Transcription performed by LeahTranscribes[START OF RECORDING]
JACK: Man, last Defcon was wild. It is up there with one of the top ten best moments of my life, and I don’t think I ever told you about what happened. See, Defcon is an annual hacker conference in Las Vegas, and it’s my favorite conference in the world. It’s just so inventive and fun and brilliant and weird. Defcon is just built different. Like, of course there’s talks and places to get hands-on doing hacking, [music] but at night, most conferences just shut down. Not Defcon. Defcon goes all night long. At night, they clear out the chairs and the lecture halls, and they turn them into party spots. There’s not just one party going on; there’s a DJ in Track 1, and there’s an arcade set up in Track 2, and there’s nerdcore rappers on stage live in Track 3. Keep walking, and you find even more parties around the conference. It’s an adventure to find all the things happening, and that’s just at Defcon. There are literally dozens of other parties all over town, too; hotel room parties, bar meet-ups, pool parties, and vendor parties. The vendors sometimes spend over $100,000 on a party by renting out a whole nightclub and giving out free drinks and food to their customers. With all these parties, I got to thinking; you know what? I should throw a party, a Darknet Diaries party. Now, you might be wondering, Jack, I heard you’re a private person, and nobody really knows what you look like. That’s true. Well, then how do you go to these conferences and meet people? Ah, here’s my secret; I wear a disguise. I put on a big black hat, dark sunglasses, and a bandana over my face. I kinda look like an old-time bandit in this costume, and it’s perfect.
Nobody knows what I actually look like, and I can still meet hundreds of people if I want. In fact, I’ve worn this costume so much that everyone seems to know me when I wear it. It’s my brand. It’s my look, and when it’s on, people stop me all the time and say hi and talk with me. It’s great. I love that. I can’t walk ten feet in Defcon without someone shouting my name and saying hi. [Music] But when I take that costume off, nobody knows it’s me, and suddenly I’m an anonymous face in the crowd, and I love that anonymity is my default state, and I can turn on the notoriety whenever I want. I don’t want people to know what I look like so that I can live a nice, private life. I love the attention I get from this show, but I also love that I can turn it off when I want.
So, my big idea for this party at last Defcon was to step up that anonymity even more. Everyone knows I’m the guy with the big black hat, the sunglasses, and the bandana around my face. What if I gave everyone that same costume when they came to my party? That way everyone is Jack Rhysider. I pitched the idea to Defcon. They accepted it and showed me which ballroom I get, and I rounded up twenty of my friends, and we had it all planned. We had four DJs, two video DJs, and so much more. It was great. I ordered 800 black hats, sunglasses, and bandanas, and the party got underway. The room filled up instantly. 400 people came pouring in through the door, and they were all given these costumes, and they put it on. They played the game.
But the real test was could any of them find me in this crowd now, where we’re all wearing the exact same costume? Amazingly, no. I was extremely hard to find. Actually, some people came in, looked all over for me, couldn’t find me, and then left, and then tweeted; I just went to Jack Rhysider’s party. He wasn’t even there. I was going up to people and I was asking them, hey, where’s Jack? Nobody knew. I tried to convince a bunch of ladies — like, hey, I’m actually the real Jack Rhysider, and they just laughed at me and walked away. It was amazing to have all these people come to my party, but I just had this very calm and happy and serene kind of experience to it because I could just float through the crowd and enjoy it without being mobbed by everyone — that usually happens, and I wasn’t even mask-less.
This is my party and no one can find me. It was hilarious to me. But it didn’t stop there. I thought, you know what? I want to put my fans to the test. I believe that my fans, you, the listeners of this show, are the best, sweetest, nicest people in the world, and I want to prove that. I want to somehow be vulnerable to them, to give them a huge amount of power over me and to see how they react to such power. I want to give them so much power than they could ruin me, and I want to see if any of them abuse it. So, I thought, okay, I’m here at Defcon. What’s the worst idea I can come up with to do in this party? It hit me; let the party attendees control my Twitter account. Sheesh, if everyone looks like me already, they might as well be able to tweet as me, too, right?
So, I set up this ‘if’, ‘this’, and ‘that’ trigger so that when you text a phone number, it automatically tweets what you texted it. No moderation. No filters. Just trust. Well, I couldn’t figure out how to get photos to work, so it was just text, and I did block URLs; kinda the one thing I blocked. Yeah, we set up a projector on the wall and we had a live feed of my Twitter, and it said, ‘Text this number and it will tweet as Jack’. People texted. Holy cow, dozens of texts started flying in, but the automation kept up and it just tweeted everyone that it got. People were testing it at first, just seeing if it was real. Like, someone said, ‘Meow’, and someone said, ‘Does this work?’ Then people started writing their names up on there. ‘David was here’, and ‘I love you, Andrea’. Then ASCII art started showing up and memes started getting posted.
I was real nervous watching the screen, but a bunch of people were standing around watching the tweets come in with me. They had no idea it was even me, and they couldn’t believe that Jack was so stupid enough to hand over his Twitter to Defcon. I mean, they’re right, you know? Of all the places to do that, Defcon is the worst. These hackers deface anything for fun and delete and destroy stuff. This is a terrible idea. I’m gonna get cancelled. Something is gonna be posted that is going to be absolutely awful for me. But like I said, it was a test to see how awesome my fans are, to be vulnerable with them and to see if they abuse that power. You know what? They didn’t disappoint me. I think the spiciest tweet I saw was, ‘I’m so horny right now’.
But after a couple hours and hundreds of posts to Twitter, Twitter rate-limited me and they ruined the fun. They busted the party and blocked me from tweeting for twenty-four hours, which I think is a fitting way of ending that whole experience. It went out nicely. I didn’t get banned. I just got rate-limited. But by that point, the place was packed and word got out of which one was me, and I was just surrounded by people and it was great fun. We were having a blast. But what I didn’t know is that there were another thousand people in line trying to get into this party. I know it was a thousand people because someone grabbed a box of pencils that had a thousand pencils in the box, and handed one to each person in line, and they ran out of pencils by the end.
We ran out of everything; hats, bandanas, stickers, sunglasses, bracelets. I think I met 1,500 people total in that weekend because I brought 1,600 bracelets and I gave them all away. Defcon is known for long lines, but there were so many people in line for my party that even Defcon told me they have never seen a line that long for a party ever. That line was possibly the longest line of the whole conference that weekend, barely being longer than the merch line, which is always super, super crazy. We eventually couldn’t hold them back anymore. We just opened up the doors and let it rip, and it was a mad house in there. I think the party went on for like six hours, all night long, and I used every drop of energy I had.
But man, was it worth it. That was the best time I’ve ever had at Defcon. You know, to this day, I still get people sliding into my DMs on Twitter [music] asking, why did you say this tweet, man? They’re mad at some hot take I had or something, and when I look at the tweet and I wonder, I don’t remember ever saying that — but then I look at the date and I see that it was posted on August 10th, 2024, and that was the night I will never forget. It always puts a big smile on my face whenever I see a tweet from that day.
(INTRO): [INTRO MUSIC] This is Darknet Diaries.
JACK: Grifter; how’d you get that name?
GRIFTER: So, I always cringe a little bit when someone asks me this question because like many nerds out there, I used to read the dictionary as a kid. I’d look for interesting words, words that I liked, and the definition that I came across of ‘grifter’ was, ‘A person at a circus or carnival who runs freak shows or games of chance’. I was like, ooh, that’s badass. Then it said, again, also, the more widely-known, a con artist. I was like, also cool. I’ll take it. So, yeah. So, I started using it for names on video games, and I would put in Grifter.
JACK: You grew up in New York.
GRIFTER: Yeah, Long Island.
JACK: What was computers like for you growing up?
