Transcription performed by LeahTranscribes[START OF RECORDING]
JACK: Antwerp is a town in Belgium. Actually, it’s Belgium’s largest city, but what comes to mind when I say Antwerp? To me, at least, it’s diamonds. It’s the hub of the world’s diamond trade. Well, I imagine if the town is bustling with diamonds, then it’s probably also attracting some criminals wanting to steal those diamonds, right? [MUSIC] In 2019, a robbery occurred that really took things to the next level. It was actually a bank, and it was situated in the diamond trading district in Antwerp. Monday morning, bank employees came to work and checked out the vault, but something was wrong with the vault and they called the police, who had to force their way into the vault only to find that the place had been robbed. How, though? The bank had all the right security measures; cameras watching the bank doors, motion sensors in the bank and sensors in the vault doors themselves, and everything was secured tight. So, how did they get into the vault? DEVIANT: They went through the probably six to eight-foot-thick concrete wall. They just bore-holed – you could actually see three slightly overlapping – kinda like MasterCard logo interlocking circles – bore holes of about a twelve-inch diameter, maybe, and they just chewed through it, over time getting through the wall. They crawled all the way through, did everything they did, and crawled all the way out, just kind of army-crawled through these – this sandwich-shaped hole.
JACK: Wow, drilling through a six-foot concrete wall? That must have taken a very long time. In fact, the criminals spent all weekend down there while the bank was closed so they could make a lot of noise without getting caught.
DEVIANT: It really goes to show that if everything is – ‘cause the vault had basically been protected to oblivion on the door, and if anyone messed with that door, tampered with that door, tried to torch-cut, whatever, that door, that was where the alarm was. That’s where all the sensors were. All the investment was in the door because they said, well, what do you do with walls? There’s only so much you can do with walls. But you can believe that at least a few bank vaults in Antwerp started looking at their diamonds and they said, is concrete the only thing that’s protecting us? Because we’ve got to at least get some shake sensors in these walls or put one or two cameras in the vault, because if somebody goes into the concrete and they’re in there all weekend, well, that’s a problem.
JACK: It reminds me of that Bob Dylan song. You know the one; Lily, Rosemary and the Jack of Hearts? It’s a nine-minute-long song and it’s an epic narrative ballad. The story summed up is that Jack had his gang try to drill through the wall into a neighboring bank while Lily and Rosemary distracted the bank owner, Big Jim, and the whole thing takes place in this cabaret. Lily and Rosemary got the judge and the bank owner drunk while the boys made their way through the wall. They cleaned out the safe and took off with the Jack of Hearts.
(INTRO): [INTRO MUSIC] These are true stories from the dark side of the internet. I’m Jack Rhysider. This is Darknet Diaries. [INTRO MUSIC ENDS]
JACK: Okay, so, who are you and what do you do?
DEVIANT: My name is Deviant Ollam and I am a physical penetration specialist. I have been involved in lock-picking, safe manipulation, physical entry, physical bypass, and teaching about covert entry tactics for, well, well in excess of ten years at this point. We’ll say it that way. Much longer.
JACK: Okay, so, Deviant is a very well-known physical penetration tester, and we’re gonna hear three stories about how he’s broken into buildings in this episode, and the third one is my favorite, so stick around for that. But I want to first quickly catch up about how he even got to this point.
DEVIANT: I was a network person. I was a computer person. I was, like a lot of people in the tech world, mostly making my living on a keyboard. I liked locks and lock-picking and door bypassing. I knew about these tactics. It’s a very common hobby, but that’s your avocation. But I had clients; there was a law office in town. The law office had a sysadmin. Small to medium business, one-stop shop, single guy in an office. He ran the show with the IT and he just sort of rage-quit one day. Just, table flip, I’m outta here, and slammed his office door. It was a pretty crappy law firm, so I’m not surprised. But when he left, the staff kind of looked at each other and were like, I don’t know if he’s coming back. Are we supposed to do something if that happens? Because he’s got all the passwords. What are we doing here? Of course, you do need to put a plan into place. They just didn’t have one.
JACK: So, they called up Deviant to come help recover the network, and he went down there but the network room was locked, and nobody could find the key to get in. So, they called a locksmith to come try to get the doors open. Now, because Deviant had a little practice picking locks by that time, he took a look at the door.
DEVIANT: I’m looking at your standard office, standard, regular building, and I’m looking at the doors and the little badge-readers, but nothing serious. We get to this windowless door at the end of the hall, a sysadmin IT room, some network, whatever – name badge on the door, but it’s just a regular door. A little badge-reader on the wall and – this is – so, it’s not like a data center door. This is just a regular door? They said, yeah, but none of our badges work on the door and we don’t – apparently even the head partner doesn’t have a key. His key – we thought it was supposed to work. We’ll have to talk to building management about that. I said, okay, well, can I try something for a second? I’m looking at your doors – and I pick up the equivalent of a TPS report, just kinda ripped the cover off of that, and I said, well, here; if I kinda – and I just shoved – I shimmed the door. [MUSIC] I just popped it in, slid – toing, the door popped open. [MUSIC] I was like, well, alright, cool. Well, cancel the locksmith, I guess. Save you a couple bucks there, and I just breeze on into the room. I’m sticking flash drives in and the old NT boot tool.
I’m rebooting machines and getting – restoring local admin access. Okay, resetting passwords – I mean, what was his name? Okay, so, I could see his user; I’m just gonna kill his user. There might be maybe backup accounts he made for maintenance, but I don’t see immediately a way that he’s getting in. You’re probably fine. I’ll send you a bill. We’re pretty good, man, and I hand – here’s your piece of paper with – so, here’s your new root passwords. The guy – the keys to the kingdom, he takes it, goes, yeah, yeah, sure, root password, sure, and just kinda puts it in his breast pocket. What’d you do to that door? I was like, oh, yeah, your doors are all installed with these electronic strikes. They’re actually – it’s a super-common vulnerability. You can speak to whoever your integrator was about that. He’s – hey, Steve! He brings this guy; come here! Can you show him what you did to that door? I was like, yeah. Do you want to show it at your office? I’ll pop your office. So, I’m just popping doors open and it bugged him out. They said, oh my – and that became the story of the day at the office, not the sysadmin who quit, but this kid who came in and opened all the law partners’ doors.
JACK: [MUSIC] This resulted in them calling him back to the office to do a full penetration test. This law firm did not like that those office doors could be opened with just a basic folder, by just shimming it in between the latch and the door, and they wanted to know what else in this building was not secure. This got Deviant even more into bypassing doors and picking locks and breaking into rooms. Deviant was good friends with Dark Tangent, who’s the organizer of the hacker conferences Defcon and Black Hat, and Dark Tangent told him…
DEVIANT: This lock-picking thing is really catching fire. You should do a training at Black Hat. I want you to propose a Black Hat training about lock-picking. I was like, no one’s gonna pay money for that. He said, no, trust me, trust me. I think it’ll be hot. You should do it. Yeah, so, that became my career, was a law firm who quit and a dear friend who said, hey, people pay money for this knowledge. Those two forces together really kicked off the idea of doing physical security consulting for me, and my main colleague through all this has been Babak Javadi. He and I have more than one company at this point doing training, consulting, advising, and I get to break into safes on army bases. It’s quite a career all from a few little things that you trip over as opportunities.
JACK: The first Defcon I ever went to was Defcon 17 in 2009 at the Riviera, and that’s where I went up into the Lockpick Village and saw Deviant demonstrate how the inner mechanics of a lock worked. He put a rake and tension bar in my hand and had me practice how to get a lock open. I was fascinated by what he taught me that day, and that’s where I bought my first lockpick set. The Lockpick Village has grown since then. I also remember a contest that year which had people try to escape from jail. The premise is that you woke up in a jail but you had your lockpicks with you. So, you have to first undo your handcuffs and then pick open the cell door, and then pickpocket the guard, and then get the lock open to the jailhouse. It was hilarious.
There are a million ways to get a locked door open. You don’t always need to pick it. In that law firm, it seemed that the latches in the door were installed incorrectly, and by putting a piece of plastic between the door and the frame, you could shim it open. I’ve also seen whole doors installed backwards, where the hinges are on the outside, so you could come in with a hammer and nail and just pop the hinges off and take the whole door off without having to touch the lock at all. So, throughout the years, Deviant has been getting better and better at understanding locks and doors and physical security measures, and I consider him one of the masters in this space. In fact, I’m willing to believe that Deviant has actually given more talks at security conferences than anyone else.
DEVIANT: Someone did the math and I think they said one of the few people who’s talked more than I was the late and wonderful Dan, Dan Kaminsky. But I’ve – again, I just would say yes to everything, and I would drive or fly just because I love talking about this. So, yeah, it’s in – it’s well in excess of three or four hundred. That was the last time we checked, and that was years ago.
JACK: Three hundred or four hundred talks about physical penetration testing. Yowsers. How in the world am I gonna fit all that information into a one-hour episode? Hm. Alright, I got a plan; I think I’m gonna take a break, play Elden Ring for like, two hundred hours, [MUSIC] and then listen to as many of his videos and then come back later. Okay, that was fun, and through the magic of editing, I’m back, and whew, there’s some good stuff that he talks about there. My favorite talk of his is this one.
DEVIANT: So, yeah, this is the elevator hacking talk. This is the talk that we were told had to be on Sunday, because – [AUDIENCE LAUGHTER] – because reasons.
