151: Chris Rock — FireHose

title: "151: Chris Rock"
author: "Darknet Diaries"
source_type: podcast

content_hash: 42648258bd23134dc22d430a9e87bbeea9df0d2d870cde73400098f9b9e30aff

JACK: [Music] Just a content
warning from the top here;
there’s quite a few swear words in this one. I
don’t know, do these content warnings even help
anyone? Let me know if you like knowing
if there’s swear words coming up or not.
Someone who’s been on my radar for the last decade
is a guy named Chris Rock. Not that Chris Rock; a
different Chris Rock, a white guy, an Australian.
I know him as a security researcher, but as soon
as I got on the call with him, I started learning
that he’s way more than just a researcher.
CHRIS: Yeah, so, I’m a public guy for my research,
but not public for that side of the business.
So, for me it’s — for me it’s just a gig,
and whether it’s white or black, it makes no
difference to me. So, I think that sort of…
JACK: Wait; so, have you
done black-hat gigs before?
CHRIS: Oh, shit, yeah. I’ve been doing them since
I was eleven years old. This is the norm. I know
a lot of people — and the white hats say, oh, I
used to be a black hat and now I’m not. For me
it’s like, I didn’t give a shit whether it’s
white or black, are you a hacker, yes, no…
JACK: But hold on a sec. But the black
hat indicates that you’re doing criminal
activities. So, you don’t give a shit
if you’re doing criminal activity.
CHRIS: No, not at all, not at all. It’s funny;
I meet with a lot of people who do the whole
‘hacking is not a crime’ and all that sort
of stuff. It’s all full of shit. That’s their
public persona to keep their job safe. But at
the end of the day, when you have a beer with
them and you talk shit, it’s all bullshit. So,
I’m essentially transparent about what I do.
JACK: So, what black hat stuff
have you done? Not when you were
eleven. I’m sure you stole your
mom’s credit card or something,
but that’s small potatoes compared
to when you’re an adult, I suppose.
CHRIS: We’ve done everything. We’ve done banks,
we’ve done government, we’ve done telcos,
we’ve done big oil companies just
out of exploratory processes. Like,
yeah, normal stuff. When I say ‘normal
stuff’, normal for black hat people.
JACK: No, I’m not tracking. So, you’re telling me
you robbed a bank and then just took the money?
CHRIS: Yeah.
JACK: [Laughs] Chris, what are you doing?
CHRIS: [Laughs] For me, it’s an exercise. It’s
just, can you do it? Yes, no, transfer. There’s
a lot of people around the world that will pay
you to get into these banks and transfer money.
JACK: Yes — [laughing] you’ve broke my brain here.
CHRIS: Sorry, buddy.
JACK: I don’t even know where to go.
CHRIS: You got multi-angles and — look, you may
not — we may not be able to cover it all in this
call. It’s just an exploratory call.
JACK: [Laughs] It’s like, ten calls.
CHRIS: I mean, the hard thing with you,
Jack, is you’ve got a thirty-something
career that you’ve gotta stick into an
hour block. It’s not gonna fit. So, it’s a…
JACK: Okay, have you ever been arrested?
CHRIS: No.
JACK: How are you this good that you’re
able to rob banks and not get arrested?
CHRIS: It’s not that I’m that good. It’s
just, you have to be stupid to get caught.
You know what I mean? The world’s your oyster.
I mean, we get raised in this world — I mean,
I train forensics, anti-forensics, and it’s just
the norm. Like, it’s — I feel sorry for the people
that do get caught because, man, you shouldn’t be
hacking shit that — when you’ve got five years’,
ten years’ experience. Once you’ve done
it for twenty plus years, it’s just easy.
(Intro): [Intro music] These are true stories
from the dark side of the internet. I’m
Jack Rhysider. This is Darknet Diaries.
JACK: Alright, so, who are you and what do you do?
CHRIS: So, my name is Chris Rock. I’m fifty-one
now, so my career started when my parents bought
me my first computer, which then it was an older
computer, but it was the Atari 2600. From there
it went to Commodore 64 and Omega and then IBM.
So, I was born at the right time for computers.
Loved hacking. I’m on — I consider myself on the
spectrum. I prefer the company of computers than
people. So, for me, spending sixteen, twenty
hours a day in front of a computer is natural,
and I’ve done it since I was ten or eleven
years old. So, you spend that much time in
front of something, you become good at it. So,
I’ve spent my whole — the last forty years on a
keyboard. Then I went to university at eighteen.
Didn’t like uni. It was coding. I hate coding,
so dropped out of uni. Uni wasn’t really
for me, so then I went into the sector. So,
it was IT slash — really, IT; eighty
percent, then security; twenty percent.
But I went into the banking sector. So, I spent
the next ten years in banks, in Australian banks,
which you could probably tell from my accent.
Ten years in banks, and then someone said to me,
what do you want to do now? I said, you know
what? I want to do some pen testing. Then I
set my own pen-testing company, so I did pen
testing for another ten years after that around
the world. Then one of my customers from pen
testing wanted the same solution. I said, look,
I can help you out. I can stitch some open-sourch
products together like Elastic and stuff like
that. I did that and they really loved it. Then
they said, why don’t you give it to the rest of
the world so they can have a look at it? Which
seems to be the platform they’re running now,
SIEMonster Version 1. So, we rolled that
out. It got a lot of traction. Essentially,
that’s my full-time gig. I am the
CISO of SIEMonster, S-I-E-Monster.
JACK: What a SIEM does is it collects all
the security logs of an organization and
alerts when there’s a security incident,
and Chris made his own called SIEMonster,
which came about because he was breaking
into companies and saying things like,
oh, if you had logging turned on, you could
have saw me. Those companies were like, well,
set up logging so we can see you. So, he’s
got quite a bit of experience in both the
offensive and defensive side of cyber security.
[Music] So, while I was talking to Chris,
he started telling me about a job that he had in
the Middle East, and I’m not even sure what kind
of job this was. It’s not exactly a penetration
test and it’s not exactly an incident response.
CHRIS: ‘Research and engagement’ is
probably a better word for it. So,
when I was doing pen testing, people would
say, Chris, you seem like a guy that would
do outside activities, and then I would get
approached for these outside activities and
then — around the world to hack into
this person, hack into this company,
and get these secrets and that sort of
stuff. So, essentially both paths I work in.
JACK: So, through word-of-mouth, there’s
someone in the Middle East who needs a
hacker’s help and heard that Chris is the
guy to call for these sort of things. So,
he calls him up and says, can we meet?
CHRIS: Usually they do it in person. So, in
this case, I flew to a neutral area. So, I flew
to Istanbul in Turkey, and then met over dinner
to talk about the exercise that he put forward.
JACK: That’s quite — I mean, already
I’m intrigued, right, because it’s like,
hey, we have this job; if you want
more details, meet me in Turkey.