GRIFTER: I was — I grew up part of the Nintendo generation, so I was really into video games, and my parents are divorced. My dad and — live with his brother. So, his brother, my uncle, was a computer tech back in the eighties. So, he had a computer. I have ADHD on a fantastic level, but sitting in front of the computer or putting electronics in front of me was one of the things that could keep me still. So, he encouraged me to do that as often as possible. I started playing games on the computer, which eventually led to my first online experiences, which were dialing into pirate bulletin board systems to download pirated games.
JACK: Back then, you were really, really lucky if you had a computer at all in your house. Nobody understood how they worked, and they were very expensive, and the problem with pirated games is that they’re riddled with malware and viruses. So, Grifter would download a pirated game, install it, and then suddenly his uncle’s computer was all screwed up. Of course, Grifter didn’t want to get in trouble for messing up the family computer, so he sort of had to learn by fire how to troubleshoot the problem he caused, and this forced him to skill up at understanding computers. He wasn’t just a user anymore. He was becoming a superuser.
GRIFTER: Yeah, I think that’s the thing, is we were forced to learn a lot of different things at those ages because we had to learn a little bit of everything. It wasn’t just done for you. Even being able to get online at that time alone required a certain amount of skill in order to configure a modem and dial the right numbers and get everything put in correctly, and connect to different BBS software required different settings and stuff. Because it was like that, it meant that there was an assumption that if you were online, that you were an adult. I could post things and nobody knew that I was ten years old, and I really liked that.
JACK: But Grifter was quite a mischievous troublemaker, and he gravitated towards the darker parts of the internet.
GRIFTER: [Music] So, the pirate bulletin board stuff and posting on there eventually led to somebody on one of the BBSs saying, hey, just based on the stuff that you’re posting, I think that you would really be interested in this other bulletin board, and they posted a number. I dialed it up and it was a hacker BBS. I went crazy, basically. I thought it was the best thing ever. I read everything on that BBS, like all of the text files about the different systems that were out there, basic commands for different things. I was fantasizing about operating systems I had never contacted before and being like, oh, I can — oh, I can do this, I can do this. It wasn’t just different operating systems. It was, oh, the computer viruses and how to write a virus and do all these different things, and I was fascinated by it. I just loved all of it, and that was it. I was in.
JACK: I know exactly what he means by being in. I got on bulletin board systems, too, when I was young, or BBSs, and it was strange and weird, and I didn’t get it. So, I didn’t enjoy it. But when I got in AOL, I found some chat rooms where a bunch of people were just talking all at once in real time, and that blew my mind. I was instantly hooked on chat rooms, and would spend countless hours just talking with tons of people. That’s when I fell in love with the internet. I was in. I soon discovered IRC after that, and I’ve been in ever since.
GRIFTER: Living where I did, I thought, okay, well, I’ll probably never leave New York, right? I didn’t — the idea of traveling the world and doing things like that was as foreign to me as those places were. But a computer changed all of that. [Music] I could dial into a system and hop from one to the next to the next across networks that were traversing undersea cables and ending up in other countries I never thought I’d get to travel to. I thought, well, if I access a system, let’s say in Amsterdam, I know that when I do that and I’m interacting with that machine, the lights on the modem or network card are flashing and the hard drive is spinning up because I’m accessing files from there, and in my twelve and thirteen-year-old brain, I felt like I was there. It was my way of touching a place that I didn’t think I’d ever make it to physically. I knew that it was in a closet somewhere and nobody could see it, but somehow and in some way, I was physically affecting that environment.
JACK: So, that’s what he was up to online, but in normal life, in a meet space, he was constantly getting in trouble.
GRIFTER: So, growing up without a lot of money in an area where people didn’t have a lot of money, I would say I wasn’t a good kid. I’ve been trying to make up for it ever since, but we did crime. [Music] I shoplifted like crazy. I ran every scam you could run. We would steal cars; we would break into cars and steal stereos and speakers. We would — I live near a marina; we would go rob the boats. We’d break into houses. We fought people constantly for fun. It wasn’t…
JACK: Okay, tell me about one of these fights.
GRIFTER: Okay, so, I like fighting. I like physical fighting. I don’t know why. I think it just — something — I enjoy it. I know that makes me sound like a psychopath, but I like facing off against somebody else and seeing where you come out on it. At the time, it was just — we would get in fights with either random people or people from rival gangs, that kind of stuff, where it was just like, okay, you’re in some part of town that you’re not supposed to be in. I’d just get into fights. I’d go pick a random fight. I’d fight two people at once. I would just — I liked fighting, and a lot of my friends were the same way. Sometimes we would just go out and just get into as many fights as we could get in.
JACK: He says the area he was in had a lot of this stuff happening. As a kid, if that’s all you see, then you kind of assume that’s what everyone’s like.
GRIFTER: I thought that was normal. When I watched TV and I saw the types of things that you’d see on the Disney Channel or something like that, some Disney Channel original movie, I was like, that’s fantasy. This is a fantasy world that people wish existed. I didn’t realize that there were people who grew up in towns that, one, looked like that or that people behaved the way that they did. I didn’t know any different, right? I didn’t know that it wasn’t normal to walk home at night, and if a car is coming, dip behind a tree or a telephone pole because you might end up hurt, right? You might end up in a bad situation. I didn’t know that that wasn’t a normal thing. So, it was in part survival and another part — you make a reputation or get a name for yourself where it’s like, oh, okay, well, yeah, don’t get in a fight with him because you’ll lose. My thing was, I can take a punch and I can get hit a lot, and it’s really hard to knock me out.
JACK: Grifter’s world was rough, and to get ahead, it felt like you had to break some rules.
GRIFTER: There was a chain of stores that are kind of department stores, like a Kmart type of thing, actually, or something like that, where a couple of friends — we’d all go on a Saturday and we’d go out to the store and we’d do the barcode swapping. [Music] Like, so, sticker swapping. So, you just go out, swap the sticker on something. So, you’d see a crystal bowl and then there’d be another glass bowl. And so, you’d take that and you’d swap the price tags on it so the crystal bowl that should be $300, you go buy for $30, and then you swap the tags back, and then you go return it. We’d just go out on a Saturday and we’d hit like, seven or eight stores.
We’d go buy it at one store, return it at the next one, buy some other stuff at that store, go return it at the next one, go do stuff like that. For a small crew of people, we were pulling in some pretty decent money. None of my friends were into computers at all, but I was, and so, I knew how to do some things that they had no knowledge of. Like, carding is what we called it back in the day, which is basically just really identity theft and credit card fraud, and then order a bunch of stuff like computer parts or clothes or different things and get them shipped or mailed to abandoned houses.
I’d just leave a note on the door that said, ‘Hey, UPS guy, not home. Please leave the package under a blanket.’ So, that was something that my friends wouldn’t know how to do naturally that I kind of taught them, right? Like, here’s how we do this, and then we can make some money. So, then we had essentially stolen goods that were sent to us, and then we would just — some of the stuff we got that we wanted to keep and other things were things that we would then go and resell and get money that way.
JACK: He was ordering things like Tommy Hilfiger jackets, FILA shoes, and other streetwear at the time. So, he was looking fresh everywhere he went, and he would sell it for cheap, too. He would be your hookup. Of course, along with this lifestyle came drugs, so he dabbled in that, partaking in it himself for a while. But then he quit. He didn’t like how it was ruining his brain. He saw his brain as a very important thing that he didn’t want to lose. But he saw that other people were doing drugs, and he saw this as an opportunity to make money from it, so he sold it.
GRIFTER: I did all this physical meet-space crime, normal crime during the day. I was just a — like I said, kind of a shitty person, like a shit kid doing all this random stuff, but at night I was still completely wrapped up in the hacker world, right? But then eventually I was just breaking into different systems, and I got into a system that ultimately turned out to be a large credit card provider, a credit company.
JACK: [Music] At first he didn’t know he was in a credit card provider. The internet’s a dark place. You don’t always get to see where you’re going, and hacking back then was barely even hacking.
