 All right, good morning and welcome everyone Yeah, that's what I like to hear We're gonna get started here with our keynote I've got the pleasure of introducing a longtime friend of ours a friend of mine the hacker with the perfect pitch We've got Lance James launching us off today. So please give him a warm welcome to the stage boot Good morning everyone Usually I have to do the whole like good evening, but you guys are pretty freaking cool So maybe everybody like wait it's not evening. So I am okay So I've it's been I'm gonna brag, but it's not about bragging I've been speaking around the world doing keynotes everything like this. This is the first keynote I'm actually really nervous about in a good way because this is This is a big thing. So a little bit about me. I'm Gonna press these buttons. I guess I'm Lance James Currently I am the chief scientist over at Flashpoint also run a company like almost every other hacker does too Just so that they can do pen tests and fun stuff Prior to that. I was head of cyber intelligence at Deloitte. I turned them around and made them from bean counters to actually understanding what cyber means And I was also the original founder of itp, which actually in many ways. I'll explain what's inspired by tour con And by the way, I know we have a bunch of parties But if you guys sneak away from any of them want to go karaoke tonight, I will not I will go with you I will go with you. Okay, so This also they all like, you know, my company wants me to do biopics So I was like, all right cool. Here's a lifelike drawing of me So You know, here we go I'm actually was thinking about this and I wanted it, you know Like I've been at tour con almost since the beginning and I'll go into that in a second And I wanted to kind of brag and like do all the huge lists And the only reason it wasn't about me It was the fact that I could give a lot of credit to how many things we've done in this industry How many things we've gone along in the last 19 years Honestly to tour con in that way, so it wasn't like hey look at I did it was more like look what inspired me Like like what did tour con do for me? So Anyways, I'm gonna start with patient zero days Which is 1999 wait wait hold on in a world in 1999 before a skynet fell All right, so basically what we have is a 15 or 16 year old boy with his mom driving him everywhere around I found that out today from fell over here Trying to basically start up this conference called tour con and route backwards. I think we all know that So we have this guy Ben. I don't know if I ever met Ben, but I'm gonna give him credit because he seems like obviously cool And it has a very cool like a pseudonym So Ben ends up scallora over here. Here's a very young picture of Hikari. I know it's we're jealous because I'm getting old Man does he look the same? Bastards so David was probably about 15 or 16 years old probably on the cusp. What's your birthday? You're like When is your birthday? Yeah, okay, so, you know, he's probably planning it at 15 taking over the world by 16 I actually moved to San Diego in 1998 myself, right? And so I met them in about 2001 now. Let me tell you what was important about that in 1998 I got moved here because someone actually heard me sing. Yes, that actually happened someone flew me on a plane and I thought I was gonna be doing music, right and You know, there's two sides of it when you grow up You're like I was trained musician all this stuff and then ever like by eight I was on a computer too and I couldn't I was supposed to be practicing but I was I was having this hard time This line this fine line with me was getting on me I was really important is that when you become an adult as a hacker and someone who's like kind of like done that Now I'll tell you I got a little bit of skips when I was a teenager with this stuff learning learning the ropes and pissing people off But what was really important to me was the fact that I was trying to find a place to belong And I didn't have anybody who understood my world yet So to them I was just this magician and scared the shit out of them and they didn't understand that I'm sure a lot of you have had that feeling when we were younger and so I moved in late 1998 Worked through some stuff had some fun got some jobs blah blah blah, and I'm living in this place called the loft It literally is called the loft. Yes, it was a cult. I wasn't a part of it I just basically was a cis admin for basically living because I needed money and I needed a place to live It was embarrassing. There was a guy named mercy He had this long beard new man when he ate all his food was in his white beard So I think he's probably arrested by now. Anyways, the point is I see these two guys His name one of them name is Tim and one of them a name is David And actually I for a longest time probably thought your real name is Hikari, which was kind of cool And I haven't really gotten over calling you that so you know, I saw them looking around The typewriter fonts awesome for this kind of conference by the way I totally broke the flashpoint rules of PR like type fonts, but who cares? And I'm looking at it and the reason why I know this answer right here I'm like, okay, these guys are hackers or at least one of them was yeah, I don't know about Tim yet He looked like the business guy, but So basically and the reason why I knew this is because hard Hikari had his briefcase one of these and This briefcase the minute I saw it. I'm like, okay There's either one of two things in there either this because that's what I would have in there or Something like this Which of course will scare they should out of anybody that if you're walking near a military building so So I of course approached them because I am not exactly shy You can tell I think not sure and so we talked and he was looking for a space and we met him And of course, I think we hung out from there on and like I was excited And I'm I'm probably this overwhelming like 18 19-year-old just running to these dudes that are really kind of introverted and quiet And it's like mommy right that's that's basically the feeling I had in my head because I'm like holy crap I'm not by myself anymore. This is awesome, right? And you hear about 2600 and back then you hear about DEF CON but that's still legendary and scary to someone like that's not even like Stepped into a community yet, right? I'm not going to DEF CON or or 26 and right. That's like stuff you add You know, you're like, oh my gosh, what is that? That's like, you know Then you find out 26 and there's a bunch of 40-year-olds living in their mom's basement still bit anyways So so basically I Kind of wanted to like look at it. So I by 2000 I think one I came to tour con right? It was September I believe we still had it back then Very different shifting time. I think September 11th just happened which was interesting obviously and You know Security all that stuff it kind of played into like obviously some of the climate that was already starting to shift, right? But what what took on to a young hacker like me was when I walked in that room the first year 2001 for me Was a safety net first time I could feel As humans I think and as especially importantly as hackers in a counterculture. We all want to feel accepted Validated heard, you know, how many times we yell