Hacker interview-Gummo

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

No real way to TLDR this but in short it's the guy's story and then gets into some of the current vulnerabilities and their scope. Last 15 mins or so focus on more of the technical portion.

I watched the whole thing and probably found his story even more impactful than the technical discussion. Particularly poignant if you've dealt with trauma and want to see a guy who made lemonade from some lemons in a completely unique way.

👍︎︎ 148 👤︎︎ u/EstoyBienYTu 📅︎︎ Dec 13 2020 🗫︎ replies

I work in this industry and would be happy to help answer any questions about it. I specialize in the opposite side of the industry (defense). I will say that a large portion of the breaches you will see, especially in the news, can be traced back to one of the following.

  1. Not patching systems fast enough/effectively/ at all
  2. A user clicking on a phishing link email, an ad on a website, or just some stupid page 12 google search result.

1 is the reason vulnerability management programs at companies are a big then and are "watched"/have eyes on by even the highest in the organization. But #2 is the hardest to solve. Mainly because to solve it really well (will never be fully prevented), you have to really impact the user's freedom on their machines. And when you do that, they start to complain. A lot.

👍︎︎ 13 👤︎︎ u/PalwaJoko 📅︎︎ Dec 13 2020 🗫︎ replies

Dude he mined 80,000 bitcoin. Fucking 80,000. This guy is probably a secret billionaire or at least help make others billionaires. Holy shit

👍︎︎ 10 👤︎︎ u/peacenskeet 📅︎︎ Dec 13 2020 🗫︎ replies

Can we recognize how amazing speaker he is?

👍︎︎ 7 👤︎︎ u/PadreToshi 📅︎︎ Dec 13 2020 🗫︎ replies

Heads to to anyone liking this kinda stuff...listen to the Darknet Diaries podcast! I just started listening to it today

👍︎︎ 25 👤︎︎ u/helloreporter 📅︎︎ Dec 13 2020 🗫︎ replies

The point he makes in the end that mobile phones are terrifying is so true.

If you have wifi on, you spill out information about every wifi "Name", not so long ago you could use the google database and find out where someone is living.

Super markets use those information to find out how long you stand where.

You could make an Access Point with the same name as an unsecured coffeshop the owner has connected in the past and the phone connects to that automatically.

Time and time again you get zero click exploits over sms/mms/whatsapp

Old telephone towers used the A5/1 or A5/2 cipher which is insecure and with rainbow tables you can see the contents in no time.

Police uses a device called sting ray to find out who is on a demonstration. You could also build this yourself with a full duplex SDR and even set your own encryption but it is really hard to do.

Then there is SS7, 3 or 4 years ago 10k dollars got you to be your own provider and use this protocol to have a lot if rather insteresting applications. They can't drop SS7 because the telco has to route the call even from bumfuckistan to your grandma, but they made access a lot harder.

👍︎︎ 6 👤︎︎ u/DrBabbage 📅︎︎ Dec 13 2020 🗫︎ replies

Wish there was a highlight reel. Don't have time to watch right now.

👍︎︎ 88 👤︎︎ u/jstaylor01 📅︎︎ Dec 12 2020 🗫︎ replies

Who is this btw? Tried looking up 'Gummo' but keeps going to Kevin Mitnick.

👍︎︎ 5 👤︎︎ u/gwaust 📅︎︎ Nov 23 2021 🗫︎ replies

What an incredible story. This person, Gummo, has led a truly unique life filled with tragedy and incredible success, but at his core, his sense of curiosity, innovation, grit, ethics, and empathy have been his guide. I hope he continues to succeed and that his story is heard and inspires a new generation of ethical people who are interested in technology.

