 We'd like to give our attention to Chris Hadnaggy. Does anybody not know Chris? The one with the man crush raises his hand. I think most of my employees... Who are you? We certainly appreciate Chris here today. He's a big guy, but he's got a big heart, and we all know that, don't we? We appreciate all he's done for our social engineering as a 16 years experience as a practitioner and researcher in the security field. He certainly puts efforts forth in training, educating, and really helping to drive the awareness that social engineering is one of the top threats in the security industry. Let's give our attention to Chris Hadnaggy, his theme is S.E. vs. Predator, using S.E. in ways I never thought. Thanks guys, appreciate it. My voice is going as every DEF CON as you know, so by the end of this talk I'll sound like the godfather. You're like, I'm going to send you an email you can't refuse. We'll go with that. Okay, so my job is awesome and fun. It really is. And a lot of people ask me, is it really fun? And it is, think about it. Every day I get to hack people and I get paid for it. And that's really cool. Oh yeah, I didn't start my timer. I have extra time. Anyhow, people ask all the time, how fun is it? You think about it. I get to send phishing emails every day. I get to fish people. I get to break into places and steal stuff. And it's all legal. That's kind of cool. I don't get to go to prison for it. I get tased a couple of times once, but you know, it's all fun. You know, you think about some of the things that I've got to do in my career. I got to break in over dozens, dozens of places. I've sent over 15 million phishing emails in my career. All legal, by the way, pretty cool. I've made thousands of phishing calls personally and my team has made thousands in addition. I got to write three and I'm now going to announce I'm working on my fourth book as we speak right now. My first book is pretty dated, right? It's pretty dated and it's got some bad information like the whole chapter on NLP and my three Wikipedia references that made me a moron. Those are going away and I'm rewriting the book and I'll just tell you now, this will go nowhere out of this room, right? It's going to be called Social Engineering, the Science of Human Hacking. And it will be out in early 2018, so I'm working on that now. And I get trolled by Dave Kennedy nonstop, which is fun, you know? I mean, kind of, maybe. No, not at all. But it looks like fun sometimes to the outside. And I get to travel the globe doing things like hacking people and teaching and meeting all sorts of cool people and I've reconnected with so many students here at DEF CON. So it's really a fun job until it stopped being fun all of a sudden because I did a little research that involved looking at how pictures had automatically embedded GPS data in them. And I started talking about that research publicly and I couldn't get anybody interested in it until I met one reporter. Her name was Lori Siegel. Actually, she's here. She's in the back right there. And she invited me to come on CNN and we got to talk about a couple topics and one of them was how these images are being leaked on the internet and that people are using them to geolocate women. They're being harassed. There's a slew of revenge porn that this was being involved in and we got to do some really interesting research. And at the time that's all it was for me, it was research and I got this really cool time to go and talk with Lori on CNN and be on national television talking about revenge porn and at the time again it was still just research. And then things changed because all of a sudden I got a lot of phone calls and I got emails from women who were victims of revenge porn and they were asking for help and there was nothing I can do. There was absolutely nothing I can do because to fix the problem you have to hack someone else's computer to prove that it was her ex-boyfriend or husband or whoever that uploaded those images. I'd have to do something illegal and it felt really bad. It felt really dirty because here I am, these poor women saw the news story and there was nothing that can be done. So we started putting together some resources to help them. Some information. We would give out an email that was kind of a template to give them places they can call, places they can go to for help but still there really wasn't much relief but it did give me some semblance of relief that we had something to help for but it was a big eye-opener. I was doing my job, doing the coolest things on the planet I thought at least and then reality hit, right? Reality where all of a sudden you're realizing that there's a lot of people out there that are being affected by these things in very negative ways. And as you can see here there was just some real problems and then I had another interesting thing occur. I had an organization call me, government employee. They saw the news story with Lori on geolocating pictures and they wanted me to do something that I really didn't feel comfortable with. We all remember Ashley Madison, right? We all remember Ashley Madison and Ashley Madison, you know, it's not a great site of course, you know, unless you're into cheating on your spouse but the thing about Ashley Madison that was difficult for me when it came out as a breach was that you didn't have to authenticate, right? So if you had an account on it, I can sign up and Ashley Madison with your account. There was no two-factor, there was no anything. You didn't get an email back saying, hey, you really want to do this? You signed up. It was just, you went there, you put an email and you got an