The Team House - Penetration Testing Expert | Deviant Ollam | Ep. 363
Episode Date: August 2, 20250Deviant Ollam is a physical penetration testing specialist, a renowned expert in lock picking, and an author. He is a prominent figure in the security community, educating people on vulnerabilities i...n physical security through presentations, training, and books.https://deviating.nethttps://youtube.com/deviantollamhttps://defcon.social/@deviantollamhttps://instagram.com/deviantollamhttps://bsky.app/profile/deviantollam.bsky.socialhttps://reddit.com/user/DeviantOllamhttps://github.com/deviantollamSubscribe to our new newsletter!!!!https://teamhousepodcast.kit.com/joinToday's Sponsors:GhostBed⬇️https://www.ghostbed.com/houseFOR 10% off! Superpower⬇️https://superpower.com/use code "TEAM" FOR $50 OFFFor ad free video and audio and access to live streams and Eyes On Geopolitics...JOIN OUR PATREON! https://www.patreon.com/c/TheTeamHouseTo help support the show and for all bonus content including:-live shows and asking guest questions -ad free audio and video-early access to shows-Access to ALL bonus segments with our guestsSubscribe to our Patreon! ⬇️https://www.patreon.com/TheTeamHouseNew merch, patches, and stickers! ⬇️https://theteamhouse-shop.fourthwall.comSupport the show here:⬇️https://www.patreon.com/TheTeamHouse___________________________________________________Subscribe to the new EYES ON podcast here:⬇️https://www.youtube.com/@EyesOnGeopoliticsPod/featured__________________________________Jack Murphy's new book "We Defy: The Lost Chapters of Special Forces History" ⬇️https://www.amazon.com/We-Defy-Chapters-Special-History-ebook/dp/B0DCGC1N1N/——————————————————————Or make a one time donation at: ⬇️https://ko-fi.com/theteamhouseSocial Media: ⬇️The Team House Instagram:https://instagram.com/the.team.house?utm_medium=copy_linkThe Team House Twitter:https://twitter.com/TheTeamHousePodJack’s Instagram:https://instagram.com/jackmcmurph?utm_medium=copy_linkJack’s Twitter: https://twitter.com/jackmurphyrgr?s=21Dave’s Twitter: https://twitter.com/dave_parke?s=21Team House Discord: ⬇️https://discord.gg/wHFHYM6SubReddit: ⬇️https://www.reddit.com/r/TheTeamHouse/Jack Murphy's memoir "Murphy's Law" can be found here:⬇️ https://www.amazon.com/Murphys-Law-Journey-Investigative-Journalist/dp/1501191241The Team Room Reading Room (Amazon Affiliate links):⬇️ https://jackmurphywrites.com/the-team-room-reading-room/Intro music by https://www.youtube.com/user/RemixSample"Karl Casey @ White Bat Audio"00:00 - Start00:45 - Deviant's Background in Pentesting05:18 - Deviant's "Origin Story"10:39 - From Hobbyist to Professional Pentester17:04 - The First Big "Score"30:22 - History and Evolution of Safes36:46 - The Art of Safe Cracking51:08 - Biometric and Electronic Lock Security53:17 - Intelligence Services and Covert Entry1:22:42 - Impact of Electronic Surveillance on Pentesting1:25:41 - Career Advice for the FieldBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-team-house--5960890/support.
Transcript
Discussion (0)
Special operations.
Covert Ops.
Espionage.
The Team House.
With your hosts, Jack Murphy and David Park.
Hey folks, I'm Jack Murphy here with Dave Park.
You will see him over there or on the wide shot.
He looks a little lonely today because things are different.
Dimitri had some car problems.
So I am back in the production chair after like,
two, three years since I've done this last. So apologies if there's any technical issues.
Our guest tonight is Deviant Oum. DeVient has a background in pen testing, red teaming,
and physical security. A few years ago, Dave and I took a class of his at DefCon, where he taught
key impressioning. He had a whole class about cracking safes. And he also has a lot of information,
thing details about the history of intelligence services cracking into safes and how they went about
that. So we're going to talk about all this stuff tonight. Mr. Deviant, thank you for joining us.
Thanks so much for having me. This is exciting. I'm glad to be here. Yeah, I've been a fan of yours for a
long time. For viewers who might not know, because this is exciting stuff, like this is movie stuff.
And for people who might not know what pen testing is or physical pen testing, like you are, you know,
You're the analog Barbie in a digital world, right?
But you're the guy on the ground.
Can you tell us what pen testing and red teaming is, and particularly in your world?
Sure thing.
So perhaps that, you know, the boardroom technical language that we sanitize things with, we say it's adversarial emulation.
Or if you want to sound cool just at a cocktail party with your friends, my wife says, I'm professionally dangerous.
The movie style reference that you make, if some of the folk of the audience are older,
enough to remember a film in the early 90s, Robert Redford, Dan Akro, David Stratherin, and others,
City Poitiers, Lake River Phoenix. It was called Sneakers. That's one of the best illustrations.
In fact, I know the technical advice on that film, who's in the trades, right? That is what we do.
We break into places so that people can find out how secure their place is. We pick the locks,
we bypass the alarms, we mess with all the access control systems. A, sometimes I'm cracking safes.
and the customer gets to find out could a bad guy with a given sort of threat profile
get in, get out, possibly do so unnoticed,
and then we can help advise them or their colleagues and their contacts of what mitigation steps
they might want to take to change how robust their security is.
Now, is it always mission impossible coming down from the skylight?
or do sometimes, you know, and I'm asking because I know because I've seen your videos,
and if you guys have not checked out any of his videos on YouTube, you owe it to yourself.
They're all fascinating.
But sometimes is it as easy as picking up a clipboard.
Yeah, I mean, it is, you like to fantasize and say that we're all wearing the black and
you have the tactical rope gear in your climate.
But yeah, sometimes it's one step above, knock, knock, knock, password inspector.
you know sometimes you just show up when you think about though i actually think that's not a bad thing i
think it's representative of how trusting and safe much of our world is a lot of people don't have a high
that they live under people actually shows up and they have you to say the affiliate clip or they've
got some paperwork for the local media patty and they say hey uh yeah we're the meter readings
today who's your facilities director oh he's out at lunch well yeah he used to
just gives me a key. A lot of people working at a front desk, if nothing gets their tackled up,
well, that makes sense to me. This person doesn't seem like they're behaving like a threat. Yeah,
the water meter back in the utility closet, do you need to show you the way? That's how a lot of things
just get done in our world. And if you've ever, for example, had a hotel and maybe the room
wasn't under your name, you're staying with a colleague or a spouse, and you say, oh, I left something
in the room, most hotels shouldn't give you a hotel.
a key without verify well your name's not on the room but there's plenty of places out there where
if you're not behaving squirrelly and you can say yeah you know who was at the desk earlier it was a
blonde girl right was judy yeah she was checking us like well you know judy you were here
you don't look like your meth had about to steal the television yeah what room did you need again
boom our world has a lot of places where we reduce friction by doing a quick mental calculus
and saying yeah that this person you know kind of that that Gavin de becker gift of fear you're not
the hairs in your neck aren't rising.
So much of what we do is, as you described,
just look like we belong there,
have a cover story that's plausible,
and that'll do it.
Sometimes we don't have to break out
the special high-tech tools.
Yeah.
So let's roll back and start from the beginning.
We always like to ask our guests their origin story.
Like, how did you get your superpowers,
Olimb, TV?
So you, you know, you're in a very unique world, you know,
And this isn't, you know, usually we think of people who are in this world either got there by way of being with the government or against it, right?
Either, you know, a criminal or, you know, some sort of, you know, be any section of law enforcement or intelligence or whatever.
How did you grow up and what led you into this?
Yeah, the tongue and cheek answer that we like to sometimes say is that I had some of the right friends and some of the wrong friends.
and some of the wrong friends.
And the more broad answer
is that I had a healthy curiosity
about the world around me.
I didn't take a lot of things at face value.
I was raised to question a lot of things
by my loving and kind parents.
And when you have that kind of mental disposition
and you're fortunate enough to grow up
in an environment where I don't know if kids today
could grow up the way I did.
People are age, your age, my age,
like we snuck around.
We got into places we shouldn't have been.
And there weren't.
weren't just people ready to call the cops the instant they saw a teenager, you know,
in that, you know, why is he on that side of that fence?
We were allowed to kind of explore and it was, it was lower stakes.
Yeah, it was.
And doing so, you kind of learned how you could get in and out of abandoned buildings and
things like that.
And having that knowledge, it never really left me.
It never went away.
It was always in the back of my mind.
If I was staying at a hotel as a teenager or, you know, in my 20s.
I was always trying to, well, which doors go to the back of house, which go to the maintenance spaces.
I went, oh, there's pipes. There's a generator. This is, I'm not supposed to be here. And then you get a little bit older.
And you're staying in hotels or visiting big buildings. You say, I wonder if I can get on the roof. I wonder if I can get into, you know, something that's more critical infrastructure.
And you start to realize that a lot of the systems that control our world, especially access control systems, rely on things like doors that swing shut and click properly. And they often don't. Or you rely on things.
things like, well, no one would want to go back there because, you know, why would you ever do?
There's no sign on the door saying it's valuable. Who would ever check that door? And you start
being the person who checks all the doors. And then eventually you say, wow, I can get in a lot of
places that our world thinks you can't get into. I wonder if I could ever do anything with this.
And I'm fortunate enough that I actually got to. It's, it's not an easy career to find yourself in.
It's what a lot of people turn to us for kind of official training, which nowadays, training is two things.
A lot of people like to say training and certifications.
You know, what's the value in that?
And it's twofold.
One is learning skills, but also just kind of getting that official blessing that says, well, I'm not just some chump.
I'm not just somebody who's a criminal.
I've actually tried to better myself.
I've done some of this professionally.
If you want to become a bouncer, maybe you're a guy.
who's just good at fistfighting, but maybe if you actually went to a training course,
they say, oh, all right, the training isn't just me.
Anybody can hit somebody.
You actually can keep your head about you.
You can do things with best practices.
You understand the professional way to go about what otherwise would be a very blunt sort
of trade.
And that's why, yeah, people come to us all the time at Red Team Alliance because they say,
I want to do what you do, but I want to do it properly.
And a lot of people have the knack or at least the desire to get in places they shouldn't
be.
but can you do it in a way that is respectful and responsible and adds value to the clients who are
paying you to do it? That's what differentiates from the street criminal.
You know, and it's interesting too because, you know, like I said, you are analog in a digital world
in the sense of you're a hacker, you know, you're a feature at DevCon and at all the, you know,
different hacking conventions.
And your path was, it seems to me,
that was probably very parallel
to a lot of how the OG hackers grew up
where they were doing things that, you know,
were probably just because there weren't,
you know, you didn't have training facilities,
you didn't have hacked the box,
you didn't have these things.
People just learned it by doing it.
And so you were on that exact same path
only where they were breaking into systems.
systems you were breaking into buildings?
Yeah, that's absolutely the case.
And I'm very, as I say, I'm very concerned that we don't give a lot of younger minds these
days, the space and the room to run.
I like that you called out things like hack the box and so forth.
Those resources and those assets are really important now because we don't live in a world
that is as forgiving as it once was.
Right.
And these minds need a place to grow and experience these challenges and try out their
skills in real world sort of play environments. Otherwise, if all you're doing is pre-packaged,
you know, kind of by the book lessons, are you really learning how things work out there on a job?
Right. So how, because I have to know, how did you make that transition? Because where
with the digital side and with hackers, we see, you know, the development of software companies and
software and, you know, the, and then, you know, countermeasures, you know, to hackers, stuff like that.
But for you, how did you plant a flag and say, hey, I can break into a building?
Anybody want that?
All the credit there, I think I would heap on a longtime friend of mine who's in town,
because we're in town for Black Hat and DefCon, of course.
So my buddy Jeff, the Dark Tangent, who started DefCon and with.
it Black Hat some years after DefCon was around.
The Black Hat Conference, which I don't know if all your listeners know the full origins,
I'll give you the real quick story.
It's a brilliant hack of its own type.
The origins of Black Hat, the conference and trade show.
DefCon, which originally started is just kind of a going away party for Jeff's bulletin board
that he was running.
People said, oh man, this is so cool.
I came out to Vegas and you had this big party and there were these talks.
Are you going to do this again?
You've got to do this next year.
great and he said i wasn't planning on anything like that i just i just kind of threw something together for my
friends if you want it we'll do so then defcon happened next year and defcon happened the year after that
and defcon the conference kept growing and people were coming up to jeff in the hacker world saying man
oh you're a dark tangent you run that defcon thing that's so cool man i wish i could go to that
and he would say then then do it it's a fifty dollar conference why don't you just come
and said no my company would never send me to that why he's like well you know like you said
It's a $50 conference.
It's not professional.
It's not, you know, it's not, my boss would laugh me out of the room.
And Jeff looked at these people and he said, you're telling me that I'm running an event
that is accessible, has great content, has great speakers, has all the information you need,
and you can't come because it's too cheap?
And they said, basically, yeah.
