The Tim Ferriss Show - #74: How a Computer Hacker Optimizes Online Dating, Opens Locked Cars, and Hijacks Drones
Episode Date: May 2, 2015Samy Kamkar is one of the most innovative and notorious computer hackers in the United States. He’s also a well-known whistleblower. If you want how Samy hacks everything from onl...ine dating to car alarms, this episode is for you. He is best known for creating the fastest spreading virus of all time, a MySpace worm named “Samy.” He got raided by the United States Secret Service for that one. More recently, he’s created SkyJack, a custom drone that hacks into any nearby drones, allowing him (or any operator) to control a swarm of devices; and Evercookie, which appeared in top-secret NSA documents revealed by Edward Snowden. He also discovered illicit mobile phone tracking by Apple iPhone, Google Android and Microsoft Windows Phone mobile devices, which were transmitting GPS and Wi-Fi information to their parent companies. His research and findings led to a series of class-action lawsuits against these companies and a privacy hearing on Capitol Hill. To see Samy help me hack my online dating, check out the “Dating Game” TV episode here: http://itunes.com/timferriss Here is Samy’s site (http://samy.pl/), his outstanding YouTube channel (https://www.youtube.com/channel/UC4m2G6T18_JcjwxwtwKJijw), and his Twitter (https://twitter.com/samykamkar). This episode is brought to you by two companies I use myself: 99Designs — http://99designs.com/tim Mizzen & Main — http://mizzenandmain.com/collections/tim Enjoy!***If you enjoy the podcast, would you please consider leaving a short review on Apple Podcasts/iTunes? It takes less than 60 seconds, and it really makes a difference in helping to convince hard-to-get guests. I also love reading the reviews!For show notes and past guests, please visit tim.blog/podcast.Sign up for Tim’s email newsletter (“5-Bullet Friday”) at tim.blog/friday.For transcripts of episodes, go to tim.blog/transcripts.Interested in sponsoring the podcast? Visit tim.blog/sponsor and fill out the form.Discover Tim’s books: tim.blog/books.Follow Tim:Twitter: twitter.com/tferriss Instagram: instagram.com/timferrissFacebook: facebook.com/timferriss YouTube: youtube.com/timferrissPast guests on The Tim Ferriss Show include Jerry Seinfeld, Hugh Jackman, Dr. Jane Goodall, LeBron James, Kevin Hart, Doris Kearns Goodwin, Jamie Foxx, Matthew McConaughey, Esther Perel, Elizabeth Gilbert, Terry Crews, Sia, Yuval Noah Harari, Malcolm Gladwell, Madeleine Albright, Cheryl Strayed, Jim Collins, Mary Karr, Maria Popova, Sam Harris, Michael Phelps, Bob Iger, Edward Norton, Arnold Schwarzenegger, Neil Strauss, Ken Burns, Maria Sharapova, Marc Andreessen, Neil Gaiman, Neil de Grasse Tyson, Jocko Willink, Daniel Ek, Kelly Slater, Dr. Peter Attia, Seth Godin, Howard Marks, Dr. Brené Brown, Eric Schmidt, Michael Lewis, Joe Gebbia, Michael Pollan, Dr. Jordan Peterson, Vince Vaughn, Brian Koppelman, Ramit Sethi, Dax Shepard, Tony Robbins, Jim Dethmer, Dan Harris, Ray Dalio, Naval Ravikant, Vitalik Buterin, Elizabeth Lesser, Amanda Palmer, Katie Haun, Sir Richard Branson, Chuck Palahniuk, Arianna Huffington, Reid Hoffman, Bill Burr, Whitney Cummings, Rick Rubin, Dr. Vivek Murthy, Darren Aronofsky, and many more.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Transcript
Discussion (0)
This episode is brought to you by AG1, the daily foundational nutritional supplement that supports
whole body health. I do get asked a lot what I would take if I could only take one supplement,
and the true answer is invariably AG1. It simply covers a ton of bases. I usually drink it in the
mornings and frequently take their travel packs with me on the road. So what is AG1? AG1 is a
science-driven formulation of vitamins, probiotics, and whole food sourced
nutrients. In a single scoop, AG1 gives you support for the brain, gut, and immune system.
So take ownership of your health and try AG1 today. You will get a free one-year supply of
vitamin D and five free AG1 travel packs with your first subscription purchase. So learn more, check it out. Go to drinkag1.com slash Tim. That's drinkag1,
the number one, drinkag1.com slash Tim. Last time, drinkag1.com slash Tim. Check it out.
Optimal minimum. At this altitude, I can run flat out for a half mile before my hands start shaking.
Can I ask you a personal question?
Now would have seemed an appropriate time.
What if I did the opposite?
I'm a cybernetic organism, living tissue over metal endoskeleton.
The Tim Ferriss Show.
Hello, ladies and germs. This is Tim Ferriss, and welcome to another episode of The Tim Ferriss
Show, where I deconstruct world-class experts, whether they be chess prodigies,
incredible billionaire investors, celebrities like Arnold Schwarzenegger, or in this case,
one of the most capable and notorious computer hackers on the planet, who happens to also be
a good buddy of mine, Sammy Kamkar. He is a beast. He's also a well-known whistleblower
and entrepreneur. So we could start with what he's probably best known for, which is creating
and releasing the fastest spreading virus of all time, which was the MySpace worm called,
aptly enough, Sammy. And of course, he was subsequently raided for it by the United
States Secret Service. Yes, he was prevented from touching computers for three years, but he's also done many other things. He created Skyjack, which is a custom drone that
can hack into other nearby parrot drones and basically create a swarm of drones that someone
like Sammy can control completely. He's also known for creating Evercookie, which appeared in top
secret NSA documents revealed by Edward Snowden. And he has also spotted some what you might consider bad behavior. So he discovered
illicit mobile phone tracking where Apple, in the case of the iPhone, Google, Android,
and Microsoft Windows phones were transmitting GPS and Wi-Fi information to their parent companies.
And his research on this has led to a series of class action lawsuits against the companies and a privacy hearing on Capitol Hill.
So he is a controversial figure.
And for those interested after this interview in delving more into a lot of what I've done with Sammy, he is one of the experts that I relied on in the dating game episode of the Tim Ferriss experiment, which is the number one TV season on iTunes. As I record this,
he helped me to hack my online dating and test a bunch of things that seemed ridiculous and ended
up working. And of course we had Neil Strauss of the game and a high-end matchmaker and other
people that we tested, but you can check out that episode, which is really fun on itunes.com
forward slash Tim Ferriss, two R's and two S's. It's itunes.com forward slash Tim Ferriss. Two R's and two S's. That's iTunes.com forward slash Tim Ferriss.
T-I-M-F-E-R-R-I-S-S.
We also have some bonus footage
from the episode with Sammy that is on Vessel.
And if you're interested in content distribution,
this is also just a cool site to check out.
And you can go to Vessel.com.
That's V-E-S-S-E-L.com forward slash Tim Ferriss.
And you can find a bunch of videos.
I'll be adding more and you can see all of these for free for the next 30 days. Just have to sign
up. So without further ado, I want you to enjoy the very thought provoking, terrifying and
instructive conversation with Sammy Kamkar. Sammy, welcome to the show thank you awesome it is so great to see you again it has been a while
since our adventures in tv land it has and and i've wanted to i've wanted to introduce you
to my fans and this audience for so long already and i think a great way to do that is to explain
a few things that are right in front of me so you haven't you have a necklace on yes i do can you explain what
is on your necklace and i hadn't seen this before today sure sure um so this is something uh it's
actually a microcontroller so it's basically a little mini computer that sits around my neck
that i've programmed to into something that I call USB drive-by.
And basically what USB drive-by is,
is it's something that I wear around my neck, obviously.
And any computer I plug this into,
it, within about two seconds, takes it over forever.
Essentially, if you've ever plugged in a keyboard into your computer, you know that you can just start typing keys.
Well, the awesome thing about computers and keyboards
is that you can do anything
from a keyboard. You can open,
if you're on Windows or OSX, you can open
a spotlight or a start menu and start typing.
You can, say, open a terminal,
go into the network preferences,
make all my network traffic
go to another server. So now,
if you plug this in, all of your
internet traffic, whatever
website you go to, any email you check,
goes through my computer.
So I can see where you're doing, where you're going.
Additionally, it evades a firewall.
There's like a firewall where it actually asks,
do you want to allow this connection to this random server,
sammy.pl, that you've never heard of?
Well, thanks to this firewall, you can just hit enter, right,
to hit the accept button.
So it's like, oh, I'm just going to hit accept.
And this thing is, you know, it couple like two inches you know two inches oh
yeah you barely even notice it as anything uh other than decorative but of course you're not
a steampunk burner last i checked so it actually has a function right right so i've you know i've
actually made a video on this i've released it entirely open source for anyone to see how it works,
actually use it.
And the idea is not to actually be malicious
and use this against people,
but to demonstrate sort of the flaws
that exist in our everyday computers
in systems like USB
that have existed for years and years and years
that we don't really think about.
Yeah, and there's another toy
I want to get to in a second,
which also blew my mind,
although it didn't entirely surprise me given the conversations we've had in the past.
But I at one point was chatting with a former intelligence officer for – I think it was MI6.
And he now does private security in Silicon Valley and other places. if you were to go to, say, a Facebook or a company like that and drop off malicious USB drives
that were branded with the company logo on them
and just drop them in the lobby where people check in,
that 75% to 80% of them will get picked up
and plugged into a computer on campus somewhere.
Yeah, it seems like a high percentage, but I believe that.
I mean, man, the problem is you'll plug in i'll plug in almost
anything yeah well the lobby is key because you also get visitors who think they're getting
they've found something valuable oh yeah right right all the dignitaries oops yeah there's a
couple there's a couple music artists you know i love going to uh to shows and there's a couple
artists i think like bass nectar has thrown out usb sticks which i think is great right with like unreleased music and i just want to go to coachella and just throw
these things out oh god the drive by usb oh jesus sammy you terrify me but you also delight me tell
me tell me about this this other toy and it is a toy right this is a toy i mean it's not a toy
well it's a toy it was a toy it was a toy okay so this is is a toy. I mean, it's not a toy. Well, it's a toy. It was a toy.
It was a toy.
Okay, so this is,
I haven't released any of this stuff out yet.
And where can people find the video just to backtrack for a second?
Sure, sure.
My website has everything.
So sammy.pl, that's S-A-M-Y dot P-L.
And I will link to all these things
in the show notes as well for everybody.
So this is called the Mattel I Am Me.
This is a product for essentially tweens.
And it says pink.
I call it, I think it's fuchsia.
But it says Girl Tech on it.
And you can essentially text your friends.
And Mattel came out with this many years ago
so that sort of teen kids could text their friends
without running into the wrong creeps and the wrong people.
It's restricted to who you can communicate with.
But it happens to have a really cool wireless chip that a couple other people out there,
Mike Glossman and a few other people have found that this wireless chip is actually really, really powerful.
Much more powerful than texting teenage girls.
It's actually able to listen and transmit on a wide number of frequencies, including some things that I found recently, like a ton of almost all garages, high-end luxury
vehicles.
If you ever used, let's say, a remote, you know, a lot of cars these days, you hit a
remote to unlock your car.
Right.
Quick, quick. Exactly. Yeah, yeah's say, a remote, you know, a lot of cars these days, you hit a remote to unlock your car. Right. Quick, quick.
Exactly.
Yeah, yeah, beep, beep.
Yeah.
So that's all with radio frequency.
And normally that's supposed to be encrypted,
or at least it's supposed to be really hard.
And the thing about security that I've learned over time
is that if we don't see it, we just assume it's safe.
Right?
If you can't see it, it's fine.
If it's not an open door to your house. Exactly, right? As long as you don't know it we just assume it's safe right if you can't see it right if it's not an open door
to your house exactly right as long as you don't know what's happening um it's kind of and i mean
it's true ignorance is bliss but not until someone steals your car uh so this is something that i've
been working on too and that's something i've been demonstrating and we'll come out with pretty soon
with being able to take
this mattel toy which is now discontinued but you can get on ebay for pretty cheap
modify it so like here we're actually seeing uh just different frequencies and i'll take and i'll
take a photo of this for you guys as well cool um so like michael osmond is another hacker who
builds amazing stuff.
And he's built this spectrum analyzer, which shows us frequencies.
And I've modified it here to actually record things.
So, like, if I take a car key, we'll actually see a spike here whenever I hit the button.
And a lot of cars, you hit the key to unlock, and then you get in your car and you just press a button now.
And that's wirelessly communicating with your key as well.
You don't even have to put a key in the ignition in most cars it was very confusing to me when i
first used it yeah you just leave it in the center console or whatever yeah yeah we were stuck in
there for like 30 yeah trying to figure out how to turn the car on yeah show my age
so essentially that's also with radio frequency you press the button and it sends a signal to
your key to ensure that it's there.
So this device, I've essentially programmed it
to record that information.
And it has to do a few more tricks,
get over a few hurdles,
and then I can now start your car,
unlock it, and drive away.
And fortunately, this only works on nicer cars.
Well, you know, this is... i remember when we did uh some of our
experiments in online dating and we'll definitely talk about some of your amazing adventures in the
world of online dating but uh when i did an episode that involved uh breaking into cars
which is a whole separate story but uh noticed that a lot of the higher end in this particular case japanese vehicles
were really easy to break into easier than like old broken down pickup trucks in some cases
and it's just astonishing to realize that in certain cases you know the security with the
most expensive category of a product is the most vulnerable.
It really astonished me to realize that.
Well, you'll find in a lot of nice neighborhoods
the doors are unlocked.
Oh, yeah.
No, exactly.
And what I found in this particular case,
this was a week of experimenting with urban evasion
and picking locks and getting out of handcuffs and
all this stuff. And, uh, by the end of two or three days with a very minimal set of tools,
I could open all of the cars that the staff had rented who are, who are working on the show,
including like GMC Yukons and like some very expensive higher end cars. Uh uh how did you learn to do this kind of thing i mean where where did you
start to develop this interest in this skill set yeah because you have such a breadth i mean you
have familiarity and comfort with software obviously programming but now with hardware
where did all that start uh the hardware or just the all? The hacking. The hacking. Okay, the hacking. The hacking, I mean, it started early on.
So I just lived with my mom when I was younger, and she worked a lot.
She had typically two jobs, and she got me a computer one day.
I was probably like eight or nine.
She got me a brand new computer.
And I said, hey, mom, you know, can I have internet? Can I go? And she spent all her money
on this, on this brand new computer because she knew that I had nothing to do. Right. I was at
home this summer. I had no summer camp or anything. I was just at home. So she knew all the computers
and she spent everything she had to get me a new, this computer. And I got the internet. And that
was one of the best days of my life.
And I go on there and I find that, man, there's like so many amazing websites dedicated to the X-Files.
Which was awesome because I love the X-Files.
So I spent all day on these websites about the X-Files.
And I thought, man, I'd love to really talk to people about the X-Files.
So I got into, I found a message board about the X-Files, so I posted it on there.
I was like, hey guys, I really like the X-Files too. Let's talk.
I kept eating refresh. It was back in the day of message boards.
I guess we still have them. They're called forums now.
I was refreshing and refreshing.
I wasn't getting the immediate response like I would on Yahoo or Metacrawler back then when I'd search.
So I found something called the chat room, IRC.
And I got in there and I went into a chat room.
And I was like, hey guys, who wants to talk about the X-Files?
Which was my favorite show at the time, if it's not obvious.
And someone said, get out.
And I said, what?
What do you mean?
I just want to chat.
Let's just hang out and chat about stuff.
He's like, get out.
And I said, no.
I mean, I'm not sure if I said no, but I didn't.
And then he said, you have 10 seconds to get out.
And I was like, okay, random person I don't know on the internet,
what are you going to do?
