Diving Deep into the World of Computer Hacking & Becoming a Hacker — Riley Eller

One of the things I get asked the most about is questions about how to be a hacker and how to learn hacking skills. And I think there’s a few people I know who really epitomized what that’s all about, and we’ve had pretty deep journeys and in their lives and their careers about about computer hacking.

We talk a lot about the mindset of hackers, which is one of the things I’m super interested in and attracted to. I find to be very helpful way of thinking about things. But you know, when we’re talking about the technicalities of computer hacking, what that means, it really appeals to a certain kind of person and I think a lot of people just don’t know where to start. And so I wanted to share one of the folks that I find inspiring and who I’ve known for a long time. I think his life and his career sort of epitomizes what a lot of folks are thinking about when they’re asking about computer hacking.

And so his name’s Riley Eller and Riley’s sort of a famous in the hacker community because he used to run the most popular party for hackers called Caesar’s challenge. And we’d have this party once a year at DEF CON and only the league got in. Riley has done a great job over the years of figuring out how to get hackers partying, and get us all connecting to each other and making friends with each other.

I think that’s a really important and valuable thing for a community of folks who maybe having focused on social skills so much previously. And so Riley’s also known for being a member of the ghetto hackers, which was the first team of hackers to win the DEF CON Capture the Flag contest three years in a row.

Then they took it over and ran that contest for a few years and really up the game. This was the notorious, you know hacking contest, cause it was the first big hacking contest. It was the place where that got started. And now of course you have hacking contests all over the world, but capture the flag at Def CON is where it started.

The ghetto hackers were one of the first real teams to take that on and they advanced the game and really turned it into a spectator sport at DEF CON. And it’s, it’s gone on and evolved since then. We talk about that a bit in this conversation. We go deep into a little bit deep into talking about a wifi mesh networking at a company called CoCo Communications where Riley worked another one of our upcoming guests on the podcast, Jeremy Bruestle who was the founder of that company.

You can listen to that to learn a little more about CoCo, but a lot of those inventions and those technologies are just coming of age now. And so I think it’s actually pretty relevant and interesting because mesh networking is one of these things that keeps coming up again and again, and the problems are hard and interesting.

So that’s a cool conversation. And then later on, we talk about Caesar’s experience as a hacker growing up, how he got into it, what he’s learned, what he values about it as well as his ideas for how you can become a hacker. I am really excited to share Riley with you guys. He’s made a big impression on me and my life, so I hope you enjoy it.

Pablos: This has been one of the conversations I’ve had in my mind as being important for the podcast and what I want to do. I’ve known you for more than twenty years. We have similar progression or timelines in our lives of getting interested in computers, hacking, and ending up in the social dynamic of the hacker community in those days. There’s a lot to learn from that. What I want to do with you is talk about some of those experiences early on and how we got into it.

First, let’s talk a little bit about what you’ve been working on professionally because you spent a lot of time on the last company you were at. It was a company started by Jeremy, who was one of the founders, so it was started by hackers. I remember talking to him before he started the company about the ideas for trying to create mesh networks that were ad hoc mesh networks. That was, in those days, one of the hard problems with networking to solve. I’d seen lots of trial and error and lots of difficult problems in that. Jeremy was amazing because he was able to get further than anybody, as far as I could tell, technically. I was always interested in that company, and you and a bunch of other friends end up working there, so can you tell me a little bit about what the progression of that was like?

Riley: Originally, we were doing a Business 2.0 article. Jeremy was explaining on the whiteboard in the Ghetto Hacker workspace how that all worked and I was trying to repeat it back to him to see if I understood his ideas, because it was difficult to grasp with what I knew at the time. There’s a photo of him and I talking over that particular moment right before the company was taking off. It was a pivotal moment in my life.

Maybe the first thing to do is describe what the point of that was at that moment because this must have been about 2005, 2006 or something.

No. The company was started in 2002 and I joined in 2003. They had about a year to go around, raise funding, talk about it and get their hands around what the problem was that they were trying to solve. What happened was a whole bunch of families who are proud of the country in Seattle, people with some money to invest, saw the communication failure on 911 as a critical infrastructure defense problem that could be solved commercially. It should be available so people who are busy doing things, running toward emergencies and disasters, will know that they’re not going to get cut off from the lifeline and the lifeline for those people is always information. Having that access to information or failing to have that access to information was responsible for about 10% of the deaths that day.