and say you're stupid and vulnerable blah blah blah And it's not really about we think they're stupid. We just want to be heard We have some cool stuff. We're working on and I a minute I walk in there I find the safety net of people just like me most of them a lot much quieter than I am but You know still I'm like I and actually as much as I talked I listened a lot and it was really awesome, right? Another thing it was my first start. It was to young hacker 1920 years old It's a first start. It was like and you know the coolest thing is the car was introducing me as like a crypto expert I'm okay. I'm just starting to play around with it But he respected the work I was doing and he introduced me to others And and that was a really cool thing is like I I you know in my head in your mind your fears like oh my gosh I I'm probably not that smart, you know the imposter syndrome We all have and we're like, yeah, I'm probably just a fake and there you know all these hackers It's got to be really and you know, they're gonna be like, oh my gosh What a what a joke and we all have that feeling I know we do we have to humiliate ourselves at least once to get over it Right, but that's the feeling that I didn't get because someone like David came around and introduced me to people and He would take a highlight of something I'm doing and he would introduce me to the highlight of something else They're doing as if it was equal planes, you know And they became my friends Many times I've had you in the house Tim drunk his house on a bed that on a sofa that my ex-wife doesn't really want anybody touching and that really that was fun Big explanation there. Sorry, honey It's cool. He's just really sick. That's that's the that's the no-touch sofa. Well, that's why I'm divorced anyways so Yeah, not the life I wanted to live but either way friends You know the cool thing is I got I got the privilege and honor to help with some of the workshop seminar Buildouts because I was running a business at the time later and I was you know getting pretty I was kind of hacking business I was learning how that worked too And so it was like really cool So I I looked back and I get to see like the success of like work on it's like a whole week now practically And it's really really cool and I see so many people learning and sharing information But they were my friends, you know, they've been through that divorce. I mentioned they've been there, you know It isn't just a community of like my technical skills But you know you get to really have an underlying of who we are and how we're accepted and through all of those things They were there too And they were my community Right, they are they were what I know kind of an extended family like you all are in a way Even if I don't know you like I can't wait to meet this guy with his head shaking like this Yeah, right, but I don't know him yet, but I know I'm gonna talk to him later Right, so and that's the cool thing. We all share something and bond like, you know Some people in church they all share one belief, but we have something we share as a community, right? And it's my home and today I feel back home. That's why I'm nervous But I feel back home and this is the biggest honor I could ever have So that that's that's took on to a young hacker and I and I found a home, right? So 1999 2001 the hacker climate So our favorite movies. I think most of these are right. I was guessing with most of the audience I didn't get a time to do a survey did I miss any Or was that kind of it which one way? Oh, no, no, no, no, no, no wait wait for it wait for it Okay, wait for it That's their favorite movie to make fun of that's different Geez, okay, so we got war games. We got sneakers. I think we all love sneakers It was kind of like I want that job And you know the funniest part is when they like give him it's like a paycheck And then she's like not a very good living because he goes it's a living and she goes not again. I'm like, yeah Yeah, you talk now, huh? So so, you know real genius how many people really loved real genius So I was doing an interview for mr. Robot way had Jeff Moss on they had a few different things So think about like what hackers feel about mr. Robot show Secret I didn't watch past five episodes. I had a friend tell me all the cool technical things and stuff I just didn't have time and to I think like some of it's hard to get through especially on the drug references I was like, all right, you know get past two episodes of that. I got that. He's does drugs good moving on But basically by the time I got there and stuff It was kind of hey They were wanting the war games best movie right and like I was gonna go with the cliche. I'm like nah, nah real genius, man That's like some prank-ass shit man You know so and it's kind of like the way the world is today, right? It's like look, you know academics really secretly just doing stuff for the military Hey, you know so Real genius, you know, you some votes at least all right cool. All right, you know Val Kilmer, you know All right blue boxes when we were in this time were legendary But kind of like we couldn't really execute them anymore. They didn't do anything But the TGI Friday's down the street The one out down here you guys familiar with that TGI Friday's anybody go to it while they stopped here yet If not, you know, maybe go to it in back then red boxable It was really awesome And so, you know when you had your red box you like check it out And I remember a guy a phone freak friend of mine named lucky who'd be here I think I met him or here we go and you're like check it out. It's actually a co-cox We can actually you know red box this thing was kind of cool because you know to see that in action at that time It's fun But in the hacker climate who were we were mostly introverts mostly We were enigmatic to a lot of people Helpful I think all of us underneath this has always been like we just want to help others You know, even if it means that we got on the wrong side of law for a little bit of that And I don't think we're like haha. I'm evil. I think it literally was like whoops Whoops, my impulse got to me again. Oh whoops, you know, but mischievous. We like to prank people. It's fun This is why I like real genius And we were a little bit feared, you know 9-11 happens. I know that's extreme, but now everything is security National security, you know, and it was like literally like, you know, and we just had this fear It was like the rest of us was like, oh crap. Did you read the Patriot Act? Did you read the Patriot Act? Right like so But internally our climate was to have certain goals and I think we can all share these improved security You know, we literally for some reason find security as a well I was told by psychologists once we all love security because we're insecure which I actually kind of believe in a little bit So but but we want to improve security whether it's internal or external We want to learn and that was the thing that I loved about to work on. I just came here one Give me data, right? I mean just learn so much and we want to share and you'd think it was the most egotistical day of your Your weekend was that oh man, I really talked a lot about myself But you realize you're just excited about sharing what you've been working on and then you go back home