Edition 451 - Gregg Housh
A new conversation with "ethical hacker" Gregg Housh about his behind-the-scenes work and the new online threats during the coronavirus pandemic...
May 7, 2020 - The Unexplained - Howard Hughes
58:42
| 
| Time | Text |
|---|---|
| Across the UK, across continental North America, and around the world on the internet, by webcast and by podcast, my name is Howard Hughes and this is The Return of the Unexplained. | |
| Well, I hope everything is okay with you. | |
| I'm recording this as we are well and truly into the fourth week of lockdown. | |
| And, you know, I'm continuing to make tasks for myself. | |
| Apart from planning the future, I'm giving myself things to do. | |
| So I'm rewiring things and trying things out. | |
| It's weird, really, but, you know, at least the sun is shining in a world that unfortunately I can't go out and explore. | |
| But, you know, we hope to get some news on the exit strategy, certainly in the UK, for the end of lockdown and how they might phase that in. | |
| I think people just need to be leveled with and given a clue as to how, when that happens, when it's deemed that it can, you know, how it will happen, just so that we can, you know, make some plans. | |
| Life is, a lot of it is all about making plans. | |
| Of course, we do know the famous John Lennon quote that life is what happens when you're making plans. | |
| Sometimes your plans don't happen. | |
| I have a million plans that never materialized. | |
| But we have to have some idea of where the chart is taking us. | |
| It's like going on a sea voyage. | |
| Even if you divert around a few islands and atolls, it's just nice to have an idea of the final destination and how you might get there, I think, before you set out. | |
| I don't know what you think about all of that. | |
| But apart from that, I'm coping with it all. | |
| I hope you are too. | |
| I think the world divides at the moment into two kinds of people. | |
| Those who get stir crazy in a lockdown situation and those who are, because they're used to dealing with their own company, which I am, those who are able to handle it. | |
| So it's a very interesting study in psychology, don't you think? | |
| And I think a lot of academic papers and all sorts of things will be written at the back end of this. | |
| Thank you very much to my webmaster, Adam Cornwell, who's definitely kept the wheels turning for me during all of this. | |
| Thank you, Adam. | |
| And thank you to you, like I say, for all the communications. | |
| When you get in touch, please remember to tell me who you are, where you are, and how you use this show. | |
| Now, I'm not going to do any shout-outs on this edition. | |
| Apart from this, I got a good email from Kay in Essex. | |
| And Kay, let me know if you want me to talk with you about this on the radio show at some point when we do listener stories. | |
| You tell me a story about a near-death experience that you had. | |
| And the doctor in hospital you were, in fact, you had pneumonia. | |
| You were on a ventilator in intensive care for three weeks. | |
| And the doctor said it was the medication. | |
| It was a hallucination caused by that. | |
| But you think, as many people think, that the experience that you had was more than that, especially after you've read other people's experiences. | |
| I'd like to know more about that, Kay. | |
| Thank you for the email. | |
| And I can tell you, I know I've mentioned it before on the show, that my own mother, when she was a small child, had pneumonia as you did, Kay. | |
| And my mother nearly died. | |
| I think she was nine or ten. | |
| And the doctor came. | |
| There were not the treatments that we have today then. | |
| And the doctor said to my grandmother, her mother, your daughter will either make it tonight or won't. | |
| It was make or break. | |
| And my mother made it through, but believed that she had a near-death experience. | |
| She went to a very beautiful place, a place of eternal sunshine and beautiful colours of a kind that we don't have here. | |
| And so many people who have these experiences say, those she met on that side, if you believe in this, told her that she had to return. | |
| And I'm kind of glad that she did, because of all the wonderful years that I had with her. | |
| And of course, I wouldn't have been here if she hadn't returned. | |
| But that is typical of so many people's experiences. | |
| So, Kay, thank you very much for that. | |
| Now, as I say, I've been making work for myself here. | |
| So one of the things I've done, just now in fact, is I've dug out a microphone that I used to use for my podcasts probably 10 years ago. | |
| It's called, I get a lot of email from people saying, I'm starting out in podcasting. | |
| Can you recommend cheap things that I can buy to make it happen? | |
| You don't have to spend vast amounts of money. | |
| You can get a lot of stuff as I do on eBay. | |
| But this microphone is the Rode M3. | |
| It's a microphone that you can either power on phantom power, as they call it, off a mixer or an interface, or you can put a battery in and use that. | |
| And I've always found this to be a very good mic. | |
| When you speak into this, it catches your articulation, such as mine is, very well. | |
| So this is one just to answer some questions that I've had recently that I would use. | |
| It's a very different kind of sound, but it's very upfront. | |
| I don't think you could use this for singing. | |
| Maybe you could, but I think it's great for speech. | |
| So it's interesting to rediscover, and it's not expensive. | |
| You know, you can get these secondhand on eBay for £45. | |
| And if you want to buy one new, I think they're about £70, £75 or so. | |
| So it's interesting just to dig this out. | |
| Sorry for my non-technical friends, but I have emails from people asking me for guidance such as I can give it about podcasts. | |
| So that's one thought, the Road M3. | |
| And I don't have shares in them. | |
| They're not sending me free product, but I think they make some good stuff. | |
| So this is one of those items that I think is particularly good for rendering speeches, they say. | |
| Now, the guest on this edition is somebody who's been on the show before and a topic we've discussed before, but it's one of those topics that is constantly evolving and changing. | |
| And it's another one of those threats to us. | |
| We're going to talk about the shady world of hacking and those people who use the internet and their knowledge of technology against us. | |
| That, as we know, changes constantly. | |
| There are major organizations, including the World Health Organization, that have been the subject of attempted attacks or attacks in recent years. | |
| They get more sophisticated, and we all have to be on our guard. | |
| Greg Hausch is an ethical hacker. | |
| He was a guy who worked on the other side for a while and now works with the good guys. | |
| So we're going to be speaking with Greg. | |
| It'll be good to catch up with him. | |
| Thank you very much for all of your emails and communications. | |
| If there's anything that you need me to know, if you just want to shoot the breeze, tell me how you're getting on in the middle of lockdown. | |
| Did you hear me scratch my stubble men, by the way? | |
| Yeah, I've got the stubble back now. | |
| If you want to tell me how you're getting on through lockdown, then I'd love to hear from you. | |
| Go to my website, theunexplained.tv, follow the link, and you can send me a message from there. | |
| If you've sent a donation through the website, theunexplained.tv recently, thank you very much. | |
