Shawn Ryan Show - #164 Mike Grover - How Hacking Tools Are Changing Cyber Warfare
Episode Date: January 29, 2025Mike Grover is a security researcher, InfoSec expert, and the creator of the infamous O.MG Cable. He gained prominence in 2019 when he showcased his malicious USB cable prototype at DEF CON, capable o...f recording keystrokes and executing remote commands. Grover's O.MG Cable looks identical to a regular charging cable, but contains a tiny implant that creates a Wi-Fi hotspot, allowing attackers to access the connected device from up to 300 feet away. Since its inception, Grover has refined the O.MG Cable design, making it indistinguishable from normal USB cables and expanding its capabilities. The latest iteration includes features such as geofencing, self-destruct mechanisms, and support for various connector types including Lightning and USB-C. Grover's work aims to raise awareness about hardware security risks while providing tools for red teams and security researchers to test and improve organizational defenses. Shawn Ryan Show Sponsors: https://ROKA.com | Use Code SRS https://ExpressVPN.com/SRS https://ZipRecruiter.com/SRS https://RocketMoney.com/SRS https://prizepicks.onelink.me/LME0/SRS https://ShawnLikesGold.com | 855-936-GOLD #goldcopartner https://americanfinancing.net/srs NMLS 182334, nmlsconsumeraccess.org. Call 866-781-8900 for details about credit costs and terms. Mike Grover Links: Website -Â https://o.mg.lol/ X -Â https://x.com/_MG_ LinkedIn -Â linkedin.com/in/mgrover Please leave us a review on Apple & Spotify Podcasts. Vigilance Elite/Shawn Ryan Links: Website | Patreon | TikTok | Instagram | Download Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
Hey Spotify, this is Javi. My biggest passion is music and it's not just sounds and instruments.
It's more than that to me. It's a world full of harmonies with chillers. From streaming to shopping, it's on Prime.
Mike Grover, welcome to the show man. Thanks. Thanks for having me, dude.
We just knocked out one of the most fascinating
everyday carry pocket dumps I've ever seen.
And the fact that you designed all that hardware
is just astounding, it's awesome.
And so we got connected through mutual friend,
Bryce Case Jr.
And thank you, Bryce.
And man, we've been trying to make this happen for,
I think a year, over a year.
Yeah, over a year now.
So, yeah, cause I interviewed,
he was last year's Thanksgiving episode.
And we got connected right after he told me
about the OMG cable, which you developed.
And we'll get into that. connected right after he told me about the OMG cable.
And we'll get into that.
Real quick, let me kick it off with an intro here.
So Mike Grover aka MG, you're a hacker, red teamer,
entrepreneur, artist, security researcher, and educator. You work for Fortune 500 companies
conducting red team operations
to test and enhance their security.
You design and build covert hardware implants
that bypass and challenge computer security.
You also run a business that manufactures
and sells your hardware designs,
which are now used by countless companies and governments
to strengthen their own security.
The most well-known hardware design is the OMG cable,
a malicious USB cable.
They're also a husband and a father.
And I'm sure I'm missing a whole slew of stuff,
but at least that pates the picture.
Thanks, man.
But I want to do a life story on you.
You know, some of the things that you have developed
and then probably go down some rabbit holes
with cybersecurity.
Maybe I love knowing what China and Russia are up to
if you have any insight into that.
But before we start anything, everybody gets a gift.
So.
All right.
Gummy's.
The Jones League gummy bears.
So made right here in the USA, legal in all 50 states.
All right.
So, you know, I know you guys got some fun gummies down there in California, but this is just candy
Oh, I'm gonna eat some now man. These are
Go right ahead. I've muscle. Yeah, I'll take some of those. Thank you
I'll see if I can not eat these by the end of the show. Good luck
I'm not going to eat these by the end of the show. Good luck.
Nice, those are good.
Not bad, huh?
No.
But, sorry, I'm going to talk with my mouth full.
Mike, I got a, so I got a Patreon account,
it's a subscription account. It's a subscription account.
It's, they were a major, we were just talking about before,
you know, right before we kicked this off
about starting businesses and how this started in my attic.
And we're both entrepreneurs.
And, and so developed a Patreon very early on.
They, they have been the key component
to how I've built my business.
And a lot of them have been here since the very beginning.
So one of the things that I do is I give them
the opportunity to ask each and every guest a question.
And so this is from somebody anonymous.
What's the simplest trick hackers use
that 99% of people
still fall for every day?
Asking, just ask them, ask them for access.
Granted, you gotta kind of cloak it a little bit,
but you pretend to be somebody you're not.
And for instance, like I'm your IT department, I'm your HR.
You call them up, you email them and you say, I'm your HR.
And at that point you've got their password. That is a method that is still heavily used
and constantly works.
No kidding.
That actually happened to us here.
Oh yeah.
Yep.
We had to have Brian Montgomery jump in and save the day.
But yeah, it was, we got an email saying,
we want you to be on this podcast.
And I thought it was bullshit.
We had a staff member that kind of like pushed me
to do this and of course everything was in a rush.
And boom, we saw that.
Then my guy, they got into our Facebook
and almost hacked everything.
Took it all.
And Brian was able to jump in and save the day
kind of last minute there.
So, thank you, Ryan.
But what else?
What's another one though?
I mean, that is like the go-to, right?
Like, I mean, you can walk into a building,
but why do that when you can just ask from halfway across-to, right?
You can walk into a building, but why do that when you can just ask from halfway across the world?
Most companies, you'll still be able to walk in and do all that stuff.
It's just not worth the risk unless they've got that level of security kind of locked down where it's like,
okay, you can ask anybody in the company for their password. They can give it to you, but you can't do anything with it, because you've got like two factor turned on
or stuff like that.
Different security controls and detections
that suddenly requires physical access
to, you know, you got to take more risks to do that.
And that's, it's a lot more skill,
a lot more work to make happen.
Interesting, interesting.
Well, you know, I had a little chat with Bryce
before he got here today and we were talking and
by the way, have you ever seen that video of him at the Deadmau5 concert?
He's up there, he's rapping and falls off the stage.
I got to roll this clip.
You've seen this, right?
I believe so, yeah.
I got to roll the clip.
It's hilarious
He brought Something up that wasn't in your outline. Oh shit, and so might be a little uncomfortable
but I
Gotta ask it and and I think it's a good question because it sets the stage for the entire interview and everything
We're gonna we're gonna talk about but he says
in case he chickens out
Ask Mike about his design being so good that they were
Copied by the most well-known hacker of all time
Kevin Midnick also known as Condor. So I got to hear about this man. Oh the most well-known hacker of all time,
Kevin Midnick, also known as Condor.
Is this the OMG cable?
So I had been doing lots of designs of malicious cables.
And I had some really early proof of concept just to show it's possible. No wireless connection, of malicious cables, right?
But it worked. I want to show the world, because you know, really slow, right? and have me build one for him.
I started on that process,
but I didn't have enough time to complete it
with his work constraints as well,
because he didn't have time and stuff. The, oh shit.
But we have solved things since then.
I think there's certain levels of communication and misunderstanding, so I don't want to be like,
ah, he's the worst.
But lessons learned as well,
like if it's something you can turn into a product,
maybe wait until it's ready, things like that.
Which is exactly what I did with the OMG cable. That's where it's like, things like that.
Which is exactly what I did with the OMG cable.
That's where it's like thousands of times better.
Is he really like the world's most renowned hacker?
I mean, so, RIP, he's no longer around.
The way he would be introduced,
but it was always the world's most famous hackers,
the tagline that was used.
Basically he had gotten the attention of the FBI
and they were hunting him down
for getting into various places.
A lot of social engineering tricks and stuff like that.
And kind of a cat and mouse game.
There's a movie called Takedown, right?
So good movie, check it out.
But he went to prison then
and was pretty unfairly treated.
There was a whole free Kevin movement where they were doing,
I think they put him in solitary or something
because they thought he could whistle into the phones
and launch ICBMs or some shit like that.
Oh my gosh.
This is back when everybody's like,
oh my God, hackers, just evil wizards.
It's still like that today, but it was much worse back then. They had no idea what was even possible. Back when everybody was like,
He was held for a very long time, pretty unfairly. Eventually got out and then went into Infosec
as a profession using that.
And then tried to take your own GK.
I mean, I guess he knew it looked good.
Hey.
He's good at that.
Hey.
You got the world's most renowned hacker taking,
your stuff, that's pretty cool. Sounds like everything worked out today.
Oh yeah, definitely.
And just for the record, he got a pretty unfair shake
at life, I think he got a pancreatic cancer,
and he died before his first kid was born,
which is just fucking terrible.
Man, that's wild.
I've since met up with his wife and cleared the air. Good for you. We're good. was born, which is just fucking terrible.
I've since met up with his wife and cleared the air.
Good for you, man.
Well, let's get to you.
Like I said, I want to do a life story. stuff but actually actually in your in your bio I know what red team operations are yes red cell operations but could you explain that to the audience yeah
definitely so there's a lot of it depends where we're talking about red
teaming because there's military red teaming which I would love for you to
give me a couple stories on because I mean I'm sitting in a room with a guy
who probably knows that really well way more than me so it would be a little
ridiculous for me to explain that to you.
But red teaming in terms of corporate cybersecurity
is a subset of pen testing.
Pen testing is find the holes, tell us the holes, right?
I mean, that's cool, but it doesn't quite test
how someone responds.
I think there's this, I think it's a Mike Tyson quote,
where everybody has a plan to get punched in the face.
It's like, okay, well, maybe a little aggressive
in context of cybersecurity, but how do you solve that?
In boxing, you train, you get punched in the face.
And then, well, okay, now it's not going to be new
when it happens.
So you might have a plan,
but are you gonna execute on the plan?
Are you gonna like miss some steps?
Is motion gonna get involved?
And also, you know, I can find holes at different layers,
but red teaming is gonna be repeating
exactly the entire chain.
It's often called a kill chain,
where it's you're connecting
all of these different vulnerabilities
To go from completely outside to completely to the crown jewels take them out and succeed
And then you show how you did it after the fact. How'd you get into that? Oh, good question
so kind of almost don't even know,
I'm going to do it this way, or you learn about the end users that you're supporting as Help Desk,
and all the problems they run into,
and oh, they're running into policy that stops them from working,
so they're going to do this.
That's going to cause a degradation of security,
but it's really common.
You know that, having been in Help Desk and Sysim,
and so you start to connect these things together,
and it becomes this really valuable bucket of information connect these things together,
systems for IT, you got to keep them secure too, especially in small companies where you don't have
dedicated security. It's like, no, you are the security.
So you got to learn it that way, which requires you to think
also how does an attacker do it?
Because you got to defend against that, right?
So eventually I just kind of got bored of doing IT
and made the jump into security.
Started learning, started learning,
actually Bryce, so good connection on this as well. So I had known Bryce for a long time
and I think it was like 2013, first time I went to DEF CON,
hacker security conference, biggest one in the world
in Vegas every year.
And I decided, oh God, what was this?
So there's these unrecorded talks they also do
in certain areas.
He was on stage, I think he was doing something
with like Bitcoin at the time, and he had this
like telepresence robot on stage for a guy
who was on house arrest.
Like he couldn't come, so he brought a telepresence robot to be like Bryce's partner on house arrest.
He couldn't come, so he brought a telepresence robot
to be like Bryce's partner on the stage.
It was just wild watching this.
I'm in the audience, I'm just like, oh's up, like, never met you before. But from that point on, we kind of, you know,
our relationship grew, got to know him a lot better,
but he also DJs, as you know,
and he was DJing for a guy called Fuzzy Knapp,
who, or sorry, flip that around.
Fuzzy Knapp was DJing for him,
because he also MCs and sings songs, right?
So he needs someone, you know, to play that.
So Fuzzy Knapp was DJing for him on because he also MCs and sings songs, right? So he needs someone to play that. So Fuzzy Knuff was DJing for him on a lot of his shows.
So I met him, and well, he is the one who had built out
a red team for a new company.
Not a new company, new red team for a company,
large company, and he ended up pulling me over
into that team.
So.
Oh cool. Yeah. I love that guy man. Bryce is great. Love that guy.
The big game is almost here and this could be your last chance to get in on
the action. Don't miss out on the final football game of the season with prize
picks. The best place to cash in on the big game. The app is really simple to use.
Pick two or more players across any sport. Pick more or less on their the best place to cash in on the big game. The app is really simple to use.
Pick two or more players across any sport,
pick more or less on their projection,
and you could win up to a thousand times your money.
Join PrizePix, America's number one daily fantasy sports app,
available to play in over 40 states,
including California, Texas, and Georgia.
So join now because a quarterback will only need to throw one yard to win.
Download the PrizePicks app today and use code SRS to get $50 in promo funds instantly when you play $5.
That's code SRS on PrizePicks to get $50 in promo funds instantly when you play $5.
Win or lose, you'll get $50 just for playing
guaranteed. PrizePix, run your game. Must be present in certain states? Visit PrizePix.com
for restrictions and details.
Even though I'm excited for the new administration, there's a lot of tension in the world. Russia, Ukraine, the border, inflation, who knows what could happen next.