GRIFTER: That’s the thing that is different about the time that we grew up in versus I think what we have with hackers now, is that we do talk about these things like they’re massive achievements. It’s like, oh, when I was a kid, I broke into NASA. It’s like, when you were a kid, you logged into NASA.
JACK: You just had to know an IP address or a phone number to connect to, and if they had security at all, it might ask you for a username, but it didn’t always. You could just type anything in and it might let you in, or you could just wait and it might just time out and then let you in. It wasn’t hard to hack back then, but nobody knew what they were doing, so it kinda was hard because there weren’t tutorials on how to do any of this stuff. So, if you just tried enough places, you might end up finding something that did let you in, and that’s how he got into this company, a credit card provider. While he’s in that network, he was looking around to see what files were there, and he found some training manuals for how to process a new credit card. So, basically, after someone passes their credit check, an employee at this company needs to issue them a card, and this training manual shows exactly how to do that. So, here Grifter is, inside the company, inside the computer that is used to internally create a new credit card for a customer, and he has the tutorial on how to process it.
GRIFTER: I went looking for the database, and then when I found it, it was not too difficult to then figure out what I needed to fill in and where. The initial one was — I was just like, I wonder if I could do this. I wonder if I put in — if I fill in these fields if I could get them to send me something. I filled out the fields appropriately and put in an address that I had been using as a drop for some of the carding stuff, and then I waited. Then a couple — I just watched that house and I’d check the mailbox every couple days or something to see if anything had been delivered, and eventually I — one day I opened the mailbox and there was an envelope in it from the credit card company, and it had a card in the name that I had put. I was elated and horrified in equal measure. I was like, oh my gosh. It created this kind of excitement mixed with panic because I was like, oh, this is real crime. This is actual, bad — even though all the other stuff was real crime, something about that made it very real to me, like holding it in my hands. I remember running home, going into my room, opening it up, holding the card in my hand, and then just being like, oh my gosh.
JACK: He laid on his bed and just held it up, staring at it, his very own credit card, and one he doesn’t have to pay back because he put a fake name on it, and the credit card company has no idea who he is to try to come after him. The letter said there’s a $5,000 limit on this card. Wow.
GRIFTER: After daydreaming about it for a day or two, I realized you can’t ever use this. You’re not going to be able to walk into a store in a mall at fifteen years old and walk up with your credit card and buy whatever. It just didn’t seem — I didn’t realize also that people — there are kids that did that in other places in the world, but I just thought there’s no way anyone’s gonna believe that you should have a credit card. So, I just sat on it. [Music] But I was — I was like, I wonder if that was a fluke. Let me see if I could do it again. Again, I sent another one to a different house, and again it showed up. I was like, okay, I’ve got something here. I’m not quite sure what, ‘cause I know I can’t use these. What can I do with them?
JACK: There was a guy he knew, the dad of one of his friends, and this dad was part of a group that did organized crime. Like, in New York, fireworks were illegal, but this dad would have Grifter and some other kids go around and see who wanted fireworks, almost like they’re going around selling Girl Scout cookies, and then you put your order in of what fireworks you want, and then a few weeks later, Grifter would come back and deliver the fireworks to you. In fact, this guy was so into organized crime that he was often hanging out with mafia-type people and had connections to some pretty serious criminals.
GRIFTER: Because I knew that he had some connection to actual criminals, I approached him and said, hey, so, I can do this thing where I can get access to credit cards with higher limits on them, and I don’t want to use them. I don’t want to be on camera in stores. I don’t want to do anything. Is that something that you or your people would be interested in? He was — then he was like, yes. He just said immediately, like, yeah, yeah, I would. I’m like, okay. He’s like, let me talk to some people or whatever. He’s like, what are we talking here? I’m like, I don’t know, $5,000, $10,000, whatever, whatever. He’s like, let me find out what I can get you. Then he came back and said, oh, well, I need to know it’s real. Do you have something to prove it? Dadda-dadda-da. I said, sure; got him one of the cards that I had gotten, and I was like, that one’s $5,000.
He’s like, well, I’m — I can give you ten percent for that. I’m like, okay. So, I get five hundred bucks? He’s like, yeah. Then he peeled off five hundred-dollar bills and said, this better work. I was like, it’ll work. Then I was terrified ‘cause I was like, what if it doesn’t work? Oh my gosh, right? But so, I was like, don’t spend the money, right? Like, don’t spend the money. But now I had been handed money for something that — I was like, okay, this is actually a little bit nerve wracking, but it worked, right? Then he came back and he was like, okay, great. Can you do it again? I was like, well, I already have. I have one right now. He’s like, alright, go get it, right? I went and got it and then I gave it to him and then he — again, he peeled off another five hundred bucks and he’s like, just come to me whenever you got it. I was like, alright.
JACK: [Music] So, Grifter logged back in to the credit card company and processed another card under another fake name, and that was going to another abandoned house. This was making money for him. But this guy wanted more, much more, and Grifter would get into arguments with him saying, man, if we do too much, they’re gonna know and they’re gonna shut us down. But if we take it slow, we can keep things going for a while, and Grifter was right. He would only give himself a new credit card every two weeks, and that allowed him to keep it going for two whole years.
GRIFTER: I don’t know how long that worked because I eventually just stopped doing it. At about seventeen years old, I decided that I needed to get out of my town. I was sitting in the back of my friend’s car, and he said, just wait until we’re like, twenty-five. We’re gonna own this town. I said, own what? Are you kidding me? Holy shit, if I’m still here when I’m twenty-five, you guys kill me. I was like, oh my gosh, I have to get out. I have to get out of this town. So, I didn’t have money, right? I didn’t have a way to pay for college. I didn’t have a way out, and a common response to that is — I went to the military.
JACK: What? You went to the military?
GRIFTER: Yeah.
JACK: This is a — I would not expect a life of crime, hacking, drugs, and then suddenly, military.
GRIFTER: Yeah, this was a massive shift in my brain and I just said, I have to go and I have to do this immediately, and while I was still a senior in high school, signed the papers, man, and commited to go. My parents had to sign me over because I wasn’t eighteen, and I went into the military when I was seventeen years old. So, as soon as I graduated, I went to the Air Force. That is — that was an incredibly eye-opening experience for me as well, because right into basic training, I met people who — they’d never been in a fist fight before, right? I was like, how? I just — I could not comprehend how. How did you not run your mouth at some point to a level that somebody wanted to put their fist in it? Then I’d hear the stories about how they grew up, and I was like, what?
My mom tried to raise me with more wholesome — whatever, and I did pretty good in some areas and really poorly in others, but the Air Force core values are integrity, service before self, and excellence in everything you do. I took that to heart. I didn’t even really know what integrity meant at the time. I had heard the word but I didn’t really know what it meant. Essentially to me, the way that I took it was it’s like, doing the right thing even if nobody’s looking, right? I was like, okay, do the right thing even if nobody’s looking. Great. Service before self; okay, so, put others before you. Always try to put others before you. Okay, I’ll try to do that. Then excellence in everything that you do, that was something that my mother had already instilled in me as well, where she was like, if you’re gonna be — she’s like, I don’t care what you are.
If you’re gonna be something, be the best at it, whatever it is. You’re gonna grow up and you’re gonna be a janitor? Be the best janitor there is. You’re gonna be a surgeon? Be the best surgeon there is. But if you’re gonna put effort into something, if you’re gonna spend your time on it, be the best, right? So, those core values, those Air Force core values really took hold, and the military was really good for me because it forced me to be an adult. It put me in a situation where it was like, oh, you have to — you can’t just tell somebody what you think of them just because you think it. You can’t swing on someone because they mouthed off to you. You have to show up here on time and you have to come ready to do the hard things and all — whatever. The military was super, super good for me.
JACK: He got stationed in Utah, and in the Air Force he was assigned to fix F-16 avionics. He wanted to do computers, but you don’t really get a choice. They just tell you what to do. But it was cool to sit in the cockpit and swap out instruments. He was even deployed to the Middle East for a while, but after a while, the whole thing was starting to frustrate him.