CHRIS: Yeah, it’s — and I say it off
the cuff because that’s natural for me,
and I know a lot of pen testers don’t see that
side of the world. They see it in a forensics
report or incident response, but once you live it
and you go through it — a very interesting world.
Jack, I’ll use you as an example. You
get paid every week/fortnight/whatever,
and you get your paycheck. Tax comes
out of it and stuff like that. But
when you’re on that other side, it doesn’t
work like that, obviously. There’s no tax,
but you gotta get your money and things are
expensive; burner phones, burner laptops,
crypto, peer-to-peer money, getting your money
washed, all that sort of stuff. Different world.
It’s a great learning curve, but a lot of us
don’t get to experience that sort of stuff.
JACK: Well, yeah, what is this engagement? Tell me
more about how this was pitched to you
and what you — what’s the job and stuff?
CHRIS: Yeah, so, I met this guy. We’ll just
call him Mike. I met Mike, and Mike worked
for a company. They were rich Middle Easters
who — essentially, he was one of five brothers,
and each of the brothers was worth about a billion
dollars. But he was only worth $200 million,
so he was like the poor loser of the
family. I know that sounds really weird,
but he had to take bigger risks to compete with
his brothers to get to that billionaire status,
and that’s why he would engage hackers to
assist him with his business activities. So,
in this case, it was put forward to me that
one of his subsidiaries, he thought that they
were stealing money and then moving that money
to another company, another offshore company,
and also the IP from that company. So,
he asked whether I’d be interested in
finding out whether it was true and then
to recover as much money as possible.
JACK: Huh. We’re dealing with a few mega-rich
billionaires from the Middle East here,
but the one brother isn’t quite a billionaire yet,
and he’s keen on hiring a hacker’s help to
investigate where some of this money went.
CHRIS: [Music] In this exercise, it was a
cash deal. I was offered gold in a briefcase,
which is pretty fucking useless, getting gold
overseas. But you get — you either get
offered different types of currencies.
JACK: Gold in a briefcase
is what they offered you?
CHRIS: I know, it’s — I know. When I heard that
story, first of all, I thought it was just a shit
story. But no, they had cash ready to go for
the exercise. But they said if I prefer gold,
I could get gold. So, being not a native from that
part of the world, it was pretty useless for me.
JACK: Okay, so, did you meet with this
multi-millionaire directly in Turkey?
CHRIS: No. You always go through an agent. So, I
don’t want to sound rude, but when you’re dealing
with Middle Easterners, you don’t actually
deal with the Middle Eastern guys. You deal
with — I’ll say you deal with a white
guy, because they don’t want to have
any direct link to the foreigner. So,
I met with an agent of the rich guy,
and he was from South Africa, and him
and I discuss what was required; targets…
JACK: Chris, this is not a normal incident
response or engagement or exercise or whatever
it is you called it. When I hear that they wanted
this extra layer between the client and you,
it makes me think that they want plausible
deniability. So, if you get caught,
they could be like, we don’t have any Aussies
on our payroll. I’m not sure who you have,
but that’s not our problem, and they’ll just leave
you in the dust. Do you see it that way, too?
CHRIS: See, the answer; yes. You are spot
on. It was essentially one level removed,
and the reason I hesitated with my language
before about — talking about a white guy — we
refer to them as skirt-wearers. So, the Middle
Eastern with their long garb that they wear — so,
a skirt-wearer will not meet a Western guy.
So, there’s always a Western guy dealing with
a Western guy. That’s the language that we
would use for these sort of assignments.
JACK: So, since this client has heard that
Chris has done some mercenary-type work before,
they wanted him to come investigate this theft,
see if he can help them build a
case against the guy who took it.
CHRIS: Spot on, and there’s parts of the
world that essentially are the Wild West.
So, the Middle East, for example, they do not give
two shits about the law or that sort of stuff. So,
if they need — even if you need to hack
into a money to get their money returned,
they’ll do it. You need to hack into the
company; do it. It’s normal, and when
you’re dealing with government-sponsored
stuff, it’s normal activity for them. So,
don’t put your American brain on it.
Think of it as like the Wild West.
JACK: [Music] Now, typically with a penetration
test, you are given a scope, you know? Like,
you can hack into this stuff, but don’t hack
into that stuff. But he wasn’t given a scope.
He was told, by any means necessary, conduct your
investigation. On a typical incident response,
you’d be given some internal network access
or at least access to some logs or documents
to comb through to figure out what happened.
But here’s the problem; all this company knew
was that they gave this money to an investment
firm and they didn’t get what they expected. So,
they wanted Chris to pretty much do the
incident response by getting into that
investment firm and combing through their
logs and documents to try to find proof that
they did misappropriate this money or steal
money or steal intellectual property. So,
really, all they gave Chris was this
suspected company’s name and the people
who worked there. They were like, here’s our
suspects. We don’t have any other details.
CHRIS: No. We got a list of names —
so, there’s eight names — and what
information they knew about them, whether it
be phone numbers, personal e-mail addresses,
work e-mail address, name of the
company. Nothing else. It was
completely then ‘earn your fucking money
and get in by any means necessarily.’
JACK: So, the names you were given
are the employees that work there?
CHRIS: Some in the company and some outside
of the company, because the theory was that
money was going into this company and then going
out to another company, another investment firm,
that was essentially going to steal the IP
from the subsidiary and then launch another
iteration of that with the IP and the funds that
was coming from the original investment company.
JACK: So, what are your first steps?
What do you get going? What do you do?
CHRIS: Yeah, so, the first step — so, we
had a number of targets. It wasn’t a single
target. [Music] We had essentially eight targets
on our list. So, essentially — we essentially map
out the person, the internet-dumb research on
who this person is, how they live their lives;
LinkedIn, social media, all that sort of
stuff, getting that sort of information,
obviously phone numbers, e-mail addresses,
physical addresses, and stuff like that,
and then Plan An attack. Like, who are we
gonna go after first? Are we gonna go after
the prime target first? I’ll use the guy
— Bob, Bob and Alice is a easy one to use.
So, in this case, we were — the prime target was
Bob, but we had all these other targets like Alice
and Jane and all that sort of stuff, and maybe
we don’t go after Bob first. Maybe we map out
these other people first. So, when we do an
exercise like this — and we’re talking big money.
When we do exercises like this, we own — we don’t
just send a blind e-mail and then just like, oh,
they’re onto us or oh, we got in successfully.
So, we’ll essentially own their whole world,
so — and we talk about Level 1, Level 2, Level 3.
So, Level 1 is their inner circle. In this case,
Bob’s wife, Bob’s kids, all that sort
of stuff. Then you have a Layer 2,
things like accountants, lawyers, gyms,
all that sort of stuff for Level 2.