And you're quiet again and you know back to your normal life and back to being an introvert No one understands me for until next year, you know, I can't wait till next year I'll get understood again, right and the conferences we had obviously were just Defcon and 2600 so tour con played a different role And I think that's actually important, but How many people had this toy back then 1999 and they're they're they're cool if they were cool They had this right the M 100 or 101, right? They actually kept a schedule what hacker keeps schedule serious like sleep schedule daytime, right? You know, ah, this was IOT You know Quotron anybody recognize this little device over here, you know what this talks really about we're fucking old anyways, and then I've got a game for you guys today All right, since we most of us are more in my age group or higher and stuff How many newbies any first-time commerce to tour con this year? We got one over here got there We got over there. Okay. We got a good crowd over here. This is great. How do you guys feel? Yep thumbs up you sign language. I don't I don't know what no Also, I do have an idea though So when you go to the parties tonight or tomorrow, you're gonna realize your voice is going to one run out I suggest next year you everybody learning sign language in a group So that you can communicate and talk to each other Well, there's hardcore music going on because really you're gonna want to talk even though there's music going on You're like That's what happens for like the next two weeks. So I say we do that plus there's a good side effect We can talk to deaf people and they're not upset about it. So, okay Game time name that terminal. All right. I give you a freebie one. So you guys ready? Which terminal Does this computer match? Come on Really? Thank you. Who said that? What's your name? Todd Todd wins the trash 80 kidding. I don't didn't bring those with me Yes, that would be fun though. I'm like, I'll send you a trash 80 buddy All right, so what I actually okay actually had someone send me their comment or 64 I was like really stuck speaking of I think you guys know this one and it's hard to see but which one is this Yeah, it does say that doesn't it I was like I could just cross it off But you know what okay someone describe it for me. What's it look like? It looks like that thing Basically big-ass computer you find your own monitor. Thank you Okay, and my favorite one Ah Let's see if this worked hold on come on come on. Okay. Wait this one. Yes This one. Yeah, I love this one. You know why I Don't know why but this is the one I grew up on this was cool except mine was a color monitor I'll show you in just a second. So how many had the apple to eat or two? Okay, how many had the trash 80 probably in schools most people didn't buy them They were in their school and you're like hey, it's in school the red button Remember the little red button how many had the Commodore I? Think you'd take it like an even around here You know it was really the battle of the computers back then right and so all right how many had none of them How many had none of them you youngers? Look at you first timers All right, so the cool thing about that though terminal stuff Was the fact that when you wanted to know a computer back then you had to learn how to program That was the user manual the programmers manual today. It's like let me watch Let's watch this show impressive button. We got Connor over here. He's gonna learn programming later probably but not because he has to so All right, so I got a cool thing. I'm gonna go back a little nostalgia my mom Has her awesome moments not all the time at all, but my mom has her awesome moments I have two things that I love. I love music and I love computers and My mom sent me actually recently all my classical music and stuff because I'm gonna pick up my violin again and do some stuff But she set me my Apple 2e from a childhood. This is really really really cool And guess what's cool. It's not it. They took very good care of it They gave me all the floppies for some reason all the games. I had was pirated I don't know about my parents right now But I don't have an original game except for who is we're in the world is Carmen, San Diego Because you had to buy that one because they did know how to do some DRM so But basically what I've got here is this is my first computer program I was like that mattered to me that I wrote when I was eight story is I read the computer programmer manual And I learned about X and Y plotting and basic Apple basic which is moving the mouse to the joystick and I had the square little joystick and so I as a kid Was probably destined for security because I played games in my head is such a spy Detective and I wanted to protect people Likely because I'm adopted it to and it has some kind of weird psychological syndrome that goes with protecting people But the point is for my head I'm the kid that's like I'm gonna be an FBI agent and I'm gonna make sure everybody's safe crap right now Not the FBI agent that you hate. I meant just as a kid. Okay, so I work for EFF. It's a badge everybody We're effing here. Okay. No So basically in my head, I always wanted to protect people right and then that that was my thing as a kid So I protected my games even the run. Hello mode He's got a thing going on with this one All right, so here is actually a startup I found my first big program and it's really cool. It might be hard to see but I'm gonna explain it So I start this thing up. Yes, the floppy disks actually work I enter a security code this uses get car Which means it doesn't show any like stars or anything the only vulnerability is that you could technically has no enter either So if you get the password right, it just opens up now This number right here is me taking my joystick and using it as a combination lock So basically what it does is you have to know the actual number in the position in the joystick that you actually have to put in There to open up and get to the welcome to the president's own backdoor. I just made shit up when I was a kid I don't understand it, but I Have to actually like review the code so that I knew what the numbers were in the passwords or I was like, okay Shit, I don't remember so so and then I can't see what that is But it's something probably just is you know kid like you know blah blah blah blah blah So basically I have to turn it one way turn the the combination the other way and then I have in a lock code I don't know why I chose Jamaica, but for some reason I chose Jamaica Maybe geography class. I don't know maybe a cool word to spell and then boom I'm in so my joystick was a combination lock. It's like dance dance authentication, but different, right? So All right, so basically I could then start that I actually edited me running dig dug on YouTube because it is a pirated copy of dig Doug because of my parents. I don't know what the heck. That's about anyways That was my first hackathon at eight years old writing some code and I still have it I'm really stoked about that. So anyways, all right. We're gonna go back to normal stuff now But I you know, hey, does anybody have all that what do they remember their first hack There were first feeling of this how many people still remember that I know we're old and they're getting seen out