👍︎︎ 7 👤︎︎ u/mindfungus 📅︎︎ Dec 13 2020 🗫︎ replies
Captions
(sighs) - My name's Gummo, I'm a hacker. I've been a hacker for the past 36 years. And I'm here to tell my story. My story started pretty young, right? I was born and raised in Jacksonville, Florida. Grew up absolutely dirt poor and I had an older brother. I had two older brothers, one half brother and a natural sibling. And all of us grew up in Jacksonville. Growing up in Jacksonville, we only had a mom, our mother. She raised us by herself, all three of us, the best that she could. She was an alcoholic and she did the best raising three boys. My mom passed away when I was 12-years-old in 1985. And I actually actually woke up on December 7, 1985 and... pulled the covers back and there was my mom. And so ever since then, I've been on my own. My brother and I, we went to go live with my aunt but she failed at that miserably. And my father was in prison. So there was no choice really but to live with friends of the family, which we did for a little while. And my brother, he was about a year and a half older than me, so he was much more of a free spirit. He just went on his way. Went on to do his thing at 16-years-old. By that time, I'm 14 and a half and really on my own. And that's when I discovered computers, right? Actually I discovered computers about three years earlier before my mother passed away. Never really gave any consideration to it other than any other normal kid at the age of eight, nine, ten. So it sat until my mother passed away. And before she passed away, the night actually that she passed away, she had come home from graduation of my brother, my half-brother had graduated basic training at Fort Benning. And the thing she told me before she went to bed was she asked me how my computer studies were coming along and I lied to her, right? And I said, they were going great. In actuality, I really wasn't doing anything. Then she passed, right? You deal with what you can deal with when you're 12, 13-years-old. And my outlet was computers. First, I withdrew like any other kid does. I guess, I don't know. And second of all, I began to master my computer. I had a TRS-80 Model II and I taught myself how to code, code basic. And for a couple years, that's where I was, right? When people would ask me if I was fine, yeah, I'm fine, yeah but my grades were really disastrous. I had a couple friends that I really engaged with, but no one too in particular, but I did withdraw even more into my computer, right? I got an acoustic modem, connected that to a local bulletin board, and began to meet other people, began to meet other people like me. And then people ask about you, right? They wanna know who you are. Back then, the internet really wasn't what people think it is now. It was more or less dial up boards, ARPANET, closed loop systems, things of that such. But I set up a bulletin board on a local BBS system and at the ripe old age of 14, I started to meet other hackers online. And I started to learn a lot of cool things like telephone phreaking, like how to make free phone calls. I discovered a subculture of people who existed on the phone lines, on the telephone lines where they were, you could talk to someone in London or in Paris or in Georgia or LA. And you can meet these people on the telephone on these telephone party line, so to speak. 14-years-old, I'm learning how to phreak telephone systems. Phreaking telephone systems was a way to actually access the old telephone systems, the old bell systems with special instructions and codes and methods, which have long since expired since the telephone system has gone digital. So 14-years-old, I'm learning how to code myself. I've set up a bulletin board, I'm meeting hackers and I'm getting advice. I'm learning how to do things. I'm learning how to get the things that I need, right? Because I'm living with friends of the family and they really... They too themselves were barely able to support me, much barely themselves as well. So everything that I had to do was for myself, right? Everything. From food, to money, for money for clothes, for school, everything. My entire existence depended on my willingness to make sure that I was taking care of myself. And so that's what I learned how to do. I learned how to, at the age of 15-years-old, I took a Bell & Howell Language Master and I learned how to reprogram credit cards to use them in stores and in ATMs back before ATMs really had a dedicated ATM line to verify a transaction. And of course, I would understand the batching process and all that. But that was 32 years ago. And I just learned how to manipulate things to get the things that I wanted, whether it was printing a UPC code for food from the store which I needed or doing the magnetic gas handle flip. Back in those days, when you need a gas for your car, there was a dial on the gas pump and you would flip the dial on and off. Well, if you took an old-fashioned speaker magnet and set it next to the handle, that would flip it up and engage the pump. The pump would begin to run to distribute gas in the hose but the numbers wouldn't turn. So I kept learning these tricks, right? I kept learning little tricks to survive, survivability tricks, learning how to social engineer people to get what I wanted, whether it was access to a specific computer that I wanted to dial in to steal some files from, or whether or not it was to convince the supermarket manager that I had left some food behind, when in turn I actually hadn't, just so I could eat that night. So just growing up, meeting hackers online, people giving me what I felt like was worthwhile advice to survive, to be able to not wind up in a bad situation. And that's exactly how I kept myself from falling apart, from going under. And all of the wild, right? I'm still living with friends of the family. 