And 10 seconds later something happened my computer
crashed and i panicked i turned beet red i you know couldn't speak i was sweating and i never
encountered a computer crash before especially on the first day that my mom had just bought this and
spent all of her savings and money on this thing right um that i just destroyed
potentially i waited for like 10 minutes uh didn't want didn't want my mom to find out
disconnected from the power connected back in thank god it still worked and as it was coming
up you know adrenaline rushing kind of like fight or flight mode i said that was that was the
coolest thing ever how do do I do that?
You were hit by a wizard.
Yeah.
How do I develop my own magic?
Yeah.
And not that I want to destroy people's computers,
but the,
the,
the ability,
the power,
I mean,
there's something really intoxicating about that feeling about being able to
do that.
And that's what got me down to say,
okay,
well,
how do I do that?
And then what was the next step after that?
The next step I learned about these things called DOS attacks
in all of service. And this was like Windows 95.
It was a long time ago.
I was going to say, it's a pretty good one to attack.
Yeah.
You know, I downloaded a program
that did this. And then Windows...
A DDoS program.
No, just a DOS.
Okay, not distributed.
DDoS is like a newer thing.
Maybe that came out in like 10
years ago because doses were no longer effective right so this was just a dos attack and uh denial
of service denial of service making a website unavailable to other people exactly website or
computer or computer yeah and this wasn't even overwhelming it was just a specially crafted
packet that you had sent to somebody and microsoft patched it one day and i was like oh no my my wizard my electronic letter bomb doesn't work anymore exactly and i said well someone devised
a way to create this program how can i do that how can i make my own it was called win nuke how
can i make my own win nuke so i then learned how we didn't win exactly so back then you called it
nuking and not dossing nukinging. And I started learning how that specially crafted packet
modified memory on a Windows computer improperly,
corrupted something in the kernel,
and then would cause it to crash.
What is the kernel?
Just for those not familiar, which might include me.
Yeah, yeah.
I've heard the word a lot.
Sure.
The kernel is basically just the brain.
It's the brain of a computer, typically.
So typically more advanced operating systems like Windows, Mac, Linux,
they'll have a kernel that handles all the system functions.
It makes sure your keyboard works and your monitor works versus your normal software that sits on top of the kernel.
Got it.
And from there, I learned how to start writing software and a lot
of it also came from gaming um you know i played counter-strike a lot i actually got into quake and
doom then quake then counter-strike it's probably like 14 playing counter-strike all day and all
nights uh and i was you know i played so much that i got good, but I wasn't the best.
I thought, how could I be the best?
And I was playing one day,
and I had two speakers, left and right,
and someone comes up behind me.
And in Counter-Strike,
you can see where all your teammates are.
You have a little radar, a heads-up display,
where you can see your teammates,
but you can't see enemies.
And I heard footsteps.
They came from my right speaker and then panned to my left speaker,
but I didn't see someone on my radar. So I knew if they're on my radar, it must be an enemy.
But since I couldn't see them, they must be behind me. And I thought about that for a moment.
There's information going from my right speaker to my left speaker. That means there must be
positional information about the enemy. How do I get access to that? So that's when I learned the
fact that these packets from these other
players are coming to my computer over the internet and they have positional information
of where to play footsteps. So if you have surround sound, you'll properly hear how far,
how, you know, the amplitude, the volume of those footsteps and where it should be panned.
And once I understand, uh, understood and learned about packet sniffing, where you can just see the
packets, see the actual traffic going over the internet,
I could then locate every person on the map,
enemy or friend.
So I then created my own cheat software.
And that placed everyone on the map.
I mean, I could see through walls.
I actually added opacity.
I started learning about how to reverse engineer the OpenGL,
which was the graphics library that was used.
So all the graphics that are displayed,
when something says it should be
a wall, I said, you know what? You should
actually have a 50% alpha
transparency. I should be able to see through it
a little bit.
So you see some guy
crouching. You see some
guy crouching
behind a box, and I know exactly
where he's crouching. So I just run
and do a matrix flying jump and do like a you know
matrix flying jump and shoot him you know headshot and then the game wasn't fun anymore
and actually you know soon after that i was probably 15 at that point
uh there's a software called punk buster and just just to take a quick pause you were in
pittsburgh where were you at the time okay so? Okay, so I was born in Pittsburgh, correct?
When I was 13, my mom was like, do you want to move to L.A.?
And I said, okay.
And we got in her car and moved to Los Angeles because she wanted to be in L.A.
And I thought that was cool.
It's a hell of a drive.
Okay, so 15, not to interrupt, so now you're in L.A. at this point.
Yeah, 15 in L.A., in like Arcadia, Pasadena area.
And at this point, it was about far enough
that I had kind of had enough of high school.
Not for any good reason.
I just didn't enjoy it, so I just stopped going.
My mom was working a lot, so she was at work.
I mean, she couldn't tell me not to.
So I would just stay home and play Counter-Strike
and then work on cheats.
And Counter-Strike immediately became unfun.
I don't know if you ever played with cheats,
but when you have this god mode, it's not fun anymore.
And fortunately...
God mode should be the name of your memoir, by the way.
When you write it.
Awesome. should be the name of your memoir by the way when you write it awesome um so as soon as this uh
as soon as the cheat as soon as i was using the cheat i would also release it as open source so anyone else could use it and see how to do this kind of stuff uh i found they actually created
this software called punk buster that prevented my cheat from working. And all of a sudden it became fun again.
Because now it was like a cat and mouse game.
How do I modify my software
so that they can't detect it?
And we went back and forth. So I'd release a new
version of my cheat software. It was very fun.
So the game became the Cloak & Dagger
defeating of the
Punk Buster. Yeah, absolutely.
And similar applications there. Similar software.
And it was that. At this point I'm fighting against a company full of employed developers and engineers.
And I get to sit in my room and just play against them.
And that, I would say, taught me to understand this stuff.
At that point, just understanding how to break down a problem and how to break down those kind of pretty, you know, at that point, just understanding
how to break down a problem and how to break down those types of problems, reverse engineering,
you're trying to modify something that you don't actually have the source code to, you know,
Counter-Strike wasn't open source. So when you hit a wall or had a block of some type,
how would you learn? How would you problem solve? How would you, how would you try to address that? Uh, if I hit a block of some sort, so I think, uh, I think I've
broken down things too. I pretty much, if I have a problem, whatever that may be, whether it's
technological or in life, uh, and I will take something and I will try to look at two things,
inputs and outputs. And that's how everything in a computer works. And that's take something and I will try to look at two things, inputs and outputs. And
that's how everything in a computer works. And that's why I think this way, probably.
There are always a number of inputs, puts, sometimes none, but there's typically something
that goes in and something that comes out. And I usually want something to come out a certain way.
And I look at that and I say, what else comes out that way? Under what input conditions can I make
something come out this way? Have I actually tested all the possible input conditions?
You might think with a computer, okay, well, if I give it, you know, if I want to take something
out of memory, if I want to like read a program that I'm not supposed to, what are all the inputs?
I can like mash the keyboard. I can send every possible keystroke. Maybe there's no keyboard.
How can I, you know, use the mouse in a certain way?
But then you just think a little bit further.
What if you take all those readily available inputs away?
What other inputs are available?
And then you start to think about the environment.
What about the temperature?
If you actually freeze, if you actually take nitrogen and apply it to memory, you can freeze memory.
And then you can pull it out.
They didn't have to do this with Ross Albrecht,
if I'm pronouncing that properly, the Silk Road.
They didn't have to.
Yes, indeed.
That's a whole separate story.
Who was apprehended less than five miles from my house.
Oh, that's so crazy.
It's such a crazy story.
Yeah.
No, definitely.
Sorry.
Continue.
Oh, so yeah.
So pretty much looking at all the possible ways I can send information and I can control the input.
That's how I...
What would be an example of that from your counter-strike days or any other
days what would be sort of a real world example of of how you say all right hold on a second let
me look at the inputs and and outputs in this particular scenario okay sure um so let's take
uh something new and new that i'm working on right now that I have some demonstrations of, and that's hijacking cars.
Perfect.
So first it was, how can we start cars?
What is my goal?
What is my intention?
And obviously my goal is not to steal cars but to show fallacies and ways that we can protect against this as well.
But to protect against it, you have to understand it.
So how do I start a car normally?
And I'm looking at these cars where you either use a key or you don't use a key.
Now, cars that use a key, it's actually pretty simple because it's pretty easy to replicate keys.
There's plenty of bump keys available.
There are a number of ways to break into the car.
Yeah, bump keys make getting into cars really easy.
You've learned that.
You've learned that.
My car's safe out there.
Yeah.
It's gone.
That's all right.
I won't have it for long.
Awesome.
So that's actually really interesting.
A lot of hackers, every year there's a really big conference in Vegas called DEF CON.
It's been going on over 20 years now.
And they actually have a huge lock picking area.
So cool.
Yeah.
And it's not even a lot of them are hackers.
A lot of them aren't.
A lot of them are just straight lock pickers.
That's what they do.
They want to be able to break every type of lock. And it's very much the same as hacking, right? It's how
can we control the environment in a way to produce the output that we want? This, you know,
tumble lock turning, even though I don't have the proper equipment, the key. So for the car,
it's like, okay, well, I'm pushing a button. That must be doing something. And I know that
it communicates with my key somehow. I don't know how um because there's nothing else because when my key's not there and i push a
button the card does not start i see you're talking about the non-insertion key in this case yeah
correct for in this case i'm talking about the non-insertion key just because the doing it with
the insertion key has been done over and over again right um so now it's the the newer models
of everything
are now you don't have a key that you insert you just keep it in your pocket so as long as you have
the key on you you can start the car so i want to say okay well how is that communicating and
i look at the key and in some cases the key will actually have like a model number
um in the u.s you actually have the f fcc you're actually regulated where you can what you can
transmit and receive so pretty much any device you know what the band is you know what the FCC. You're actually regulated what you can transmit and receive.
So pretty much any device you have... So you know what the band is.
You know what the band is.
If you look at the back of any phone,
it'll have an FCC ID,
at least in the US.
Oh, yeah.
Look at that.
Looking at the back of an iPhone.
Yep.
Because it transmits or receives.
So from here,
you can actually look up that band,
like you said,
the frequency band.
Then you look at,
how can I listen to that frequency band?
And I found some devices.
I found some awesome...
Now, would you just Google how do I listen to XYZ band?
Like I mentioned earlier, I Google everything.
Can you share what we were talking about?
Sure.
So my car is really small.
Can we be specific?
Sure.
It's very low.
It's a Lotus.
It's a Lotus.
Which I just scrambled and struggled to get out of earlier
and just looked like a complete idiot trying to get out of it.
It's a great car, but it's very hard for me to get out of.
So yeah, the top is on.
It's pretty hard to get out of when the top is on.
And man, when I got it, I loved it.
That's another time I really used Google immediately
because I'd never driven stick before.
So they shipped it to me.
They delivered it at some place in Hollywood,
and I had to drive it home, and I'd never driven stick.
So I'm sitting in it on my iPhone looking at at like wiki how.com i think some you
know i googled how do i drive stick and that's so i learned on the way i didn't learn well
that's a hard that's that's a really rough entry into manual transmission yeah drove home stalled
a few times on the one and a half miles home.
But I got out and just was an idiot and just like stumbling out for five minutes trying to figure out how to pull myself out of these bucket seats.
Because, yeah, it's just... It's kind of like imagine that you have like your pants pulled down to just above your knees and you go down to a full squat and then you have to like dive forward.
It's like ergonomically
very similar so you googled so yeah so i you know i drove it around the first week and man i pulled
up somewhere nice place a bunch of people i had my brand new car i thought this this felt good
not just a brand new car brand new lotus brand new lotus and i'm like this this felt good. Not just a brand new car, a brand new Lotus.
Brand new Lotus, and I'm like, this feels good.
I open the door, and I, like, struggle.
And I'm like, should I just get back in and drive away?
I think some people saw me.
So, after a week of this embarrassment, I Google, how do i get out of a lotus and to my surprise and delight people have documented how i found a youtube video that was very instructional i gave it a like
um i did not leave a comment that i needed to learn but i learned how to get out of my car
through the youtube video and and online because online because it's just really embarrassing.
And yeah, I learned how to use one hand on the steering wheel and you pull that because that is firmly connected to the car.
The other hand on the side of the chair and then you just thrust your arms.
You merge.
You Superman out of the phone booth.
Yeah, you Superman and then smoothly catch your balance. And so the parallel here with the band,
if you look at the back of a phone or device,
the back of a key, and you're like, oh, look at this.
There's an FCC registration.
And I can identify what the frequency band is
for this wireless key for whatever brand X car happens to be.
And then the next step is Googling
or determining how to listen in on that frequency.
Correct, and if you don't know,
and I don't know much about frequency bands,
but I know that when you're listening to FM radio,
that's a frequency band.
FM, that's actually frequency modulation.
It's a way to communicate
data is am amplitude modulation exactly amplitude modulation they actually adjust the way that
they're sending data amplitude is like volume so they're changing the volume to send data
where frequency they're actually changing the frequency so when you listen to 105.9 fm
you're listening to 105.9 megahertz and your the the frequency is actually changing from like 105.9 megahertz. And the frequency is actually changing from 105.8 to 105.106. That's actually
why you can listen to FM radio a little bit off, right? Sometimes you hear FM if you're a little
off. So that's another frequency. And a lot of these actually, car keys use AM. They're not an
AM that a radio in a car would listen to, but they are AM.
So it's the size of the wave, not the number of the waves in a given time frame.
For amplitude, it's essentially how powerful that wave is.
I see.
It's like volume, right?
It's like yelling versus being quiet.
Right.
So that's the difference in amplitude.
Modulation is just a fancy word
for change so and uh and then we'll do the the next step after that so yeah so i found a few
different devices that i can use that are low cost and a couple people you know a couple security
researchers have made a lot of this stuff readily available i mean uh it was other researchers who
found that you can use this
Mattel toy to actually listen to a wide number of frequency bands, rather than, you know, in the
past, just a few years ago, it cost thousands, thousands of dollars to get something that could
listen to all of the frequency bands that like something like this would output and for you to
actually access all that data. So once I got a device like this, I'm actually able to see the
data. I can actually get turn, turn that when you press that button and it sends a signal on 433
megahertz, um, that I can see that data, what that binary data is. And if I send it a bunch,
if I hit the button a bunch of times, then I see it over time and I see what changes,
what doesn't change. And I can make assumptions because then I can compare it to another car and
say, Oh wow, this
beginning is always the same between these two cars.
So that must mean it's this type of car.
But this part here is different
between the two cars, so that must mean this
one's specifically for this car and this
other identifier is for this other car.
And usually,
there actually is decent security
in most cars. It's called rolling codes, where
the code changes every time.
It's kind of like Google Authenticator or something like that.
Yeah, it's like an additional factor of authentication
where the number changes.
So let's say there's only 1,000 possible IDs or passwords
that would work to open this car or turn this car on.
If you send ID 10, it turns on.
But if I listen to that and replay it, replay that 10,
it says, oh, I've already seen 10.
We're on a new code now.
So it's not going to allow that.
So that was the first problem I ran into,
where I can't send the same code.
So if you go up to your car and you turn it on,
I can listen and I can store that.
But if I replay it, it's not going to work
because the car knows that that code's been used.
Now, is the car recognizing,
is it the frequency or the tune, effectively,
of that, like,
that type of stuff,
electronically, like a bird song
that is triggering the car?
Therefore, if it didn't change
from a 10 to whatever was next,
you'd be able to replay that sound auditorily? that is triggering the car. Therefore, if it didn't change from a 10 to whatever was next,
you'd be able to replay that sound auditorily?
Not with audio.
Okay.
I mean, so audio is essentially vibration of air.
Right.
Where this is radio frequency.