But all right, cool. How many haven't even done their first hack yet and they're here and they're going, okay I got to do it man. I'm gonna do it. I'm a step in there. I'm gonna go I was just gonna get over it man. I'm gonna pop that cherry. So no, how many and me and me. All right. Oh Pete'll shut the fuck up He's still waiting for his first hack people just don't acknowledge it yet Okay mainstream view 1990 and I in 2001 games are over. Let's stop playing games guys. Okay. There's your fucking movie There's your fucking movie All right, the movie messaging of what we were was basically 1999 2001 We like sneakers the rest of the world thought of us as these Hackers and they tried Sony really did try to make us look like we're like we're hacking the system man It's cool man. This is how we talk to hack the planet all day long. That's how we do it and You know, we use the most amazing gooey's You know they're really big just everything we do do they got off They just you know, it was like wrong and I get it. It's hard to do like good computer interesting stuff But sneakers did a pretty good job. I honestly like the little Everything's uncorrected and guess what's cool. It's the actual crypto scene and that was written by Rivest So when he was talking about number field civs, they weren't bullshitting. It was kind of cool. So So hackers was our freaking movie that everybody goes Oh, you're not gonna hack my computer. Are you when you fix my email? No, but that's like saying, you know, you're not gonna steal my car when I hand you my keys of LA dick anyways, so Swordfish remember that one. I think it was four hundred and I think it was four hundred and twelve bit encryption Or something that you had to break with your gun at your your head And I'm like, I don't think anybody did the numbers by 412. There was a 448 and that was one time That was blowfish. Okay But for 12 good luck, I don't know if they were truncating for a reason But if it is definitely a symmetric encryption, it's already broken. Anyways, so you just go get the tool Antitrust another one of those. This is this is the movies that the mainstream saw and this is what represented us. I Wish we were that good-looking anyways culture By this time we were 100% feared We were still trying to figure out if we get jobs even in the dot-com bubble, right? We were you know, we were probably sysadmins and stuff kind of secretly going man. I could take this place out No, but but we were a sysadmins, but we didn't get the job. We loved we wanted to work in security We you know, some of us may be lucky, but most of us had to figure out. Let's just start a boutique You know, let's just start my own thing. Let's start a thing to our con, right? You know, we're feared we must break the law even if you know We've never broken the law all of us must break it. You know that whole like 80 20 rule 20% of people did it And so 80% it's like that whole like I'm gonna ban gloves because you know a few people killed people with gloves But you know that I use it to keep my hands warm in New York So and then you know you have like, you know, obviously you did have stories of laws breaking Robert Morris all the other stuff that's going on and most of the time I'm gonna joke about Sammy later. Don't worry about it But you know most of the time it wasn't like I'm a bad guy. It was like literally oops Shit, my code is wrong, right? You know what I mean? So But we got the don't hack me brawl. Don't hack me brawl. Please don't hack me Right and and we were associated mostly when we think hackers with viruses, you know, because we hacked the Gibson with those Ironic parties later how you get in most systems is with a You know, so so the tour com impact to San Diego How I looked at it was it was a voice Now it's very different. Well, this is definitely not to work on we're so much better No, no, but basically this is definitely not to work on. It's like we're kind of like the big party, right? This is like, you know, this is mostly representative San Diego But also a lot of people come around and come here one for the weather And then to I don't know if this time the weather but to You know, this is a conference that actually had streamlined had focus had like things that we wanted to do and there wasn't this I'd say like I always try to say leave leave your ego at the login prompt I have never been to this conference feeling like someone had an ego which was really really nice Now, I'm sure we all do I definitely have one once in a while, you know ebbs and flows things like that like I said security and security but In the general sense you can go to DEF CON and within two minutes You're just like oh shit. I do not want to talk to you So, you know, and that's like that's kind of happens here I haven't really had that problem and when I have upset people they're just straight with me, right? But you could share you could share it to work on you could you there was an inspiration in the air There was there was things that got me excited now, and I'm obviously easily excitable. I'm dramatic I get that can't wait till I get old so I can you know fall and get attention, but So basically, you know, but I stole that joke But anyways, but basically to her I wasn't DEF CON or 2600 it wasn't about if you didn't need validation That's not what you were trying to do here in that way You weren't trying to prove yourself in this like like messed up, you know Mentally ill way of like hey look at me, and I'm cool and like it was more like whoa Everybody kind of swallowed there you go, and we're coming in like kind of a little hesitant at first But then like you know, hey, we've got some cool things. Hey, do you want to solder? I'll teach you You know what? I still have never saw her 20 years later. I'm gonna learn to solder this weekend I am going to I'm gonna learn to solder You know this this year actually for me is like 20 years as an adult in this industry. Yes I'm old shut up looking good though. No, but so I actually went and got I was in Hawaii I actually saw David and Tim in Hawaiian and a bell and I ended up getting myself a tattoo and The tattoo actually specifically and this is why this is important to me is is the tattoo was an inspiration of everybody's like at this point Oh Lance James you're an expert. Da da da da da, which not by even the closest mile, but here it says beginner So today I come back to Torcon and I feel like this impact is still with me I was listening to the reception last night and the world around us has definitely changed in the culture of hackers and stuff But what I did have was I still listened and I still learned last night I still heard and things that I've never heard before and I've and I saw the same excitement I saw the first time I got here. I Saw him being just as cool as he always has. I don't know, you know He's also just looking young just like he always has But you know, we had a good vibe there's so Cal right? Hey, Kari definitely represents that You know, hey, so But it's really about disruption and innovation I sat on the floor with I think Anton Rager back my first one like learning about VPNs IP sec I succamp and he let me just jive in a code with him and I I'm totally insecure about this and not even sir I can do it or but he didn't question that he just you know, he believed