GRIFTER: If there’s anything that just riles me up or a pet peeve of mine, it’s inefficiency, and the military is really inefficient. So, I would be like, hey, if we change this process, it would save us this many hours and probably this many parts and all this sort of whatever. They would be like, just do it the way the Air Force tells you. I hated that. Oh, I hated it. Then also, in a lot of cases, you get rank because you’ve been there longer or you test better than other people. It’s not about leadership experience. So, you’d have to take orders from people who were making poor decisions, and I just couldn’t do it. I was like — one, I can’t keep my mouth shut, and two, I just — I can’t handle it as a person. So, I was like, I’ve gotta get out. So, when I got out of the military, I only knew how to do two things, and it was work on F-16s or break into computers. So, I was like, okay, well, I guess I’ll go back to breaking into computers.
JACK: Stay with us. We’re gonna take a quick break, but when we come back, Grifter breaks into computers. Now, Grifter was stationed in Utah, and one state over from Utah is Nevada where the biggest hacker conference in the world is, Defcon.
GRIFTER: So, I knew about Defcon from the first Defcon, but being poor and being fourteen years old or something when Defcon started, I was like, well, my parents are never gonna take me to Las Vegas and I can’t afford to go there myself. It was like a month or two months before I was separating from the military, Defcon 8 happened in 2000. I was like, screw it. I’m going. Military be damned, I’m gonna go. So, I did. [Music] I went out to Defcon and met my people, essentially. It was great. It was an incredible experience.
JACK: What makes you connect with the people at Defcon?
GRIFTER: So, yeah, I had been to small hacker meetings before, but going — and at the time, it was probably — I don’t know, there might have been a thousand of us or something like that at Defcon 8, if that. I loved the fact that you could just — anybody could be talking about anything. You could walk up to somebody and be like, what are you guys talking about? They’d start talking about something, and whatever it was, it was interesting. You know? There was something interesting. Or there’d be people crowded around a table with computers and some electronics or something, whatever, and they’re like, oh, we’re trying to get this thing to do this. I had this idea in my head that I was like, oh man, if we could actually take all these people and stick them on an island and just be like, here’s the problem that we have; can you solve it? There was nothing that couldn’t be solved. So, I knew from that first time I went that I would always go to Defcon, that that would be it.
JACK: I felt the same way. The first Defcon I went to was Defcon 17, and that was back in 2009. Yeah, the place feels magic. It’s just electric. It’s amazing, and I was hooked from that first visit, and I’ve been going for fifteen years now.
GRIFTER: At Defcon 8, a buddy of mine had brought twenty t-shirts or something that he had brought, and I was like, what’s the t-shirts for? He said, oh, I’m gonna sell the t-shirts when we get there. We road-tripped down, right? So, he was like, I’m gonna sell the t-shirts when we get there, twenty bucks apiece, and that will fund my weekend. So, it’ll pay for the hotel, I’ll get to eat really good, oh, whatever, it’ll pay for Defcon. I’m like, oh, what a cool idea. So, the next year, I decided I was gonna make t-shirts, but I don’t do anything halfway. So, I was like, okay, well, I’m gonna get a table in the vendor area. I’m gonna make a t-shirt. I got a — I had a really nice design put together, and I ordered 320 t-shirts, twenty to trade to friends and to other t-shirt vendors, and 300 of them to sell. So, I took them down and we sold them all in the vendor area. It was a really nice design, so they were gone, and I was like, sweet, I just made a bunch of money off of selling t-shirts. Then I met Russ Rogers.
JACK: Russ Rogers is one of the conference organizers and asked Grifter to goon next year, which basically means to volunteer, to help with the conference. There’s a lot of different types of goons. There’s crowd-control goons, speaker assistants, technical support, and other things like helping with the vendors or contests. But at the time, everyone had to start at security, which is crowd control and checking badges. There are massive lines at Defcon, and someone has to keep them all in check. So, he took the role of goon and was part of the Defcon staff.
GRIFTER: At Defcon 10 I was a security goon, and then at Defcon 11 I went and I was a vendor goon. Yeah, and then I’ve been a goon ever since. So, from Defcon 10 ‘til now, this year, will be Defcon 33.
JACK: Gosh, that’s twenty-three years of being with Defcon at this point. Because of his attitude of being excellent in everything he does, he quickly started taking on more responsibility at Defcon.
GRIFTER: I started doing things like — I ran the Defcon forums with another guy who went by Nulltone. The two of us were the administrators for the Defcon forums. At the same time that I was gooning I was a vendor as well. I never stopped selling t-shirts. So, I was a goon, a vendor, I was administrator for the Defcon forums, I ran the Defcon Scavenger Hunt — oh, and then starting at Defcon 10, I started speaking. So, I spoke at Defcon 10, 11, 12, 13 or whatever. So, I was busy, right? Then somewhere in there as well, I eventually started running all the technical operations for Black Hat.
JACK: [Music] Black Hat is another hacker conference in Vegas, and it’s happening the same week as Defcon. They’re both started by the same person, Dark Tangent, but Black Hat has an entirely different vibe over there. It’s more professional and corporate compared to Defcon. I’d describe it as — at Black Hat there are tons of companies all there saying, hey, if you buy our products, it’ll make your company safe and secure, while at Defcon, the overall message is everything is vulnerable. Nothing is safe and secure, and here’s how to hack anything. So, Black Hat, you see more people wearing collars and even ties, while at Defcon, everyone just wears all black. Cargo pants are common, mohawks are common, and wires and antennas are sticking out of everyone’s backpacks. So, Grifter started volunteering at both conferences.
GRIFTER: I got busy fast, right? Then I had a day job on top of it. I did become, I guess, part of what would be considered to be the Defcon inner circle, right, where it’s like, okay, we need to decide what Defcon’s vision is gonna be, what direction are we gonna go in, what are we gonna — like, coming up with new ideas to keep Defcon fresh. I came up with the idea for Defcon Groups. So, Defcon Groups is hacker meetups that happen in different cities and different countries all over the world. They are very similar to the 2600 meetings that I used to go to when I was younger, and the reason that we kinda departed from 2600 was because they started to get political and kind of let their politics get involved in — they were telling hackers, you should vote for this person or vote — and I didn’t like that. I didn’t like the idea of saying, yeah, vote this way.
So, I approached Dark Tangent, Jeff Moss, and said, hey, I don’t like this about the way that 2600 is going. Defcon has a lot of clout. We could probably do something like that, and we’ll do it by area code, and we could just — we’ll come up with a name for it or whatever. He’s like, I love it. Love the idea. Talk to Russ — again, Russ Rogers — and he’s like, yeah, let’s do it. We came up with all the ground rules and concept and all, whatever, and the structure for it, and then we started running Defcon Groups, our meetups. I think it was February of 2003, I want to say, and it was Salt Lake City and Colorado Springs, which is where Russ is from. So, we had DC801 and DC719, and those were the first two Defcon Groups. We ran them until Defcon, and then we announced Defcon Groups at Defcon, and it spread like wildfire.
JACK: Defcon Groups has grown to over a hundred chapters worldwide, and there, typically really cool people go to these things. A lot of people ask me, hey, how do I get started in cyber security or where can I find a mentor? I always recommend them to look to see if there’s Defcon Groups in your area. It’s a great way to meet people who are super passionate about cyber security. I attended one just the other day, and it was great. I met so many cool people.
GRIFTER: I mentioned all of the stuff that I did previously, right; so, it was like, Defcon administrator, vendor, goon, running the Defcon Scavenger Hunt — oh, we also ran the Defcon movie channel. It was a lot. I was doing a lot, and I said to DT after Defcon 13 — I was like, I’m gonna stop gooning. It’s just too much. It’s too much. He was like, please don’t. You know, he’s like, don’t stop. What’s the problem? I was like, I’m just burning out. I can’t run all of these things. He was like, okay, well, how about this? He’s like, we’re moving to a new venue next year and it’s gonna be at the Riviera. He’s like, and there’s this space that are — they’re these sky boxes that overlook the convention floor. He’s like, I think — what if you were in charge of whatever we put in that space? You can just — it’ll be a small portion of the conference. You can do whatever you want with it. Come up with something cool that people will want to do. I was like, okay. He’s like, I’m sure people will want to have parties or whatever. I’m like, okay, great.
