Risky Business - How the World Got Owned Episode 2: The 1990s, Part One
Episode Date: April 3, 2026In this special documentary episode, Patrick Gray and Amberleigh Jack take a look back at hacking throughout the 1990s, from the feel-good vibes of the early hacking com...munities to the antics of young hackers who wound up on the run from the FBI. Part one features recollections from: Jeff Moss (The Dark Tangent), DefCon and Black Hat founder Chris Wysopal (Weld Pond), L0pht member, co-founder, @Stake Kevin Poulsen (Dark Dante), 1990s hacker turned journalist Elias Levy (Aleph One), author of Smashing the Stack for Fun and Profit, Phrack, 1996 How the World Got Owned is produced in partnership with SentinelOne. Show notes Elias Levy (Aleph1), Former Principle Engineer, Google Kevin Poulsen, Journalist Jeff Moss, DefCon founder Chris Wysopal, @Stake founder, L0pht member Hackers testifying at the United States Senate, May 19, 1998 Hackers May ‘Net’ Good PR for Studio DefCon Archives | DefCon 1 A Not So Terribly Brief History of the Electronic Frontier Foundation Innocent Hackers Want Their Computers Back Breakdowns in Computer Security Unsolved Mysteries, Season 3, Episode 4 The Last Hacker: He Called Himself Dark Dante. His Compulsion Led Him to Secret Files and, Eventually, The Bar of Justice Justia appeal summary, Kevin Poulsen, 1994 Smashing the Stack for Fun and Profit, Phrack Magazine, November 1996 From subversives to CEOs: How radical hackers built today’s cybersecurity industry
Transcript
Discussion (0)
In that room, those people had the skills to just basically be the lords of the internet.
And if you were around them, you could sort of figure out how the whole world worked.
I couldn't see a future for myself, right?
Because I was hiding out from the feds.
There were slurs and there was other things that happened.
And I don't want to make it sound like it was all like kumbaya rosy.
Because it wasn't.
There's a lot of egos.
Anytime you have folks that are smart, they know those.
smart, they tend to smart, that there's also going to be a lot of egos involved.
This is how the world got owned, the Risky Business Media documentary series about the history
of hacking. I'm Patrick Gray. And this is part one of our second installment in this series,
a look at hacking in the 1990s. Of course, we've already published our 1980s episode. If you
missed that, you can go back and find it in our feed or on our website at risky.biz.
But yes, today we are looking at the 90s.
And joining me now is the presenter, the producer, the interviewer and the editor of this whole project.
Ambley, Jack.
Ambley, how's it going?
Patrick, good.
I'm doing good, man.
I've emerged from a couple of very deep rabbit holes looking into the 1990s.
And I'm excited.
This one's going to be a good one.
Yeah, so basically what happens is Ambley does a whole bunch of interviews and then disappears into a cave where she listens back to all of the audio.
and then what comes out is a documentary.
I should mention, too, before we get going,
that all of this work is brought to you by Sentinel One,
the security company, this cyber security firm.
And, you know, Sentinel One is all about the future.
They've done their big AI push, and off they go into the future.
So they have commissioned us to take a look at the past,
back on the past of hacking.
And we will be hearing from one of the Sentinel Oners
a little bit later on in this,
podcast. But look, Ambley, let's get into this. This is going to be so much fun. Why don't you,
why don't you set the scene for us, the 1990s, because look, as everyone's going to hear it,
like, you know, we talked about the 80s. That was very early days hacking and whatever.
And the 90s was, I mean, you could certainly call it an action decade, right, when it comes to
computer security. Yeah, for sure. And as you mentioned, you know, we look back at the 80s. And the 80s seemed
very kind of innocent and curious and exploratory. And then the 90s came along and it just felt like
everything started popping off. All those laws that weren't laws in the 80s, people were now
getting pinged for those and responding by going on the run from the Fed. So we've got a couple of
those stories coming up. It was also the decade where DefCon and Black Hat were started as well.
So we're going to have a chat to Jeff Moss, the founder of both of those. And later on, particularly
in the decade. There became, I guess, a real disconnect between vendors and hacking communities.
There was a lot of, I guess you could call it animosity around kind of bug disclosure and full
disclosure and grey hat hackers. And so I'm going to have a chat to two people, Elias Levy,
who wrote a very famous buffer of overflow paper smashing the stack for fun and profit in Frack
magazine 30 years ago this November, if you want to feel old. And also to Chris Wysopal, who was
a member of Loft Hacking Think Tank who famously testified to Congress about weak computer security
in government in 98 as well. Yeah, very famous, very famous hearing there with very famous
photographs to come out of that as well. But yeah, look, I think, you know, the Jeff Moss stuff
is very interesting because his contribution sort of shadows the whole decade as well, right?
Which is that it was really about people getting together and learning stuff. So speaking of Jeff Moss,
Here he is to kick us off.