JACK: Because here’s the thing; this is a full one-hour talk of him and his friend, Howard Payne, going over so many ways that you can take over an elevator, hack an elevator, and make it do stuff that you shouldn’t be able to do. But since this was a talk in Las Vegas where there are a lot of elevators, Defcon was a bit worried about what people would do with this information, so they pushed the talk back to be on the last day and the last talk of the last day, when people were flying home. So, it was kind of a hidden talk where most attendees had already gone. But it’s the most-watched video of all of Defcon’s videos on YouTube, and so, it’s no secret anymore. I think you should watch this video, too, on elevator hacking. It’ll make you think differently about elevators after you see it. For instance, you may have been in an elevator where you couldn’t get to certain floors unless you scan a key card. Deviant can bypass that. He can get on an elevator and then get it to go to whatever floor he wants.
He shows you that there are some common keys that a lot of elevators use, and they aren’t hard to get, so elevators aren’t as secure as you think. You should probably consider them to be like doors, where you really should test the security of them and not like an elevator, which is just some mysterious box that goes up and down that only the elevator technician knows how to control. It’s one of those things that I just never thought about that’s something you need to secure in your building or office, and that’s what’s fun about Deviant, is how he has all this knowledge of bypassing physical security measures, and then he loves teaching that to others. I just imagine you at this point having, I don’t know, some sort of Matrix-style view into locks and security mechanisms that you see. Like, when you pop into an elevator, you just immediately start looking at what kind of key is in this elevator, how can I turn it on/off, any door that you look at – is that true or are you just kind of zoomed in on…
DEVIANT: Oh, yeah.
JACK: …any lock you’ve ever seen?
DEVIANT: It’s absolute – it sounds silly, but it’s – I love that you said it and not me, ‘cause – but it’s true. There’s even a talk I made about this phenomenon called Eyes of a Thief, and the corporate audience is kinda like that one because you walk them through galleries of images and videos. I say, well, here’s what you see; now here’s what I see. I zoom in and I say, here’s this exploit, that exploit, bang, bang, bang. My wife is very used to the phenomenon of us walking down a city street and she’ll be talking – she’ll turn and I’m two steps back because I paused to pivot and take one picture of this building or that car or this fixture or this device. I’m – oh, that’s going in the slides.
JACK: There was a strange paradigm shift when – it was you who taught me how to pick a lock for the first time, right? I brought it home and I showed my friend, and it just so happened that my friend’s mother was a locksmith.
DEVIANT: Very cool.
JACK: She’s like, you are not allowed to know this. I asked her in the past, hey, can you teach me how to pick a lock? She’s like, nope. I’m not allowed. I got a locksmith code. I can’t show you. It’s just – sorry. So, when I came home and I said, here, let me try opening your front door; I want to see if I could do it, and she saw the tools that I had, she was just flabbergasted by it. It gives me this kind of weird thing of like, this is kinda sacred knowledge. Why don’t locksmiths – why aren’t they physical penetration testers? How come that wasn’t just an easy, hey – like you said on that job you had, we need a locksmith here, they didn’t think, well, let’s get a physical penetration tester here, and a locksmith doesn’t consider themselves a physical penetration tester. So, why is there a gap there? Why doesn’t it all blend together? Do you have any thoughts on that?
DEVIANT: Yeah. I think the real thing there that you hit on perfectly is the guardedness of knowledge and the old world of the trade of locksmithing. If you’re doing a physical penetration test, the value isn’t in the success of the tester. It’s in the deliverable. It’s in the report, the knowledge that they will give you. Giving out that knowledge – physical pen testers, yes, we are many times locksmiths, but much like Penn and Teller are magicians. But part of their whole shtick over the years has been showing the audience how they did the trick. There are some magicians that think that ruins it, that it takes all the shine and polish off of it and the magic is gone, but I think that showing the execution, if it’s elegant and well-done and impressive, it doesn’t take away. In fact, it enhances the audience’s appreciation for – wow, I would not have been – even knowing how it works, I would take five years to learn how to do that trick properly.
Same thing with us. I can show you how it works, but it’s not really taking money out of my pocket or opportunity out of my colleague’s portfolio if people know how my job functions. They’re not all going out immediately trying to do this job. There’s, as you say, that sort of comprehensive knowledge of being able to walk through a space and instantly look and recognize every little detail that comes with years of experience. So, I’m not surprised at your friend’s mother. I’m not even disappointed. For the longest time, that was just part – it was deeply ingrained in the trade. Why aren’t locks – even now, as knowledge is opening up, why aren’t they getting into penetration testing? A lot of them, even with their knowledge as locksmiths, they can’t quite do what we do and they’re, frankly, making far – it’s a very different business model – they’re making far too much money.
JACK: Huh, that’s really interesting to me. If you want someone to break into a place for you, call a locksmith. If you want someone to break into the place and then show you how they did it, call a physical penetration tester. While that skill set of both roles overlaps in many areas, it’s just two different mindsets, really. What is your percentage on – when you’re going on physical assessments, percentage of getting into a building?
DEVIANT: We’ve never not gotten in. You’re always gonna get in. The question is…
JACK: 100% of success.
DEVIANT: 100% of success in terms of entering the building, yes. Every building we’ve ever seen we’ve been able to enter, sometimes quickly, sometimes it takes a while. The question is are we detected? Is there a response? How competent is that response? Can we talk our way out of it?
JACK: Okay, enough gibber-gabber. Let’s get into some story time and hear what it’s like when Deviant goes on a mission to break into buildings. [MUSIC] So, this first story starts out where Deviant was hired to break into a building to test its security.
DEVIANT: Their objective was to affect network access either externally from the parking lot, a cantenna or nowadays – we’re not poor hackers anymore; you get a nice Yagi. But trying to pick up on the building’s Wi-Fi. They said, did we – does the Wi-Fi leak? Or you could try to make internal connections.
JACK: But it wasn’t the company itself that hired Deviant. It was another penetration testing company that got this job. But what they were good at was hands-on-keyboard type of activities, and what Deviant is good at is physically getting into buildings. So, this other pen test company hired Deviant to essentially team up with their computer guy to get him into the building to plant computers in the network and gain remote access to this building.
DEVIANT: So, he was gonna get in the building with me, find an unused network port or compromise a network port in a conference room, and then basically just – do they have MAC filtering? Do they not? Can I get a device to connect to the network? Can I not? Let me see if I can get this little dropbox, headless computer, and then it would back haul offsite.
JACK: So, he didn’t have physical access experience. That was your job, to get…
DEVIANT: Correct.
JACK: …him in, and then once you get him in, you’re gonna keep watch, distract people, stall, whatever you need to do to let him do his job.
DEVIANT: Yeah, yeah.
JACK: It sounds like a good crew there.
DEVIANT: It’s great.
JACK: Like, two high skill sets together. Okay.
DEVIANT: It really – it’s a mutually beneficial relationship. It allows us to specialize only in what we’re good at, ‘cause I am, again, not a keyboard jockey these days, and it absolves a lot of headache and liability from the primary consultant team. They say, I don’t want to touch that elevator; I’m not qualified. Well, I’ll touch the elevator.
JACK: So, what do you bring to this engagement?
DEVIANT: So, I had a little field bag on me of some bypass tools, some lockpicks. I did have my elevator keys. I’ll have an under-door tool, I’ll have door shims, a mini-knife, kind of your typical kit.
JACK: Deviant checked out the building just to get a good understanding of what’s there, just driving around into the parking lot and sitting with his car and watching what the building is doing. Like, okay, there are security guards there, but they never go outside to patrol anything. They just sit at the front desk all day. On top of that, the building was very quiet. Not many people at all are coming and going, and this made him think that they probably put all their security at one single point of entry, and they may not have secured the back doors very well. So, after monitoring the place for a while, it was go time. [MUSIC] Deviant and the other computer guy go up to the building in the middle of the day. They wanted to find a way in. The two of them started looking around the building for a way in. They found some side doors, but they were locked tight. No clear vulnerability, either. Deviant might have been able to bypass those doors, but he wanted to find an easier way in, you know, that demonstrates a simpler technique that lets just anyone walk right in with maybe no tools at all.
So, he kept looking around the building, but was having a tough time finding an easy way in. All the doors were locked tight. No windows were open. No poorly-installed door or anything. So, he goes back to that side door he saw earlier. He wanted to take another look at it. Maybe there’s something there. Now, this side door was a double door. You first enter one door and then there’s a little room, a vestibule, and then there’s a second door that you need to get through to get into the building. When he looks for a way to get in through a locked door, he has a little checklist in his head that he runs through. It’s not like he has some magic tool that he just puts in the lock and the door immediately opens like on TV. He first analyzes the door and looks it over. He’ll at first just tug on the handle and see if it’s unlocked, then he’ll look at the hinges.
Maybe it was installed backwards; then he could just unscrew the door. Then he’ll look at the gap between the latch and the strike plate. If this is too wide or missing parts or installed wrong, he can use tools to get in there and open the latch from between the door and the door frame. In fact, any gaps at all between the door and the frame can be exploited, but this door had no clear vulnerabilities like that. So, then he starts looking at the whole thing backwards. Instead of getting into this door, how do people get out? Is there a crash bar that you just push from the inside which unlocks a door and opens it? Well, he looked through the window, but he didn’t see that. He didn’t see a handle on this door that you could turn or unlock, either, which made him realize what kind of lock he’s dealing with.