1989 comes around. I'm 16, 17 years old. The friends of the family really had enough of me living there, so the official parting of ways, right? So there I am, I just turned 17-years-old and I'm on my own. I had a Chevrolet Chevette, a 1984 Chevrolet Chevette, no, a 1982 Chevrolet Chevette, powder blue, and all of my stuff was in there, including my TRS-80 Model II. And I lived in my car for the better part of the entire year of 1989. And it was tough, right? I dropped out of school. I began to lose focus. I began stealing cars, began using my skills in very, very unique fashions to obtain money quickly because when you're living in your car, what choice do you have? So, yeah, I did that for about a year. Then I met a girl and she became my girlfriend. And ultimately she became my wife and she helped me realize what I was capable of doing and her family took me in and... I went and got a job just bagging groceries and shit and... just kept doing that, right? Someone believing in me. And still sticking to computers. Had a daughter. My daughter who turns 30 this December. My wife and I had a daughter. And I realized that I needed to do better, needed to do more, provide more for my wife and my daughter. And so there I am, bagging groceries, working in retail stores and actually working hard and continuing my computer studies, teaching myself C, COBOL, FORTRAN, all of the old languages, teaching myself computer languages and taking care of a wife and a kid on $5 an hour, and I kept doing that. And about two years into that, I got the opportunity, I saved up enough money to go to the Chaos Congress in Germany, which is an annual conference of hackers from all around the world. And I met some hackers like me who had not only been through a struggle, but were continuing to go through a struggle. I met a friend of mine, his name was Boris Floricic. He went by the hacker name Tron and we became really good friends. And Boris and I, we worked on a lot of smart card systems together. He taught me about smart cards, the little chip card in your wallet that everyone carries around, that thing what's in your wallet. And at the time, no one really knew what smart cards were. They were only used extensively in Europe at the time. And so Boris taught me about smart cards, these things that have a computer, a microprocessor in them. And he taught me that these things control many things, from television access, to telephone access, to making and receiving long-distance calls. And so we worked on a crypto card scheme together to where we were able to actually reverse engineer about five different providers who issued chip cards, smart cards for their services. We successfully decrypted those services. And with that knowledge, after we became friends, after a couple years, we began to converse back and forth. At that point, this is '94. And now I'm attending the CAS Congress each year and meeting with Boris and we're chatting back and forth on all kinds of technology, most specifically smart cards. About that time here in the United States, Hughes Space systems was ready to launch a system called DirecTV. Back then actually it was called DSS, the Digital Satellite System. And Hughes built the system from the ground up. And I was interested in that. The reason I was interested in that because at this point, it's 1995, my father has just been released from prison. And so I go to visit him and he's watching television. I said, "Oh, dad, what is that?" And he's like, "Oh, it's a satellite system called DirecTV." And I was amazed by the picture quality and how great it looked. And it all came on a little small 18-inch dish. So that was pretty fascinating. And I looked at the system and I'd realized it was controlled, all of the authorizations were controlled by, you guessed it, a smart card. So it really took very little to no effort between Boris and I to collaborate on the DirecTV F card, which basically was a smart card that allowed authorization for customers to receive HBO, all of the channels, right? Pay-per-views, et cetera. And we successfully created a quite little humble system to reprogram those cards and laughed it off. Really didn't think anything of the wares after that. And then several months past, right? Busy couple of years, I'm going to school and actually working at a carpet cleaning company. And really just surviving, paying the bills and continuing to enhance my skills. And I'm like, well, you know, the hell with it, you know, I really need some more money. My daughter's getting ready to go into school. And so I wanted to put her into a school. And so I decided to sell my wares for programming DirecTV satellite access cards. And so that's what I did. I realized that it was very easy to make money providing a service for people who did not wish to pay their bill. I really wanted to one up my game, right? So Boris and I, we worked together on some extensible ideas and we created some software that we sold to the Canadians, and we made some money, right? We made $10 million each and I was able to get everything that I wanted, and so did Boris. And it was great, but there were a lot more factors than just Boris and I releasing code. There were other mitigating factors. You had an entire battalion of hackers from Rupert Murdochs and trying to actually circumvent other services and competitors out there to destroy them, which they ultimately