Getting a little misty-eyed about the 90s.
I always think of that era for me as sort of the golden age.
Anything was possible.
Individuals could make huge contributions.
I remember we were at this Ho-Hu-Con once and we're in a room
and there's like about four or five guys in that room.
And no shit, they could take over the internet.
That guy is like a phone system expert.
That guy's a Unix expert.
That's like a Sonos or whatever.
in that room, those people had the skills to just basically be the lords of the internet.
Yeah, and nowadays, you could have a room with 20, 30 people, and they could barely figure out
how to deobfuscate the JavaScript. It's so complicated. Everything is so specialized,
but back then it wasn't. And so you could have these people that in their head kind of knew how it all
worked. And if you were around them, you could sort of figure out how the whole world worked.
And then that was part of it. It was approachable, digestible, and for some,
somebody young and interested, if you could get to the information, you could sort of feel like
you had the secret knowledge where you understood how it worked. And there was no Google, there was no
Amazon, there are no bookstores on this, but you knew how the world worked. Now, you mentioned you spoke
with Aleph 1. And, you know, already in our intro from what we just heard of, from Jeff Moss there,
it's all about sort of secret knowledge and everybody learning from each other. And, you know,
straight off the bat, you know, this is, this is, this was a big theme for Aleph 1 talking about the
90s. Yeah, definitely. So LF1 is kind of chatting here about how he literally stumbled into the
hacking scene in the Bay Area in the early 90s. And I'll just let those listening who aren't
familiar know that a red box on a blue box, they were used in phone freaking, right? So when
ALF1 starts talking about them, uh, that's what he's talking about. I had the good luck of
meeting a couple of folks at a radio shock. Uh, we're,
I went to buy actually some crystals to make a red box.
They were like this two shift-a-looking guys on the store.
And when I come out, they're waiting for me.
And so they asked me what I'm building.
And then I tell them, well, I'm building the roadbox.
What are you guys building?
And they're like, well, we're building a blue box.
And so one of them gives me the form number for a BBS,
which was Lunatic Labs, an old-school, pretty famous BBS.
and that really sort of opened up to the world, if you will.
A big scene and people just being friends with each other
and sort of sharing information.
But you know, it's funny, right?
Because another thing that emerges in this episode
is while everybody was all about connecting and sharing information,
like there was a lot of sort of Becky-like behavior in the scene.
It was a little bit, it was a little bit sort of mean girls, you know?
Yeah, and I get, I mean, you've got a lot of smart people.
who are kind of the first to do their thing.
So you're very clearly going to have a lot of one-upmanship here.
I mean, don't get me wrong.
There's a lot of egos.
Anytime you have folks that are smart, they know they're smart,
they think they're smart,
that there's also going to be a lot of egos involved.
I mean, there's definitely disagreements
and people raising each other to do something first
or to claim credit or things of that sort.
But within dance, there's also a lot about friendship and camaraderie and sharing.
Now, of course, the backdrop to all of this sort of exploration and ego nerd fights and sharing of knowledge
was, I guess, mainstream media kind of cottoning onto all of this,
but not in an entirely productive way, ambly.
Yeah.
Well, when you've got a lot of mainstream media, Pat, reporting on hacking that at the time,
it probably doesn't really understand, to an audience that,
most likely largely doesn't understand it.
And then you throw in Hollywood blockbuster into the mix as well.
You're going to get some scared people.
And here's Jeff on that 1990s media interest in the scene.
The very first website ever was defaced, which was the movie Hackers.
And so this is when in the early 90s this first part, this is when all of a sudden there's
all these portrayals about hackers.
Now all of a sudden they're starting to pop up in movies.
are starting to be interesting plot devices and TV shows or whatever,
and you can see it really, really start to take off,
capturing the public's imagination.
And this is also the period where people fear what they don't understand.
And they clearly didn't understand hacking.
Your parents didn't.
Nobody did.
And so there was a whole lot of misinformation,
almost like hysteria around some of the stuff.
There's one, you know, like hackers will blow up your television set
or can blow up your computer.
And so on one hand, you're feeling like you have this great view of how the world operates.
And on the other hand, you feel like the disaffected use where nobody can understand my secret
group.
And they're making up stuff.
And it's all bullshit.
So just jumping back, you heard at the beginning there that Jeff mentioned in 1995,
the first recorded website was vandalized.
And I said to you, Pat, that I'd been down a few rabbit holes and tangents for this.
So looked it up.
And these guys took over the website.
And I just want to read you what they wrote because it did make me laugh.
Hackers, the new action adventure movie from those idiots in Hollywood takes you inside a world where there is no plot or creative thought.
There's only boring rehashed ideas.
And then they helpfully added a link to the Sandra Bullock film, The Net, and suggested that people go and see that instead.
So there you go, the first website to be vandalized by hackers was the hackers film.