Then you have the 3, the affiliates on the
outside. So, we might target — in this case,
we would target Level 3, Level 2 first.
When I say ‘target’ — as in own e-mail. So,
you could actually — if we sent an e-mail to Bob,
he would reply to it and wouldn’t think it’s
dodgy, if that makes sense. Not from Leah.
Dodgyidiot@Gmail. com — that’s actually a real
person. So, we would target Level 3, Level 2,
and then once we’re comfortable with all those
assets — now, I know that sounds very exhaustive,
but when you’re doing these sort of gigs, those
Level 2, Level 3 come in handy down the track.
JACK: Whoa, this guy’s serious. I’ve told you
many times, don’t open attachments on e-mails
or click on links from texts from people you
just don’t know. But what Chris is doing is
he’s targeting people this guy Bob did know,
getting into their e-mails and their network
first so when it’s time to target Bob, he’ll
be sent an e-mail from someone he does know,
and perhaps even a document that he’s been
expecting. Like, for instance, if you get
an e-mail from your doctor with the lab results
included, that would likely be an attachment that
you would think is safe to open. This is the kind
of stuff that Chris was trying to do to avoid any
suspicion that Bob is being hacked into or spied
on. This, to me, has a level of sophistication
that I’m impressed by. Yeah, so, what made you
interested in Bob as opposed to the other seven?
CHRIS: Bob was the boss. He was the — he’s the
CEO. So, he’s target number one on our list.
If you got a deck of — American deck of cards,
he’s like the Ace of Hearts, if that makes sense.
JACK: Mm-hm. Okay, so, you
were gonna start with him,
and if you need more information,
you’ll go down the line with the other…
CHRIS: Actually, no, we didn’t reverse order.
Remember I talked about — we did a Level 3 first,
Level 2, Level 1? So, we essentially start
bottom-up because we want to have — you
don’t want to send a blind e-mail. You need to
understand. You need to read the e-mails and get
the personality of Bob before you approach Bob.
So, you need to know if Bob’s dealing with Jane,
what’s the normal language flow between Bob
and Jane? So, you compromise Jane. You get
the From e-mails from Bob so you can see the
language and what time of day e-mails get sent,
that sort of stuff. So, we do not do the
first target until last, if that makes sense.
JACK: So, as Chris gets to know
more about Bob, he starts hacking
into everyone around Bob; [Music] their
e-mails, their computers, their phones,
their locations. This allows him to see who’s
in Bob’s orbit, and how does communication
look between them? At the time, Chris had some
really nice vulnerabilities in Adobe PDF Reader,
and would send e-mails to someone and
getting them to open the PDF, and that
would allow him to install a remote-access
Trojan and get access to their computer.
CHRIS: Yeah, so, in that case, the Adobe was
enough to get probably four or five of the
eight people and also the subsidiaries.
So, a lot of the pen testers who listen
to this will know that once you’ve got
remote shell, it’s pretty much game over,
and it’s things like key loggers and stuff
like that. But the more complex things that we
did is — we didn’t have access to the investment
firm that Bob was moving assets to or IP to, so…
JACK: [Music] So, it was time for Plan
B. Plan A was to hack into the laptops
of the employees of that company, but even
though he could get the Trojan installed,
he just couldn’t get a connection into
their machine when they were in the office.
CHRIS: So, we wouldn’t get their shell — we
wouldn’t get the shell returned to us. So,
it was either some sort of egress back filtering
that we couldn’t get an open shell. So, we would
have PDFs being clicked on, but we couldn’t get
a remote session from the target, so we had…
JACK: Walk me through what’s supposed to
happen here. Is it Metasploit that you’ve used?
CHRIS: So, yes and no. In this case, we
would use Metasploit as a pen tester,
but we would do our own custom PDFs that we
would run against AV. So, we would upload
it against VirusTotal to make sure nothing
picked it up. So, we would send the PDF off,
that when it was double-clicked, it would then
remote connect back to us on a port; port 3,
whatever that we thought would get back through an
egress port back to us that would then essentially
have a listener like Metasploit, but we would
have our own listeners listening in this case.
JACK: He wanted to get into the company’s
network. He was hoping there he’d find some
file servers or something which could offer him
more evidence of what got taken. This company
was a small investment company and didn’t have
a dedicated office, but instead was working out
of a coworking type space, kind of like we work.
But to break into an office in another country,
you really need to come prepared. You need all the
plans; Plan A, Plan B, Plan C, and escape routes,
too. This isn’t a mock exercise. This is playing
for keeps, and potentially very dangerous.
CHRIS: The first plan never works. It’s just
one of those things in life. It never works,
so — and if it does, it’s like, man, that
was the one-in chance — you’re right,
multi-gear — it’s one of those things.
You have to plan for the worst.
JACK: The goal was to get access to this company’s
network, but where’s that company’s network and
how do you get into it without being caught? This
is where the more you know about that company,
the better. [Music] He discovered this company
had a Wi-Fi network set up in the building,
and what’s more is the Wi-Fi they were running
was using WEP encryption. This was years ago
when WEP wasn’t so uncommon. Today we use WPA,
which is much more secure, but WEP had some
vulnerabilities. If you could get a radio near
the WEP Wi-Fi router, you could intercept enough
beacons and packets to get on their Wi-Fi network.
So, that was the goal; get in the building,
get within range of their Wi-Fi router, and plant
a device to listen to and capture the WEP packets.
CHRIS: We actually had to
do custom-built stuff. So,
I got an Italian motherboard — it was the
tiniest motherboard at the time — and then
built up my own Linux stack with Wi-Fi hacking
and things like PuTTY and reverse-shell tools
like Plink and stuff like that that we would
use that we would plant close to the VC firm.
JACK: So, he loads up his kit full of cool
gadgets and flies over to that country.
You got any sort of way you dress
up when you go out to these things?
CHRIS: Just a black or blue suit
with a white shirt and tie. It’s
just — even if it’s fifty-degree heat like
in Kuwait, you just — that’s what you wear.
JACK: That’s not what a
black hat hacker looks like.
CHRIS: I know, I know. Exactly right. So —
yeah, so, a hoodie, all that sort of stuff,
that doesn’t command respect over there, but
suit guy over there in their eyes? Respect.
JACK: He goes to the office building
and starts planning out how to get in.
CHRIS: That’s the easy part. A white guy
in a suit with a laptop with, you know,
someone holding lots of books, someone will open
the door for them. You know what I mean? It’s one
of those pen-testing stories that you’ve probably
heard a million of, that people open doors for me.
JACK: Yeah, but that works in the US or even in
Australia, but if you’re a white guy walking into
a place with a bunch of people that don’t look
the same, you’re not — now you’re out of place.