did, but that's a whole other story. So we hacked DirecTV for a few years and made some money, got caught. And then after I got caught, I was offered an opportunity, right? Rather than to go and sit in prison for a long time, I was asked to consult and helping a company at that time called NDS to help them solve their conditional access problem, which at that point, the entire DirecTV system was completely compromised and NDS was looking for a way to stamp out piracy. So consulted with some good minds in Haifa, Israel for a couple years, and went on my way. Came back to Jacksonville after hanging out consulting, securing the DirecTV period 4 card, helping a lot with that technology. Moving on, coming back home, my name sort of floated out in the wrong direction. This guy who was doing the DirecTV cards, his wife was a dispatcher, she obtained my information and then my wife's information and then my family's information and pretty much doxed me at that point. And back then, doxing someone was really a terrifying thing, such it as now, right? When someone doxes you or post your information on the internet. It's a shitty thing to go through. And in my circumstance, I had a lot more things that I was involved with with the government, so... With a lot of help from the government and my own my self-motivation now, I moved. I moved to Indiana. Packed up the kids, packed everything, and moved to Indiana. I was just gonna really kind of lay low for a while. I just got back from Israel, I moved from Florida to Indiana, and really just kind of chilled out. I got a job at a newspaper and handled their websites and all of that, real low key, low tech job, nothing fancy, living in the middle of a cornfield, so to speak and enjoyed it, enjoyed the life for a couple of years. And then I was asked to... And then a gentleman I met in Indiana invited me up to Chicago to take a look at his business, to see what sort of technical advice I could give him for his business. And so I traveled to Chicago, got to know him within several days. He got to know who I really was about my background. And I went to work for him. And at this point, right, now I have a job and I'm doing, I'm setting up IT infrastructure for his company and making sure that all of his offices connect. And not only that, but securely, right? Cyber security really wasn't a thing then. It was barely even mentioned. But cybersecurity to me, right, to what exists now, or what people realize as cyber security now, to me is just an afterthought or was an afterthought. Still sort of is mentally speaking because things that people are writing papers about, talking about, creating solutions about, these are all things that are built on technologies that were built when the internet was created, right? Everybody's talking about 1970s technology and no one's really trying to fix the problem. But yeah, so I provided cybersecurity for him, his company. Set up the whole deal. And then just started meeting new friends along the way in Chicago. That's how it is in Chicago. And one thing led to another. Met a gentleman named Willard Harper, Willard Buddy Harper. And he worked at the CME in Chicago. He was one of the largest hog traders in the world really. And he gave me an opportunity to create some special networks for the CME to connect to the NYSE. And so with that, after doing several of those, meaning, they were really simple for me, but I created some ultra high speed private networks that only the CME and the NYSE still use. And so he was impressed with that and he's like, "What else can you do?" And I'm like- - Just so people know this, Chicago Mercantile Exchange and the New York Stock Exchange. - That is correct, yes, yeah. So I set up two bi-directional unique fiber lines specifically for those two exchanges and secured them. So yeah, he asked me what was next. So I'm like, "Hey, there's this thing called Bitcoin. "It kinda piques my interest." And he asked me what I needed. I said, "About a million bucks would work." And he literally opened up a file cabinet, he had a million dollars in. He's like, "All right, go do it." And that's what I did. At that point, I built a supercomputer that was able to mine Bitcoin. I mined about 5,000 Bitcoin. And at that point, I believe Bitcoin was trading at $200 to $300 a coin. And so he was impressed and so was I actually. And so we built three more over the next eight months. I built three more and had them right there at 107 West Van Buren Street across from the CME and just sucking up electricity. But at the end of that year and a half run, we were able to mine close to 80,000 Bitcoin. So yeah, after a couple of years of doing that, I really felt a little sense of accomplishment, but I really didn't feel like I was done. So I ran into a gentleman... (laughs) So I'm squandering around Chicago, right? I've mined some Bitcoin, I'm hanging out, walking around the loop, hanging out in Millennial Park and just hanging out with my friends. And kicking back, I met a gentlemen and he said, hey, you know, our company needs a webmaster, right? And a webmaster is just basically someone who just does web work for a company. I'm like okay, yeah, sure. Yeah, I'll come and be your webmaster, right? Because having a job, having a legitimate job completes who I am, right? I could sit around and do whatever I want to make money, but in the end, I think it's about working in honest nine to five. And so, yeah. Yeah, hey Jackson, I'll go and work, be a webmaster at your software company. And so I went to work there as their webmaster and it was hilarious, right? They're vice presidents. They're