So the very first year that Black Cat started, and Jeff would tell the story with a little more detail,
but effectively, he reached out to his most popular speakers,
ones who were already coming to DefCon. And he said, hey, do me a favor. I want you to come into
town almost a week early, and I want to put you up at the Caesar's Palace, and I want you to give
the same talks you're going to give at DefCon, give them a few days early to like feds and suit
wearing people and stuff. And we're going to charge $1,200 at the door. We're going to call it Black Hat.
And everyone thought that was nuts. And all those companies, that people, their bosses, wouldn't let
come to DefCon. They said, now this thing, the Black Hat thing, you bring me this pamphlet,
this is what you should be going to. Thanks. This is serious business. And, you know, it's the same,
it was the same thing for the first, right, a few years. And then, of course, Black Hat developed
professional trainings, multi-day trainings. And I've been going to Defcon and Black Hat for ages now. I've
been going since DefCon 8. And good Lord, it's, what is it, DefCon 33? 34. Oh, my good, Lord.
But when the trainings were starting, you know, people just, hey, you're good at this thing.
You should run a training.
It wasn't these full-on massive training orgs.
And Jeff approached me.
Tangent said, hey, man, you've been giving lockpicking talks at DefCon.
People love that lock-pick stuff you do.
You know, you should run a training at Black Hat.
And I was like, get the hell out of here.
No one's going to come learn lock-picking from me for two days.
That's insane.
I just do it for free at Def-Con because I love it.
And he said, no, you should do it, man.
We're going to pack that room.
And that was my first professional training that I gave.
This is long before Red Team Alliance or anything that got existed.
It was just me and my buddy Bobbick in a room.
And sure enough, we were teaching people the basics.
And next year they said, well, you should do electronics.
You should talk about alarms.
She used to talk about this.
We just kept adding content.
And as often happens at Black Hat, many times people will take a whole training and they'll say,
this is great stuff.
I learned a lot.
Can I hire you to do this?
and you look at them at the end of two days,
and you say, you just paid to learn how to do it, though.
And they say, yeah, but my company wouldn't believe me.
I'm internal.
If I report all these findings that we really need an external voice to validate all these findings.
Can we just hire you guys?
I was like, money can be exchanged for goods and services.
I don't mind having more money, sure.
So that's where some of our earliest clients came from.
They were the people we were training at Black Hat,
who were then immediately a month later hiring us to come break into their buildings.
And then word of mouth spread.
We've never done any real market.
of any kind. It's just people, oh, those are the guys who do that stuff. Yeah, I've heard of that.
You should take their training. You should hire them. You did that thing. And that's how I got my
career. Well, you know, now I guess when, you know, we think of red teaming and, you know, getting
access to internal, you know, systems and whatnot, like the physical red teaming and the physical
pen testing, you know, we think of that. But how did you, you know, before the internet, before all this,
you know, was it 26? How did you? How did you?
you find yourself in the, you know, with this set of skills in the hacker community?
Yeah. So you mentioned briefly, I heard a little passing reference to 2600, the magazine,
the 2,600 meetups. I was part of the 2600 crew back east and Philly where I was living.
There was a non-profit, well, now was a nonprofit. At the time, it was just kind of a rag-tag group of
enthusiasts. There's this group called Tool, the open organization of lock pickers.
That is a group that still exists to this day. I was on their board of directors.
as a nonprofit board member for a very long time.
But it was people just kind of had a passing interest,
or you would be at a tech, even a professional tech event,
you might see somebody picking locks just as a hobby,
much in the way that you'll see people nowadays cross-stitching
or doing crochet if they're on a long plane flight
or sitting in a long lecture in an academic setting.
You'd see locks being picked in the hacker world.
And for some people, it never went anywhere beyond being a hobby,
and for some of us became a real obsession.
Yeah.
But yeah, the hobbyist community and the hacker mindset of,
these are some cool skills.
I just want to use them for fun.
Fun can become profitable.
I would like to thank a sponsor tonight.
Somebody I'm actually, I've never heard of,
but I'm super excited about right now.
You see, I have to put on my reading glasses
because I'm getting old.
And with that age and the abuse that Jack and I had been through
through the years, the arthritis,
the sleep apnea, the insomnia.
Copious amounts of scotch.
Yes, copious amounts of scotch.
You know, we had Chris Freon just a short while ago,
and he talked about the operator syndrome, right?
And, you know, we have TBIs and blast exposure
and post-traumatic stress and all these things going on for us.
And not just us, but everybody, you're all, you know, subjected to all this stuff.
So our new sponsor is superpower.com.
And the reason I'm really excited about superpower.com is,
a lot of things that Chris was talking about,
a lot of the processes that are going on in our bodies
that we don't know about
and that like your normal doctor isn't even going to know to check,
they're checking this stuff.
It's a concierge's medical service.
You know, we've all been there.
You go to the doctor, get your blood drawn,
and a week later you hear everything looks fine.
And a lot of times you've got to pull teeth
just to get them to do a basic panel, right?
maybe they tell you to drink more water or exercise more, but that's it.
No breakdown of your hormones, no insight to the inflammation toxins, the nutrient deficiencies,
just vague advice and a pat on the back.
Superpower Health is a completely different experience.
It's a revolutionary new kind of preventative care, more comprehensive, more actionable,
and you can do it all from the comfort of your own home.
here's how it works twice a year superpower sends a licensed professional right to your door to collect a comprehensive lab panel or you can visit a nearby lab super power measures over 100 biomarkers that includes your heart your liver your thyroid your hormones your metabolism your vitamin and even your mineral levels i mean that is like everything that chris was talking about right like and again a lot of you may not have been in the military you
You may not have had special ops, may not have been combat.
It doesn't matter.
Like, these stressors, they affect all of us, you know.
And, you know, it's just, this is amazing to me.
I just cannot wait to get started with this.
Then you get a personalized action plan based on your results, all beautifully laid out in their app,
plus access to your own private medical team to help guide you.
It's the same level of testing and insight that pro athletes get, but at a price,
that actually makes sense.
Stop hoping you'll live a long, healthy life.
Start taking action.
For a limited time, our listeners get $50 off when they use code team.
That's T-E-A-M, code team at superpower.com.
The superpower not only gives you an initial plan, but attracts your results over your lifetime.
Each test builds on the last, giving you a full picture of your progress year after year.
So for a limited time, our listeners are getting $50 off an annual Superpower membership by using Code Team at checkout.
Just head to Superpower.com and use Code Team, that's T-E-A-M, to get our exclusive discount.
Your biology decoded, your blueprint activated with Superpower.
After you purchase, they will ask you where you heard about them.
Please, please support our show and tell them our show sent you.
Like I said, this to me is exciting.
Like when they talk about getting all these tests and, you know, all these things,
I don't even know where to start.
Yeah.
And you have to find somebody who will actually do it.
You also have no idea, like, you know, if you're having aches and pains or you're feeling tired all the time.
Like, you don't know what you're deficient in.
It could be a vitamin.
Right.
It could be anything.
Right.
Yeah.
Yeah.
So, and look, maybe you're old and broken like I am or young and spryry.
I like Jack, but it's always a good time to start.
You know, either find out what's going on or to, you know, stay young and healthy for the next 40 years.
So anyway, check them out.
Superpower.com.
Use team at the checkout.
Thanks.
Yeah.
That's fantastic.
What was the first, like, big score for you where you're like, wow, I can actually do this for a living?
I'll answer it in two ways.
there was the first time that I sort of unofficially fell into this work and then the first really good client. And I'll sanitize both of them, obviously. One was a law firm. And this was just a local, you know, to where I was living near Philadelphia. They were just outside the city. And they essentially had a sysadmin. Their guy who was on site, the guy who did all the computers and the servers and the accounts. He just kind of rage quit one day. Just real table flip, slam the door. And people, he
People are like, I don't know if he's coming back.
And I was known as a guy who could get into locked places, just word of mouth.
People knew me as that person from the hacker community.
And somebody knew somebody who knew somebody who called me.
And they said, hey, we have a situation here at this law office.
We kind of think we should be doing something.
We have this guy leave.
We don't know if he has the passwords.
We need to mitigate this situation.
And I was consulting at the time, which,
means I was between jobs, right? And I said, oh, I could make some room in my schedule, and I made
my way over there. And I didn't know if they wanted me essentially to do any tech work, or I
don't know exactly what they wanted, because I thought, they said, oh, the door's locked.
They didn't expect me to break in. They expected me to take over the servers, which, you know,
I did a lot of network security work, too. So I was there with my copy of Pnordall's NT boot and
and other things, but as I showed up, they said, all right, well, sit tight. We got a locksmith on the way
to get you in. As soon as you get in in that office, you can do your thing that we hired you to do.
And I said, okay. And I sat there and just, I don't know what I was doing in the lobby.
It was pre-social media. I just must have read a magazine. So I was bored. And I said, you know,
I'm sorry, I'm on the clock. I've been here a while now. Can you show me that what we're
talking about in this for the server room here? And they took me down a hall. And I went,
oh, it's just an office door? I'm pretty sure I can bypass that. And sure enough, you know,
Kach. You slip, I, you know, took the cover off some TPS report, a equivalent, slip the cover into the door
frame door pops open. I was like, all right, well, cancel the locksmith. And then I did my
thing with all the servers and I'm rebooting. And I said, okay, well, it looks like, yeah, you don't
have any telnet or SSH running, your network, your mail server, your web must be hosted elsewhere.
Yeah, this doesn't look too squirly. Have a proper incident management team come through,
but you're, you're looking pretty good. I can change your root passwords. What do you
want that new password to be? Writing it down, they go, yeah, new root password. Yeah.
What did you do to that door? I was like, oh, yeah, your door latches aren't activated.
correctly because you have access control latch.
It's, you know, your locksmith could explain that to you.
And he said, no, you explain it to me.
Show us.
Show us in this guy's office.
And he's calling partners over.
So that was the first time that someone said, oh, you do more than just the ones at zeros.
You do that break-in thing.
And that I was known just in the local Philly area as a guy who could do that.
And as far as nationwide, one of our first, as I mentioned, you know, students that we had was
a crew of students from a, we'll just call them a major tech company.
They make internet appliances and internet services that loads of people have interacted with,
and they've been in your data centers.
They're a well-known brand.
And they were the ones that shocked.
They took us out to dinner.
I'd never been to a fancy Vegas restaurant.
I'm some young kid.
And I was shocked when they said, we got to get your info because we want to hire you.
And a few weeks after Black Hat, they were hiring us to break into multiple offices around the country.
And you've done this before, right?
I broke it into a car dealership and a law office in Philadelphia.
small-time stuff.
Never anything big like this.
Every job you think, you're like,
oh, this is going to be the job.
This is going to be a tough one.
And then you realize, no, there's always a way in.
There's always a way you can break in.
You can find a way.
And then you just get win after win after win.
And you're the guy.
We've got to hire those guys.
Hire that team again.
Nowadays, whenever somebody bids a job, they tend to reach out.
So RTA is our training company, but the core group is who, you know,
are breaking consulting firm.
And it's funny.
We always get told in these calls.
They say, well, yeah, we're talking to you because everyone we talked to either said hire the core group or those guys trained us.
Like, they either, they're the ones to do it or they're the ones who train the people who do it.
Just hire them.
So the word of mouth just keeps spreading.
That's fantastic.
I would love to ask, I have to ask, has there ever been a situation where the bad guys wanted to hire you and like, you're kind of like, this is sketch or I need to take a step back from this one?
you know for the longest time the answer was no and i'll say there have been two occasions
when yeah you got two stories out of me on this one two occasions where things were a little weird
one was a job that we wound up not taking it was going to be in taiwan it was going to be for a
very famous uh property in in in taipei uh it's on it's very big famous pictures of it on the internet
where you're familiar what a tuned mass damper is inside of big buildings.
Theirs is gorgeous.
You can almost walk up and touch it.
It's a very famous building.
And the whole thing was they wanted to, you know, they said, well, here we are.
Taiwan is a very politically sensitive area.
And we have a very large neighbor.
And we're not sure if they're interested in, you know, our buildings.
And we were never actually 100% sure if this was people from the Taiwanese authority who were worried about China or
this was China trying to hire us to do something in Taiwan.
I mean, I think it was probably all in the up and up,
but the job wound up never coming, you know, coming to fruition.
I said, you know what?
That's probably for the best.
I'm fine with that.
The other one was on the training side at RTA.
We did have a student.
This was very recent.
We've never had this come up until very recently.
We had a student in one of our access control classes where, I mean, if you,
I don't know if in the show notes, you'll link.
You can see, like, what our training is very clear.
talking about like iClass and room keys and badge, badge cloning and things like that was one of the
things. And this one person showed up and almost within the first hour, he started asking questions
about, so is this how credit cards work? And we're like, well, I mean, credit cards, you know,
like tap to pay. I mean, they use NFC. They use near field. I mean, it's like RFID. It is, you know,
inductively coupled. But we, you know, we're talking about badge control systems that you don't,
you don't use credit cards to get into your data centers.
Right.
And he keeps listening.
No, but when are we going to do the credit card stuff?
You know, ISO 1444B.
And we're like, well, what?
Did you just like Google?
He was asking questions that made it sound like he just Googled something like
card cloning and found us.
And it became apparent that he was literally in class
because he thought he was going to learn how to clone credit cards.