CHRIS: Your thinking’s right, but when a white —
so, let me show — Middle-Eastern companies like a
Westerner in there because these people have been
trained outside of the Middle East. We trust them.
They’ve been to Cambridge and MIT, all this sort
of stuff. So, it comes with an inherent trust.
You’re right, Jack; your thinking is, oh, the
white guy sticks out of place, but no. Over there,
a white guy — you do what they say. Because
if you’ve done any work in the Middle East,
they employ the best German engineers and the
best English financiers and stuff like that.
It’s not unusual for a white guy to come and
pretty much run the show, if that makes sense.
JACK: So, he’s let in the building no
problem, and it’s a coworking space,
which means there’s a lot of small businesses
working out of this building, and he can use
that to his advantage because everyone is
used to seeing strangers roaming around.
CHRIS: Getting access to the building was really
easy because it was — like you said, it was a
coworking space, and then finding out that they
were on a floor that had one of those communal
kitchens — for us, it was easy as — I didn’t
have to get past a reception or someone — what
are you doing here? It was essentially, go and
making a coffee, pulling the microwave forward,
sticking something behind it, and then, boom, we
had a device planted in to get this last VC firm.
JACK: You said ‘we’ a few
times. Who else is on your team?
CHRIS: Yeah, when we talk — when I’m talking
about owning Level 3, Level 2, Level 1 targets,
there might be twenty targets behind the scenes.
We’re talking about Bob’s doctor, Bob’s lawyer,
Bob’s accountant, Bob’s gym, in extreme cases,
things like Bob’s bank. You can’t do that all by
yourself. That would be a year-long exercise
and it’s not worth the effort. So, I always
work in a team to do these activities just to
make that load easier, if that makes sense.
JACK: [Music] Okay, so, it was fairly uneventful
getting in, but he managed to slip in,
go into their kitchen, go behind their microwave,
plug in this little computer with an antenna,
and then slip out of the building. Now him or
his team can access this little device remotely,
because it has its own cell connection so
that he can just access it from anywhere
in the world. Their first goal is to
get on the Wi-Fi network. To do that,
they’re gonna have to crack the WEP protcol. They
log into that little device and fire up a tool
called Aircrack-ng. What this does is it
intercepts as many Wi-Fi packets as it can.
If you think about it, Wi-Fi is wireless, so
the packets are just flying through the air
all over the place. It’s pretty easy to tune
your antenna to just see them and grab them.
Today’s modern WPA protocols make it so even
though you can grab the packets out of the air,
you can’t see what’s in them. But with WEP
encryption, there are vulnerabilities in which you
could grab enough packets to be able to decipher
it and get into the Wi-Fi yourself, which is what
they did. After running Aircrack-ng long enough,
they got their little device on the office Wi-Fi,
which now they have a little machine on the inside
giving them an inside look into their network.
A network scan shows them a few devices that
are there, and then they look at what ports
are open on those systems, and then they
can guess what devices those might be.
They find a file server which employees were
using to store documents and such. Remember,
this is an investment firm, so they’re
managing a lot of money and have to
maintain relationships with people and know
which businesses they are invested in. So,
all this must be documented somewhere, and
this file server was exactly where it all was.
CHRIS: That’s correct. Then we had access
to file servers and stuff like that,
and e-mail servers, and that’s how we got into
that company that we couldn’t get in
through the whole remote-PDF stuff.
JACK: At this point, Chris has a huge amount
of visibility into this investment firm and the
suspects who might be stealing this money and
intellectual property. He’s got a ridiculous
amount of listeners in place, full access to the
network. Like, he can look at all the files on
their file servers and e-mail servers; full
access to some of the suspects’ computers
through remote-access Trojans that were put on
there, he’s able to see every e-mail in and out,
and he also has keyloggers on their computers
so he can see what their usernames and passwords
were. But he also has access to e-mails and
computers with people around the suspects;
family members, friends, doctors. He’s also
looking to see what kind of bank accounts these
people have just in case he needs to get in there
and take a look to see where money’s going. So,
with all this access, he starts finding
stuff that the client might be interested in.
CHRIS: On file servers you’d start
seeing folders, like a folder,
and then we’re talking about — in the investment
firm, you would see Bob’s — and then you would
see things like IP and stuff like that, which
we would then run past our client, saying,
is this the sort of stuff that you’re worried
about leaking into somebody else’s hands? Then
we would send that to our handler who’d say, yes,
no, yes, keep targeting, that sort of stuff. So,
you’re starting building a picture. This exercise
went for a long time. I don’t want to exaggerate,
but I think this one went for
nine-plus months on this exercise.
It was just a continual string. So, over
that time, you’re reading every e-mail back
and forth. So, you would get all that sort
of information and learning how they speak
and how they think and proper language. So, you
start piecing the puzzles together on what this
guy is actually doing. Because — I’ll say this
polite; we don’t give a shit what he’s doing.
It’s essentially here’s what he’s doing, client.
Is this what you want? Is this what you suspected?
There’s no emotion. Like, we don’t give a
fuck. It’s just a job. Then we would give that;
say, yes, no. How do you want us
to proceed? Then go from there.
JACK: The client kept telling him he’s on the
right track. Keep finding more details and send
them over. Like he said, he maintained his access
for quite a while as he gathered all this info.
But he doesn’t want his presence to be detected,
so he has to be very careful not to be seen.
CHRIS: [Music] So, essentially what we would do
with a black-hat exercise — we might compromise
eight targets around the world, and the last hop
would be from the home country. So, for example,
we might compromise a hotel in Pakistan and
an Airbnb in India or in another country. Now,
these countries don’t part — they don’t
do forensics with each other. They’re
essentially at war with each other. So,
you would hop your traffic across seas,
and then the last hop would be — in this
case it was — I think it was Kuwait. So,
essentially, the last hop before the target would
be a Kuwaiti IP, and we actually owned the telco
at that stage in Kuwait, so it was essentially
— didn’t really matter. Just got into AT&T.
JACK: What? What? My gosh, just to log
in to their Gmail, you’re like, wait,
we can’t do it from Australia. Let’s get over
there and log in from there. I’ll tell you what;
I got a plan. First we’re gonna
hack into an Airbnb in Pakistan,
and then we’re gonna hop over from there to
hack into a telecom provider in that country,
and then from the telecom provider,
that’s when we’re — that sounds so crazy.
CHRIS: Yeah, and so — and it’s great — so,
when you talk — like, when people talk about
a little black book, we would essentially have
a network of these compromised target — not the
telco. Let’s leave the telco out. We would
have a network or a path we could use when
we want to do a hack job. We’re not doing it
from the local McDonalds or from your home,
for example. So, we would have this rotating list
of our own proxies. Not Tor or anything like that;
our own targeted proxies to do the hops that
we want. Like, we definitely want to do India,
Pakistan, Sri Lanka, Bangladesh, ‘cause
like I said, they hate each other.