It’s not solving all of the world’s problems they thought, but it was something that they could focus on, it was narrow. This was about a year after the dot-com crash, so they’d all been gotten used to investing in technology. They saw this problem and they decided to try to get somebody smart and they knew Mark Tucker, who was the CEO. Mark and Jeremy had worked together on a project before, so they brought Jeremy in and he took some initial ideas out of IEEE and what was available at the time and said, “We’re going to build the stack of these existing technologies.”

He went around and talked to people who were in the upper echelons of communications, telecommunications, first responder communications, and military comms. He found that there was huge resistance on cost because centralized networks are much cheaper to operate than networks where all the smarts have to be in every device. The more decentralized a network, the more expensive it is, period, because like a smartphone, the phone part of it is low power, tiny little chip. Most of what we call phone now is a lot of other stuff. Adding anything, even communication technology that is constantly running, trying to help other people on demand, all those things that the first responder would need if the central communications went down, each of them is a real challenge.

Jeremy kept pushing on invention after the invention and built a four-tier stack of pieces that would be needed. At the bottom layer, you need to be able to defend against denial of service attacks because that’s an easy way to knock down a network like this. It’s to send crappy messages, so we had to have link security and link identity but we needed to provide application communication concerns like police and firefighters have common missions. You may have police and firefighters on the same scene at the same time but they have distinct missions. You can’t get the communications crossed up. A firefighter can’t misunderstand that shoot comes from a police officer or firefighter. They need to know what their lingo is and their jargon is. They need to use their words their way and not have to double-check who’s talking.

We needed to have a separation of communications as well, even though we had to have a common trust model, being able to join a lot of groups of people who have different interests in missions. Journalists, possibly even those who may need to talk to each other or send pictures back and forth to their cameras and so forth. All of these problems turned out to be tractable but complicated. It’s building up to pieces one at a time and working out how we can make a network that doesn’t have a central registrar. In the end, we found that we couldn’t create trust without some centrality. We had to have some trusted arbitrators of identity, but once you had an identity service, then the rest of it could be done purely decentralized.

We saw in the 802.11p or 802.11r, whichever one is the automotive spec they ended up rebuilding almost the same technology stack. They came around and they’re like, “These vehicles are going too fast. We need them to be able to talk to each other. They don’t know each other. A Ford doesn’t know to trust a Toyota.” All these same problems came back out so the model proved to be correct and effective. The way we implemented it, and our desire to make the network scale to essentially infinite size, make it scale-free.

That ended up being too costly for the amount of network resources available at the time, especially if you think about high-speed devices like airplanes or cars relative to bicycles and humans. Having that slow stability is great, but having those high-speed movers can shuffle the topology of the network quickly if you do any automated algorithms or if you consider those to be all part of the same network. There are good reasons that the military divides the universe up into upper air tier, middle air tier, lower air tier, ground tier, sea tier, undersea tier and cyber tier. These are all different dimensions and each one of them has a completely distinct communication technology. That was an opportunity for improvement and we didn’t see that. A lot of our designs were homogeneous.

It’s a little over-engineered.

That took us a long time to recover from.

In those days, if we’re talking about 2002, 2003, 2004 or 2005, basically, we’re at a point in the world where the internet has completely taken over. TCP/IP 1, people, especially at that time, thought of it as this is a decentralized protocol, in a sense compared to centralized networks that came before us. The telephone network is a hub and spoke design where you have a switchboard in the middle and anytime you want to talk to anybody else, you go through the switchboard in the middle. TCP/IP, all you’ve got to do is find anybody else on the network and you can connect through them. We think of it as decentralized but in fact, for it to work the way you described, there’s a bunch of quasi centralized services like name service, issuing IP addresses and that stuff that has to be managed too.

You have to have an identity database. You have to log into all these services.

We have a whole bunch of different identity services but those are all essentially centralizing services.

Even the IP address assignment is a central function.

I remember we were first playing with Wi-Fi probably by ‘98, or something. It was for extreme nerds and nothing had Wi-Fi in it, so you had to plug a Wi-Fi card the size of an iPhone into your laptop to get on Wi-Fi. By 2001 and 2002, it’s getting normal. The first laptops with Wi-Fi were probably the iBook, Apple’s Titanium PowerBook, or something. It was one of those that had Wi-Fi build in.

We were using PalmPilot or Pocket PCs, which were a phone board and PC board jam together with a serial port and stacked with it with a screen. The HP iPAQ and the Compaq iPAQ were the things because it had Wi-Fi and that Wi-Fi in the old days had to have ad hoc mode. Lately, that’s not supported on most radios.

A lot of the companies wanted to put this communication technology into an employee problem rather than a job problem.

Tweet

They don’t even support ad hoc mode anymore. Ad hoc mode, I thought, were some descendant of it. It is basically what’s used when you do personal hotspot on your iPhone.