JACK: So, he goes to the Riviera, the place where Defcon was gonna be held that year, and he looks at the space and tries to decide what to do with it. It’s a cool set of rooms. They’re up high and they overlook the whole conference. Like I was saying in the intro, Defcon has a lot of parties. The conference goes on all day and parties go on all night. In fact, there’s so much going on at Defcon it’s actually hard to remember to eat and shower and even sleep. It’s the best conference in the world. So, of course, these sky box rooms are perfect party rooms. But that’s a nighttime thing. What do you do in them during the day, and which parties are gonna be up there? That’s when Grifter got the idea. He posted on the Defcon forums; we have a place for you to host a party, but if you want the space, you have to fill the room with something cool during the day. You can’t just come party at night.
GRIFTER: The first ones to say, okay, we’ll do it, was TOOOL, the open organization of lock-pickers. They were like, we want one of those sky box spaces so we can have a party, and we’ll come in and we’ll put out tables and we’ll put a bunch of locks on the tables and we’ll teach people introductory lock-picking, [music] and we’ll bring all kinds of examples of things to bypass, and we’ll just — we’ll show people how to do it. I was like, great. That sounds awesome. Then it was — again, it was Russ who said, hey, I’ll get some folks and we’ll set up a hardware-hacking area and we’ll have people come in and they can learn how to solder and learn how to do basic electronic stuff, and we’ll teach them how to do that. I was like, great. 303 was like, we’ll do talks, but we’re gonna do talks that aren’t allowed to be recorded, that — you can’t have your phone out, that you can’t — nothing can be — like it doesn’t exist, right, type of thing. I was like, that sounds cool. Let’s do that. So, that’s how the villages started, was — the first ones to call themselves a village was the Lockpick Village.
JACK: Not only is that where Defcon Villages was born, but it’s also where Skytalks was born. That name came to be because there were talks in those sky boxes at the Riviera, because all the Defcon talks are recorded and posted to YouTube, but Skytalks is where no recordings are allowed, which allows people to give talks that are more secretive or maybe even incriminate themselves. I’ve probably been to a dozen of these Skytalks, and I’ve heard some pretty wild stories. But what’s more is Skytalks has kinda made its way into many other conferences, where there’s a smaller room off to the side and no video or recordings are allowed in there. So, that idea also has stuck and spread.
GRIFTER: So, the next year when it came around, the hardware-hacking people called themselves the Hardware Hacking Village. They adopted the name ‘village’ from the Lockpick Village. Then another group started the Wi-Fi Village, and they just immediately adopted the name ‘village’ with theirs, too. So, they started calling themselves the Wi-Fi Village. So, the second year, so, Defcon 15, we had the Lockpick Village, the Wi-Fi Village, and the Hardware Hacking Village. Then that concept of having these broken-out areas spread to other conferences. People were like, oh, we’re gonna have a lockpick area. Oh, we’re gonna have whatever, and they started calling them villages. So, the village concept or those little community areas that you see at all of these other InfoSec and conferences and stuff all came from people wanting to throw a party in a sky box at Defcon 14, and then the villages were born.
JACK: Now, when Grifter first started getting involved with Defcon, everyone only knew him as Grifter. That’s the thing about this conference, is it’s not unusual that people just know you as your alias or your hacker name, and nobody even questions it. If you say you’re Grifter, then you’re Grifter. Nobody’s gonna be like, oh, that’s funny. What’s your real name, though? No, Defcon folks are different. They get it. Privacy is important for all of us.
GRIFTER: I had been Grifter — like I said, basically I picked that name when I was about eight years old, and I used it in the hacker community, and nobody knew my name. When I went to hacker meetups, 2600s, when I — anything I did, no one knew my name. I had no online presence at all, and I was proud of that. People didn’t know who I was. Then at Defcon 9, my wife at the time, my ex-wife, she came with me. I had said something to her, and she was selling t-shirts. I said something to her and I was like, alright, I’ll be back in a little while, and I walked away. I started walking away and I got a few tables away, and she said, oh, wait, Neil.
I was like, [gasp]. It — like, [gasp], and I turned around, and the look on my face must have just been like, oh my gosh, are you kidding me? Then she — and I’m staring at her, and she goes, oh, sorry, Grifter. I was like, oh my gosh, ‘cause now even people who weren’t looking turned their heads and were like, what? Then there were guys that I had known seven, ten years, and they were like, your name’s Neil? I was like, yeah. They were like, huh. You don’t look like a Neil. I’m like, cool. I was like, oh my gosh. So, that anonymity, to some degree, it flew out the window.
JACK: So, after a while, Grifter got put in charge of running the Wi-Fi and network at Black Hat, that other conference that’s happening in Vegas the same week as Defcon. They call it the Black Hat NOC, which stands for network operations center, and I should say even though Black Hat and Defcon happen the same week, they don’t actually overlap. Black Hat is Monday, Tuesday, Wednesday, Thursday, and Defcon is Friday, Saturday, Sunday. I should also mention that there are many other conferences happening that same time, as well. There’s BSides, which is a big one, and it’s on Wednesday and Thursday, and there are other ones happening around town.
Like, there’s Toxic BBQ, which is where a bunch of people meet up in a park and barbeque, and there’s a Defcon Shoot, which is where people go to the desert and shoot guns, and there’s just meetups all over the place like Diana Initiative and Queercon. At any given moment during that week, there are fifty things happening, and it’s overwhelming and awesome. So, anyway, Grifter was tasked with setting up the Wi-Fi at Black Hat, which you can imagine trying to get a Wi-Fi network up and usable at a hacker conference is challenging.
GRIFTER: [Music] Yeah, it is. It’s actually incredibly difficult, but it’s also super satisfying to do it. It makes it fun. You’re going up against multiple different types of attacks ongoing throughout the conference at different times, trying to hit you in different ways, people learning new things and getting creative. We’ve had stuff where somebody discusses a vulnerability for a piece of equipment that we’re using at the conference, and we’ve gotta scramble to try to make sure that the network stays up, because they just told 500 people in a ballroom how to do something against a piece of equipment that we’ve got running in the NOC. We call it the Black Hat NOC because it is a NOC. It is — we replace every router, every switch, every firewall in every access point at whatever venue we go to. So, now that’s Mandalay Bay. It’s the Marina Bay Sands in Singapore and it’s the ExCeL Centre in London. But we bring all of our own equipment because it allows us to have control over the environment, mitigate attacks if they come. We can’t be opening a support ticket.
JACK: Oh yeah, the hotel would not have a chance against this, would they?
GRIFTER: Not a chance in hell.
JACK: What do you tell them, just shut it all down while we’re here?
GRIFTER: Yeah, we actually do. We just say, please shut the Wi-Fi in these areas, yeah.
JACK: [Laughs]
GRIFTER: So, yeah, it’s an interesting challenge.
JACK: You’d think that they’d want to hire you to set up their Wi-Fi to be resilient against stuff like this and say, wait, just leave what you have here, because we’ll just use it from now on.
GRIFTER: Yeah, they’re getting better. Again, it’s like, years have gone on and stuff. They’re getting better, not to the point that we’re willing to let them run things, because again — well, one, we call ourselves the NOC, but we are a full-fledged SOC. We have every piece of equipment that a modern-day security operations center has in there, and when we initially started out, we were running everything with open-source hardware, open-source scripts and software and commercial stuff that you could just buy at Best Buy, right?