in me the minute I got there David believed in the minute. I got there. I believed in others the minute they got there You were accepted your ego was not here. It was like it was there was an ego boost You felt good. You didn't want to leave that's for sure. Maybe it was my marriage. I'm not sure. No, I'm just kidding No, you just didn't want to leave, you know, but You know and then we got to work on 2001 to 2003 for me. I found my pattern check this out Okay, so I attended September 2001 right and this is for me I'm feeling accepted and feeling inspired excited 2001 September October I started an open-source project now called it up but back then called I IP my language of choice at the time was C So basically I left to work on excited and wanted to do something so I could speak at to work on 2002 Right and literally I just felt like not just about the speaking but obviously I just felt really inspired a left They're going okay. This is how it works. We contribute. We do something cool so now My first panel was I think Utilizing invisibility and non-nimity to protect security was my first time talking anywhere and yes is even though I'm next to vert and seems natural. Holy shit, you know, that was Yeah, anyways, so but basically after that I did that talk in 2003 after that's that that that torque on I said I'm gonna do more. I'm gonna start a San Diego security firm, right and every year. I would go This is like this was my spot. I didn't go to Defcon for actually till 2004 5, right? This was my thing right here, you know and So when I looked at what torque on did for me as much as it seems like I'm confident and extroverted now There's there's levels of that there's a lot of stupid things as an extrovert you can do and stuff and put your foot in your mouth 100% of half the time all the time and so But when I look at it now and I go and look at the things that I have been able to do and have for myself and I look at Everybody else and where they've gone and all these things. I see that two are kind of offered confidence It may it said, you know risks are to be taken. There wasn't that fear built into this room It was make your voice known. I'm gonna do a talk next year, right? And it got you past the first one where you humiliate yourself on purpose Which I think everybody just needs to get past and then that fear kind of goes away and you're just like, okay Well, they're not gonna kill me, right? You know and it also said do what you believe in because you know when I started I a PI to P thing The car next year is like, yeah, Lance is doing this really cool thing, right? And then I get introduced to other people that are doing cool things in crypto or you know And he would network us all together right and it built, you know a bigger dev force and it built You know people I could talk to and learn things I also remember when I accidentally did an RM dash RF on Hikari's box by one. I don't know why I did that It was literally an impulsive extroverted problem It was not passive aggressiveness. I swear to God. It was just me being completely stupid. Anyways So there's also mistakes that happen. You know what he goes? It's cool. It's cool But it changed the game and one of the biggest things that taught me was to give back Right met whether it's forward or not, right and so that that's that now. I know that Trump doesn't believe in climate change, but There is some hacker climate change 1999 2002 security warnings galore, you know We're in that mode of like guys listen to us and of course we're not being listened to yet We might get a couple of media hits here and there blah blah blah and everybody's like, you know But we're just tinkerers hackers and what what people are afraid of us not the actual like problems We were talking about that wasn't going to be us doing them and they didn't get that they all they saw is Should I be suing you right now or putting you in jail because you told me something that I don't want to listen to? And that's what that's what our climate was at that time I I would go try to talk to banks and say here's this going on and I find out banks They're like ordered do not talk to Lance You know literally I'd find this out many years later. Well, don't talk to Lance He's got some stuff you don't want to hear about right and I did it in a very professional way everything It wasn't like, you know publicized it or anything like this, but this is this was the climate back then We don't want to know about that stuff, right? And we were always talking about what could be the scale and mass hacking attacks things like that And I'm not talking the stupid Pearl Harbor crap, but just imagine an onslaught of I don't know people just hacking into your systems And you're getting preached all year and all these things are happening and oh my gosh the OPM and all these things other things That could happen, but you know, they wouldn't or anything 2003 I think reality sets in Emerging I think the term became cybercrime Right, we got targeted foreign attacks not even just targeted attacks guess who the the guys who should be feared are not us It was you know, you know, hello, Mr. Hacker. I've got some pests in my election. Can you help me? You know, so So basically a reality set in cybercrime gets hooked, you know like a big hit You know, we got foreign attacks There's a thing called fishing that we've heard about since at least 1996 or more But you know, suddenly this is like now a thing that someone's got to write a book on and tell the rest of the people the world about right So we got malware malicious offer what we used to call viruses, but now we've got targeted malware It's not like it just came on the scene. It's just now everybody knew about it. So we had kind of this whole big I told you freakin so moment, but we didn't get to ever say it yet So so we set the stage now. It's good versus evil because everybody's gonna have a bad guy, right? You know hackers need to you know fight the wars for everybody else Yeah, so we got you know, we suddenly have jobs for hacker communities mostly blue team stuff But it's a start right we got you know invention of You know this reactivity causes this explosive industry growth that starts hitting from 2003 and a belong the invention of what's called threat intelligence Right and we have all of this stuff and we have these disruptive effects because of this explosion such as things like tour and free net We're already kind of moving but now it's like privacy and anonymity is even a bigger issue, right? And these things kind of continue ahead So what we termed as hacktivism back then was someone like me I actually wrote software for privacy reasons now We it's a bunch of dicks with computers that DDoS people because they want to play a video game or not play a video game I don't know and then wait, you know the cool thing is that itp tore all of these things They they started getting government interest, you know as much as EFF interest F&A, so You know when we look at that, you know peer-to-peer was a kind of a thing It was starting to really kind of kick out now. Obviously we look at it today and so But you know we also had the file-sharing wars at that time that was a fun one, right? Anybody ever get like a letter I got a letter twice or three times I think it was what movie was it? Secret