I see, right. So the audio is really just a cue for the human
to be like, oh, my key did something.
Yeah, yeah. It's just a really silly sound cue for the human to be like, oh, my key did something. Yeah, yeah.
It's just a really silly sound that they use.
Which I like to reenact.
As some of you may have noticed, that will increase with the more wine that we have, most likely.
Got it.
So you ran into the problem that this is a rolling code.
Exactly.
Some kind of prefix or whatever it might be that's changing over time.
Right.
But there's a couple exploits here.
There's a couple possible vulnerabilities.
If you're away from your car, if you're not close to it, and you hit the button, and I capture that, I can play it.
So if I came into your house, and I had my device, and I pressed the button on your key, I could then record it because your car is far enough that it didn't see that code.
So now I can use the code.
But that's not good enough because now I'm in your house.
I have access to your key.
That seems, it seems like I already have physical access.
I might just live here.
It's a brute force approach.
Yeah, it's a brute force stack.
So that's just not good enough of an exploit really, at least for me.
So I want to take it further.
It's not very elegant.
It's not elegant at all.
So how can we make this better? Now, another thing that I've seen is that a lot of these devices are very inexpensive.
They don't want to spend too much on these parts.
They want to make it work and work well.
So if you actually send a bunch of other data on that frequency, it will not work because
now the car is confused and it sees too much information.
Now, you could call that jamming.
And you don't need to send a big signal but i could if you take another car with the that communicates on the same
frequency with the key and you just hold down your lock button while someone else is trying to get
into their car you'll prevent them from getting into their car oh my god so you can actually hold
and for totally different manufacturers most of them are using the same frequency because there
are only certain frequency bands you can use for this type of stuff.
So if you see someone and you have like a – like I was using a Cadillac car key and it transmits so far.
If you have one of those really powerful transmitters that hits your car from far away and you just hold it down.
Just hold it locked down.
So you could just sit in the parking garage drinking your coffee, holding down the lock button, watching people lose their shit. Not being able to turn on their cars. Yeah, right. Just sitting in the parking garage, drinking your coffee, holding down the lock button, watching people lose their shit.
Not being able to turn on their cars.
Yeah, right.
Just sitting in there.
So ostensibly, is there a way,
and this is just me with my science fiction cap on,
or conspiracy theorist cap on, perhaps,
is there ostensibly a way, if they're limited,
if that band is so uniform
that someone could deploy some type of uh wide reaching jamming to incapacitate cars over an
extended period of time um yes i mean you need a lot of power right the further uh the further
you want to go you need a lot of power that's? The further you want to go, you need a lot of power.
That's why FM stations, right, they have such big towers.
AM can actually go longer.
And so there are a couple ways that you can do this.
But yeah, you could, with enough power and an antenna,
you could prevent a lot of cars from starting.
Wow.
At least if it requires,
if it's using the radio frequency-based stuff, right?
Not a normal key. A normal key will work work fine and i'm sure there are people out there
listening to this who are asking themselves why on earth would these security researchers make
these exploits known to the general public you know isn't that just giving a blueprint to people
who want to exert malice in the world or create chaos and how would you how would
you respond to that oh i mean that's a i'm now keeping in mind in full disclosure i'm one of
those kids who bought the anarchist cookbook and was looking at like improvised munitions and
put himself inadvertently on every watch list on the in in the domestic united states but uh so
i'm fascinated by exploits i find them infinitely interesting but at the same time you
know this is a question that comes up so yeah yeah well i'll first say well when i was a kid
i was like 12 and and once i was 12 i had my own website and i found the anarchist cookbook so i
put a copy of it up because i thought this was awesome and one day my mom comes home from like
one of her jobs is like sammy like someone at work was look you know found this thing on your website
and uh he was actually looking up this thing anarchist cook found this thing on your website. He was actually looking up this thing, Anarchist Cookbook, and found it on your website.
Why do you have this thing?
I was like, well, it's awesome, but why was he looking?
He had found it inadvertently, not on my site, but just through a website.
He was searching for it.
I was like, I don't know. I'm not sure.
It's interesting information.
You ask a good question, right?
Is this a blueprint for malicious people to act upon?
And it can be.
But I don't think so.
And the reason I say this is I've been in security and hacking long enough
that many years ago, what I would do is if I found a new exploit,
sometimes I would contact the company and I would let them know about this and say, hey, totally free.
Just want to let you know I found this vulnerability.
You guys should patch this because it's bad for your customers.
Your customer data could be leaked.
You could be hacked.
It could hurt you.
I haven't done anything.
I just found it.
And sometimes you get a response.
Sometimes you don't.
Sometimes they fix it.
Sometimes they don't.
And then I found some other vulnerabilities.
And then I would write publicly about it.
I'd say, hey, here are some things that we need to fix.
This is a general problem, not something I can just email a company about.
And nothing would really happen.
A couple security people would read my blog and say, oh, neat.
That's some really interesting information.
Thank you, Sammy.
Nothing changes.
And then one day I said, you know what? A lot of these things don't change when I talk about them, when I contact
the proper people who have the pot. When you're going through official channels.
When you're going through official channels. So I released this time not only a blog, and this is,
there was something I released a few years ago, and it's called EverCookie. And essentially what this does is
it plants a tracking cookie on your computer,
kind of like when you go to a website,
and if you go to Google and you make a search,
and then you go back to Google a week later,
it knows who you are,
it knows that you did that search last week,
and that's through a cookie.
But you can delete your cookies.
And I found that some companies were also doing,
they would install a different type of cookie
called a Flash cookie, so that if you deleted your normal cookies, they would install a different type of cookie called like a flash cookie.
So that if you deleted your normal cookies,
they would still know who you are.
It's a bit surreptitious.
Yeah, that's creepy.
Yeah, it's a little creepy.
And a number of people knew about this for many years
and it got talked about and talked about and talked about
for years.
I thought, I mean, these aren't,
someone had released a little bit of software
to try to prevent it.
And I thought, there's some other ways of doing this and i was in uh dublin at the time first time i left the u.s we were talking
about earlier and i uh i thought it'd be cool to create something that can really plant itself like
in every possible way that i can think of and i sat down i was like there's got to be at least
four or five ways and i thought about four about 14 or 15 ways to plant software, or not software, but a unique identifier
that will then track you every time you come back to that website or any site that tries to attract
you using that software. So it would install a unique identifier in your cookies, in your flash
cookies, in your Silverlight, in Java, in your history, in your cache, just everywhere. And if
you deleted almost everything except one, it would then respawn.
It would recreate everywhere.
So you could never get rid of it.
Literally, most browsers could not get rid of this.
So if someone wanted to track you,
they would always be tracking your web presence,
at least on those sites that host it.
And this got press.
This was interesting to the security community
because the security community had been talking about this for years,
but no one really listened.
People had been demonstrating companies that were doing
more mediocre measures of this.
The junior varsity version.
Exactly, yeah.
They were going JV.
This was finally something that anyone could use.
Entirely open source i made entirely free
um got a lot of hate mail for but what was interesting was it was a few months later that
every browser vendor had changed every major browser had changed i don't know if you remember
a few years ago when you want to delete your history you deleted in one place if you want to
delete your cache you have to go into a different drop down and delete it there If you want to delete your cache, you have to go into a different drop-down and delete it there. If you want to delete your recent downloads, you go somewhere else.
All of this stuff was segregated. And no sane person would actually go through all this effort.
Now, when you delete your privacy information, you go to file, delete privacy.
One checklist.
One checklist. And I saw that change. That was probably the biggest thing that made it.
That impacted me to understand this actually produces change.
Yes, maybe someone will be able to use it maliciously for a little bit.
But you know what?
People have been using it maliciously for years.
And no one actually knows that because talking about it doesn't do enough.
Yeah.
It's not just enough to talk.
And you need people to listen.
And there are definitely different levers you can pull to make that more effective sure so speaking of which uh
and i do want to if you're open to it uh chat about um myspace at one point sure because that's
a hell of a story oh my god folks don folks. Don't go away. Coming right back.
The next subject I thought we could dig into a little bit is online dating.
So getting people to listen.
We had a lot of fun with the episode on the Tim Ferriss experiment,
which is now digitally available by the time people are listening to this, which is amazing after so much effort and lawyering and everything uh we had a lot of fun on that episode
and you take this same scientific approach and i really feel like what you do is
using the scientific method really at a high level level to attack some of these engineering problems and challenges in the world of mating and dating.
So could you talk about some of the ways you have thought about online dating and improved
your prospects in online dating?
And we can dig from there.
All right.
I don't even know where to begin.
My mind is flooded with all the possibilities
that we could discuss.
Okay, so I used online dating maybe a long time ago,
10 years ago, 11 years ago.
And I met someone great
and had a great relationship for a few years
and that was awesome.
And I think I got back to it maybe,
let's see, I think five or six years ago
i had gotten my you know meeting people is frustrating uh i wanted to meet meet more women
so i thought okay i'll do online dating again i had good experience it was paint it was hard as
a lot of work is painful uh but also fun at times. And it was successful.
So I thought, okay, I'll do it again.
So I went on sort of the hip dating site at the time.
And I...
What was that?
That was OkCupid.
OkCupid.
Yeah.
And I made a profile on there a few years ago.
And I started reaching out to people, doing searches and that you know i was
doing a lot of i had also a lot of work i had a lot of stuff to do in my life a lot of stuff i
like doing i did not like going messaging people not getting messages back scrolling just like
scrolling through endless lists having so much so much data to go through and then not even knowing whether i mean i guess
the biggest problem was i wasn't getting messages back right i'm like what happened
i thought i was eligible what's the failure point here right they're like damn it so i thought okay
well you know how would i how would i approach this and this was after a few frustrating weeks
i thought how would i approach this if this were a problem with my,
let's say, my company's website or something?
What if I were trying to make sales online?
How would I approach this differently?
And I thought, okay, well, if I were doing something for my own company
or my own business or my own product or whatever,
I would probably start with some basic A-B testing, some multivariate testing.
I would try comparing what one group of people did versus another group of people so i didn't have i didn't want to spend
too much time in this but i wrote a little script and all that did was every day that would cycle
that would change my photo my primary photo and uh okay qubit will also show you how many hits
you would get that day so every day i would
check back and that was stored in a database and you know i had it i had throw up a couple of my
you know bad photos just as a i don't know control or something and had my my best photos and some
medium photos my best photos were awful they were terrible what i thought performance what a
performance why what i thought looked great with this stupid smirk on my face it was terrible just bombed it bombed right no one clicked
right and this is in searches and probably in messages as well nobody clicked the photos that
i thought were good and a couple of these photos that i just thought were mediocre subpar just
they got clicks and there's certain certain things i learned that i mean i will say
your chick crack yeah things that you know when guys see certain things on a website they click
hey their brain shuts off and they click and there are the same things for girls so what are what are
some of those things well um the thing that did best i mean just a land slide was uh a picture of me and a cat
sitting on my shoulder so they weren't clicking for me and this had nothing to do with me let's
let's be clear it was they saw a cat yeah but that's okay i'm just trying to get you one step
further right one step further where then you can learn a little bit of my personality maybe you'll you know you'll try to read this uh this text i put up uh so that was that instantly
after learning that i was just blown away i was like wow i've been doing this wrong i am not as
i have no idea what other people like apparently um and that's fair i mean i don't so i should
use data and try to help help myself and help other people i mean i don't so i should use data and try to help help myself and help other
people i mean i think this is beneficial and uh we did some absurd permutations of this
for the tv show i'm not going to spoil it uh but we uh we went for the gold with some of these
profile pics uh the of you of me of me of me to be clear and there were other people involved like neil strauss
who really was not in favor of of any of this but uh who's the author of the game for those people
who don't know the the what are what are some of the now at one point you didn't you create a
female profile to observe what came in as inbound in terms of absolutely i mean i'll start
with this i'm i'm not um i try to be as transparent and and honest with people um i you know i hate
deception and i don't try to deceive people but for ab testing it's it's it's for science so i
created a profile of uh of what i thought would be someone i would like to date
right someone who's attractive um what did you what did you call her do you remember oh i don't
know i'd have to look that up all right i'm pretty sure i stole i'm pretty sure i stole another
girl's username and then you changed a number got it um i used text from a profile that i really Got it. weren't so you know i'd always start with the subject hello and then a really great message
and uh after the first day i got over uh no close to a hundred messages close to a hundred
emails as this you know attractive interesting female that's i mean terrible there's no possible
way anyone's going to go through all those messages. And now I'm looking at the messages. And the first thing I see is the same subject over and over and over that I probably used
over and over and over.
They're all saying basically three or four things.
Hello.
That's yours.
My line, yeah, that's my line.
Hey, wink, winky face.
Thought we should chat.
And wanna fuck.
Nice.
It's a strong opener.
And it's actually, all of those were used a lot.
It was surprising.
And I felt, I was offended.
As a fake female on this website i was offended and i thought wow like these are all the a they're all the same right even if it were interesting if
it's all the same then it's irrelevant so i immediately learned okay my subject line has
to be different it has to be interesting it has to be you know non-offensive and it has to be not
boring um so then i went
into another city i went into actually another state and i tried mailing lots of people different
subject lines as a man right as my own profile in a state that i wasn't even in i'm not actually
going to meet these people i'm sorry if i emailed you but i just wanted to know what subjects had
the best read rate and then response rate um I found a little exploit that allowed me to get the read rate
because normally you can't see how many people open your message.
Once I found this, I found how many people opened a message, and then I can also track how many people
responded. The open rate allows me to measure
how good is the subject doing, the subject line.
I tested a ton of different subject lines
to see what worked best and uh i'm sorry to say it uh and i've been trying to curse less but
the best subject line was fuck you now i'm not saying that that that obviously not elicit a
positive emotional response but that's not immediately the goal that's not immediately the goal and and that's okay because and i found if you're still a dick in the email
the response rate is zero or very little and some mean things and i don't think you should
ever be mean to someone and my intention again is not to be mean i was i'm trying to see it's
like clapping in front of their face. Really, really hard.
And I found the best way to get a response
and a positive response is to say,
I only did that so you'd read this message.
You're probably getting a ton of emails from other guys
that are saying, hey, or wanna fuck.
And she's like, how did he know?
How did he know? Exactly. know exactly so so it's really i mean it's just trying to understand what someone else is going through and how can i how can i maneuver
that better and then also ultimately i'm always transparent you know whenever i meet anyone i tell
them i whenever i meet anyone i tell them uh you know exactly all the all the tactics just because
i mean if anything else it's conversation, especially with a woman.
It really is the best first date every time.
You just get to talk about something.
Immediately, you have something to talk about.
You're both on this dating site.
You're both trying to meet somebody, and you're both upset about the results.
How inefficient the whole thing is.
So, immediately, that was always really positive uh
so yeah you know i i'm not i'm not suggesting me an asshole but i am suggesting that uh it's good
to learn about ways to you know just yeah maneuver past and and actually get someone to read you
read that letter and see whether you are an interesting person, whether you would jive. With online dating,
for someone who does not have technical chops,
so for someone who cannot personally,
doesn't have the capacity to write scripts or whatnot,
what would your advice to them be in this day and age?
That's great.
Because there's a wide variety of toolkits available, right?
You have the OKCupid's, the Match.com's, Tinder, of course.
What would your advice to a non-technical person be?
And let's assume for the sake of argument that since they would waste, as a guy,
you're going to waste hundreds of dollars on drinks and dinners that go nowhere.
So let's assume they have a budget.
Okay.
A little bit of a budget, like 500 bucks.
Okay.
What would your advice to them be?
Okay.
So the first thing you do is you get a record player.