like, "Well, this is a very important job "and you should blah, blah, blah." And I'm, yes, sir and yes, ma'am. I really kept the ruse up as long as I could but I was outed by a friend of mine that worked there and he outed me to the marketing manager and the marketing manager, she outed me to the entire staff and eventually I became responsible for their cybersecurity practice. And so I'm like, well, shit, I guess I'm doing cybersecurity. So here I am doing cybersecurity for a software company in Chicago, unintended, right? But I'm honing my skills, right? Figuring out the best method to stand up specific protocols and systems and things of that nature from a cybersecurity perspective. And so that's what I did. I did it pretty well. But then they fired me. Then they just, they fired me. And so, yeah, it was kind of a thing between the owner and myself. He didn't like me and I surely didn't like him. So now that that's public, I really didn't like him. So after that, right, I just took a couple of gigs as cybersecurity, just kind of... just did my thing, packed up my stuff the entire time in Chicago and came back to Jacksonville. And again, doing consulting with a company for cybersecurity and I enjoy it. But that's what led me to where I am now, right? From some of those angles. I've been responsible for putting some heavy hitters away. I've worked with law enforcement in the past, some real heavy hitters. I'm really good at hunting hackers and finding people and finding, not finding just people, but finding the real hacker, right? The real hacker that's really causing mayhem. I'm that guy that looks for that hacker. And I do that very seriously and continue to do that because I provide my service not only for companies, right, but for celebrities and stars, right? They consult with me. I work with them personally to solve any cybersecurity questions or issues that they have. Some of the things that people don't understand is that everyone carries around a smartphone, watching Edward Snowden do all of this ridiculousness, hiding under covers and everything. Everyone should know that your smartphone is a PC, is a portable computer, and the things that that smart phones are capable of doing are very terrifying. There just recently was an exploit that I had used for years for iOS that allowed me to actually listen in on your phone conversations, to read your SMS messages, to read your email, to actually see everything that you do on your iOS device. Those sort of exploits exists everywhere in everything. Almost everything has a GPS chip in it. Almost every device has a chip in it. And if it has a chip in it, it can be exploited. And when things are exploited, sometimes devices things, systems and people are exploited for one reason or another. There's a lot of things that are very scary out there. Right now there are people selling your information. They're selling your wifi network. They're selling your wifi credentials. They're selling your ancestry.com genealogy data. They're selling all of that. The thing that people don't really understand is that there really is no more privacy in this world, unless you go and live on an island somewhere in the South Pacific with no electricity and no other people, there are things to be taken advantage of and systems and devices and so on. It takes a professional car thief about 30 seconds to steal a car now, because you really don't need to hotwire anything or use a screwdriver or even a laptop. You can use an RF intercept or intercepting device which could do a man in the middle of the attack with just a key fob and you can steal someone's $150,000 car with that. The technology stacks out there are endless that are being taken advantage of. Most notably are the cellular systems, the mobile systems, what people carry around most contain the most value and the most data. Putting your information on TikTok, creating a TikTok account and filming from so many locations. You don't realize what you're really doing is you're really giving everything that you hold, possessive in private out to the world. And that's where we see people being attacked. People, their bank accounts being compromised, et cetera. Speaking of bank accounts, a lot of people realize that when you log into your bank, and a lot of banks will really deny this, but banks actually have back doors into your accounts, into your system. Just think about it for a moment. When you log into your bank accounts through suchandsuch.com and you have to answer all of these ridiculous questions and get a two-factor SMS message sent to you, so you can enter in the code. But people really don't realize is that their banks also have backdoor access to where applications like your TurboTax and your money management software, all of that. How do you think that connects to your banks? And so with these backdoor connections into banks things continue to be inherently insecure. We see data breaches every day where millions of people have their information stolen. And not only stolen, but sold and used against them. One of the things that we also have to realize is that we have quantum computers coming. Quantum computers will make all current and former encryption algorithms absolutely obsolete. So if you have something that you've encrypted in the past or you have some encrypted files and they've been anywhere on the internet, in a book, wherever, someone else can access your encrypted files. Well, very soon those files won't remain encrypted long. And so hopefully, those secrets were quite well encrypted. Websites. Websites have so many flaws in them. Everybody