So, there’s no ‘can you give us your
details for this activity’. Like,
it’s not gonna happen. So, we would use
the wars of the world that benefit us. So,
that would be our black book of targets. So,
we always have, and when we’re not working,
we would essentially find these targets for our
next assignment. So, you always have that little
black book of — like you’ve talked about before
— tools. We would have compromised targets around
the world that we were gonna bounce off. The
telco was — just happened to be something that
I love working. I love hacking telcos. So, it was
one of those things. It was gonna come in handy.
JACK: Gosh, so to carry out a task like this, he
has to spend quite a bit of time and resources
finding vulnerable systems around the world so
he can hack into them only to use that system
to jump over to another computer in the world.
This way it’s impossible for anyone to track his
route back to where he came from. But also,
think about the fact that he has that little
computer behind the microwave in the office
that he’s targeting. It’s on the same Wi-Fi
as the people in that office, so he could
use that computer to log into things like
Gmail, which would appear to be the same IP
those people are typically logging in from,
making Gmail think this is normal activity
and not alert the user. After a while,
Chris had collected and delivered enough
evidence that the client called the police.
CHRIS: Yeah, so, the evidence was
essentially what they suspected,
that both money that had been sent to
the company to build the company was
being moved to both personal accounts and to
that exist — to the outside investment firm,
as well as IP that was created in the business.
The subsidiary was being moved to another
investment firm as essentially our collateral,
our moat, for example. This is the data. So…
JACK: How did you find —
where was that smoking gun…?
CHRIS: That was there. That was freaking
everywhere. That was everywhere. These guys
were operating like, again, the Wild West.
They’re operating the e-mails, both Gmail,
both company e-mails, file servers, everything.
It was just — the evidence was everywhere.
JACK: It just took a while to put it
all together and connect the dots, but…
CHRIS: Yeah, and remember, that was not our
job. Our job was to present what we found,
and then they were to go, is this…? ‘Cause
we don’t care. Like I said before, I don’t
want to sound nonchalant, but is this your shit?
Yes, no? Do you want us to find more shit? No,
we have all the shit we need. Go do your
job. That’s how we operate because, again,
it’s not personal. We don’t care what
the information — is this the right
shit or are we on the wrong
track? We just need to know.
JACK: Now, the payment for this, was it
sufficient? ‘Cause I can imagine them saying,
here’s a briefcase of money, and then you’re
like, well, dude, that — okay, we’ve been
working on this for three months. If you want
us to get more, we need another briefcase.
CHRIS: Yeah, we don’t — how we operate is we
will have a initial fee, a finalization fee,
and then we will have what we call an ongoing fee.
So, yeah, the jobs like this, we’d like to have
over within a month. So, initial fee, completion
fee, but if you want us to continue to monitor
these eight people and this outside company,
you’re gonna have to have a monthly charge,
almost like a subscription model, where they
would pay to just point out what’s going on
in these people’s lives. So, you don’t
want them to think they’re idiots. So,
you’ll put a quote in front of them and they’ll
say, we agree to that quote. You better stand by
that quote. You know what I mean? If you want
referral jobs going forward, like if you said
half a mil or a mil or two mil, whatever you
quote, you stick to that. You don’t say we need
more. You make it crystal clear, ‘cause this is
— again, this is repeat business that you want.
JACK: Yeah, I’m just starting to put the
picture together of how much you charge
versus how much they’re losing. It’s worth more
to them to pay a million or two million to you,
and if they’re gonna recover what? How much
money do you think was being stolen here?
CHRIS: In this case I know exactly how much
money was being stolen. I think it was 2.5
US or 2.75 USA million dollars in this case,
but you gotta think — when you’re in business,
Jack — I know you’re in business, but when you’re
working with a customer, their initial first-year
spend might be — let’s say it’s half a million
dollars for the initial spend. Once they see how
useful you are and then you do repeat business,
it’s like, it’s an investment firm. They’re always
investing shit. So, they’re always gonna want to
use your services down the track. So, you might
do — it’s a bit like a drug dealer. Like, you
might give them a taster for a half mil, and the
next job’s gonna be worth two. You know what
I mean? You just — they know your worth,
they know your style, and then you know you’re
gonna get repeat business with higher stakes.
JACK: I mean, he’s dealing with wealthy people
here, billionaires, oil money. If he can prove
that he’s the go-to person to these folks, yeah,
these could be long-term customers of his. In this
case, they were very happy with him. They got
enough evidence to take action on this thief.
CHRIS: They then got lawyers involved
from their side. They had to be really
careful about what they presented to the
lawyers, but it was ‘we believe XYX’,
and then get the police to arrest
the ringleader, Bob, at that moment.
So, that was essentially their goal, to get
him in jail, ‘cause they took it personally.
They were — like I said to you, you gotta treat
them with respect, and if you disrespect them,
then they get really emotive. Then, for them,
jail was the worst case of action for them.
JACK: Okay, the story’s over, right? They found —
you found the thief. They put them — him in jail.
CHRIS: Yeah, so, Jack, the story’s not over
there. [Music] This is where it gets exciting, so…
JACK: [Laughs] Stay with us. We’re gonna take
an ad break, but it’s gonna get exciting after
that. There was enough evidence to prove
that this guy Bob stole the money and
the intellectual property, but they told
Chris they were worried about the money.
CHRIS: The customer were worried that Bob
was gonna use that money as a defense. He
was gonna get on — all this money,
shapiro lawyers to fight his case,
and use the funds that he’d
stolen to fund that exercise.
JACK: So they asked Chris, get
us back that stolen money. Do
your job as a hacker by any means
necessary and return the money to us,
which in my opinion is crazy, because why
not just have the police return the money?
CHRIS: They didn’t want to wait,
because you’re thinking American system,
not Middle-Eastern system. They
didn’t want to fuck around with
that sort of stuff. They didn’t want to go
through ‘we want the money, we want this,
we want’ — and then put a brief together,
stuff like that. They don’t roll that way.
JACK: So, his objective was clear; get into this
guy’s bank account while he’s in jail and move
the money out. This job has essentially
turned into a bank heist at this point,
and it seems to me that Chris doesn’t have
any moral concerns about robbing a bank.
CHRIS: No, no, no. Jack, I listen to a lot
of your sessions, and that comes up quite
a lot. I don’t have that boundary.