And you take your iPhone and you attach one of those pens that have the conductive tip so you can draw on your iphone
with it and you attach it to the record player and you put tinder beneath it so the record player
just spins and just checks you know how you swipe right swipe over and over i saw a video of this
and it was the funniest thing i've ever seen just someone who attached this little
nub to a record player that would just swipe on twin tinder i thought that was really funny uh okay no so realistically uh you know that i don't know the site might not be
around anymore but um instead of writing a program you could use a site like hot or not or if there
are if there are any uh sites like that that you know unfortunately measure appearance but that's
important it's very important your photo is the most i learned
okay which allows you to upload the photos to do uh my cupid or my best face oh right they have
that now correct okay oh yeah yeah so uh my best you're right my best face on okay cupid allows you
to essentially do the same thing where you can upload a number of photos you rate other people's
photos essentially and other people rate yours so it's a it's a really cool system where you learn what you know
what if photos of you are most attractive i found the photo of brad pitt was my most attractive
photo right the picture of uh my picture of uh jason statham with just doing a scrooge mcduck
backstroke in a pool of money was
surrounded by kittens.
Surrounded by penguins. I don't know
why the penguins work so well.
So first identify
which photos
work the best for you. The photo is the first
thing anyone sees. And we did this in
the episode too. So for people who want to see
how off I was,
how incredibly off i was in my
predictions uh you you can check that out it's on itunes probably at this point but uh so you
identify your best photos absolutely what's next okay so now if you if you're any like if you're
like me and had a terrible photo you're now receiving messages so you're already you're
already like happy um but if that's not enough you need to because you know you're now receiving messages. So you're already, you're already like happy. Um, but if that's not enough, you need to, because you know, you're, you need to be a little
bit more selective. Um, so what's next is I would say testing different subject lines. Um, you know,
I, I wanted to test so many people that I went to a different state and I automated that, but you can,
you can test it yourself, right? You can use the same message. And some of
these services allow you to pay a little extra to see read rates and open rates and essentially
analytics for your dating profile. Pay that extra amount and make changes. Make changes often and
record that data. Always record it. Keep it in an Excel spreadsheet. You will learn so much.
So the next thing is, how do you communicate?
This is just the way it is.
If you're a guy, you need to be reaching out to people, right?
And you should be...
Yeah, if you haven't figured that out yet,
the hot chicks are not going to come knocking on your door.
I hate to tell you.
Yeah, I mean, if you want to be selective, you need to work for it.
So testing different subject lines.
And another thing that I learned that you should use immediately is while messages are great,
what I found was really, really effective is you could go messaging for weeks with someone who's really interesting.
And if the service you're using has uh, has chat, like, okay, Cupid has
chat, chat, you know, select people as your favorites. So you see them whenever they're
online. Um, don't stalk them just like when you see them once, then talk to them, communicate
with them. And what's a good opener, uh, in your experience? Uh, I, I try to make it relevant to
their profile, right? You, you, you don't want to appear like you don't want to appear you don't want to be
the people who don't actually read the text
you actually want to learn about that person
there's a high probability she's looking for someone
who has read the text
who has read her profile
she put in time on that, you put in time on that
so read it
you might find you might not like this person
so
read the text and then try to, you know, try to make some simple conversation.
I would say immediately.
The best thing I learned is it's not even about the opener at this point because you're chatting.
So where a message, the subject line is so critical because if it's not good enough, she's not going to open it.
In a chat, the chat's open.
You can get a couple lines of text before she closes
closes it and says i'm not i'm not listening to this a little bit more margin for error exactly
and i find the chats are always read right if you're saying something in chat it's always read
do not sit around and talk and just wait for them to respond to everything instead have an
interesting story it should be a legitimate story in your life.
But everyone has something, and if you don't,
I mean, go and talk about your life more.
Find an interesting story in your life.
Or do something interesting.
Or do something, absolutely.
Go, you know, go.
If you don't have at least one good story,
you need to get outside, Mark.
You need to go running naked in the quad.
So have a short but sweet story prepared.
A true story about your life.
And just dish it.
Just start talking.
Who cares what the other person thinks right now?
Because they're probably not going to respond anyway.
If you're listening and you care about this, this is probably because it hasn't been working.
So try this.
So I have to ask, and feel free to reject this question,
but what was your go-to story?
Oh, go-to story.
Okay. Okay.
I think we may have done something similar um was it on point tactical oh yeah yeah
yeah with kevin reeve yes so i had recently done this uh urban escape and evasion class that it
sounds like if you have taken and are an expert in i'm sure you've done a lot amateur i'm like a
i'm like a green belt you you've actually you you've done more things than I learned when I went to him.
So he's upped the game and that's really cool.
I'm going to ask you some questions later.
But I took this course, Urban Escape and Evasion, three days in LA.
And like you mentioned, I mean, he taught me how to escape out of LAPD handcuffs, right?
Get out of riot flexi cuffs.
You know, my time when I went, he did not, we didn't learn about the newer cars.
We learned about older cars.
So I was stuck in like 70, you know, 75 Hyundai.
So, you know, that I stole.
And that was,
the fact that on the third day of this class,
I got picked up in a van and they put a hood over my head.
It was strange because it's kind of like the eco-friendly,
the green, environmentally friendly type.
They put like a Whole Foods bag over your head?
Exactly. It was exactly that. They put like a whole green Whole Foods bag over your head. It was exactly that. So they put like
a whole green whole foods bag over my head. So I couldn't see. They took my wallet and phone and
drove around LA and I had to get out, escape from the handcuffs and run around Los Angeles without
money. And I would tell some tidbits of the story about, you know, how I know this is all in chat,
all in chat. So, so so it's like hey what's up
and then you're like let me tell you about the time i got got out of lapd handcuffs what's the
transition okay yeah good question no i'm like i'm so into the specifics because when it comes
to all of this sure i remain to this day a complete like a three finger monkey fumble all
of this stuff i'm such a fucking idiot so i'm really interested in the specifics okay sure sure
so so i say hey what do you do today that's that's pretty much it that's pretty much how i would start
that conversation what did you do today not what do you do no no one cares it's not it's not an
interview right what did you do today uh if you know she's either gonna say something interesting
and you can add on that or or you're too afraid to comment on what she said or she's either going to say something interesting and you can add on that or you're too afraid to comment on what she said
or she's not saying much.
She's saying went to work, went to school, did nothing.
Not much, LOL, winky face.
See, I tried that.
That didn't work well.
Yeah, right.
I don't know what I answered that.
So, okay.
So you ask, what did you do you do what do you do today
um you're saying you know she's saying something she's saying something
often it's it's irrelevant often it's the same thing that everyone else says right he
as a guy you're also receiving a lot of the same thing too um so as a girl you know if you really
care then also you know pay attention to be different. Be different if you can.
Be interesting because you probably are.
So show that.
So what did you do today?
And then maybe they'll ask, what did you do?
And if they don't, it doesn't matter.
You can still say.
Because at this point, if she didn't ask, she's not interested.
She's already not
interested it can only go up from here right there's only upside exactly and if she asked
then she asked so answer and i said you know oh well just recently this happened um and if it's
six months ago fib say just recently this happened and and that's that's the transition
got it i say like last weekend uh or yeah you know
i've just been going over this crazy class that i took cool definitely and and talk a little bit
right do do more talking um offer some something interesting so we've never talked about this but
i i will ask anyway uh the jump to in real life, to IRL.
Quick, quick, quick.
All right, quick.
Quick.
Tell me more.
Every time I do this. And how do you, and what's the verbiage?
What's the transition?
So every time I would have like emails,
messages go back and forth, it would be great
because the emails, you actually get good information back.
And if you're doing back and forth emails,
you're actually communicating a lot.
And a lot of people are, I mean, I think it's not so much anymore, right? I started, you know, I was, I did online dating maybe three times in my life and
it was all great. Like it actually was successful every time. And I'm glad, I'm glad I always did
it. And back then, I mean, when I first started, I was 18, I i'm like 29 now so it was 11 years ago and uh people were more fearful of meeting someone on the internet right that that was a little
different it was different back then right you didn't use your full name it's not until facebook
came out that people use their full name because they had to but you didn't want to miss out on
the social network i mean i didn't um so i sorry, what was the question?
The jump to in real life.
The jump to IRL.
IRL.
Okay.
So what I learned was messaging back and forth was comfortable.
And it actually made it more difficult to jump into a meeting.
On chat, you've quickly communicated.
If you have an interesting story, you've quickly communicated that you have interesting things to talk about.
You're confident enough to talk about it.
At least if you have other stories like this, you're probably an interesting person.
I mean, you probably already are an interesting person.
And after about five minutes, and don't linger.
Don't wait until the conversation dies down um there's a seinfeld
episode where i think george casanza found that it was best when he left at the top the height
just like the rocky marciano approach to dating he's like all right that's my best joke and i
gotta go and i'm out exactly right because you let it linger then it's just boring you're just
remembering though how it ended well make it end end good. You just had this awesome story at the edge of her seat.
And she's like, oh, wow, that's really cool. It's really interesting.
It's like, hey, I have to run. I have to go do some other interesting thing.
I have to go rescue some kittens down the street.
Or from some penguins.
From there, you say, I have to run right now.
Get some information, because you don't want to meet someone just because they said, LOL, smiley face, right?
You also, they need to feel like they've earned that value as well.
Like, no one wants to, I don't like it when someone comes up and just offers me a bunch of stuff for no reason.
Like, what do you want from me?
Right.
You want something from me.
So that's, just try to think in their position, try to put yourself like reverse the role and
what would happen if that happened to you? Um, so I conversate a little bit more, try to learn
some interesting things about them, asking questions that are not common. And you can learn
some questions from the emails, right? If you, if you create a fake profile in another state,
don't respond to people.
I think that's deceptive.
Just let emails come in and see what people say.
And learn from those.
Because you'll see the common questions.
The questions that you think are really unique
that everyone else is asking.
Don't ever ask those.
You'll learn those over time.
Instead, try to think of something different.
And I thought I was being unique,
but I was asking the same.
Are there any unique questions
that you relied on consistently?
I mean, I would say I would just ask about
things that I actually wanted to know.
Would you rather lose your front teeth
or cut off your thumbs?
Would you ask some questions like that?
No, I'm just kidding.
That's a dude wine type question i'd probably not appropriate
for online dating um no i just asked like how was your day not not what did you do today or like
what was the most i mean uh implore them to give you the interesting information about your life
about their life what is the most interesting thing that happened to you in the last week
yeah and now they're going to recall and re-feel like have the same emotions that they felt at that most
interesting time of their life in the last week yeah got it so i have to go to do this other
interesting thing and then what uh so i have to go i have to go and do x um make a joke if you can
have to go save some penguins that's that's funny right i think that's funny
um maybe it's not right ab test that um but you know let's let's grab a quick coffee this week
uh you know i did dinners a few times and i quickly ran it ran into having uh dinners with
a bunch of people i really didn't want to have dinner with yeah it's a one to three hour plus
yeah yeah so then it's coffee it's coffee
it's you know it's easy to easy to leave it's quick um you don't you don't have to uh it's not
a big deal if you pay for it right you're not setting any stage or anything you can pay for it
and be nice and it's not a big you know it's not a big event what uh if if those some people listening to this almost certainly of the male variety um
but not definitely hello ladies i know you're listening to but just try to go out and hit on
guys for a day and you will see how brutal that side of the game is it's fucking terrible uh let's
just assume that there are guys listening to this
maybe women could be either and they're saying you know i need a sammy i need someone to help
me automate this to swipe right on all these profiles to automatically like all these people
to simplify this process because dating online seems to be a sort of high volume, low yield proposition.
I want to stack the deck.
How would they find someone to help?
What would they look for?
Ask for?
Sure.
Sure.
I mean,
I don't know of any because I haven't used any,
but I would look specifically for dating services that use analytics.
If you like to play with this kind of stuff,
if you like to,
you know, if you'd like to be analytical or if if you like to see how you can stack the deck yourself if you think
playing cards is interesting uh use existing dating services like ok cupid or match and pay
for their pay for their additional software their their their premium services premium services
all right now if you wanted to find say say, a freelancer, a programmer,
what are the qualifications that someone would look for?
If you're like, okay, I want you to write a script to say,
hypothetically, if I live in Chicago,
I want to auto-like everyone in Chicago who fits the following specifications,
but I don't know how to do that because I'm not a techie.
Who would I look to hire like if i went to elance or one of the one of these sites uh what would my sort of
project request look like uh i mean there's two things i'll say to that the the first thing i'll
get quickly out of the way uh you it's that always seems like the best idea and that's what i want to
do i want to get as many
people i want to cast the widest net as possible and until you do it you think it's a great idea
and i would tell you not to but you're going to so do it learn that you're then spending all your
time with people you don't care about right so then you actually have to spend time filtering
and i spent the next half of my that time filtering but to
answer your question because i understand like if someone told me not to i still would so to get
that need out you have to sometimes um i would look for somebody uh i'd go on elance i'd go on
craigslist i would try to find uh someone who's developed software who can develop web crawlers
who can develop back-end web software and who can develop you know maybe
basic analytic software you don't need they don't need to be a genius this is this is very
simple stuff that you're doing programmatically got it uh if you were using do you I don't even, if you were on Tinder, hypothetically or otherwise, does any of the advice change?
You know, I don't use Tinder.
I'm not on Facebook.
But if I were to use Tinder, what would I do?
Let's see.
Well, I mean, lately I've been playing around with computer vision algorithms computer vision that lets you actually see uh you know lets you make a computer actually see
things and interpret things but on tinder i mean meaning meaning that you could have the computer
decide hot or not for you after putting adding in some inputs i i think you could you could do some
i guess yes the the answer is yes you do some, I guess, yes.
The answer is yes.
You could do some basic things there.
But I think what I'd want to do is, does Tinder have descriptions of people?
I'm not sure.
They're very short descriptions.
Short descriptions.
So the thing you want is a data set, right?
You want to know who are the people, and maybe you have girlfriends who are on Tinder.
Look them up.
Look up their information look up anything that would help provide information to people who you think you would like to date and people who you think you would not like to date because you need to
be able to have uh information on both so you can write some sort of algorithm because tinder has
such little information i would say you know for a friend I wrote actually a Tinder script that would essentially swipe until I saw that video.
And that video was just hilarious.
So if you want to just swipe, you can use a record player and one of those iPhone nubs to swipe for you.
But then after that, I believe it's chatting.
Is that right?
Yeah, it's all chatting.
Okay, so most applications on mobile, iPhone, Android, they're actually web-based.
So you're actually dealing with a lot of the same web software or web protocols.
So if you wanted to automate some of that, man, I guess what I would personally do, if i were on there i would create or hire someone to create a bot
that would swipe yes swipe correctly yes i want to communicate with this person and when we were
matched up then i would have it automatically communicate and then i would have it text me
and i could probably what i might do is actually automate a few like have a story or two that i
could text back to this device so wherever i wherever i was like if i was on as if i was on
a date if i were on a date i would be able to text back and say turn this story on it would
just communicate with someone right go on point tactical right but you would still see
the messages so you could still actually communicate with that person live from your
phone right you might not be or i guess you could open the app at that point but yes i would again
find the same type of person someone who can create web software not just a website but a web
crawler i think that's the that's the differentiation someone who knows how to sort of crawl and automate
right produce something that's autonomous that can communicate with this website with this app
how would you vet the people who respond so if you go to say craigslist or
uh an odesk or an elance and you put up looking for web crawler specialist for
dating project and you describe roughly what you're trying to accomplish.
So you get 37 responses from people who are saying, I can do this. Yeah,
no problem.
Is there something that you could have them do as a test to assess their
competency?
I would ask them, I would find a website that you like,
maybe a news website or something,
and I would, something that has other content on it,
and I would say, write me a script,
or don't write me a script.
If you can do this quickly, I will hire you.
Please have it go to every news article for the last week, right?
Something that has to click back, right?
And take these elements of the page, take the headline, and take the fifth word and
put those in an XML document.