Well, what's really funny too, right?
is that, you know, the portrayal in one sense was all very interesting and, you know,
suspenseful and whatever, right?
And, you know, we just heard Jeff saying, oh, you know, but it was bad because, like,
they're, you know, portraying us in a way that isn't accurate.
When really, like, as you're about to hear from Chris Wysopal or Weld Pond, as he is known,
in some circles, a lot of what these guys were doing was getting together
so that they could swap manuals on computers, which, I don't know.
I don't think Hollywood would have really been able to do much with that if they were going to stick to the reality, you know?
Back then, you actually had to have the physical manual for some of these systems.
So if it was a system like a mini computer, you're either getting it out of a corporate closet because someone worked there and they were throwing it away or you got it out of a dumpster.
It wasn't something like you could just order.
And even then it was super expensive.
So, you know, shared resources was huge back then.
Like we would go dumpster diving like a couple times a month
and different people would just bring their haul back
and we would sift through it and we would keep the good stuff.
Cons!
And this is going to keep coming up through this episode is 1990s,
if we had to say like it was the decade of what,
it was cons.
It was like everybody getting together, like IRL, right?
Like in real life, people actually meeting up.
Yeah, definitely.
And we'll hear from Jeff Moss very shortly as well, who started DefCon.
But even before DefCon, there were a few Ho HoCon, which was held at Christmas time,
and SummerCon, which was held in the summer.
And here's Chris Wysopold sort of talking about meeting people in real life
and how the community kind of accepted a whole lot of people kind of on the fringe of society.
Weirdos were welcome, I think is what you're trying to say.
Widows were welcome here.
And so when you would go to these early cons, you're like, hey, I'm meeting all these people
that I only know from a handle on IRC.
I think it did attract a bit more of the people that were more on the fringe of society
in certain ways.
A lot of people are self-taught.
A lot of people from disadvantaged communities.
A lot of people from the LGBTQ community.
you know, it was a pretty accepting community for all kinds.
Now that said, you know, it wasn't all smiles and sunshine, right?
I mean, you've got young people and young people are...
Horrible.
Let's go with horrible.
Young people can be horrible, Pat.
We were very crude.
And, you know, there were slurs and there was other things that happened.
And, you know, like it's a young group of people.
I don't want to make it sound like it was all like kumbaya rosy because it wasn't.
So I think you can have people from all kinds of diverse areas coming in and feeling accepted by at least the majority.
But there was still fights and there was still people that acted poorly towards each other and all that.
And, you know, it's just just part of the territory.
Here's Jeff Moss on that.
In those bulletin-board days, there were.
was no, there's no video, there's no audio, there's no way to judge a person, you know,
you didn't know their gender, you didn't know a thing about them. Ambly, when you think about it,
this dynamic kind of makes sense given the technology at the time and given the way people
were interacting. It was all very much text-based, like the hacker community was kind of ahead of the
curve on this whole, you know, texting thing. Yeah, definitely. I mean, it's not, you know, there was
no sort of top friends or favorite songs or profile photos or anything. It was literally,
as Jeff's talking about here, you had to judge people based on what they typed and how they
typed. That was your only option. Back then, you know, 300 bod, 1,200 bod, 240 bod,
it took sometimes a while for messages to load. And so people were pretty brutal. If you wasted
a lot of their time and their bandwidth downloading messages that were useless, people would get kind of
bitter. I remember everybody at that day, some people had their own personality. So like there
would be like a Robin Hood type character. He'd always kind of have ye old Englishy type
posts because he was sort of living this persona. So the handles, the personas were much bigger.
Now of course, Jeff Moss's big contribution to, you know, the hacking scene was founding
DefCon and the origin story, you know, like any awesome thing that sort of just comes along,
you know, it's not like he sat down and really thought about it.
It just kind of happened, right?
He really didn't.
This was never intended to be a conference,
let alone a conference that would be one of the biggest hacking conferences
of the last 30-odd years.
So the first DefCon was held in June 1993 in Vegas,
and Jeff was telling me the story about how this came about,
and he ran a network of bulletin boards.
And one of those included the kind of US hub for,
Canada Network Platinum Net.
Now, the owner of Platinum Net hit up Jeff and said, hey, my dad's taking a job.
He's got to move away.
And so I'm not going to be around to do this.
We need to have a going away party.
But because everyone's in the US, we need to have the going away party in the US.
And Jeff, can you organize it?
That'd be great.
Yeah, let's do that.
But if you're going to do it in America, we've got to do it in Vegas.
He's like, okay, it sounds like a great, great idea.
And then he disappears.
So I don't know what happened.
I don't know if his dad took the job.
early. I don't know if his dad ripped out the phone line. And I keep telling this story in hopes that
one day he'll reach out to me. I can't remember his name for the life of me to this day.