Does that make sense? So, for me…
JACK: Well, so, — okay, so, this doesn’t
make sense just economically, right? So,
if somebody pays you $50,000 to go get
a million dollars out of a bank account,
why don’t you just go get the
million dollars and be like,
you know what? Forget you. I’m just gonna
go steal my own money. I don’t need…
CHRIS: Yeah, and that’s actually happened on jobs
before where you take your share as well, but…
JACK: [Laughs]
CHRIS: So, in our case, remember, we were
returning the funds. We didn’t return the
funds and a little bit extra. Yes, we could have
taken money from somebody else’s account, but
that raises flags, okay? So, we were essentially
returning the money that was stolen. So, there’s
no actual victim. Does that make sense? The
money was returned to the rightful person, but…
JACK: Yeah, it does make sense. Okay…
CHRIS: And remember, we’re after repeat work and
word-of-mouth, which is how they work over there.
JACK: [Laughs] Here’s my card.
CHRIS: It’s like building a business.
JACK: [Laughs] Okay, so, you accept
this job to get the money back. Now,
how’d you do it? How’d you get the money back?
CHRIS: [Music] We compromised the
bank, which was pretty easy. So,
we essentially used the same sort techniques;
PDFs inside, going to the core banking system,
finding out the internal — where their
internet banking web servers were,
replacing the front page to actually log all
the usernames and passwords and two-factors,
and then we would have a log file of all
these name, passwords, and two-factor.
JACK: Oh, so what he just said was that he found
a bank employee, sent them a phishing e-mail,
got them to open a PDF which planted a Trojan
on their computer, and then he was able to
get into their computer, and from there he
hopped into the server of the bank’s network,
and from that he was able to find the
front-end web server for the online banking,
and he configured the online banking site so
that anyone who logged in, their username and
password would be stored in a log file so that
he could see it. But on top of that, he was also
logging two-factor authentication codes that
people are entering. This is incredible. Well,
he’s only trying to get access to a single user
account. He’s basically accessed all the bank
users who logged in during that window while
he was watching. I just can’t believe this guy.
CHRIS: I suppose the question is, why are
you surprised, Jack? You’ve talked to people
for years and you know the pen-tested are
out there that people can talk about. It’s
fucking normal. You do know, but you don’t
— you would not believe how shit banks are
locally and internationally, like the shit
security that they have out there that is
just — if there was more bad people in the
world, there’d be more banks getting done.
JACK: Well, I guess maybe that’s why I’m
surprised, is because the hackers of the
world is the immune system for all these banks,
right? So, well, you got a shit security bank,
okay, well, there’s a million hackers out there
that are going to fix that for you real quick.
CHRIS: Yeah, exactly, right? The thing is,
Jack, you might have a million hackers;
800,000 of those are just new to the industry,
the 0 to 5. Then you — if you then look at the
bell curve of people who are getting into the
banks, there’s — I’ll just say a thousand for
argument’s sake, but it’s a smaller number that
you need to protect against. But Jack, I’ve seen
some banks that when I’ve gone in — and I’ve gone
into AD and have a look at Joe Smith, and it has
a description of where they work, and what they
put in the description was the user’s password.
So, password1 or password2 in clear text in the
descriptive field of the LDAP field, because
when someone rang up and said, oh, I forgot my
password, they’d just read out the description
tool from the LDAP. I couldn’t fucking believe
it. So, they would have everyone’s password on
a list and just read off it. If anyone knows
anything about LDAP, you can just query that.
But that’s the shit that we see as a pen tester
and as a black hat. We’ve done banks, Jack, where
we’ve seen other hackers in the bank itself. Like,
there’s just fucking hackers right beside us.
JACK: Wait; then you’re like, hey, I
recognize you. I’ve seen you at Defcon.
CHRIS: Well, exactly right, and
the beauty of stuff like that is
you work around each other. No one wants to lose…
JACK: This is like that Beastie Boys video,
Paul Revere. You know that song? Where
they’re just hanging out at the bar and
then suddenly the one guy is like, I’m gonna
rob this place; you in? Yeah, I’m in. Let’s…
CHRIS: Exactly, and you don’t know why they’re
there. You don’t know if it’s government,
if it’s other hackers, or whatever it is. You
just work around each other. The beauty is if
you do find tools that they’re using, you
take a copy of those tools, ‘cause we can
then use those tools to plant on another target’s
side so they get the blame for it, not us. So,
you look at the techniques that they’re using,
whether — today we use APT groups, stuff like
signatures. You’ll create those signatures
and you’ll plant them somewhere else. So,
you might compromise a target, format the disk —
before you format the disk, throw the tools on,
format it, and then all of a sudden, someone
— some Deloitte guy runs in case and goes, oh,
I can see some deleted tool kit. It must be
this group. Then they get the blame for it.
JACK: Oh my gosh, did you hear that? If
Chris really wants to hide his tracks,
he’ll plant evidence on servers which makes it
look like some nation-state hackers were there,
which throws off investigators who are
on his trail. He only knows what tools
that some of these other hackers use
because in the past he spotted them on
the same servers that he’s hacked into
and watched what they’ve done. Okay,
so, you got to the web page. You were able
to see this target; Bob’s username, password,
two-factor authentication code, and were you able
to log in and transfer his money out with this?
CHRIS: No, because when you did a transfer,
it then asked for your two-factor indication
code again. Now, the problem we had is
fucking Bob’s in jail at this stage,
so he doesn’t have access to his texts.
JACK: Oh, right. How’s he gonna do online
banking from jail? They managed to get his
username and password and were able to log
into his account before he went to jail,
but there’s this problem with the 2FA code now.
So, the — when you go to wire the money out,
it asks you for another two-factor authentication.
CHRIS: Correct. This bank did, yes.
JACK: And you didn’t have a
way to get that second one.
CHRIS: No, because we had the session live, so —
we kept that session live so it wouldn’t log us
out when we got access before he went to jail.
But when it then asked for another transfer,
it did a ‘oh, you need another code to do that
transfer’, so we couldn’t move that money out.
JACK: God, you’re insane. Okay, so,
Plan A failed. How do you do it?
CHRIS: Yeah, so Plan A failed, and I don’t
want to sound like the glass is half-full,
but it was enough to prove that the money was
all — not the whole money, but a good portion
of the money was still there. Bob obviously
had some expenses. So, at this stage, remember,
we had already compromised the bank itself. So,
it was just essentially going in as a teller.
[Music] When you’re a bank teller, you’re
god. You can do whatever the fuck you want,
so — and if a bank teller doesn’t have the rights,
you can be treasurer. You already own the bank.
You can move up horizontally, vertically,
to get the guy’s access to move the money.
JACK: Huh, interesting. If he can pose as a bank
teller, get the access they have — they have the
power to conduct any transfer they want. Keep
in mind, Chris spent ten years working in the
banking sector, so he knows exactly how banks
operate. Step one; comb through the directory
of employees. Find which ones are the tellers,
then find which ones have remote access to the
bank where they can do work-from-home stuff, maybe
like phone support or something, then grab their
username and hash and crack the hash, and now you
can log in as that teller and move money around,
which is exactly what he did. As a teller, he
transferred Bob’s money out into another account.