It’s a descendant and it has a parent and a child relationship even then.

The point being is all these networks that we use have that hierarchical relationship where, in Bluetooth, you pair to your other devices. There were occasional cases like airdrop as an example of an ad hoc thing where you could find devices on a network that you didn’t even know about before and talk to them for a little bit. I remember those days. As computer nerds, we were all fantasizing about how to build the next generation of the wireless network to be an ad hoc wireless, we call it a mesh network, meaning there was no centralized authority in the network.

What we imagined was you would be able to go anywhere, devices and all find the other devices around them. As long as one of those things was on the internet, everybody could route through them. It ended up being intractable because largely, the overhead of managing routing tables and those things. What I saw with the company that was called CoCo at the time, what Jeremy had come up with was a more practical way to solve that routing problem. Did it not end up being a big deal?

It did but what it ended up doing at the scales we wanted to achieve was creating a lot of ongoing or zombie connections. It wasn’t even the routing that was complicated. It was keeping all the devices leashed together. The big problem for multi-party or multi-security domain mesh networks is that we give them to the police and the firemen. We want to keep the comms separate. The big problem is to track a firefighter who has moved through and past the end of the police area. We have to hop that firefighter’s connections through those policemen and back to where the other firefighters are. That is such a core conceptual model that your workgroup stays together as long as you exist and you’re connected to the mesh. You have this constant application layer concept of group communication or a group connection.

When you have that, then it’s cool because you can have an IP subnet in your mind or your machine. You can represent a group of any nature that you’re a part of in the whole world with an IP range and use all your standard TCP/IP applications. The problem was to keep that real, then there needs to be a path for people in, for instance, that big group of firefighters that have one of their own orphaned out and at the end of the police network. They need to have a live connection in tracking where other firefighters are moving, so when messages come for them, there’s a path selected. It is a routing problem but it’s an online routing problem and it turns out that, even though nobody cares, except for your people and that was our goal. It was to make it lightweight for everyone else. Everyone still has to pass along updates about destination locations as you move.

It’s got this whole mobility problem and nowhere to send the mobility information so it can be permanently routed in a central place. Mobile IP doesn’t have this problem, because mobile IP does not allow two mobile devices to talk to each other ad hoc. It’s not mobile. It’s both of them. Each of them has a static IP somewhere and they proxy through that. Only that one device needs to know about their location updates and everyone else can forget it. In a truly purely ad hoc mesh, you can’t do that. There’s a connection overhead, a connection load.

Where did you guys land? I know that you build various iterations of this product to try and help emergency services and in those situations, what did you end up with?

We ended up with the first high res audio USB audio digitizer that was pluggable for firefighters or emergency response radios. We went down to Katrina as soon as Hurricane Katrina happened in the aftermath. We went down and we hooked up a lot of the radios to each other and created multi-discipline talk groups to help them out. That was one of our successful products, our tactical radio gateway.

Instead of all the police and firefighters having analog radios on channel thirteen, talking to each other, you could have them all on channel thirteen, but you’re using digital sampling of their audio when they’re talking, sending it digitally and separating out on the network. This goes to the police group and this goes to the firefighters’ group.

We could do that but we also have the power to then cross those groups up. Maybe by regions EMP 25 and these other guys are using a more legacy Motorola StarTAC or something network. They’re unrelated radio networks and we get them to give us one radio each plug it into the gateway and now those two top groups are merged. It was either a distributor like you’re saying or a mock server. We did that and we were able to at least to some degree, effectively negotiate the push-to-talk problems.

Push-to-talk networks that have an incredibly low timing sensitivity. You have to be as fast as possible. Because if I push my button and you push your button, we both talk and nobody hears. Everyone else hears both of us, but we don’t hear each other. We don’t know that there’s a problem. The farther apart those networks are, the harder it is to mediate an effective push-to-talk regimen, so we came up with some patents in that area as well.

We branched out all over the space of communication in hastily assembled or dynamic environments. We built a chat network so it was your Jabber chat client but it would connect to a localhost. There’s a local service that you were running that pretended to be a chat server and would transact all your messages out to multicast well and track which ones of them arrived and didn’t retransmit correctly. You could on a multicast plane have a bunch of people using this chat service, transacting files at extraordinary speeds.

That makes sense.

Because everyone’s getting a copy of the packet at once so you didn’t have to send ten copies to ten people. You had one copy to the network and if anyone needs a particular frame retransmitted, somebody else can do it while you’re still spewing. It was efficient and it worked effectively up to 70% packet loss and you get delays of one second in your chat.