| And if you haven't, please do consider that to allow this work to continue. | |
| Let's get to the US now and a return for Greg Hausch. | |
| Greg, thank you for coming back on the show. | |
| Absolutely. | |
| Glad to be here. | |
| How are things with you, Greg? | |
| It's been about two years since we last spoke, I think. | |
| Things have changed a lot over those two years. | |
| I mean, obviously we're in a pandemic now, but I'm doing good. | |
| I'm doing good. | |
| Still doing about the same amount of stuff, just maybe a little quieter. | |
| Now, does that mean that you're doing it behind the scenes and just as much of it? | |
| Or what does that mean? | |
| Maybe it means that, you know, we learned a lot of lessons from a lot of people getting caught. | |
| And while we're still just as active on just as many fronts, maybe a lot more people won't be getting caught anymore. | |
| You know, don't put it that way. | |
| And we're talking about people who are acting to stop the bad guys doing bad things. | |
| Exactly. | |
| Right. | |
| Okay. | |
| Now, look, I just want to introduce you to maybe listeners who haven't heard you before, if that's okay. | |
| And I've got a copy of your biography here. | |
| This is the one that's on IMDb, so I hope it's right. | |
| And it says, Greg Hauser spent most of his teens and early 20s evading an FBI task force while helping to operate the internet's foremost software pirating rings, one of them, and otherwise living the life of a criminal hacker. | |
| In 2000, the chase was over. | |
| He was arrested. | |
| The next seven years were spent in and out of court until he pleaded guilty to conspiracy to violate copyright law. | |
| In 2007, he was incarcerated in a federal penitentiary, including a 27-day stay in solitary. | |
| Upon release, he worked a series of computer-related jobs while continuing to participate in various online substructures. | |
| Soon after his key role in Anonymous' global protest campaign against Scientology was made public in 2008, Hausch began serving as a media interpreter and interview subject for newspapers, websites, radio, and TV. | |
| What it doesn't say in this biography is the phrase that describes you best, I think. | |
| It doesn't say ethical hacker, but that's what you are, isn't it? | |
| I believe so. | |
| You know, I actually do talk at multiple ethical hacking courses that are titled that at colleges through their various programs here in the Boston area. | |
| So I think that describes it best. | |
| I always read that and think, you know, before that description of me became available, I had really just failed at answering the questions of who I was or where I came from in any concise manner. | |
| And I have no idea who wrote that, but I love it. | |
| It's in like three places online, and I still don't know who wrote it. | |
| But as long as it's fair and accurate, as they say, that's okay. | |
| Yeah. | |
| The one thing I will never forget about you from our various conversations down the years is that your father was a bank robber. | |
| He was. | |
| And my uncle and the family, I mean. | |
| Okay, I didn't realize there was more than one member of the family that was involved in parting banks with their cash. | |
| All kinds of fun tricks, man. | |
| They were scammers of the highest order. | |
| My absolute favorite scam they used to do was they would hijack trucks, furniture trucks specifically, like things like Ashley Furniture and all these other big companies on the road, like 18 wheelers. | |
| And then they would find houses that were for sale. | |
| And by reading the for sale adverts and whatnot, you could tell that these people had moved out of state. | |
| So there wasn't going to be anyone there but an open house maybe in a week. | |
| So the house was probably empty. | |
| There was no one there. | |
| And he would go there, enter the house, fill it up with all the furniture from these trucks, make it look slightly lived in for a couple hours, and then put all over the local advertising, you know, the classified ads, everything else, that it was a moving sale. | |
| And people would truck the moving sales. | |
| And he would sell all of the furniture and sell it all in like an hour because of the prices he put on it. | |
| And then be out of the house and gone by the time the day was over. | |
| And no one the wiser. | |
| It was, I mean, to me, that's one of the more hilarious ones. | |
| Because as I understood it, you know, no truck driver ever got hurt. | |
| He paid them all off, you know, well when he took the truck away. | |
| And he, if it was a private truck, he always returned the truck too in a way where they could recover it with no damage. | |
| So like it just, it was, it was a strange version of being the guy he was, but that was always my favorite one to know about. | |
| And looking back, you know, when I was about four, I remember being in one of those houses. | |
| And it's just, it's one of those strange memories that I barely have a hold on because I was so young. | |
| So you're kind of saying that he was a kind of Bonnie inclyde with furniture. | |
| Yeah, it was very weird. | |
| I mean, look, we have to say, you know, always when we do these things, of course, we're not advocating such behavior. | |
| We're merely just hearing, we're merely hearing the story. | |
| But I can understand why you smile at that. | |
| And of course, ultimately, those who are inclined towards crime in your family, they eventually fell foul of the law, didn't they? | |
| Yeah. | |
| You know, my dad ended up on the run after, you know, his name and everything ending up on the FBI's lists and all that. | |
| And my uncle ended up deciding that he didn't think my dad and him were working too well together. | |
| I'll just say that my dad, I think, was better than my uncle because my dad never actually got caught caught. | |
| He just got chased. | |
| Whereas my uncle, when he split, he robbed 13 banks in the span of one year, ended up at the end of the last one getting spotted. | |
| And that was due to his wife, my aunt, actually calling the cops on him. | |
| Finally, she says she caught religion. | |
| And while in the middle of a high-speed chase on the highway in a box van, just a standard old, you know, 70s van, he cut off a big rig that then rolled over and crushed his van. | |
| And he ended up in the hospital for a while and then in prison for all the bank robberies. | |
| Boy. | |
| Well, you know, we have to say there is proof for my critical and quizzical listener, that crime does not pay. | |
| And what about your father, though? | |
| Your father didn't go behind bars? | |
| He didn't. | |
| He ended up living out the rest of his years under some assumed identities in Florida. | |
| I lost track of him. | |
| After the day he showed up for a little while, like for six months, he lived on my sofa when I lived in Chicago, just hanging out. | |
| And, you know, fine, I'd love to get to know this guy. | |
| You know, I barely know him from my childhood. | |
| And I woke up one morning and he had left, taken all of the money out of my bank account, stolen my car and disappeared. | |
| And I never saw him again. | |
| Oh, boy. | |
| And I'll ask you the question. | |
| Yeah. | |
| After that, what do you think of him? | |
| You know, I think he was a very unique person. | |
| And it's not one of those you should have known better, letting him back into your life kind of moments. | |
| But I mean, I knew who he was. | |
| And I got a six-month period of fun and interaction with the guy to learn a little better who he was. | |