And everyone around him, that is a mix of like,
feds and other people in the room like looking over at him.
And he said, it's like the guy who walks into the head shop and is like,
this glass pipe is for the marijuana is right.
Right.
Yeah, I was going to, I was going to say, it sounds like,
it sounds like the 9-11 hijackers that want to learn how to fly but not land the airplane.
You're kind of like, uh.
Right.
Yeah.
And eventually we talked to him during some breaks and he sounded like a guy.
He didn't sound like he was a criminal.
it sounded like he was trying to maybe
embark on a new career.
He just didn't quite understand why it was.
I think he told a story to us about how a relative of his had had a legitimate,
like credit card fraud and how it just got reversed because, you know, like you call your
bank and you say, I wasn't in Kansas City.
And so he's like, oh, what if you could copy a credit card and then you could use it
a bunch of cities and then you claim it was fraud?
It's like free money.
He was very young.
He was just a very young person and young people are naive.
And we said, first of all, no.
I mean, that's, that is not like a crime.
That is a crime.
You can't do that.
Right.
Two, we don't do that here.
And three, you've just said a lot of things that are very actionable in front of people.
You should not.
You don't, don't do that.
Please, please, please.
And we talked to, we talked to them a lot, actually, the parking lot.
The second day, we said, we're sorry, we're going to have to.
We refunded you.
We're like, this is not the class for you.
I think you got the wrong idea.
No harm, no foul.
You know, we took the equipment back, you know, the kit.
So he listened to what we had to say, and I think maybe it sent him on a better path.
But that was a shocker for me, how you could, you know, look at our class description and come away thinking that that's what the class was about.
And he just didn't know the security world.
Right.
When he explained, he's like, why are all these other people in your class?
And we're like, well, because they're doing it for good.
Like, they're doing it to test and work with these companies to make it better.
Right.
He had no idea that could be a career.
It was like, that's so strange.
Why would anyone do that?
Yeah.
Yeah.
It's fascinating.
I mean, I wonder, you know, because classes like yours,
same as like tactical shooting classes or whatever,
that there are probably a lot of wannabes out there, right,
who take the classes.
And really, and I don't mean wannabe in an insulting way.
It's just they have this idea of being, you know, Johnny High Speed,
they take the class and never do anything with it.
Yeah.
But, yeah.
Yeah.
All the guys who saw John Wick and wanted to learn Center Access Reloc.
Exactly.
Exactly. Exactly.
I do like Center Access Reloak, though.
But so that's interesting that you were like a cis admin and network admin.
I, you know, in my mind for some reason, I thought that maybe, you know, when you were doing the vanilla stuff that you were like a locksmith or something.
So I did get my certifications across the board.
but that sort of came around the other direction later ever since I have a rule for myself that
every year I want to take at least one or two trainings of some kind just to learn just to always be
learning a new skill I think you learn not just about the training that you're in you learn even I just
I like teaching I am a teacher by trade right and I just learn about teaching by watching other
people teach and I say okay well I wouldn't I wouldn't presented that concept that way
I would have to think of it this way.
But yeah, just learning a new skill just to keep the brain as elastic as you can.
So over time, I've added many credentials and letters to my name in this space just because, I mean, it's like, I wouldn't say a vacation for me, but it is a mental, it is definitely a mental pleasure week when I go down to Lockmasters or Mark Bates Academy or the Savta Safe Tech Conference, something like that.
These are skills that I sort of kind of had because I had self-taught myself along the way,
and I wanted to, all right, now I think I know this.
Let me sit in the class.
Oh, actually, no, I didn't know the last 10% of it.
I didn't know this other, this new tool exists.
I learned that 10 years ago and now there's a new tool.
So I'm finding great value.
But at the end of these classes, you wind up, you know, with paper, you can hang on the wall.
And then you wind up with actual certifications and accreditations.
And I say, oh, that's pretty cool.
So yes, I am a SAVTA certified, now certified professional safe tech.
technician. I passed my CPS. I haven't a lower number as a locksmith. I'm a forensic locksmith now.
So, yeah, people like Tom DeMont and Drumpy. These are icons at the forensics world.
They taught me things that you can microscopically look inside of locks and see techniques and
tools that might have been in there. Technically, I could testify in court. I don't think I would
survive a Daubert challenge or anything. I'm not a professional expert witness by trade.
Things like the government safe work. I mean, I'm a, I'm a GSA safe.
and vault technician and inspector.
It's a very long, long set of a training.
You take it at MBA or you take it at Lockmasters.
It's two weeks long.
I don't spend all my days on military bases and government installations servicing safes and vaults.
Right.
But I'm certified to.
Right.
I can help you build a skiff.
And, you know, the one time of year that we have a client who says, hey, we need a, you know,
skiff certified room in this new building.
Or the one or two times, I'll do, because you don't make a lot of money on a lot of these
government jobs.
their GSA rates, but I'll get a call from an army base.
I live right near, you know, for Louis McCord,
or I'll get a call, like there was a Secret Service office that called me,
and they said, hey, you know, we have this safe that we have to decommissioning.
They're like, yeah, we're trying to break this office down,
and we can't throw this freaking safe out because there might be contents in it.
The custodians long retired.
We got to get somebody in there.
And I'll take the job just for the fun of it, just to keep the skills fresh into,
it's fun.
It's fun to make some sparks and make a little bit of smoke.
And then you kind of turn your back as the custodian opens the control drawer.
And you hear, like, there's a video on my YouTube channel where I actually, they allowed me to record.
And the screen goes black so you don't see what he's, but you hear him go, oh, man, there was way more in here than we thought there was in here.
Holy shit, there's a good in here.
You know, stuff like that.
Yeah.
So I'll do it just for the fun of that.
So let's start jumping into the topic of safes and safe cracking.
I think before we get into the cracking aspect, we should probably talk a little bit about.
about safes. Most people, I think most listeners know what a safe is and have some idea in their
mind from like a Donald Duck cartoon guy turning the dial and the door opens and you keep
your gold coins inside. But do you want to talk a little bit about the development of safes,
the modernization of them, what people use them for, the different types of safes that are out there?
Certainly, certainly. A safe or any storage container, a safe, a vault, a safe room,
the idea is to make a container that is not impenetrable, because nothing's impenetrable,
but you want to cause an attacker more headache than it would be ultimately worth for them to gain
the spoils that are contained within.
So if you have your jewelry in your house and your, you know, your important documents,
whatever, we'll assign a value to that.
Maybe you have a very nice gun collection, you know, you and your spouse,
and your kids have some valuable jewelry that you've gotten over the years.
Call it, I don't know, $50,000, $100,000, anything more than that in terms of financial instruments and hard.
You should probably be putting them in a bank vault or a safe deposit box somewhere, in my opinion.
But you might have $50K.
Well, an attacker, if they know that you have, oh, that's a really wealthy home, let's break in there and steal stuff.
If it's going to cost the attacker, like let's say $10,000, $20,000 in specialized drill,
rigs and like I have all this safecracking equipment but it costs money right and it's going to cost
the attacker a lot of time and effort and they're making a lot of noise and they're worried about their
exposure and their likelihood of getting caught the attacker's going to kind of do the do the math and say
it's not worth it I'm going to break in somebody else's house down the road a safe or a vault
is designed to cause more headache time delay energy effort and resource spend than then the
attacker would gain demonstrably by by the risk of breaking in. So historically this was all brute force.
You see, you know, like the old, the old west, like people dynamiting safes and things like that.
That's what you would do. You'd have usually round, almost like the old Victor Cannonball type safes.
You'd have these cast iron, very thick doors. And the lock mechanism was, was not something somebody would tinker with.
the lock and a combination on the lock was designed.
Like if you didn't know the combination, people weren't teaching,
safe cracking as a skill broadly back then.
It was all about that pry bars and nitroglycerin and how can you withstand detonating the safe.
Or if you had to blow the safe up, will it blow up all the money in it?
I think that was in maybe some old cowboy movie where they blow up a safe,
but then the money all gets burned up inside the money.
They're going through.
This one's pretty good.
I think this, now this bill is a lost cause.
But over time, we do run the risk of not just sort of smack and grab.
We started saying, well, what about if an authorized person were to try to steal from the safe?
What if somebody were to, you know, use duress on an authorized person and say, hey, you open the safe right now for me?
Which didn't happen nearly as much as we are led to believe by Hollywood.
It was actually very hard to hold up a town in the Old West because you'd have to get away, right?
I mean, there's only one or two roads out of town.
Right.
They know where to go.
You're on a horse.
Guess what?
Everyone else is on a horse.
Yeah.
If your horse runs out of energy, 50 miles outside of town, the people coming behind you with all their guns are going to be right on your heels.
Yeah.
Those sort of robberies like that, bank robberies, really changed with the automobile.
That's the history of modern bank robberies with sort of Dillinger,
and Bonnie and Clyde and Lamb.
But the idea of a bank robber who would maybe not use brute force or duress,
but who would use, you know, like, I'm going to be the inside man breaking in.
That was also a real big concern in the government as we started to see the modernization
of the intelligence apparatus in our country, which is really a product of, you know,
the First World War, the interwar years with the OSS, and then, of course, World War II
is when we get really the modern intelligence community.
the idea of classified documents and document storage and what if we have spies who have been bribed or leveraged
well this person knew the combination it's not how robust the safe is how do we prevent that so that's where we start to see
things like the development of time locks where on the inside of the safe door there is a movement there's a mechanical time movement and you set it
and until that clock winds down the safe simply cannot be effectively opened
And time locks were great for a while until, as I like to remind people, December 7th, 1941, the day that we'll live in infamy, was a Sunday.
And there's actual stories during the attack on Pearl, where people were running around at the Navy base.
They were running around Schofield Barracks, Hickham Field.
And they're like trying to get into the safes to get the war plants because the Japanese zeros are flying out of the sky and things are blowing up in the harbor.
And all of a sudden, oh, wow, war is seven days a week.
We can't just use time locks anymore for our government safes.
Banks to this day, banks still use time locks.
Civilian world still uses time locks extensively.
But the development of manipulation resistant or what some people we call manipulation proof,
kind of anti-manipulation safe mechanisms and dual custody safe locks.
This is all a product of the Second World War and the immediate post-World War II kind of Cold War era,
the espionage era being really in its heyday.
that's where we see the modern landscape of safes and vaults and mechanisms that are meant not just to resist brute force, but are meant to prevent unauthorized access from all different manifold angles.
Hey guys, our show is sponsored by Ghostbed. Check them out. Please, they make awesome mattresses, awesome pillows, awesome betting. Ghostbred provides high quality and super comfortable award-winning mattresses crafted in the U.S. and Canada.
Did you know that 60% of U.S. adults report being too hot when they're trying to sleep?
That's me.
I'm a sweaty little baby.
That's why we designed all of our products with cooling features so you stay comfortable and asleep all night long.
Pair any of our mattresses with GhostBeds award-winning adjustable base and get the ultimate sleep experience.
Ghostbred rules are family-owned business, $60,000 plus five-star reviews.
They have sleep experts on staff with 20 plus years of experience.
If you have any questions, you can hit.
them up and ask them, you know, maybe what kind of mattresses work for you?
20 plus year warranty.
That's two times the industry standard.
Free shipping and returns on mattresses.
Most of the products ship out within 24 hours.
They have in-house customer support and sleep experts chilling in Plantation, Florida.
It rules.
It's the best.
They give you 101 nights risk-free to make sure that these beds are right for you.
If you don't like it after 101 nights, you can send it back.
full refund.
When you purchase a ghost bed mattress,
your comfort guaranteed.
I'm reading it right now,
and it's capital letters,
guaranteed, okay?
They do the right thing,
and they're a great company.
If you're not sure which ghost bed's right for you,
like I said before,
you could take their mattress quiz online,
or you can give a call to one of their sleep experts
and they'll help you with exactly what you possibly could need,
what works for you and what doesn't.
And the best news about this is team house listeners and viewers,
you get an extra 10% off site wide for a limited time.
You just go to ghostbed.com slash house
and use the code house at checkout.
One more time, that's ghostbed.com slash house with the code house,
H-O-U-S-E at checkout for an extra 10% off site wide.
I want to thank Ghostbed for their continued support.
I want to thank all the fans that listen and watch for their continued support.
Without you guys, we are nothing.
So thank you for supporting.
the show and thank you for supporting the companies that help support the show
Ghostbed.com slash house for 10% off made in the U.S., made in Canada.
Shout out to our brothers in Canada.
They rock.
Check them out.
I love Ghostbed.
Thanks, guys.
Hey, guys.
I want to tell all of you today about a new newsletter that we're launching that encompasses
both the Team House podcast, the Eyes on podcast, and the high side news outlet, which
I run with Sean Naylor.
The newsletter is going to be once a week.
It's going to come into your inbox and you're going to get the most current podcasts on Aizon and the Team House and whatever's topical or current on the high side.
So it's another way for us to get the information out to you as social media algorithms are pretty iffy and you never really know what you're going to get.
So this is a once a week email.
It'll slide into your inbox and it will have the greatest hits of that week.
It's really good, man.
checking it out.
The website for it is
Teamhousepodcast.kitt.com
slash join.
Teamhousepodcast.
Dot kit.com slash join.