Me?
I'm not waiting around to find out and I don't think you should either.
Look, it's simple.
I want you to go to SeanLikesGold.com.
You'll learn about my partners over at GoldCo.
They're a great precious metals company that I trust.
They're one of the top rated gold companies in the industry with impeccable customer service and they support the show.
And for my listeners, they're going to give you a free gold and silver kit where you can learn
about how precious metals could help you protect your money. You could also get up to a 10%
instant match in bonus silver on qualified orders. That extra 10% is a great way to get started. Well, let's, took a little sidetrack there, but let's get to you and let's get to your
time.
I'll let you get there eventually.
Where'd you grow up?
All right.
So I grew up in Wisconsin.
Brothers, sisters?
Yeah, I got a younger sister, four years.
You guys tight?
Yeah, we don't keep in touch as much,
both like super busy,
but we could definitely be a lot closer.
Is she a hacker too?
No, she culinary.
Culinary.
Yeah, I picked that up for my dad as well.
So my dad, yeah, so he was in the Navy
as a corpsman for a while.
I think it was like four years, submarine stuff.
But medicine, both my parents were in medicine
and they did a lot of DIY stuff.
So they built their house from the ground up,
designed it from the ground up.
So I was in that kind of raw materials environment.
Like the house never actually fully got completed,
which is actually kind of cool
because there's constant like tools, raw materials around growing up. materials environment.
That was pretty cool. and then they were rushed with the weather to get the drywall up. So they paid for that.
Everything else they did by hand.
Wow, wow.
Pretty cool.
Culinary, right?
That's going back there.
Yeah, he was really into just cooking
and really, really good at it.
Both of my parents were doing barbecue competitions I was really into just cooking and really, really good at it.
Both my parents were doing barbecue competitions for a while as well.
They were just-
Jack and Walter and Tom.
Yeah, just get into it and go.
And I think that was a pretty good learning experience.
And obviously that had an impact on my sister
who got in the culinary as well
and just did some great stuff there.
I didn't pick that skill up.
So what were you into as a kid?
Oh, God.
Definitely electronics type stuff.
So it depends on the stage.
Video games first.
Lots of video games.
What video games?
What platform?
I guess it depends over time. So there was the console stuff like Nintendo, et cetera. video games.
joystick and a single button right that's that's the whole controller and we were playing the game tank right you just move around like you're in a tank
and you fire at stuff right my dad took some speaker wire a tongue depressor
medicine right and ran a button probably from Radio Shack and just taped it to a
stick to the tongue depressor ran the wires off and soldered it to the controller
so that I could have access to my own little button,
when I was like four or something,
so I could fire the tank while he steered it around.
I thought that was pretty cool,
and it kind of stuck with me.
You just modify stuff, hack it stuff.
So very simple, but that was the first video game,
first hardware hack that I was kind of exposed to. And yeah, spent lots of time on like Nintendo, and stuff, like hack and stuff.
You know, consoles to the computer in the house that we had, you know, used it for like, encyclopedia,
like you could chat with people online, cool,
but it's more just a tool, right?
Then Quake, you got to start learning things back
when Quake came out, you know, this late 90s, right?
You got to learn like how dial-up work,
how to connect to other people so you can do multiplayer.
Like that wasn't just like a button or two,
it's you got to learn stuff.
And even running Quake, it's like, oh, you just don't launch it, you know, reboot the computer in DOS mode and stuff like that. It's just like a button or two.
effects and you can see the Nine Inch Nails logo on the crates of nails as well if you look in there.
But yeah, that was also kind of impactful for me with the stylistic stuff and the art.
Damn, so you started the hacking stuff at like, how old were you?
We were the same age.
That was high school.
Atari was high school?
No, Atari, oh God, I don't even know when that was.
Yeah, I mean just really...
Was it like five or six?
Yeah, I don't even know.
Damn.
It was 80s, like, I don't know.
But yeah, Quake was high school.
Right on, right on.
So, let's fill in the gaps in between.
Were you into anything other than electronics, or was it always just electronics, So, let's fill in the gaps.
Were you into anything other than electronics,
or was it always just electronics?
Part of it was just making the car continue to run,
but also, let's add sound systems to the cars
and learn how that works, which is electronics in some way.
Also got into water cooling, the computer to overclock it,
but that required learning.
These days you can just buy a blowing out the heat, right?
If you overclock a computer,
you can get a lot more power out of it,
especially back in 90s, early 2000s,
but it would dump a lot of heat, lots more heat,
and air cooling couldn't keep up with that.
So what you do, you take little water blocks basically,
like a little piece of copper,
strap it to the processor, the video card, and run water loops through it, basically like a little piece of copper,
strap it to the processor, the video card,
and run water loops through it.
It's like a little maze that the water would take
through the channels on this block, and it would pull the heat out and you would dump it. And at the time, it kind of was a Chevy Chevelle heater core
that was just like the perfect size.
You could use that as a radiator with a larger fan on it.
So instead of using the small fans
that you'd find on laptops or even desktops
that maybe is like that big, you'll fan that big.
And it keeps it quieter while dumping heat
and you can just run these things really hot.
And yeah, I had to learn how to make those things, right? So you get a pond pump from a fish store, pumping heat and you can just run these things really hot.
I had to learn how to make those things.
You get a pond pump from a fish store, you get the Chevelle heater core,
get all the tubing wire together, but I had to mill out, I didn't mill it,
I drilled it, I used a drill press because I time. You just do like cross drilling through all different directions,
plug it up and get this cool spiral pattern
where the water would go through it
and pull heat out of all your devices.
And you get to learn about things like corrosion,
like you got copper and brass and aluminum
and like, you know, these things are going to start to corrode.
So you learn, you know, the chemistry behind
how to prevent that from happening because you don't
Want corrosion because then your computer is gonna have water all over when it leaks
Just for example, right?
Wow, so you you like a jack-of-all-trades
Yeah, you like taking stuff apart putting it back together figuring out how it works how to fix things that are very young age and it just
Exploded yeah. Yeah, basically now How'd you get into hacking? how it works, how to fix things at a very young age,
and it just exploded into what you're doing now.
How'd you get into hacking?
So I'm going to put that on Quake as well.
So you're playing online games, like, wait a second.
At the time, there was no what we call client-side security
or client-side integrity checking.
The game files I had on my machine were unique to me.
You would download them from the author, and you just, you know, expect it to not mess with that, but nobody's stopping you.
You can go and mess with the player models, for instance,
and you can like add a really large cross
that goes like 10 feet above, below,
and all sides of this person, right?
So now you can see them running around a corner
because, you know, this post is sticking out them
and you see them coming from the corner.
They don't know that, but it was a good approach.
Or a lot of dark spaces, right?
You can't really see people in the dark.
You're like, cool, I'm gonna add a fluorescent color
to their skin and there they are.
They're glowing in the dark, right?
See through walls, right?
You've got these textures that would go on the walls
and they're opaque, but they don't have to be.
You just set them to transparent
and suddenly you're seeing through the walls.
And you know, that type of stuff was,
I had more fun like figuring out how to do it
than actually doing it.
But that kind of just opened the door of like,
there's rules and there's expectations,
but there's also not many people checking.
Like best way to kind of,
God, I don't want to get like philosophy.
Get into philosophy here,
but there's this kind of beautiful,
I think it's Jacques Ranciere,
who defines like police politics, right?
As like you got a road, right?
And it's painted, there's lines,
and everybody just obeys those, right?
And he connects that back with politics of like,
oh, you're told to vote and do all these things.
It's like, okay, but like,
what if you don't follow the paint on the road?
What if you go off the road?
What if you get really close to the edge?
Most people are, they see those lines
are going to get right in the center of the road,
because that's what you're supposed to do.
It's like, oh, what happens if you don't?
That's interesting to me. That's where weird things start to show up. right in the center of the road,
play on the edges, see how close you can get. And I guess now that you make me kind of say this,
that's probably a good descriptor for how I think about a lot of things,
like art, everything across the board, is find the boundaries,
and what happens if you go on in any of these hacking-type communities?
Oh yeah.
So, late 90s, more early 2000s, there's a lot of online communities.
Some are big.
I think the really big ones you would know of, that most people would know of, like 4chan and something awful, right? Big places that had the bigger names at the time.
But there were also much smaller specific topics,
water cooling, right?
There was a water cooling, there was a bunch of them,
but there would be water cooling communities
where people just share their techniques and stuff
so they could all just improve upon it.
And yeah, there were also hacking-themed ones.
So Bryce and Digital Gangster was one of those.
That is one of the several communities
I have known him from.
And yeah, this was also at a time where online space
and meet space were very separate, right?
Like online dating, for instance, that was like, what?
Now it's like, that's all the kids do these days.
It's really weird.
But I met my wife from one of those online communities,
but eventually those worlds start to blend together
when you spend more time in there and you're spending most of your time in there But eventually those worlds start to blend together
when you spend more time in there
and you're spending most of your time in there
and just talking to these people.
Eventually, I mean, it depends on the community,
maybe not so much like digital gangster
where it's like just raw crime happening
is maybe not the best idea to meet up for many reasons.
But, you know know certain lesser criminal communities
yeah meet up with people and those worlds start to blur together and
It's a little bit different than the you know 2024 is where it's just everything is just me. Yeah. Yeah
How'd you meet your wife? Yeah, I mean so
We posted on some,
one of the communities out there,
I think it was like from hardware overclocking.
Yeah, I can't remember exactly what it was,
but we, I moved out to California.
That's its own story we can go into,
but when I moved out, I think it was like the first week,
I'm just like, hey, anybody in this community,
like around, want to hang out, show me around town,
she was one of those people, it was like, yeah.
And yeah, it just kind of grew from there.
Is she a hacker too?
Not a hacker per se, a gamer, photography, art.
Cool.
How long you guys have been married?
Sorry to put you on the spot with that one.
What year is it anymore? Sorry to put you on the spot with that one.
What year is it anymore?
2009. 15 years?
14. Yeah, so almost 15.
15 years. What's the, what do you think the secret to successful marriages?
Oh my God. I bet you weren't expecting that one.
No, I was not expecting that one.
I'm going to have to think about that one, man.
I don't know, man.
Just, I guess I can connect this back with everything
is just kind of understanding.
I mean, humans are a mystery to me,
but at the same time, there's so much complexity
and it creates, it's like a,
everybody's different.
Like everybody wants to put everybody into a bucket.
Like there's us and there's the other,
but like, dude, humans are messy and complicated
and unique and understanding that helps a lot
with everything, whether it's being in a marriage and unique and understanding that helps a lot
with everything, whether it's being in a marriage or attacking somebody to get into a company.
It's like, same thing, right?
Like understanding, but very different motives and goals
behind that one is just truly understanding the person
and working with them.
And the other is kind of the inverse of that.
Right on, right on. working with them, and the other is kind of the inverse of that.
Right on, right on.
What are some of the big hacks? Were you involved in any big hacks?
Not like hands on keepers. I like to watch those.
So for most of my time,
like any of the hacking stuff, that was me,
I kind of viewed it as like entertainment. Like it wasn't like power, money,
or anything like that for me.
It was just like, have some fun, right?
Yeah, you can mess around.
Like I would do stuff in like some of the communities as well.
Like I knew the people who would run the servers,
so you can mess around in there would do stuff in some of the communities as well. I knew the people who would run the servers. So you can mess around in there.
What kind of stuff?
I mean, okay, for instance,
I got to remember all the complexities here,
but this community was very liberal
with temporary bans and stuff like this.
You know, I got myself banned,
and I'm like, I know, I got myself banned,
and I'm like, get around that, right?
And then they could not get me banned in this environment
because they had some add-ons that they were using
for this Beibolton, I think it was Beibolton,
it might have been PHPBBB.
PHPBB.
Anyway, one of the large platforms at the time just had a lot of plugins that just gave me PHP BB.
So very you know light-hearted light-hearted in that
Instance, you know, they were they were more interested in how it was done than like oh, you're you're breaking into my stuff. So
Yeah
All right on front well, let's move into
We deserve them up. I don't know, you know a whole lot about hacking.
I would love for you to expound on how you got into it.
But some of the things that you just found fascinating
that kept you going all the way up until building your own hardware.
Going back to the youth for a little bit, something probably important, I had a phase where I was really into magic.
Sleight of hand, deception, that type of stuff.
I think it was middle school.
I actually got my first taste of authority not being super ideal for me.
Brought in a fake cigarette to middle school. the peak of the dare situation, right? It looked perfect. It looked like it was actively lit,
and you blow on it, and like, you know,
talc, I think powder came out, but it looked like smoke.
That got confiscated.
We got, a friend and I got pulled down
to the principal's office.
I don't know, I think I got suspended
for not taking the situation seriously enough.
I'm like, how can you take this seriously?
Like, it's fake cigarette, but. I think my friend pointed out, oh yeah, that's right, how can you take this seriously?
It's fake cigarette, but I think my friend pointed out, oh yeah, that's right, they brought on the cops to test it
because some of the talc powder came out and they're like, that might be cocaine.
My friend made probably an unhelpful comment of like, that's not even how you would smoke cocaine.