| I mean, we did crazy stuff like going out to like, you know, NASCAR races and stuff like that and sneaking into the box seats. | |
| And, you know, he taught me some things about changing my identity in a way where like on the fly, we would end up with badges saying we worked at Goodyear and we got up into the like press box at an NHRA drag racing event and whatnot for better seats. | |
| Just crazy stuff like that for six months that was fun. | |
| And then, of course, I lost my car. | |
| Sounds like a sort of small-time Frank Abignail, you know, that Leo DiCaprio character. | |
| And catch me if you can. | |
| Yeah, that's kind of how he acted at all times. | |
| Yeah, but part of that is kind of sad, though, isn't it? | |
| It is. | |
| It is. | |
| I mean, you know, the sad point came two years ago when I got a call from a hospital in Florida saying, we've been looking for a year to find anyone related to this person. | |
| He's in a coma. | |
| He had a really bad stroke. | |
| It ended up in coma. | |
| And he's been on life support. | |
| And the way the laws work down here, someone's got to tell us that we can pull the plug. | |
| And so we worked through a little, you know, proving that it was him, that it was me, and da da da da. | |
| And I ended up calling because there were three other siblings in that family that didn't go the route that my uncle and father went. | |
| And they went the more respectable, own an insurance company kind of a route, stuff like that, you know. | |
| And I say respectable, but you know, I don't really like insurance companies either. | |
| But I finally actually had to make the decision on the phone with doctors in Florida to pull the plug on him because there was nothing left. | |
| There was no saving him. | |
| But I had actually been looking for him for almost three years at that point because my sister was getting more and more sick and she really wanted to see him before she passed. | |
| And it didn't end up getting to happen because when I finally found him, he was in a coma. | |
| I'm sorry. | |
| That's very sad on all kinds of fronts, Greg. | |
| I can understand then, having had the background that you've had, how you came to end up, you know, on the wrong side of the law. | |
| I mean, fortunately, you pulled yourself out of it in ways that we discussed on a previous conversation. | |
| But, you know, if you were to work up the statistical probability that you would end up as a modern day version of your father, you know, they say that all of us live in the shadow of our fathers one way or another. | |
| I think I do in a lot of ways. | |
| You know, I used to criticize him for things like he never moved house. | |
| You know, he could have traded up and we could have done better. | |
| And we all used to have a go at him for that. | |
| That's exactly what I've done. | |
| I'm living in the same place that I've lived in for a couple of decades and I never moved up. | |
| You know, and I didn't better myself. | |
| So I think we are all hostages to our father. | |
| But you ended up, as a modern version, you know, committing copyright crimes, really, the theft of intellectual property. | |
| Yeah, you know, I honestly believe people are products of their environment. | |
| You know, what you grew up around, all your influences really do kind of help form who you're going to be. | |
| And I had no one telling me that the law mattered or that right from wrong meant much other than don't harm people. | |
| Like, you know, my father, my uncle, and all the other criminals in my life growing up, they were not the kind that would hurt anyone. | |
| My father's shtick was always, he would walk into a bank when he robbed it with a note that literally just told them to give him the money. | |
| He didn't even have a weapon on him and he didn't act like he had a weapon on him. | |
| And if they honestly just were like, no, excuse my language, he would walk out of the bank and just get back in a car and drive off. | |
| Like, so, you know, they were not the kind to harm people. | |
| So I did learn that side of it. | |
| I wasn't going to, you know, do anything in that respect. | |
| But the idea that I had to care about stealing or theft or property, that was never given to me. | |
| So the best thing that could have happened to you then, and we have discussed this before, so, you know, we won't go into it too deeply, but the best thing that could have happened to you was what happened. | |
| You ended up in the federal penitentiary. | |
| And then after that, your life was saved, really. | |
| Yeah, that's definitely a way to say it. | |
| I mean, you know, best and worst, right? | |
| I do think going to prison definitely helped me reset and get on some better paths. | |
| I didn't really enjoy the 27 Days in Solitary, but I guess that's sort of the point. | |
| Did it prepare you for lockdown? | |
| Yeah, I mean, I was on 24-hour lockdown. | |
| I didn't have light. | |
| I didn't have a jumpsuit. | |
| I was sleeping on a steel slab with a concrete floor. | |
| It was freezing cold, so I wasn't getting much sleep. | |
| It was that solitary that I went through was definitely torturous. | |
| But again, you know, like you said, I come out the other side and I very much started trying to figure out how I was going to go on the straight and arrow. | |
| Right. | |
| Which you've been doing. | |
| You've been working with ethical hackers to try and stop the worst of the bad guys doing what they do, which over the years, I don't know how many years you've done this, but it's more than a decade, isn't it? | |
| How successful would you consider yourself to have been? | |
| That's a hard question. | |
| You know, how do you answer that without either, you know, acting humble or being an egomaniac, right? | |
| Well, I think you can, you know, the number of missions, if we can call them, that you've been involved in versus the number that you've succeeded in. | |
| We've definitely had a lot of successes. | |
| We've had some failures. | |
| I mean, there's been a couple nationwide elections in certain countries that we have stopped attempts at rigging votes in. | |
| We've helped to, you know, help organizers in other countries organize their revolutions early on and offered serious material support to them. | |
| You know, Occupy, I think, was another big thing that we really pushed and worked with to get going. | |
| And so, I don't know. | |
| I think it's been relatively successful. | |
| I've had a lot of fun doing it. | |
| Okay. | |
| And you say that, I don't expect you to name the countries, but you were able to step in. | |
| And I don't know how you would begin to do that, but you know your techniques. | |
| You've been able to stop vote rigging. | |
| Yeah. | |
| You know, one of them, the interesting way the vote rigging was going to work, and we found out from one of the programmers who was actually behind the hack itself, who didn't want his work to be used the way it was used, that there were these voting machines that were electronic and they were sending their votes off to a central data store for this country where they were going to get calculated. | |
| And that's fine. | |
| That's normal. | |
| And it was actually a pretty secure setup when you looked at it compared to a lot of other voting done electronically these days. | |
| It was more secure than the average. | |
| And the way they had set up a fail-safe was, let's say that, you know, there's a power outage somewhere between one of the voting centers in this area and that central data store. | |