CHRIS: So, remember we talked about
2.75 and I was fumbling over the 2.75
and 2.5? Essentially we recovered
the 2.5, but the original was 2.75.
JACK: $2.5 million were taken from that guy’s
account while he was in jail. Crazy. This is black
hat, bank robbery type stuff. Now I’m starting to
put it all together on what he means when he says
he doesn’t care if he does illegal black hat type
hacking. He’s like a mercenary hacker for hire,
you know? Maybe that makes him gray hat, where,
yes, it’s illegal, but he’s helping someone find
a bad guy. But what I don’t get is why the bank
didn’t raise alarm bells from all this. Like,
if $2.5 million got transferred out of
the bank in a very suspicious manner,
you’d think they’d launch a full-on investigation
like bring in the teller who did this transfer and
ask them a bunch of questions and look through
the security logs for any unusual activity, and
if they noticed all the usernames and passwords
were being stored in the logs, then that’s a data
breach that should be disclosed to their customers
and maybe impact their share price or something.
CHRIS: Yeah, so, you raise good points. In
my world, there’s people to make transfers
disappear. So, in my world, I can contact
— I’ve got bank accounts that I can use
that can be scrubbed on the other end in the
Swift network to say that that didn’t exist.
Then it goes through a laundering process where
that money is cleaned over a nine-month period,
so that money gets returned. So, in there —
the answer to your question is, in Bob’s case,
no one gave a shit. Bob had money in his
account and all his money was returned,
so there is no victim. Does that make
sense? Bob stole the money; the money got
returned. There’s no one whinging
at the bank, where’s my money?
JACK: Huh, since nobody complained the
money was stolen, then maybe nobody ever
investigated this, which means they
don’t have to hide the money trail,
either. He was preparing to wire the
money to a bank where he can launder it
and have it come out clean, but since this
money rightfully belonged to the client,
they didn’t think he needed to go through
all the hassle of cleaning the money.
CHRIS: No, in this case we didn’t need to. It was
just transferred back to the investment firm. So,
it was just like, from Bob to investment firm.
It’s been returned. It’s been misallocated,
misappropriated, and it’s been returned.
JACK: How wild. Somehow this all slipped past
the bank. Perhaps later they saw this but never
came public about it or reversed the transfer,
and maybe it was because Bob was in jail and
never complained about it, or maybe they wanted to
avoid embarrassment of being hacked, or maybe it
was because they saw where the money went and it
was to a very influential person who they didn’t
want to disturb or ask questions about. Or maybe
they did ask that person questions and that person
simply said, yeah, the money was stolen by Bob,
who’s now in jail, and here’s the police report.
Thank you so much for reversing the charge. This
whole thing’s just got my brain up in knots.
CHRIS: This method here, we could have created
a fake teller and just done a ‘copy user’ and
then ‘replace’ and then just done the transfer
that way, but we knew we didn’t have to. The
fact that the customer just wanted their money
returned to their bank account and not a washing
station like a laundromat, then it was just —
that it was just, who gives a shit? We didn’t
have to do any — we didn’t have to delete the
user, we didn’t have to delete the transactions…
JACK: I guess what I’m wondering also is if
this going back to the appropriate person,
then why can’t — the person, your client,
is a very influential person in the region.
Why can’t they just go to the bank and be
like, ‘listen, I found the guy who stole
this money. We need to reverse the charge.
Just do this. This is a legitimate reverse’?
CHRIS: That’s a great question. What we — all
I can tell you is what we were told. We’re
told there were — they feared that that money was
gonna be — if the money was there, which it was,
the money was gonna be used as — in a court
process, like it was gonna be a strung-out,
two-to-three-year court trial, and nobody used
those funds. So, the time that they got that
money back, they would — the bank said, you
need a court order. Can you prove it? Blah,
blah, blah. They were worried about that. Now,
whether they could have just overridden that,
I don’t know, but in their head,
that’s what they were worried about.
JACK: So, keep in mind who we’re dealing with
here. This guy we’re calling Bob has the guts
to steal money from an investment firm owned by
a super-rich guy. Even though Bob got caught,
he’s still pretty smart, so he’s probably
got a plan for when all this goes wrong. So,
it’s important for Chris to keep eyes on him as
he goes to jail. So, he watches who
Bob is messaging and what’s he up to.
CHRIS: [Music] Look, he’s the kind of guy that
— I actually have respect for this guy because
he’s pretty cunning. Because I’ve been reading
his e-mails, I knew him so well inside and out.
You know what it’s like when you’re reading — or
maybe you don’t, Jack, but you know when you read
someone’s e-mails, you have a relationship
with them whether — they don’t know it,
but you actually know them inside and out. So,
yeah, Bob’s quite crafty. But Bob used the ‘I
am ill’ card, and he worked with his doctor
to get a bail hearing, that he could get out
on bail while this case is going forward.
So, he was essentially in jail for a week,
and then the doctors were — ‘my client is sick’
note, which we could verify because we talked
about Level 2 and Level 3. We had access to his
doctor, so we could actually see what was going
on, that he used his doctor to get him — to get
him to get out of jail after two weeks in jail.
What happened is we were reading some of
the e-mails when he was in jail, obviously,
and then outside of jail, and his language
changed. He almost — like he was putting it
on. You know when you’re an actor, you act, and
when you’re not acting, you look like an idiot.
Bob was essentially — it looked like he was acting
in his e-mails. I said to the customer, this is
not normal e-mails that he’s sending out. Like,
he was going on fishing trips. He was planning a
fishing trip, and the cunt had never been fishing.
You know what I mean? It was these — all these
sort of, I’m gonna be here at this time, and it
was too much information that I think, he’s on.
He knows that you’re — we’re reading his e-mails
and he’s putting it on. I said, look, this guy’s a
flight risk. They basically went, no, no, no, he’s
fine. We got his passport and blah, blah, blah.
JACK: So, because Chris had such a
deep level of visibility into Bob,
he watched him closely to see where he was going.
CHRIS: Bob didn’t actually go fishing.
He was smuggled across the border in a
bloody burka. We tracked his headers of his
IP, saying, look, the guy’s not even in the
fucking country anymore. You guys think
he’s there. He’s not. He’s in Oman. So,
all this shit talk about ‘we’ve got
your passport, he’s not going anywhere’,
and he actually escaped the system on a second
passport. Because this was in real time over maybe
a twelve-hour period — I’ll say twenty-four-hour
period, essentially the guy was moving fast;
car — he was in a car. We later found out that
he was in a boot, and then he went into the back
seat with a burka, and then he hopped a border and
then got on — he had another passport and then he
used that. But because we had the IP headers, we
could see where he actually was. He was — I’m not
saying he’s stupid because a lot of people don’t
— in that world don’t understand IP headers, but…
JACK: You were in his phone?