account and then there was no proof that after you got the account that you actually did anything wrong. So we had a lot of companies that were calling saying, hey, can you scrape the breach data and see if our employees are there and I was like, no, I don't really want to do that because it feels like unless you could prove that the person was doing something wrong, you know, why we want to go on this witch hunt and that's what it kind of felt like to me, it was like a witch hunt. So I kind of declined that and then I had this one client come to us and they said, look, we have a reason why we want you to do this because we see some traffic on our network that was encrypted and we think it goes to places that involve child pornography. So we just kind of want to see if we can look at the traffic at like the Ashley Madison dump and see if anyone in the organization has done that, then maybe out of their hundreds of thousands of employees that they had, instead of looking at all of them, focus just on those and see if those people were doing anything else sketchy at work. So I did. I said, okay, you know what? That's a decent thing. I can think I can do that. So I raped the data and man, we found there was thousands of employees that were on Ashley Madison. So, you know, I made a little database for them, handed it over and said, you know, use this sparingly because you don't know. You know, again, Mike gave them the whole spiel that we just talked about here. And lo and behold, there was an employee that they were able to target and he was using his government-issued phone and devices to take videos of him raping children. Yeah, pretty sick stuff. And he was trafficking children in the Philippines. And Michelle and I were sitting at a restaurant in D.C. with the head guy while he was landing from one of his trips and being arrested. And that felt good because where's he now? That's where he is. That felt good, right? Not of course what happened. That felt horrible. But it felt good that there was something I did. I never, I mean, I'm just a hacker, right? I don't even have an education. I'm like, came out of high school, got kicked out of college for running a war dialer, you know? So I'm like, this doesn't even make sense. And now I'm sitting here and I'm thinking, wow, something I just did had a profound effect and maybe saved children from being hurt. So that was a really big deal for me. It was like kind of a pivotal moment in my life where my career started taking a turn and I said, I can actually use these skills for something else, right? And then I got a phone call. Phone conversation went something like this. Like, hey, can you help us catch a guy who's trafficking children? And I'm like, you don't really want me, right? You probably want the cops. You don't really want me. And they're like, well, we need to establish there's enough proof because the cops won't do anything until there's proof. So I said, OK, you know, maybe I can come and talk to you guys. So I went and I talked to this organization about helping out. And come on. This was such a heavy topic. I had to add some humor here somewhere, right? Because, you know, we're all getting pretty somber. But yeah. So I thought, OK, you know, maybe I can do this again. Maybe I can use SE skills in a way that I never thought of using them. So I sat and I said, let's come up with a game plan. And here was my game plan. We were going to do lots of ostent on this guy, right? Because I wanted to feel, before I did anything, I wanted to feel that there was some semblance of proof that this guy really was a child trafficker, that he was producing child pornography for sale. So I did lots of ostent. Then I established my first plan was to establish that he had his first ticket, his plane ticket, and that his first one was alone but that his second ticket was coming back with two children. OK, so that's what we had understood. And I need to establish that that was a real fact, that that actually happened. And then third, I wanted to obtain his home address. Now, of course, we had a bunch of other stuff going on in the background. So they were collecting data on what he was doing and trying to tie it to him, and then this was my job. So that was the plan. Now, before I go on, I need to say I'm not a lawyer, but my lawyer said that what I'm about to do is OK. OK, so I'm going to hope that they led me the right way. Because I'm going to play you some altered phone calls of this exact case and the things that I got to do. OK, so we're going to talk about it as a stage one. Oh, sit, we doxxed everything. I had this guy's family here, and that's a great one, right? Research. OK. So I had to establish everything. I needed to know his family history, where he came from because he wasn't from America, I needed to understand. But he was living in America at the time. So where he came from, the places he travels, where he likes to travel, his likes and dislikes, you know, and as disturbing as this is when you do this work, you realize you got to actually look at them as a real person, right? When you got to take out the fact that what they're doing, and you got to say, I need to understand it. This guy may like the same music as me. He likes baseball. He may like the same things as me, as hobbies outside of hurting children. He has hobbies. I need to understand those because depending on the attack vectors that we're going to perform, I needed to know all of that. What businesses does he say he's a part of? Where has he worked? The licenses that he may have, things like business licenses, other things, and then, of course, any house's