JACK: Yeah, their budget was very small at the beginning, but if you go to Black Hat, one thing you won’t miss is the expo floor. I went last year, and I was blown away at how big it has grown. This is a room where if you are a cyber-security vendor, you can set up a booth there and pitch your products to people who are walking through the conference. I walked through, and it took me hours and hours to just try to walk past every booth and just read their name. It felt like it went on forever. Every cyber-security company in the world seemed to be there, and there must have been hundreds. So, as this Black Hat NOC grew, it needed more sophisticated equipment, and Grifter wondered, well, with all these vendors here, would any of them let us use their gear just for the week?
GRIFTER: So, we were like, well, what if we went down to the expo floor and we approached some of the vendors and we say, hey, if you’ll let us use your equipment or you’ll give us a software license, we’ll put your logo in the program that says you helped partner with the Black Hat NOC. We go up to the first vendor that we wanted to talk to. They’re like, yeah, oh, absolutely. They were like, when? Now? Do you want equipment? Do you need people? I was like, this response was on a level that I wasn’t prepared for. So, I was like, uh — I was like, I think we might be on to something here. They were like, we’d love to help support it. We’ll give you whatever you need. I just looked at Bart and I was like, let’s go shopping.
JACK: [Music] So, him and Bart, the other guy who runs the NOC with him, realized that every vendor would love for them to use their equipment for free, because each vendor would love to be able to say, we’re trusted by Black Hat. If a hacker conference uses our equipment, surely that’s gotta mean something. This made building the Black Hat NOC even more fun knowing that they could just walk down the hall and get any equipment they wanted to help secure this network. That’s cool. Once vendors heard that Grifter was doing this, they started begging him to use their equipment.
GRIFTER: We’ve been offered money from vendors before where they’re like, we’ll cut you a — like, personally; not to Black Hat. They’re like, hey, Grifter, I’ll cut you a check for a hundred grand if you’ll put our stuff in the NOC. I’m like, why don’t you take that $100,000 and invest it in your product and make it better, and maybe I’ll choose it. I say that for two reasons; one, ‘cause I’m a dick, but two, because integrity, right? I mentioned that earlier. It’s like, no, you can’t buy my influence in this space, right? I choose what I believe are the best technologies to go in here to do the job, and if you want to be in here, be better, and then maybe you’ll be in here.
JACK: Of course, Grifter sees tons of crazy things on the Black Hat network. Like, speakers might be on stage demoing an exploit, and it’ll trigger all kinds of alerts in the NOC. A normal NOC might freak out seeing that kind of stuff coming from inside their network, but Black Hat realizes, oh, that’s fine, since the speaker is just demoing the exploit on stage. Or sometimes they’ll see a vendor release a patch, and attendees are trying to reverse-engineer what was fixed in that patch, and they’ll find a new vulnerability and they’ll start attacking with it the same day the patch is released. So, they’ve gotta hurry up and patch everything as soon as the new patch comes out. Or sometimes they see students in classes doing illegal things on the Wi-Fi, and of course Grifter will go in there and warn them, hey, you shouldn’t be doing that stuff.
GRIFTER: Then there are things where it’s just folks who are — they think they’re secure and they show up to Black Hat already compromised. We look for stuff like that. Again, it’s an incredibly modern security operations center. People will get on the network and they’re immediately beaconing out to known C2 or they’re hitting malicious sites or doing whatever, and we will go and look and be like, okay, is this something that looks like it’s part of a lab? Is this something that happened when they first got on? So, people will often say, oh, don’t get onto the Black Hat network because you’ll get attacked, when I honestly think in reality, more people leave secure than they do compromised from Black Hat, because we’re looking for it, and if we see any kind of communication to known C2, if we see crypto-mining activity or we see clear text credentials coming from a device, we send a captive portal to that device that is doing it. They’ll get a pop-up the next time they go to browse to something that will say, ‘Hi, this is a message from the Black Hat NOC. This device is showing signs of communication to known command and control servers. If this is expected behavior, you can ignore this message. If not, please stop by the NOC for more information.’ They’ll come by and we can show them packets or logs or whatever they need to let them know, hey, you actually showed up compromised.
JACK: They’ve even seen speakers on stage who are showing signs of infection on their laptop, and then they have to go and wait for the speaker to come offstage and then say, hey, by the way, your computer is very infected. Okay, I’m gonna ask you some stories about Defcon. Is it true that someone rappelled off the roof to try to sneak into a party at Defcon?
GRIFTER: What happened was the year at the Riv, the year of the sky boxes, we had different parties in different sky boxes, and at some point, one of the organizers of the party, actually, he came up to me and he was like, hey, so, we picked the lock on the closet and there’s a panel in there. If you open that panel, we can get on the roof. I was like, I don’t want to hear about it. Right? I was like, alright, and then I left. Then a bunch of people went up on the roof, and they basically extended the party up onto the roof of the Riviera. It was a whole bunch of folks hanging out up there, and this was just the conference in there. So, we’re not talking twenty floors up. They were probably thirty, forty feet up, whatever it was. Some people are going in and out and whatever, and then at one point security showed up. The way that I understand it is somebody went off the roof in order to avoid security. Multiple people got caught by security, though, and they were asked to leave the property. They got eighty-sixed on Saturday night.
JACK: Is it true that people will put malicious ATMs around Defcon to steal people’s money?
GRIFTER: It has happened. I don’t know how often it happens, but it has happened. Somebody brought an ATM in on a dolly. Like, they rolled it in on a dolly and set it up in the lobby area of the convention space trying to get Defcon attendees — that was also at the Riviera.
JACK: Is it true that there was a federal agent who was there to try to arrest hackers or spy on hackers or learn from hackers, whatever, but got so impressed by what they were doing that he quit his job as a federal agent and switched to the dark side?
GRIFTER: No, I haven’t heard that one. So, you’re gonna have to tell me that. That’s wild.
JACK: Is it true that there’s a secret room at Defcon where you can buy zero-days?
GRIFTER: I don’t think there’s a secret room. Maybe that was true in the past. It wouldn’t have been a secret room; it would have just been like, you can talk to this person. I know who the person is, but I won’t mention their name. I’m sure those kind of things still go on. Everybody could get together and have a conversation in a place that was kind of like a demilitarized zone for hackers.
JACK: Yeah, a demilitarized zone for hackers. That’s a really interesting way of putting it. I agree.
GRIFTER: Yeah.
JACK: Is it true that every year hackers take over a elevator at some hotel and trap someone in it?
GRIFTER: I don’t think they trap people in it. We have definitely taken over elevators all the time. I actually got a talking to from…
JACK: Oh, geez.
GRIFTER: [Laughs] This is — this actually happened at Black Hat. It was right after the Mandalay Bay had installed the card readers so that then you had to tap your room key to go your floor. I was messing with it ‘cause that’s what we do, and I knocked the cover off of it, and underneath it was — there was an open pin out. But I was like, oh, cool, we could probably connect to this and get to any floor we want. I’m like, that’s wild. Then I ran my thumb across the pins, and it shorted out and the light blinked green, and I could tap any floor. So, I took a video with my phone really quickly where I just — I ran my thumb across it, it blinked green, and then I tapped four different floors. The video was probably six to eight seconds long, super quick, and I just posted it to my Twitter and said, oh, solid whatever system they’ve got going on in the elevators.
Seriously, within five minutes, my phone rang and it was the head of security for Mandalay Bay, who we work with because we’re in the SOC and stuff. So, we have meetings with them and tell them the type of stuff we’re seeing and all — whatever. He’s like, Grifter! He’s like, you’re supposed to be on our side! He’s like, will you please take that down? I was like, I can’t. He was like, no, please take it down. I was like, I’m sorry, I can’t. I’ve already posted it. It goes against everything I believe as far as it should be better than — you should call whoever installed that system on the elevators and make it better. He was like, ugh. Then he hung up, and then he called me back and he was like, okay, look, I talked to this person, blah, blah, blah. Would you be willing to take it down for X amount of time, blah, blah, blah? Then he said the words I didn’t want to hear, which — he was like, under responsible disclosure, you have now let us know that a vulnerability exists. Please give us time to fix it. I was like, damn it. So, I deleted the tweet and then…
JACK: He played your game. That’s hilarious.