But yeah, anyway, sleight of hand.
You know, that gets into like deception and the human aspect, which is often forgotten
a lot in hacking.
People are like, oh yeah, it's just knowing computers really well.
Definitely a huge piece, but like, it's people as well that have to be kind of like manipulated.
You got to understand them.
You gotta convince them to do things,
which is the most common way of getting into so many systems.
You just say, hey, I'm from your IT department, let me in.
And you gotta know how to make that sound legit.
And if somebody is like, I don't know,
like, okay, let's do some urgency,
to make them kind of panic a little bit
where their decision-making goes down. And they're panicking and they're like, oh, I just gotta do some urgency, like make them kind of panic a little bit where their decision-making goes down and they're panicking
And they're like, oh, I just gotta do the thing or you know
I might get fired as bad things gonna happen or you know, there's there's so many different like
Psychological triggers that come in and play and create this misdirection interest and you're like, oh, it's it's it's like slight a hand for you know
Psychology, right? So you you push people into different directions and you get them to reveal their password
or run an application on their computer
that gives you access to everything.
And that overlaps with the technical
and the hardware and all these other things.
And just, I guess, being a generalist,
now that you make me think about it,
it just allows you to kind of glue
all of those things together and
I guess yeah at the time before I officially got into like paid security. I was
Thought that was a weakness like oh, I've never specialized in anything. I
Just like I couldn't possibly keep up with people who did specialize
And I mean that is true
There's like every person I work with that specializes,
they go so far into just absolute wizardry that amazes me.
And I can never keep up,
because I just cannot sit down and focus and be like,
I'm going to do this thing and that's all I'm going to do.
I get 80% of there and I want to go play with another thing.
But yeah, it worked out.
It's great for the entrepreneur type perspective as well. We're going to juggle all the things. and play with another thing.
It's great for the entrepreneur type perspective as well.
Well, Mike, let's take a quick break.
When we come back, I want to get into some of the hardware
that you've made and how that happened and who's used it,
what governments, all that kind of good stuff. take that chance. With ExpressVPN, you can stay safe online without having to trust anyone.
Every time you connect to an unencrypted network
in a coffee shop, at the airport,
really in any public place, your online data is not secure.
Anyone on that same network can gain access to
and steal your personal data.
ExpressVPN changes that as easily as opening up the app
and clicking one button to get protected.
I've been on the road speaking with all kinds of people
from health gurus to world leaders
and data security is extremely important to me.
ExpressVPN helps defeat hacking attempts
by creating a secure encrypted tunnel
between my device and the open internet.
So you don't have to worry about
who else has access to your information.
Secure your online data today by visiting expressvpn.com slash srs.
That's e-x-p-r-e-s-s-vpn.com slash srs, and you can get an extra four months free.
Expressvpn.com slash srs.
The economy has been a major burden on Americans. Wages are flat, expenses are up, and it keeps getting harder to pay all the bills without
reaching for credit cards.
If you're a homeowner and you're frustrated with that cycle, I want you to make a 10-minute
no-obligation call today to the people over at American Financing.
Interest rates have dropped
and if you're constantly carrying a credit card balance
each and every month with a rate in the 20s,
American Financing can show you how to put
your hard earned equity to work and get you out of debt.
Their salary based mortgage consultants
are saving their customers at an average of $800 a month.
And if you get started today, you may not have to make the next month's mortgage payment. are saving their customers at an average of $800 a month.
And if you get started today,
you may not have to make the next month's mortgage payment.
Call American Financing today, 866-781-8900.
That's 866-781-8900.
Or go to americanfinancing.net slash SRS.
All right, Mike, we're back from the break. Go to www.financing.net.
All right, Mike, we're back from the break.
I missed a couple of things in our outline here.
So I'm going to have you pick it up with, we're always going to start with 2,600,
whatever the hell that means.
Oh, yeah, yeah. So all the security stuff I was doing,
the times I was doing help desk and stuff like that,
security for the most part, anything security connected,
was a hobby.
So even the overclocking and water cooling I was hobby too.
But yeah, 2600 is kind of a hackerzine, I think they're quarterly.
Just lots of people writing in to show tricks they've done,
whether it's with pay phones, phone freaking.
Wait, so what is 2600?
It's a hackerszene, basically.
Like a magazine?
Yeah, like a little magazine.
You can go to Barnes and Nobles and get it.
Okay.
So what is it? Is it a book?
I think it's quarterly, where they will just publish a new
set of little articles written by different people that
talk about how to hack something, how they hack
something, just cheats on systems, sometimes politics,
just hacker-minded stuff.
Gotcha.
It's pretty cool. But that was also, when I first got into that,
phone freaking and stuff was more popular then as well.
What is that?
Yeah, so that's hacking with phones basically.
So this goes back way, way long ago.
God, I think the guy's name was Joy Bubbles actually,
deaf guy, or sorry, not deaf,
that wouldn't make any sense, blind.
And he noticed that there were tones on a phone that wouldn't make any sense, blind.
And he noticed that there were tones on a phone
when connecting to overseas and stuff.
Phone calls cost a lot of money, but he noticed they made certain tones and stuff,
so he had perfect pitch and he would just whistle them back and he noticed like the phone network would do stuff when you did that so yeah there's what we call in band
signaling when you can hear the signal the other end you know there's the like
the switch panel of the phone networks hear these tones and it's like you know
when you push numbers on the keypad and they make a tone right yeah if you do in
a certain sequence you know it's, oh, it hears that.
There's other tones that the keypad doesn't make
that tell it to do other things.
It's where the 2600 comes from, actually 2600 hertz.
I can't remember what that does at the moment,
but it would allow certain administrative type functions.
And it's like routing around like, oh, you paid
and now you can route long distance or something like that
Right, but no shit. So hold on hold on
So that so it actually has nothing to do with the keys that you're pushing it
It has to do with the tone that they're programmed make. Yeah
I mean at least at the time things have changed since then but yeah, I was just the tones you could literally
Whistle those tones or home or whatever. So blue boxing was the other thing it's called
There's there's many boxes many colors, but blue boxing just replicated that you could literally quickly dial a number or whatever
You want to do do the administrative codes play it right into the mouthpiece?
He would dial and do all these things
Holy shit, I have no idea believe it or not. That's how Apple started
Was and jobs made some of their first money
selling blue boxes.
What is a blue box?
So it's the device that would allow you to,
more or less get free phone calls
in the age of having to pay for long distance stuff.
Like go to a pay phone, just pull out your blue box,
hold it up to the mouthpiece, press some buttons,
make it do what you want,
call whoever you want.
It was illegal at the time.
I, oh, what was the, there was a magazine it got into
by a guy named Cap'n Crunch at the time.
He got that name because there is a whistle
inside of the Cap'n Crunch cereal
that just happened to make that 2600 tone
when you blow it.
So he didn't have perfect pitch like Joy Bubbles did,
but he had the whistle.
So you just blow that to the phone,
then you open up certain access with Cracker Jack,
not Cracker Jack, but Cap'n Crunch style toy,
which is really cool. But yeah, you can electronically reproduce those sounds crackerjack, not crackerjack, but Cap'n Crunch style toy,
which is really cool.
But yeah, you can electronically reproduce those sounds,
and that's what they were doing with the blue box.
There was red boxes, but a lot of people did it at the time. And yeah, it was and jobs.
So took that money and started Apple with it.
So no kidding.
It's pretty cool.
I had no idea.
Very cool.
And it was I would love to meet that guy one time, but he's a great example of like the
old school hacker that was way more about like mischief and just figuring out what things
work and not necessarily anything criminal.
Interesting.
Great example.
Interesting.
So you were working at this magazine.
Yeah, no, so I wasn't working there.
I was just enjoying it.
And there were a lot of different cities
would have like meetups, like, hey, 2600 meetup.
And you go and meet people that are into that stuff and really tiny where I was from
So didn't really go anywhere but that that was cool
It would get you into just more like hey
Here's other ways of hacking that you didn't know about and just gets you to think like wait if I can do that
If they did that what what else can you do? Like let's. It's all about exploration, experimentation.
It is this frontier too.
Like there's just unexplored space.
Like what else can you do?
And outside of 2600, there's all the tools
that people knew of the early online days
like Sub7 or NetBus.
Kind of like a software Trojan more or less. Basically you get somebody to run it in the early online days, like Sub7 or NetBus.
Kind of like a software Trojan, more or less.
Basically, you get somebody to run it,
or you run it on their computer,
and it gives you remote access.
You can fully control those machines over the internet.
Open up the CD trays, close it up,
just all kinds of wonky stuff that could be for pranks,
or it could be criminal.
God, okay.
There, reminds me of one of the ways we used it.
So again, I was way more about just pranking and having fun.
My friend in high school, her name was Heather.
She was really into like,
She was really into like,
just spiritual stuff and like, you know,
she thought like spirits were in her house and stuff like that.
She was a face, right?
Oh, but a friend and I had that running on our computer
and you could play noises the middle of the night
and shit and just like, it was terrible.
It was so bad, you know, the CD drives would. And just like, it was terrible. It was so bad, and you know, the CD drives would open.
Just like, you know, it, she was terrified at the time,
but later on thought it was funny.
But yeah, for an example, right?
Like you can just have fun, you can play with people,
you don't have to actually straight up do crime.
Crime does occasionally pay though,
so some people would get into that.
How would they use it?
For criminal?
Yeah.
Ah, God, this goes way back.
I mean, we're talking like over 25 years ago,
so I'm not 100% remembering this,
but it would have been, you can do like file system
modifications, stuff like that, so you can get access to cookies, remembering this, but it would have been,
you can do file system modifications, stuff like that.
Access to cookies, that'll contain login information,
you can get into people's accounts, send mail as them.
Spamming was a huge thing back then. has gotten a lot of Reputation from from those early days spamming my my friend at the time
Paid for his first computer by spamming for a porn company actually which is funny because he's had
Cashing a check sizable check for her porn company and he's like, I don't know
He's really like 14 years old in at the time getting like weird eyes from the bank
So, yeah that happened.
But what else?
Yeah, I mean. Did you ever do anything illegal
that's passed the statute of limitations
that you can share?
So a common misunderstanding
about the statute of limitations
is it's not just about the time in which has passed
since you committed the crime, depends on the crime,
but many times the clock starts from discovery.
Interesting.
The common misconception that is good for a lot of hackers
to realize.
But I mean, I'm sure, so the CFAA,
Computer Fraud and Abuse Act,
literally any access to any electronic interface
that is not explicitly allowed, that's a federal crime.
So literally what I described,
getting onto my friend's computer,
that's a federal crime,
even though they're cool with it and all this stuff.
Yeah.
So literally any of those things can be heavily punished.
So yeah, it's tricky, but.
Well, let's get into your first job.
Yeah, so first job, IT.
Again, like security was not really a huge thing
for the most part.
All that was side stuff.
But you still have to be conscious of secure design.
My coworker was kind of my mentor at the time.
He was ex-DOD, ex-Navy, had a lot of fun stories, but also got me more into security.
We actually did our first security presentation for the company
using some classics here.
Amazing movie, still holds up today. If you haven't seen it, go watch Sneakers.
They did a lot of physical security stuff. If the doors got the hinges on the inside, you can kick it open.
If it's on the outside, then you can do something different.
But what else?
There's the social engineering aspect
where they wanted to get through a front lobby attendant
who had to buzz them in,
so they had someone else come in with like,
I think it was a delivery, just creating a lot of stress.
So one guy's like, yo, I got this delivery. Other guy's like a delivery,
I think it was like a briefcase of some hardware that he had to like infiltrate into the company
that would go attack things, right?
Great demo, we use that like,
hey, here's some physical security things,
get you to think about it.
Catch me if you can.
Another thing where it's, you know,
social engineering was used.
And believe it or not, that movie based on Frank Abagnale,
most of the stuff he said is actually made up.
It was like the con on the con. based on Frank Abagnale.
educating on security instead of just playing and having fun and the entertainment values.
There's a responsibility here to teach people how to not fall victim.
Also did some live password cracking.
Back in the day people were using real terrible passwords, just adding some extra characters and stuff. We were able to do password cracking
just in the middle of this presentation.
Like, hey, this password you can get in 15 seconds,
this one's going to take us 10 hours.
In reality, that's-
How do you begin to crack a password?
Basically, I mean, there's a lot of different ways.
The way we were doing it was just brute forcing,
being able to have the ability to just retry word sets,
like common word sets,
like common password sets, you can just get those.
There's a lot of password lists, what we call them,
that when you're going to brute force and you just want to try them,
well, hey, we know these are the common passwords, we know these are passwords from leaked breaches, good chance somebody's reusing that somewhere. Good approach. There's cryptography and stuff.
Do you use the password manager?
Oh yeah, definitely.
Highly recommended.
Which one?
One password's pretty good.
There's different ones depending on what you need.
Is Keeper any good?
I haven't looked too heavily into that one.
Oh, okay.
I know somebody who's very into that space
that speaks fairly highly of one password,
but it's been a while, so I wouldn't want to be like,
yeah, this is the one, because that space is always changing.
What constitutes a good password?