You go there and you enter into your email list
or you enter your email into the little thing
on the website and you're good to go and that'll be it.
So we really appreciate your support
and hope you'll consider signing up.
Where's the link?
The link will also be down in the description
if you're looking for it there.
And that's teamhousepodcast.
Dot, K-I-T-K-K-L-I-N-A-T-O-IndiaTango.com
backslash joint.
Fascinating.
And so I never knew that about World War II.
Did you, Jack?
About Pearl Harbor?
Yeah.
First time I heard that one.
It's fascinating.
So what are the steps to, you know, because like, you know,
when we look at modern movies or even older movies,
you know, the criminal always gets an exact replica of the safe
and then they spend, you know, days or weeks practicing on it
with their stethoscope or, you know, their drill where it just hits the glass pane.
But what are the actual steps for a modern, like, safecracker?
So that's a really cool question.
And a guy I like very much, he's been in touch with me in the past.
He's an icon of the industry.
Dave McComi, he actually appears in some videos online.
He's been interviewed about how realistic was this or that scene in a movie.
He has a wonderful walkthrough.
I'll send you the URL if you'll put it in the show notes for people.
But it is true that safe crackers and technicians need to know what's on the other side of that steel door.
What is the mechanism?
And learning about it either by getting a replica of the safe or if you're on the up and up,
if you're in the actual SAFTA, Safe and Vault Technicians Association land,
there's a whole knowledge database.
There's the List Council, there's Locknet, there's whole databases that you can reference
that show, oh, this, from this year to this year,
D-Bold Mosler was making their vault doors with this mechanism and this bolt work on this.
So this is where the mechanism is.
This is where the drill point is.
This is where you want to be careful.
There's a re-lock trigger over here.
There's a re-lock device over here.
So knowing what's on the inside is often the first step.
in trying to either neutralize a safe or even just diagnose a problem, you know, figuring out,
oh, okay, the safe was working yesterday. Customer reports it doesn't work today.
Well, if you roll up over there and you say, how are you, show me how you're dialing the safe
and you watch them and you say that that should work, why is that not working? And then you think to
yourself, wait, I know, safe technicians that have different models of safe lock, you know, in their van.
and they'll cut away and they'll they'll actually wait a minute if i'm if i'm turning it clockwise what the what the
frig am i doing they're looking at they go no no no the fly okay so you might have a stuck fly going
clock counter counterclockwise okay try it this way here turn the thing and you get a dead blow hammer and you
say wait don't turn the number bang tile the next down the next number now okay okay now you're about
to hit the boltwork on this side bam okay yeah we got her open cool because you need to know if i hit it right
here if something stuck or wasn't greased, yeah, knowing what's on the inside of the door is a
huge part of the whole process. Fascinating. It's fascinating. Do you want to talk a little bit?
Because I think during your talk at DefCon, you mentioned this a little bit about what the
stethoscope actually was and how there was a period, maybe a brief period of time where that was
useful, but not to that. Yeah. Yes. So to this day, if you're doing manipulation, this is with
mechanical, purely mechanical safe locks. I mean, there are attacks for electronic
safes as well. But manipulation, as we have often seen in Hollywood, you'll see that, as you mentioned,
the stethoscope or the low tech is like putting the ear up to a glass or something like that.
You're not really hearing a lot of many mechanisms clicking and clanking like the Foley guy
doing the production of a film likes to add all these sound effects. What you're trying to find
is very precisely learning what are called contact points.
It's a very specific area of the safe dial where, to use some technical terms,
where the nose on the lever arm is trying to drop into the opening on what's called a cam wheel.
And you're trying to find, okay, touch here, touch here.
And as you're dialing the dial, you're dialing this cam wheel, touch, touch, touch.
And you want to get those contact points very carefully, carefully identified.
Because as you manipulate, the process of manipulating a safe,
is experimenting with different numbers around the wheel and seeing if those contact points change very slightly.
It's actually happening. And I don't know if your viewers are getting this in audio only if they're seeing my hands in front of my black shirt here.
But imagine if that nose is dropping a little further into an aperture.
Those contact points will get a little tighter together than they would if you were up here, higher up.
You're looking for where the safe wheels are almost lined up but not fully lined up.
And you're taking notes.
You say, oh, something's happening around 17, question mark, 17.
And you come back and you run the numbers again.
And you say, okay, no, I'm seeing something on 42.
Maybe.
And you're slowly getting the safe to leak information out at you.
But as Dave and others have pointed out in their videos about the subject, you're doing much more visual observation.
So it's fine if you want to use a stethoscope where in modern times we would use an
audio amplifier, a little magnetic microphone. You can hear the contact points, but you're never,
in Hollywood, you're often just kind of, you see the person is looking off into space as they're just
listening, just listening. What you're really doing is listening and looking particularly.
And what are you, are you looking for like little hitches and then as the dial goes or something
like that? Yeah, you're looking for the behavior of the dial at a very specific spot where it would be
called the drop-in area. That's where the contact points are. And if those contact points,
if I'm running the dial and my contact points are always, let's call it 98 and 7, tit, tit. And I run the dial
some more, 98, 7, 98, 7. And then I'm starting to, and I get to a point where I'm trying some numbers,
and then I come back to my contact points. And then all of a sudden, it's, it's at 99 and 6.
I'm like, ooh, my contact points got a little tighter together. I think my nose is dropping a little
further into the cam. Let's jot that down. I might have a good number there. Now, just because
you found a potential number, well, you don't know where in the combination that is. There's a series of
diagnostic dialing techniques that you would use to try to determine where on the dial or where
in the combination that the dial should be dialed to that number. And little by little, and sometimes
it's fun. Sometimes if you're working with the customer and you say, I'm finding a 17 and I'm finding a 76,
and they say, oh yeah, that's right. Dad loved 1770. It was really.
Patriot. That's the second and third digits. I remember that now. I say, well, does that jog your
memory? Do you remember the first frigging digit? You could just dial for dollars, we could just try
all the, you just reduce the key space a hell of a lot by selling me that. Yeah. You know,
this itself sounds like its own specially, right? And then you have all of the alarm bypass,
electrical bypass, all the different types of sensors,
all the different types of doors,
would you consider yourself an expert in all these things,
or do you consider yourself like an expert in entry
and being a generalist and then like being able to brush up on stuff as needed?
I think it's the hallmark of hubris of the worst kind
to consider yourself an expert in too many things
or maybe any one thing at all.
So I'll be the first to point out,
I'm not necessarily an expert in almost anything, but I'm a dedicated, I'm a dedicated person
in many things, we will say. There's a lot of people I work with who would disagree with me and
say I'm being too modest probably, but that's for them to come on and tell you about later.
They can talk about me. I'll talk about I work with plenty of experts. I work with the
electronic access control expert, my colleague Bobbick, who owns RTA and Corps. I work with my alarm
system expert, our guy, Brian, who came out of the intelligence communities, right? But I am, I am a
specialist in several things and I believe in broadening your horizons as much as possible,
which again, it's been, it's been an amazing journey. I never was a ones and zeros person.
I mean, I was a network person, but I never was an access control electronic locks person at all.
And through sitting at first just sitting in the back of the room when, you know, Red Team Alliance access control class,
I would just kind of sit in the back in case somebody needed me to hand them something.
I'll hand out the next action.
I'll hand out the access control cards.
And then I would, you know, sit up front with Bobbick.
And I would help him.
Look, I can teach the basic prox cloning.
I can do that module if you need to take a break from your, ease your voice.
And now I routinely fill in running whole sections of the access control class.
Just because I work with these exceptionally skilled people and it's rubbed off on me.
It's made me better to take, just like the, you know, the forensics thing.
Like I'm not an expert by any means.
forensics, but I wanted to learn lock forensics, and you keep seeing these guys. You're going to
come to my next class, man. You took the first class with us. Come take the advanced class next month.
It's like, man, I don't do this for a living. I was like, yeah, but you were great in class.
I said, all right, just come to your class, man. And all of a sudden you look around and you go,
holy crap. Am I better at this than the average bear?
Let me also ask you about some of the other tools that get used. You mentioned, you know,
there's like $20,000 drills, specialized drills.
I've also heard about the thermic lance gets used sometimes,
channeling our knowledge from James Cairns' role in Thief.
I think it's a 19881 film.
Great movie.
But anyway, what are some of the other tools of the trade that get used,
even as we move forward into the era of electronic locks?
Right on, right on.
And yes, Jimmy, Jimmy Khan in Thief.
That is a real rig that he is using.
Whoever their technical advisor was on that film is exemplary because, and again, like, Dave McCombie did a whole breakdown of that movie in one of his videos online.
And it's just, it's, and also, I just like, well, I love Michael Mann's work.
So it's like a whole world where cities are always perpetually wet and at night.
I just like to look at it.
And the idea of these big rigs, what you're trying to.
to do with most professional safe cracking gear is apply force without fatiguing yourself and
maintaining a drill in a very accurate spot. Because anybody can just kind of go up with a
junk, like when I'm breaking into a government safe and they're taking it out of service completely,
I mean, I'll make a pretty big friggin' hole in it. I'll just, I'll use a giant hole saw.
and even then I'm still trying to not fatigue my arms.
I have a rig that will mount to the front of the safe
so I can just crank on it, use a big quill.
But you're trying to apply pressure in a way that you can get through.
Because there are all different kinds of material.
There's all kind of metallurgy and cutting science.
Are you doing a metal cutting technique?
Are you doing a grinding technique?
Are you doing precision cutting where you're actually switching bits?
There are plenty of times where you're going through different styles of material.
So there's different types of barrier mesh where it's soft mild steel, then it's the hard steel plate,
then it's ball bearings, it's something that's like hard plate that you can't cut through with high-speed steel.
You have to switch to a diamond cutter where you're actually coring it out and you're punching and you're cracking it away and you're knocking debris out of the hole.
And then you switch, maybe you come up to maybe you're using, as you say, a burning bar or thermic lance.
And then there might be a layer of material like copper in the middle of,
the safe just to distribute the heat. So, and copper won't ablate away. You can't oxidize,
like you can't do an oxidizing burn on copper. You just switch to your switch to another tool.
And all of these things, it raises the stakes for the attacker and it raises the level of
investment that the attacker would have to have. If this is your livelihood and you have a full
safe tech shop, you have all the tools for an attacker to break in. If they weren't playing,
if this is their one big score, they're not going to get through all of that. They would have to invest in
so much time and training. But yeah, the precision point, if you're even a quarter inch off,
you can not only miss what you're drilling for, you can ruin the job. You can not only
fail to open it. You can make it inoperable, completely unable to be opened ever again.
Wow. Without completely destroying a whole other side of the safe, let's say.
So maintaining that exact precision point, that's why you see these large rigs that will be
fixed in place, either with a vacuum pump or magnetically attached or by some other means
of stabilization.
I think all I ever learned was drill a hole in it, fill it with water, and put some blasting
caps in it.
So I guess it, I guess it, I guess, yeah, the score.
The score was, was one of Brando's last pictures.
De Niro was in that with the young Ed Norton.
Yeah.
And that is, it is based on a type of technique that has been done.
You, you, the one major thing about that movie that's not real is most safes aren't watertight.
So in that movie, they actually tap the, I believe it's they tap the sprinkler system.
They pull a big hose of water down and it wouldn't work that way in real life, which also I'm a fire services technician now.
I do a lot of life safety and fire suppression inspection.
And do you know that if water is flowing through any sprinkler head, it'll set off alarms in a building?
There's flow sensors that are all tied into any building automation and emergency services controls.
So you can't just get a bunch of things.
of water out of the sprinkler head and have nothing go wrong in the building. That won't work.
But that was a real technique. Yeah, but you would have to tape the entire safe up. You'd have to
fill the whole safe with water by sealing the entire safe shut. That's fascinating.
So with, you know, Jack had mentioned, you know, like, I think you mentioned biometrics, but,
like, you know, because both with your regular sort of breaking and entering stuff and, you know,
with the advent of the flipper and, you know, and all these other tools that are out there now,
and with safe and security, we see biometrics.
Are these systems more secure, less secure, or just secure in a different way?
The diplomatic answer is, I like your phrasing, they're secure in a different way.
They are solving for a different problem.
Nowadays, loads of businesses, let's take a convenience store, you know, like a 7-Eleven or something,
might have a cash safe.
You know, the sticker on the door, Teller does not have access to safe, no more than 20,
dollar, blah, blah, blah, blah, blah. Those used to all be mechanical locks. And the teller, in fact, would not, the kid work in the
register, wouldn't have the combination. It was just the money drop guy and the manager. Those introduced a lot of
user friction. And they weren't really preventing a lot of robberies. They, you know, nowadays,
if somebody's going to try to steal from a money drop, they're going to rob the bread truck, right? They're going to rob the
A car, the armored car. So they said, why are we using these mechanics?
mechanical locks that are more cumbersome to maintain.
They're harder for a lot of customers to learn how to use.
Customers didn't really understand.
We live in a world of keypads nowadays.
If someone can dial a phone, they can understand how to use a keypad electronic safe.
Safe technicians, especially older guys, didn't like the introduction of electronics
because they were, quote, less secure.
And yeah, there's an electronic bypass is way easier than a mechanical one.
There's a tool called the Phoenix.