apartments, property, and other things that he would own, that we would then be able to obtain information on him. This is what we call profiling, right? So this helps develop a profile on this target. So we have a target, we know all these things about him, and now we can say, here's what we can utilize and all this information to target this person. After this was complete, we had dossiers. We could write a book on this guy. Then we moved to stage two. Stage two was calling airlines over and over and over again until we found someone that could confirm some things, which was confirm that he had a flight. Give us the details of the flight. So what pretext did I use? Well, I developed a pretext that I was his assistant. I was his personal assistant, and that I was verifying flight details because he had some very important guests flying in with him, and I needed to make sure, because he had a messed up flight before, he was a lot of stress and anxiety with the messed up flight. Now I need to stop for one second and say something about this call you're going to hear, because I'm looking out in the audience there's a ton of students that I've had in my classes here, and what I'm about to play breaks the rules of what I've taught you in five days in the course. So this may seem a little hypocritical, but I want to explain. First, our mantra is leave them feeling better for having met you. That's our mantra in professional social engineering. We do not use fear-based or threat-based pretext ever in our work, but those rules go out the window when I'm dealing with pedophiles. I don't care how they feel at the end of the day, and I don't care if they feel scared with my pretext. So once I can establish the fact that I think this guy is legit, then those rules go out the window. Now that may be self-justification, but there you have it, okay? So after 20 calls, here's what occurred. Let's listen to this. Hi. Sorry about crying in the background. My name is Paul. I'm a personal assistant for it, and may have some very important guests lying in with him on your airline, and we had so many problems on the flight out. I just need to confirm that the tickets are still active and that he has seats right next to each other. Can you help me with that, please? And again, just excuse the noise. I'm sorry. I have a sick kid, and I'm trying to be a doctor and trying to take care of this now. Oh, I'm really sorry to hear all that. I will get your confirmation numbers. Will that help you? Okay, I'm sorry. I'm driving, but let me just see. My boss basically just called me and chewed me out, because normally I do all these checks before he flies, but my kid's been super sick, and I'm a single dad. So I think he gave it to me. I have a note here written down. Let me just see if this is it, but maybe an old one. Is it XDCVFW? I'm sorry, though. That is a confirmation number, but is that the right one? Okay, let me see again. I'm driving. I'm sorry. Can we look it up by its name? Yeah, let's try. What is his name? Okay, let me spell it for you, because it's a hard name to spell. Yes, I do see XDCVFW. Okay, superb. So what I need to confirm is that he's going from... and that there's two other tickets that will be children that are booked with him. Do you see that? Let me take a look. I'm sure I can tell you that. I understand. Like I said, I'm driving to a doctor right on my kid. I don't have all this information on me, and he's really not happy. I don't know how your boss is, but when he gets upset, it can really be bad. The flight out was delayed two hours, and he missed the meeting, so he was mad also because of that. I know none of this is your problem, but I could just really use a break today. Okay, okay, hold on, hold on. Okay, listen. I do see his tickets going from... to an... He does have two tickets, and those are red extra, so you don't have to worry about that. Do you want those company shivers? Yeah, you are a live shiver. I would love to have them. Thank you. I don't know. I don't think he'll be there. Okay, I can't thank you enough. You probably saved my job, and now, if I need to call back, I don't have to go through all that. So, look, I gotta run to the doctor's office now, but I can't just... Man, you really... You gave me the break I needed today. Thank you so much. No problem. I'm glad you're there. Have a good day. Thanks for your time. Okay, so crying baby works. Crying baby works every time. I'm just telling you. You hear it, and you automatically feel sad, right? Especially single dad things. Again, student, student, student. I'm sorry, that breaks all the rules, okay? But we had to do it. Then, when we established that he had these flights, I got confirmation numbers. I established that he had two children with him on those return flights, so now we just need to get his home address. So what we did is we knew through other OSINT, because he had a Facebook page where he posted normal things, and when he traveled to make his travel appear normal, he would post pictures about his travels, so we knew that he rented from a certain rental company. So my pretext was going to be... Let me get to that slide, yeah. So my pretext was going to be that we did OSINT on the area that he rented, and we found a local pizza shop. So we got a pretext that I'm calling from the pizza shop, and that this guy left his iPad after he ate lunch at my pizza shop. And what I wanted to do was return it to him. So I'm going to try to get his home address from the rental car company so I can mail him his iPad back. And we knew this was going to be difficult, right? Because, I mean, man, you're calling a rental