You know, in some of the aspects of DefCon that people might think was part of some grand
strategy, like actually no. Yeah, definitely. And one of the ones right off the bat was Jeff was kind
of bitter that he wasn't getting invited to these conferences. He was like, well, DefCon is
going to be, you don't need to be invited. All you need to do is get a $20 note, put an envelope, and
mail it to Jeff and urine.
And I'd love to take credit for this genius insight to open up the community.
But it wasn't.
It was me being lazy and kind of pissed off that I was not included.
I think part of the energy was nobody knew what to expect.
Now, there's some people that had been feuding online.
I want to see you at DefCon.
We're going to settle our scores.
But largely, when you get to DefCon and you see the guy that you've been chatting with
is like a 50-year-old dude or a, you know,
30-year-old lady, like, cool, I guess.
Now, of course, $20 in an envelope and anybody can come in,
that meant Fed paranoia.
Definitely Fed paranoia.
And here's Jeff kind of talking about that.
Not only the Fed paranoia, but how he decided,
I'm actually going to lean into this.
I'm not going to try and hide for them.
We're going to include them in the conference as well.
So there was a bit of this Fed hysteria.
I mean, looking back, it's really quaint.
But really, in those days, if you were going to get busted,
it was really three people in the whole freaking country that were going to bust you.
It was Pat Sisson from MCI.
That was going to be for toll fraud.
Then if you were hacking government systems,
you feared Jim Christie and his OSI investigators.
And it was going to be Secret Service for fraud,
for credit card fraud, for all the hackers,
or not hackers, the carters.
And so the early DefCon Day is the very first one.
We invited a prosecutor, Gail Thackeray, who prosecuted Operation Sundevil, which was the first case against, I think, organized pirate Bolton Boards.
And so she was famous and she had this experience.
So we invited her.
Crazy because she was up there.
And one of the people she was prosecuting was in the room.
They had been swept up in it.
But because, you know, they're out of the state and whatever.
they got along.
Jeff mentioned Operation Sun Devil there, Amply.
What is that?
I've got no idea.
Yes, Operation Sun Devil.
So this was, and it turned into quite a big thing.
It was a Secret Service operation in 1990.
It went over three days, May 7th to 9th,
where there was a whole lot of raids of bulletin boards over 14 cities in the US.
There were 150 agents, local police, 42 computers, seized, 23,000 floppy disks, and three arrests.
What were the arrest for?
Was like software piracy or something stupid like that?
I've actually gone digging and read many articles about this
and I can't find exactly what the guys were arrested before.
But a couple of stories do mention that there were arrested for things
that weren't even computer crimes.
So like, you know, possession of a firearm or something like.
Yeah, so they just like kick down the door because they're doing naughty computer things.
Oh, unlicensed gun, easy.
You just made our job easy.
Pretty much.
And so there was a big idea that this was just a massive publicity stunt.
But the raids and the huge publicity from the raids also led to the formation of the
Electronic Frontier Foundation, which was founded by Grateful Deadlerists, John Perry Barlow.
And it's kind of a organisation that sort of fights for freedom of digital rights of
American.
It's still active today.
And these guys kind of put some money towards legal fees for anyone that was caught up in this.
We know the EFF family.
The e-hippies of the internet.
We know them well.
Now, of course, you know, Jeff Moss decides, instead of excluding the feds, yeah, invite them,
but then also play Spot the Fed for anyone who's turning up, who's undeclared,
and feds being feds who all lie on their underwear, uh, didn't exactly make it hard the first
couple of times because they would all turn up in like the same like, you know,
government approved footwear.
The first year to everybody got caught because they wore pennylover shoes.
You know, it's like no hacker.
wears pennylofer shoes or khakis.
You know, come on, guys, try.
But in amongst all of this, Ambly, a true community was formed.
And here's Jeff sort of talking about that community of Defcom.
It wasn't camp, but it was, like you said earlier,
they ended up finding their tribe or their community.
And later on, people would say, you know, I showed up and I immediately knew in the first hour
that these are my people.
And I never quite had that experience because I never, I was, I was felt ostracized in high school
because there weren't any people really like me.
But I never felt like this moment where I realized it.
Because I think maybe I was too close to it for so long.
I'm proud I didn't fuck it up.
If I had treated DefCon like a business and tried to maximize returns, I don't think it would have,
it wouldn't have worked.
And so we still, to this day, we do a lot of things for the community that don't make any financial sense, except it's really cool.
I really like what DefCon is, and I want to see it continue.
I'm not beholden to VC.
I don't have to achieve some metric.
And so for me, I think that's probably the thing I'm most proud of is managing to maintain my independence and not be forced into a corner.
Now, your brother, Barnaby Jack, became quite a sort of famous, you know, computer security research.
back when we had Rockstar Computer Security
Researchers. When was his first
DefCon? I think I found his badge
and I think it was 98.