DEVIANT: It wasn’t a mechanically-released door. It was electronically locked. You can also tell – if you’re yanking on the door and it’s very clearly being held shut maybe at the very top, but the bottom of the door is wiggling by a quarter-inch, half-inch, you’re like, alright, that’s a mag lock. That’s a magnetic lock at the top of this door. I’m pretty sure we electronically can release that mag lock, either looking around and you see – I don’t see any push-to-exit buttons through the windows. No, it’s gotta be – looking through the window some more. It’s gotta be a sensor somewhere. Where is that REX sensor? Normally it’s right above the door. Eventually we had to look through another window from the side, and my buddy I was with, he’s like, oh my god, is that it? Is that it way the heck…? It’s almost down and to the right where the other – I said, by the other door? I’m like, god, yeah, that’s where they put it. Okay.
JACK: Okay, so there’s a motion sensor. If Deviant can trigger that, it’ll unlock the door. But it’s a good ten feet inside the door, so how?
DEVIANT: [MUSIC] It has a request-to-exit sensor, a REX sensor. These are sensors; they’re very common in physical access control environments, which will detect egress events, impending egress events, and they do it through motion sensors. Most of these are infrared, simple, passive infrared sensors. They sense a change in temperature; they presume it must be an individual making their egress from the building. Okay, no problem. So, how can you exploit this? If you’re on the outside of the building, do you throw a fire stick under the door, like a road flare, make it hot? Well, you don’t have to do anything quite like that. What you can do is take a can of compressed air, or if you’re very fancy, you go to a scientific supply shop and you get a can of tech spray or freeze spray, the idea being if you spray into the air a little cloud of propellant, a little refrigerant cloud, it will boil off in the atmosphere and make a very cold patch of air. You can do this to open doors.
You stick the little straw through the door crack, blast, and all of a sudden you hear a click. Oh, that’s the lock. Okay, the lock is released; open the door. This was like that, although the position of the sensor was much further down in the vestibule. It was a double vestibule kind of door. I said, oh, man. I’m trying to spray the air, spray the air, and we literally killed one can of propellant. I said, oh man, we’re gonna have to go back to OfficeMax or something. Eventually I was able to rig up a long, skinny straw that I could feed all the way through, kind of snaking it down this vestibule, and – almost like a wacky, waving, inflatable arm flailing tube man; [WHOOSHING SOUNDS]. Looking way down at the end of the vestibule, you see this straw spinning its way all through the floor and this cloud going everywhere. The door finally popped open.
JACK: That was on the floor. You went under the door.
DEVIANT: Yeah. We had to go all the way under to keep it as straight as I could on the floor, and it wanted to curve around, but eventually I got this door to release.
JACK: So, you hear a click and then you know the door’s unlocked.
DEVIANT: Yes. Thank goodness, too, because we had been…this was a good forty-five minutes of poking and prodding and going back to the shop. Okay.
JACK: Okay, so they successfully made it into the building. Now they need to find an open network jack for the other guy to plug his computer into to try to hack into the network.
DEVIANT: We find a little conference room thing. I said, okay, look – oh, cool, a Polycom phone system, and there’s an RJ45 connect. I said, do you want to try this jack? He looks in his backpack and he goes, oh no, I didn’t bring the dropbox.
JACK: [MUSIC] A dropbox in this case is a little computer that you could just plug in and leave behind and then try to access it from somewhere far away, like back at the hotel. But this guy forgot it. I guess he was configuring it the night before and just forgot to repack it, and it’s back at the hotel.
DEVIANT: Said, we’ll go back – you go back. You take the keys; here you go. Take the car. Go back to the hotel. I’m not leaving the building. We took so long farting around with that door. I’m gonna stay in this building. I can just let you back in when you get here. He’s like, man, I mean, the hotel’s ten minutes away and I gotta get the thing, come back. I could be gone half an hour. You’re just gonna sit in this conference room? I said, no, I’ll find somewhere to hide. So, what I did is I chose to look around a little bit. I was looking for an empty office or maybe a janitor’s closet. Those are nice. If the janitor’s not around, you could break into the janitor’s closet and just sit in there silently because the guards aren’t going in the janitor’s closet, the staff aren’t going in the janitor’s closet. If a janitor comes along, you gotta say, I just had some anxiety. I work here. I needed a place to chill, or pretend you’re doing drugs, I don’t know. I promise I’m going to rehab. Don’t tell me – don’t narc on me, buddy. But no, I didn’t find any good closets or anything. I found an elevator. I said, okay, well, we got an elevator.
It’s got no windows in the elevator cab. No, I didn’t see any cameras. I’m just gonna stay here, bro. He’s like, really? I said, yeah, I’m gonna put the elevator on independent service, which is a local admin mode that removes it from general dispatch demand around the building. So, this elevator cab will not answer call demand that other people might be registering, placing calls. I said, I’ll just stay in the elevator. There was even a little locked panel that I popped open. I said, there’s even a little power plug in here; I can plug my phone in. I’m just gonna hang out. I could just scroll Twitter, read posts on the internet. Said, you go to the hotel, get what you gotta get. Message me when you’re on your way back. I’ll let you in. I thought this would be half an hour of me just getting paid for free. It turned into hours, and I was like – I was messaging him, like, hey man, did you get to the hotel? Did you go to the wrong hotel? What is happening? Are you – did you fall into a bathroom? Do you have some bowel distress? So, I’m thinking, what is – finally I get an answer where he’s like, yeah, it’s not going well. I said, what’s not going well? I’ll tell you when I get there. He was sound – a little frustrated. I said, hey, I’m getting paid by your company either way. I’m on the clock. Back to Twitter.
JACK: [MUSIC] Two hours go by of Deviant sitting, waiting in the elevator, scrolling Twitter, reading articles, and relaxing. Then suddenly…
DEVIANT: I hear this really – boom, boom, boom, this pounding noise. Sounded like it was on the hoist-way door, just someone banging on the doors of the elevator. I went, holy crap, do they know I’m in here? Have they spotted me and I’m – maybe there is a hidden camera. What’s going on? No, calm down, calm down. It’s like if you’re camping, everything sounds loud in the woods. A deer could walk through your camp at night and you think it’s a bear. But I said, no, alright, it’s – I look at my phone. I’m like, alright, it’s after 5:00 at this point. This has gotta be the cleaners. They must be, I don’t know, getting fingerprints off of the hoist-way door chrome or something. I don’t know. But I just said, no, it’s fine, and I stayed in there a little longer. I really wanted to start to use the bathroom. Thank goodness my buddy’s like, alright, I’m coming back to the hotel. I’ll be there in a minute. Okay, elevator back to automatic. Go back to the lobby, open the doors, and I – him right near the vestibule. I’m gonna head toward it, but just – I don’t know what made me turn and look as the elevator was shutting itself automatically. I noticed that there was literally a notice that somebody had taped on the doors, ‘cause I had been sort of in-between two floors. I had been a little bit off the platform, but I could hear.
I was right near the lobby level. They were, in fact, hitting that door, but they were – it was a security guard taping a notice that said, ‘This elevator out of service. Yes, we’re aware of it. We’re looking into it. Please use elevators on north bank of the building.’ I went, oh, man, I guess somebody noticed I was in there. Thank goodness they didn’t think I was there. I let my friend in. He’s in the building now. Thank goodness we didn’t have to fight with the long straw. Alright, back to the conference room, back to the conference room. Okay. We barely got six or seven steps down the hall [MUSIC] when around the corner, we see a guard. ‘Cause now we’re the only ones – now it is a little weird at this point. Yeah, why – what are you doing? It’s after 5:00. This place is dead. The guards look at him, look at me, walk – and my friend is like, oh, what’s gonna happen here? The guard immediately saw that I had – ‘cause I was in the elevator for so long, I had put a little badge on that just said Otis. I have a variety of little badges in my kit. He went – looked at me, looked at my Otis badge, and he went, oh, you guys got here fast. I was like, yeah, I heard there was a – and I just – I lie for a living. I just dropped into it. My friend, I don’t know if he was nervous or not, but I said, yeah, I heard you had a problem with one of your elevators today. They pulled us off of some other job. Usually you’re paying for this elite care service. You’ve got a good tier service package with us here at Otis. Point me at the problem.
Let’s get you squared away. He proceeds to lead us right back to that elevator where I had been, with the notice still taped on the door, and he’s like, this friggin’ thing. I got calls all afternoon. Now I like this. I like that this guy, he’s invested in the problem. He’s invested in it being solved. I said, oh man, that’s – and it’s the only elevator in the bank. You don’t even have other cabs. You must have been – your phone must have been ringing nonstop. He’s like, oh, well, there’s not a lot of people in here, but they sure let me know about it. I said, well, let me see what I can do, sir. I pull out my keys. I still had my keys; the keys will turn, obviously, in all the key switches. So, I have the trappings of legitimacy where I, a) look like I have credentials, b) I’m sympathizing with his problem, I can express familiarity with his problem, and then c) I am pulling – casually pulling implements out of my pockets that clearly work in the system. If you were in a parking lot and you saw somebody with a red blazer and they – you thought they might be a valet and they say, oh, was it really busy in the restaurant tonight, sir? Then they are holding a key that opens a car door. Well, that’s gotta be the valet. They’re doing all the things that I’ve seen valets do. So, this guy just thought, well, he’s obviously the Otis guy. I’m rattling off some techno jargon and I’m turning key switches that don’t do much, but I’m claiming, oh, I’m resetting the door sensors now.