company, and they're going to give you some strangers' address. So again, I'm breaking another rule, students. I use bribery of offer of free food to the target. Forget it. I'll give you the end of that in a minute once you hear the call. Hey there, this is Tony from Big House Pizza over on Fifths. Oh, I love that place. You guys got off some pizza. I got lucky. I swear, there's going to be some free food in it for you, okay? What can I do? Two little girls. They had great lunch, paid cash. They showed me pictures of his dogs and his kids and the travels on his iPad. He leaves and one of my gals goes to clean the table and his iPad's sitting there in the seat. He left with a budget rental agreement that's sitting in the iPad, so we just figured that, you know, that's where he rented the car. I tried to get in. I think it's passworded. The rental agreement is like torn and wet, so I don't have a name on it, but I figured I'll call you and see if I can get it. This happened yesterday, so it wasn't even today, but I got so swamped and it was sitting on my desk, I figured I'll try it out. Now, I got a name from the rental agreement, but no address or anything, so I'm not sure. What can we do? Well, let me see if we can return this car. Okay, I'm ready to catch him, and you believe you're here? Okay. Okay, so let's check. That's a good idea, but his name is... Ah, Chef Tony, you only left, and then you returned the car. What do you want to do? Darn, man. Okay, so this iPad looks brand new. He's probably freaking out thinking he lost it somewhere, and it's passworded and locked out, so it's probably not even online, but I don't know, how do I get this back to him? If I had his address, I could ship it to him. So what if I give it to you, and you look up his address and you ship it back? I'm sorry, man. We can't take responsibility for this. We tried to get in the car. So I'm not supposed to do this. You're a genius. Yeah, you know, what's the address, man? You know what, Chris? You're awesome. This is going to be a 25-dollar gift card for you here. I'm going to put it in your name, but what's your full name? Oh, you seriously don't use that button? A lot of people do. You know, where I got this guy's iPad, he had two beautiful kids with him, and he's probably wondering where it is, got all his business stuff on it, so you just saved my day, and it is there, so I'm 25 bucks cool. Thanks, Tony, this is awesome. No problem, man. So I called Big Dallas Pizza, and I bought a 25-dollar gift card. I didn't want the kid going in there to get his gift card and be like, what the heck, you know? So I wanted him to be rewarded for his work. You know, he did help me out, so he gave me the guys. No, he went in and I just, you know, I don't even know the follow-up. It was good. Yeah, I called him and just said, look, some kid's going to come in. We're giving him an award for great job at work. His name is Chris, you know, and last name, I want to pay with a car 25 bucks. So, yeah, he got his pizza. So we handed over all that oscent to the federal government. We handed over all the call data. We handed over all his geolocation data that we had. We had handed over his proof of flights, and that was enough for them to start the investigation into this guy. So that was rewarding and exhilarating, but you know, you can ask my wife, there was like many nights where I didn't sleep very well or at all because of the things you're dealing with. And it took a dozen of hours and there was a lot of stress. And it was not my job, right? So I was still running the company, trying to keep my employees employed, you know, my family happy while doing this. And that's when I started to think. That's when it hit me. And I looked just like that gorilla when I had this thought. I said, what if I could harvest talent from this amazing community that we have of people that are just so smart, way smarter than me, and can do things that I can only dream of doing, right? There's a group of people downstairs right now hacking a car, okay? There's people in this community that are amazing. And we can build tools to track and uncover perpetrators, people who hurt children, people who traffic children and spread child pornography. And that's when it hit me. I needed to start something, so I did. I started the Innocent Lives Foundation and it's an actual Real Foundation 501C3 Foundation that is being launched today, as a matter of fact, here at DEF CON. So a little bit about it. Here's our mission statement. I'll tell you the story of how it came about in a minute. But our goal is to unmask anonymous, online child predators to assist in bringing them to justice. Now, what does this mean? Because we're not vigilantes, right? As much as I want to, dawn a Batman outfit, which was really bad on me, you know, that tight. No, I don't want the cape, because if I put it... And dawn a bat and go beat these people, that's not the goal. It's not the goal, right? We save more kids by turning all this information over to law enforcement and to working closely with law enforcement in order to have them brought to justice. So what I did is I assembled a team of people that can help. So I talked to Rob Berra. When I put Iron Man, I don't mean that as the moving Iron Man. This guy runs Iron Man like I eat pizza. It's unbelievable. He's the most in-shape person I've ever met in my life. I think he actually eats nails. He's an ex-army ranger, and he's experienced trapping traffickers. That was a difficult sentence to say. So he tracks human traffickers. That's what he's done for many years after he exited the military. A wonderful guy that has a lot of