There's a tool called the Little Black Box.
We won't get way into what's called differential power analysis,
and that's how these tools work.
But there are tools that will pop open a lot of electronic clocks very quickly.
But that's not the main problem that a lot of these safe manufacturers
and small businesses are solving for.
The main problem they're solving for is I need a way to very quickly operate a safe,
and if I change the combination, I know how to write down the common.
know how to enter the new combination. I won't forget it. And their day-to-day problem isn't a
stick-up or a robbery. Their problem is like, hey, the guy from Brinks is waiting here and he's
yelling at me and he says, sorry, you're taking too long. I don't know what you're doing wrong.
I'm going to get you next week. Right. So electronic locks are more convenient. They're not
always, they're definitely not more secure in my opinion. Right. Right. Let's jump into the history of
intelligence services and how they intersect with this field.
To add a little bit of context for folks out there,
I think we should talk a little bit about why this matters.
Intelligence services are known to,
amongst other things,
break into embassies and break into safes in those embassies,
if not just take the safe out and break into it offsite somewhere.
There's an article in Smithsonian Magazine that I think a lot of you guys would be interested in.
It's called the CIA Burglar Who Went Rogue about this guy named Douglas Grout.
and it's about this guy who was a safecracker for the CIA.
And he broke in a safes in all sorts of different embassies and different parts of the world.
And then he felt that he got screwed over and he sort of tried to blackmail the CIA for money.
And did it go so well?
But that's an interesting article to talk about, you know, how these intelligence services have these capabilities.
I don't know if you read that one Deviant and what your thoughts are about that particular incident.
Yeah, so the real fascinating thing about the IC world is that these are technicians who aren't breaking in to safes in a way that is easily detectable, right?
Many times if, I mean, I can teach manipulation to anybody, to any of y'all.
Like, we teach a manipulation class at RTA.
But for the most part, I'm not usually manipulating a safe.
If somebody says, hey, this safe, you know, needs to get opened.
And even your best technicians nowadays, drill and repair and patch it up, you can, we can patch it.
it up so it looks like we were never there, but that takes a little while. And if somebody inspects
the inside of the safe, they can see, oh, yeah, take the panel off, you can see, oh, there's,
somebody was in here. So getting into a safe in the way that even with dedicated inspection,
it does not look like anyone was ever there. That's kind of the real bread and butter of the
intelligence community. And that's the scariest thing, because if you know somebody broke in,
you can respond. You can either change your security posture going forward or if you had a list of
important documents in there. You can, well, those documents are now compromised. We're not going to
use those route plans. We're not going to use these assets anymore. If somebody in the intelligence
world really just kind of goes out there and operates in a way that isn't easy to detect,
that's really freaky. That's really scary because they could be operating for a long time
without people reporting the crimes.
And there have been instances where professional technicians,
you mentioned that article for your viewers,
I'll try to give you one.
Again, I don't know if you do show notes.
I'll find it.
There was a crew of professional safe technicians.
I believe they operated mostly around the American Southeast,
out of Florida and other parts of Georgia.
They would use general aviation flying VFR.
My wife, you know, my wife's almost an aspiring pilot.
My friend Alyssa is a pilot.
like VFR visual flight rules.
You don't have to fly all flight plans.
You can just take your little Cessna or your little Piper Cubs or something and just fly to another city.
And if you follow, you know, the rules of the sky, like you're just, okay, I'm flying at the right altitude.
And then I land.
Okay, I radio.
And these guys were bouncing around to different towns and getting in and getting out over the course of a weekend,
not staying in, you know, hotels or anything like that under their names.
And it was people couldn't figure out like why.
This is like professional safe technician work.
And the cops and the FBI were looking at lock shops like in that town.
Right.
Like, were all your employees here?
Did you take any tools home this weekend?
What happened?
How is this is professional work.
Eventually, eventually they got caught as many criminals do.
But yeah, in the government land, the idea of that, what we would call a clandestine entry.
Quick bits of terminology for anybody's interest in the forensic classifications of things.
you have overt, covert, surreptitious, and clandestine.
And these speak to the questions of who will notice and how will they notice that something bad has happened.
Overt, anyone can understand, right?
If I make a giant hole with a hole saw in a small government filing cabinet that's locked up and it's going to the scrap heap,
well, that's a giant friggin hole and I'm not repairing it.
That's very overt.
Who will notice?
Anybody will notice with their naked eye.
and how will they know they'll just look at it?
They'll look at that, it brings out a hole in it.
Covert, when you talk about covert operations,
it doesn't mean there's no evidence.
It just means that someone would not notice the evidence
unless they had special training.
So if I'm leaving small scratches or marks
on a surface of a door
because I was using some hook to bypass my way into a room,
anybody could see that.
You don't need magnification.
Like, oh, look, there's some scratches.
on the latch. But unless someone's had special training, it wouldn't put two and two together to
say, oh, I, those, those are not regular wear and tear. That's a, that's a bypass latch tool.
It's a covert entry. Surreptitious, now we get one better. Who will notice somebody with training.
How will they notice they're specifically looking for it with investigative techniques?
They're not just seeing it with a naked eye. They say, all right, let's get the magnifier.
Oh, let's dust it. Let's look inside. That's the forensic locksmithing.
I'm seeing signs of surreptitious entry inside of a lock, usually.
But clandestine is the real, that's the real big one, right?
That's when who will notice?
Nobody.
How will they notice?
They won't.
You're not leaving attributable evidence that points to the nature of the crime or points
back to you.
Or if you're, you know, the government, it doesn't point back to you as a friendly power.
You know, it's not like your embassy is not getting a phone call.
So that kind of skill, because if you break into a government safe,
the value is not, hey, I got those secret documents.
The real value is we got the documents and they don't know that we got them.
It's interesting because that's not just with safe cracking,
but that I remember that section and tool where they had all the different package at DefCon,
the tool corner, they had all the different packages.
The tamper seals, yeah.
tamper seals and all that stuff and, you know, people sitting there, you know, just patiently applying like acetone.
I don't even know what they use, but, you know, how do I take what's in this box out of this box and put all of the, you know, tamper seals back on the box so nobody knows I got in.
Yeah. Fascinating stuff.
So. Yeah, yeah. Acetone is one of the things you would use. Yeah, you can use very pure acetone.
Isopropyl is popular. You'll see the rich.
real secret sauce is a is a non-polomer it's a I'm trying to think it's a non-polar solvent it's called
n-heptane uh yeah that that's and heptane does some wild stuff you can you can lift seals off of all
kind of weird substrates and it doesn't there could be ink like serial numbers on the seal and if
you smear that with acetone that ink's going to run right and heptane is lifting solvent
that doesn't even smear the ink it's amazing crazy stuff so let's see where to we're to pick up on this
where do you want to start as far as, you know, Cold War with KGB and CIA trying to break into and steal each other's secrets?
Yeah.
So that's a great.
We talked about time locks and how we realized that in the government and military space, time locks, they ain't it.
Like, it's not going to do the job.
So we've had to develop what we thought and many manufacturers touted as manipulation resistant or manipulation proof mechanisms.
And over the years, the only clandestine technique was that very slow methodical manipulation
that I described, just dial manipulation.
If you defeat that or make it very hard to do, and there's mechanical ways you can do that.
If any of the listeners have ever had a combination lock that they've had to enter a combination
and then do another thing, twist a little what's called a butterfly knob, knob, or push the dial in,
or it depends.
Maybe you're opening weapons lockers, a 2937 or an old 8400 series.
Like, these were designed to prevent manipulation or make manipulation very hard.
The intelligence services that tried to get around that,
there are ways to manipulate what are called Group 1 safes.
The locks, it's just so challenging.
They said, all right, we need a better way.
We need some other technique.
What we started to see, and this is coming up around, you know, the 50s and really the
60s, we started to see the use of radiographic techniques, gamagraph methods, where, I mean,
it sounds utterly bananas when you describe it to people, but the use of a high-emittance
radioactive isotope placed behind or even sometimes within the safe mechanism, because on vault
lores, they would do this by making a pinhole in the door frame sometimes, or if it's a safe,
if you could just move the safe away from the wall
and put the radioactive isotope behind the safe.
If they couldn't, they would get more isotope
and just bring it into the next room.
It'd be like, all right, which go to the next room.
Just put it over there.
And you're putting film.
Like you're literally putting x-ray film in front of the safe
and developing an image
to see what's happening inside the safe lock.
And then you have to reverse out.
There's a whole technique about it.
I mentioned this in a talk that I gave recently
about a team from Poland.
There's a team.
were just called like Division 9, like, you know, the Special Squad Number 9, they were the
invisible team. In fact, the name of the, there's a book all about it. It's called Nevejami.
It's a book. It means invisible. It's in Polish. The whole book is in Polish by Thomas
Avazovic. She's a Polish investigative journalist. And what, what Division 9, right,
well, a special group number nine was doing at the time, Poland was part of the Warsaw Pact.
They were part of the Comblock forces, right? So they were.
breaking into our embassies and our NATO allies embassies using these techniques.
The reason we know about it now is because, of course, Poland is no longer, the Warsaw Pact
doesn't exist. Poland late in the Cold War, I mean, they flipped, right? Poland became part of
our ally ship. And all these intelligence operators suddenly were collaborating with us.
Some of them, we would just debrief them. Others were people that had to come to the West for
like medical treatment because they were handling these freaking isotopes very unsafely.
Yeah, I was wondering about that.
You know, because like when you get the x-rays, how you have to wear the, like, the, you know, the lead thing.
Like, I can't imagine it was good for their health.
No, it was not.
And these guys knew that they were taking a hit.
They wore dosimeter badges and such.
And some of them knew, but they was all for, you know, it was their job.
This is where they saw it.
And even just transporting the isotopes around, they kind of rigged up these not really safe containers just to make.
them slightly manned portable. And they, you know, they used just dosimiters and other measuring devices
outside the container. Like, man, these are not, these are not doing the job. They're not good.
They tell stories about how if they were on long jobs or they would drive from city to city,
they would put the isotope in the trunk of one car. The thing would be down in its rear leaf springs,
like this floating steering that was barely on the road. And they'd put one guy in the driving that car.
And everyone else would get in another car, like 50, 100 meters behind.
And then caravan, and then even on long trips, they'd stop and they'd rotate people out to who's the guy sitting with the isotope in this long drive.
Wow.
So, yeah, it was not healthy.
But for the longest time, they were doing things that was thought of as nothing short of magic.
And people could not figure out.
They were bringing these just troves of documents that the intel community in Poland and in Russia and elsewhere, they were sending the documents back.
They're like, how are you getting these documents?
What the frig are you guys?
You guys are wizards.
And yeah, they were just, they were literally using.
electronic radiographic techniques to image our safe locks and get them open to see inside the safe.
That's fascinating.
And then we figured out something might be up.
You know, they have their spies just as we have there are spies elsewhere.
And they were trying to source the isotopes through various scientific research labs.
And they had covers why are you buying this cobalt?
They would use cobalt or iridium 192.
And our people figured out there's something might be.
up with this, I think, are they doing that?
And we tried it and we said, oh, we can, yeah, this is actually a real thing.
So we started making safes that would prevent that.
And basically we used plastic wheels inside of many of our safes and say plastic wheels and lead shielding.
And then they would just use different isotopes and there were different techniques that were
even more dangerous.
And yeah, I talk all about that in this presentation that I gave in North Carolina and in D.C.
Not too long ago.
Are those online?
Are those presentations online?
They are.
Okay, great.
They are. I'll drop links for you and you can share them with others.
Yeah, we'll put everything that he is talking about.
I wrote down the name of, well, Division Nine.
I'll let's get the name of the book from you.
You know, now with Google Translate and you take a picture of a page and read it.
Yeah, I do have a copy of the book that I doubt.
You can buy the book electronically in Polish.
And yeah, you can kind of machine translate it.
So there's been this machine translated version that a bunch of my friends,
and I, we kick it around in the intelligence world.
It's a fascinating read.
At least one person who saw this, who speaks very fluent Polish.
He's like, man, I want to do, I want to do a professional, like proper translation.
Yeah.
And I was like, well, Tomash is still, he's still a journalist.
He's still in public.
You just reach out to the author.
Tell him enough people in the United States market, tell him we want to read this book.
Maybe he'll do an official publication of it in English.
For sure.
Yeah.
We should get in the publishing business, John.
As far as some of the, you know, things that get stolen in that Smithsonian article I mentioned,
you can sort of infer that we're probably trying to break into safes and Pakistani embassies,
probably trying to figure out nuclear strategy stuff.
That's just my inference from the article.
There's another interesting report out there that says in 1958,
the CIA actually accessed the Sputnik satellite.
that the Soviets had put into orbit and they had access to it while it was out on World Tour,
and they had it for three hours to themselves to dismantle, examine, reassemble,
and then, as you point out, clandestinely replace without anyone being the wiser.
Interesting case of, you know, breaking and entering for technological intelligence, I guess you could say.
Yeah, that's really cool.
I never realized that.
That's really dope.
What the heck with this guy?
Were the Soviets just like going out to dinner and leaving it in their hotel room?
What the hell were they doing?
Yeah, yeah.
They were in the land of the big PX, you know, so.
Apparently, it's in a book by Patrick J. McGarvey, who wrote it a while back.