That’s tolerable in chat. Is this stuff being used widely in emergency services scenarios now?

No. Emergency services are utterly owned by Motorola Public Safety. They own the regulators, schools and engineers. They own everything.

It sounds like a great business.

Three years after we got going and they heard of us, they bought Mesh Networks Inc., which made a much simpler product that wasn’t meant to solve the world’s hunger. Many Motorola devices have mesh network devices in them, which is interesting because the radio at least at one time, beaconed all the time, and beaconed a clear crystal simple sound on the unique frequency. You could easily build a, “Where’s the police officer near me,” direction pointing to yourself. It’s a convenient GPS overlay of, “Where’s the nearest police officer?” We pivoted into the military space and we did that. We took those same radio gateways and mesh network repeaters. There was a company that was making Pocket PCs in a scanner form factor with four bar codes. It was rugged. We took some of these rugged Pocket PCs and mesh network repeaters that look like little bricks and tactical radio gateway, which looks a little pelican case. We took those out for the Coast Guard and helped them to build a hastily assembled boarding team interdiction network.

What does that mean?

I didn’t get up close to a freight ship before but they’re the size of a skyscraper lying sideways in the water. They’re utterly huge. You think about a 40 or 50 story building covering that in communication seems a hard problem. When you think about a ship, it’s not clear necessarily. It wasn’t to me anyway what the problem would be. It turns out the ship is made out of a Faraday cage. It does not permit radio to pass any part anywhere at all ever. Coming up with a way for people with bulletproof floating vests, rifles, comm systems, flashlights, these Coast Guard are there to see if there’s smuggling. They’ve got their border mission.

Coming up with a way that guys can operate a mesh network became a real challenge. On the bricks, we had to come up with a light signal system. We had an ON button but no OFF button so you couldn’t turn them off later to screw up the network. They’re rugged. They break it in and it stops working and the crypto falls off. On the front, there were four lights: red, yellow, green and purple. It was that blue LED that was popular at the time.

Blue meant that the device was connected back to the radio gateway. You’re on the network. As long as blue was lit, you’re live and you’re okay. Red, yellow, and green was the link quality of the first hop back to the radio gateway. We would tell people to leave them off in the provisioning center, on the cutter, they would be off, pack them in their jackets, and take them across. They turn on the radio gateway, talk back to the cutter, turn on the first mesh node, and it’s likely to go green and blue. The green and the blue. They’d walk away and it would drop to yellow. We’d have them step back up until it got to green, set it down there and that’s as far as this device can go.

They leave breadcrumbs all the way.

BreadCrumb is a registered trademark of the Rajant Corporation, which makes a similar communication device so I’m not going to say that word. The Hansel and Gretel story is the way that went. The cool thing was, by making it real-time, live and visible, this utterly impossible concept of link quality that no Boatswain’s mate is going to ever be able to jump to lecture on. That usability in real-time changed the future of our product in an interesting way. It turns out that there are these spots where a guy would be taking one round to see. As an experiment, we did it on an icebreaker, the Polar Star.

We went around playing with them and playing with them, Grant Wallace moved a live one that was in a red state. The blues off. You’re not on the network. You can’t see what’s going on. You’re too far away. He’s like, “These don’t cover enough ground. We’re going to have to take 40 of them over.” They weigh a couple of pounds and that’s unrealistic. He moved it in front of an air vent and it turns out that the ventilation system is a perfect effing waveguide. He mounts it outside and it goes green and blue. We ended up filling the Polar Star with six Wi-Fi radios. It’s like a 30-story skyscraper lying on its side on the water and we’ve got six 2005 era Wi-Fi radios.

You could go down into the hold and live talk back and forth with Groton, Connecticut, over a SATCOM back on the cutter. They could take a picture, have it go round trip, be in Groton within a minute or so with several seconds anyway. They were slow radios back then and have an analyst tell you whether it was a problem or not. You wouldn’t have to do what they did before, which was go over, go down and below decks in pairs, take photos of everything that could be found and come back up every fifteen minutes to make sure nobody got shot. Anyone being shot is not an acceptable experience.

It’s a US problem.

That was my feeling. We’ve got to change this. We’ve got to do something different so giving them live round trips back to Connecticut made a huge difference.

To be clear, the reason they would have to do it that way before is because the analog radio, a Faraday cage means all the radio communications are going to get blocked if you’re below the deck or whatever.

Your cell phones don’t work on the inside of the big ship. Cable TV and satellite phones, none of that shit works when you’re inside of a big ship.