Yeah. I distinctly remember because
Mom co-signed a credit card for him for emergencies
and he maxed it out when he was over there.
Now it started small
but it wasn't too long before DefCon
just kind of, I mean, it ran away from Jeff a little
bit like let's be honest. I said to
Jeff, do you still love it? And he came back
and he said, I don't love it like I did.
but I still really like it.
And this is him kind of talking about how DefCon just kind of grew bigger than him, I guess.
In the early days, you could know everything that was happening in a DevCon.
You were present.
It was just small.
You saw everything that happened.
You heard every story.
You felt like this was your crew.
You knew them all.
And then around three or four, it's just too big.
And people would come up to you and tell you stories.
Oh, my God.
Did you see so-and-so do the thing?
I didn't know so-and-so was here.
and what the hell is the thing?
And so all of a sudden you start feeling like, oh, you're missing out.
You know, I did all this work.
I took all these risks.
And I don't even know what's going on at my own thing.
And that lasted for a couple of years.
And then you're like, you know what?
I don't care.
It's awesome that stuff's happening.
I don't know what it is.
And more of that should happen because that means you're being successful, right?
And I'm not doing this for me to learn every story.
You know, it's a growth of, of,
kind of that original bulldoin board thing.
Like, you don't know what's happening on every Boland board,
but you still want to participate.
And, you know, there was a bit of, like,
one-upsmanship in those early years
where people really felt like, you know,
like Dan Kininski would just up his game every year, right?
There were, like, certain hackers who just, like, FX,
always brought the goods.
Like, certain people just, they couldn't help themselves, right?
Maybe it was showmanship, and they were ultra-smart,
and they loved a stage to perform on.
And so it turned out like we're providing a stage.
Cult of the Dead Cow with their, you know, throwing meat at people and launching the back
orifice 2K, it became a bit of a spectacle.
So I just count myself being really lucky to sort of have been in the right place at the
right time, taking the right risks, meeting the right people that didn't, you know,
treat me wrong and making the right friends that to this day, you know, I still have.
It's time for a quick break now.
and we're going to hear from the sponsor of this entire documentary series, Sentinel One.
Now, Sentinel One commissioned this series because they've done a big push into the future.
And when we're screaming headlong into the future at the speed of light,
sometimes it's good to turn around and, you know, occasionally take a look at where we've come from,
hence this documentary series.
But what does it mean when I say Sentinel One has done a big push into the future?
Well, they've embraced AI.
and we're one of the earlier security platform companies to do that.
They know that cybersecurity is going to be AI enabled,
both on the attacker side and the defender's side.
Dreya London leads the global incident response team at Sentinel 1,
and she says after a slow start,
adversary use of AI to get things done has really kicked off in earnest.
We have seen a very large shift in AI generating malicious,
binaries, malicious code and dates,
which are really hitting like the lower hanging fruit.
You know, we're seeing prolific amounts of sophistication,
but the lower hanging fruit is really creating a breadth of scope.
So we're seeing more and more and more.
It's a lot more volume of effective trending than we've seen before.
Now the good news, according to Dreya,
is that Sentinel One and others are accelerating their responses also with AI.
Being able to use AI to model
behavior has made us so much more effective and efficient.
And I mean, this has been happening with incident response for the last few years.
We're seeing less and less of this like boots on the ground type of incident response
and much more really targeted focus amount of breach response through technology,
whether it's the use of more sophisticated EDR telemetry, which we've all been, you know,
benefiting from for a few years now, but now also the AI technology.
So we're really able to get a pretty good idea of what a threat actor is doing,
how they've likely come to be in an environment, all of these things.
It's in the same amount of time that, you know, 20 years ago I was like booking an airplane
ticket and flying somewhere.
So there you have it.
A bit of a glimpse into how the world will keep getting owned and how companies like Centrel One
will keep working to stop it.
Big thanks to Sentinel One for being the sponsor for this documentary.
series, how the world got owned.
Now, you know, there we are like a lot of kumbaya in that first part of the podcast, right?
If people getting together teaching each other about computers, how to hack them, how to do stuff.
And look, I'm sure a lot of those people, right, at early defcons and stuff were doing, you know,
what were at the time criminal acts, but sort of criminal acts that we would look back on today
with our 2026 eyes and go, oh, how quaint.
It's quite quaint.
Yes, it's very quaint.
But, you know, there was, I guess the 90s is where stuff started.
to kind of evolve into, oh, you can make money doing this sort of stuff, right?
And one very interesting character through the 90s.
Well, there were the two Kevin's, right?
There was Kevin Mitnick, who's sadly no longer with us.
And also Kevin Paulson, who these days is known as a, you know, a very well-respected
journalist in the United States.