skill in this area. And then I talked to Tim Maloney. He's not only my business lawyer, but he's also very heavily involved in the nonprofit world. And I figured if we're going to do this, we need a lawyer to help us out. And then I spoke to Neil Fallon. If you don't know Neil Fallon, then get out. I'm just kidding. We developed a friendship over the last few years because interestingly enough, I reached out to him to come on the podcast. And at first he's like, who's this weirdo that has the title Human Hacker that wants me to come on his podcast? And no joke, this is how it happened. He was releasing Earth Rocker album and a month before it's released, someone stole it and put it on the web. So he calls me and he says, hey, remember you wanted me to come on your podcast and make you a deal? Can you track people who steal stuff and put it on the web? And I'm like, yes. So he gave me the site. And literally within an hour and a half, we had this guy's home address. We had his whole life story. We knew everything about him. He was some 20-year-old kid that worked at the CD factory in Germany that stole the CD and came home and put it on the web. So he was like, I want to know more about this. So we ended up hanging out a bunch of times and going and seeing him at his shows and stuff. So I figured if you're going to do something like this, how cool would it be to have someone like him with such a great name that can help bring awareness to it? So I called him and he says, OK, look. Man, the first time you reached out to me, it was really weird. But now you're asking me if I want to be part of a foundation that's going to trap trial traffickers. Do you realize that every call you make to me is just really, really good? It gets weirder. He's like, what's next, man? And I'm like, I swear this is it after this. I mean it. It's like no more. Nothing else can happen. So right now, this is our board. And we met over the last few months and came up with this plan. So this is how we want to do it. We're going to seek the assistance of the appropriate members. Now these are the questions that come up. What does that mean? Well, obviously, I'm sure everybody in this room wants to help. You can't hear these kinds of things and not want to help. But we have to be able to vet people and make sure that they're legit. Because the other thing that we are very aware of is that if you are not saying a general thing, if anyone who is a child trafficker or a pedophile, they can look at that as, hey, maybe they can help me find the sources. So we're going to be vetting people heavily. But we need the talent from this community. Because without it, we can't succeed. You guys can do things that normal humans cannot do. And it's amazing when you think about it. We want to create tools that will assist. There's a tool out there right now that somebody has put out there that if you're traveling like for a hacker con, you can upload a picture of your hotel room. And it catalogs it. And then law enforcement could take a picture of a child who's being trafficked and run it through this database. And it will correlate that data and tell law enforcement which hotel it was taken in. Because hotels use certain type of carpeting, certain type of bedding, serpentine, certain type of curtains. That's an amazing tool, isn't it? I mean, they caught child traffickers just because people like you are uploading images of this database from their hotel rooms. And that sounds like a weird request. When you're traveling, anyone know the name of it? Such an amazing tool, I forgot the name. I'm going to get the name, it's going to be on the site. I'm going to tweet it because I'm going to get it. But there's tools like that that are out there for this purpose. You know it? Trafficcam.com. That's when you upload the photos of your hotel room, right? For our law enforcement database. I think that's the one. It's spelled T-R-A-F-F-I-C-K. Cam.com. Okay, I'll check. We'll check it out after and I will. Or, oh, here it is. Okay, yes, this is it. This is it. You hand me your phone. Thank you. It's called the Polaris Project. Okay, this is the one. P-O-L-A-R-I-S project.org. This is the one. The name now, this is it. You can upload a picture of your hotel room to the database on the website and it puts it out there for law enforcement to be able to correlate. What I'm saying is how many of you didn't even know this existed before right now? Right? So think about this. We need to get that message out there. We need to be able to build these kinds of tools to help law enforcement. We need to be able to collectively spread the word about that because we can all make a difference when it comes to this. So how else will we do it? Well, we're going to use open source because we're not... I need to stay above the law, right? I still have a business and a family and my own kids I have to protect. So I'm not looking for people who want to hack into things illegally. We need to do this all above the board because it's not just TV life. You know, criminals get off because of a mess up. On one thing, criminal can get off. So if we do anything illegal, it can make the whole case nullified. So we have to be able to say that the things that we're doing are above our above board. And we're going to use OSINT to do that. And then we're going to establish and we already have established numerous relationships with law enforcement agencies to be clear. We are not agents of any state agency. That is not the case, right? We are not law enforcement but working closely with law enforcement. Now, shortly before DEF CON, I uncovered 51,000 child erotica images on the open web. 51,000 child erotica images that can nothing could be done about it. Well, I don't know why because child erotica is not illegal. As long as they're not showing the lower genitals of a child, it doesn't matter. Isn't that disgusting? These images all led to pace bin sites where they were selling the videos of those child being raped. 