This will reboot the door operator if we hold it for three seconds. Here; let’s everyone step into the cab for a second. Let’s let this door close. So, now I’m – we’re bringing the guard with us, and the doors close. I say, alright, well, that’s good. Let’s try door open. No, we’re still level; we’re not mis-leveled. Sometimes a mis-level event can cause the doors to jam. Let’s try to go up a few floors. So, he just starts taking us up to other floors, floors that I didn’t have credential access to, but he’s going up floors and we’re stuck – it platformed pretty well. I’m pretending to measure the platform leveling, ‘cause again, I have just enough industry knowledge to speak to what you’re expecting a technician to do. I’m actually a – you have a trained life safety fire door inspector – not because I do that for a living but because I can walk around a building if anyone catches me and say, what are you doing in here? I could say, what are you all doing in here? Because these fire doors are not to code, and I can rattle off all the different – the signage is wrong, the glazing is this, you can’t have pertinences that interfere with that. So, I look like a technician. We’re getting – we finally get to the top floor which is a really juicy floor in this building, and I say, let’s walk around for a minute here.
I think this one – you said there’s another elevator? I’m pretty sure this one’s fine, but let’s try the south bank elevator, then the north bank elevators. Now the guard is so used to being in our company that even anyone else who’s in the building who sees us on camera or in person – well, this guy has been with the guard, so he must belong here. I start spinning a story about – do you have a room with a bunch of computers in it? [MUSIC] ‘Cause your elevator controller would be in that room. It would not be in that room. Said, but where’s the elevator? I can look for the error log data on the elevator controller. We can try to troubleshoot it, ‘cause you don’t want to have us coming out here again and again. Those stoppages, that was no fun for you. So, yeah, the guard took us to – he’s like, well, I walk around every night, and this is the one room – it’s got all these fans in here. So, he takes us and he – I think my badge works. Boom; he badges us into the server room. I say, alright, well, you help me look. There’s gonna be a bright, neon-green server, which is – again, I’m making that up, but I’m giving him a wild goose chase.
JACK: Do you turn to your buddy and be like, this is the moment?
DEVIANT: Oh, yeah, he…
JACK: You go now.
DEVIANT: He was tracking at that point. He knew what was up and he was amazed that it was working so well. But he was ready to go. A good friend will see you lying – and it’s all improv. It’s all ‘yes, and’. You just go with it. You build the world with them that they’re trying to build. So, my buddy was right – he had his – he had the dropbox kind of under his arm like it was a multimeter, right? It would plug into something. The guard goes down one aisle. I go down another aisle. Do you see it over there? My buddy, of course, he’s plugging stuff in, he’s plugging in flash drives, watching, documenting. The guard eventually says, well, I can’t find it. We can’t find it. Said, alright, that’s alright. It’s working for now. I’m gonna write it up. I’m gonna write it up as a priority ticket. We’ll get you squared away. What was your name again? He gave us a name. I said, okay, well, we’re gonna walk around, just check. There’s a few other lifts in a other buildings.
If anyone else is on premises and they ask what we’re doing, I’ll just tell them to talk to you. But thanks for all your help. It’s all good. He was so happy that, yeah, we stuck – even though we were done, we stuck around and went into a few other spaces just in case we got – ‘cause you want to give the client a win. You want to try to see, will anyone push back on you? It’s not about getting away so clean and so – if you work for the government and you’re spying on a foreign adversary, sure, you want to get away and not experience a mortuary event. But if you’re doing a corporate test, you want to see what their reactions are. If this staff didn’t catch you, interface with a different staff member. If this building didn’t stop you, try a different building. Where are the good as well as the bad in their security posture? But yeah, we wound up walking everywhere for quite a long time. We got into everything at that facility at the end of the day, and – digitally and mechanically and physically, yeah.
JACK: There are three things to test when testing a company’s security. You can test the physical building itself, you can test the people in the building, and you can test the electronics. This one tested all three. But there’s kind of a moral code that Deviant has when testing people, or otherwise known as social engineering. I mean, here, he tricked a guard into making him think he worked for the elevator company. But he also gave the guard many opportunities to check his credentials or verify who he is. Gosh, even if just the guard decided to give him a visitor’s pass and took their names down, that would be better than nothing, right? So, there were lots of training opportunities for this guard. But bad guys don’t really have these moral codes. They might wrestle the guard to the ground, tie him up in the elevator, or break some windows to get in. It’s possible to figure out where the owner of the company lives and kidnap their kids, holding them for ransom for some company data. But as a social engineer, you really want people that you trick to feel better for having met you instead of feeling awful because you screwed them over so bad. But where exactly that line is is hard to say, though. We’re gonna take a quick break here, but don’t go away. We have two more stories from Deviant when we come back. Deviant Ollam breaks into buildings for a living. He’s well-known for it. So, a company in Kansas heard about him and hired him to come out to test the security of their building.
DEVIANT: [MUSIC] It was a small town, man. It was a small town. So, this was a company doing large – sort of blue-collar industry in a small town where I’m not from. The only thing I got going for me is that I’m a middle-aged white dude, and that’s where my flex ends, ‘cause I don’t know people in this town. I can’t speak to the widgets and wonkets that they pack into boxes and parcels and drive out on a big rig. I was going in – whew, we’ll see how this goes, boys.
JACK: Being so far away, he had to fly out and rent a car and then drive to this town. He didn’t go alone, of course. He had two others with him who also worked at his penetration testing company, and one of his teammates brought his dog with him.
DEVIANT: She’s a search-and-rescue dog. She’s amazing. So perfectly trained. You could let her off the leash and she knows commands where she could run and just kind of be hidden in the woods. So, now, he’s a guy walking around with a leash, and who doesn’t want to help a guy with a dog leash? Of course, you got – that beautiful dog of mine. So, eventually he’ll – she’ll come running out. If he gets challenged by – oh, here’s my dog; thank goodness.
JACK: Holy cow, the dog is a social engineer, too. It’s part of the act. Go hide while I pretend to look for you, and wait for me to give you the secret command before you come. Oh man, I never thought of packing a dog in a physical penetration testing kit. But they’re gonna need it, because this place looked really hard to get into.
DEVIANT: [MUSIC] The goal was to demonstrate access to quote, “sensitive areas”. We had a list of sensitive areas, manufacturing areas, certain people’s offices that were in charge of critical functions. If we could demonstrate we could tamper with end product before it goes to market, that would be – you just tamper; means you touch hands on this one machine or this one package and take a picture.
JACK: So, why don’t you think you can get in? What’s the thing there that you’re like, ugh?
DEVIANT: It was a small crew. It was maybe a dozen employees on any shift, and everyone knows each other. It’s not an environment that was open to the public, so it’s not like customers or visitors were coming and going, which is much more common in offices. Yeah, if we were onsite – not to mention, we had to read all their briefing materials on their OSHA regs and their best industry practices. So, if you’re in a production environment, you’ve got the hard hat here, you’ve got this, you’ve got the ear plugs. Otherwise the foreman will be – say, who is that person? Who let you in here, jackoff? So, we wanted to minimize contact with humans. We would go at night, we said, and we would try – small-town America; you play to what you think is going down. You say, it’s either gonna be Saturday-night football, or Sunday, everyone’s maybe at church. I don’t know. So, Saturday night, we started to weaken the target. So, we’d approach, we would remove card readers from their mounts. So, it turns out there was an open campus. You could walk onto the grounds.
There were no fences. But we would remove card readers from the wall, we would install little interception devices behind the card reader, put them back on the wall. It’s a device called an ESP key. We had to check a few door – the doors were all tighter than – tight as a drum. We’ll compromise the card readers. Hopefully somebody coming or going on a late shift – ‘cause they did have a – they worked in three shifts. Maybe someone’s going to use a door and we’ll be able to compromise the credentials when we come by tomorrow. Sunday, there were no – there was – we asked, do you have any hours on Sunday? They said no, it’s pretty thin on Sunday. Okay. I mean, a production environment – the actual factory was running, but the offices were dead on Sunday. Okay, come by Sunday morning, and we drove by the parking lot, just pulled in and pulled out enough that I could dump the – remotely, I could radio in to the interception devices. I got some credentials; good.
JACK: You caught all that, right? There are RFID key cards that employees use to unlock doors to get into the building. Deviant installed a card-sniffer behind the real card reader, and someone badged in during the night, and his sniffer caught that. Now he has that data and can write that onto a blank key card which would give him access into this building. Now, while he was doing that, another one of his teammates was hiding out, watching the building from a distance, taking pictures of people coming and going. This guy had a camera with a long-range zoom lens, so he was out there taking photos of what badges looked like for people who worked there. He couldn’t get high-quality close-up photos of the badges being that far away, but it was enough to allow them to replicate it in Photoshop so that if someone is walking by or from a distance, they wouldn’t know the difference. So, the team all met up at a coffee shop to put the right logo on the badge and to write the data onto the key card.
DEVIANT: [MUSIC] As we’re there, my buddy, the guy who has the dog – he didn’t have the dog at this moment, but that one partner, he’s like, I’m just gonna take one more walk around to see – kinda see the factory and get myself a little coffee or something. He comes back to where we were as I’m making these badges. He comes back twenty minutes later; he’s like, this is gonna be interesting, man. I just stuck my head in at the post office. Everybody knows every – hey, Frankie, Sally, how you doing, Bobby? It’s like, if we run into anybody, it’s gonna be a record scratch. It’s gonna be weird, man. We said, alright, we’ve done this – we’ve been in hard jobs before. Let’s go, everybody. We pull into the parking lot. We had some PPE and hard hats with us, looking vaguely factory-ish, and we go…
JACK: So, you’re looking like employees that are – should be there or technicians visiting?