needs a website nowadays. Everybody has a website to go to, their favorite website. (sighs) Right now, about 90% of the web and the technologies that support them in your applications in websites they're insecure, they're inherently insecure. Whether or not it's a web server running an open port or a misconfigure file on your server. There's something that... There's a little bit of something out there for everyone to take advantage of and now everyone is paying the price. Everyone now is becoming victims to these crimes to where they thought they weren't a victim, where they never thought they would actually be potentially be a victim. The more mobile applications, the more people that are using the phones that we just... The more people that use mobile devices require more mobile applications, require more data centers, require more servers for those applications to connect to. And those are all at risk. All you have to do is do a DNS query on anyone's web domain and you can begin to uncover the pieces of how insecure most organizations and individuals are. People don't realize that when they're at home, they put a password on their router and they think that's it. I'm safe, I'm secure. But no one really understands the context of using an additional layer of protection, like a VPN or some sort of ad blocking technology. And people don't realize that their IP address is basically like a flag out there on the internet for them to be discovered, for them to be stalked, harassed, intimidated, swatted. It doesn't matter. And so it all comes with understanding these technologies and understanding how to protect ourselves and how to protect yourself against bad people wearing hoodies and cloaks. As I said, not all hackers are bad people. Most hackers... Everyone is a hacker. If it weren't for hackers, we would not have wifi. We wouldn't have cameras. We wouldn't have many things that we take for granted today. Criminals are the ones that give hackers bad names. Criminals are the ones who are breaking into systems and stealing information and creating data breaches. Criminals are the ones who are stalking people and bad context and stealing from others who don't belong, not hackers. And so it's been said before and here I am saying it too, right? Hackers are not bad people. The criminals are bad people, but hackers, nah. My thing now, right, is to tell my story, to tell people that hackers really aren't bad people. Hackers really have a story to tell too. I have a story to tell and I'm telling it and I'm almost done telling it, but we're just like anyone else. We live, we breathe. We have feelings. We actually overindulge in our feelings because we wonder what people are always doing and what the next best thing is. I painted my pinky pink back in 2006 because a friend of mine, I was visiting a friend of mine in Fort Myers and her daughter came and tugged on me. She said, "Hey, why are you such a bad hacker? "Why don't you be a good hacker and do good things." And ever since then, man, I've advocated for doing good things with your skills. Helping people, helping others, not doing something for yourself, doing something for others, making sure that you know your mom and dad wakes up in the morning without their shit being sold on a dark market and to help people, right? To help people achieve their goals, to help people understand who they are, not just by where they've been or what they've seen and the shit that they've been through, but to help people understand how to get to where they're going by telling them what I've been through, the shit that I've been through. I've been through some real serious shit in my life, but that's never deterred me from becoming who I am and who I expect to be. And it really hasn't stopped me from helping others and showing other people the way. With this pink pinky nail now, that young lady just got married this year. And that's my goal, right? To help as many ladies, as many women, as many females get into cybersecurity. It's not just a guys thing. It's just not a sausage fest of guys walking around saying they hacked something. It's about people who are critical thinkers, who contribute, who care and have empathy and share their knowledge. That's what it's about. And that's what I'm here to help people understand and to help people and encourage people to do with their skills. Yeah, man. I've seen a lot. I've been through a lot. I have my jump bag right here with my Bitcoin collection on 'em and I'll show Mark after. The only thing that I can encourage people to do is never give up, always hold your head high, and never, ever, ever, ever consider giving up, no matter how tough things may get, because one way or another, you'll find a way, you'll find a path. And so hopefully, what I've said, hopefully, my story helps. I don't know. But if it reaches one person and it gives someone that motivation to say, hey, you know, I can do that too. You know, I can go from living in cars to consulting with celebrities and governments. Well then, you can do it too. So there's nothing that you can do. There's nothing that we can't do. It's only about what you choose to do and the decisions that we all make. And so I choose to do the right thing. I choose to make the right decisions and I choose to make the right call. And so that's my story. - [Mark] All right. Thank you, Gummo. - Thanks.
Info
Channel: Soft White Underbelly
Views: 4,764,767
Rating: undefined out of 5
Keywords:
Id: g6igTJXcqvo
Channel Id: undefined
Length: 42min 20sec (2540 seconds)
Published: Thu Dec 10 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.