51,000 images, right? So we were closely with law enforcement to get those things out there. So we can hopefully even make just a tiny, small little dent, okay? So about the org and then we can talk. That's the foundation website, innocentlivesfoundation.org. That's our Twitter account. And we're going to be, of course, just reaching out to the community, asking for help in multiple ways about how we can do this. So I left a lot of time because I wanted to just kind of open it up and see what you guys thought and be able to answer any questions you have. And also, it's a really heavy topic. So you guys are so quiet. I haven't had the room this quiet like in decades. Yes, sir. That's a good question. So the question was, do we have a framework for creating those relationships with law enforcement? So this is all new for me. So our present relationships with law enforcement have come about somewhat by accident. I do a lot of training when it comes for a social engineering with the U.S. government and law enforcement agencies. So a lot of those relationships have led me to say, hey, can you help me out? Like, who would I talk to about this? And I've gotten in with some of the federal agencies to be able to work out those relationships. So I would not call that a framework because in my mind a framework would be a definite process for how to do this properly. So, yes, the Rob Barrow, the one I put up there, he's the COO of the foundation and his job is to help us develop those processes and also the vetting process so that way we handle both the volunteers as well as the handoff the law enforcement properly. So yes, yes, ma'am. That's a great question. And there is a difference, which I did not understand. It is a 501-C3. That is what the application has gone into the federal government. And I did get clarification after we did all this that a foundation is normally like some kind of family fund type of thing. So it's, but it is a 501-C3 and the application has been accepted. We're waiting for the final approval papers from the IRS and then, you know, it's all go time from there. Yes, sir. Yeah, so the question was how has law enforcement reacted to this so far? So you can kind of imagine the first phone call that I had with law enforcement didn't go so well because they were like, so you want to do what? And you're, you know, so here's what happened is I found a, and it really was by mistake. I'm working a case of a father who was taken by force, his daughter away from the mother and somehow has manipulated the courts. So he has won every full custody of her. And the girl has alleged being molested by him. And the courts are still doing nothing. And in doing research into her name, which was, the father's name is Russian, and doing research into his name, I came across some pacemans and I thought, oh man, maybe this is some proof of this, of this stuff happening. And that led me to some really, really dark stuff. I mean, some really bad things. So I called after the first a few initial calls, I called back that contact and said, hey, I have something that may be interest of you. And soon as I handed over actionable intel, now I'm their best friend. So it went and it wasn't planned, right? I mean, obviously it can't be planned. But at first they were like, I wonder who this guy is. I'm emailing them because I didn't have the org at the time. And I'm emailing them from social-engineer.com. So it looks a little weird. And now we have a very, I mean, honestly this guy probably calls me once a week and we talk about stuff. And one of the agents I'm in touch with, he specializes in revenge porn. So I've been talking about that. And another agent, the group of them specialize in crimes against children. So I've gotten some good traction with that, but it started off really rough. It's a great question though. Let me go back here. I don't want to look at you because you'll make me cry. Okay. That's my daughter. Yeah, you know I want to. So I have one state agency right now that I met with and I had another one approach me here that heard through the grapevine about this and said would you be interested in working with local state? And I said yes, I do want to because I think a lot of times that these problems will exist on a local level and it will be easier to get local law enforcement involved as opposed to state law enforcement. Yes. How can we know that the traffic can? That website? Okay, that's a good question. Well, they're not asking you to upload a picture of you in the hotel room. So it's not like go lay on your bed and upload a picture. So that's a different website, honey. That's a different website, okay? And if you upload any pictures of you anywhere, I will kill the internet, okay? So that's how it's safe, okay? The Polaris Project is the one that Paul found and that's the one. That's a legit project that was made by someone in this community. It's amazing and it's backed by law enforcement. Well, no, the pictures are uploaded anonymously and your name is not tagged to it. Yes. How are you protecting yourself? Yeah. So the question is how am I protecting myself and I'm assuming you're meaning from an internet perspective. Yeah, so from an internet perspective it's a lot of VPNs that don't come back to me and a lot of VPNs and machines