But as far as what country that happened in, that got redacted by the CIA.
So we don't know.
Fascinating.
Okay.
Okay.
I mean, I imagine that they also didn't only take, but probably at times placed or exchanged.
Sure.
Yeah.
You know, it wouldn't be a bad idea to have people doing what you want them to do when they think it's what they're supposed to be doing.
So how, when did you, is this sort of love of the history of it kind of recent for you, DeViant?
or have you been studying like the history of the IC and safe cracking and stuff like that for quite a while?
It's something that has grown over time for me.
I definitely have done some reading in the past.
But this, yeah, this latest, because the book I mentioned from Thomas Avivsevich, that's only, I believe, from 2021 or 22.
That was a pandemic read for me.
Fascinating.
So what else do you have for us on this topic?
spill some tea. You have some juicy details about intelligence services and safecracking?
Well, let's see. I mean, all the locks that we use in the government space nowadays,
and I touch on this at that same presentation, anybody who's ever worked maybe for a DOD contractor
or something like that, you may, some of the listeners, maybe you're familiar with these.
They're called electromechanical safe locks nowadays, where it's not a keypad. It is a dial,
but there's an electronic component in there
and you actually have to spin it a number of times
to spin it up and to charge it
and then a little numerical display will show.
These are safe locks made by,
nowadays they're made by Dormacaba.
The Kaaba Company is huge.
It was Kaaba Moss for a long time
because the originated company was Moss Hamilton.
The entire story of how the Moss Hamilton Safe Company
came about and how it was proposed
as a standard. It gets into a lot of, if you care about how your tax dollars get spent in this country,
you know, the FFL 2740 government lock standard was really pushed by a small group of people
who designed, they came up with a new idea for a lock, and then they used a lot of political
influence to get it accepted as a new standard. And then that was the only lock that qualified under the
standard. Right. And this, for the longest time, if many people would be familiar with it,
name Sargent and Greenleaf. I mean, they're a huge name in the Safe and Lock World.
We use those to lock up weapons in the Army. Yeah. So Sergeant and Greenleaf, like, they had the
entire safe lock market covered, especially for the government and the Army. And then this
new standard came out and Sergeant Greenleaf locks didn't comply because only one lock complied.
Right. It's the one that the designers of the standard made.
and S&G spent all this effort trying to undermine and figure out, hey, how do we get either that product knocked off the qualifying products list or how do we get a product approved on the qualifying products list?
And all this inside politicking and inside baseball where these locks were being tested and evaluated and found to be faulty.
They were found to be defeatable.
And yeah, just a lot of, a lot of like senators are involved, making phone calls and a lot of, a lot of, like, senators are involved, making phone calls and a lot of,
lawsuits. In fact, it comes back to Dave, Dave McCombie and his, you know, his colleagues, Mike Madden.
Mike Madden was, he's DOE, so he was at Livermore. I know I've spoken to Mike about this at length as well.
And yeah, they, they were proving, like with experiments, they were proving, hey, this brand new whizbang lock is vulnerable.
And they did a whole write-up about it that was going to be published in the trade press.
And it never saw the line of day because there was a lot of threats over lawsuits.
lawsuits and and you know to his on to his credit i really david's just a lovely i can say enough nice things
about mr mccomi dame mcomi's a great guy he didn't want the main technician who did the
was paid hired to do the research right he didn't want him to experience ramifications
uh maybe have his clearance screwed around with so that article uh was never was never put out
now i've i've read the article i've seen it but yeah for the longest time this was just this
rumor. Oh, have you heard somebody used to mess with that XO lock? No, that didn't happen. Yeah, it happened. It absolutely happened. And none of these locks have ever been removed from the qualified products list. To this day, I still find the original, original lock, the X-O-7, it was called. It is still in the field on some containers. Props for long lifespan, right? It's way beyond their originally anticipated duty cycle. But they're still out there. They're still in use locking up materials to this day.
Well, it's interesting that that sort of reflects what you and the other instructors and the people at DefCon and Black Hat teach on the hacker electronic digital side that everyone claims their stuff is secure, but it really isn't.
And a lot of these companies kind of try to whitewash that or gloss over it and pretend it's not happening.
And it's interesting to see the parallel in the physical security world as well.
Yeah, I really do wish more companies operated in the way that finally software and network.
security companies do now with, you know, like bug bounty programs. Right. And willingness to engage
with researchers and do what would nowadays be called a coordinated disclosure where the researcher
gets to put out a paper, but only after the threat they have found has been mitigated properly.
And oftentimes the researchers will work with these vendors that have these programs.
They'll say, all right, let's collaborate. Let's keep you under NDA until we get it fixed.
And then you get the credit and the fame and the recognition for your hard work.
and the public is made safer, both in the short term by not disclosing and in the long term,
by everyone getting to upgrade and getting a new version.
We don't see that nearly as much with the physical, mechanical world.
Right.
Because, you know, if a software package has a bug, they fix it and they say,
all right, download version 14.6.
You download it on the internet, you click okay, install.
If a safe lock has found out a bug, or, I mean, we saw this with hotel doors, right?
lots of things have been done in the hotel doors back when it was i think cody brocious uh did the
onity locks a long time ago with like a little uh like an arduino that he made some code on and then
there were some kids very recently the salto product the safe lock which they called the unsafe lock
when they did their defecon presentation these are products where the researchers worked with
some vendors but like the fix is some technician going around to like every first
brickin door and like installing a hardware flash and hotels across the country like having to
rotate out all of their keys like their key their card stock that they have a big box of like no
you got to throw that card stock away we need new silicon inside those room keys so the lift is so much
more to make an upgrade in the physical world that a lot of vendors still want to play the no no no no
don't i don't i don't i don't want to know this problem right well i mean
it's all money then they don't you know it reminds me as sort of like a vehicle you know car recalls
vehicle recalls you know it's it's a numbers game it's like how much money will this cost us not
how many people will we save um and so i imagine for you know for a physical security company it's the same
thing it's like we don't care if you can defeat our locks as long as not everybody knows about it
Right. And, you know, yeah, that's, it's, it's sad. It's scary. What, what are some of the things in New York? It brings us back to, um, go ahead. No, please. Go ahead.
It brings us back. I'm recalling Ed Norton. We mentioned Edward Norton in the movie The Score. He was also in the movie adaptation of, uh, what the Chuck Lack's book, Fight Club, right? There's that line. He's talking to someone on an airplane in the movie. And he says, I work for a major actuarial insurance.
firm and he's literally, he talks about the formula.
He's like if there's a certain model of car and the brakes fail and people can die
in a car wreck would do the math of how many times it would happen,
what's the average payout in a wrongful death lawsuit,
and if it costs more than that, yeah, we're not going to recall the brakes.
Right. Yeah.
What are some of the things, you know,
you've talked about some of these locks that are still out there in service and hotel doors,
what are some of the things that you see, whether it's government-builds,
or commercial buildings that aren't like a failing of the actual hardware,
but that they do consistently that defeats their own security.
And then on the personal side, what do you see people do with their own homes or whatever
that is also sort of this repeatable offense?
Sure. Two very different sort of answers there.
One thing that I see a lot of, and all of my colleagues who probably also say this,
is sort of improper installation or two different systems that are not ever tested together.
For example, I will mention that I do a lot of things with fire suppression and fire and life safety.
If you're ever in a building, especially if you're in hotels, if you're in a corporate commercial space,
the next time you're passing through a door, an opening, and if it's kind of a heavy door, look at the hinge side of the door.
look at the hinge side of the door frame and the door itself, the little butt side of the door,
and you might see a metal or foil sticker.
These are labeled door assemblies.
These are for fire doors.
A fire door, if it has a certain endurance rating of 45 minutes, one hour, two hours,
the entire assembly is tested together.
So you'll have, you name who's making the door, true door products, they make a whole
door assembly, and then that gets sent off to a big testing lab, Warnock Hersey or Intertech
or Underwriters Lab, somebody like that, they will test the entire door and the door frame and
the hinge all these components together. And they'll literally put it in a furnace and they'll hit it
with a hose stream test to see if it bows or breaks or pops open. And then it is, you know,
blessed and approved. It gets a labeled rating. But that is how it gets, it is done this way.
And you don't can make any modifications in the field. In fact, that's one of the things.
we inspect for and look for are field modifications. Did somebody add access control to this door?
Did they punch a hole in the door frame? And then there was a door sensor in there. Well, now you
violated the integrity of the door frame. What are you doing? You have to use fire rated, you know,
parts to do that. So we see a lot of security systems where that door lock that you might have
bought was designed properly, worked well, went through all of its testing. And then you install that.
but then somebody else comes along some integrators
installing an access control panel
and then they are we're going to run wires
and we'll put an access control electronic door latch
well now you've taken away the strike plate
that came with the door lock
and you're using a different type of strike mechanism
electronic strike and those two components
were never tested together
so installation of disparate products
that were never tested together
they will not perform the way they were designed to perform
we see that all the time because and the world is a big complicated place i get it you know
your door hardware parts guy is not the one manufacturing your access control card technology system
and the the card system like nxp semiconductor is not out there making door latches right so i understand
the problems but that's why uh we love it we absolutely love it when we've had people in rta classes
that aren't penetration team members.
We've had integrators and installers come to our classes.
And it's opened their eyes.
Like, oh, my God, we do that all the time.
Yeah.
We've been undermining the security that the customers insisting,
we want these parts because they look good.
And you don't want to, no, don't change out the other thing.
That went out, the nice sat and finish.
Keep that on the door, but then just change this part of the door.
And now these guys come away from us.
Like, man, I'm not going to do that anymore.
So.
And as far as what people do.
on a resident,
okay, go ahead, please.
No, I was going to say,
so you're not,
like you're,
the example you gave
was how it reduces its,
it's,
longevity in a fire setting,
but you're also saying
that when they come in and,
you know,
make a convenience change
like an electric lock
or an access panel or whatever,
it also gives you
easier ways
to defeat those systems.
Oh, yeah.
Because they're installing the one,
well,
I did my job correctly, but you don't realize you've installed it in a manner that it wasn't
designed to be installed it.
Now it's trying to interact with a different system that you've never tested it on.
So we'll say, oh, wow, you put those two great tastes, they don't taste great together
because it's very vulnerable now that you bolted this onto that and it doesn't work the way
you think it does.
Yeah.
I have, I guess, one more question before we go on to viewer questions, which I'd like to ask
since Thief came out in 1981, what has made safecracking more difficult?
What has changed in this field in the last 40 years or so that is making,
whether it's our intelligence service professionals or people like you helping out,
you know, the government decommissioned safes?
What are the big changes that have occurred over the last few decades?
Oh, yeah.
It's interesting.
It'll tie back into the previous, you had asked one question we almost might have missed.
that you said, what can people do at home?
And it is the same answer as what has changed with safecracking.
And it's the same answer that it's a call all the way back to,
I was saying when we were younger,
we had more free space to kind of play and roam.
It's all electronic monitoring.
Nowadays, you're not going to see beautiful, amazing graffiti on a subway car
because kids in New York City in the 70s and 80s,
I mean, they could sneak around in tunnels all night long,
and there maybe would be one cop with a flashlight who might catch them.
Nowadays, you try to go somewhere you don't belong in Manhattan's MTA,
you're going to be caught in five seconds.
There's going to be electronic cameras.
There's cameras everywhere.
Nowadays, what makes safe cracking hard, the idea of, like,
there was a famous robbery.
I even, if I can find the article or any footage of it,
there's literally like in all the strong boxes are ripped out of this huge nest of safe deposit boxes
inside of a vault in, I think it might have been in Brussels.
It was a big financial and precious goods emporium.
And these people had literally concrete cord through the wall.
And they spent the whole weekend raiding this entire vault.
Because there was no electronic monitoring.
There were no cameras.
There was no alarms down there.
Because who would ever get in?
Nowadays, electronics have gotten so cheap.
Just put electronic monitoring on everything.
Now, I'm not saying you can't defeat it.
Right.
I mean, we have a whole, we have a whole intrusion detection defeats class at RTA.
Well, those gangs, those gangs are doing it now.
The gangs are doing it now, too, with those portable man packs that they're getting off to do or whatever.
But yeah.
But, but, but if it's there.
Monitoring your, like, if I can go up to your safe over the weekend, if you're away on a fishing trip or something, and I can just spend all weekend in your house working on your safe, something's wrong.
Right.
Like, come on.
Right.
Use a half decent electronic home monitoring solution.
Don't use some pile of poo, like simply say for something.
Use something good.
I like ubiquity is a pretty good brand.
I don't really like Nest and Ringbear.
We're not going to get a bagging on or promoting any brands.
I don't work for any of these companies.
They don't have grudges of it.
But using electronic monitoring and using it effectively,
that's what makes everything so much harder.
Yeah.
Electronic intrusion detection.
Yeah.
It's fascinating.
So for people who might want to get into this field, right?
Whether, because whether it's, you know, doing what you do,
sort of more in the civilian market with, you know, obviously government stuff,
or if they want to be a black bag guy or gal, you know,
working for the, you know, FBI or the CIA or, you know,
local PD or whatever, where do they start?
What does that career path look like?
There's not a military MOS for it.
Yeah.