window that one was one. You know how it got out of that though Yeah, I run a security firm and I have a honey net set up at my house and We didn't know that distribution was on. Sorry. Cool. All right. Thanks. Bye. Bye. All right Don't you can only do that move once though. Just say just saying I Learned real quick. Oh So we had DRM which was basically fear versus innovation and of course I think we all know the basic gist of the story is Apple iTunes kind of changed the game and made the vehicle If you want to get into detail or debate of who did that a really but basically, you know We went through all of these things right so and now we have these things called a PT or advanced persistent marketing I mean advanced persistent threat It's a human-oriented targeting concept aka at spies learned how to use computers, right? And it's a shift in thinking it's this agile like look at us as castles and guess what's happened Is the invention of gunpowder just came out and oh shit all our castles are falling? Right, and so hackers and intelligence community suddenly become closer. Yes, I Became friends with some of the FBI guys because they just were helpless and I felt bad. I actually did I was like Oh, you just need help Just need help. I can make money here. Okay. You could you could you can you I'll help you so and Our new competition arrives a lot of people want to call them adversaries I call them competition right one the reason why I also wanted to help wasn't really just about the money It was like oh hell no, you're not gonna make it out like all hackers are bad guys We are not gonna give them a bad name. I am gonna go after these son of a bitches right now So basically here is the new business that gets on the market Which is no different than a structure of normal business because what it is this is a full-on operation malware operation swift operation Any of those heists that you see this is that system. This is crime. We're as a service You know, so we got this new shift 2003 to now. How do they get so exponential? Well forums Right, and then you got like some kingpin or enterprise guy that doesn't even know how to code and he goes You know, I got a really cool idea. Let's rob some banks, right? Let's do American ones because you know, we don't like them because you know Hey cold war and all so then basically what happens they'll recruit a developer within a form They'll develop that they'll produce a product for the enterprise to recruiter there and then realize I don't have an NDA I think I'll just switch my handle I'm gonna make a new product and done and then that person basically goes in the same cycle makes a product for himself becomes an enterprise Gets rich and then pays other people to do the same thing and this whole thing has become an exponential problem The division of labor lowers and basically it's not even like the skills. We have it's that these tools are just out there now Right, and I think we all know that and it's like it really makes a bad name for us, right? So and so now suddenly the defense isn't firewalls It's different it's Information sharing right now we've talked about this for like information share. What are you talking about right? But now the view has been that because we have this new unorthodox community that's formed which includes Industry hackers law enforcement and intelligence communities. We're starting to learn this new tradecraft about information sharing So when I was in 2003, I would talk to ISPs and say you got some shit. Can I get your hard drive? I'll give you a free report and I would learn about fishing and these russians and all these cool fun things And literally was about this whole like communication of like this because criminals they share this information We don't have NDAs to protect, you know, they just do it and so we were like exponentially just going Okay, this is gonna have to be a thing We're gonna have to share information which is still by the way a very difficult problem for some reason even though We're here to work on and always share information Just saying all right, so we were kind of used to that So now it's like info sec in this is how it goes it meets the tradecraft of intelligence Right, and then we get this whole thing where it's like now we have to like learn these things by the way And half the time we're faking it we're just like all right, let me go look that stuff up real quick Okay, I was kind of gonna just do some exploits, but fine I'll learn about the CIA model and the Lockheed chain of cut, you know other stuff So basically the whole thing now is info sec defense is we have to learn their adversaries or operational framework It goes back to the human again It's not bits and bytes people aren't gonna actually be chasing that we can patch all day everything like that obviously we know that Right, and so now it's all these like let's find some predictive insights and detection And so we have this mix now and guess what Katie Masouris I think nailed it But you know war games was a neat thing because you know when we looked at that That's what caused Reagan to actually react and create the anti-fraud and abuse act title 1810 30 so that you know We can be afraid Now then today we've got articles such as not all hackers are evil by Katie Masouris, which is awesome By the way, she's awesome. By the way, she changed the game By making us friendly by building bug bounty concepts so that we'd have escrow systems to get along You remember when the companies were just furious if we you got a vulnerability. Sorry, you're under a wrestler, right? Did happen to me once right? Okay, and so basically and and she changed that and built this escrow concept of saying Here's cooperative game theory We're gonna make it so that you get the problem that you want solved and your risks are lowered and the hackers will stay away from you But they'll also hack you it's gonna be great and it is and that's what's really really cool Is it took some creativity to for us to adapt in this new world this is what everybody's still afraid You know our job is to hunt hackers fight your wars for you You know things like that, you know get those Russians out of people's elections, you know stuff like that Like that's our job these days, right to hunt hackers. So we have to hunt other hackers Good news. You're all here. Just kidding That was easy and then there's this thing called attribution And so people have gotten used to we're used to IP's hashes shahs all you know domain things like this And then there's this new art form that then we have to suddenly go This is what we're looking for motivation objective timeliness resources with tolerance So we now have to study and learn human psychology all these other things that go with our play Which I think we already knew that psychology was a big play into security anyways, but this is that but yet You know, we don't really call it that This is our target, but what they call attribution is like North Korea China You know when it at first you don't succeed just blame China that kind of thing, right? So I stole that joke too. That's my curtain But basically, you know what happened. What was different? What's going on here? So yesterday's youth we had how many people had to 300 bot. I don't know if we wow you guys are really old cool, so