that I don't leave laying around for my children to use. Yeah, that's basically it for now, sir. Correct. That's a really good question. So to be clear is like we're not going out on the internet and typing in give me child porn and then looking for those people that are doing it and then that's not the process that we're following. So a lot of times it comes from an example of that case I'm working now where this father took the daughter and there's an alleged child abuse allegation and he is known for sex crimes against children. Now we will take that name and look and try to uncover what he's doing online. In the case of the child erotica images we now have a list of user names from those sites and we'll see if we can correlate them to real people in the real world, right? So down the road what I hope is that there will be more collaboration for protection of what you're talking about. That's what I hope. Bad idea. Yeah, do not try this at home. Yes, sir. Thank you. I don't know. I really suck at that. Yeah, okay. Talk to me afterward. You know, here's the thing. Literally the way this came about was just that. It was like I got done with that job and I was so stressed but there was so much exhilaration from the fact that he's off the streets. He's no longer trafficking children into this country for the purposes of sex and pornography and I'm like I want to not do it ever again but how do I not do it now that I know it exists? And that hit me so I said I need to have help but I didn't think about how are we going to market it. It was like well, these 400 people know. They'll tell 400 people and then maybe in 18 years it will become something, you know? I don't know. I'd love to talk to you about that, okay? Yes. Boy, there's so many hands. Sir. Yeah, so you go to that website and you'll put and right now it is literally like two pages. You know it's the information about who we are like what you heard here and there's a contact page and there is a donation page. If you want to contact you do that. That will come directly to us and then we will reach out and talk about how we go through vetting and get people involved, okay? And that will be on the contact page. Thank you for that, sir. There will be nothing else that I have any ideas of yet. Right now it will be donation based and it's free time on my part until, you know, that's it. Yeah, I mean right now it's all been me and Rob has been helping out. You know, it's the donations are going to go towards not me because I have a job. The donations are going to go towards helping hire people to build tools. Let me tell you why. That's a really good question and I guess I should have explained this better. I had a moment at a time where we needed help on something and it was something I could not do. My technical capabilities were not there and I called a really good friend in the industry and I said, hey, can you help me do XYZ? And he said, yeah, I can do it. This week I'm heading out of town to do a red team job. Can I call you next week? I said, no problem. And next week came and I called him and he's like, dude, I came back with the flu. I can't even touch a keyboard this week. Okay, next week my boss sent me on another job because I was out for a week and literally this went on for like three months at the point where the data was no longer useful. And I said, you know what, though, if I could have said to him, you know what, here's three grand. Your hourly rate, whatever it is, it's 200 bucks an hour, I need you for 15 hours. Here's three grand, do this project. Then I could have got that because he couldn't have been taking, he could have went to his boss and said, hey, this guy wants to contract me, you know, you cool with that. And I could have got his time paid for and that's where the donation is going to go. We want to build a tool, we want to contact Polaris and say, hey, let's partner, let's get you on the site, whatever, maybe another tool like that. The money is going to go towards that. And then if we need to hire staff because it actually becomes something that I hope it will, then that's where it will go. So that's the plan for it. I should have explained that better, so I really do appreciate you asking. Yeah, thank you, sir. No, that's a good question. The only way we become an agent of law enforcement is if law enforcement asks me to do it. Oh yeah, law enforcement is not asking us to do this. Right, so agent of law enforcement, if the FBI came and said, hey, can you go crack into this guy's life and see who he is, then we would be an agent of law enforcement. But I don't foresee law enforcement doing that. If someone here is law enforcement and you want to do that and talk to me about it, talk to me about it, please. But that is not something that I think is going to happen anytime soon. We'll go along the line, yes, sir. So it's a lot of just normal OSINT SE tools, right? So what we did in those jobs, I used a lot of Maltigo. And if you don't know Maltigo, I don't know if those guys are still here, but you should talk to the perturber guys. Maltigo is like my, like if I was on a deserted island, that's what I would bring, is Maltigo and my wife. Okay, but I bring Maltigo, right? Okay, I love you, honey. But I really would bring Maltigo, it's awesome, right? So it's just open, it's like Google dorking, Maltigo, and then the many, many, I'll tell you who's amazing is Michael Bazelsight inteltechniques.com. He just put together a slew of search engines that just rip open the internet on all open source stuff. That's amazing. And there's even some really good dark web search engines out there now, believe