GRIFTER: Yeah, he totally did. He totally did. So, yeah, so, I took it down and they fixed it.
JACK: Is it true that someone set the pool on fire one year?
GRIFTER: Set the pool on fire…
JACK: Yeah, like there was smoke coming off…
GRIFTER: Oh, no, no, no, it wasn’t fire. It was a massive amount of liquid nitrogen.
JACK: [Laughs]
GRIFTER: So, it was at Defcon 8, 9, or 10, somewhere in there. It was at the Alexis Park. It was Pool 2, and the beverage-cooling-contraption contest had done their cooling contest out by the pool earlier that day, and a lot of people had liquid nitrogen. They just — that was the go-to, like how they were gonna make it cold fast. Then they took all the containers of the stuff that was left over and put them in the little pool house area that was next to the pool just for storage, and then when it was at night, there was a party going on out there, and one of the guys was like, oh shit, we’ve got all this liquid nitrogen. Let’s see what happens. They just dumped gallons and gallons of liquid nitrogen into the pool, and it was awesome. It made this cool steam effect. There’s some pictures of it out there somewhere. [Music] Another — then the next year, they did it again, and a bunch of people threw blocks of dry ice in to try to increase it. Of course, everything — we’ll try to one-up ourselves every time.
JACK: After decades of going to hacker conferences, there are hundreds of stories like this that Grifter has. It’s truly a unique experience and you never know what to expect when you go. I once saw Will Smith at Defcon, and Deadmau5 was just there last year just walking around checking the place out.
GRIFTER: I am what I consider — what I define myself as is a high-functioning introvert. So, I can get on stage in front of 10,000 people and crack jokes and have a good time and all, whatever, and it’s fine. I can go out into the hallway and have a inflatable dinosaur battle with my friends and have a blast. I can act like a complete lunatic for the entire time that I’m in Vegas with my friends, and it’s great. But then I crawl into a cave and recharge for weeks afterwards or I go back to my hotel room. Even during Defcon — I did it a couple times this year where it’s like, I’ll just go to my room and lay on the bed. I actually did that right before your party this year, where I was like, I’m just gonna go back to my room, I’m gonna take a shower, I’m gonna lay on the bed and play a game for a little bit, and then I’ll go out and be social.
Black Hat used to have a thing they called the Gala Reception which was basically just drinks, and it was an open bar and it was a couple of hours, and all the attendees were invited, and you’d just hang out and chat. I was in my room after volunteering all day and I was like, oh, I don’t want to go to this thing. I forced myself to go, and I walk into the reception and I hear some guys that are near me mention a book that I had just read. I stopped and I was like, oh, that book sucks. The guy kinda chuckles and he’s like, oh yeah? Why? I was like, okay, well, the structure of it is this, it’s lacking this, it doesn’t talk about these things, blah, blah, blah. This book is better if you’re looking at that topic. He’s like, oh, okay. So, I was like, hey, it’s been a pleasure chatting with you guys. It was nice to meet you.
The guy was like, wait, let me give you my card. He hands me his card and he was the vice president of the publishing company whose books I had just been eviscerating for the last forty-five minutes. I just looked at him and I was like, ohh — and he was like, ohh, and he’s like, hey, look, man, I really appreciate all the candid feedback. He’s like, I want to put you on a list that I have where when we put out a new book, we’ll just automatically send it to your house. You let me know what you think of it or whatever. That’s — he’s like, would you be down to do that? I was like, absolutely.
JACK: Well, that relationship grew stronger between Grifter and this publisher to the point that the publisher asked Grifter, hey, if you were to write a book, what would you make? Grifter said, there should be a book on how to defend your network by attacking back at the people attacking you, which I think is ridiculous. Defenders can’t be on the offense. They can’t be aggressive. But he was pitching this idea, and the publisher was liking it.
GRIFTER: I was like, look, dude, I don’t know how to write a book. I don’t know how to do that or whatever. He’s like, that’s fine. We got editors. We’ll teach you. He’s like, why don’t you do it with a few other authors? Just co-author it, then you can break it up into chunks. You’ll act as the technical editor and make sure that everything is legit. I said, yeah, I’d like to do that. Fine, let’s do it. Then I picked a few of my friends that I wanted to do it with me, and when I gave him the list of friends, he was like, these are some pretty heavy hitters. Are we gonna get these people?
I’m like, they’re just my friends. I don’t know. So, it was like Dan Kaminsky, Bruce Potter, Pyro, Chris Hurley. He’s like, alright, let’s see what we can do. All of them agreed to do it, and then we put out a book. But that was the thing about putting out a book, was I was like, am I really just gonna put Grifter on the cover of this thing? I was like, I cannot publish a book and not put my name on it. For me, personally, it was like, I want to see it on the shelf in a library and be like, that one’s mine. So, I made the decision that I was gonna put on there Neil Wyler, AKA Grifter, and that was it, man. The cat’s out of the bag, so…
JACK: The book is called Aggressive Network Self-Defense, and for ten years I was a network security engineer, and I had read quite a lot of books, and this one never showed up on my desk. I think it’s because I wasn’t interested in aggressive self-defense…
GRIFTER: Right.
JACK: …of a network. This is crazy. This is a crazy book; aggressive self-defense network style.
GRIFTER: Yeah, because…
JACK: What is in this book?
GRIFTER: Well, it was essentially like — there’s this thing that we deal with as defenders every day within these companies we work for and as individuals where you’re being attacked constantly, right, and you’re like, when do I get to swing back? Because of my upbringing, right, because of the way that I was, I wanted to swing, right? So, I didn’t like the idea that we were in this defensive position where somebody could not just poke us in the chest, ‘cause getting port-scanned was like being poked, right? It’s not a big deal. Somebody looks at you sideways, gives you a dirty look. But it’s not just getting poked. They’re full on attacking you, and you just have to go, well, how do I block that? How do I make that stop? How do I do whatever? Or they break in and you just go, oh, I’ve gotta get them out. In my head, I was like, stop them for good.
JACK: [Laughs]
GRIFTER: Like, cut them off at the knees. Attack what they’re attacking you with. I would get so much heat from people about that because they were like, well, you don’t know if you’re actually attacking some grandma’s computer, ‘cause it’s not — it’s a jump box. It’s not likely that the person that you’re attacking is that — that’s their machine. I’m like, yeah, but then let’s get rid of their resources then. If we knock the machine that’s doing the attack offline, then the attack stops.
That’s what I’m concerned about, because they’re costing us money by launching these attacks against — they’re costing us time, they’re costing us stress and all these other things. So, if — I don’t care if it’s some grandmother’s computer. I need it to stop attacking my network ‘cause it’s eating up bandwidth. It’s eating up cycles of my analyst. It’s eating up all this stuff. [Music] It’s like, okay, you’ve lost control of your machine, and I need that machine to stop attacking me. So, I’m gonna send it to the bottom of the digital ocean. That book is twenty years old at this point, so it’s useless, but it was fun to do.
JACK: All this experience running the Black Hat NOC has given him a very sharp skill set, to be able to detect and stop some of the most crazy attacks ever. Volunteering there gave him fantastic experience which gave him great opportunities in his career.
GRIFTER: So, now, I recently took a position at a company called Coalfire as the VP of defensive services. Prior to that, I was with IBM’s X-Force for three years running their global threat-hunting program. Prior to that, for the seven years before that, I was at RSA Security where I started and ran their threat-hunting program around the world. So, I spent a lot of the last — over a decade at this point really focused on threat hunting, on going in and finding attackers when they’ve already bypassed your security and they’re in the environment. So, I would go into a company and I’d sit down with their security team, and I’d be like, tell me about your environment.