One that you don't know.
So password manager.
Exactly.
So if you don't know your password,
it should be unique per site and as long as hell.
And that means you're going to have to use your password manager should be unique per site and as long as hell.
And that means you're going to have to use
your password manager to autofill that or copy,
however you're going to do it,
you're going to need the password manager
to feed that back and log into the site.
That combined with proper two factor,
it's going to secure so much when it comes to you
being compromised by social engineering and fishing.
Okay, that's good to know.
Yep. Let's move on.
Yeah, yeah, so, yeah, after that job,
I was kind of bored of Wisconsin,
and my friend at the time,
the one who made the money spamming,
he moved out to San Francisco a year earlier
and worked for a company called Long Now.
They're the ones doing the 10,000-year clock
that a lot of people are associated with.
I think Pezos is on there.
But Stuart Brand...
Hold on, what's the 10,000-year clock?
Yeah, so it's this idea...
I don't think they've built it yet, but still working on it.
But the idea is that they're gonna put a clock,
like an analog clock in a mountain
that stays accurate for 10,000 years.
It's really to get people to think really long term.
And- What do you mean?
Just like, who's really,
it's hard for people to think
more like even like one election out of consequences, right?
Like four years, 10 years, maybe I think as far as your kids,
okay cool, well how about 1,000 years?
How about 10,000 years?
Like that just changes how you think about the future
and what you do, what matters, what doesn't.
And it's kind of, it's almost like a thinking prompt about the future and what you do, what matters, what doesn't.
It's kind of, it's almost like a thinking prompt for people.
It's like, nobody does it, like, start doing it.
This was also, I think it was formed shortly after the Y2K bug,
which was hilarious because computers started,
a lot of the systems at the time were kind of birthed in the 70s,
and they had two digits for the year, right? at the time were kind of birthed in the 70s,
and they had two digits for the year, right?
So, 78, 79, eventually what happens when you get to 99
and it rolls over to 00?
Neither did the computers, right? in a couple decades. That's enough, somebody's going to rewrite my software. No, no, it's not. No, we're still using that software today.
So that's where the Y2K bug came from.
And it's like, cool, you needed to at least think,
that was in your scale,
so you can have four digits of space for your ears.
That was the entire Y2K bug.
But I believe that was kind of around the same time that,
okay, thousand years, what about 10,000?
It's probably where that came from.
So hold on, they want to make a clock
that's accurate for 10,000 years and put it in a mountain?
Yes, basically.
The mountain, I think, is to keep it safe.
They have to, like, keeping time for that period of time,
like, you can't use any other timekeeping system.
Like the atomic clocks and stuff like that
aren't accurate over that time span.
So you have to account for orbit variation,
shift in the poles of the Earth
and all of these other things.
They have a whole cam system that readjusts
the calibration of where that clock will be
in X years over that span.
It's absolutely crazy to engineer with that in mind.
It's like, nobody thinks about orbit variants over time
of the Earth or the pulse shifting for the clocks they use.
Like it's just not a factor, but what if you had to? I think it's really cool. for the clocks they use.
It's just not a factor, but what if you had to?
My buddy got a job just doing system for them
and web development.
I'm going to take you up on that. I'm going to use that to just move out there. I had no plan. I just like, I brought three suits.
No plan.
No plan.
I'm just like, I'm just going to do it and figure it out.
Which I guess is a very red team approach too.
It's like you can't plan anything.
You're just going to move and figure out what's in your bag of tricks as you go.
And work around the problems.
But yeah, I'm like, I'm going to bring three suitcases.
I prioritized one of them
Was like my gaming system like a whole suitcase was dedicated to just a computer like I don't know what I was thinking but uh, yeah, that was
30% of my
Luggage when I moved out stayed out of his cash for a bit
Got some random odd jobs doing like audio QA testing and stuff like that just to make it
and eventually got into the game industry doing sys admin, IT, help desk stuff,
and it just kind of grew from there. And yeah, I stayed there for like, I don't know, 15 years
in the game industry, but on the side, being in San Francisco gave me a lot of unique perspectives.
So first of all, Stuart Brand is kind of the guy
that was running the show over at Long now.
Stuart Brand is one of the original people
on like the hippie bus with like Timothy Leary
and all this other stuff, right?
They're doing, going around the country,
doing the acid tests and stuff like that,
but lots of just divergent thinking coming from that.
And that was interesting just to kind of see,
like I didn't get that in Wisconsin.
This is also kind of where like,
the PC revolution came from that type of people, right?
Or just divergent thinking, what can we do?
What mischief can be made?
All this stuff.
The maker space, Maker F fare was out there as well.
So this is more like hands-on hardware hacking,
not like security hacking, just like hobbyist hacking,
like 3D printers, let's just build some stuff.
The kind of stuff you'd find at Burning Man, right?
Like the art, where you start mixing
all these things together.
That opened my eyes to just different focuses
and aesthetics.
There's a really good point to kind of deviate here.
Something called BeamBots.
Actually, I'm gonna pull up this laptop here
to show you a picture,
because it makes way more sense when you see it. BeamBot, actually, I'm going to pull up this laptop here to show you a picture, because it makes way more sense
when you see it.
BeamBot.
Yes, you're like, what?
So BeamBot, B-E-A-M, biology, electronics, aesthetics,
mechanics.
It's just a kind of a design philosophy
around building little robots.
So I just kind of had to show it, because I don't know. philosophy around building little robots.
I just kind of had to show it because, I don't know,
you're probably picking up a bit of an insect vibe
from this, I would assume, right?
So it does a couple things.
First of all, there's no PCB on here.
It's just free-form soldering.
And all of these components, there's nothing extra
for the aesthetics.
It's all functional.
So in the back, you've got a solar panel soaking up energy. and extra for the aesthetics.
actually emit a little bit of energy on the lines, like a reverse solar panel, right?
They're inefficient solar panel.
But you can literally use them as eyes for this.
So depending on what direction it's facing,
it's going to, one eye is going to see more light than the other.
That's where the light source is coming from.
And there's a really tiny brain in the middle.
It's literally four logic gates,
which is tiny.
Your phone has millions of logic gates in it.
Mike Hable has hundreds of thousands of logic gates.
So basically all computing comes down to
the concept of binary on or off.
Think of it like a light switch, right?
It's on or off.
You can do math with that. You have to think which direction we're going here.
So we got one on, two off, that can give us a one.
Turn them all off, that's a zero, right? Easy.
Now we put two in the picture. You turn two on,
you basically double the last one.
So if two are on, that's going to be three.
Basically, the first switch is the value of one or zero.
The next one is two or zero.
And then the next one would be four or zero.
Next one is eight or zero.
And that's binary math, right?
OK.
And all decision making can kind of be based on this.
So in this sense, it's very analog.
But basically, this will eventually fill up and have enough energy
charged that these four logic gates are suddenly making a decision. Like this side's filled,
which eye is sensing the most light? And at that point it's going to fire the opposing leg
with all the energy it's gotten in here to steer towards that.
So you have this little bug looking thing that walks, right?
And it just constantly steers towards the light source.
And to me, I thought that was really cool
because A, focuses on aesthetics,
which is not super common.
And B, it uses really cool hardware hacks,
like I said with the lights here that,
normally it's for emitting light,
but no, you can reverse that and use it in an unintended way.
And you can use really minimal logic to do what you want.
And I've applied some of that to my cables as well,
not this specifically, just the mindset of like,
you don't need 10 things in this cable,
you can strip it down to one if you're really creative.
Wow.
That's how you shrink things.
So, that's kind of where that connects with, you know,
like hey, let's focus on aesthetics,
but also minimizing and just using things
in unintended ways to get more out of it.
So that was kind of a good point in which it kind of just opened my eyes to also, you know,
soldering and electronics, but also the art of it and all that. So yeah, Beanbots, that was a good pausing point
for my many hobbies that I would pick up over time
that eventually led into what would become the OMG Cable.
I know everybody out there has to be just as frustrated
as I am when it comes to the BS and the rhetoric
that the mainstream media continuously tries to force feed us
And I also know how frustrating it can be to try to find some type of a reliable news source
It's getting really hard to find the truth and what's going on in the country and in the world
And so one thing we've done here at Sean Ryan show is we are developing our newsletter and
at Sean Ryan Show is we are developing our newsletter. And the first contributor to the newsletter that we have is a woman, former CIA targeter.
Some of you may know her as Sarah Adams, call sign super bad.
She's made two different appearances here on the Sean Ryan Show.
And some of the stuff that she has uncovered and broke on this show is just absolutely mind-blowing. And so I've asked her
if she would contribute to the newsletter and give us a weekly intelligence brief.
This is going to be all things terrorists, how terrorists are coming up through the southern border,
how they're entering the country, how they're traveling, what these different terrorist
organizations throughout the world are up to. And here's the best part, how they're entering the country, how they're traveling, what these different terrorist organizations throughout the world are up to.
And here's the best part, the newsletter is actually free.
We're not gonna spam you.
It's about one newsletter a week, maybe two,
if we release two shows.
The only other thing that's gonna be in there
besides the intel brief is if we have a new product
or something like that.
But, like I said, it's a free CIA
intelligence brief. Sign up, links in the description or in the comments. We'll see
in the newsletter.
Let's move into defense distributed.
Yeah. So I think this is about 2013.
So first Defense Distributed,
it's the company behind the Liberator,
which is a 3D printed gun,
and also the Ghost Gunner, which is a desktop mill
that you can mill out a lower receiver,
AR-15 platforms was the first commonly.
You're the one that did that?
I did not, no. So I got very interested in that. R15 platforms was the first commonly.
there was a lot of experimentation in the 3D printing space with firearms, right?
Cody introduced it to the world.
He basically inflicted this idea upon the public psyche
in this amazing way that just caught my attention
in a couple ways.
First, it's this approach of,
hey, we're gonna give this to the world
in a way that is irrevocable.
Like going back to that,
like the police politics concept I was mentioning,
it's just like, okay, what if you create something,
like there's voting and opinion having,
but you create something and put it in the world,
nothing can change that at that point.
I just thought that was just amazing
from like the political standpoint,
regardless of what topic or what opinion you may
or may not have on firearms, the politics of it
and the power of creation was amazing to me.
And he did it with like a level of like art and bravado
that was just like perfect for the delivery of this and
so what fast so what you're saying is is bringing something to the world that cannot be taken back
like bitcoin yeah great another great example of like no opinion on that is going to change its existence. It exists.
And if you're thinking about real politics
and participating, creation is one of the most
powerful things you can do.
That's what I kind of learned from watching that.
But yeah, I decided, hey, I want to know more
what they're doing.
And I've helped out with security and just computer stuff in general. more of what they're doing.
Just helping out with the security of that, just to kind of see how they work.
A bunch of anarchists getting together,
building a company,
and just the whole fight that they were in.
It was very fascinating to me just to observe that.
And that kind of stuck with me,
both the creation, the power of creation,
and the artistic approach they took to it.
That was one of the things I kind of had in mind
when I first created the OMG cable.
It's like, hey, at the time I thought I was just going
to open source this thing and put it out there.
That ended up not making sense
because it was really hard to make.
You can't just DIY it.
But yeah, it was really hard to make.
You can't just DIY it.
It was one of the motivators in my head at the time
when I was first putting it out into the world.
One of the many things is just like, So yeah, they're still doing their thing.
So what did you do there?
I just helped out with some security stuff.
I didn't have network and IT.
Every company's got to have that. four-year systems, but I don't know, maybe I can help.
So it just helped out and it allowed me to get more insight
in how they run things and just more exposure to how the artist works, right?
Because that allows me to just kind of figure out,
there's a lot of things I would experiment with,
but I never found my medium, right?
As an artist, right?
I've gotten to music, I'm not that great with music,
visual arts, not that great with that.
I mean, 3D printing's everywhere now.
Yeah.
And so you were at the forefront of this?
You were on the, I mean.
So I wasn't doing anything besides the security for them.
It's just kind of, even if I didn't do any work for them, I mean.
I mean it was everywhere at the time. It was like in Wired and all these other places.
Everyone can print a gun now, regardless of laws.
That was kind of the message going around in the press.
This was also kind of another pivotal time when the NSA Ant catalog.
So Snowden happened around the same time.
This is often incorrectly misattributed to him,
but there were a lot of leaks that happened around that time,
both with and without Snowden,
that kind of opened my eyes to the level of games
and just technology happening in computing.
Yeah, I mean, I already knew a decent amount of it, but the Ant catalog, level of games and just technology happening in computing.
Yeah, I mean, I already knew a decent amount of it,
but the Ant catalog, man, that had, it was just like,
you know when you're growing up and there's like the spy tools
in the back of the magazine, you know, disappearing ink,
and you know, all those things.
This was like that on crack, dude.
It was like, they had a malicious cable in there.
This, hey, what was it?
It was leaked in 2013.
The catalog was dated 2008 and they were announcing
in 2009 they would have these cotton mouth cables
available for purchase to their ecosystem
of whoever they sell to in the NSA.
The price on those, I think it was a minimum order quantity
of 50 with a $20,000 per cable price tag.
It's like, oh wow, amazing.
