
And I'll like, okay, cool. I want to do as much manufacturing in-home as I can.

Speaker 1 Cause A, my, my stuff is really small. Um, but you know, also let's just see how far I can take it, how much more I can optimize.

Speaker 1 Like I, this, this orange clip that goes on these things that I ship with, so you know which ones are bad. I've redesigned it like six times so far.
Just

Speaker 1 like, I don't know. I just want to see how much further can I take it.
Wow.

Speaker 1 Yeah.

Speaker 7 So are you manufacturing these yourself?

Speaker 1 It's a mix. So the process for it, I'm going to go back to this PCB as a reference here.
But real quick,

Speaker 1 the process that I'm kind of taking right now is I ask

Speaker 1 one manufacturer make the raw the PCB, the green piece here.

Speaker 1 Then that gets shipped to another place that assembles the components to the PCB. They're basically running it through high heat that melts solder and they all get like glued to the board, right?

Speaker 1 Now they're, you got a functional piece of

Speaker 1 And now,

Speaker 1 once it's glued to the board, here's one of my implants. And we can get some close-ups later.
But here is

Speaker 1 that's that's one of the implants. That's the size of it.

Speaker 7 This is what goes in the little USB thing.

Speaker 1 Yep, inside the boot of the cable, basically.

Speaker 7 This little bitty ass thing. Yep.

Speaker 7 Connects to the internet. Yep.

Speaker 1 It's

Speaker 7 wow.

Speaker 7 Why the fuck is my modem so big?

Speaker 1 Yeah, I know.

Speaker 1 I mean, serious, man. Wow.
Yeah,

Speaker 1 there's a lot of compromises to to make that happen. Like, look at that damn thing.

Speaker 7 Yeah.

Speaker 1 If, if you were not size constrained on that, that would be 10 times bigger because it would be so much easier to make with 10 components instead of two or whatever. I forget how many I have in there.

Speaker 1 I think I got like 12, but you know, times 10, the components is normally what you'd see.

Speaker 1 So that creates the need to do a lot of creative engineering to compromise and get small. But at some point,

Speaker 1 I'll show you here. I'll just press these.

Speaker 1 Here's that little one with the USB-C end on it. And here, it's going to USB-C-A.

Speaker 1 So

Speaker 1 that's kind of, you know, okay, components are on there. You know, one shop did the green PCB.
One shop put all the components on there. Cool.
Well, that's what I got right now, right?

Speaker 1 It's not cable yet. It's another shop going to help integrate that into cables.

Speaker 1 And.

Speaker 1 So this other shop's going to integrate it into cables to some extent. There's still unfinished work to do, unfinished testing.

Speaker 1 Then,

Speaker 1 and if it's the woven cable, there's another factory has to like do special cutting and crimping and searing of the ends so it doesn't unravel.

Speaker 1 Anyway, so you know, three, four factories later, ships over to me. I'll do the finishing work on them.

Speaker 1 Sometimes it's closing the actual cables up, but at a minimum, it's testing everything, calibrating them, putting like that initial firmware on there,

Speaker 1 tons of QA and QC work,

Speaker 1 packaging,

Speaker 1 shipping it off to the Hack5 warehouse.

Speaker 7 So

Speaker 1 lots of work.

Speaker 7 So where do people find this product? Yeah, so

Speaker 1 two places basically. You can go to the o.mg.lol website.
That's my primary website.

Speaker 1 Or you can go to my business partner. It redirects to my business partner effectively, which is hack5hak5,

Speaker 1 hack5.org slash mg and all my products are up on their site

Speaker 1 wow

Speaker 7 that's incredible man that is incredible

Speaker 7 fun stuff man i can't believe uh

Speaker 7 have the agencies been in touch with you to come work with

Speaker 7 probably

Speaker 1 science and technology department or i'm not sure i would know

Speaker 1 you would know yeah

Speaker 1 um and there's been a lot of interesting challenges too like uh i mean i'm i'm saying, you know, that's

Speaker 7 actually not a joke. That's a good thing.
Oh, yeah, totally.

Speaker 1 You know, yeah.

Speaker 7 Very, very sharp guy, very inventive,

Speaker 7 very impressive.

Speaker 1 I'm happy to help all kinds of people secure their environments. So,

Speaker 1 yeah, I mean, they know where to find me.

Speaker 7 I'm sure they do.

Speaker 1 Let's see.

Speaker 1 There's, oh, you know what? Another thing that might be interesting here is this kind of kicked off right when the pandemic kicked off.

Speaker 1 It's like, you know, working with the factories, had to do all that remote, and that immediately ran into the chip shortage. I saw that come in from like six months before everybody else did.

Speaker 1 So, immediately had to figure out all the supply chain logistics, where to find chips when they are out of the market everywhere, hoarding them mass. Like, I, this, this is

Speaker 1 something I have put the

Speaker 1 first two or three years of profits entirely back into production, whether it's improving the PCB, improving the capabilities, or storing extra components because we're in the middle of a chip shortage so I can still make my stuff.

Speaker 1 That was a wild time.

Speaker 1 And it felt like there was just one thing after the other that was like, no, you can't sell these. No, the market's down.

Speaker 1 No, you can't have access to the chips.

Speaker 1 And just trying to find ways of working around that.

Speaker 1 Down to like

Speaker 1 component, all these little tiny components come in a really long piece of tape coiled up on a reel, right?

Speaker 1 I count those. I assemble those by myself as well.
So, you know, I got machines to count them and assemble them so I can just send it off to the assembler.

Speaker 1 There's so many different facets of running a hardware business that is like this that is really unexpected. And I'm just kind of learning on the fly.
So,

Speaker 1 yeah.

Speaker 7 Very impressive, Mike.

Speaker 1 Thanks, man.

Speaker 7 Well,

Speaker 7 I think we're wrapping up the interview, but I just want to say, man, you are a

Speaker 7 super sharp, fascinating individual. And

Speaker 7 what an amazing conversation. Thanks, man.
Very funny.

Speaker 7 Thank you. Thank you.
And,

Speaker 7 you know,

Speaker 7 I'll be tracking you. Where can people find you?

Speaker 1 Oh, yeah. I mean, I'm all over the place.
I um definitely on Twitter, underscore mg underscore. Um, lots of other social networks starting to form and fall apart and whatever they may be.

Speaker 1 I'll try to keep all of that on the contact page of the o.mg.lol site, though.

Speaker 7 Perfect. Well, Mike, I wish you the best of luck, and um,

Speaker 7 I can't wait to see what you come up with next. Thanks, all right, brother.
Cheers.

Speaker 1 Thank you.

More episodes from The Shawn Ryan Show

The Shawn Ryan Show

#259 Mike Durant - 160th SOAR Pilot Who Survived Black Hawk Down and 11 Days as a POW

December 04, 2025
The Shawn Ryan Show

#257 Jocko Willink - Commander of SEAL Team-3 Task Unit Bruiser aka "The Punishers"

November 27, 2025
The Shawn Ryan Show

#256 Tucker Carlson - Epstein’s Emails, Political Blackmail and What We Already Knew All Along

November 24, 2025
The Shawn Ryan Show

#255 Ryan Montgomery – Roblox & Minecraft: Hacker Exposes the Largest Online Video Games

November 20, 2025
The Shawn Ryan Show

#254 Brian Harpole - Groundbreaking Evidence From Charlie Kirk’s Head of Security

November 17, 2025