Something that clearly is not that valuable.
Make it not valuable, right?
You don't want them to work too hard.
You don't want to abuse their time.
And you don't want to suck value from them, right?
I would not want to do free work for someone.
But if it's a test that they clearly get no value out of,
I'm more likely to do that.
So I'd say something that you can't actually use.
It doesn't really benefit you.
That's interesting.
So it's not even a time issue.
It's really a utility question.
Yeah, I feel like if I'm working with someone,
I'd...
Right.
If I were asking for something
that gave me a real ROI,
you'd be less inclined to do it.
But if I'm saying,
hey, this is just a test of your competency,
you know I can't use the output.
Yeah, I'm happy to demonstrate
that of my capabilities.
I'm not happy to provide free services.
Free, right.
Value in exchange for nothing.
Correct.
Huh. Yeah. Huh. That's really interesting.
I never thought about that before.
Very cool.
So two things.
I think we should definitely talk about MySpace.
Okay.
And it looks like we've temporarily run out of wine.
So I'm going to pause this for just one moment,
and we shall be back.
Don't go away.
We are back after a bathroom break and an alcohol refill with Sammy.
Sammy, how the hell are you?
I'm great.
And I promised the fine people at home that we'd talk about MySpace.
So I don't even know how to introduce this story.
Tell me a little bit about your involvement with MySpace.
Okay.
So, my involvement, I was a user of MySpace.
So, back in the day, this was probably 10 years ago.
So, I was 19 at the time.
And MySpace, this was 2005, Myspace was the number one site on the internet number one above google above anything else and i thought this was interesting this is kind of cool um
all of my friends used it pretty much everyone i you know yeah pretty much all my friends used it
and i hadn't used it yet um and i thought okay you know everyone's using it i should get on here
just see like see what it's about, right?
A little social proof and check it out.
And I created a MySpace, added a couple of friends, made a profile.
I was like, this is kind of cool.
And I started uploading photos.
I finally had a digital camera,
and I took a bunch of random photos of my friends and would post them.
And once I uploaded the 12th photo and I tried to upload the 13th, it said, you have hit our limit.
Now, today, today that's insane.
That's insanity.
If a website told you, if Instagram said, oh, 12 photos, you've hit our max, no one would use it.
Yeah, you'd be gone.
Right.
But back then, it wasn't relevant.
Not that many people had that many photos.
I mean, digital cameras were getting cheaper.
But for the most part, that wasn't an issue.
And I thought it was an issue.
So I said, okay, well, how do I get around this?
I don't like having 12 photos.
I want 14.
I think that's a solid number.
And I found a way to upload a 13th photo.
So I uploaded a 13th, and it wasn't a big deal.
I didn't like the limitation, so I went around it.
And on the front page, you you know sort of description of yourself
like your bio your relationship status your favorite books and stuff and I thought okay
it would be cool to to change there's the relationship status and I was dating someone
and so I had in a relationship and that was a drop down you could choose from like single
divorced married etc and I thought it'd be funny if I could change that to in a relationship and that was a drop down. You could choose from single, divorced, married, etc.
And I thought it would be funny if I could change that to in a hot relationship.
Subtle change, but if someone saw it, that would be funny.
They might think it's interesting or funny.
At least I do.
And they wouldn't let me do that.
So I thought, I wonder how I could get around this.
So I played around on the website.
How old were you at the time?
I was 19.
19. It was my second year of my company. this so i played around on the website you know how old were you at the time i was 19 19 um as of
my second year of my company um so i was working full-time uh in la what did your company do
uh my company uh did and still does uh phone systems so cloud-based actually now it's cloud
based phone systems but we started a voice over IP company called Phonality about, wow, 11, 12 years ago now.
That's like 700 internet years ago.
That was so many internet years and cats ago.
So you were 19.
Yeah, I was 19.
And I would work sort of night and day.
So I'd actually go to work, go to the office, come back at night, and I'd play around on this MySpace site because that was the cool thing at the time.
That was the hip thing.
So I was messing around on the site, and I finally found a way that I could execute JavaScript.
And JavaScript is a web coding language.
And JavaScript allowed me to modify the page. So MySpace never allowed you to insert JavaScript,
but I found a vulnerability within the MySpace filters
and within web browsers that allowed me to inject JavaScript.
And this allowed me to just modify the page more than you'd be able to.
Unfortunately, MySpace gave a lot of creative freedom back then,
so you could actually make the page look really ugly,
but not do things like change the relationship status like I wanted so once i figured out i could do this i actually realized
this this exploit i found is actually extremely powerful i can actually do a lot more i can make
the user do virtually anything in the web browser uh without their consent i could i could in fact
steal their bank details i have no interest in their
bank details, but I could take their bank, you know, their bank details and have a bunch of
people's bank information. So what I found was that whenever someone visits my profile, I could
make it say in a hot relationship. And I was like, that's cool. What else can I do? And I played
around further and further. And finally I realized, well, I can actually, since I can control their
browser, I can make them add me as a friend. It's kind of funny. So if someone
visits my profile, and they're not yet my friend, they just add me. So yeah, that's, you know,
it's just cute. I'm just playing around on here. It's a social network. And I thought, well,
the next day, I had like one new friend. I was like, well, that's not that cool. Like,
what else can I do? And there's's different there's different sections for example your favorite books movies tv heroes and i thought it'd be
funny if i added something uh and there's this hero section most people didn't use it but some
people did and you could list your favorite heroes so someone might have like you know uh
buddha and tim ferris It might have like, you know, Buddha and Tim Ferriss.
Some people might not.
I'm not sure.
So I found a way that when someone would visit my profile, not only would they add me as a friend, but they would add me as a hero.
And it wouldn't delete their existing heroes.
So if their hero said, you know, my mom, my dad, andmy it would add it would append to the end my mom my dad and grandma but most of all sammy is my hero
it would append that to their hero section that was kind of funny i thought you know this would
happen to a couple people and you know i'd show off to my nerd friends and yeah we'd get a laugh
and that was that and the next day you know i had so few friends on there that one person had hit it
and one person had this i was like man how do i make this go a little faster i just want to show
a few friends like hey i made 10 people say this um on their profile so i thought okay well if i
can make someone add me as a friend and i can make them add me as a hero well the code's on my profile i could probably make them add the code to their
profile so tim if you visit my profile you would add me as a friend and i'd be as a hero but you'd
also add the code to your profile if then someone visited your profile they would add me as a friend
add me as a hero and also the code would go onto their profile so it became a worm i believe
that's like the technical definition of a worm or virus and it's not a big are worms and viruses
different oh man that's a good question i'm not sure what the technical difference is um i think
usually when they're when they're referred to at least online that i see you know viruses or viri
are usually referred to when they're kind of malicious and destructive and worms are they just spread really
quickly and not necessarily with malicious intent not necessarily with malicious intent but
i guess there aren't too many too many things out there that spread without malicious intent
not to interrupt though so so all right so you're like hey let me make this move a little faster
yeah so i made it move a little faster and i figured okay in a month maybe i'll have like
50 50 new friends and heroes and someone will complain right someone unintended will hit it and
complain and they'll my skills will remove it that sounds not like a big deal and i put it up i put
this this worm on my on my profile and i woke up and thought i'd have
like probably four new friends um and i had 200 and i said oh shit and an hour later i had another
200 and i said oh no because after eight hours it was 200 but it was exponential so it's at first i thought it was oh like gonna be a thousand in a day after i saw was 200, but it was exponential. So at first I thought it was, oh, like going to be 1,000 in a day after I saw the 200.
But no, it's exponential.
An hour later, I had another 400.
An hour later, another 800.
These are people who have, A, add me as a friend, and then B, add Sammy's my hero to their profile.
And then the worm spreads to them.
And, you know, it wasn't malicious right there's
no malicious intent it's clearly a prank gone wrong uh and i didn't know what to do so immediately
i emailed myspace anonymously and i said hey something weird just happened to my profile
someone just added me their name is sammy and it says sammy is my hero and i found this weird piece of code that's on my profile
and it seems to do this detailed explanation of exactly what this crazy big piece of code is doing
i'm no professional but here's my this this slice of code appears to be doing the following 17
things if i took this yeah if i had to make an assumption about this obfuscated piece of worm um and i think you can fix it most easily and
efficiently by doing this one simple change this is what i'd suggest one simple change to stop it
in its tracks i don't know if it ever got to anyone. I have no idea to this day. An hour later went by.
It doubled.
And I figure at some point it's going to stop.
At some point you're going to hit a maximum because there are only so many people on my space.
You can't get it twice.
You can't get the cold twice at the same time.
So you're going to hit a max and that's going to be that.
So at about 1,000 I think it was going to max a max and that's going to be that so at about a thousand i think
it was going to max out and i get to work and it's 2000 and i'm just refreshing and i'm like man okay
i should at least delete my profile it's like man i should delete the worm so i immediately delete
the worm but like a cold you might be cured but you spread it doesn't matter all these other people
now have it and you can't stop that um for a moment i thought okay maybe i should like write another worm that then go
transmits to all these people and then deletes the first one i thought i shouldn't write two
worms in like a 24-hour period that's not i don't think that's a good idea uh so i just kind of
waited around and i i did send that anonymous email.
I tried to get it to stop.
There's not much I could do at that point.
I did wait more, you know, jumped to 2,000, and then 4,000, and 8,000.
So now there's 8,000 people that says Sammy is my hero on their profile.
And now I'm getting messages from people because they're deleting me.
They're like, who's the Sammy guy who's on my profile?
So they delete me,
which when you delete a profile in MySpace,
it immediately takes you back to your profile
where the code is, which re-executes and re-adds me.
They must have loved that.
And that was an accident.
But I mean, in software, you call it by feature
when you have a nice accident like that.
So you can't delete it really.
And it's spreading further and further and further.
And I don't know what to do.
Just a 19 year old kid trying to build some software at a VoIP company and voice over
IP.
And, uh, it just kept going.
And I decided, okay, I'm going to have, I called my girlfriend at the time.
I said, Hey, let's have lunch.
It's like, what's wrong?
I was like, I just want to see you.
So we had lunch and I said, I don't know what's going to happen.
But this worm thing happened on MySpace and it's been growing pretty quick.
And also, there's this company called fox that had
purchased myspace maybe two months prior for over half a billion dollars um so i don't know what's
gonna happen i don't know if you know mr murdoch was very happy about this uh in his brand new
company so i had lunch with my girlfriend i went back to work and now it's probably 40 000
people 40 000 people infected with this and i'm just like myspace please stop so i'm like okay
at least let me delete my profile so my just picture is gone and i delete it and it says are
you sure you want to delete your profile it's like yes it's like are you absolutely sure you
cannot undo this i was like yes it's like okay we are deleting your profile in 24 hours what so now all these people are still the profile still fully up i can't do anything about it it's
locked now and online i say okay i just have to wait it out literally wait it out so i just sit
through the day can't really do much can't really think clearly and by uh by the time work is done um like
it's probably time to go home i have i don't know half a million followers on myspace now that all
say same as my hero and i go home and before i go home like it's probably my last meal so i go to
chipotle i have a burrito this could be my last like delicious dinner
and i drive home and i drive home i open the browser 900 000 and like oh my god i didn't
even know there were this many people on myspace this is insane at this point uh i refresh and now
i'm just purely interested in how quickly is it growing? So I'm now refreshing every second.
I was like, I'll take a snapshot every second.
But browsers didn't load that fast back then.
So I take a snapshot every three seconds.
And it was going 2,000 or 3,000 people per second.
That fast.
I mean, it was insanity.
And it hit a million.
I took a screenshot.
Just say, okay, cool.
Still scared. Don't know what to do. I took a screenshot. Just say, okay, cool. Still scared.
Don't know what to do.
I have nothing to do.
I mean, there's no way to stop this.
I made a horrible mistake.
You created a monster.
I've created a monster, yes.
And at about a million, you know, 50,000, I refresh my profile and it says, this profile has been taken down and i say hallelujah
it's gone it's down they took it down thank you and uh i was like i wonder what happened to the
profiles that also said sammy's my hero i wonder if they removed it so i go to another profile
it says this profile has been taken down temporarily oh no so i go to myspace.com
the site is down
The whole team is here working on it
That's what it said
The number one website on the internet in 2005
And I felt bad
I felt awful
Because A, I know what it's like to have a website
A company that's down
I know what that's like
It's awful, it's an awful feeling
An emotion that I would never want to put onto someone else
And I had done that inadvertently.
So immediately I'm like, I need to bring coffee and donuts to these people.
Because they're in LA.
I'm in LA.
I'm like, maybe I shouldn't go there.
Maybe I shouldn't go there right now.
I don't know if security is going to tackle me or what.
But I can't.
So I just sat around.
And a day went by and a week went by.
And I thought, okay, I have two options.
Maybe I can, you know, I mean, I can talk about this or not.
And I didn't really say much about it.
And someone emailed me and said, hey, like I saw this thing on MySpace.
Did you make this?
And I couldn't really hide because, hey, I wasn't trying to be anonymous.
It was a prank that had gone horribly wrong.
And I said, sure.
And I did a little interview.
And I did an interview for a couple different web thing,
you know, little websites.
And someone was like, hey,
do you want to do an interview for our site?
And I was like, sure.
Like, who's it for?
And they're like, Wired.
And I was like, oh, I don't know.
I've heard of you guys.
I've heard of you guys yeah and it i never heard from
my space um and a week went by and two weeks went by and someone asked hey you know people are
selling shirts that say sammy's my hero i'm like that is awesome and like you know are you making money off that like no but that's okay good in my book and a month goes by two months three months go by and i'm you know i'm i'm
pretty stoked i'm you know i've become feeling free in the clear i'm feeling free i'm feeling
great like never doing that again um and uh six months go by and i said you know i just bought a new car and um company was
doing well and at this point i i walked down to my car i'm gonna drive to work today six months
later from them from the worm and there's two guys standing next to my car and i'm like oh no
i'm getting carjacked and i walk up to them and they're like, Sammy?
They say my name.
Sammy?
And I said, no, carjackers don't know your name.
And two guys walk up behind me.
These are very well-educated carjackers.
Yeah.
No, it's not on my license plate.
And two other guys come up behind me.
And I say, Sammy, we have a search warrant for you.
And they're like, what?
And they all show me badges.
And one shows me Secret Service.
One shows me Electronic Crimes Task Force.
Another shows me District Attorney, LADA.
Another shows me LAPD.
And they say, we have a search warrant.
And I don't know anything about law or search warrant about anything law anything about law or search warrant i'm a high school dropout right i i served maybe one year
in high school served like a prison sentence i did i did but a bunch of homework and i did some
of the tests and uh they said we have this search warrant and i just you know i'm like what can i do what can i do and
i recalled an episode of 24 where they said show me the search warrant so i said show me the search
warrant i don't know if that actually applies in law or if it was like cgi they're like what
excuse me yeah they're like wait what oh okay it's upstairs i'm like oh okay and they started talking to me and they
didn't mention any specifics and i was hoping it was my space actually at that point so you know
as a hacker you play around you know you play around and you go through different things that
maybe you're not supposed to go into never malicious never like causing harm but you want
to see what you can get into it's a puzzle puzzle. It's a real-world, applicable puzzle
what you can break into.
After about half an hour, I'm like, guys,
do your search. I'm not going to obstruct.
Just show me the search warrant and do your thing.
We go upstairs, these four guys
and me.
We walk up to my place
and my girlfriend's
wrapped in a sheet crying.
And my roommate is wrapped in my apartment.
Yeah, my apartment at the time in the marina.
My roommate's a good friend of mine.
She's like a naked, weeping girlfriend.
Good start.
And my roommate, he's in a bath towel and wet.
What is going on here?
At first I suspected something, but she's
in bed in my room and he was in the shower getting ready
for work when a dozen agents busted into my apartment
that I had not known. So while I was going downstairs...