| Well, if there's a power outage, those votes are getting lost, right? | |
| So they set up a secondary data center as well. | |
| And what would happen is if your vote couldn't get to the first one, it would be sent to the second one. | |
| The machines were programmed to do that. | |
| And then at the end, when the first main one finally came back online at some point, that second one would burst all of them over at once to it, right? | |
| Now, the first one was a state-owned, you know, a state actor-owned facility. | |
| So it was secured by the state. | |
| It had election officials, you know, monitoring how it worked. | |
| The second one was sort of on the fly. | |
| So they hired an outside firm. | |
| So this was a private entity that owned that data center. | |
| That was owned by a shell company, owned by a bad person, owned by a bad person, you know, down the line to a big political operative who had set this up. | |
| So they planned to cut the power in a very unique way to the first data center. | |
| And then the second one would receive all the votes. | |
| And then they would burst it over five minutes later when that one came, you know, back online, the first one. | |
| And they were going to flip enough of the votes in the secondary data center that their guy would win. | |
| And so this was honestly an easy fix. | |
| This was one of those ones where it was pretty simple because the machines themselves that were doing the voting were set to keep storing if both were down until they got full. | |
| And they weren't going to stay down long enough that the machines would fill all the way up. | |
| So votes would be lost at the point where you were trying to vote, like because it was out of space. | |
| So when the first data center went down, the second one went down too. | |
| It somehow lost power as well. | |
| And it stayed offline as long as the first one did. | |
| And then the first one came back up and all the machines sent the right votes to the first one. | |
| And whoever, you know, air quotes owned that secondary data center didn't get away with it. | |
| Well, that's stuff like that. | |
| Well, I mean, that's wonderful. | |
| And that's very much in the cause of democracy. | |
| Did you let, again, we don't have to name names, but did you let the government, the organization running the election, know what you've done and where the flaw was in their system? | |
| The right people in technical positions to attempt to stop that specific attack vector from happening again definitely know exactly what happened. | |
| The politicians themselves wouldn't have understood most of it in the first place, and it would have been a little too much fire for us to really do it through any official channels. | |
| So it was all back-channeled to get them to understand how it had gone. | |
| But I mean, we got to the point where we even literally handed them the source code to the hack that did the power outage in the first data center. | |
| So they really had proof of what we were showing them had happened. | |
| Problem with stopping this stuff in 2020, you told me at the beginning of this that a lot of things have changed since we last spoke, and I can well believe it, is that it's worse than trying to stick your finger in a dam that's about to burst, isn't it? | |
| You know, there are not many of you guys, I suspect, and there is a proliferating number of bad guys out there, and they're getting cleverer all the time. | |
| And they get to make money at it, and we don't. | |
| So, you know. | |
| Right, so they have the prime motivation, don't they? | |
| Yeah. | |
| Yeah. | |
| I mean, the stuff we're doing is very much vigilantism, right? | |
| You know, we're doing it because we feel it's right. | |
| And sometimes it's within the law. | |
| Sometimes it's gray. | |
| Sometimes the law would have been happy we did it, but it definitely still wouldn't have been within the law to do it. | |
| Whereas the other side, you know, most of them being state actors at this point at that level, they get well taken care of. | |
| You know, the Chinese hackers have much nicer apartments, much nicer situations for their families. | |
| The Russian groups are really interesting how they operate. | |
| Russia itself allows young hackers, teenagers and whatnot, to get away with amazing amounts of crime as long as it's not aimed internally. | |
| You're in Russia and you're 16 and you're figuring out how to hack for financial gain and you're hitting America, you're hitting places in Europe. | |
| The Russian government does not care. | |
| They're just watching. | |
| They've caught you long before you know it, but they're just watching and they wait until your skill set gets to a certain level and they have a long enough track record that they Could hurt you if they wanted, throw you in prison, whatever. | |
| And then they just come and visit and say, so here's all the proof of everything you've ever done. | |
| Here's how long we've been letting you do it. | |
| And now you work for us. | |
| Doing it on your own because it's a passion gets you a lot better at something than being forced to do it in some kind of a school-like environment. | |
| That sounds like something out of a 1960s spy novel, but being brought up to date, that is astonishing. | |
| Have you ever come across, you know, cross swords with any of these people? | |
| Because some of the people that I would imagine you're dealing with or you're interfacing with, you know, are not kind of people you would want to meet on the street corner. | |
| They're dangerous people, some of these people. | |
| I mean, I'm not just specifically talking about that one country, but in other countries who are involved in these things, you know, you are involved in dangerous stuff. | |
| If any of that comes back to you, then surely you might have a problem. | |
| Some of it has. | |
| There are a couple countries that actually have orders. | |
| You know, I'm not allowed in those countries under penalty of arrest, if not death. | |
| And some of the countries that we worked with on their various revolutions, as we were doing a lot of hacking of the state apparatus to maintain their attention as the revolutions kind of got off the ground, other countries who had financial interests in these dictatorships definitely started working against us. | |
| So that was them attempting to prevent us from the help we were offering to people on the ground. | |
| You know, we never overthrew any countries on our own. | |
| There were people on the ground getting shot. | |
| We were simply support. | |
| But we offered a lot of support. | |
| I mean, I'll name one of them. | |
| In Tunisia, we were able to shut off the propaganda TV stations. | |
| We shut off the propaganda radio stations. | |
| We cut the feed to all of the... | |
| And those got cut off. | |
| And the president lost access to all of his technical ability to move money around in his own internal systems. | |
| We cut off their private communication system that they were using to deal with the military in the country. | |
| So, you know, there was a lot of support by us, but, you know, again, we didn't actually do the revolution. | |
| There were people on the ground, you know, and those riot cops were horrible to them. | |
| Should you be doing this stuff? | |
| You know, there are, you know, the natural way of things is that, you know, dictators and despots and all of these people, they go so far, but they are inevitably, in most cases, brought down by the natural way of things and by the fact that the people simply lose faith in it, won't tolerate it anymore, and that's how it happens. | |