But it had all these electronics inside, a radio inside, and that was cool.
And actually, yeah, pull this up again.
Cotton Mouth, this is the page out of the catalog
where it shows, it's a really chunky cable, like really, really thick hood, Cottonmouth, this is the page out of the catalog
where it shows, it's really chunky cable,
really thick hood, but they sandwich a whole bunch
of different PCBs inside of this thing.
That's stuck in my head, obviously. So what does that do? They weren't super specific about the exact capabilities,
but it had a radio, it had some ability to manipulate USB.
I mean, based on all of my reading in here,
the latest generation of OEMG cable
is basically a dead match to its capabilities
from what can be deciphered from this page.
So all the way down to like covert exfiltration and stuff like that. its capabilities from what can be deciphered from this page.
All the way down to covert exfiltration and stuff like that.
What were they using it for?
That's a good question.
What does Sheet say?
It's more of a capabilities thing,
like getting through and breaking security effectively.
I would imagine this gets implanted into spaces that are higher security. and breaking security effectively.
have somebody plant a cable, and then you've got remote access. There were a lot of other tools in this space,
like implanted video cables that you would implant on a monitor,
so you could remotely read what's being displayed on the monitor.
Lots of cool tricks like that.
Some were long-range, some were short-range,
but all kinds of crazy spy gear
that would allow impressive capabilities
that very few people in the private civilian space
even consider defending against.
Interesting. Yeah.
So what is the Ant Catalog?
Yeah, I forget if there was ever a mention
of what Ant stands for,
but it was just this leaked catalog
with all of the different.
It was a leaked catalog.
Yeah, somebody leaked it.
A lot of people say it was from Snowden,
but if you actually trace it back, it wasn't.
It was never at least attributed to Snowden.
Yeah, that just came out,
and you get to look at the amazing spy gear that is out there. that we did to Snowdin.
Do you want to pull it up right now? All right, cool.
Let's go through just a few of the pages of the Rant catalog.
Let's look at just the hardware stuff.
This is a short to medium range implant for RF transceiver. It was, this is a component that adds RF to one of the other
pieces they have in here which they call a digital core to provide a complete implant. So it's kind
of like a customizable build your own what kind of implant do you need. They put this into various
pieces of hardware. There's actually, I think it's over here, here's kind of another implant, they call this
Thief. Lux Rabbit. It's a hardware implant designed specifically for Dell PowerEdge servers, like a
specific one, uh, hooks to, uh, it's called a JTAG debugging interface. Basically, a lot of hardware
has like a debugging interface.
up to it, you've got like permanent access. Similar to what I was describing with the USB cable,
with that covert exfiltration mechanism, but this is baked into the machine.
So I would imagine the way this happens is during mailing interdiction.
So Dell ships a server over to the customer, right? And our government knows this is happening.
They grab it in the mail, crack it open,
put one of these inside, close it back up,
send it off to the intended target,
and now they've got long-term access inside there.
Even if they wipe everything, like down to the hard drives,
put new hard drives in, you can still get right back in.
They would have to crack everything open
and look at all the
Hardware to find this type of stuff really cool really cool types of implants Wow
And there's no way to know that I mean there are ways
Yeah, you had to know what you're looking for basically. Do you worry about that stuff at all? I mean
It depends.
Me personally, no.
I know the types of targets that this is destined for.
I'm not one of those targets.
What kind of targets is that?
Well, the Israeli pager situation.
Great example of like, do I worry about my pager exploding?
Like, I'm not Hezbollah, so no, I'm not worried.
Just for example, just to put a very pointed, like,
answer to a very current topic, for instance, right?
Now, there are certainly lots of gray area.
We've seen lots of gray area where it's like, wait, you're doing surveillance on US citizens
and like that generally isn't happening
like with hardware implants and stuff like that.
That's access to telcos, internet providers.
And yeah, that's, I operate very openly.
So it's not, I'm a little less concerned,
but it's more of a political and philosophical,
like, you know, when nobody's got privacy,
it changes society in ways that aren't very good.
That's where I'm more worried.
How often do you think the US was used on us
on its own citizens?
I mean, this specifically, like, would suspect. These types of things.
Well, hardware implants, let's go with hardware.
I don't know how often hardware implants would be used.
That tends to be super targeted.
Like, and super targeted also generally,
I would assume, I would hope,
means significant more legislative,
not legislative, legal oversight,
where you're getting the warrants
and all these other things.
Whereas these really wide net things,
which hardware's much harder to make wide net.
Wide nets where you can collect all the things
because you've got access to telco, phone,
internet type providers,
and you're just slurping everything up.
Yeah, everybody would then be pulled into that.
That's the kind of stuff that Snowden showed, right?
That's a different story.
That's everybody gets pulled into that one way
or the other type problems that occur.
So do you have to worry about people breaking
into your network and just causing problems in your life?
I don't, that's a complicated topic.
It's more privacy invasion at that point.
And it's like, yeah, what are we worrying about?
Are we worrying about our personal safety,
our personal freedoms, society as a whole,
and the health of it, and a free press?
Yeah, it's a very large complicated topic.
Do you think China's putting this stuff
into the electronics that we're buying from them?
I mean, not like in the sense of like consumer levels.
I mean, it depends, right?
Like-
Could it be access from that far away?
If they wanted to, anyone, if anybody wanted to do that,
yes, but the thing is doing it to just like off-the-shelf consumer stuff is a lot harder to do in terms of hardware
Implants if you wanted to do it that way, that's where we get more into the
Software level like software back doors, which we've seen in things like cryptography, right?
You know, it's positive that a lot of cryptography cryptography, right?
It's posited that a lot of cryptography backdoors
were put in by cooperation with the NSA, for example.
A little rusty on this stuff, but basically that becomes
very valuable when you're slur quickly break the encryption, well, now you can see the contents. And that's where that comes in.
And yeah, it's...
I mean, a lot of people say that that kind of hardware
is installed into our power grid.
Depends, I would say.
Well, God, I have forgotten.
I think China makes a lot of our power transceivers and stuff.
Make a ton of it.
Honestly, from what I've seen,
and the people I talk to that work in all this stuff,
I don't think physical implants are quite needed.
Like things are just not secure remotely, like externally.
Like if you don't want to, literally, I think it was yesterday, maybe. Things are just not secure remotely, like externally.
Literally, I think it was yesterday, maybe. I don't know, it's something that news that has come
over the last few weeks where our own government
is saying everyone, I think it was actually
to their own government employees to use Signal,
use iMessage, use encrypted chat, do not use text messages because China has,
they're just in all of the telco systems right now,
which means they would be able to read the text messages.
Right?
They didn't need hardware implants that I know of to do this.
Maybe they did that to get in,
but now they're in that system, right?
Like there, I mean, I've helped in environments
that a foreign adversary had gotten into
and it took a bunch of time to evict them
and find where they are.
That was done all remotely, right?
Like there's a lot of this stuff doesn't require
like the James Bond type hardware to get in.
And yeah, that's a tricky topic.
Interesting. Do you worry about it? and put it in.
Society as a whole, it's amazing that it operates.
Just levels of trust. Like one person is all it takes,
enough well-placed damage,
and whether it's security or just electrical power grids,
all these things, all of it can just tip over, right?
With just enough of a push.
And like everything's that way, it's not just security.
Yeah, so I don't know, I kind of just lump it all together
of like, this is a really good experiment for humanity.
I mean, humans have been what, on this planet for,
some say 300,000 years, right?
Like, we're living in the best time.
I don't think there's a single person
alive today who would be like, yeah,
bring me back at random more than a hundred years ago.
Sign me up.
Like that's not a good, the odds are not good, right?
Like we're the most comfortable we've been,
most well off on average across the earth in this last hundred years.
And it's a good experiment, and things are volatile.
I mean, that's kind of the consequence of freedom, too, right?
The people got to maintain it.
What text messaging app do you use?
I like Signal. Signal's great.
You know, there's a lot of rumors that the CIA created Signal.
I'm sure they did.
I mean, so, I think they helped fund it, actually.
But they helped fund a lot of things, our government, in many ways.
But I mean, Signal is an amazing tool if you're an agent as well.
Like you're going to be overseas in hostile environments and you need to communicate how
are you going to do that securely?
Are you going to use a secure tool that sends out
like a giant red flag because nobody else is using it?
Probably not the greatest thing.
It's like, hi, I'm an agent.
I don't know what you're saying, but there's an agent right there, right?
Like, I mean, obviously there's answers to that and stuff,
but it's valuable as like, oh, that's just the tool everybody uses. Signal, and everybody's answers to that and stuff,
but it's valuable as like, oh, that's just the tool everybody uses.
Signal, everybody's got that, right?
Obviously there's always trade-offs, right?
It can be used for bad, it can be used for good,
and who's bad and who's good and who's perspectives.
Yeah.
I mean, that's how we communicate via Signal.
Yeah, yeah, exactly.
Is that how you communicate with everybody?
A lot of people, yeah. I mean, I'll how we communicate via Signal.
A lot of people, yeah.
I mean, I'll meet them where they're at.
They've got different governments over them, things like that.
It's interesting. But contextually it matters, like, okay, I'm on this platform, which can be seen by these adversaries, cool.
Noted, I'll make sure I keep that in mind.
Which is kind of the whole point of the psychology.
When you know you're being watched,
changes how you behave in ways that can be negative.
If you're always being watched by somebody,
what does that make you?
How does that make you behave?
So yeah, yeah, I mean there's lots of other cool things
in this catalog like reflector, so this is for picking up
audio, this is standard picking up audio.
This is standard audio bugs, right?
Like, you know, spying on what's happening in the room.
What else we got?
Lots of cellular-based stuff.
Now this is like 10 years old at this point,
so a lot of this stuff is well known.
Really tiny implants. So this is like a, old at this point, so a lot of this stuff is well known. Really tiny implants.
So this is like a probably a VGA cable here
for like an older monitor,
which made more sense back in 2008.
Really tiny implant into that cable,
tapped to one of the color signals,
and it would allow somebody to kind of energize it with like a radio
pointed at it more or less and then receive the signal bouncing back with the
the video signal encoded in the bounce so then you'd be able to see what's on
their screen. Wow. Really cool stuff right. What do you think was in the spy
balloon that was traversing the... I don know I I haven't studied those well enough, but I mean there's a lot of amateurs that just do that like it's they'll just set up a balloon and
It's kind of like the ham radio space kind of in a way where they're just like, oh, you know
Track it there goes it goes around
Let me rephrase that question. What could have been? What could it have been? I mean, I don't know, man.
That's probably outside of my skill set and awareness and research,
but I mean, it could be used like a balloon.
I mean, I'd probably be using a drone more,
because the problem with balloons is that they're much more higher altitude,
which causes problems for a lot of electronic circuitry, Because the problem with balloons is that they're much more
higher altitude, which causes problems for a lot of electronic circuitry,
because it gets really cold and stops functioning.
Also, you've got power that you've got to deal with, so the best you can get is
batteries also start to fail at warm, which means more energy. So you're getting it from solar power, probably.
This is really low power stuff, right?
Like, I don't know, maybe just the value
of how does someone respond
to putting something in their awareness,
which is absolutely a thing, right?
How does someone respond?
Which, I don't know, similar to the drones
that are popping up and going,
it's like, I don't know where that's coming from.
Jersey had one recently, but there's lots of drones
in the sky, I'm like, I don't know what that is,
but I would love to find out and is it collecting data
or is it just seeing how people respond to unknown,
unreported drones in the sky for tactical knowledge
in the future.
All right, Mike, let's get into some of the stuff
that you make.
I know you have exploding hard drives,
you got the OMG cable,
you're making all kinds of just crazy wazoo
wizardry gadgets that I am just fascinated with.
And so where did this kind of start?
Did it start with the exploding USB drives? Yeah, I mean this kind of start?
just like a firecracker sitting inside of it. My now business partner hack five and I invented the USB rubber ducky I don't know like 15 years ago now something like that. That's does the same
Basic keystroke injection that I had demoed with the cable right where you plug it in it types something really fast
Whatever you want to control a computer or whatever you want, right? I
Wanted one of those that also exploded. So first thing I had to do
Is if you open up a rubber ducky, there's not much space in there.
It's all electronics.
I'm like, okay, how can I shrink this really tiny
so I have space for something that goes boom?
So I spent a lot of time playing with that, right?
Now I didn't recreate a rubber ducky exactly.
Like it's a really, really limited version,
like a few hundred keystrokes, really slow, done, right?
That's it, really hard to use, but it was tiny.
And I shrunk it, shrunk it, shrunk it, shrunk it,
and it's just, I don't know,
I think it was like eight by 10 millimeters
when I was done, like a pill, basically.
That left the rest of the thumb drive empty
that I could hook up with a little mini detonator
and some maybe firecracker too, and a bunch of confetti.
And I rigged this up to a keystroke injection payload
that opens a browser to an animation of Jack in the Box,
and he's cranking it, right, on the screen,
except it goes for an awkwardly long amount of time to build up tension. of Jack in the Box, and he's cranking it on the screen,
except it goes for an awkwardly long amount of time
to build up tension.