Okay, how about a 14 for who started on 14 fours? All right 1200 anybody started on a 1200. All right Do we have 1200 we have a 33 6 do we have a 36 everybody? All right, so 33 6. I started I think on a 1200 at one point and then I got over to because I didn't have a modem on my apple 2e bastards, but you know hey But anyways remember when we had to wait for every little bit and bite and every bit was cherished literally like okay I'm waiting for this bbs to start Like you know we don't have that anymore right there's this long game in center We're like crap. We have a we have to write code to get this thing to work You know I wrote code just a dial on my modem right like it's like you really have to do this and then today tomorrow's youth You know access is what it is in a good way right except that there's a lot of not understanding They think ruby is a good idea, so You know and then there's the barrier to entry to anyone which I do love for instance There are a lot more women here, and I'm really thankful and happy of the diversity here And that is awesome because it wasn't like we were pushing anybody out It's just you know We were just kind of a bunch of dudes like trying to figure stuff out But we're seeing those barriers to entry everybody's has access to the same information Even if you're almost broke you can get a smartphone for 20 bucks and get on the internet learn some stuff Right, and you can't so there's not this this the depletion of class systems anymore to succeed in that way It is kind of causing an equilibrium is also probably causing what all the weird shit in our come our world is today But so what you know take out the middle man see how it goes And but but we're driven by short-term driven incentives when you see a hacker today It's about internet fame and in ego and if I can you know Swat you or you know DDoS you and I'm cool, and you really just don't appreciate you know I dare you to write that code anyways So we got security media then and now back then tour con one was needed no one was listening when hackers yelled You know we're kind of like a movement, but didn't know it yet Gray hat approach look what I found you're stupid. You're vulnerable how many people know this one I did this I had a whole Twitter thing of this. Yeah, you know look at you. You're dumb You know and I'm slightly famous for a day and that's a reality for us is we got our ego trip We found a vulnerability we tried to let him know because we felt like they weren't listening And it was true that was kind of the vibe and then today You know the media shifts there's a PT1 report comes out and makes a billion dollars You know they swear it was for the good of the country, but you know then cyber goes mainstream You know cyber cyber, right? You know that was originally a design from refers to sex, right? Hey, you want a cyber right so ASL baby You know and then Security research and marketing find they become friends Sometimes you're like I think I sold my soul to marketing right how many people feel like that sometimes we definitely do We're like oh, I think I sold my soul to marketing, but but we did find a home together They know how to push what we're doing in our security research, which is powerful because that's their area They it's PR for us. Yay. We're all famous But it actually has helped I don't agree with the AP 21 report in the sense of like the approach because that was like bone crash and you know Whatever, but it shifted for us and in a way it's kind of like all right now We all have jobs. We all have ways to do this heck. You can't hire enough security people There's a gap now because of the fact that not enough people know what we know And then we look at the evolution of targeted attacks Which is basically I started and I was wrong in my first book I wrote a fishing exposed book and I was like mr. Fishing guy expert dude, and I was wrong I was like I literally didn't think spear fishing was gonna be a big deal And so I look back and I'm like oops. I hope they don't read that line. So But basically, you know, we go from serial campaigns, which is like, you know You guys remember the PayPal the ones that just come in your box all the time in the back the Bank of America I swear I'm I swear of Bank of America I swear just log in go ahead right and so they would hit all the customers in serial mass Which is tiring even if you have to just press buttons to do it But like it's tiring your finger gets tired and you're just like okay I gotta do this another two weeks and run another campaign. No do this But what change was then they also realize wait we can hop over the fence and We'll just target inside the targets of the world literally target target. That's a hard one And we get target we get all that and everything changed how many people have a chip now in your wallet with The thing right almost every single person who doesn't have a chip in here get the no So thank you Krebs for putting that out there I know that you know basically but basically the target hack kind of changed the game and find us finally got us caught up with UK and Have a chip even though they've been doing it for almost 10 15 years So basically organized crime and all of this stuff when we heard about like back then I could actually track organized crime I could tell the difference between a nation state. I could do that now I can't right nation states always did the precise hit them on the other side That's why I was like spear fishing ain't gonna be a big thing. It's gonna be a few people It's gonna be governments and they're gonna do their thing and you're not gonna hear about it. Well, obviously we did But you know an advanced persistent marketing threat is you know any of these things today, right? So you can't tell really the difference. They're all using the same tools, right? So the evolution is different now and we've gone from back orifice I'm gonna please tell me you remember that one How many people like mess with people and like did the whole like Darth Vader plus CD-ROM opening at the same time thing where it's like And then it's like every time it goes out the sounds making a Darth Vader thing I really want I'd love doing that to people just scan the internet just You know, and it was just like, you know, it was great So from back orifice everybody, you know, you you have to admit some of us you scan and you just mess with people's computers Come on come on. We all did it. You know, it's almost impossible not to So BO comes out right scares the crap out of people greatest name in the world's called the dead cow Right and now now we have basically DVR. So it's like it's like we have mirror I you guys took anybody you at the seminar yesterday the disrupting mirror. I things like that Okay, so we are gonna I'm gonna brag flashpoint was the one who got the name and figured out who that was But it was really not even flashpoint was Allison Nixon. She's kind of awesome. So But you know, I remember the news and it was like everybody's like is it Russia? Is it China, right? I'm like, it's not China You know and it and so it was like that it was basically it's not Russia Right, hold on. That's right Hold on Teenagers with your TV in Vietnam mostly basic, but basically it's a bunch of 2004 DVRs that have You're gonna love this Telnet Telnet's open it's