| You're sort of intervening in the process, aren't you? | |
| Only when asked. | |
| You know, Tunisia is a good example of a really weird day in the life, right? | |
| We're all sitting on a chat system that we used, and a couple hackers just show up who are from Tunisia, and they start explaining to us that, hey, so this revolution is probably going to happen. | |
| People are mad enough to go to the streets now, but we need a lot of support and we need a team together. | |
| And of course, on our end, we're like, what are you talking about? | |
| Revolution? | |
| We're a bunch of hackers who are playing around. | |
| Like, compared to revolution, that's a whole nother level of what on earth are you talking about? | |
| But they then start telling us, like, in their own words, we have the keys to the kingdom, to which, you know, we asked for clarification. | |
| And they handed us a list of the IP addresses, the computer addresses, and the passwords and other access material to basically every server and every computer for the entire government of Tunisia and said, so here's your starting list. | |
| You think you can work with that? | |
| And at that point, we were like, well, now this isn't such a hard problem after all. | |
| And we started questioning them a lot, like, what do you want to accomplish here? | |
| Who actually is replacing this guy if he does go? | |
| You know, how? | |
| And before we could even really lock down plans over the next few weeks, as we started, you know, really planning out what it would look like, a kid went into the streets, one of the fruit cart vendors and set himself on fire, which really just set the revolution off. | |
| The next morning, everyone was in the streets and it was it was on. | |
| Right. | |
| So you would consider that you oiled the wheels of the thing rather than were the driving force behind it. | |
| Yeah, we were asked to come in by locals. | |
| You know, we didn't come in and just, you know, we aren't like, you know, the imperialist Americans here going down to South America and, you know, starting coups, right? | |
| The locals invited us in and gave us a lot of material to use. | |
| And what about the U.S. State Department? | |
| Did they have any contact with you? | |
| Presumably they're aware of the kind of stuff that you dabble in. | |
| It's happened a couple times. | |
| One of them, so Saudi Arabia was very unhappy with a lot of the Arab Spring, especially as it started to kind of touch in Bahrain before the Bahraini government started just shooting protesters and kind of killed that protest off. | |
| But the Saudi Arabians sent a letter to the U.S. government naming a few Americans and saying, these people are helping to foment revolutions on our border, which might give our people the wrong idea. | |
| So could you stop them? | |
| And my name was on that list. | |
| And so the State Department, of course, calls me down to talk to me about this. | |
| And I explain that, you know, I don't think I've broken any laws here. | |
| And from what we could tell, even the various laws that kind of pertain to I couldn't have gone over and, you know, I can't traffic guns. | |
| I couldn't have helped them arm themselves or anything like that, right? | |
| But that I hadn't actually interfered in that the revolution was already happening, that it was already ongoing, that I was being asked for humanitarian aid and, you know, in the ways that we worded it. | |
| And so I just, you know, came back home knowing that Saudi Arabia was kind of mad at me. | |
| Okay. | |
| So you've got enemies. | |
| You've got people who, you know, you're not on their Christmas card list. | |
| Let's put it that way. | |
| Yeah. | |
| Okay. | |
| Around the world I'm talking about in various places. | |
| Yeah, I'm definitely not flying through there anytime soon. | |
| Okay. | |
| Well, you know, it sounds to me to be an incredibly risky thing to be involved in. | |
| There must be, you know, you must get a kind of adrenaline rush from doing these things. | |
| I would have thought we've talked about that before. | |
| I want to bring you up to date with stuff that's happening kind of now. | |
| There was a story on Reuters about the World Health Organization. | |
| There was an attempt by what's described by Reuters as elite hackers to break into the World Health Organization. | |
| An official said it was more than there's been a more than twofold increase in cyber attacks. | |
| The World Health Organization Chief Information Security Officer said the identity of the hackers was unclear and the effort did not succeed. | |
| But he warned that hacking attempts against the agency and its partners have soared as they battle to contain the coronavirus, which of course has killed so many people worldwide. | |
| You know, just on a human level, it would make you wonder what kind of people would want to hack into the World Health Organization and what can the World Health Organization and organizations like it do. | |
| And this particular attempt that we're talking about was unsuccessful. | |
| But what can they do to batch those attacks off? | |
| This is a really tough one because there's really two classes of people that are going after the WHO. | |
| There's a lot of conspiracy theorists, a lot of Alex Jones fans, if you will, in the hacking scene. | |
| They got into it so they could uncover the truth. | |
| One of the first times Julian Assange got in trouble, it was because he was allegedly trying to hack NASA to look for UFO information, right? | |
| So a lot of people end up on this side with interesting ideas. | |
| And currently there are a lot of conspiracy theories around what's going on. | |
| So we're better to find the truth about the pandemic and these conspiracy theories than on the WHO's computer network. | |
| So I think that's a group of the people who are trying, but that's going to be the slightly lower skilled people. | |
| And then there's some of the government actors, you know, the highly trained, highly paid, and very well taken care of hacker groups like the ones that the GRU run out of Russia. | |
| They're looking to get access to more information than might be either publicly available or even privately available. | |
| You know, the information that the WHO actually hands over might not be all of the information they have. | |
| And so those groups want to make sure that they're in there looking and getting their government the latest, most up-to-date information, stuff that might only be going to certain people. | |
| Well, given the vital work the WHO is doing at the moment in the teeth of coronavirus, it beggars belief that people would try such a thing, that they would try it at any time, but especially now. | |
| And thank goodness that their security measures were tight enough to stop it. | |
| For all of us, though, now, because we're in lockdown, because I'm working from home, and most people that I know, if they are still able to work, if thankfully they are, then they're having to do stuff from home. | |
| That makes all of us much more of a target for some people, doesn't it? | |
| And we've had reports here of hacking attempts and coronavirus scams and all sorts of trash that you read about. | |
| These are dangerous times, aren't they? | |
| They are. | |
| There's a lot of people that aren't just your average everyday workers that are also at home more often now that have computer skills. | |
| One of the stats that I found interesting a few days ago in an article, people reviewing the sales on the dark market of the various toolkits that hackers will use that are kind of pre-made for you. | |