Right. That is true.
That is true. Although we're so self-s, you hope you don't think I'm sounding self-serving.
No, not at all.
We are, we are inches away from, I believe, being what is called Cool Program certified, the C-O-O-L, the Cool Program is people who are, I think it's your last six months of service or if you've recently exited uniform, there is budget available through the DoD for people who want to train for a new career.
That's fantastic.
So coming to us or I think Lockmasters and Mark Bates, MBA, USA, I think they might also be cool program compliant.
So if you're not in uniform, if you're just in the civilian land, that's fine.
But it really is showing up and getting some base level of training, not only to know what the landscape is, but a lot of times, and I have a whole blog post about this.
I'll throw you that link as well.
People like to bag on training.
Training doesn't prove you actually know how to do a thing.
I've seen more people with a certification that they didn't know squat.
That's true.
I've known many people with college degrees that aren't working in the field that they got a degree in.
But you know what a certification, like what training and ultimately getting a certification
represents to a lot of employers?
It represents that you.
can sit the F down and just complete something, which is a very hard thing for a lot of people out there to do.
Yes, a certification doesn't necessarily mean you're the best person at what the piece of paper says you can do.
But it means you can see a task through to completion in our scatterbrained ADHD world.
A lot of times employers today just want to know.
are you a reliable person? Can you take a task and run with it and see it through? So I like to
remind people of that when they say, man, is this certification going to actually help me out in my
career? Yeah, it's much in the same way that you mentioned people in the service, right? A lot of
times if an employer sees somebody, he said, oh, this person is former army, this person was Air Force.
And they might give them, like, let's bring that resume to the top of the pile. It's not because
the job they're going to do has anything to do with, you know, liberating some foreign
will.
It has to do with the fact this person knows how to like keep their head straight in
pressure.
This person knows how to execute on tasks.
This person can self-manage.
So giving employers a shorthand way of evaluating, yeah, I'm not going to be a drag in your
organization.
I kind of can tie my own shoes and get myself to Friday without you having to babysit me.
that's valuable to what a lot that's what a lot of companies want they want to be able to
quickly ascertain are you a person that's going to bring value to my org right right if you got
the patreon questions absolutely and i apologize for those text rings it's i had taken my phone
off airplane mode so i didn't i didn't hear them at all it's all right okay great great great um let's
hear let me take my phone off you getting these live and we've been live streaming this
whole time for the patreon folks we live streamed like a
There's probably like 20 people watching.
We used to do this spot.
Oh man, I feel so bad that we were a little bit off kilter on getting the Zoom link working in the beginning.
No, that's more my fault than anything.
Okay, so Matt S, thank you very much.
Really stoked to see Deviant Olam on a guest huge in the pen testing community.
Question for the guest, what is one tool that you see people include in their physical pen test kit
that is overrated and should probably be left at home?
and what is one tool you always bring with you on an engagement?
Ooh, I love the first question.
I want to give more brain space to that because people buy so much stuff and keep adding it to their kit and adding it to their kit.
And, yeah, you know, you see the person, like, they have my daily pocket carry.
Then that becomes their sort of sling bag.
Right.
And then that becomes a backpack.
Right.
Before you know it, you're like, it's not even daily carry anymore.
What are you freaking doing?
you're carrying a freaking rut bag.
What would I say?
You know what?
I'm going to go,
here's what I'm going to do.
I'm actually going to pull up briefly,
my own, you know,
I'm going to pull up Red Team Tools,
which is my own catalog,
and I'm going to look through my own catalog
about something of like,
this is the last thing you should possibly purchase from us.
Ah, bump cocaine.
Some of these are all right.
It's probably, it might be an electronic tool.
Yeah. Yeah, you know what? I will say it's a cool, it's a cool thing. But we have a couple of tools designed for pin pad hacking. There are people that say you can use thermal cameras to like look at a pin pad right after somebody's entered a pin to see where their fingers were touching. We actually, I made a kit of UV powder. So you dust the pin and you come back later with a UV light and you can see where the pin pad was touched.
I know we sell them like I make these like my that's Hollywood shit man come on like I'm not saying it has no purpose and in fact if you have an electronic safe that's interesting because that's probably one code or an alarm panel that's probably one code that gets entered but a door an electronic keypad access door where there's probably lots of people with different codes that's not going to help come on
you're not going to get there.
But yeah, I have used it on an electronic safe in an executive's office once
because I was able to see which numbers they had touched.
And I came back a week later.
And I didn't actually open the safe.
We weren't off, but I said, are these the digits of your combination?
I didn't even tell them what the digits were the right order.
He was freaked out that I actually knew it at all.
But yeah, you don't need that shit.
Buy that after you bought everything else.
But don't carry, you daily carry.
And the tool that everyone should have on them at all times?
Yeah.
Two point answer.
the best the best two things available traveler hook which is used for getting latches on doors
and what's called an underdoor tool and they both have their pros and cons i'll tell you a traveler hook
i got my i got my wallet right here in my wallet is a small skeletonized version of a traveler hook
it doesn't have a big chunky handle my buddy in scotland makes these he calls these the the
skeleton hook but it's this is just you saw i just pulled it out of my wallet and it just i'll
get doors open with this all the time. The other one that's hard, I mean, the underdoor tool,
if anyone out there has seen an underdoor tool, they're devastatingly effective. Not easy to
carry around. They're big. Now, I happen to have an underdoor tool as well. It's in my belt.
Because I have a, there's a whole video, it's a tiny video I talked about where I literally
found a belt manufacturer that would do exactly what I wanted and make a belt with a long cavity in it.
I tried money belts, but they weren't enough space.
But yeah, we have the we have underdoor tools that you can whip out of a belt.
Is it as good as a big commercial underdoor tool?
No.
But if I could give, that's my gift to the world.
I want to give everyone the ability to have an underdoor tool on them at all times if they want it.
And I always travel with mine.
Traveler hook and underdoor tool.
For people who might not know what those are, can you give us a real quick brief description of like what each does?
Yeah.
Sure.
So the traveler hook, as you, if anyone was watching the video part of this, it's a small tool with a tiny probe sticking off the end of it.
It's a tiny right angle hook.
If you want a really cheap version of them, you can grab some O-ring picks at your local hazard fart or home desk spot or something like that.
Those are going to be cheaper steel and they're going to be too thick.
I think the shafts on those are too thick.
That's why if you want to get a nice version, you get like a proper travel.
traveler hook from us or from Lockmaster sells them. I think Mark Bates sells them. But yeah, you reach
into a door jam and you can manipulate the latch on the door. If the latch is not deadlatching correctly,
which is a very perennial problem, you can slip many doors open with a traveler hook.
And under Door Tool, as it sounds, it reaches beneath a door, but the idea is modern building
code, ADA code, fire code, all these various codes require egress is always allowed.
Free egress from a building should never be denied or impeded.
So you can have all the locks and the access control you want on the outside of a door.
If someone's inside trying to leave single, I mean, there's rules.
There's laws and rules around this.
It's single motion, a single pushing or twisting motion on a door handle.
There's actually, for ADA reasons, a poundage of pressure, how many foot pounds and
inch pounds of so forth of torque and push.
So it's very light pressure on the inside of a door
shall cause the door to unlock on the operable part.
And underdoor tool is a long rod that reaches up under the door,
swings back towards the door,
and you yank down on a cord,
and you're trying to hit the handle, the inside handle,
but you yourself are on the outside of the door.
And if you can trip that,
what's called the operable part of the door,
meaningfully, it's a lever-style handle.
That will trigger the door to release.
and if you have a long enough rod and a string on the end of it and you know how to use it,
you can pop open the vast majority of commercial doors in all the buildings that you travel through all the time.
Sounds much easier to use than a wire coat hanger undone with 550 cord tied around the top of it.
Yeah.
I've seen people do it though.
You know, you make use of what you got.
Yeah.
Yeah, for sure.
And then the other question was,
was,
um,
thank you very much.
One question for him.
How was physical,
how has physical pen testing evolved in the age of ubiquitous technical surveillance?
Were the opportunity for traps backed by all kinds of sensors covering the entire spectrum
are widely available in easy disguise?
As a defender,
I actually have the impression that it wouldn't be overly difficult to design a room,
designed to hold secrets that would be a nightmare to try to approach covertly.
Is that notion particularly,
off-base in your opinion experience.
And I'm also just curious to hear your opinion
on how traps have evolved from the days
of analog-only solutions like
Matt Stick in the doorway, you know,
a piece of hair on, you know,
resting somewhere.
Absolutely true. Absolutely true.
And in fact, if you go
to these major trade shows nowadays,
for example, Milipole,
the Military and Police Expo is one.
The ISC, the ISC trade show,
the security controls trade shows,
ISC West and IAC East.
We're always out,
IAC West out here in Vegas,
we're always out at IAC.
You'll see loads of vendors.
I mean, AI is a hot topic,
so they're shoving AI and everything out.
But the idea is if you put enough camera coverage,
just visual camera coverage,
in a space,
we are just about at the point
where you can, in theory,
give us a technological solution,
a list of people who belong in the building.
Right.
you're giving away a lot of your biometric data to an employer, possibly a third party that the employer's hired.
So take that as you will.
And if there's a lot of lip, there's a lot of cost in installing all this and there's probably a subscription plan involved.
But there are schools now, and I don't know how I feel about this with kids and all of our kids' biometric data being saved by some firm that doesn't have their best interest at heart probably.
But there are schools where if anybody shows up in the school and they're not in like the face database, it throws an alert on.
a screen and the resource officer or some teacher gets sent down that hallway. It's like,
hi, what are you doing here? Are you here to pick somebody up? How did you get in? It is absolutely
a huge challenge, but that's only as good as the systems that are employing it. We've seen
that AI can hallucinate. We've seen that something. I remember there were early days of facial
recognition. Somebody, basically, there was a man with a beard and he wore long like shoulder
duster earrings.
So the fact that he was very mask presenting, he had masculine facial features, but he was
wearing something accessories that were very femme-coded.
The system completely didn't know what to make of it.
It broke on like the line, the first line of code couldn't classify him gender and like
the system just failed.
So you're probably going to continue to see oddities and edge cases like that, which
brings us back to the importance of testing.
all these vendors out there should be engaging the hacker community and the researcher community
and inviting them to test these systems because it just takes one person to say what if I wear my hat
and I put a really, really freaking bright IR LED under the brim of the hat.
And people did that to defeat facial recognition for years.
You're walking along the street that just you don't, your naked eye just sees a person.
But all the cameras just saw a huge white blob over the, it was just blew out the levels of the camera.
the automatic gain control, the camera didn't work.
Yeah, it's fascinating stuff.
I got a couple others here.
Alex asks, how did you get to know Carl and the in-range crew?
Hell yeah, I just saw Carl.
I was just at high desert brutality.
I just flew back from Idaho right like yesterday.
So Carl, Carl Casarra, amazing person, wonderful human, smart guy.
He is not just a firearms person.
I mean, he came from the Accro world.
He was in the tech world.
He was a cisadmin and a network guy for years.
That's how he made his bones.
He was around, I mean, he'll tell stories back when Operation Sun Devil was a big hacker crackdown.
And he witnessed all of that go down.
And he remembers running and securing systems at the time.
So Carl was aware of DefCon.
And he had heard of this thing that I ran with firearms for years.
I ran what was called the DefCon Shoot.
Still exists.
Other people run it now.
I've turned it over to them after a decade.
and he and a former colleague of his,
they came out to the DefCon shoot just to see what it was about.
They said, hey, it's in Vegas.
We're in Arizona.
Let's just drive up.
And he and I met at DefCon.
And I instantly said, oh, you're like, you're a cool guy.
You're into this stuff.
I'm into what you're into.
Let's keep talking.
And we just kept coming to each other's events ever since that he's come back to DefCon
several times.
I've gone to his firearms events.
Again, show notes, click down below.
I'm sure you'll drop a link to InRange TV.
it's one of the very, very few people in the firearm space that is not monetized and they're not doing a lot of corporate shilling.
Most influencers in the gun world, there's a lot of money and pay for play reviews going on.
And Carl's out there just in his own backyard in Arizona doing mud tests with a bucket of water in the Arizona sand and saying, yep, this gun failed.
Sorry, don't know what to tell you.
Manufacture sent it to me.
I'm sending it to bed.
They'll make a change.
send me another one. So he's a very honest, very upstanding guy. And yeah, we've been friends forever.
I visit him. I visit him at his place. We travel places together. He's one of my favorite people.
One last one from M. Corbin. He asks, what is your favorite fiction author? Favorite fictional author?
The easy answer would possibly be Douglas Adams. Writers. Writers of fiction, not actual fictional author.
Right. Yes, yes, yes. Douglas Adams is going to be up there.
I find that the Hitchhiker's Guys series and the lesser known works,
the Dirk Chetley's Detective Agency and such,
the Douglas Adams books,
they have this wonderful lightheartedness to them,
a spirit of adventure and positivity that's just full of warmth.
The world is a lesser place without Douglas Adams around.