And it's going, it's going.
And then pop, the drive blows up, confetti goes everywhere. And I'm like, yeah, that was cool. I just viewed that as fun. Another type of art or something like that.
Put it out on the internet and it was like, that's crazy.
A lot of people ask me to sell that.
Now, no, that's a terrible idea for so many reasons,
liability, et cetera.
When you put something into the world
that can be used negatively, it's always worth gaming out.
Like, how bad can it go and can you prevent some of it?
Which I've done a lot with the cable.
But in this case it was just something I wanted to put out there.
But at that point I had a really tiny ducky, right,
that I could, maybe I could put it in other things.
And eventually I got the idea, probably doing my IT job, looking on Amazon for spare parts for hardware and stuff. and other things.
and realized there was enough space in them for the cables and this really tiny fake ducky, right?
Shove it in there and I get the very first proof of concept
of a malicious USB cable.
Yeah, put that out and I already told the story
about that one where it gets out there
and a lot of people like it and a lot of people wanted it.
I think almost a year goes by before I'm like,
you know what, I could make that way better.
Like, that was a toy.
Like, this is like a cool gimmick to show
like a very basic prank, barely even worked for that.
What would a proper tool look like?
And I was getting way more into like the concept
of I want to do red teaming as well,
so I'm combining those things.
And yeah, like, okay, well, I need Wi-Fi,
I need remote control to update payloads
after it's already in play,
because the idea is you can either deploy a cable,
like physically get inside,
or you could just leave it in somebody's bag,
just leave it around, and eventually, people are going to take a cable sometimes, and they'll bring it in somebody's bag, just leave it around and eventually,
people are going to take a cable sometimes
and they'll bring it in with them to the secure space.
Like, cool, I didn't have to even go in, great.
Which creates some interesting legal problems
which we can get into that I've also solved.
But that kind of is just how it kept evolving.
And then at that point it's like, okay, this is a real tool. But that kind of is just how it kept evolving.
And then at that point it's like, okay, this is a real tool.
At the time I was thinking I should do this in a way that I just make it open source
and everyone can make their own.
I thought about that, right?
I was prototyping this cable, this new one,
on a desktop mill for cutting PCBs.
I was pushing the limits on this machine where you can mill a PCB.
So a PCB. Like here's a complete product. This is a Raspberry Pi, right? When I say PCB, I'm talking about just the green part here.
Okay.
That's just, it's basically a fiberglass and epoxy
with a thin layer of copper on it
that gets turned into traces
and that connects all of these components.
This is the black thing there, that's a component.
And all the little things you see on there,
they're soldered on.
It's components with copper traces connecting them together electrically, right? That's a component and all the little things you see on there. They're soldered on its
Components with copper traces connecting them together electrically, right? Okay, so I used a mill to kind of cut out the
copper traces and I would assemble in
You know my garage lots of different test versions of what this cable could look like and I got the idea
You know kind of going back to the defense distributed concept, where, oh, open source
is this, people can make it on the desktop mill,
you know, go that direction.
What I learned over the eight, 12 months of revising
and revising is it's really hard to do this.
Like, DIY was just not in the cards.
Like, nobody was going to be hard to do this.
DIY was just not in the cards.
Nobody was going to be able to do this.
I'm like, okay, well, let's throw out the DIY.
I can just turn up the complexity. There's PCBs with two layers, like copper on each side, right? That's the common one.
times a crazy X-ray inspection and stuff to do this. So I'm like, okay, if I can use that, how far can I go?
And that kind of is how I evolved into making a more
and more and more complex cable that is like the latest
generation OMG cable that does all of these different things.
And yeah.
Very interesting, very interesting.
So how did you go, so you went from the exploding USB to the, what do you call it?
What do you call the USB?
The exploding USB?
The other one.
The OMG cable?
Yes.
Yeah.
I just, OMG cable.
But there was a hard drive, there was a USB cable that did what the, or the USB drive.
Oh yeah, so I guess I just kind of call it like early prototype tests. But there was a USB cable that did what the UMG did.
I guess I just kind of call it early prototype tests.
I was referring to it at the time as bad USB cable,
which is not an accurate description.
It was more of a nod to some research at the time that was called bad USB. we would take an actual thumb drive.
There's a few old, old thumb drives
that you could take and reprogram the controller on it
and actually do keystroke injection, among many other things.
It was also a worm that would replicate to other thumb drives you would plug in. to market?
I know you, I'll give you some of these things. But it became clear I had to start scaling up.
The first batch of prototype OMG cables,
I think it was 2019 I brought as many as I could,
it was like eight or 16 hours per cable, and 50% of them were failures, which is terrible.
When you make something, like the electronic product,
usually you get like 95, 99% yields,
which means 1 to 5% are failures that you throw away.
These things were so hard to self-assemble
that I was throwing away 50% of what I made,
so that automatically doubles the amount of time invested to make a cable. of assemble that I was throwing away 50% of what I made.
So that automatically doubles the amount of time invested
to make a cable.
So I'm doing 16-ish hours per cable to make them.
16 hours of cable? Silly. So I was kind of hitting my limit of what I could accomplish with the time I had. But I need to learn how to delegate this outsource
manufacturing assembly,
because I was also doing this hand placing things.
You go to an assembler,
so there's a couple steps here.
So I'm going to run you through basically
the manufacturing pipeline that I slowly learned
is important here.
But first, hack five.
It's really important to mention hack important here.
But first, Hack 5. It's really important to mention Hack 5 here.
So USB rubber ducky, already mentioned. That's Darren Kitchen.
That was his baby invented about 15 years ago.
He's got so many other things like the LAN turtle, the Wi-Fi pineapple. pineapple, just packets.
What are these?
Exactly, right?
So all of these are different kind of like hardware implants or hardware tools for, they're multipurpose but often used for offensive security.
So like the land turtle is like a network implant that can control a computer but also like sniff up network data, just do malicious network stuff.
What else? Wi-Fi, pineapple.
This is a little box, antennas on it,
that allows you to do network attacks, right?
Really cool stuff.
Network-based, so Wi-Fi attacks.
You can break into Wi-Fi, you can...
They call them like man in the middle concept. Like you can break into WiFi, you can,
they call it like man in the middle concept.
I like to refer to it as mischief in the middle.
But basically, you know, you've got your device here,
and like the wireless access point here, right?
They're talking.
But you bring in a WiFi pineapple,
and it can kind of intercept in between.
There's so many different ways you can do this.
There's no one single way.
It's lots of Wi-Fi based tooling.
Another example, it's not so much relevant these days,
but you know when you connect to like your free
Wi-Fi access points, coffee shops and stuff,
your phone remembers that.
Typically you've told it to remember that usually.
So next time you arrange it's going to automatically connect, right? Your phone remembers that.
that I know that one, let me connect to it, right? There's just so many different attacks
that I couldn't possibly run through all of them.
There's so many different approaches to security.
There's the network, there's the wireless, there's near field communication with badges and things like that.
Totally different tools, totally different specialties
and focuses, like the badge readers you don't think of
as computer security for the most part,
it's just building access, right?
But that's all one whole thing.
When you're doing proper, complete security awareness
and testing.
Well let's take a quick break. Yeah. When we come back I want to get into what is
the actual OMG cable. Oh yeah, good point. Perfect.
You sign up for something, forget about it after the trial ends, then you're charged month after
month after month. The subscriptions are there, but you're not using them.
85% of people have at least one paid subscription going unused every month.
Thanks to Rocket Money, I can see all my subscriptions in one place
and cancel the ones I'm not using anymore.
And now I'm saving more money.
Rocket Money is a personal finance app that helps you find and cancel your unwanted subscriptions,
monitors your spending, and helps you lower your bills so you can grow your savings. Rocket Money's
dashboard gives you a clear view of your expenses across all of your accounts and keeps you informed
with alerts if bills increase in price, there's unusual spending activity, or if you're close to
going over budget. Rocket Money will even automatically scan your bills
to find opportunities to save and lower your bills.
Then you can ask them to negotiate for you.
They'll deal with customer service so you don't have to.
Rocket Money has over 5 million users
and has saved a total of 500 million
in canceled subscriptions,
saving members up to $740 a year
when using all the app's premium features.
Cancel your unwanted subscriptions
and reach your financial goals faster with Rocket Money.
Go to rocketmoney.com slash SRS today.
That's rocketmoney.com slash SRS,
rocketmoney.com slash SRS.
Calling all sellers. Salesforce is hiring account executives
to join us on the cutting edge of technology.
Here, innovation isn't a buzzword, it's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world
what AI was meant to be.
Let's create the agent-first future together. Head to salesforce.com slash careers to learn more. showing the world what AI was meant to be.
All right, Mike, we're back from the break.
We're talking about the omg cable but you know we need I want you to discuss and talk about exactly what what it is that the
omg cable does and
And show us an example and and for those that are listening if you go to Mike's everyday carry does a
Phenomenal job at it actually showing what it does real time
on computers, on phones, it's fascinating.
But go ahead and give us the, you know,
show us what it is and, and, and,
and walk us through what exactly it does.
Yeah, definitely.
Let's pull one off.
The visual.
There's a good one.
So,
OMG cable right looks exactly like one of the many USB cables you've got
And if it doesn't I got a whole bunch more here to guarantee it does here. Yeah, pull that. Oh, let me see that
Yeah, so it's got a whole
a whole line of them. Yeah, and
Yeah, so it's got a whole line of them. Yep.
And I got the complete set.
Yeah, you did.
Watch out.
But yeah, so what is, so each one of these fit
a different phone and or USB drive?
Yeah, I mean, so basically think about like.
I should say.
Yeah, I mean, think about all the different,
and think of it as camouflage, basically.
It's like, what's the environment?
Do they use white cables?
Do they use USB-A, USB-C?
Is it a Mac shop?
Cool, they're gonna have lightning on one end, maybe,
if they got the older phones.
If it's newer phones, cool, USB-C.
And it's really about blending in
to fit what's already in place,
so you could swap it out, or you can do other things.
There's a lot of different approaches
and techniques you can have when you have a device
that is physically invisible
and just hiding in plain sight.
So that's the physical aspect of it.
And that took me a huge amount of time
of shrinking down the components,
which I will describe in just a second, And that took me a huge amount of time
a year, basically. light up and it'll connect back to you. There's so many different ways you can configure it, but this wireless connection allows remote connection into the cable, get a full web UI in your web browser,
right, whether it's on your phone or laptop.
It can even connect out to the internet and you can
connect to this thing from anywhere on Earth if you
do it that way.
What's it do though?
You got control of this wirelessly.
The main thing... When you say it can connect to the internet,
does it bypass passwords?
No.
You still got to have a wireless network
it can connect to,
or you bring one in.
If I open the iPhone right now
and looked at all the wireless networks,
I bet there's probably one in there
I could connect to.
If not, are you going to notice a free coffee shop
Wi-Fi nearby?
No.
Why not?
For instance, right?
Flexibility is the name of the game with this.
There's no one way to use it.
There's so many ways because in a Red Team scenario,
you don't know what you're up against,
and you're going to need some options to circumvent a problem.
But yeah, still, what does it even do?
You're connected to it, but it primarily emulates a keyboard. But yeah, still, what does it even do?
You're connected to it, but it primarily emulates a keyboard.
It says, I'm a keyboard, and it types really fast.
So what does that do?
Literally anything I could do sitting at the computer at the keyboard. So whether that's implanting malware or whatever it may be, right?
That's kind of the basic functionality of it.
But, I mean, it's not it.
USB cables can often connect a keyboard to a computer
when you're sitting at a desk.
Swap out that cable, and this can now intercept the keystrokes,
which is really good, just like one classic use case is,
if the machine is locked, I mean,
you can type all you want, but you're at a lock screen.
You need to get past the lock screen.
What do you need to get past the lock screen?
You need the password, right?
How do you get the password?
There's a lot of ways.
I mean, you could call up the person
and effectively ask them for it by saying,
I'm IT or something like that.
But if you're deployed between a keyboard,
you can just pull it right off the lines.
They're going to type that password every single time
they log into the computer.
You remotely see that, you rebuild a new payload
that maybe when they go to lunch in the evening,
when you know they're not at the machine anymore,
it's just going to type in that password, automatically unlock the machine,
and then do all the nefarious things you want it to at that point.
So you just have full access to the computer?
Yeah, at that point, yeah.
You can see everything, you can access anything,
so long as you capture the password from the keystrokes.
Yeah, not so much seeing, not, well, there's a lot of, it depends, right? to capture the password from the keystrokes?
It depends, right?
Not at this stage.
So as long as you know what OS it is or something like that,
that's all you need on a desktop.
I know if I hit command space, it's going to open up
Spotlight on a Mac, and I can open up Chrome and then go to the address bar, do some things.
For example, that's a very repeatable series of keystrokes, and you can do them
really fast once you know it, just for an example. All right, so that's that's the basics of the very core functionality and then you you combine that with key logging and suddenly
You're you're getting a bigger picture here, but there's also other I want to go down. Yeah. Yeah, I'm a I'm a dummy
What's it? Yeah, let's go deep. So yeah, so what would you so now?