| And the toolkits related to phishing, which is, you know, getting those types of emails that are looking for your passwords or trying to get you to sign into sites that aren't the real site, like maybe a fake version of your bank or something. | |
| The toolkits for that, the sales of those in the last two months are up 150% week over week. | |
| So it's just like exponential growth of the people buying these toolkits to try and do online crime to make their bills. | |
| So if somebody was able to identify and stop the originators of the toolkits, they would be doing the world a big favor, would they? | |
| They would. | |
| They definitely would. | |
| You know, you run into interesting places there, though. | |
| Some of those toolkits are created by people who also happen to work as state actors for some of the countries. | |
| Some of them are by the teams in North Korea. | |
| They don't only just deal in all the sundry stuff like we all know shiploads of meth come out of North Korea. | |
| But they're out there fishing and hacking for cryptocurrency like non-stop. | |
| So a lot of the large hacks that have happened in the cryptocurrency world can be traced back to hackers from North Korea. | |
| And so sometimes it's not just an individual who's trying to get by off of this, but it's a literal state actor financing this. | |
| Are you working? | |
| I don't expect any details on anything, but just thumbnail sketch. | |
| Are you working on anything at the moment that's perhaps related to the times that we are living in at the moment? | |
| You know, it's hard to talk about that stuff as certain things are going on. | |
| So I won't comment on that part exactly. | |
| But the things that I am working on that I'm applying some of my skill sets to are more mundane but necessary. | |
| And that's the stuff around mutual aid, you know, helping your own neighborhoods, helping your own cities. | |
| So here locally, you know, I've built the website and helped integrate the forums for all the locals to sign up and volunteer to help each other or to sign up for monetary aid for the other people who have lost their jobs, you know, just local neighborhoods helping each other out. | |
| So I'm kind of helping on the technology side with a lot of that stuff. | |
| And that's where I'm more applying my skills to help this. | |
| Anything else would be something I can't really talk about right now. | |
| We've heard, Certainly in America, we've heard stories of, I think, cities being held to ransom by ransomware attackers, obviously enough. | |
| People with your skills, can they help in situations like that? | |
| Yeah, you know, the biggest attacks against the ransomware are the people who can figure out how to make tools that undo the encryption the ransomware companies or, you know, hackers are using. | |
| So, you know, when ransomware hits your system, what it's doing is it's locking your whole system down by encrypting everything and then storing the key to decrypt it over with the hackers offline somewhere in some other country. | |
| And you're paying them in the hopes that they give you the key to decrypt your stuff. | |
| Sometimes they do, sometimes they don't. | |
| Many people have paid that bill and gotten the wrong key or gotten no key at all. | |
| So there are groups of hackers out there working to reverse engineer the ransomware toolkits. | |
| And many of the toolkits that exist now have decryptors out there that you can just go download from various hacking sites. | |
| Some of them have been integrated into the antivirus tools now. | |
| And it's a lot of real low-level hackers who are solving those problems and then getting the algorithms figured out and getting them up the chain into those tools, like the antivirus tools. | |
| It's very few people at the big companies who actually make those tools doing that hard work. | |
| Right. | |
| So in cases where some organizations have paid up and maybe they've got a key that's unlocked their system, in some of those cases, if they'd done a bit of research, they might have found a way to unlock it without having to do that. | |
| In some of them. | |
| I mean, it's warfare, right? | |
| So as our side figures out new tools to undo the mess, the other side changes their algorithms, ups their game a little. | |
| So it's back and forth. | |
| It's who's got the bigger gun today right now. | |
| And they keep releasing new versions of their toolkits that are undefeated. | |
| And then, you know, if you're lucky, you don't get hit by that toolkit for a few months. | |
| And by then, there's already a tool to undo it. | |
| If you're unlucky, you get hit in the very first wave. | |
| And, you know, it's up to you whether you're going to pay, let your stuff get destroyed, or hopefully take everything offline and wait a couple months for the fix. | |
| So the most basic thing that applies to home computing, just as much as it applies to cities and big business, you've got to keep backing up. | |
| Yeah, keeping offline backups is important. | |
| You know, if you look at even the big guys, you know, some of the biggest hacks that have been done, the first thing you do when you get into someone's system, if you're intent on doing serious damage, is you look for their backup system and delete everything on it. | |
| Then kill the main system. | |
| And if they were smart, they would have not only had a backup system that was accessible in that way, but they would have had an offline tape or a remote hard drive system that had copies that the hackers couldn't have gotten to. | |
| So don't just have a backup system that is sitting there accessible by your machine at all times. | |
| Have drives that are disconnected from your computer that have copies every month or so. | |
| Right. | |
| It's vital. | |
| And sometimes I'm a little late doing my backups and then I think to myself, you know, I've got a set of more, and which I've done, a more regular schedule for doing them, which I now do. | |
| I've asked you this question before. | |
| Probably the first time we spoke was the first time I asked it. | |
| Do you think we're getting to a stage now that there are so many threats out there and they expand and they get cleverer every year? | |
| And, you know, governments, police, security services, people like you are constantly trying to unpick them and reverse them. | |
| Are we getting to a stage where the internet as we know it is going to become unviable? | |
| I don't think we're going to get to an unviable state. | |
| I do think that the best way to put it is the democratization of hacking techniques and knowledge has been astounding over the last even just decade. | |
| You know, when I started doing things, it was really hard to get this skill set. | |
| It was a lot of study. | |
| It was finding other people with any of these skills, then years of convincing them to even talk to you because it was such an in-group that was hard to get in. | |
| Now you can learn 90% of these skills on YouTube. | |
| It's now at a point where anyone can do it. | |
| And so we need just better security measures in place. | |
| You know, one of the baseline things that still needs to get fixed, that has a fix that companies just aren't actually implementing is BGP. | |
| It is the routing system that basically routes the entire internet. | |
| So if you ever hear one of those times in the news where for some reason, yesterday for five minutes, every bit of traffic on the entire internet went through a computer in China and we don't know why. | |