DEVIANT: Yeah, just looking like employees. If anybody literally – if a town cop was going by where they’ll think we must work here – we look like blue-collar workers. Sure enough, nobody – no police – it was right on Main Street. It was a tiny, tiny town, but this factory was right in the middle of town. It was the only thing in the damn town, honestly. So, boop, card reader works. Okay, we get in one building. Thank goodness we’re inside. [MUSIC] We’re walking around. Once you’re inside, a lot of buildings’ security’s a little weaker on the inside. You can get into offices, you can slip a latch, you can pop a drawer open. We found a company trucker cap. Somebody took a company jacket. Again, just so you’re looking a little more like you belong there.
The thing is, the badges we made – we had seen long-distance photos of their badges, so I had pre-printed these badges with their logo and everything in roughly the right place to look – the badges look the part and the badges are opening doors. But within maybe half an hour, we hear one of my teammates come running. He’s like, hey man, someone just pulled into the parking lot, not to the factory. Somebody pulled into – they’re coming into this office building, which no one is in this office building this Sunday. We’re like, alright, we’re just – look like we’re working. We sat in the break room area, and this guy comes in. He must have been fifty-six, fifty-seven years old. He’s like, how do you do, gentlemen? Said, hey, how’s it going there? Can I ask what you’re doing in the office today? The vibe was instantly off. We said, oh, we’re just checking if – we had a story. I think we said we were doing an environmental audit. We were checking door seals.
JACK: He was in the building?
DEVIANT: He was already in the…
JACK: How did he get in?
DEVIANT: So, he clearly worked there.
JACK: Okay.
DEVIANT: He was – and he – we could see on his hip he had a badge. We said, no, we’re just checking some door seals. There were some door closure issues and – for regulatory compliance, you have to keep product separated, blah, blah, blah. We had a bit of a story and we said, we’ll get out of your hair. We’re just leaving this building anyway, not to – and we kind of left the building. The guy didn’t – he didn’t quite vibe on that. He was looking at us a little weird.
JACK: Well, this was mostly a success. They needed to demonstrate access to sensitive equipment in areas, that they were able to get into the building and take pictures of them touching this equipment and stuff they just shouldn’t be able to get to. But since this guy really wasn’t buying their story, they decided to leave, because as a penetration tester, when you get caught, you want to see if you can get out of that situation, try to leave and get outta there, see what happens. Is this guy gonna stop them from leaving? So, they walked out and got to the parking lot. They could get in their cars and go, but there was another building in this parking lot that they also needed to test. So, might as well walk over to that and see what happens. [MUSIC] They thought this guy might be watching them, though, so they walked across the parking lot to the other building and made it very clear in case he was watching them that they had badges that they were using to get in the building. These were working badges, and if the guy was watching them, he could see they had valid key cards to get in the building. Don’t forget, on top of that, they have a jacket and a hat with the company logo on it.
DEVIANT: Then we – in the new building, we’re like, peering out the windows through the blinds, and this guy walks to the parking lot. We’re like, alright, he’s gonna get in his car. Nope; walked by all the cars, walks to the building we just got in. We’re like, oh, my god. We hear him start walking around this building. At this point, we’re pretty sure we’re roasted here. Two of us break off. One guy goes – he meets two of the guys in some other hallway. He’s like, excuse me, gentlemen. I’m gonna ask the same question I asked before. What are you doing in this building? We said, well, we’re doing this – he’s like, no, no. Who hired you to do this job? We said, well, it was Francis, Francis in HR. She brought us – he’s like, I don’t know if Francis would have brought you on. I’m gonna have to try to call Francis. He couldn’t reach her, and he – and we – and as he’s dialing, it was like, no, no, come on, look…
JACK: Was Francis a word you made up?
DEVIANT: No, we knew – we checked their staff. We knew some staff. We said, no, Keith at the Wyoming plant, Keith knows that we’re here. He’s like, hm, I’ve been working with Keith for a long time. Keith might have said something about new folk. I haven’t heard that; I can call Keith. So, we’re like, oh my – and eventually after he’s getting – he keeps trying to dial phone numbers on Sunday, and we realize if he’s not gonna reach anybody, he’s just gonna call law enforcement. This was not gonna fly.
JACK: Deviant and his crew were caught. All the windows of opportunity to lie their way out of it were closed. The game was over, so, time to come clean and show the get-out-of-jail-free card. See, here’s the thing; when you’re paid by a company to break into their building, it’s possible it could all go wrong, so you need a letter of authorization from the company, preferably someone real high up that can vouch for you that when you call them, they will say, yes, we did hire them to do a security test on the building. You print this agreement out and put it on a piece of paper and carry it with you at all times when you’re doing a physical penetration test like this. This is what’s known as the get-out-of-jail-free card. Now, what some penetration testers do is they print off a fake one. It’s got the right name of the head of security, but with a phone number to someone waiting in the parking lot who would act like that person if they got called. Deviant saw that this guy had everyone’s number in his phone already and thought the fake get-out-of-jail-free card isn’t gonna work here. So, he gave him his real one. This was the first and only time Deviant has ever been caught to the point that he had to show this paper and come clean like this.
DEVIANT: He said, I know that person, but I’m gonna call her cell phone and not the number that you’ve printed here. So, as it turns out – and we spoke to him. He said, okay, alright. Well, if you say so. Alright, Susan.
JACK: Brilliant. He did not trust the number on the paper that Deviant handed him. Instead, he looked up the names and number himself. This was the right thing to do. Sure enough, the head of security vouched for them and said, good job catching them. Yes, we did hire them and they are supposed to be there. So, now that he knows the real reason Deviant and his crew were there, Deviant had to ask, how did you catch us?
DEVIANT: He was like, well, I was driving by – he wasn’t even on site that day. I was driving by and I saw a couple of you boys entering the building, just as we were just getting into a door. He’s like, it didn’t feel right. So, I got a block or two down the street and I turned around and came back. Who the hell gets past their office and has that much emotional investment to go, oh, I should go back to the office and see what’s – he drove all the way back in, parked, and started checking around buildings ‘til he could figure out why were these fellas he didn’t recognize from two hundred yards away – why are you in my buildilng? He had worked for this company for something like thirty-eight years and he had emotional investment in the company.
The company mattered to him as a person, and he was not gonna take anybody giving him a line. He said, no, I want to know what you’re doing. It felt like if someone was in your backyard and they said, well, I’m just trimming your trees for your neighbor, but they kept kinda walking through your backyard. You might be like, I’m gonna knock on my neighbor’s door. Why is this person in my backyard? So, that’s what happened, and we – that was the first time we ever had to show the – and we knew we could have had a fake letter, but we’re like, that’s not gonna fly. This guy, he is switched on, he is sharp, and he got quite a little kudos out of that, and he was professional the whole time. Didn’t try to tackle us, didn’t make threats, just kind of slowly plodded after us.
JACK: Okay, so, they were caught. That’s that, right? No. [MUSIC] They said, hey, good job. You caught us, but don’t tell anyone else because we’re gonna go and come back again later and try to see if anyone else will catch us.
DEVIANT: We left for a few hours. We went to have lunch. We did come back and we only made it in, again – gosh, forty-five minutes, an hour until we ran across some other person. I didn’t even interact with this person. This was just in a production – just kinda walked past them, and they almost on their heels turned and spun and said, hi, can I help you? What are you doing in this space? We were like, son of a bitch. But that was a great day because we – this little Nowheresville facility, they had a really sharp head of security who had been coming to Defcon and Black Hat, watching talks like mine, really investing and upgrading their locks and their access control credentials. Even after that, he was like, oh, you did clone – you made the ESP key.
We’re gonna revamp our back haul protocols, for a little nowhere factory in nowhere. Nowhere, not subject to threats and not subject to robber – the most threat they probably have is people trying to break in and, I don’t know, steal copper or something. Rural threats are not the same as an urban environment where you have a lot more potential risk of different kinds. But no, this one guy, he was really all about it and he took it to heart. He had a lot of buy-in from management and everyone was just – they were pleased and proud of their people. We told them, keep investing in your people. They like it here. Make sure they keep liking it here, because they are the best line of defense that we’re ever come across.
JACK: You were caught. Do you consider this a caught? Do you consider this a fail? Is this the only time you’ve ever been caught or have you been caught before?
DEVIANT: I will consider it a caught. I won’t consider it a fail because this – if you’re doing your job right, this is the best success you could have. We got caught for all the right reasons and I’d like to get caught like that much more in the future by companies that have employees that actually care about what’s going on. The only way you get that is if you have a real nice environment where you’re treating people well, not just as meat grinding through the mill, right? You actually have to make people want to work there by rewarding them, by paying them properly, by giving them real benefits. That’s the only time we’ve been caught and didn’t bluff our way out of it, you know, talk our way out of it.
JACK: [MUSIC] Okay, let’s hear one more story of Deviant breaking into buildings, and this one’s my favorite. This one is against a critical infrastructure-type company, I think a utility company. If someone were to get in and cause harm, it could be ruinous for the whole town.
DEVIANT: Most of our jobs, we get a list of sensitive assets or sensitive areas from the client and we say, would accessing this asset or being in this space represent a severe breach? Would a bad actor in this space have the ability to severely compromise operations or cause severe impact? Once you have that list of assets, you formulate a series of attack chains. You sit with your team after a lot of recon and you say, alright, so, do we think it’s smart enough to go to this one first or should we try to go through this one? We’ve identified where these assets are, which parts of the buildings and the grounds. Okay, so, which team is best suited to position here, here, here, and you come up with a plan.