I didn't even understand that to be honest when we did the EDC pocket dump. So basically
you're, so in that little window you said there'll be a window that might pop up for a second.
Oh yeah, so you see a little window blink, right?
That's basically your terminal in that case.
There's a lot of things I could do,
but in that case on that, I think it was,
So you could put some type of a Trojan horse
or something in there and implant it in the
computer like very...
Exactly, right.
Through a series of keystrokes.
Exactly.
And then if you detect the Trojan on there and you remove it, and the cable's still in
play, which is designed to be, just put it right back on.
No shit.
Which is absolutely a thing that has happened with a bunch of my customers that they have to be, put it right back on.
when you put it in the computer? however long you want, and then run a payload.
Is the payload the actual keystroke?
Yeah, exactly.
There's ways of typing out.
If you've got a small executable that you want to transfer over, There's a couple ways to do that.
We can do some fun stuff. So you could send somebody an email
and with a downloadable whatever.
Yep, that's one way. Yep.
And then plant that cable on them.
They plug the cable in.
It does the keystrokes automatically to open Chrome,
log into their email, download the thing.
Yeah, that's one way. Yep. Go to the downloads folder, download the thing.
Go to the downloads folder, download it, then you're in.
And it all happens within a couple of seconds. a hardened target where they're not susceptible to that, they're unlikely to do it. I'm like, okay, well, let's get a cable that'll do it for me.
As an example, right?
This can also do mouse movements too if we need.
Lots of control there.
And yeah, you can also, yeah, so the malware, right?
You can download that.
You can download that.
you type that same text out in the notepad and save it, it's that executable.
So I can type that back into the computer
and boom, there's the executable,
which is something we've done quite a bit
in environments where they're checking
what is being downloaded from the internet.
Okay, you're looking at the internet, cool.
I'm going to just type this little piece of malware
back into the computer.
Lots of cool tricks you can do like that.
Wow.
And so there's other aspects of this too. So key stroke injection, mouse injection, I showed you the key logging.
Oh, you were asking about the ways of triggering it. So I showed you remotely I can click go. We can have it boot up and go. There's also what I
refer to as a geofencing. Basically it's got wireless in there so it can just
look at the nearby networks and figure out where it is and where it isn't. And
you can trigger or block things on that. And there's a self-destruct function
where it'll erase everything on it. Now, it sounds super nefarious,
but it's actually prompted by legal.
A lot of places have strict controls.
So with the USB rubber ducky does the keystroke injection.
It looks like a thumb drive by Hack 5.
That's my business partner.
They invented that 15 years ago-ish.
What they would do is you could put like salaries.xls on it.
So it's like, oh, that must be the company salaries
and litter it in the parking lot, right?
That's one way that people would be convinced
to pick it up in the parking lot, bring it inside,
plug it in, see what's on it, right?
And boom, they've just infected themselves with malware,
right?
There's a downside to that,
which is depending on how bad that payload is,
if you're a red team,
you're an employee of this company.
You've got malware sitting on a loose object
that anyone could pick up and bring it home,
bring it into another business,
and now you have just infected another business.
That's not ideal. So certain environments, their legal team is like, no way. You put
geofencing on this, you have a payload where it boots up and just says, am I in the office? Is
the corporate Wi-Fi present? Cool. If not, completely wipe everything. Are you shitting me? So you...
Cool. If not, completely wipe everything. Are you shitting me? So you...
Wow.
Wow. So it knows where it's at.
Yep.
And where it isn't.
Holy shit.
So this scan right here, this was done by Lumafield.
They've got a CT scanner, which is basically an x-ray scanner that takes a lot of X-rays,
little slices across a product, and then assembles it into a 3D object. So Lumafield, I actually just did some work with them to sit down and talk about their machines. They're
used for all kinds of things. Manufacturing inspection, but also starting to get into
like a lot of security stuff,
Wow. And the cool thing is, let's see if I can turn this.
There it is, that is the whole internal
and lots more components kind of on the back.
You can use this to step through every layer
and just see literally every little detail about something.
So if you got untrusted hardware for instance,
that scanner would reveal all of the internals.
In this case, it's just really cool and it shows off,
here's what's inside my cable, all the magic.
You gotta get that framed.
I think I'm gonna, it's a beautiful scan.
That is very cool.
Yeah, they have done a lot of work to
kind of democratize
the access to CT scans.
CT scanning machines are normally just industrial machines
that's really hard to use and really expensive.
Like we're talking like a million plus dollars
for machines, roughly.
They do a subscription where it's like the cost
of a maintenance contract.
And they did some amazing stuff to make it super usable.
Like you can see me turning this.
It's super easy to use the outputs and set it up.
And they did something magic.
And I don't know that they communicate this,
but the sensor in a X-ray machine normally decays
and you have to replace it.
They've somehow made like an eternal scanner.
So that reduces the cost as well, which I don't know. I'm completely obsessed with your technology right now. They've somehow made an eternal scanner
which I'm completely obsessed with their technology right now.
Sorry for the momentary splurge on that.
Who are your customers?
Me, personally, I've got one customer, Hack5. And we can probably go into the story about how we met.
But basically, when I was making these things by myself
and I needed to take the jump into manufacturing,
I had a lot of bad experiences, but Hack5 was amazing.
They're like, let me just kind of show you the ropes, right?
Like manufacturing, running the ropes, right?
Like manufacturing, running the business, all this stuff.
Darren has been great to me.
So I sell all of my stuff to him, and all of my products are available on Hack 5 as a result.
They take care of who gets it. they just will not ship to.
and primarily red teams. There's lots of red teams in the private space,
you know, Fortune 500s, military, industrial, government,
all have their own equivalencies to that.
And again, the red team is where you are emulating
what an actual attacker does from end to end,
penetrating to the, getting into the company,
and all the entire chain of hopping around
and getting to the crown jewels, pulling those back out, that that is red teaming. And this is used a lot there. So I have a lot of customers who will also reach out just for advice on how to use the cables or maybe they've run into a situation like that legal constraint, like, hey, this is cool. but like, oh yeah, cool, let me just fix that
and solve that legal problem.
Now I don't know like the full scope of what they're doing,
but it's like, oh, here's a problem.
I can solve that for you.
There's, yeah, every, they are the people I've talked to
and now I know a lot more than I can talk about here,
but there are plenty of people who have said,
yeah, you're going to Sean Ryan,
go ahead and you can talk about it this way.
Couple people.
Who are those people?
Yeah, so.
Is it my former employer?
I mean, possibly.
So I don't know that level of detail
and don't really want to,
but as long as they're part of the okay entities.
Are there any okay entities? Yeah, I know exactly, right?
That's a whole other podcast.
This is going to be defined on who is or isn't going to put me in prison.
So that's my definition of good in this scenario,
is keeping those people happy.
But to be clear, there's another advantage here,
which is some of these places are critical infrastructure
that they work at, or are tasked with securing
or improving the security.
So we all benefit from that.
I don't want a place that has some form
of nuclear material in it getting compromised,
because the people who want to compromise those places are probably looking to hurt me
in some way, right?
So let's help them.
So the other feature kind of added to these cables recently
is we call it HIDX Stealth Link.
It's kind of the branding of it to explain what it is.
But ultimately, still acting as a keyboard,
but now it's got bidirectional data transfer.
So like a network interface,
but without ever showing as a network interface,
you can send data back and forth between the computer,
and it just looks like a keyboard to the target system.
This was used by quite a few people
in a lot of environments, but in this case,
the critical infrastructure was not looking
for this type of exfiltration technique
and it worked really well, got them in
and they achieved their objectives
with this critical infrastructure and got it fixed.
You know, I was told that my name got put into a report
that I will never have access to,
but that's extremely cool. It's like, cool, I name got put into a report that I will never have access to, but that's extremely cool.
It's like, cool, I got my name into a report
to fix some critical infrastructure
with a technique that we developed with my team.
And honestly, I'd love to pause
and even talk about that team
because while I make the hardware
and the manufacturing to run the business,
all the tricks this does heavily about
the actual firmware
that runs on this and that requires multiple people
to pull off.
Let's talk about your team.
Yeah, so there's a couple pieces of this,
but one guy's retired and just loves working on hardware.
Prior to this, I mean, he did a lot of things,
but prior to this, he was working on the firmware
for police body cameras. So
Very interesting background there another guy is blind and he does kind of the the UI you see kind of poetic
He's the blind guy is in charge of the UI. He's got a lot of what is UI
Yeah, so the the visual interface when you open it up in the control panel and you got all the buttons and stuff in there
Are you hold on? The visual interface, when you open it up in the control panel the IP address, you get a web page, right?
With all the buttons on it that give you the controls,
you can view the key logs, open the hundreds of payloads
you can save on here and run them, all that's purely visual.
It doesn't have to be, you can automate it, but yeah, it's primarily visual and it allows all the cool controls to happen.
Got another guy who, in education,
and a lot of them are familiar with the government contracting spaces as well.
It's a fairly small team, but they've been along for the ride the whole time
and just constantly interested in picking up challenges. challenges and like the way the keylogger works on here is like that's not supposed to be possible
How did you get this word out? How are you marketing this?
Ha that that's a really good question actually is I have not done any marketing yet. This thing kind of has its own legs, which
But I could imagine but I mean what was the first thing like how did I?
Put a I think I just put a video out
Video of like hey, like I made this with my put a video out.
A video of like, hey, I made this with my mail,
check it out, here's what it can do.
And then it just took off.
That was mostly in the InfoSec space, the hacker community and the security professionals.
And at some point it just kind of goes outside that bubble
because it gets enough traction.
Like Vice took it, Forbes took it.
There's so many different high profile.
This has been in Forbes?
Oh yeah, this has been in Forbes a couple times.
Look, Bob, I made it to Forbes a couple times.
Look, Bob, I made it to Forbes.
It's been pretty wild.
I am at the point, though, where I am starting to think about
focusing purely on this because it has just become this awesome monster that takes a lot of my time
as well as running Red Team as well.
So that's probably something I'm going to be pivoting into
very shortly and focusing on that, helping the team
and seeing what more we can do.
Probably going to relax for a bit though.
I'm tired.
How is business?
Is it going well?
It's very good.
So I'm probably long overdue to jump.
When do you, what do you think you'll grow into with this?
I have no idea.
That's what I've, I've never had a plan ever on any of this.
It's just what's the thing and the opportunity at the moment
and how can I play with that in an interesting way?
Which, you know, there's a lot of things why you would want to plan in business, with that in an interesting way.
There's a lot of things why you would want to plan
in business, but I don't know, maybe eventually I'll have a plan.
Do you have any fear about this being on the market so available?
I mean, it's been five, six years now, and I'm very proud of the result of it, with all the places where it's been fixed, in the very low abuse scenarios.
We're very intentional when we think about,
okay, let's add a feature to this, but let's figure out
who wants this feature, who's going to make use of it.
For instance, the number one that I want to avoid
is like stalker words, boss words, stuff.
People look at this and they're like, oh yeah, I need that for that.
I'm like, no, I'm going to make that hard.
Like that's not as valuable to a red team professional.
I like, we're trying to get into corporate infrastructure.
We're trying to do like oceans 11 shit on like a fortune 10
or something like that.
Like this would be so easy to plant
in any government facility.
Yeah.
I shouldn't say any government facility, but it might be, it's been a while since I've
been to a SCIF, but they seem to have a pretty good gauge on what's going on.
But I'm talking like DC, Congress, Senators, politicians.
Those types would be, it would be a fucking joke just to, you could hand them out.
Yeah.
And they'll use them.
So here's the thing though, is that's the other aspect is there's a lot of very detectable
defaults. That's the other aspect,
effectively out of the box, right? Hopefully you're at least checking that.
Yes and no.
So here's the thing, is the people who are that low on the bar of security,
I don't need these to get in. I just pick up a phone, I send an email.
That's that sweet spot where it's like,
you map out all the desires, the capabilities, and the threats,
and the negative consequences, and just thread the needle to get just that sweet spot.
We spend a lot of time thinking about that, but right now I just point pointed the last five years of like, look, the results.
And that way, you know, I can talk all day
about how much intent we put into it,
but the results are far better than the intent
in terms of convincing somebody.
Another thing, so I think I showed you,
these should actually shift deactivated
for multiple reasons, which you can imagine.
There's a little, call it the programmer,
it's kind of a firmware tool.
So you plug this into your computer to activate it, right?
This doubles for multiple other things.
So if you do like a self-destruct on it,
you recover the cable with this if you wanted to.
You have to get it back out of the field, but self-destruct will it, you recover the cable loop with this if you wanted to. You have to get it back out of the field.
But self-destruct will just put it into a neutral cable that's just not harmful at all.
Really good if you can't pull the thing back out of the field.
You want to neutralize all your stuff.
However, if you're Blue Team and you've found this,
you can also use one of these to dump every bit of firmware that's running on here,
which will include payloads and all this stuff. So as long as it hasn't been self-destructed, You can also use one of these to dump
of approaching. So it's meant to be holistic for security, not just purely offensive use. But it's really about raising the bar, basically.