Oh, so while you were down at the car, they were already going into the apartment.
While I was downstairs, unbeknownst to me, they were in my apartment going through everything.
Oh, God.
And they finally handed me the search warrant.
I read through it.
And it finally mentioned something of MySpace.
And I was like, okay, it's MySpace related, obviously.
And after that, they just went through everything.
And from my roommate's and girlfriend's perspective, they just came in with guns.
Finally, something in the movie Hackers was real.
Like a dozen agents busting into your place
to get a computer crime guy
with a bunch of semi-automatic weapons.
And watch it.
What am I going to do with a DVD?
Throw it at you?
I'm not sure
but they had this search warrant and it said they could pretty much take anything that had data on
it so they went through my they took my computer my laptop my ipod my xbox any cds dvds
and sat me down and i'm reading the search warrant further and further,
and finally, it comes to this part,
and it says they can search my body,
my car, my home,
and this other address.
I'm like, what's this address?
Oh, no.
My company.
And at this point, this is two years in,
probably had 30 employees, investors.
It was a legitimate company a
legitimate tech startup that companies depended on for their phone service a lot a decent number
of companies depended on us and i was like you guys are going to my company and like no we're
already there now i never i never knew this you know i heard this second hand from 20 people
but simultaneously another dozen agents
went to my company and said who runs this place and chris the ceo came out and he said uh and
they said what does sammy camp car have access to he said well yeah his co-founder i mean everything
and the guy looks back at another agent says all all right guys, take everything. And I'm like, no, right.
I don't know what Chris did,
but he,
I don't know what he did,
but for two hours he somehow,
and Chris is,
I mean,
he like mentored me for years and I mean,
Chris Lyman,
this guy's awesome and taught me so much about,
these are not the droids you're looking for.
I don't know what,
what magic he is because I,
I didn't have any.
But he got them to ultimately not take the server room and turn down essentially all these companies that are depending on a phone system for their company that are call centers.
They didn't take down all these companies' call centers.
Instead, they just took my computer and my phone.
And put everyone in the conference room,
had guns out and said, you know, get off that keyboard.
That's terrifying.
Yeah.
A friend of mine, it was his first day.
It was one of my best friends.
I met him online.
We met online in like a forum or something.
He emailed me.
What did you do today?
What did you do today?
That's the most interesting thing you've done the most interesting thing let me tell you a story
and I said I actually I convinced him to
leave his job in Denver
and he came out with a U-Haul
to come work at my company
and I said hey while you're
you know come stay at my place
so he was actually crashing at my place
he didn't run into the secret service because we had in my apartment complex we had two uh
two play two garages one for guests and one for residents so i went to the residence where they
were waiting he went to the guests drove to work didn't know anyone it was his first day it was
monday so he goes to like shake his hand to, and she's like, hand off the mouse and keyboard.
Go in the conference room.
Secret service.
And he's like, what?
And he has his U-Haul out back.
Poor Matt.
With all his crap.
With all his crap.
He had just quit his job, drove out from Denver
to this company that he met me once.
It's like J.T. Marling and Associates from Boiler Room.
I hear this later on.
He's not talking to me for a little bit.
He comes out to this company that he thinks is getting shut down.
No one has any idea why a dozen agents are at their company.
Nobody.
They just know my name was said, they took my computer, and they left.
Poor guy. you didn't
know what to think i explained it to everyone and it's like oh yeah that's weird that's funny but
unexpected and uh i so they took my computer worst part was they took my ipod that was probably the
worst because all my music was on my computer and my iPod. And it's just really hard to get music back then. So I then got a lawyer and, you know, for six months I fought
with the DA and, uh, I, you know, I was part of me was like, well, you know, I, I think
it was a bit much, right. I did, I did something wrong. There's no doubt about that. I, you know,
I wouldn't do that. I wouldn't do that again. And, uh, but they were being, it was very harsh.
Um, I felt it was very harsh and what they were trying to do was take away my computer use for
the rest of my life, for the rest of your life, the rest of my life. So again, I didn't have a
high school diploma. Uh, I, you know, I, uh, helped my mom, like i send money to my mom uh you know i moved out when i was 15
and i think you know i forged emancipation documents so i could actually live live by
myself and sign uh get a cell phone in an apartment um and i had to support myself and
help support her a little and uh so i couldn't do anything. Like, if I couldn't touch computers,
I don't know what I'd do.
I'd have to, I don't know, finish high school.
I just couldn't imagine that.
Yeah, well, in this day and age also,
I mean, just with the exponential growth
of these technologies,
it's like, how can you possibly avoid
not touching a computer?
I mean, you would have to just go into
living in like with the
pennsylvania with the uh the amish yeah yeah um so they they were trying to take away your access
to computers for this year of your natural life correct uh i mean at first it was like they were
talking about prison and all these things i don't know if they're scaring me or what but
um ultimately you know i had a choice i did i could like spend a lot of time and a lot more money fighting it.
You know, I spent all my savings of 19 to fight this and get a good lawyer.
And ultimately, we were able to come to an arrangement.
And that was an agreement where I would not be able to use computers for the rest of my life.
However, I would go on probation and I would visit a probation
officer, you know, once a week. And if I were on good behavior, I would be able to get that reduced
and to get, be able to get potentially even removed. And it was re it was within reason.
It was like, if I don't commit any crimes or release any other worms, then I would be able
to get that removed after a few years. I was like, okay, that's reasonable.
I could focus on my company right now.
At that point, it was bigger.
It was another six months later, and I had a team,
and I could communicate with my team every day.
And I could actually work without necessarily using the Internet
and doing that much on the Internet and on computers and just manage.
At that point, I kind of just managed and I took that agreement. And after three years, uh, I went back to court and I said,
Hey, my probation officer loves me. Uh, I paid all my restitution. I've done my 720 hours of
community service, picking up trash. Uh, and because of some you know they didn't
document it properly so i did another extra few hours you're welcome it's like 800 hours uncle
sam that's on me that one's on me hours later i was like wait what oh man all this time 5 a.m every saturday you know it means i didn't oh it was awful it was tough
you have to wear an orange jumpsuit yes it was i would i would park i would park my car
put an orange jumpsuit at 6 a.m and then walk to the waste refuse management facility
um i made friends with the guys who ran it, though.
They were actually pretty cool.
And because they liked me,
they would let me go on the trash runs
where we would drive around Santa Monica.
And that means we got to see the ocean a lot
and drive a dump truck, basically, picking up trash.
You'd think I'd be able to help more effectively.
I'd be happy to help in other ways.
That was the
task laid before you yeah so you did your community service your restitution so after three years i
went back to court i went back to court and uh you know i said i'm a model computer not touching
citizen and uh i would love to get get some of that access back. And we got everything removed.
And I was able to touch computers again.
Just kind of randomly one day, everything came back.
I could touch computers.
I wasn't a felon.
I had no more probation.
I had no more community service.
Now, what was it like after three years in technological time to get back up to speed?
I was probably 22 or 23 at this point.
And I think it was really cool because I was very fortunate.
The thing that I had exploited when I wrote The Worm
was something called AJAX or something called Web 2.0.
And I don't know if you remember,
but this was right when Google Maps came out.
Before we had MapQuest.
And what would happen on MapQuest,
you'd go somewhere, you'd make directions.
And if you wanted to zoom out,
you'd click a button and it would refresh the page.
You had to click the plus or the minus.
Exactly.
Huge pain in the ass.
And the page would refresh.
And if you wanted to go right,
you couldn't scroll right.
You'd hit a right arrow.
What is AJAX asynchronous?
Help me out here.
I believe it's asynchronous JavaScript AX.
There we go.
AX.
Armani Exchange.
Exactly.
I believe that's Amex.
RX. Sorry, that's GamEx. RX, sorry.
That's American Express.
So were you able to catch up quickly after that?
Well, so the worm that I wrote actually abused or used AJAX
because I saw Google Maps came out,
and you could scroll your map.
It was amazing.
You could scroll. You didn't have to refresh the page every time you could scroll your map. It was amazing. You could scroll.
You didn't have to refresh the page every time you wanted to go right.
This was the coolest thing on the web at that point.
Yeah, and for people listening who may not be familiar with the term Ajax,
and please correct me if I'm wrong.
I've had plenty of wine, which leads to overconfidence and matters of my total incompetence.
But Ajax would be, for instance, where you select from a dropdown an item,
let's say if you're buying a domain name,
and you're able to see that value change on the page
without refreshing the page.
Exactly.
That would be a consumer experience of Ajax.
Right, right.
It used to be you have the refresh,
you might hear the click
whenever that information would get refreshed.
And now you can just seamlessly get new information on your page updating without you uh changing pages right
without the whole thing refreshing uh it was that was beautiful and i used that so that because i
could write the worm in a way that it would refresh the page but that's just annoying i want
to happen in the background the user shouldn't be bothered that there's a virus running on their computer. It should just happen seamlessly.
It should be very comfortable infiltration.
Yeah, it shouldn't cause them harm or annoyance.
Man, that click's annoying.
So that was Ajax.
And by the time it came back to computers,
three years later, something had come out called,
drumroll, the iPhone. back to computers uh so three years later something had come out called drum roll the iphone nothing had changed between then i mean for for the most part the biggest technologies to hit
tech was web 2.0 two three years later iphone I came back. I was standing in line at the Grove waiting for the iPhone.
So you really, in a way, threaded the needle.
I mean, you really, you came, you exited and then reentered the scene in such a way that
you really didn't miss a lot of the major developments.
Yeah, I wish I could say that was by design.
Well, what is it? If I could be good or lucky, I'll take lucky.
Right. But I will say this.
Before then, I was
really introverted. I was an introverted nerd and I'm still
a nerd and I love that. But
those three years, I wasn't allowed to touch computers. The thing that I spent my night and
day ever since I was nine years old and got kicked out of a chat room, um, that, that changed my
life, right? I had to spend my time doing something else. So during the day I was working, but then,
you know, at that point I was 20, I turned 21. So I started going out.
And then I started going, you know, making friends and communicating and socializing.
You know, I went out and I said, ah, what is that thing?
What's that bright thing?
Ah, oh, it's the sun.
I started going like outside and doing all these outdoors things.
And I, you know, learned about what a gym was and
i did these things because i had nothing else to do right the one thing was taken away i mean they
took my they took my xbox that's not cool i was like okay let's let's roll with it right and i
think life is good right life is good no matter what i mean at least here in the u.s i feel pretty
fortunate so let's uh let's we have other facilities available to us, so let's use those.
Now, Kamkar, just for those people wondering, ethnic background is?
Iranian.
So yeah, my mom is from Iran.
My dad is from Dubai, but also Iranian.
And they came to Pittsburgh to study. They came to the pittsburgh to study they came to the us
or um down the street university of pitt got it pittsburgh uh i would have suggested carnegie
mellon what were they studying tech um and my dad i believe was business uh my mom i'm not
telecommunications i think think. Got it.
How did they choose Pittsburgh of all places in the US?
That's a great question.
I have no idea.
One of the unsolved mysteries.
Right, yeah.
Well, one of these things.
I mean, little kept secret about Pittsburgh.
Yeah.
Good sandwiches.
Good sandwiches.
It's like Hoagie Haven.
Yeah, delicious kebabs.
Princess for all those princetonians listening
uh but yeah they went to school there and my dad you know my dad left uh when i was younger and uh
yeah so so they're from iran i was born like a year later after they came came here my mom was
like probably 20 um i'd be kind of young and yeah i grew up in pittsburgh what uh
or i should say who who are some of the people whether you met them or not who most influenced
your trajectory through life besides your parents hmm um that's a good question uh
i would say you know it changes over time um i mean i love there's so
many people out there who've done so such amazing things or even just have a really cool perspective
of the world so uh i tried if i can if i'm fortunate enough i try to glean some information
for people when i can um i say it started when i really you know the available information on
the internet right just the internet itself um i think it was, the available information on the internet, right? Just the internet itself.
I think it was Al Gore who created the internet.
That's what I've heard.
He did a great job.
Yeah, yeah, he did a great job.
He's tightened it up.
I mean, you know,
everything I've,
a lot of what I've accomplished
and learning is from the internet,
so thanks for that.
But if it were people,
then I would say,
when I was young, when I was like 15 or 16,
I got my first contract on the internet.
And just a friend of mine, someone I met online
who had taught me about business,
when my mom told me...
This is with the cheats, right?
This is with the cheats.
Cheat codes.
Exactly, yeah.
So I was writing these Counter-Strike cheats
and someone said, hey, do you want a job?
And this guy, this guy's Stan, he actually taught me a lot about business because then I needed a job.
My mom lost her job, and she said, Sammy, you're not going to school.
You're just playing games all day.
You need to get a job and help pay rent if you're going to live here.
And I said, okay.
So I was trying to fill out applications at Starbucks and Ralph's.
And someone emailed me named Stan and said, hey, I saw your cheat code.
She said, I saw your cheat software.
Do you want to write software for my company?
We're doing some sort of game development stuff.
I was like, absolutely.
So I contracted with this guy and met him.
He was awesome.
And at that point, I did a little contract for him.
And then I was contracting for another company,
and they wanted me to work full-time.
And my mom said, well, if you're going to work for a company full-time,
you know, take, you know, if I, I was like, mom,
what do I do in the negotiation when they ask how much?
If they ask how much.
And she's like, just say, you know, whatever you want.
Or just say, you know, tell them this low number,
and, you know, if they say that's too much just
accept lower and i had like lunch with stan is like oh so you're going to tell them that you
have a base expectation of 75k and you know their offer that you have that's their that's uh what
they're offering and you're going to get you know the other offer has uh you know a five-year stock
grant uh with 5 000 shares and that's what you
want and you're like i like stan's advice well i'm like i have no idea what you just said
and that's all bullshit and he's like so and like i don't have another offer and i don't want to lie
i don't be deceptive and i'll say that that's like you know besides fake profiles on ok cupid
the other time it's okay to be deceptive
is during an interview
because they're being deceptive to you probably.
So during your initial interview.
And so I went into this meeting as a 15-year-old kid
just repeating the lines
because I had no idea what I was doing.
You're just reading verbatim.
Exactly.
And the other offer has a five-year stock grant exactly exactly what say you
yeah it had a six-month cliff and a five-year vesting period that's like i don't know what
word salad hopefully that compels you to give me more money? I don't know what a stalk was. And I thought in my head, well, the only reason I followed his advice was because he was a very smart and logical guy.
I really respected him because of that.
And everything he had told me and taught me, I mean, he was pretty much always correct about things.
And I'm also okay with taking risks.
That's acceptable.
There's always another way to do something.
So I followed his advice,
and actually I went down for this meeting,
and they said, hey, they had lunch with me,
and I took the Amtrak to go see them in San Diego,
this company that I'd been working with remotely.
They'd never met me.
And I took the Amtrak down,
and I was really hoping I got this job.
We had dinner.
It was really friendly and just kind of casual.
And that was that.
And I felt like it was weird.
It was like a slap in the face.
We never talked about the job.
We never talked about, like, am I getting this job?
Are you guys going to hire me?
I really could use a job.
And I said, so guys, did you want to talk about, like,
I don't know, salary?
And I was really timid.
Another reason that not having a computer was awesome
because I was forced to talk to people.
So they're like, sure, let's talk.
And they're like, what would you like?
And I just repeated verbatim what he told me,
what he taught me.
And it was, you know, I have a, you know,
well, my base expectation is 75K.
I have another offer for that at another company in LA.