| You know, those types of headlines, it's because someone issued a command on a BGP console that told routering to send all the traffic through that computer for now. | |
| BGP has been a very open protocol and people who had access to it was really restricted because of how damaging those types of commands can be, right? | |
| Like Pakistan went offline because an errant command in a BGP script had sent half of the world's traffic into Pakistan who do not have enough bandwidth to handle that. | |
| But there are fixes in place for this. | |
| There are newer versions of BGP. | |
| There are newer protocols and security additions that about half of the ISPs in the world have implemented and the other half haven't. | |
| You can actually go to a website named Is BGP Safe Yet? | |
| And it shows you the list of all the bad actors who haven't implemented the security measures. | |
| And the bigger problem I have there is that hackers have gotten access to these BGP systems before. | |
| And man, the things you can learn if you can reroute an entire country's traffic through something you control and the things you can do with it is pretty bad. | |
| That's so frightening. | |
| When something bad happens, when somebody is doing something bad and they want a team of people to Go in there and try and head them off at the pass, you know, like you did with the elections that were about to be stolen, but you stopped that. | |
| How does that work? | |
| How do you all, you know, there's more than just you are on your own. | |
| How do you all communicate with each other? | |
| Do you know each other by name? | |
| How do you, I mean, I don't expect you to tell me, and I don't want you to tell me specifically how you find these people, but in what sorts of ways, talking around it, do you get together? | |
| There's a lot of shared experience in this type of a world, and you end up noticing patterns, like especially around a lot of the anonymous stuff. | |
| You know, people would hide their name, but through patterns of speech, through the way they talked, through the various anonymous names they chose to use at times, you would sort of get the idea that that is one person that I've known by 10 different names. | |
| And you would remember the skill sets that that person had, you know, when a certain hack happened. | |
| And it would lead you to be able to find them on other chat systems and say, I need someone who can do this. | |
| And over time, you end up with sort of a group, you know, of anywhere from two to 10 people that you trust enough to be involved in this type of stuff that you're willing to talk to. | |
| And then a lot of the time, you want to make sure that you don't know each other in real life. | |
| There have been ones that had specific skill sets that were doing something that was so illegal that I didn't even want to know they were doing it, let alone anything about them. | |
| And you run into serious problems there because, you know, just a couple minutes ago, you corrected yourself in saying a word in a very kind of strong British accented way into saying it in a more Americanized way that I would understand. | |
| Exactly. | |
| In chats with these people, they will say things that are very specific to the region they grew up in. | |
| And you've got to tell them, stop using colloquialisms. | |
| Don't use an insult word that was only used outside of Birmingham from 84 to 86. | |
| That tells me a lot about you. | |
| You know? | |
| So you have to do a lot of work to maintain even anonymity among some of the people you're working with. | |
| It's hard because, you know, people like me end up getting questions sometimes. | |
| And the biggest thing for me is always, I don't want to know who you are. | |
| I don't want any personally identifying information. | |
| So if I ever get asked, I can't answer the question. | |
| Right. | |
| So it's all on a sort of need to know basis. | |
| Yeah. | |
| It's just hard with humans because they will make those slip-ups and they're ones that you just, you can't not see. | |
| You know, I've been called a chav by someone who swore he was from Japan and I'm like, no, no, you're not. | |
| No, no, no. | |
| That can't be right. | |
| Well, it might be, depending on whether they've moved from somewhere else to Japan. | |
| We know what we're saying. | |
| Sure. | |
| I've asked you this question before. | |
| The stuff that you're doing, a lot of it you've achieved good aims by doing this and you've used a lot of ingenuity. | |
| It's all been done by subterfuge. | |
| It's all been done behind the scenes. | |
| It's all low-level stuff. | |
| I understand that. | |
| But shouldn't these things be left to governments and security agencies? | |
| Sure. | |
| You know, that's a way to look at the world. | |
| And I would say if they had been doing them, that'd be all the better. | |
| And I could maybe focus on, I don't know, doing some work that paid rent instead of activism. | |
| But, you know, they weren't doing these things. | |
| And at some point, you just kind of have to act if you can. | |
| But you find yourself in a situation, and I've put this point to you before, but I wonder if you think differently about it now. | |
| You have to be judge and jury, don't you? | |
| I mean, some things are very clear. | |
| If somebody's trying to steal an election, that is definitively a bad thing. | |
| And it's good if they're stopped. | |
| But other situations are less easy to understand, aren't they? | |
| Even that one's less easy to understand because imagine the scenario that we were in. | |
| There was definitely someone that we as a group of human beings would have preferred one. | |
| And it was not the person who it was getting fixed for by the bad actor. | |
| It was definitely the other person. | |
| So not only finding ourselves in that unique position of being able to stop the bad thing from happening, we found ourselves with enough access to make what we would consider the right thing happen. | |
| And having that fight for true democracy and we're not going to interfere, we're only going to stop the bad thing was a struggle with some of the people involved. | |
| You know, I was definitely very strongly and still am on the side of democracy wins, the vote counts. | |
| But we had to argue out whether we would become the bad guys or not. | |
| And it was long fought. | |
| Boy, that sounds like a real headache-inducing situation. | |
| Lastly, I want to ask you about something that's in the news right now here. | |
| More than 700 fake websites, The Guardian newspaper in the UK reported, mimicking some very famous ones, have been created seeking to harvest personal information from consumers during the coronavirus lockdown boom because a lot of people, including me, I'm sure everybody in the world now that has access to a computer is using it more to buy stuff because you have to. | |
| We're all in lockdown and that makes people vulnerable. | |
| So if people are creating hundreds of fake websites that appear to be the real deal, how are the good guys, just from what you know, how are the good guys going to step in and stop that? | |
| It's near impossible to stop people from throwing up websites. | |
| It's more about educating the consumer. | |
| You know, most crime in this world is crime of opportunity. | |
| It's done because it can be done, and it's done as large as it is based on the circumstances. | |