If one team gets burned, they’ll say, okay, well, that team is – alright, they might have gotten notice, might have not. Let’s pull them back; let’s get off-campus. They just became overwatch. They’re running a drone, they’re running long-range cameras. They’re back at the base on radios. Let’s put another team in. We do a lot of rotating out of rental cars where you go back to Hertz or National or somebody; you say, oh, this car’s pulling to the left a little bit. Say, we have another one. Said, do you have a different model? Maybe a really different color? Because if somebody’s seen that weird car in the parking lot – so, it was a job like that. It was meticulous and we had – it was a large job. There were probably three or four different field teams at any given time of pairs of people.
JACK: Okay, wow, this is a big job. If you remember from other stories, Deviant likes to be prepared and bring a big kit of things, anywhere from having lockpicks and keys to the Otis elevator repair shirt, and having long-range cameras and full badge-printing machines. But this one, he needed even more.
DEVIANT: [MUSIC] This job was the kitchen sink, man. This job had case upon – tons of Pelican cases shipped in. It was close enough that I – it was many states away from where I was at the time, but I was living in Montana. I just said, I’ll drive. If the budget’s there for me to – I’ll make it a couple day drive, and my truck was – I mean, we brought the works, man. We had a 3D-printer in the Airbnb, we had a couple of our really large key machines, our exotic key machines, just in the Airbnb on the living room table. We were ready for as much as we could be.
JACK: Okay, so, when you have a job this big, it’ll help if you have a few extra people. Of course, Deviant drove out for this, but a half-dozen other people came out, too. Babak was also there.
DEVIANT: We’re all cross-discipline. Babak is very electronic-focused. Of all the team members, he is the highest strength among us in the electronics department, especially as it relates to access control technologies, credentialing technologies. He gets good information from a lot of the industry sources and partners where he get – he’ll get the new badge printer that somebody’s just pioneering and he’ll get a sample model of that, and we’ll try it out.
JACK: Drew came along for this one.
DEVIANT: Drew is our main surveillance person. Drew is an incredible person with camera glass, drones, ultra-light aircraft. He is the eyes on the ground and in the sky.
JACK: They called in Sophie, too.
DEVIANT: Sophie is a devastating social engineer.
JACK: Robert was another key player here.
DEVIANT: Robert is an incredible physical tactician, along with being personable with people at the drop of a hat. He used to be a cop, right? So, he can lie through his teeth with a smile on, and his job is to manipulate you as a human, because he’s gonna get what he needs and he’s gonna get it out of you for information or he’s gonna get out of your sights ‘cause he wants to move. He can be – yeah, he can be front-and-center or he can be a ghost.
JACK: Imagine being called a physical tactician. That’s quite the title, isn’t it?
DEVIANT: Drew and I reached out to an old colleague of mine named Laz who was back East. We brought Laz in. We had a couple of interns at the company who wanted to get some exposure to field work. A lot of times jobs just aren’t big enough, but this was crazy. Yeah, they’re bringing the interns, so, we had quite the cadre of people. We actually had two Airbnb units right next to each other, we had so many people. It was these two little cabin-type houses on some park somewhere.
JACK: Gosh, they rounded up the whole Ocean’s Eleven crew for this job. So, they all met at the safe house and started on phase one, surveillance.
DEVIANT: That was almost a week of recon. Yeah, that included driving by for the first few days, just a lot of long-range camera work in cars, which led to then hikes through fields where it was a lot of Drew and Robert just in – they’re in hunter’s camo. They’re hunters, right? So, they’re gonna crawl through field – they were first walking and then they were low-crawling to get really up close to the buildings.
JACK: See, I don’t quite get this, right? Some engagements you’re just like, let’s just see if we could walk in through the front door; let’s go. Then some engagements you’re like, okay, you feel like getting muddy?
DEVIANT: Oh, yeah.
JACK: You feel like getting the special equipment out? There’s work to that. Dude, really? You really want me to crawl through the mud so I can get a good photo? Yeah, yeah, go under the fence there, do it at night, so…
DEVIANT: Yeah, and we were all about – who gets to do this and not ever really risk getting hurt for it? I think it’s a great thing to get to do it.
JACK: Okay. I just don’t know – I guess I don’t understand the level of like, okay, let’s really start light and see how much we can get without even getting a foot on campus, or what…?
DEVIANT: Some of that is spoken to in terms of the client’s willingness to have a more involved job. Labor is cost, right? So, time is money, and they provisioned – they said, no, we’re – they were really serious about – they’re targeted by foreign adversaries.
JACK: Oh.
DEVIANT: They are targeted by real threat actors at that point. An actual threat actor would not think twice about spending an entire night just in – belly-down in the dirt with long-range glass, learning which employees go through which doors at which times and when the security patrols come around and when they don’t.
JACK: Okay, so, another thing to think about here is this company invested a lot into security; cameras all over the buildings, inside and out, trip sensors, security teams. They really, really wanted to detect and stop any sabotage or intrusion or disruption against this facility, and they did everything they could to stop this. In fact, this company had its own red team who just attacks their own company looking for weak points and vulnerabilities or whatever they could find that an adversary might exploit. They’re on the offense, which makes them the red team. The defense team is known as the blue team. But it was the head of the red team that hired Deviant and his crew so he could communicate and confirm certain things with the customer, the head of the red team. For instance, as they were doing their recon, they noticed something that looked like a radar system to detect intruders. So, he messaged the client and asked things like…
DEVIANT: Keith, are they using SpotterRF? He’s like, yeah, yeah, you spotted the spotter. Cool, yeah. We have it pretty masked, but you must – he’s like, you must have been really close. I was like, yeah, we were right up against that fence like. He’s like, okay, yeah, no, you got it, you got it. Don’t approach from the west side; you spotted that one. Because again, let’s say you’re the Chinese government and you got a guy laying in the dirt, crawling up to a fence line, and then this guy takes some pictures. You say, look at those tech – are they using…? Oh, that’s RF. They’re using SpotterRF. It’s a way of looking for motion sensing in a field. If it’s the Chinese government, they would then back off and they would say, okay, let’s spend another two weeks figuring out who sold it to them. Let’s figure out which version they have, what its coverage is, whereas for us, we just Signal message. We said, hey, I found this. Is this what I’m seeing?
They say, no, yeah, yeah, we’re not gonna make you charge us another week’s worth of effort to go get a sample unit, you know, and set it up in a lab and figure out the exact distance and range that it covers. It doesn’t match the manufacturer’s spec. So, it’s a week of that. It’s a week of getting close, taking pictures, coming back to the Airbnb, analyze – who’s this guard? Is this Mobile 2? No; he was on foot yesterday. No, the guy on foot was in – okay, no, this is the guy in the truck. Let’s make a name for him. You make up names. It’s like a pin board out of a detective show, right? You got a wall of people and one really great photo of a guard looking at us through these binoculars. Yeah, that guy – we printed that photo out a lot, put it around the Airbnb. So, some of those guards are really switched on. Well, ‘cause he couldn’t see us, but he saw something and he was like, what’s that? Rob and Drew just stood stock still in the dirt in the ghillie suits for like, an hour.
JACK: Ghillie suits? Those are the big camouflage suits that you see military use, where they have tree branches and leaves sewn into the suit so that you look just like a bush when you’re holding still. Crazy. Now, of course they aren’t just casing the place physically. Sophie is also trying to infiltrate the people inside. [MUSIC] She’s trying to get pieces of information that could help her know more. She created a fake social media profile and started trying to connect with people who work there.
DEVIANT: The work involved in setting up a fake profile is non-trivial. It’s really hard to create a fake LinkedIn or a fake anything these days that looks legit. You need to have history there. You need to have connections. It’s like planting crops. You have to create these profiles and then you water them; you come back and you connect and you make posts, and you connect to these people and you endorse that person. Months and years later, these are now fully-formed. You can maybe use one of them on a job to connect to other people and try to – but if you get burned, well, that’s – alright, there’s a year and a half of work that you – that profile’s roasted. So, you – the fact that she has access to these and she made those connections to find out what was going on and can – let’s – can I share your profile so I can see your photos from the – oh, okay, now you got the access to the private photos. Oh, that’s – the company’s having a pizza party on Friday, that kind of thing.
JACK: Okay, so, after almost a week of watching this high-security building from the outside, they determined this place is completely secure. They found one little area that they could access, but it was kind of an insignificant finding.
DEVIANT: So, we determined that it was feasible to get through the fence line. In fact, as a proof of concept one night, a small team did that. They crawled up to the dirt berm where the earth had been compacted but not quite enough in one spot. They trenched under the fence. They just dug and dug with hand – like, small entrenching tools, and they’re pulling out rocks. They proved you could slip under the fence, and they just took a picture of one guy on the other side of the fence and then came back. That’s not – it’s not super-practical. We knew this was still a site that was being built out, and we told our point of contact – we said, hey, just so you know, we proved we did this. The shake sensors in the fence didn’t catch us. He said, nope, I bet I can tell you which – you were probably on the north side. That’s all gonna be concreted in. The footer of the fence, it’s still being built. We said, okay, well, it’s a data point for the metrics, but we’re not gonna treat that as a standard entry point.
JACK: So, the only way to get into this place was gonna be where everyone gets in, through the vehicle checkpoint. [MUSIC] This place had high fences, barbed wire, cameras, shake sensors, radar. It wasn’t kidding around, and that’s just to get on the property.
DEVIANT: It’s like visiting – it was non-military. It was a civilian compound, but it’s a military base, right? If you have a working credential, you drive up to the vehicle checkpoint, they see it, you boop it, and you go. If you don’t have credentials, you’re going to the visitor’s building, the tiny shack, and someone is coming out and dealing with you. Without a credential, you’re not getting in. But there’s always some exploits here, right?