It would be better in LA because that company,
I already lived there
in my head i'm like please let me leave l like not la i love la but please let me move out of my
mom's place and get my own place if i'm making 75k i can afford a place
um and and handle my mom's place right and cover her so and uh i have this you know stock grant whatever blah blah blah
word garble and they looked at each other and said okay and i was flabbergasted and so so what he i
mean he taught me a ton a woman in my early years right that's my first time in a real job a full
time job he got me he got me a 40 gear 40k a year raise uh now this is stan who
had hired you based on your cheat codes correct yeah so he became a mentor and then for the next
job he was it was for that job he was my mentor like he lived in san diego so i hung out with him
all the time he was older he's probably so he was helping you negotiate against his own company or
against no i was contracting for him i had written some software for him that was that like you need a lot so i
helped him you know did a little contract and after that we just remained friends god that's
got an older guy scientist um uh doctor like really really really smart guy
when you think of the word successful,
who's the first person that comes to mind for you?
Successful.
Okay.
There's a lot of successful people.
I mean, I guess it depends how you interpret success.
Well, that's up to you.
Yeah, yeah.
I mean, I'd say lately it's like a lot of it's just how can you remain happy?
What can you do happy, right?
What can you do to actually increase your net happiness while reducing the negatives in your life and without hurting people?
I think that's kind of like I don't have many morals or ethics.
I have like one pretty strict rule, which is don't intentionally hurt someone.
Is that ahimsa?
Is that what they call it?
I think that's do no harm. It's also theocratic oath but yeah oh no no do no harm intentionally right
there's like a trail of fire
as long as it's not intentional right right no deliberate harm it's not you it's me so who oh man i mean there are
people who like i think i respect and uh i i try to everyone i think everyone i meet has someone
to teach me has something to teach me uh i think richard branson is really cool just because it's
like every time i read about him or learn a little bit about him, he's like having fun and has, you know, he's on an island or on a ship or like racing across the ocean.
I mean, he's doing awesome things.
He's having fun.
He's not necessarily defining success or doing things based off what is expected of you.
Right?
He's doing, I think, what he wants.
And that's what I really like.
I want to, you know, that's who,
I want to do things that I want
and have fun and really enjoy my life
and hope maybe I can contribute in some ways.
But who are some of the people
who had the biggest influence
on your worldview besides Stan?
Let's just say after Stan.
Is there anyone who was heavy?
On my worldview?
Yeah, or just way of thinking about life.
Are there other people?
Well, let's take it even more granular. In the world of, and this is a term that's become unfortunately very overused,
but in the world of hackers, right?
People who are finding non-obvious solutions to problems.
Is there anyone who had a particularly large influence on you?
In the world of hackers, I mean, Kevin Mitnick was kind of
the biggest well-known hacker.
Sure.
So I've always followed him.
The art of deception.
Yeah.
The business card made of lockpicks.
So amazing.
But if I had to give specific people
that I think are awesome,
have been doing awesome things,
Pablo Solman is one guy.
He's part of this group called the Schmoo Group.
And when I went to...
What group?
Schmoo.
Schmoo.
S-H-M-O-O.
Schmoo Group.
And I found out about them when I was like, when I was a kid and when I moved to LA when
I was 13.
What was his name again?
Pablo's.
P-A-B-L-O-S.
Okay. Pablo's Holman. what was his name again uh pablos p-a-b-l-o-s okay pablos holman um i feel like i went to an event
where he spoke and he had a device that he waved across the front row
of the crowd and captured all their credit card information their wallets that sounds like Pablo's. So this guy is awesome. I mean, he's down to earth, right?
Sociable.
These are elements that a lot of hackers lack, right?
And I really like that.
I like the ability to sit down
and sit down in front of numbers
and just unattractive code
and also be able to communicate with people
and actually have a real relationship with people
and socialize more. Another reason I love being away from computers for three years right it
forced me to socialize and if i didn't have that you know this conversation would be very different
so i really like pablos just because when i learned about the shmoo group i was 14 years old
and i was at it was the first time at my favorite uh at a conference called defcon one of the biggest hacker conferences in the world it's in
vegas every year and they had this robot that would drive around and it had it was two big
wheels and a screen and all it did was show you your passwords oh god drive up to you wirelessly
and it would just be like this is your password and you're
like what if you had a phone or you're on your laptop it would just sniff passwords in the air
and show you i thought it was beautiful uh beautiful and terrifying yes like so many
things in life so uh you know he's definitely a guy and also dan kaminsky is another really
really smart really uh i know that name for
some reason why do i know that name really he's found some huge vulnerabilities in the internet
so if you've heard of the internet and uh he he had something called the kaminsky bug a few years
ago where he found a way that he could essentially control any domain name if he wanted google.com
to point to his website he could um that seems
reasonably powerful yeah very powerful any any you know he he made a huge effort to resolve it
very quickly and effectively um so i think he's been someone i've watched at defcon ever since i
was 14 years old and uh how many people attend defcon each year now year? Now it's over 10,000. It's probably like 15,000 per year.
Now, is it from the standpoint of a non-techie?
I have a severe anxiety related to this.
I've heard of DEF CON for quite some time.
And we were talking about the magazine that you read for quite some time.
2600.
That's right, 2600, which I picked up years ago,
but lacked much to my embarrassment,
sort of the technical chops to appreciate,
even though I picked it up.
Should someone be intimidated and afraid of going to, say, a DEF CON?
Are there risks involved?
That's a great question.
If you turn off your phone, you should not be afraid.
Everyone's actually really cool.
Because I would love to attend.
I've never been.
But my fear is that, as a non-techie, I would just be caught with my pants down, bent over a barrel every which way from Sunday because I am so easy to exploit in that respect.
I would say, seriously, turn off your phone, turn off your laptop, and talk to people.
Like people, A, everyone, it's almost like all the hackers are among friends.
I know I am.
Like when I'm there, it's like these are my friends and whether I know them or not,
these are,
these are people who have similar interests to me and even you,
right?
If you find it interesting enough that you'd want to attend.
Um,
and some really smart people,
some really interesting people from all walks of life.
Um,
but there are definitely people who are,
and we call it, they're called script kitties in the community, in the hacker. But there are definitely people who are,
they're called script kitties in the community,
in the hacker community.
I want you to elaborate on this.
I was a script kitty. All right, so I grew up, I was a script kitty.
When I learned about a Denali service attack.
Yeah, when I downloaded WinNuke
and knew I could crash someone's computer
or that I could open someone's CD-ROM,
that was one of the fun ones.
I could just open any of my
friends just to poltergeist your friends yeah they're the ones that came right it would just
like come out right they'd be like surfing the web and boom cd-rom open if you're like what
uh that uh a script kitty is someone who doesn't necessarily you know doesn't necessarily know what
they're doing but they've downloaded some program or script that is doing something
out of their hacker pay grade, right?
It's out of their technical chops.
And that's okay.
I mean, that's how you learn.
That's how you learn anything, right?
You take what you can, and there's nothing wrong with using the tools available.
I don't think there's anything wrong with that.
So I don't think you should be a malicious. I'm not a malicious hacker. I don't think there's anything wrong with that. I don't think you should be a malicious,
I'm not a malicious hacker,
I don't want to destroy or hurt people.
I really want to show people
the lack of security that exists today
and hopefully help protect them
and teach other people what they can learn.
So you have, I think in the,
let's just say the mainstream
perception of hackers the white hats right just like spy versus spy you got the good guy
sure you got the black hats right the bad guys and the malicious folks and then you have the
gray hats or the people in between uh how do those different groups think philosophically because like i guess the the
idea being uh if you look at the stallens of the world the hitlers of the world they absolutely
and i'm not equating that to black hat at all but i'm just saying they believe themselves to be doing the right thing. Right.
So what are the philosophical orientations of those different groups?
Um,
you know,
I,
I'd say if you're black hat,
you know,
perhaps ignorance,
you know,
perhaps ignorance is bliss.
And I've learned that I'm ignorant of a lot of things when I don't think about
it.
If I don't actually take the time to sit down and think, how does this, let's say, affect someone?
How would I feel if I were in this other person's shoes?
I can remain ignorant about something.
And sometimes you want to, right?
Sometimes I don't want to know that.
Well, right.
If you're a guy in Las Vegas who's remotely flying drones in Iraq, blowing up dozens or hundreds of people.
Yeah. You think of it as a first-person shooter game not as a real world exercise i mean i gotta be honest like every
time i eat a steak i'm like i don't uh i'm potentially not thinking about what happens
yeah right more and more i do think about this now um but i love a steak so i'm like maybe i
should just be a little black cat in my food etiquette.
Black cat carnivore?
Yeah.
I mean, oh, man, I love it. So, you know, I'm being ignorant, and now I'm just being silly.
But I'd say, yeah, black hats aren't really – and I think that's true of anything.
If you don't think about how it actually affects somebody, then you're doing that.
Oh, more wine.
Oh, there's more wine to be had, so I shall pour more wine.
What's this wine called?
Oh, this is a somewhat amusing label,
and I may be abusing my housemate's wine collection.
Sorry, housemate.
Sorry, housemate sorry housemate so there's a very trippy
tattooed chick on a what appears to be a motorcycle on the label and the brand is if you
see k i f y o u s e k a y which spells of course f u F-U-C-K-I-E, fuck,
which is such a delectable, flexible curse word in the English language.
For those interested, there is a book called
English as a Second Fucking Language,
all about the use of the word fuck, which is really fascinating.
But I digress.
And we've killed our second bottle.
Can't wait to read the spark notes on that.
Well done.
Good work, Sammy. Good work, Sammy.
Good work, Tim.
So we were talking about Black Hat's stakes.
Another thing.
Were you ever a Black Hat?
Oh, man.
I mean, I guess people might see Black Hat differently.
I think if you're trying to sort of...
A lot of Black Hats, typically what they're doing
is they're hacking for financial gain. i've never hacked for financial gain uh except for all the jobs i've
gotten for hacking uh but not hacking maliciously i would say a lot of hackers and i find a lot of
them you know a lot of the black hats are actually in like romania and russia and a lot of countries
where uh maybe they don't, I don't know, hit
you so hard for doing that.
Maybe there aren't that many laws around that.
Romania seems to be a real hotbed for a lot of that.
I mean, they have like Western unions every like half block.
It's astonishing.
I mean, it's really become a sort of a nexus for a lot of that activity yeah yeah
and uh that's why i'm in romania nine months a year just kidding that's where your summer home
is right that's where my first home is no just kidding um uh but i would say so black cats are
typically doing it for financial financial gain uh and there's so many ways to do it for financial
gain and i learned that a long time ago and um what are some of many ways to do it for financial gain and i learned that a long
time ago and um what are some of the ways to do it for for financial gain okay so uh for one
stealing credit cards uh hacking into companies is actually is almost trivial i'll just say that
anyone can learn how to hack um anyone can learn these things and that's one thing that i'm trying
to teach people it's like how the how computers work how technology works and anyone can learn these things. And that's one thing that I'm trying to teach people. It's like how the, how computers work, how technology works.
And anyone can, let's say break into a company.
If you try a company that for example, does retail.
And if you do retail, then you can, uh, let's say you've saved your credit card somewhere.
You can then steal that database full of credit card numbers.
Um, and you can then sell that.
You can either monetize it yourself, and you can produce credit cards using a mag stripe writer,
and create your own credit cards and use them.
Or you could sell it to someone else who already has that handled.
I mean, there's sort of a little distribution chain that goes down.
That's one simple example of someone who could be an entire novice,
what you might call a script kitty, and who can steal databases full of credit cards and sell it and make money.
This is a huge thing.
This is actually why this is a lot of what the Secret Service does.
Besides protecting the president, it's also protecting money.
And online is the easiest way to steal money.
Also, as you saw, Pablo's. He probably w waved he probably waved something it's my guess word rfid based yeah
he stole your credit card uh number because these are yeah just to just to explain one more time to
folks this was many years ago too this was not recently and he had a small handheld device that he waved at the
front row while giving a keynote and was able to capture all their credit card information
from their wallets amazing oh god so yeah you're just getting credit card numbers i mean the
beautiful thing about that that r of id that rf that's radio frequency right same thing as stealing
cars um you can just walk through times square and just steal numbers without ever touching a person
it's insane so you can then sell those right there's a black market there's a market that
where does someone go to sell credit cards uh i can give you a list of sites no i'm just uh there
there's a lot of there's forums it's typically private forms there's also government you know
governments uh definitely in those forms as well but yeah governments who buy those credit cards
who buy those credit cards who try to track those credit cards i subcontracted for a company
uh for 13 years ago that uh worked with fbi and what uh what we were doing was tracking down
a huge thief of credit cards.
And they had not only penetrated a company
that had credit cards, like a retailer.
They had penetrated, the hacker group
had penetrated a gateway.
A gateway is who your credit cards go through.
Today it would be like a Stripe or a PayPal.
Or an author authorized.net.
Authorized.net, exactly.
So it's a credit card processor.
The people who get all the credit cards
from all the companies online,
and they had penetrated one of those servers.
And we had found this.
The FBI told us, and we investigated,
and we had a little bit of authorization
to hack
these Romanian servers.
Surprise, surprise.
Muchumesc.
Yeah.
So I essentially
Chifac, be in there. I've spent a little bit
of time around the Romanians.
They're a fun group.
Talk.
Essentially our job was to track them and find them.
And we did.
After I found one of the hackers and found their chat room
and chatted with them and became friends,
they'd send me pictures and I saw this guy's new viper in his in his
garage brand new viper cash oh wow nice romania cash power move yeah it's like new jack city
style in romania yeah and uh that's how we found them and um i mean the crazy thing is so many
things are hacked on a daily basis and we just don't know. And a lot of the times, companies are required to tell their users.
Not everyone tells you that you got hacked, right?
We hear about hacks all the time now.
And it's unfortunate,
but so many companies are being hacked and don't know it.
What do you think of using services
like a one password or LastPass or whatnot
to try to improve your security with passwords yeah
that's a that's a tough question for me um just because i'm unsure how i feel about them um i
don't i personally don't subscribe to them just for the fact that they seem like a big target
right if i were if i were a high value target yeah if i'm hbt is it's a i would be like analyzing
their code every day trying to find a flaw so that when i want i could then get when i do hack
computers when i do drop you know some malware on a website i then get all your passwords not just
you know not just one yeah so the idea is however in general i think they're doing a good thing
because i i believe if you're a person who uses the same password for every website,
I believe it's superior to use a program like LastPass or, yeah,
Abine has another password manager.
One password, whatever.
Yeah, so I believe it's better to use those than to use the same password everywhere.
What I would suggest to everyone
something i do i don't make ridiculous passwords that are hard to remember i make really easy
passwords to remember and they're just really long usually lyrics in a song oh yeah you know
welcome to the jungle baby exactly etc etc etc think of your you Puff Daddy song.
Dr. Dre.
Oh, money.
Choose some lyrics.
It doesn't matter if there's not crazy exclamation marks and capital letters.
You don't need all that. If it's really long but easy to remember, that's much better than an exclamation mark in the middle.
For a short password. And you can remember it right for your bank you use stuff related to bling you know for
a different website just what's you know what makes you think of that website what other precautions
uh you freak me out i i hadn't mentioned my name before but i will now with the hijacking of laptop cameras. Okay. So I just got a new computer.
I need to cover up that camera.
But what other precautions would you suggest that people take?
Well, I'd say there's a pretty advanced technology
that you can actually use to protect you
against someone invading essentially the camera.
Recently, people have found that they've been able to enable the MacBook cameras without the light coming on.
Wow.
And supposedly the FBI has been able to do this for years, but now it's been found by other people.
And demonstrated.
Demonstrated, right?
So there's a pretty advanced technology that came out a long time ago called the Post-it.
And you can apply the post-it just
above just over the camera and when you wish to skype or facetime um you can lift said post-it
exactly or masking tape correct which was my my go-to correct what uh are there any software programs or applications that you use to improve security or anonymity on your computer?
This is a weird one.
And this is something that I will...
This is...
It makes me feel funny.
There's a software called...
Could be the one.