I actually did some work for him when he was the editor of Security Focus back in, I
think what, like the early 2000s? Kevin's a great guy. He's somewhat mild-mannered, as you would
discover, which is why it's funny that he's got this really crazy criminal past, right? Because
Kevin actually wound up spending a bunch of time in prison for doing hacking for profit. And this was
because he'd been doing freaking and hacking and then wound up being investigated and the feds
were trying to put an espionage case on him. So he basically went on the run from the feds.
for quite a while and needed to find a way to put a roof over his head that wasn't a square job,
right? So he did it with Hacken. And, you know, Kevin's whole arc sort of explains how we went
from, you know, curiosity exploring, technically illegal, but not really that bad, into like,
oh, okay, there's like some potential for real criminality here. Yeah, and here's Kevin
sort of remembering getting his first computer. He was 16 at the time and how
that kind of led him from phone fricking into the hacking world.
It was a TRSAD color computer, which is a fine machine.
Don't let anyone tell you otherwise.
So I got into that.
That actually drew me away from phones for a while.
Then I got a modem and I started dialing up into things and dialed into bulletin board systems
and eventually kind of crossed over into phone hacking again,
but this time I started hacking phone company systems.
So that was kind of my first foray into what we would now call hacking, like breaking into phone
company systems, looking around, sometimes doing things, giving myself free custom calling features,
stuff like that.
So Kevin almost did have a chance to take a bit of a straight path there.
He got a job at SRI, Stanford Research Institute, which was a defense think tank contractor.
And as much as they loved the job, that job almost got him kind of sucked in a little bit to the,
to the dark side as well as he talks about here.
My boss, though, he turned out to be a former phone freak himself.
And it was kind of like two recovering alcoholics, I guess, hanging out.
You were old drinking buddies who were also recovering,
hanged, alcoholics hanging out.
Like, we got to talking about the old days.
He actually, since he never got busted,
he actually had like some old phone company manuals and stuff.
And he brought them into work and showed them to me.
And it kind of got the job.
juices flowing. And so, like, together we wound up, uh, kind of first dipping a toe back in
this stuff. I've always had a problem, like, dipping a toe into anything and not just like,
plunging wholeheartedly into it a couple minutes later. So at that point, I kind of left him
behind and I was just like, all in. Now, Kevin's crimes didn't just stay in the cyber realm. Like,
he was doing B&E into phone company buildings to swipe manuals and get access to stuff. I mean,
it's funny, right? Because like, as I say, Kevin's like a tremendous, you know, he's a, you know,
real professional in the media industry. He's very mild-mannered. And I remember once something like
20 years ago having a beer with him in San Francisco. And we're walking, you know, down the street
afterwards or whatever, he's like, you know, I broke into that building once. And it's just so
crazy coming out of a guy like Kevin because, yeah, you just don't pick him as the type. You know what I
mean, right? Yeah, I know exactly what you mean, Pat. You're talking away to Kevin. He is, as you said,
super mild-manered, uh, softly spoken, super nice guy who just happens to be.
casually recounting his criminal history.
So he is talking about the adrenaline rush of his break and into sprees back in the day.
What I came to learn about myself is that I needed things to stay interesting.
I was kind of an adrenaline junkie and a nerd.
And if you combine those two things, you wind up being a hacker.
So whenever something got comfortable, I got very comfortable in phone company computers.
I goes all over their system statewide.
And so then it starts to get,
it was threatens to get boring,
so I have to find something else to keep it exciting.
So one day,
my boss and I were passing by a phone company's central office.
It was the phone network's version of like a server room.
And we started looking for way in.
It was the middle of the night.
We knew that they were usually unmanned at night.
I climbed up a phone pole onto the roof of the central room.
of the central office, it was in Palo Alto, and found an open door and went in, went in through the door
and down the stairwell and led in my friend, and we kind of wandered around this central office
together, looking at the equipment and exploring. So it was like hacking, except now it was physical,
and it had a lot more adrenaline. It was a lot more of a rush, and it was totally immersive
in a way that looking at a computer screen never is. So once again, you know, not able to be
able to just dip a toe in it, I had to go all in. And that turned into like a crime spree of
breaking and entering over the course of a couple of years, almost every week. But like a lot of
crime sprees, it kind of came crashing down, right? It did. And when you hear all the stories
about the break-ins and the crimespring and everything else, the how it came crashing down just
feels a little bit sad. He had a storage locker in California and just got to
behind on rent. I fell behind on the rent for the storage locker and they cracked it open and they
found all this stuff and they called the phone company. The phone company came out and looked at it and
then they called the FBI. And this investigation got heavy real quick. There were agents
working this case that genuinely thought I might be working for the KGB. G. Gaining access to critical
telecommunications infrastructure, holding a security clearance for a defense contractor during the day,
to them it's all just spelled espionage.
So they started building an espionage case against me.
So Kevin goes on the run and he needs cash.
So what is he to do, Amberly?
So now it's 1990.