| Currently, way more people are online, way more people are panicking, and a large, large increase in online sales is happening, which means everyone who had the skill sets to fish for personally identifying information, who were already doing it, just on a much smaller scale, saw the opportunity and ramped up their efforts. | |
| It's nothing that wasn't already happening. | |
| It's just at a greater scale. | |
| And it requires education of the people. | |
| You need to verify The domains you're on. | |
| Verify the emails are coming from the email address that you think it is. | |
| If you get an email from Amazon.com, but you look at the actual email address and it says support at amazon.co.com, that's not amazon.com. | |
| Don't do whatever the email says, right? | |
| So you're expecting you're expecting the consumer now, all of us, to do due diligence. | |
| I mean, when you look at the other people who would have to fight this fight, they would have to be able to identify these sites fast enough to stop them before consumers found them. | |
| And that's a game of whack-a-mole that, you know, can't be won. | |
| Right. | |
| So it's down to ordinary people. | |
| Check out where the things are coming from. | |
| And I suppose check basic things like some of these websites. | |
| You can guess, because of the nature of some of the people doing these things, that they'll get details wrong, details that you'll be able to spot. | |
| They won't spell things properly. | |
| And as you say, the source, the actual source is not going to be what you think it is. | |
| Look at the domains, look at the SSL. | |
| You know, when you see the little lock up up there next to the domain in the address bar on your web browser, click on it and see that when you look at its details, because all of the browsers let you look at the details of the security of the website. | |
| When you look at that, make sure that it says it actually is owned and operated by the company you think you're at. | |
| If you're at some weird domain, but you think it might still be that e-commerce website, look at the SSL certificate. | |
| And when it says it's, you know, some Romanian tech firm and not, you know, some London-based, you know, e-commerce site or something in Silicon Valley, right? | |
| Right. | |
| Right. | |
| Can we just, just to explain to people the SS, because some people don't know, but the SSL is like a security watermark. | |
| Yeah, it's encryption for your traffic. | |
| So when you enter your logins, your passwords, your credit card details, instead of it going across the internet, you know, between you and that website in plain text that anyone could read, it's encrypted. | |
| So you want SSL on every single connection that you use on the internet. | |
| And we have a few people over the last decade to really thank for upping it from less than 10% of the internet to more than 50% of the websites out there being on SSL. | |
| So shout outs to Let's Encrypt, Cloudflare, Lee Holloway, the people who made that happen. | |
| Right. | |
| But the internet is an exciting but scary place these days, isn't it? | |
| And I guess there's going to be no let up in that anytime soon. | |
| You know, with people in the mindset that they're in right now with all these quarantines and lockdowns, they make themselves very easy targets, which is why I say you really have to do your own due diligence. | |
| Be vigilant and really check everything you can before you put your info into these sites. | |
| And are the answers, if you check, always quite easy to find if you look in the right places? | |
| You know, it's one of those 9010 problems where 90% of the time they're easy to spot. | |
| Like you said, you know, the misspellings in the titles, the wrong names on the SSL certificates, you know, they're very simple to spot. | |
| But there's about, you know, 10% of the people out there who do really solid work. | |
| And you're, as just kind of a normal citizen out there who doesn't have a strong tech background, you're probably not going to notice. | |
| And for that, I would just say when you get links to things, especially in your email, don't follow them. | |
| Instead, go to the website yourself. | |
| You know what website that's for if you're interacting with it and type it in yourself. | |
| If you get an email from your bank and you suspect anything, instead of clicking on the links in that email to go to your bank, load up the bank the way you normally do and go see if you've got any notices in there that match. | |
| Again, it's very much on the end user at this point. | |
| So you have to do something that I've schooled myself to do. | |
| And that is whenever you receive something. | |
| I mean, I got something that purported to be from my cell phone, mobile phone company. | |
| And it looked like it was them. | |
| And something said to me, don't open that. | |
| Check the source of that. | |
| And I looked at the source of it. | |
| And the source of it was some weird, you know, it wasn't the official address at all. | |
| And that was the one occasion where, quite recently, I did that double take. | |
| I took that second and I just thought, that can't be right. | |
| And you have to keep having that feeling. | |
| Unfortunately, it's going to mean that you will doubt and suspect some legitimate actors, but you've got to preserve yourself. | |
| Yeah. | |
| You know, always default to the safest possible answer there. | |
| If you're not going to do something because you suspect it, you might be wrong, but, you know, in the end, it's going to save you a lot because you won't fall victim to any of these major scams. | |
| Boy. | |
| Greg, I've enjoyed talking with you. | |
| It's always sometimes amusing, always sobering conversation and fascinating every time. | |
| Have you got a website where people can read about you? | |
| Or do you not do those things? | |
| Not really. | |
| I mean, I had a website up for a little while, but when you go to it now, it doesn't have anything on it. | |
| Pretty much just on Twitter. | |
| Come see me there. | |
| It's my full name, Greg Hausch. | |
| And you've got the little verify check mark so you know it's me. | |
| Right. | |
| And do people get in touch with you that way to ask you for help? | |
| If they want. | |
| But, you know, I would say that don't give any major details. | |
| Give enough to convince me that we should talk somewhere else and I'll tell you how we can talk in an encrypted fashion. | |
| You know, I've had people come on even on Facebook, on chat, and start spilling the beans, you know, and really like highly illegal ideas. | |
| And I'm like, you know, you shouldn't have said all that because now I'm not going to do it. | |
| I'm not going to be involved in this because that was, I mean, everyone's read that now. | |
| Oh, my God. | |
| Greg, listen, please stay safe. | |
| It's always fascinating to talk with you and thank you for doing this. | |
| Absolutely. | |
| You too. | |
| Greg Hausch. | |
| Let me know what you think about him. | |
| Go to my website, theunexplained.tv. | |
| You can tell me what you think about the current guest, any past guests or any thoughts you've got about the show or anything you like. | |
| Theunexplained.tv, that's the website. | |
| Follow the link there and you can send me a message from there. | |
| We have more great guests in the pipeline here on The Unexplained, so until next we meet, my name is Howard Hughes. | |
| I am in London. | |
| The sun is still pouring in. | |
| You know, it's early evening, so I'm still winning. | |
| And whatever you do, please stay safe, stay home, because that's important. | |
| Stay calm, and above all, stay in touch. | |
| Thank you very much. | |
| Take care. |
Export Selection