There's a software called TrueCrypt.
TrueCrypt.
Correct.
TrueCrypt. This is a. Correct. TrueCrypt.
This is a software.
It's open source.
It's been developed to help you encrypt your either hard drive or folder or flash drive.
And it allows you to say, okay, if you have information you want to protect, you can encrypt it with this software called TrueCrypt.
It requires a password.
And no one knows who created TrueCrypt. It's always been
open source. It's probably been a team of developers. And that's really cool. Recently,
maybe a few months ago, the website changed. And it said, TrueCrypt is insecure. Don't use it.
Go use something else.
And that was it.
The author said that, and it was done.
This is one of the craziest things.
There are very few products or pieces of software out in the world that are anonymous,
that are run by anonymous group, and that are successful.
TrueCrypt is a success.
When I say success, i mean people who want
protection use true crypt so it's kind of scary to hear the thing that you've been at least if
you're in my world you would be using true crypt if you want to protect information because it has
a wide base of users of smart users who already understand cryptography and who want to protect their stuff
and aren't just using something random off the shelf
that just may or may not have flaws
because it's open source,
it can be analyzed and audited by other people.
And just recently, probably within the past few days,
an audit of...
Past few days.
The past few days,
an audit of TrueCrypt has been completed
because for a long time,
people have been saying, we need to audit TrueCrypt just to make sure it's secure. And an audit of TrueCrypt has been completed. Because for a long time, people have been saying,
we need to audit TrueCrypt just to make sure it's secure.
And an audit has been completed, and there were some minor flaws,
some flaws that could be exploited, but nothing huge, nothing wary,
nothing like, oh, there's a backdoor in here.
So why do you think that message was put out?
Oh, man, I have no idea.
I mean, the question is, did someone... there have been some interesting things that have happened recently, especially with the revelations of Snowden. For one thing, there's these gag orders that we've now learned about that sometimes the NSA can send a gag order and say, you know, we want information and you can't tell your users, you can't tell the public that we gave you this gag order.
So I think some sites are actually employing something where they say, we have never been asked by the government to provide any information.
Which is completely incorrect.
They put this up before they've ever been asked.
So if they're ever asked, they have to take it down.
So this hasn't been tested in court.
But the idea is...
That's clever, though.
So no, no, it's like a plausible deniability thing.
Exactly.
One of the cool things about TrueCrypt is that...
TrueCrypt, T-R-U-E-C-R-Y-P-T.
Jesus Christ.
Let's have some more wine.
Yeah, yeah, yeah.
TrueCrypt.
One thing that's really interesting about TrueCrypt
is that it has a feature called plausible deniability.
For example, if you're at a border
and someone requests you to give them your password,
you have to.
In border crossings, you have no...
I mean, they have full jurisdiction.
They can do whatever they want.
So if they ask you for your password,
you have to give it.
Or you could just go to Mexican jail.
Not an attractive option, generally speaking.
Right.
Comes back to our losing your front teeth,
losing your thumbs question. Right. So you can just... Comes back to our losing your front teeth, losing your thumbs question.
Right.
Or teeth.
So if...
There's an interesting feature with TrueCrypt
where you can apply two passwords to a hidden drive.
Or I'm sorry, not a hidden drive, an encrypted drive.
So let's say you have an encrypted folder.
It has a password that unlocks it.
And if you go to the border and they say,
give us your password, you
have to give it up. And now
those files are for them to
use as they please.
TrueCrypt has a feature where you can use
two passwords.
And it decrypts the same drive with
two different passwords. So one is a decoy?
One is essentially a
decoy.
And the beautiful part about the way it works is that the data is all randomized when it's encrypted.
There's no way to prove that you're using the secondary password.
It's impossible to prove.
Today, it's impossible.
We know of no possible way today with the existing technology to show that there is one or two passwords used.
Most people only use one. Most people only need one because they don't care if the government gets this information.
They're protecting corporate secrets, for example, or they're protecting private pictures
or whatever.
Some people do care.
And if they do care, they can use this additional feature where it uses essentially the same
encrypted method.
And when you give up the
password there's no way to prove whether there's a secondary password in use or not um so that's a
really cool feature i think when and i think plausible deniability is really interesting
it's a really interesting thing to play with super interesting i know guys who uh these are
ceos companies who go to china and they will always bring a effectively blank netbook with them to China because they assume whenever they check into a half decent hotel in China that their data is immediately being downloaded from their computers.
Absolutely.
And man, having spent some time in china that would not surprise
me in the least oh absolutely yeah i mean just recently uh i mean literally in the past few days
as well uh china's uh certificate agency the the people who encrypt all the web traffic in china
gave out a fake certificate for google.com so that they could essentially, well, they claimed that it was an accident.
Who knows?
But essentially, if you're using them, if you're in China,
and you go to a google.com domain or like Gmail, for example,
that you believe is encrypted, they can encrypt everything.
Oh, Jesus Christ.
They can read your email, for example.
That is a very literal example of those of you speak chinese that is
zhou homan zhou homan this is taking the back door which is an ex which is an expression used
typically to refer to say you know bribing officials or something like that doing something very unofficial that gets official results but uh accident come on
so uh i'll say when it comes to tools if you're looking for more tools i keep a private it's just
my personal list of what i'm using today and it's if you want to see it sammy.pl slash tools
this is a rad list i've looked at this before guys so you should check it out it's just a google doc
i keep it uh i don't i usually just send it to my friends but uh if people are interested in
what i'm using today this is my updated list of what the software i run pretty much cool
sammy.pl forward slash tools all right cool i'll link to that as well uh do, do you read much? Do you read books? I don't.
Um, I was about to say I used to.
No, I never did.
No, I've read, I've read, I read here and there.
Um, and I'm pretty much what I do is like, I'll read a few pages and I love Amazon because
they let you read a few pages.
And if I'm, you know, if I feel addicted and sometimes i'm you know if i feel and you know addicted
and sometimes i do then i keep reading and i buy it what are the last books that have
caught your attention that way caught my attention um or books that come to mind that have okay okay
i mean lately i've been like into mechanical engineering so i've been reading mechanical
engineering books but i'd say things that like have affected me um and changed changed me that i think are really cool um
i would say one book is called influence by robert cialdini yeah definitely uh i learned that about
uh i believe it was stan who told me about that and And when I was 16 and I read that, I mean, this came out before I was born.
It was in the early 80s.
Jesus Christ.
Wait, when were you born again?
85.
Good God.
Youngin'.
Little sea monkey pup.
Continue.
Sure, sure.
I had my age come crashing down upon me.
Please continue.
So, Influence, it's a book about influence and how humans can be influenced and persuaded to do things.
I don't recall whether it's a book for salespeople or for like manipulating people or how to protect yourself.
It's a little bit of all of it actually.
Um,
and I love it because it was a very systematic and analytical approach to the
most common ways that human beings have been known to be influenced and
persuaded to do something.
You could use it for sales.
You could use it to,
uh,
attract people.
You'd use it for,
I mean,
these are life skills. I, these are life skills.
I believe these are life skills.
Definitely.
Scarcity.
Absolutely.
Time restrictions.
Sure.
Social proof.
I have to run to save some penguins, but.
Right, right.
Yeah.
Yeah, these are common principles.
And that's likability too, right?
To save some penguins, like, yeah.
Likability.
So, I mean, those shaped me. too, right? To save some penguins. Like ability. So those
shaped me. I mean, to understand
how I could, and it's not
influence people in a negative way. I mean,
it can be used that way, but it's
how can I socialize with the humans
around me and how can I befriend people
and how can I
use reciprocity to
have people in my life who
I like and respect and appreciate?
And I want them to respect me back, right?
I want them to appreciate me.
So how can I use these tactics and methods appropriately to do that?
What, when you need to be in the zone for coding or anything else, what music do you listen to these days?
Okay, cool.
That's a great question i
love love music um i go to i listen to a blog audio mal audio molly.com audio molly audio
molly.com that's an amazing name we can take that a lot of directions but it's amazing that it's like it's edm so it's a lot of electronic dance music and um they have uh it just sort of like the it's the latest stuff but it's not it's not
poppy it's man i mean i don't care if it's poppy or not it's just if it's really good
then i really like it so i'd say lately i've listened to a lot of electronic music so uh i know you've had man
you had someone from the glitch mob on yeah beretta justin great guy man i love the glitch mob yeah
they're great i mean they came out with an album maybe a year ago or two years ago and they're
one of my favorites so i would say that kind of music um uh like the gliss mob i mean infected mushroom uh infected mushroom yeah
another what is this audio molly infected mushroom
i mean they're they're those guys are amazing they they play every year i've never heard them
they're they play every year at avalon and they're always in kind of the latest technology.
And they use, like, they have these massive,
most DJs, they just hit, you know,
some people say they hit play,
some people say they scratch, whatever.
These guys have these massive, like,
42-inch plexiglass screens in front of them that you, as the audience, can see.
You can see what they're doing.
They're plexiglass with projection
of what they're doing on top.
Oh, that's cool.
It's very Minority Report.
Oh, so Minority Report.
Yeah, it's this device called the emulator
that they're using and they're tapping
so everyone can see what they're doing.
They're on the stage live, right, DJing.
And it's like so futuristic.
It is exactly Minority Report in EDM.
So electronic music is what I listen to a lot.
What was it?
Infected Mushroom?
Infected Mushroom.
They've been around for many, many years.
An Israeli duo.
This is Israelis.
Yeah, yeah.
So proactive.
And they're always keeping up to date with sound.
I think they appreciate quality in their work.
I really like that.
Very cool. I'll ask you a question i haven't asked in a while uh if you had to conjure a face
and a name to correlate to punchable
punchable yeah okay what comes to mind oh i don't i don't know i don't
i don't usually want to punch people it could be a conceptual punchable man foe of some time
tim tim that's a fair answer no no people want punch me too. I don't want to punch you. I don't really want to punch people.
Shake. You want to shake them really hard.
Chris Rock's style.
You don't want to punch them. You just want to shake them.
Okay. I got one.
I don't know who they are. I don't know their names.
Alright.
And I'm not upset at them because I know it's not their fault.
But
these people making these map
softwares for our phones.
Just having driven with you recently, this is perfect.
I mean, when iPhone came out, Google Maps was there.
And it wasn't Google.
It was Apple slash Google Maps, which was one of the most beautiful harmonies I've ever seen.
It was the most effective map software
for a mobile phone ever.
And then Apple said, no,
we don't want your Google stuff.
We're going to come out with our own maps
and we removed this original map software.
And instead of Apple coming out with beautiful software
like they normally do,
they're like, here's some shitty software for you.
Clap your hands.
And that was awful. and then google maps came out and they they came out with their amazing their amazing google back end and then they're they're
they had to design their own app so they had their ui people and and their ux people i'm not sure
what ux people but they came out, their user experience, and they're like, here's a seal trying to tell you how to get around town.
Seal, like art, art, art.
With amazing backend.
That's what I love about Google.
It's a bunch of engineers, but that's it.
I need more.
There's more than engineers there.
I know it.
So show me more than the engineers.
I understand the engineering back end but there's
this beautiful creative front end that's like people who actually sit down and use their software
and it was when i was shaking my phone in anger recently and i was like yelling at my google maps
and i was like why won't you just tell me where to go why do i have to seven times to get to new
directions and uh it said do you have a suggestion
for us what are you talking about what do you mean do i have a suggestion how do you know you
know what i'm saying are you listening to me that's possible um and a few days later it happened
like a week ago i shook my phone in anger yelling at it google maps i said do you have a suggestion
and i said how do you know this how do you know i'm upset are you like
reading is it like scientology where they have that e-meter and they can like read your like
spiritual harmonics or something um and i was like they must be like listening to me that's not cool
that's unacceptable uh and then i shook the phone and it did it again oh wow someone was
exactly someone at google was pissed off enough that
they're like oh yeah i shake my my phone when i use google maps all the time we should implement
this so i mean you know i do love google maps and i love google and they do some really cool
stuff but i shake my phone a lot you want to you want to punch google maps in the face sometimes uh what advice how old are you right now i'm 29 oh man getting old getting old but uh
i think i'm gonna reverse it we'll see you've reversed it i know no i'm working on that i'm
just i'm just gonna keep up with your blog and all of my drug regimens uh what would what advice would you give your
20 year old self uh 20 year olds stop committing felonies you can't use a computer idiot
you're sitting there what about 15 15 oh okay stop stop wasting time in school uh stop wasting time in school um i mean it depends
it depends who i'm talking to um if i'm talking to myself what would i say um
uh man i mean so so much I could tell myself, uh, invest in Apple.
Uh, um, I would say, I don't know, just, uh, you know, go with the flow.
Like I've always tried to go with the flow.
And I learned early on, I think learning, like reading about people meditating or something
that just everything's kind of cool and everything's okay.
If you allow that, you're pretty much in control of your own destiny.
I wish I could say that for myself as much as I like.
But, you know, you're in control of your emotions.
So try to not worry about things so much.
And I really try not to worry about things.
Try to be good and at this point in my life yeah i guess i would say i would say one thing i would say the
same thing i said earlier try to do whatever the hell you want to feel good without intentionally
hurting someone else that's what i'd say that's good good advice. That's what I tell myself. So where can people find you on the interwebs,
whether it's your site, YouTube, all of the above?
Yeah.
So I'm doing one thing now.
I'm doing new YouTube videos and also just write very,
very detailed write-ups and teaching people how to hack,
how to code, how to reverse engineer, and also teaching just regular consumers,
everyday consumers who have things like phones and computers and cars, how to protect themselves.
And then demonstrating them really cool exploits and vulnerabilities like how to steal cars.
So I'd say the best ways to follow me,
you can follow me on Twitter.
It's at Sammy Kamkar, S-A-M-Y-K-A-M-K-A-R.
Or follow me on YouTube,
which is my really old username,
YouTube username, S4MYK.
Oh, Jesus, that's terrible.
No, no, no.
Say it again.
What is it again? S4 is like A in hackerK. Oh, Jesus, that's terrible. No, no, no. Say it again. What is it again?
S4 is like A in hacker speak.
Oh, wait a second.
Sammy K.
Give it to me again.
It's like Sammy K.
But Sammy K was taken, so I had to take S4-M-Y-K.
Oh, that's not so bad.
It's kind of bad.
It's bad, but it could be worse.
It was just like I never thought I'd use this.
S4-M-Y-K? Yeah. I used to play Halo on Xbox and also was S4-M-Y-K. It could be worse. It was just like I never thought I'd use this.
S4MYK?
Yeah.
I used to play Halo on Xbox and also was S4MY. So quick side note on Halo.
I had a chance at one point.
I had only played Halo once before and then I had a chance to play –
I think he was a world champion at the time, a guy named Fatality,
and just got fucking obliterated.
Oh yeah, he's totally pro.
I think I saw his billboard on
Highland Avenue.
Oh yeah, he's well known.
This was a couple of years ago.
It was my second game ever
and just got so
manhandled. It was
utterly embarrassing.
Beyond embarrassing. Alright, so we got you on
youtube uh we have you on twitter i will i will link to all those in the show notes as well
and just anywhere else just my website um samy.pl samy.pl that's where people can find the tools as
well they can find all my tools almost everything i do is open source. It's free. I have a mailing list where I just
send sneak peeks of
new vulnerability research and
tips on how to protect yourself.
Awesome. This is super
fun. We need to do
more of these.
For those interested, I also did
a TV show where Sammy
made a guest appearance.
That should be available at
iTunes.com forward slash
Tim Ferriss.
T-I-M-F-E-R-R-I-S-S
Two R's, Two S's.
Or potentially on YouTube.
YouTube.com forward slash Tim Ferriss.
Also with two R's and two S's.
Sammy, thanks so much, man.
Thanks, Tim.
More wine in the future.
Alright, looking forward to it.