Kevin's on the run.
He needs money, as you said.
And a California radio station, Kiss FM was giving these massive giveaways.
You know the ones.
Win a Porsche, win a trip to Hawaii, win $20,000 cash or something.
And so Kevin explained to me how in 1990 they,
they managed to rig the phone system so that Kevin, under the name Michael B. Peters,
could win himself a Porsche.
We came upon these massive radio station giveaways that were particularly huge in L.A.
where I was hiding out.
And it all came down to be in the right number of caller after they say something in particular
on the air or play a particular sequence of songs.
Now, this wasn't just something he was doing out of an apartment.
Like this, he turned this into like a pro operation, right?
He treated this like a real job and rented himself in office.
I mean, to me, this has got like organized crime vibes.
I love it.
So that turned out to be like Hollywood, like the seedyest part of Hollywood.
So we got some really cheap office space.
We put in a bank of phones, Radio Shack phones, chosen for their liberal return policy.
We would let 50, 60 calls go through.
We would press a button.
the calls would stop, and at that moment, we start hitting our bank of eight phones and just
hitting the switch hook over and over again to keep the phones ringing so they could chalk up
the other 50 calls.
They get to the 100th caller, and we're on the phone and acting excited.
This was my primary source of income, like during a couple of years that I was living under
an assumed identity in LA and trying to evade capture by the FBI.
Now, another thing that I find funny about Kevin is when he reminisces about the stuff he did,
all the illegal stuff he did in his youth, like he's obviously having fond memories, right?
Yeah, definitely.
I actually, because I asked him when he was on the run, just how, whether it's exhausting.
And he said, well, the things that most people would find exhausting were just fun.
The hacking stuff was, it was fun at that age, right?
Being free, completely unaccountable, not having a day job, like, that was my thing.
I was still breaking the phone company building, so I would get to the point where I was in night mode, where I was sleeping during the day.
And I was two in the morning, three in the morning, it felt like noon to me.
And I would be, you know, in some phone company switching center, making Xerox copies of some manual and brewing coffee.
and it was almost like a job, except it was, you know, it was fun.
There were some lows to go with the highs, though, as well, right?
Yeah, definitely.
And for Kevin, the downsides largely came down to the things that you kind of take for granted
when you're not on the run from the feds, like using your real name or catching up with
people that you love.
I couldn't see a future for myself, right, because I was hiding out from the feds.
And when I started living under an alias, it was an investigation.
Then that investigation became an indictment, potentially carried serious prison time.
And all I was doing to handle it was not handle it.
I was just hiding out and doing more crimes.
So there was just no way forward.
I couldn't visualize a future for myself and that rears on you and it becomes depressing.
I couldn't see my family.
I lived in L.A., they lived in L.A.
Still, for obvious reasons, I couldn't pop by and say hello.
All in all, it was deeply unsettling and unpleasant experience,
punctuated by occasional highs like the radio station contests.
The FBI is searching for an electronics whiz kid
who allegedly used his talents to break into classified government computer networks,
obtain military secrets and wiretap private phones,
an innocuous case of computer hacking or a breach of national security.
So it's funny, right?
Like, yeah, like living on the run, not so much fun.
Crime, crime's awesome.
Crimes heaps of fun.
Crimes are great fun.
You know what else is not fun?
Getting caught.
Getting caught and thrown in prison, not fun, Ambelly.
Getting caught not so much fun.
So this was April 1991 and Kevin got, eventually got caught at his local grocery store in California.
and I asked him if he remembered kind of exactly what went through his head at that moment when he knew the gig was up.
What I remember is how jarring it was just as an interruption to my day.
When you leave your house to go grocery shopping or run some errand,
you never think this is the last time I'm going to be here.
That was really my first thought was, you know, I'm not going home.
Who's going to feed my cat?
Here he reflects, though, that like it being over was kind of a relationship.
It was nice in a way to be able to just be myself again, to use my name and to not be pretending anything anymore.
That was a relief.
Then it came time to actually put this thing through the courts and figure out what on earth he'd actually done that was illegal and, you know, if he was a spy or not.
And, you know, here's Kevin on that.
So the second indictment became, there's a lot.
more accurate in most ways, but they also went all out and charged me under the espionage act.
Not with spying, but with unlawful retention of classified material.
So it came down to the espionage charge.
Like everything that I did, they had me called for.
There was no point in doing anything except pleading.
But this espionage charge, I refused to plead to that even when they offered me time served.
because it was wrong.
It was something that I didn't do and wouldn't have done.
So we got very close to trial when I had a private investigator on the case,
and he wound up basically getting the evidence that exonerated me.
Like, he got the right interviews with the right people,
and they were candid, and it all came together.
The feds were kind of watching what he was doing.
So as we neared our trial date, they knew that this case had become a loser for them.
So they finally agreed to drop that charge.