JACK: There was some construction going on, and Deviant was able to drive into the construction area just to do some surveillance on the front gate. He got some good video footage of exactly how the vehicle checkpoints work.
DEVIANT: We learned – we said, okay, this is interesting, this is interesting. Look at this. Look what happens here. You drive up, and staff were holding their badge up. Clearly they’re presenting a badge to the guard who visually would nod at it. Then they would drive further down a good ten yards past the little overhang, and there was a badge-reader sitting out in the middle of – just unattended. There’s just a big badge-reader on the – and they would, boop, they would badge that, and then a vehicle gate – a gate arm would open up. So, that’s an interesting thing. That’s an odd thing. Then we said, look at that gate arm. Look at that gate arm. Many gate systems will use ground loop sensors. Much like when you pull up to a stop light, it knows your car is there because it can detect the metal of your vehicle and it’ll cycle the light. A lot of gate systems use these. A very typical configuration would be – the most common one is a stop-or-safety loop. Right in where the gate arm is, if a vehicle stalls out and sits there for some reason, the gate arm won’t come down and hit the vehicle. You don’t want to damage anything. That’s typical.
You might have entry loop so that once you pull up, the gate arm doesn’t – just doesn’t operate unless somebody boops their car. You can’t walk in on foot. This is not a pedestrian entrance. I’m sorry, you need a car. If you’re a pedestrian, go to the pedestrian entrance. It’s around the fence over there. This is a very common problem for certain motorcyclists or bicyclists. People on bikes sometimes don’t have enough metal to trip the ground loop, depending on how they’re built. But the real one – and this is the one that a lot of buildings do not use – you got an entry loop, you got that stop loop, you got the safety loop. There’s also sometimes a clear loop, clear meaning you have cleared the checkpoint. Bring that arm right down. It costs money to install these. You gotta cut into the asphalt and you do – everything’s money. A lot of installations, this one included, chose to configure it – well, we don’t need a clearage loop. We’ll just – the arm goes up, there’s a dwell time, and then after that, it’ll just drop down unless there’s somebody stalled out. So, they were using a dwell time, and the dwell time was set to – gosh, it was like, twenty seconds. It was long.
We’re like, okay, this is news we can use. [MUSIC] So, our plan was, we’re gonna tailgate in behind what we think is a real vehicle, ‘cause it was a long entrance road off the main road to get even to the vehicle checkpoint. Our plan was, you’re gonna tailgate in, we’re gonna give Sophie in the front seat of the car, who looked businesslike – we’ll give her a badge that looks like their badges. We knew what their badges looked like. It’s a multinational company; we’ve seen their badges in other facilities. We don’t have their badge technology. They were using private keys on their credentials, so we couldn’t easily clone their badges. But Sophie could pull up and smile at a guard and hold up a badge. Then, ‘cause she’s tailgating behind someone’s vehicle, literally tailgating – as that person boops the reader and goes through, Sophie would pull up, pretend to boop the reader. Again, that’s ten yards away from the guard shack. They can’t hear a beep noise. Then before that dwell time finished, she would hightail it through. If a guard was really sharp, they might be like, huh, that gate came down kinda quickly after that car, but nobody’s gonna be that sharp.
We said, alright. Now, the critical thing, we said – we need about three or – we need different ways to have you peel off if there’s a problem. The first thing is there’s that construction lot, right, where I parked to get the footage. We said, if for some reason the car you’re tailgating isn’t a regular employee, if anything goes wrong, if they ask for directions, they’re – who the hell knows – just pull into the construction lot, K-turn, and get outta there. It’s a little weird, but who cares? We’ll roast that car. We’ll switch the car out, we’ll regroup. Let’s say you’re fine. Let’s say you get past. You hold your thing up to the guard and the guard looks at you and says, hey, do you work here, do you not work here, et cetera. You say, no, I’m new here. Say, my – if you’re – you could social engineer that if you had to. If you say, oh, I’m lost, or is this not the main entrance to the – no, I just started. Okay, well, pull over there. Okay, we’ll figure that one out.
The last one was a really slick one. We said, if for any reason you get trapped at the gate – like, let’s say the arm starts coming down and you’re like, oh shoot, I can’t tailgate in. We had printed a nearly-identical badge for a – it looked very similar but it was – the logo was another company in town. It was out in the rural area, but was another big firm that had a warehouse or something, a fulfillment warehouse in town. We said, act – boop – pretend to boop and say, my badge isn’t working, my badge – and make the guard get out of the shack and walk over, but she would switch the badge. It was on this red lanyard and she – my badge – so, the guard would go, oh, oh, is this the badge you just showed me? I’m sorry, ma’am, this is not – you’re – you’ve gotta go down the road another few miles. You’re in the wrong – oh, I just started; duh, sorry. So, we had all these little outs.
JACK: Okay, this is a lot of work just to get into the parking lot. Sophie’s gonna try to drive in, and it was important that she’d be the only one in the car. That way, the guard doesn’t start asking for passengers to present their badge and get curious and interested in what’s going on. But through their surveillance, they noticed the guards never checked the trunks of the cars.
DEVIANT: It wasn’t just her in the car. Robert and I were wedged into the trunk of this car because we wanted to get as many people as we could onto the corporate campus if we could get this to work.
JACK: So, they load up their gear, jam themselves in the trunk, and off they go, [MUSIC] driving towards the facility.
DEVIANT: All we could feel was the car kind of – kinda rocking back and forth, and we judge, okay, there’s some rough bumps; those are the speed bumps. Okay. Now we stop for a sec. That must be the guard – oh, we’re moving again. The guard didn’t stop her; okay. Then, okay, we slowed down a little bit. Oh, we’re really moving now; that must be the gate arm. We’re really – we’re jitter-bugging along for ten seconds, twenty – we’re like, we gotta be through that gate. We gotta be – I know we’re through that gate. We eventually hear Sophie’s voice, like, it totally – we’re through that gate, boys!
JACK: Sophie pulls down the back seat so the guys can climb through the car, which will take a while. It’s a tight space. This is where they split up, though. Sophie goes right to the front door of the building to try to use her social engineering skills to get into the building.
DEVIANT: She was just charming. She just said, I’m new – she followed some – a group of people. I’m new here; I just started this week. Oh, did you get the tour? She said, no, there was a tour – we knew that there was a company tour that somebody posted on social media, and we’re like, well, I didn’t get the tour last week. I heard about that. This guy who was like – I’ll give you the tour, little lady. So, yeah, he was like, you should check this out. He’s taking her to place – and there were a couple other employees, one of which even turned and looked at her and went, hey, I know it’s a tour, but you can’t tailgate. You have to use your badge. She goes, oh, you’re right, and just kinda pretended to boop her badge. It’s not making a sound, right? We have little – we’ve – have, like, beep, beep on our phones, so if you need to – everyone’s on their phones. You’re just gonna – oh yeah, beep, beep. Just, okay, then you walk in. But yeah, one woman literally said, are you trying to tailgate? She says, oh, you’re right, you’re right, they told us this in orientation training. Then they – but yeah, they took her into the heart of the beast, right? She was sending Signal messages to all of us, like, hi, I’m in this thing.
JACK: With pictures?
DEVIANT: Oh, with pictures, day one.
JACK: Okay, so, while she’s making her way into different rooms and getting a solid lay of the land, Deviant and Rob climb out of the trunk of the car and come out of the car. Climbing out of the trunk directly would be weird, so they had to snake through into the car and then exit through the regular doors to look normal.
DEVIANT: Robert and I looked like construction workers. I mentioned there was construction ongoing at the facility, so we had our jeans and steel-cap boots. We had some high-vis, we had the helmets clipped to our belts; if you want to throw a helmet on, you can. We had tools, we had workers tools on us, and more in the trunk, too. So, we just kinda walked around the building and started, quote, checking doors, checking the handle. Is this door really locked? But also, there’s a little door-gap checker. It’s used when I do fire door stuff. There are tolerances. This is a quarter-inch, eighth-inch. How much tolerance is this door? You can check the door jams and the top of the door and the bottom of the door. So, we’re just, quote, checking doors and pretending to take notes on a tablet. We’re going around and seeing if anybody left a door open, or could we tailgate in. Eventually we do. We tailgated in, we walk through some spaces, and between us and another team – was able to exploit a similar path. Now that we know, we’re like, well, Sophie got in; maybe Drew can do it. Drew’s not quite as charming as Sophie, but Drew can drive through a checkpoint. He did.
JACK: Drew was able to tailgate into the building, too. This is where he just waited near a door until someone was going in or out, and then he just went in after them without having to use a badge. Day one was a success. All three teams got into sensitive areas and showed their contact how they got in. They took photos and were able to leave without being detected or caught. So, they decided to do it all again the next day, [MUSIC] but this time be a little more sloppy. You know, like standing near a locked door a little more obviously and actually looking like you’re waiting for someone to come open it for you. Sure enough, somebody did come open it and didn’t challenge them, and held the door open for them. Or they might have shouted at someone, hey, could you hold that door open for me? Thanks!
DEVIANT: It was shocking how once we got past that fence line, we started realizing that no one really challenged us.
JACK: Their outer perimeter was very secure, but it seemed like that was the main layer of defense. To properly secure a building, you want to do defense in-depth, and not just one gate at the front, but many gates the deeper you’re going. They didn’t encounter that. So, now that they’ve accomplished all their objectives by getting into all the sensitive areas that they were tasked to get into, it was time to step it up a bit or step it down, depending on how you look at it.