They’d be like, well, we have these technologies. They’re deployed in these ways. Our network’s set up this way. This is how we do these things. It’s segmented this way. We have this, we do this, blah, blah, blah. I go, okay, great. If it was me attacking you, I would hit you here, here, and here. So, let’s go look and see if somebody did that. Then we go and see if they were attacked somewhere or got breached somewhere. In the decade plus that I’ve been focused on hunting, we always find something, whether it’s an active attack or it’s evidence of a previous attack or it’s an employee who’s doing something outside of policies or whatever.
JACK: Of course, I wanted to hear a story about a threat he found in the network.
GRIFTER: We were doing an engagement where we were asked to come in to a really large financial organization, and myself and another hunter, Pope — you know, Pope. Pope and I went out on this hunting engagement.
JACK: [Music] I do know Pope. He’s the organizer at Saintcon in Utah. Fantastic conference. You should definitely go if you’re in Utah. So, him and Pope go to this client. It’s massive, and they have huge security teams there. No expense spared to keep this place secure, which has to be stressful, to walk into a company with this level of security and you’re expected to find things that they didn’t already find. So, he sits down with their director of security and starts looking through the traffic. He’s looking for protocols that shouldn’t be there or outliers. He sees FTP traffic in there. FTP is the file transfer protocol. It’s just a way to move files from one place to another, but it’s insecure and has mostly been replaced by more secure protocols now.
GRIFTER: It’s like, there’s a really low number of FTP sessions, so we could go through those fairly quickly. He goes, oh, we don’t use FTP. I was like, well, great. This is a good example then, because we can go through this really quickly. He was like, no, you don’t understand. We don’t allow FTP. There are no clear text protocols. I was like, okay. Well, that’s great, but it’s here. Like, I can — it’s here. I can see it. I was like, so, why don’t we just look at it? He’s like, alright. We look and it’s FTP traffic going to a host name, not even an IP address but a host name that ends in .ru. We’re not even trying to hide, right? I was like, is that normal? He’s like, no. I’m like, okay, well, let’s see what’s happening. It’s like, okay, it looks like it’s sending out these files at 1:00 in the morning. Do you want to see what it’s sending?
He’s like, yeah. So, we just did file extraction. It’s a zip file, even, not an encrypted container of any kind, just a zip file. I’m like, well, I can’t open it ‘cause it’s not my company, but you can open it if you want. So, he opens it. He opens it up, he looks at the document, and then it sounded like somebody punched him. This sound came out of him like this hnggh, like the wind just got knocked out of him, and then he closed it. He goes, you didn’t see that. I was like, okay, well, just out of curiosity, what didn’t I see? He was like, that is every financial transaction and trade that we’ve made in the last twenty-four hours. I was like, oh. So, bad. He’s like, how long? How long has that been going on? I was like, okay, let’s take a look. We start digging into the logs, and they only had six months’ worth, which is wild.
That connection to an FTP server in Russia — the IP address was also geolocated to Russia. So, we were like, okay, it looks like that’s where it’s going. That happened every night at 1:00 in the morning for six months, and that’s as long as we had logs for. So, we were like, who knows how long that’s been happening? This is an organization that has hundreds of people on their security team, thirty plus people actively working in a SOC just down the hall, all of the different technologies that you could possibly ask for, but they had tunnel vision because they were like, we don’t use that, so we don’t even look.
JACK: Now, you would think that if something like FTP is not allowed in their network that there should be a firewall blocking it. That’s exactly what a firewall’s job is, to block network traffic that shouldn’t be allowed. Who knows, maybe they did put a block in at some point, but it wasn’t blocked now. Maybe a new rule superceded the FTP block rule or maybe someone accidentally took out that FTP block rule. These firewalls can sometimes have hundreds of rules of what’s allowed or not allowed, and it’s confusing to know exactly what it’s doing sometimes. But what’s more is how did these file transfers get triggered? It must have meant that someone got in this network and set up an automatic script to scrape the data and send it out.
That’s scary, to realize that someone did that in their network right under the nose of their thirty engineers, all looking for that threat. How did this hacker get in, and how do they get them out? There’s millions of things to do once you discover something like this, and it feels devastating to experience it. It really does feel like you’re getting punched in the gut. You know, as I think about this story, this is one of these typical ‘I heard at Defcon’ stories, which here’s Grifter telling me, so it practically is something I heard at Defcon. But it’s one of these stories that I hear that was never told publicly. A major finance company was hacked and every financial trade was being spied on by some foreign entity.
That sounds like a big deal, and I wonder what the fallout would be if that story were to go public, you know? Would there be lawsuits? Would the government slap fines on them? Or to think, how bad does that company not want that story to go public, and what drastic lengths might they take to hush it up and keep it quiet, you know? I have a dream about this show, that one day someone will tell me a banger-level story that would be huge news when it gets published, some wild whistleblower-type thing. That would be fun, wouldn’t it? I mean, I’ve heard some pretty insane stories that would be really big news stories if they came out, but the people who told it to me, I promised I would never repeat it. But I think it’s just a matter of time, though, that a story does come across this show that really makes some waves. Someday.
GRIFTER: But the threat-hunting thing was great. I ended up — I wrote a framework with a friend and that created some really cool opportunities. We consulted Congress and NATO. I’ve gotten to consult foreign governments, some of the largest companies in the world…
JACK: It’s a strange space, this InfoSec space, ‘cause we’re hanging out with criminal hackers. You were a criminal hacker and then you become this consultant for Congress and governments and you’re there to stop the bad guys and you’re there stopping threats. But at the same time, you’re going to Defcon, which is where you’re meeting even more hackers and more criminal hackers, and it’s — and I don’t know of any other thing that — we’re just as friendly with the bad guys as we are with the good guys, as it is with cyber security.
GRIFTER: Yeah, it is kind of a — it is a weird world that we live in, and I think ultimately the thing that ties it all together is that we like to learn, we like the chase, we like the hunt. Cyber security is an incredibly stressful field to be in, but it also is incredibly satisfying as far as the cat and mouse game that we play, about the opportunities to learn new things, about how one day you wake up and everything is fine, and the next day a vulnerability drops and somebody has exploit code for it within hours and you’re — and everybody’s hair is on fire. When those things happen, when those moments come and everyone’s freaking out, I don’t know, something about that situation, it just makes me go, alright, game on. I got really, really lucky; the thing that I started doing when I was eleven years old because I thought it would be cool turned into a career that allowed me to put food on the table for my kids, put a roof over their heads, and has allowed me to travel to all of the places that as a kid I used to go to only digitally because I thought I would never get to go there.
(Outro): [Outro music] A big thank-you to Grifter for being so gracious and kind to give me his time in his busy schedule and to talk with us like this. He has so many more interesting stories, and I feel like we barely got started with him. I mean, I’ve had dinner with him a few times and I’ve heard so many more, and they are hilarious. You can imagine all the shenanigans going on at Defcon and Black Hat every year. He’s given a ton of talks at conferences, so if you want to hear more from him, just go to grifter.org and you’ll see tons of stuff that he’s done. Real quick before you go, do you know that you could have eleven bonus episodes of this show in your ears right now? Yeah, eleven. All you gotta do is support the show. I did the math; less than 1% of you support the show, and that’s cool.
No shade, because I love making stuff and giving it to you for free, so I’ll keep doing what I love. But man, when people do pitch in and give me a little something back, it feels damn good. It’s like one of those hugs that feels extra genuine, and you can feel it long after it’s over. So, please consider supporting the show. Visit plus.darknetdiaries.com. I’m just asking for you to buy me a cup of coffee once a month. Actually, I switched to matcha, but you get it. This episode was created by me, the space bar, Jack Rhysider. Our editor is the keymaster, Tristan Ledger, mixing done by Proximity Sound, and our intro music is by the mysterious Breakmaster Cylinder. My girlfriend, she said she needed more space, so I got her a four-terabyte drive. This is Darknet Diaries.
[END OF RECORDING]