I pleaded guilty to the stuff that I was guilty of.
At that point, I had served five years in pretrial custody.
So as part of my plea deal, I agreed to an upward departure where basically I accepted extra time, like more than what the sentencing guidelines called for for my crimes, just to absorb the time that I had already.
spent in pretrial detention.
Because if I hadn't done that,
like,
they'd have owed me a free felony when they got out.
The way he reflects on that whole experience, though,
I mean,
I do think it's admirable in a lot of ways.
So Kevin looks back on that whole experience is just like,
well,
it's an unusual experience, isn't it?
You know what I mean?
And I got to live that.
Like,
I don't think he views it as a positive,
but I, you know,
I just think there's a lot to be said
for the way he looks back on it all.
Yeah, definitely.
And he's sort of talking,
like you said,
just very kind of pragmatically looking at it,
like this thing happened and it was interesting and I got to observe it.
In a lot of ways it was a really interesting experience.
It went on a bit longer than I'd have liked, but I met a lot of people with very interesting
stories.
Another thing I find admirable as well is that Kevin took a look around at his fellow
inmates and said, well, compared to them, I kind of actually do deserve to be here, right?
So he took his licks.
Yeah, he did.
And here he is talking about the kind of people that he met in jail and, and, and, and, you
And that kind of realization that, you know, he probably deserved to be there more than they did.
Like all the drug, all the drug cases were just crazy.
Like they, these people were being handed decades like it was candy.
So that part of it was sobering.
But all in all, it was, it was an experience that I think I got a lot of value out of.
And I learned like to stop feeling sorry for myself very quickly, like, because,
even as much time as I wound up doing, it was like nothing compared to like what most of these
guys were facing.
Now, you know, I've mentioned it a couple of times, but Kevin is a serious business journalist
these days in the United States.
I mean, he worked for security focus and I did a bunch of work for him there.
You know, he worked at Wired as well.
And then it was a Wall Street Journal.
Yeah, and I spoke to Kevin about his career path.
And as he's talking about here, when you get to the crux of it, journalism and hacking,
not really that different.
Journalism, it kind of scratches a lot of the same edges as hacking.
Like a lot of what I was doing as a criminal was looking into stuff that interested me.
Like that was 90% of it.
Most radio station contests, like that gets all the attention.
And yeah, I got a portion.
But almost everything I did was completely pointless and served no purpose
except it satisfied some curiosity and gave me a little bit of,
rush of adrenaline at the same time. And that's what journalism does, right? Like you get interested in
something, you get to look into it and you can dive deep. I ask Kevin about his journalism,
and he is in a really unique situation where having been reported on so many times when he was
younger really gave him an idea of what not to do as a journalist. Being a subject of a lot of
reporting when I was a when I was a hacker made me sensitive to what doesn't work and what I
should avoid what mistakes not to make like how to be scrupulously honest but and get the information
right and portray people in a way that's true to them as well as being factually accurate and how
important that is like to to the subjects that you're writing about something else I think I've
brought to the table is I'm not judgmental under any
circumstances. I can talk to a hacker or a criminal of any kind. And they don't get any sense
that I think I'm better than them. They get no judgment for me whatsoever because I've talked
to very, very few hackers that have done anything worse than what I used to do. Now, as I was
wrapping up my conversation with Kevin, I asked him, look, if you were a teenager today with technology
as it is today, do you think that hacking would have had the same draw that it had for you
when you were a teen in the 80s and 90s? And he sort of said, look, I've actually wondered about this
a few times myself. And largely the big draw for him, the siren song for him, was the phone
systems at the time. There was so much about it that was unique to it. It's not the internet.
It's not homogenous. It's not built off Cisco routers. Like, there were parts of the phone network
there were 100 years old and still operating.
And down the hall, there would be like a fairly modern computer that was doing the same thing.
Like, there's just so many little things about this vast network that was running on so much,
so many different types of technology from different areas that drew me in.
And I, I don't know, if I, if I, if I was turning a 16 right now, I don't actually know if I, if I'd, if I'd have wound.
up like in that kind of trouble or drawn into something like that again.
And that concludes part one of the second installment of How the World Got Owned, the 1990s.
Part two will be hitting the feeds soon.
And if you want to get the full part two of this installment of how the world got owned,
please do subscribe to our new RSS feed, our new podcast feed,
risky business stories.
So just search for risky business stories in your
podcatcher and you'll be able to find it that way or you can always head over to our website
at risky.biz to find the subscription links for that feed. Our thanks again to Sensible One. This whole
project is only possible because they commissioned it. Interviews for this podcast were done by
Ambley Jack. This podcast was edited and produced by Ambley Jack with a little bit of help from me,
Patrick Gray. And the How the World Got Owned musical theme was composed by Noel Sanger and yours
truly in Noll's studio.
Thanks, mate.
That's all for now.
Bye-bye.