DEVIANT: We said, let’s just try to be sloppy. Let’s just try to like – hey buddy, hold that door, and don’t be polite about it. We’re like, man, we just keep getting in everywhere. We kept getting into so many sensitive rooms and we’re messaging our contacts and we’re saying, hey, we’re in here today. You want us to try the third ware – you want us to try the – this generation building? Okay, try to get in that building. We’re really not getting challenged. So, by the end of the week, you’re like, we really want to give you some wins here. Do you want us to just start doing stupid shit? Trying to see what level of noise it would take to make the employees at the customer site say, hey, that’s not right; I should report this to security. We were setting off alerts and alarms at that point.
We were propping doors open with doorstops that you’re not supposed to do, and if it’s held for more than thirty seconds, then a guard has to come out and go, why is there a doorstop here? At this point, we had literally caused headache on the part of the guards because we had been putting doorstops in and holding doors open and just really kind of – they were like, what’s going – why are the employees being such a pain these last twenty-four hours? This day, at one point I think I took caution tape and I propped a door open and put caution tape all around the door, and – just to – do we take the tape off? Do we not? What are they working on? I put a work order on it that’s – because we had seen other work orders and maintenance areas.
JACK: An exit door?
DEVIANT: No, this is an internal door to a sensitive machine room. The guards were like, do we…? They had to escalate to a supervisor and say, no, take the tape down and we’ll figure out who left that there later. We’re still not getting quite caught, right? We’re still – we were interacting with some guards. I said, hey, who took the tape off this door? That kind of – you know. But they kept seeing our badges. Okay, so, finally we said, what do you want us…? We’re on a quick three-way call with the customer. What do you want us to do here, man? We’re really trying. We’re trying to – we’re walking up to people saying hi, I’m not from this department; can you tell me where to…? And no one asked, why are you in here? They said, well, you said something once about destructive attacks. You can go destructive. What can you do that you said – could you drill a door or something? I was like, I mean, yeah. There are plenty of things we show to – other types of entry trainings we do for first responders or for military. We say, yeah, we could drill a cylinder out of the door, then you take the cylinder out, and then you can pop the door. We can do that. It’ll be noisy and it’ll cause some damage. They said, yeah, yeah, yeah, we’ll budget it. We’ll say, here’s how much you’re allowed to damage, and try to keep it under that amount, and let’s try it on a door or two if you want. We’ll pay for it. Said, okay.
[MUSIC] So, we got out a giant – I went to Home Depot or Lowes or something and I bought a big, old Blue Makita hammer drill with a big handle off the side, and I bought some high-speed steel bits. There’s footage, there’s actually footage that Robert shot with his cell phone of he and I in our high-vis just [DRILLING] carving away at this lock and this door. Our point of contact was really trying to give his people a win. He’s in the SOC and he’s watching. He’s watching, he’s looking at his people, and he’s watching. He said, hey, Chris, can you pull up Monitor 17? Can we center stage that? First – and then, click – and this big screen – say, what’s going on outside Building 6? Do we have Sheridan here? Did you see a work order? Are we servicing doors or something on Building 6 today? I thought that building was already stood up. You hear the rustling of papers and their people are – what – I thought – they had so much work going on from so many contractors, they were growing so much of this site that someone’s like, I swear I saw something about that on the pass-off notes. I think we’re doing doors. I think we’re doing doors today. He’s like, okay, and he kinda stepped back and messaged us and said, no, man, they’re looking at you on camera and you look the part. What are you gonna…?
So, yeah, I just kinda dropped the drill where it was, left – the door set off an alarm and I just left the alarm going. I just walked – we were trying everything. We were just setting off a chain of alarms until guards eventually came to us. [ALARMS BLARING] They said, hey, fella, stop what you’re doing for a – I was trying to under-door tool a door and not hiding it at all. Robert and I stand up and they say, so, what are you guys doing here? They’re like, were you working on the side of that – of Building 6? I’m like, yeah, yeah, there was an alarm. That was really loud. Like, yeah, so what are you doing here, guys? Robert, again, back pocket, hand on the letter, thinking this has gotta be – our ticket is up. I just Hail Mary it. I said, what does it look like we’re doing? It broke the guard’s brain. [MUSIC] He went, well, it looks like you’re working on – it looks like you’re trying to get open this door here, but you have badges. Robert’s hand kinda comes off the letter. Let’s see where this – the guy’s like, yeah, I mean, you work here. You’re obviously on the contract team, but you have a radio, ‘cause Robert had stolen a radio from a truck. He’s like, you know you can just call for remote unlock? You don’t have to have us come all the way out here and bother with it.
We came all the way from the other side of the thing. So, he’s like, yeah, no, it’s the Sheridan guys. I’m here. Yeah, yeah, in warehouse – yeah, can you open the east-side warehouse? The door goes green, he opens the door. He’s like, yeah, see? You can just do that, man. You must be – don’t worry about it, but next time just call, man. We didn’t know what was going on with all these alarms. We said, oh, thank you. Yeah, the story continues to get crazier and crazier. I eventually took a bike – ‘cause they had corporate – they had a couple people who biked into the corporate office. I took someone’s bike and just biked it around the parking lot, hoping that someone would report a stolen bike. I took a golf cart and started driving that around. They eventually – because, again, we had radios – someone’s like, okay, D, they’re finally onto you. You’re gonna have some attention soon. I saw these white pickups with guards start trying to find me in parking lots. They thought I was a mental case. They were like, is that the same guy? No, he’s not wearing the high-vis anymore. Who is that guy? I was just – I was rolling around and there’s – yeah, yeah, a crazy guy’s on a bike. No, no, no, wait, crazy guy’s in one of our carts.
But it distracted them so badly that I had – it was like an OJ Simpson pursuit. I was pursued by these flashing-light vehicles that couldn’t – what are they gonna do, knock me off a bike? Try to ram into a golf cart? You can’t cause injury. A bike can go places that trucks can’t. I would just cut through bushes or cut in-between buildings and then they would have to spin around and go drive around the other side. While I was doing that, the other teams knock down every target again and again and again, and they took pictures standing in all the sensitive rooms, because everyone’s eyes was suddenly on crazy guy. Yeah, at this point, nobody cared about trying to mask door sensors. There was so many alarms that it eventually was a supervisor who was offsite that day – it was his day off, and his phone, his work phone, was lighting up with – and it went, Door 21, Door 17, Door 17 again, Door 17 again, Door 55. Roll up Door 7, 6. He’s like, what is going…? He tried to call; no one would answer. He drove in – he lived a town over. He drove in, kinda burst through the doors of the security – he said, what is going the F on? He’s got a bunch of guys looking at this – this crazy guy is on a bike, sir. He’s like, I don’t give a damn about the guy – is he in the parking lot?
What’s all this? He’s looking at all the alerts and they go, oh, really? Is something going on? He’s like, look at your screens. There’s all these red entries – access. There’s all these failed events, there’s all these door entry events. He’s like, get – so, we heard squawks on the radio start going out that said, Mobile 6, you watch bike guy. Everyone else return to your guard tours. Cancel all superfluous business. Challenge all unknown parties. Figure out the – what – there’s more afoot here. Some guy even said, bike guy may be a distraction. That’s what it took. That’s what it took to finally get them to start challenging our teams, and that was – at the end, I just got off the bike at one point and – now, these – all these trucks pull up and they all jump out, and, like, what are they gonna do? Again, they’re not cops. They’re not allowed to shoot you or go hands-on. He went, sir, could you please stop? I went, I’m stopped. I’m perfectly fine. What’s going on, fellas? Having a good day? They asked me to sit down. Oh, have a seat by the curb. I said, this might explain it, and I hand him a letter. Then some of the guys were – a former Service member and then he said, oh, alright, it’s an exercise, boys; look.
JACK: One of the other teams just got in their car and left, and then security caught the third one and just asked them, are you supposed to be here? They said, no, thanks for asking. I’ve been here all week and nobody’s asked me that. With that, their engagement with this client was over. The client loved hearing all the different ways that they were able to defeat security that week, and they worked with security to fix all the things that they noticed in their assessment. It was a great training exercise for everyone involved at the facility. Wow. So, thank you so much for sharing with us the way you see the world.
DEVIANT: Yeah, hopefully some people out there start seeing it this way, too. It’s not a bad way to be. You don’t have to live in fear. You just live in awareness. I’m a fan of Amanda Palmer. She’s a cool musician and poet, and she talks about how it’s not the job of the artist to make you feel joy all the time. It’s actually the job of the artist to take you into the darker places, and if you’ve ever heard her music, she’s good at that. But darkness isn’t scary because it’s dark. It’s scary because you’re alone, and I like to remind people that if we go into these dark places in our world with friends and allies and peers and loved ones, you realize that the dark isn’t that scary because it’s dark. It’s just because you didn’t know what was in there. That’s why I like to bring people into the darkness with me and realize it’s not that scary and they can learn from it and they can be improved by it.
(OUTRO): [OUTRO MUSIC] A big thank-you to Deviant Ollam for coming on the show and sharing these stories with us. You should be able to easily find him online by just searching his name pretty much anywhere, Deviant Ollam, which is spelled O-L-L-A-M. He’s on YouTube, Instagram, Mastodon, Bluesky, and Twitter, or you could just look on his own website, which is deviating.net. I’ll have all these links in the show notes. Just check the description of this episode. This show is made by me, the tarnished Jack Rhysider. Editing and assembly by the omen-killer, Tristan Ledger, mixing by Proximity Sound, and our theme music is by the dreamlike Breakmaster Cylinder. Even though the only dates I get are updates, this is Darknet Diaries.
[END OF RECORDING]