CHRIS: No. He was sending
e-mails out from his device.
JACK: Okay.
CHRIS: I’ll make that clear. Normally we do get
into phones, but this case wasn’t a phone. It was
just e-mail headers, not IP. Don’t get me wrong;
I don’t normally talk about this, but sometimes
we will send a ping packet. So, you get the odd
SMS and — you know, Jack, you’ll get an SMS and
you’ll click on it; your UPS mail is late. You’ll
click on it and go, oh, it’s just some fucking
scam that’s asking for my username and password.
But what it does is just tracks your location
from your phone. We used that a couple of times
on this project, but it wasn’t a tool that was
needed. Does that make sense? We had enough from
the IP headers that we didn’t need a GPS location.
JACK: Once Bob left the country, there was
nothing Chris’ client could really do about
it. So they said, thanks for letting us know. I
guess that’s it, then. Here’s your final payment.
CHRIS: That’s the end of the engagement.
JACK: Weird question; have
you ever killed anybody?
CHRIS: Only virtually.
JACK: Yeah, virtually.
CHRIS: The answer’s gonna be
‘no’ on this podcast, Jack.
JACK: [Laughs]
CHRIS: Have I birthed
anybody? That’s another story.
JACK: You have many kids.
CHRIS: I have many kids, I have many kids.
JACK: See, the thing that put Chris Rock on
my radar is a talk he gave at Defcon in 2015,
titled I Will Kill You. In this talk, he explains
exactly how to use hacking to kill someone.
CHRIS: Part of my career as a pen tester,
mercenary, SIEM founder, is research,
and one of my first Defcon talks was —
I was watching the news in Australia,
and one of the — the news report was a hospital
accidentally sent out two hundred death notices
instead of two hundred discharge notices. I went,
what the fuck? How is that even possible? Then
that led me down the rabbit warren of researching
the death industry, the medical component and
the funeral-director component, on how the system
has moved online and the flaws involved where you
could actually physically create a real person,
like a fake person, and how you could kill them.
JACK: Okay, so, walk us through this
step-by-step how to kill someone.
CHRIS: Yeah, so, in America — okay, it’s
very similar around the world, but in the US,
they have — they used to have a paper-based system
where the funeral director would fill out half the
form on how the person died or where the person
died, like where they’re buried and all that sort
of stuff, next of kin, and the doctor would fill
out the first part of the form which is the cause
of death and those sort of details, name of the
victim and then how they died. That one piece of
paper would go into essentially the birth, deaths,
and marriages system, and then that person would
be declared dead. What’s happened now — that’s
moved online, so when somebody dies, the process
is the doctor will log into a US system called
EDRS, log on with their username and password,
and actually put in what caused the person to die,
a pulmonary embolism or whatever, heart failure,
that sort of stuff, and then that information
would then pass to the funeral director.
The funeral director would complete their
part; again, username and password to log in,
and that would form the death certificate in
the EDRS system. Now, the flaw in the system
is — both the medical and the funeral-director
component is if you want to be registered to
declare people dead, you put in your license
number, your medical license number, and your
office address. Now, if anyone’s looked up a
doctor before to see if they’re a real doctor,
all their shit’s online. There’s databases all
around the world to say whether — your doctor’s
license and practice, their registration
number, and their office number. So,
you could register yourself as a doctor and
then you could then — you could actually kill
somebody off the first part. Again,
with the funeral director component,
it’s pretty much the same as a doctor where
you can declare yourself a funeral director
and form the second part of that form to kill
somebody off and get a death certificate.
JACK: Why would you want to kill someone?
CHRIS: Well, there’s multiple reasons why
you’d want to kill someone. First of all,
if you want to kill your parent, for
example, like you’re waiting for their
will but they’re not giving you the money, you
could actually kill them off. You could kill
your boss. Your boss is being an asshole;
you could kill him just to fuck with them,
or if you’re under investigation. So, you’ve got
prosecution and judges and all that sort of stuff;
you could actually kill them off
to make their life more difficult.
JACK: Oh, my gosh. You’re ridiculous. So,
you’re saying this flaw in the death system
can also be done in the birth system?
CHRIS: Yeah, so, it’s exactly the same.
Well, it’s a different system but exactly
the same as EDRS for deaths. You need
two parties. So, you need the doctor
or midwife and you need the parents — the
name of the child, the weight of the child,
and stuff like that. So, the two parts will then
make the birth certificate very similar to the
funeral director and the doctor making the
death certificate. If you have a home birth,
you may not even have a midwife. So, it’s
something actually done by the parents. So,
once you have an online system, you have a
birth certificate, that person’s then born. So,
in theory, you can create fake children and
then when they hit a certain age, you could
kill them off and get their life insurance,
their credit, and all that sort of stuff.
JACK: You double — you do both of the
things. Well, I was — I really like
this idea of making a fake persona to
use as a second identity in case I’ve
embezzled some money from a Middle-Eastern
millionaire and I need to leave the country.
CHRIS: Exactly, Jack. You think, why have one when
you can have a hundred? So, you can have a hundred
fake people that have different credit, and so,
if you screw up your life and you go to jail and
you have to come out and you go get another job
or whatever, you have another clean identity,
like another virtual ID, and it’s real. It’s not
like someone entered it in the back end. It’s
actually a registered person that you can have.
I suggest you keep yourself looking young because
you might create someone who’s zero, and then —
but there’s little flaws in the system as well,
and I’ve made mention that they don’t want people
going through life without being recorded. So,
you have up ‘til age of five to get yourself
registered. So, if you have — you can take
five years off your virtual person by
registering five years after they’re born,
‘cause they want to capture people as they go into
the school system, and they don’t want them to be
prevented from going to school or getting
a driver’s license and stuff like that. So,
you don’t have to register a baby at zero.
You can register them at five as well.
JACK: You know, when I saw you do this talk at
Defcon, I was so surprised that the governments
haven’t knocked on your door and said, hey,
would you shut up about this? You can’t just go
making — killing people and making babies that are
not real. You’re teaching people to do bad things.
CHRIS: Yeah, so, the government haven’t
done shit. They’ve even seen my talk. Now,
my talk was done nine years ago, Jack. So,
the same flaws exist today. Nothing’s changed.
JACK: If you’re intrigued to know more
about how to kill someone like a hacker,
go to YouTube and type in ‘Chris Rock Defcon’.
He actually has given three talks at Defcon and
they’re all phenomenal. In the second talk
he explains how to overthrow a government,
and I have a sticking suspicion that he’s
actually done it or was very much involved
with overthrowing a government in the past.
Let me know if you liked him and you want
me to have him back on and tell that story. His
other talk is about how to bypass radio jammers
in case someone’s trying to jam your cell phone,
and he’ll show you how to get through it anyway.