Interesting. I mean, when I look at that, you know, I've always heard, you know, I've
always heard RIT guys always telling us, you know, don't be buying shit off Amazon if you're
going to get, if you're going to get an iPhone cable, get it from the Apple
store, not from Amazon. If you're getting Wi-Fi extenders, go from the manufacturer,
not some shit on Amazon. It's trying to put the shit into our ecosystem.
I doubt it. So these are highly targeted. So it's kind of...
Things like this.
Yeah, exactly. But I think it's good to think about it. Let's step back to a different type of crime.
Pickpocketing versus Ocean's Eleven bank job, right?
This is more on the bank job, whereas pickpocketing, that's what you're more likely to experience
as just a random individual.
That's going to be more equal to like fishing emails, like really low grade commodity malware type stuff
that's delivered over email.
Like the risk of physically delivering this stuff is too
high or in the case of like, oh, we're going to contaminate
the shelves effectively online or not.
That's so high cost and so easy to find.
That's like some, you just need one person to detect
that this happened and we'd all hear the news story.
This is, which kind of reminds me of that Bloomberg
grain of rice story, right?
Which was complete bullshit.
My friend Joe Fitzpatrick is a great guy to talk about this. But basically
there was this Bloomberg news story that a little grain of rice component was found implanted
in a bunch of servers, right? And it just doesn't make sense, which is why that story
didn't make sense because there are so many other ways of approaching that, that are way
less detectable.
There's anybody like how do you control where that goes?
It's very hard to control where implanted hardware goes and if you don't have control,
anyone's going to find it. I think like the closest you can get to that might be that Israeli
Pager story where they had to create a fake manufacturing plant
to develop these things.
And that is how they controlled where it went.
Hold on, I'm not familiar with this.
Ah, yes.
Going into this?
Yeah, yeah, totally.
This is the Israeli pager story
where they blew up all the Hezbollah guys.
Yes, exactly.
So thousands of pagers.
I think it was a batch of 5,000 and 4,000 went out. So yeah, a lot of pagers.
I think it was a batch of 5,000 and 4,000 went out.
Basically what they did is set up a fake manufacturing company.
I think they had their own manufacturing plant and everything.
They licensed a legitimate model of pager from a legitimate company, well known.
This is a typical relationship for a lot of hardware.
You just license it and you sell it.
And then you're like, yeah, put my name on it.
Depends on what it is.
Obviously Apple's going to do their own thing.
But we're talking pagers, right?
This is like 30 year old technology here.
So they did that.
They even went as far as getting a bunch of random customers and gave them good pagers. technology here.
They even went as far as getting a bunch of random customers
and gave them good pagers, but then they got their Hezbollah
client, and I'm always curious about how they did that.
They got their Hezbollah client and they made exploding pagers for them. They put high explosives in part of the battery and a detonator in there. And basically it was configured
to explode, detonate this thing, after a specific message
was sent to the pager. And the way pager networks work
are all broadcast, so you can send one message that goes
to all pagers in the network, which is probably what they did. Anyway, this was in play for, I don't know,
I think it was like one or two years.
Like these were out there and slowly going through,
you know, the IT operations of,
hey guys, we've got new hardware
and slowly sending them out to the field.
I think they were encrypted pagers.
It was funny in some ways that this
Pager focus was entirely because they knew their cell phones were compromised I'll start using pages or maybe as the walkie talkies I forget but they were moving away from one comms to another to avoid
Surveillance and as a result they get explosions
But that's the kind of like level of control.
Like if those got out to someone else,
which I mean there's still opportunity for that.
Like they're not watching one pager
go from hand to hand to hand.
Like it's like, oh, we deployed it to Hezbollah
and it's reasonable to assume that this level
of dissemination with this marginal error
and other people touching them and you know,
they probably did the math on that, right?
I didn't.
But that's kind of a good example
of like how far you can go and like the risks of discovery.
Stuff like Stuxnet.
Stuxnet's another good example of,
I think it was the Iranian enrichment facilities
where, oh, I can't remember the full story here,
but there was like a thumb drive with a worm on it.
And it got in, basically it got carried
into this enrichment facility
and it would damage the part
of the enrichment machinery, right?
But didn't do it all at once.
It would randomly pick one or the other because you don't want to be discovered, right? If't do it all at once, it would randomly pick one or the other
because you don't want to be discovered, right?
If you did it all at once, you're like,
oh, something's up.
It's like, oh, one went up, whatever, it must be bad, right?
Like, there's like the psychology of making sure
it doesn't seem like it's something to investigate.
It's like, oh, bad machines, it must be bad process.
So I kept doing that and eventually,
I can't remember how it got discovered,
but there was an issue where it started spreading around
elsewhere, like the worm or something like that,
and somebody noticed it, I think.
I can't fully remember, but there was a discovery event
because it kind of got too wide.
And once it's discovered, okay, now you can defend
against it, now you can find them in the wild.
And the moment somebody found anything in our stuff,
they're going to tell the world, like, hey, look at this cool thing I found.
I'm a security researcher.
So that said, on the flip side, there's plenty of places we don't look.
Most of the stuff you find in there is just vulnerabilities.
Like, oh, I didn't think there would be a hole on whatever,
some aspect of a product.
Like, oh, if you just log in 10 times and do this,
you get in, you bypass everything.
It's like, wait, what?
You do what?
That's the type of stuff that's typically,
well, nobody thought to try that.
So yeah, it really depends.
Physical implants are much easier to discover
because I mean, they're physically there.
You can't revoke them.
You can't be like, oh, self-delete.
It's there.
Not counting the Patri situation,
it's a different type of delete,
but you know, delete in a way
that doesn't leave the evidence around.
Yeah, yeah.
I'm like, what's in your head, man?
What's next for you?
I don't know yet.
I'm just gonna-
What are you thinking about?
I have been focusing more on personal stuff,
just like hanging out with my kids,
spending more time with them while I got the time
and they're growing, you know, once 14, so, you know.
You can shut it off.
No, yeah, so learning how to do that is part of it, so.
I haven't learned how to do that.
Yeah, it's.
When you do, let me know.
It's hard.
Because you love this.
I can tell this is your passion.
Yeah.
You're moving into this full time.
This is going to be your full time business.
Yep.
Give me a snapshot. I mean, here. What are some of your ideas? Here's an example. you're moving into this full-time, customers were enjoying the firmware so much
Are you familiar with USB data blockers? No.
So, it's a commonly recommended secure charging mechanism.
You're like, oh, I can't trust the airport charger or something like that.
You're like, well, get a data blocker.
Can you trust an airport charger?
Mostly. I mean, I'm personally more concerned about the quality of the electricity
coming out there frying my phone
than I am about a data situation,
because going back to the discoverability,
you put something in a wide space like that,
once it gets detected, you hear about it,
we've not heard about it.
And especially in a secure space,
like all the airport locations, everybody's on camera, right?
Like, good luck.
It would be really hard.
There's advisories that come out
and I think the FBI was doing them.
They get a lot of flack for that
because there's no like proof it existed,
but I don't know.
Like I don't have the intelligence they have either.
So I mean, there the intelligence they have either.
There's things you could do.
I also don't consider my creativity to be all inclusive
in all ways, you can do something negative.
There's plenty of people with different motives and minds than me.
We'll see, it would be a cool story.
But yeah, data blockers.
I'll put one of my things in a data blocker.
I just thought it was funny.
But just as an example, just kind of chase that a little bit. Do you have any wazoo crazy inventions that you're that that you're dreaming up?
I've done a lot with on the manufacturing side. So I've had to invent so many tools and mechanisms
Both for crea creating these cables which turns into their own products
Because you know, I'm teaching other people how to use them and breaks and I got to do support for those
Products and you know, they're their own PCBs and everything's you know, those products. It's a hardware product with its own firmware,
just to test these cables at multiple stages.
So I'm still packing these at home with the kids,
and the envelopes, right, I got to label those. I guess really annoying over time.
Klein bottles. I think he lives in Palo Alto, a small place. He runs distribution entirely out of his house for that.
So under his house, he has built
an entire robotic warehouse system,
like drives the thing around, pulls the stuff out.
I think that's cool as hell.
And it goes back to the old school hacker mindset
of just doing that.
That kind of stuff just doing that.
That kind of stuff just catches me and I'll be like,
okay, cool, I want to do as much manufacturing in home as I can.
Because A, my stuff is really small, but also let's just see how far I can take it,
how much more I ship with.
So you know which ones are bad.
I've redesigned it like six times so far.
I just want to see how much further can I take it.
Yeah.
So are you manufacturing these yourself or?
It's a mix.
So the process for it, I'm going to go back to this PCB as a reference here, or? And then that gets shipped to another place
And now, once it's glued to the board, here's one of my implants,
and we can get some close-ups later,
but here is...
That's one of the implants.
That's the size of it.
This is what goes in the little USB thing.
Yep, inside the boot of the cable, basically.
This little bitty-ass thing...
connects to the Internet.
Yep.
Wow. Why the fuck is my modem so big? connects to the internet.
Wow.
Serious, man?
There's a lot of compromises to make that happen.
If you were not size constrained on that, that would be 10 times bigger because it would be so much easier to make with 10 components instead of two or whatever.
I forget how many I have in there, I think I got like 12.
But, you know, times 10 the components
is normally what you'd see.
So that creates the need to do a lot of creative engineering
to compromise and get small.
But at some point, I'll show you here,
I'll just show you the rest of these.
Here's that little one with the USB-C end on it.
And here, USB-C A.
So that's kind of, you know, okay, components are on there.
You know, one shop did the green PCB.
One shop put all the components on there.
Cool, well, that's what I got right now, right?
It's not a cable yet.
It's another shop, going gonna help integrate that into cables.
And,
so this other shop's gonna integrate it into cables
to some extent.
There's still unfinished work to do, unfinished testing.
Then,
and if it's the woven cable, there's another factory
that has to do special cutting and crimping
and searing of the ends so it doesn't unravel.
Anyway, so three, four factories later,
ships over to me, I'll do the finishing work on them.
Sometimes it's closing the actual cables up,
but at a minimum, it's testing everything,
calibrating them, putting that initial firmware on there,
tons of QA and QC work, packaging, shipping it off to the Hack 5 warehouse.
Wow.
So where do people find this product?
Yeah, so two places basically. That's my primary website.
Or you can go to my business partner.
It redirects to my business partner effectively,
which is hack5.org.
And all of my products are up on their site.
Wow.
That's incredible, man. That is incredible. Fun stuff, man.
Fun stuff, man.
If the agency's been in touch with you to come work with your science and technology department?
I'm not sure I would know.
There's been a lot of interesting challenges too. I mean, I'm saying, you know,
that's actually not a joke, that's a-
Oh yeah, totally.
You know? Yeah.
Fairly, very sharp guy, very inventive, very impressive.
I'm happy to help all kinds of people
secure their environments, so.
Yeah, I mean, they know where to find me.
I'm sure they do.
Let's see.
Oh, you know what another thing might be interesting here
is this kind of kicked off right when the pandemic kicked off.
It's like, you know, working with the factories
had to do all that remote
and that immediately ran into the chip shortage. I saw that come in from like six months Working with the factories, had to do all that remote,
and that immediately ran into the chip shortage.
I saw that come in from like six months before everybody else did.
So immediately had to figure out all the supply chain logistics,
where to find chips when they are out of the market everywhere,
hoarding them, mass, like, this is something I have put the,
Like, this is something I have put the first two
or three years of profits entirely back into production. Whether it's improving the PCB, improving the capabilities,
or storing extra components because we're in the middle
of a chip shortage so I can still make my stuff.
That was a wild time, and it felt like there was just one thing after the other
that was like, no, you can't sell these,
no, the market's down, no, you can't have access
to the chips, and just trying to find ways
of working around that.
Down to like, all these little tiny components
come in a really long piece of tape
coiled up in a reel, right?
I count those, I assemble those by myself as well.
So, you know, I got machines to count them and assemble them,
so I can just send it off to the assembler.
There are so many different facets of running a hardware business
that is like this, that is really unexpected,
and I'm just kind of learning on the fly, so yeah.
What's up?
Very impressive, Mike.
Thanks, man.
Well, I think we're wrapping up the interview,
but I just want to say, man, you are a super sharp,
fascinating individual, and what an amazing conversation.
Thanks, man. It's been fun. Very inventive, thank you. Thank you. and what an amazing conversation.
Thanks, man.
It's been fun.
Thank you.
Thank you.
And I'll be tracking you.
Where can people find you?
Oh, yeah.
I mean, I'm all over the place.
Definitely on Twitter, underscore MG underscore.
Lots of other social networks starting to form
and fall apart and whatever they may be. I'll try to keep all of that on the contact page Lots of other social networks starting to form
Cheers. Thank you. We talked to experts about saving, investing, personal finance trends. Crypto can't do it. You could have done all that research, all the breadcrumbs, and thought this company's never going bankrupt.
Foiled again.
You never knew personal finance could be this fun.
Throwing down the gut way.
I'm bringing it today.
I'm only going to be off by six figures instead of seven.
Every boy has a dream, Doc.
Every boy has a dream.
For sure.
Stacking Benjamins.
Follow and listen on your favorite platform.