My wife would mention, you know,
things like Pratchett and other sci-fi authors that she, you know,
she's a much bigger fan of and tries to,
get me involved. I tried to watch
Dune recently. I tried to, you know,
I've watched the Lord of the Rings with her. I'm, I understand
Tolkien's amazing world building,
but there's something about the lightheartedness
and the smile that I will reread Adams's work
to this day. Yeah. I used to really love
Richard Morgan, the British author, Richard Morgan,
British Scottish, British, Richard Morgan,
who wrote the Altered Carbon series.
No, yeah.
Yeah. Not the most progressive views
on some issues that are very dear to
people in my life. I have a trans daughter. So like, no, don't, don't promote Richard Morgan as much
anymore. I think Douglas Adams would have been fine with her, though. So yeah, Douglas Adams gets my vote.
Yeah. And last thing, I guess, Devant, um, unless, Dave, do you have anything before we let DeVient plug
his company and website? Not at all. We would just like to remind you DeVant, like when we say we're
out if you don't mind hanging out. And if you're watching this request,
You could be watching this live if you're a Patreon subscriber and
We're gonna do a team house after dark
Just a fun little story or whatever
For our patrons subscribers afterwards, but please go ahead Jack
So Deviant tell people out there where they can go to procure your services if they want you to break into their home
Place of employment
I bust open a safe.
Tell them about the classes that you offer and where they can find you guys.
Sure. Sure. So yes, on the internet, I am Deviant Olaf spelled not at all like it sounds.
So yeah, you'll see my name in the episode.
But I'm on all of the things as my username. So YouTube, I'm not on Twitter.
No one's on Twitter anymore.
But, you know, Blue Sky, Mastodon, Instagram, Reddit, I have a GitHub.
but the professional side of things.
My one company is called the core group.
So Bobbick and I have been running the core group since 2010.
We're at thecoregroup.net.
That's if you want us to break in.
If you want to learn how to break in,
it's going to be Red Team Alliance.
So red team alliance.com.
I'm literally sitting, the reason I'm in such a bare, weird white box,
we got the keys yesterday morning to our new building in Vegas.
We're all out here moving in.
So all the teams downstairs,
The moving trucks have been rolling all day.
Hopefully you haven't heard the garage doors rolling up and down outside.
Yeah, so Red Team Alliance.com.
Our full training calendar is online.
We have our Vegas facility.
We have our facility in Virginia near D.C.
We have classes in Australia and Europe as well.
If you want to buy stuff, you know, I never like mentioned in our retail catalog.
I feel like such a shill.
I won't say it on my channels on social media, but Red Team tools,
all the equipment and gear that I make and design and have changed over the years.
Here's a fun one.
This was a product that literally existed and no longer does.
And I bring things back from the dead.
So we have these kind of in people's kits in the field.
You just pop them out.
This is a fence climber.
You stick it through a fence.
You drop it and it hangs.
And you can go up one side down the other.
You've got a couple of these in your pocket.
And, you know, eight foot, you name however how the fences are.
You're up and over in no time, even my fat ass.
So that's all on red team tools.com.
But yeah, the core group and Red Team Alliance are the most useful.
Fantastic.
I was going to say that you always need somebody like Jack to go over first, though,
to lay down on the concertina at the top.
So then you go up, climb over them.
Even privates and the Army have a use.
It's not harder to do all that nowadays.
I mean, we have friends at Magnusphere who the fence sensor technology,
the shake sensors are getting really subtle.
And I even did an experiment where I said,
I wonder if it would detect going over the fence.
I bet it will.
and the guy was like, it's going to detect you putting it on the fence.
And sure enough, yeah, we watched, you can watch the little line go up on their graph.
He's like, yeah, just touching the fence was enough.
You're not getting up for that.
That's amazing.
That's amazing.
Yeah, so definitely check out deviance, the classes, the company.
And the videos, like everything on YouTube is just fantastic.
So I highly recommend people track you down and watch all of that.
Absolutely.
Thank you.
A lot of, I mean, my channel now must, I've been on YouTube since.
2009. There's a lot of crap on there. But the long, I find a lot of people like the long form stuff.
So my lectures, when I've actually given presentations, there's maybe a dozen or more hour-long
videos on my channel. That's all my professional talks. And I think it's a lot of, you know,
you talked in the beginning about, you know, kids not having space anymore. And like,
I remember when I was maybe like in junior high, like breaking into a school over the summer,
like going in through the top. And we weren't destroying anything. We weren't stealing anything.
it was just the thrill of being able to get in, right?
And you're in and like, you're in.
And you still, like a lot of your videos,
you still have that thrill of discovery.
Like when you're presented with a new challenge,
a new technology, a new type of door sensor,
you know, because it has to open from one side
and putting gas or blowing up a balloon or whatever
on the other side of the door.
Like there's still a lot of that, I don't know, like that,
that sense, that childlike sense of exploration. Like, oh, let's, let's, here's a new puzzle. Let's
solve it. Absolutely. Yeah. All right, guys. So we will see all of you next time. Thank you for joining us.
Thank you, Deviant. And you can find all the links down the description that we mentioned on the show.
And for our Patreon subscribers, stick around because there's a little bit more.
It's going to get spicy. All right. I'm going to leave it running. D can cut the
film. Oh, right, right, because
we can roll right. That's right. That's right.
Because we're not live for anybody but
patron. Do you
have, I know I kind of put you on the
spot to you, but we're still rolling. We're still live
to the patron, but
do you
do you have something in mind
a story or a vignette
or anything?
Oh, a story from my end?
Yeah. So, and like I said,
it can be, you know, it could
be something that a time it went bad, a time it went really good, a time something weird happened.
Yeah, weirdest thing that happened during. I mean, there's a story I've told once or twice,
but one of my favorite jobs was a job we completely had no success. And it was a small company
in the, in the middle of America, it was a middle America, nowhere'sville. And some people say,
oh, you know, these podunk town, you're going to put one over on those rubs. I mean, no one really
says something rude, but there's a certain kind of thinking that says, well, small companies,
you know, these people, they're not, they're not going to be have sophisticated security systems.
And they didn't have a lot of big budget.
They didn't have all the whizbang stuff that you see at the trade shows.
What they had was a dedicated team of staff, many of whom had worked there for decades.
And they just cared.
They had emotional investment in what they were doing.
This was, it was an agribusiness, essentially.
So they were American food supply, right?
Like this is, I would consider it critical to our nation's health and well-being.
I was very hopeful that their security would be robust, but it was in the way I wasn't expecting.
We came out there, case the joint, did all our usual recon, had our cover stories.
We said, all right, let's find the local utility companies in town.
We made badges, outfits, you name it, in case we were on site, getting questioned.
So we were, you know, because of being a utility company worker, you can kind of be on the buildings,
around the grounds and no one who, oh, that guy's doing the, he's checking out, he's,
you're spray painting, some marks in the ground a little bit.
So we did all this research.
We found a few doors that were a little bit of jar and we had some ideas.
All right, we come up with an attack chain.
We're going to come in on Sunday morning.
Everyone's at church and watching football.
We were on site walking around the premises and again, looking like technicians, right?
We were in this building.
There was a multi-building complex.
I remember we're in a building for maybe half an hour, 45 minutes tops.
And somebody said on our team, say, hey, there's a car in the parking lot that wasn't there
earlier.
We look out, sure enough, yeah, there's a car.
What's that?
And we later said, do you see who's that guy?
There's a guy going from building to clearly going building to building.
Not a security guard, just a dude whose badge worked.
He said, that's freaking weird.
And later, he came and found it.
He found us in one of the buildings and one of the office.
offices. And he said, hey, you know, what are you guys doing in here? Again, so we're from such
and such telecom. We were sent here. We did some work at your Wyoming office. He said, we're here at
the Kentucky office now. He said, no, I would have heard about that. Who sent you from Wyoming?
We knew Nate. We said, oh, well, Keith is the plant manager over there. He does the IT infrastructure.
No, I don't know if Keith. I could call Keith and find out. This guy was having none of it.
And eventually, we had to produce, you know, always carrying a letter that says, look, we
hired by this guy, the CEO knows we're here, the owner knows we're here. And he's like,
yeah, yeah, there was an odor to this situation. I didn't like it. He said, well, are you working
today, sir? He said, no, I was driving through town. He was literally driving down Main Street.
He looked at the parking lot and just driving by the buildings, he saw one of our team in the
parking lot. He said, I don't recognize that guy. He did a K-turn, came back up Main Street,
and he said, that saw your guy badge into a building. And, he said, I saw your guy badge into a building.
and I said, I don't like this.
And I said, wait a minute, you saw on your freaking day off a person badge in with a working badge.
And you still didn't, he's like, no, I didn't like it.
Something didn't like it.
It suddenly didn't feel right.
I know companies where you could walk in and say, hi, I'm here to steal everything.
And the employees would say, yeah, F this company.
They don't care about me anyway.
Right, right.
Yeah.
I give a crap.
But this guy, I mean, he had been working there for.
probably 30, 40 years.
Yeah.
He knew, like he knew the owners.
They went bowling and said he's like, no, he just had emotional investment as did everyone
at this company.
We were on our walkthrough the day after.
We're on Monday.
Escorted around.
And at one point, our escort, you know, the co-owner of the company, his son, he left
us alone to get something.
And a woman was like, what are you doing on this wing of the building?
We said, oh, you know, Frank is letting us say, she's like, Frank's not here.
Where's Frank?
You don't belong here.
Come to the front with me right now.
And she had just been working there for, you know.
like, you know, she had been at the same desk for the same money decades.
There's a real lesson there.
And investing in your people, I don't just mean give pizza Fridays.
I mean, actually give real raises, take a real interest.
Are people satisfied with their job?
Do they care about what you're doing?
That's what saved this company from everything we tried to do to them.
Kid, I want to ask, you know, I don't want to keep you too long,
but I want to ask either for a time you were horrified,
by how easy something important was that shouldn't have been easy,
or about the biggest ass chewing you ever saw because something was easy?
I was really sad to learn of, this was a biomedical research facility,
and ultimately they had spent a time.
I mean, they had money coming out their ears, right?
They had spent so much money on all their security systems
but they didn't invest in a decent, like, badge credential technology.
They were still using the most outmoded, outdated H-I-PROX credentials,
which had been around, you know, 30 years at this point,
more than that 40 years probably at this point,
the original hit prox.
And it's the most clonable badge imaginable.
We ultimately, it was hard to clone badges.
We couldn't really get to the employees.
They weren't around.
It was a very buttoned up, very,
tight building. But one of our staff went in, one of our team went in and interacted with the guards
in the front lobby. And he was just BSing with them. And there's, again, we talk about this in training.
We had a long range reader in a laptop bag. And if you got close enough to someone's badge,
you could grab it. You could, because there's no, there's no encryption on the badges. You just
had to brush past the badge. And he was able to get past one of the guards. And there's a longer
version of the story that I've told us for it. But eventually he gets near a guard. And he gets near a
gets the guy's badge
and then we just cloned it instantly
we just got in and then we came in
the next night
midnight shift there was a big movie premiere
it was like the new Star Wars that was coming out
like the episode Phantom Menace or whatever was coming out
a long time ago story
but we were able to use these we just got in everywhere
and the lesson we later learned
and again it's not always your fault
it's not always you can control the badges
So this building that they were renting was owned by a huge property management company.
And they insisted, like, here's the badges for the building.
This is the badge system.
Right.
Now, they had other badges they could have used, but the property management company made it such a pain in the ass.
They just said, no, we're just going to go with the badges.
Fine.
We're not going to go through all the legal hoops and give you copies of badges.
So they were locked in by some weird rental agreement.
But the sad part is that all that entire guard crew, I won't say got fired.
they still had jobs but they lost that contract like the guards were all cycled out and that was part of the
with the executives i can't believe the guards let you get close to them i said come on man who's
kind of think that somebody right you know we had a guy knew how to talk and i said if you had kept those
guards that would be trial by fire for them that would they would be way more hardened against this
kind of attack and they'd be way more poised right to say hey i'm not going to keep my badge right in front
of me while it's visible and you know i think it was the wrong move
I think they should.
That's the, you want the person who got caught in a stumble
if they're willing to learn from it and recover and get better.
Especially if they didn't even know that technology existed.
Like they're security guards, right?
They're not like FBI.
They're not FBI.
You know, it's, yeah, it's unfortunate.
Debian, thank you.
Thank you very much.
We really appreciate being with us tonight.
It's a great time.
Hey, guys, I want to tell all of you today about a new newsletter that we're launching
that encompasses both the Team House podcast,
the Aiz On podcast and the high side news outlet, which I run with Sean Naylor.
The newsletter is going to be once a week.
It's going to come into your inbox and you're going to get the most current podcasts on Aizon and the team house
and whatever's topical or current on the high side.
So it's another way for us to get the information out to you as social media algorithms are pretty iffy
and you never really know what you're going to get.
So this is a once a week email.
It'll slide into your inbox and it will have, you know, the greatest hits of that week.
It's really good, man.
Checking it out.
The website for it is teamhousepodcast.kit.com slash join.
Teamhousepodcast.com slash join.
You go there and you enter into your email list or you enter your email into the little thing on the website and you're good to go.
And that'll be it.
So we really appreciate your.
support and hope you'll consider signing up.
Where's the link?
The link will also be down in the description if you're looking for it there.
And that's teamhousepodcast.
Dot, kit, kiloindiatango.com backslash join.