it or not. So those are the things that we're utilizing. Okay, Terry. Oh, no, really, this is a dirty poll. Yeah, that's where the relationships with law enforcement comes in. The question was, how do I not look like one of the bad guys? Two law enforcement, I'm assuming, is what you're asking. That's where working with law enforcement closely comes in to protect that, right? So letting them know what we're doing ahead of time, working with them and saying, this is what we're looking for, this is who we're looking for. The people that will work with the organization will be known by our contacts in law enforcement. There's a whole process for that, and I don't end up on the bad side of that. And just to be clear, you know, because there has been some research about people who generally work in children against crimes units on the internet, they don't last very long. And that's because eight hours a day, they're spending looking at that crap, and I don't think a human brain was meant to do it if you're not a pervert, right? If you're not a deviant. And we won't ever, that's not going to be the case. That's not as the goal of doing that. It is to uncover people who are selling it and trafficking it not to find the child porn, right? It is to uncover the people who are making money from it or who are conducting business in doing that. So those are the people that we're hunting. Yes? I'm schizophrenic already. No, I'm just kidding. So that's actually a very good question. So you have to, you really do have, I think with any work, you have to temper yourself, right? And you can't, so for me, like with that one case that I talked about, you know, my daughter doesn't know but there was one point at night where I just went upstairs and I just crawled up next to her and just hugged her for an hour and she's like, you're being weird. And I'm like, I know. But just let me hug you for a minute, you know. Let me just lay here and hug you. And I do, and you know, this is not the purpose of the speech, but you ask, I have a very heavy belief in God. So I spent a lot of time after these things, like making sure that I fill my mind with better thoughts, things like the Bible and other things that will help me balance the garbage out of there. So, you know, everyone has their own methodology. That is mine, sir. Yeah. I haven't, I don't know, I've heard recently about these, about these things and I also, and here's something that I have used is, oh, I'm sorry, yes, he asked, there's software out there that will block, it sees that there's skin in an image and it blocks it. Yeah, but there's, you know what? Yeah, that sounds like a really shady site. You want to block skin, go to hotdog, hotdog, hothotdog.com. Yeah, no, don't listen to that guy, okay? But there's text-based browsers, right, where you can disable all images, like the Tor browser itself, you can disable images and I've done that numerous times where, because, you know, there's usually a description in the image or under the image and you can block the image, you don't have to see it. So the image doesn't load on your computer, all you do is get the text, you know what's there, but you have the URL, you have that, but you don't need to see the image. I've done that numerous times when I know what I'm going to. So that guy behind you had his hand up for a million years, you have no blood circulation in your hand. Yeah, I'm open to advice. So I appreciate it, thank you for that. Well, for right now, we don't have any plans on limiting geolocation because these people generally don't just stay in the U.S., right? Yeah, language support will be a big thing, sir. I would hope so. That's one of the things, the strength of this community. You look at something like SET, SET was made literally over a glass of whiskey between Dave and I. I called him, like, I got this cool idea. Can you do it? He's like, I could do that, no problem. Bam. Literally an hour later, he sent me a Python script. That was SET001 or .0, it was like amazing, right? And I'm like, wow, that's crazy. Like, you just put that together, now we can fish people and I don't have to go buy a tool. And then it went from that to what it is today, which is like the most ridiculous thing ever, right? It's like a whole suite of tools. That's the, and now he has a team of people working on it, open source. That's the goal, is to have this community help do that kind of stuff. Yes, ma'am? Yes. Yes, that process is a rid, so, and we'll give more detail to any volunteers, but that's a good point. We will be vetting them all through our own, like we have access to PI databases and stuff legitimately. And we will be running all names through our federal contacts. And if they come back with, and this is before anyone even gets anything for work, that will be the case. So that way we will not be, hopefully, I mean, of course, it's not 100%. And we are going to reach out and hopefully start working with people that we know from the community too, because there's some verification in that too. So the question was, will this expand into other areas, like human trafficking and things like that? So the original goal was to also have it cover revenge porn, because that's a big problem. But some things happened in the making of this foundation where that did not come to fruition. So we felt that first it may be the best to just focus on this, and then as we grow as a team and we get more answers, the answers that you guys and gals have, so we know our process and framework that we'll be able to do that. Thank you. I look forward to your help on that too, and advice. Thank you guys. Thank you so much.