default and if you actually even reboot the router after you've changed the password guess what happens It goes back to default And you're sitting there going I thought we fixed this But apparently now we have problems like we think about like recall issues or like oh Well, what if a manufacturer just decides to do it their own way and now we have to worry about those problems But isn't it funny that you know, we can talk about 1999 to her calm one You talk about today and this vulnerability would have been This is a tour con one vulnerability people So the only thing is is that the internet is a lot more has more targets So we literally have the internet when I say that it really means just half your TV shows that you wanted to watch went offline You know so basically this is that's what happened It's basically tell net scan the world of tell net machines Infect them drop something in there until it reboots and basically you can DDoS the world And we thought it was Russia and it's teenagers with like super super You know like high-speed DDoS, which is kind of cool and the reason they did it was they were upset about a video game Seriously, they were trying to target a video game company It didn't work so they went after freakin the the What you call it the DNS provider boom. Whoops, right? And I'm sure it was a whoops so So testing one two three Microphone is now on we're here night to work on 19, right? And I'm probably gonna go over by like two minutes, but don't hate me. So But microphone your fault. Anyways, you guys were late Hackers are now Hollywood man. Mr. Robot all that fun stuff. I've gotten to be on the news a lot It's like cool, and I don't feel afraid. I mean they still get the jokes like we're just gonna call you the brain on blah blah blah And I'm saying all right and don't hack my computer, right? You know that kind of stuff. I love I love I still get those I'm you know, I'm starting to try to do talks on like hey, you know, stop saying that it's really annoying The question is are we responsible now that the microphone is on this is a son, you know We still do a lot of stunt work, you know, I hacked your car or phone TV, and I think that's fine I'm not saying I'm judging anybody or anything like Charlie Miller is actually really talented dude That is awesome to know about But do we know you know what I have I mentor a lot of kids now, and they're like dude I just like got it where I played the speaker on someone's hotel room next door Cool. Do you know how to fix that would you know how to actually fix that if you were the hotel manager and the CISO of the company and you know No, right right so so it's cool. We can do all those stunt works There's tools there's things like that, but the question is is it solving problems Are we actually solving the solutions in the long run? We can point out the vulnerabilities. That's fine I think we got that that that clue real quick. It's we're vulnerable now We don't need anybody tell us that opm target JP Morgan. I mean, I think everybody's got that now We're like from the castles, you know the gunpowder days and now we're trying to go Okay, it's gonna be painful for us adjusting to all this gunpowder, right? And it's we're in that painful time. We're in that painful time There's also issues with ethical disclosure. You guys remember the concept of ethical disclosure, right? You know 30 days 60 days 90 days, and it was like big topics, but most people at least it here just 30 days You know and and and now companies don't adhere to that They just want to get their content out because it's king. It's money. It's bacon data is bacon. You know new bacon You know and and then that's a thing got me content truly is currency today in sneakers information is it's all about the information? Well, he wasn't lying You know and we see these secure by marketing approaches, you know, thanks. I'm I really love that padlock. Thanks I made it out of clay You know seeing a few of those and then politics and hacking dice roll dice function rule Basically political attribution North Korea and we want to rush to it like you know, we know that North Korea hacks Sony even though 23 people in last two years hacked Sony and it's like the village bicycle and everybody gets a ride on Sony, but like my point is is How do you actually even know which hacker was what to what and you ever heard of false flag concepts? Like, you know, you're supposed to be the military deciding this right? So it's really really funny because it's now just become this political tool I'm literally watching a debate between who hacks Swift on two different regions on Different sides of the West Coast between two different agencies. I'm like, they're literally fighting over like this person I'm like I've watched this and I'm just like okay. This is all politics. It's all pressure. It's just reactive pressure, you know And attribution to me is not a country. It's a person, you know Hey who actually put their fingers on that keyboard, right? So so these are our things Are we are we being responsible? Are we keeping you know? What are we gonna do about those pesky Russians? Last but not least mainly because I promised Jeremiah Grossman. I would get him back by putting him in a in a in a talk of mine and So this is also stolen from my current, but this is awesome Rami how many people watch Mr. Robot? How many people liked it keep your hands up if you did decent okay more people liked it than watched it great So Click theory anyways So I just thought this was funny Rami acts like a hacker You know it was actually it's pretty good accurate except for the first scene on the tour exit nodes where he's like You know you're running a child porn thing on this like you know on the tour But he's actually not and you can't run your own service and go through exit nodes It doesn't work that way, but you know, I'm not gonna correct you guys But like it's fun, but you know and this is Jeremiah Grossman We do think there's a slight resemblance, but you know more smiles from him You know, but this move this show is also played a big influence, but I think what's more important is The a special thanks goes out to Torcon because we talk about influence and for me You know, I want to just put out a big thanks Dave Tim Geo Carlos Matrix DJ tonight that that was new to me actually Beetle No, I love you, bro Riverside Sammy or still my hero still Still still me here. I watch his work. Oh my god. He's kind of the cool cat in the crew. He's like the cool guy He's always pushing that There's mom She's literally been here from the first the first start. Please stand up actually, you know what she's been Oh, you got to do it. Come on. Come on. Come on. She is literally supported as a mom That's a mom right there, right? And so many others and you guys you guys make this obviously happen I just wanted to thank though you guys for Torcon especially for It's a start for many including the new people It's an inspiration tool. I think all of us in any ways. We always try to see what we can come back with next year It's a safe community But I really just wanted to thank you for offering your home and that's I think what it is for all of us as a home And that's my speech. I don't think I have to ask for questions, which is kind of cool So thank you so much appreciate it