You guys develop that type of technology and other things around it and end up selling the company at some point.

We worked on rebranding as well. We pivoted out of the Federal space and went into construction first. We thought that construction was a natural thing. It turns out if you can rig a communication system for a skyscraper on its side in the water, you could also do that for one that’s being built. It was an easy pivot to stand that skyscraper back up and go into the construction industry.

Did it end up being a successful market for guys?

Not as much as we wanted.

Construction is hard to sell into because it’s conservative.

We got written into some IT plans like this as part of the IT budget for a bidding process. We made it all the way through the selection and integration process. I don’t mean to say that it was unsuccessful but there’s a weird intersection for those guys. There are some things that they buy every time they do a job. There are some things that they buy every time they hire an employee and they expect the employee to track that device like a cell phone. A lot of the companies wanted to put this communication technology into an employee problem rather than a job problem.

There were weird technical issues that made that go way slower than we wanted and potentially not have a lot of resales because the company would reuse the same system building after building. They buy enough for how many jobs they do at once, rather than enough for every job. Finally, we went to residential and started building residential Wi-Fi mesh networks, so home routers and extenders. Nokia was moving into the Nokia Wi-Fi space. Nokia makes most of the phone equipment that’s not Huawei or outside China. They’re the leader. They build the head and equipment and lay the fiber or somebody lays the fiber. They even built the CPE.

What’s that?

Your router, your fiber modem or terminal. They wanted to provide the carriers the capacity to deliver that gigabit fiber service all the way through even an extender to the far edge of the home. They acquired our company, Unium was the rename of CoCo. Unium like E Pluribus Unum. Unium, the element of connection. That’s where we wanted to take the brand eventually. We rebranded it and turned it around. Mike Chen from Linksys that we had met before had gone over to head up the digital home business unit there. He knew about us and came. He found our people and talked through them. Over about a six-month period, we worked our way to a partnership and that’s been going for a few years now.

I want to change gears a little bit. When we first met was probably at DEF CON sometime in the late ‘90s. In those days, DEF CON, which is now the world’s largest hacker convention, probably always was, but there were maybe 1,000 people there, maybe 2,000.

Maybe up to 1,500.

I was still at Alexis Park which is the size of a Motel 6 or something. It’s a small hotel off the strip in Vegas that gets invaded by 1,000 hackers or so every summer, every August maybe. It’s 106 degrees, you’ve got 1,000 pasty white computer nerds in black t-shirts with witty slogans about internet protocols, Linux or something, laptops the size of VCRs, some of them with dual VCR decks in them.

Can you explain VCR to me? I don’t think anyone reading this is going to know what you’re saying.

We’re definitely losing people. My daughter has no idea what a VCR is.

Hacking is like this bottomless pit of puzzles. It’s that bottomless pit of intrigue about the computer.

Tweet

Laptops that are the size of stoves.

They were huge. People who have probably heard stories or anyone interested in hacking have probably heard stories or read about DEF CON in those days. I remember at that point, we were at Alexis Park because we’d been kicked out of every hotel on the strip for being poorly behaved, essentially cutting the power to a wing of the hotel and arson.

Breaking the security system and throwing bottles off buildings.

There you go. The ATM is going haywire. Who knows why? All payphones being destroyed. It’s all those things.

People dying the fountains.

Hackers in those days were fringe. It hadn’t gone mainstream. These days, a hacker is anybody who plays video games. There’s nothing to it.

That’s not that big of a pride point. I still call myself a hacker because I’m still proud of it but there’s something definitely diluted about it.

That’s the progression. Hacker in those days was not something that you advertised. It was essentially considered a criminal. For most people, it was isolated, at least for me. I grew up in the ‘80s, in Alaska, and I lived in a small town where there was nobody around who was interested in computer hacking, except for me. I would get these floppy disks mailed to me with The Anarchist Cookbook, information about hacking phone systems, how to crack video games and Apple II. It’s that kind of stuff. I get the floppy disk mailed to me once every few months.

By whom?

There were others but the one I remember was called the Bootlegger. It was a magazine for hackers on a floppy disk. You could subscribe to it and get mailed out. That was probably in ‘81 or ‘82. It was bad. By ‘82, I got a modem. I was in Alaska in those days and long-distance calls were expensive.

Freaking was the law. The physics of the environment. If you don’t freak, you don’t play it.

You couldn’t afford to call.

Do you remember the first time you ever turned on a TCP/IP connection and you were like, “Russia, oh my God, it was free?”

TCP/IP, I didn’t get it.

It was like legal freaking but the internet was like a crime that you could buy. You could go out and buy this thing that could commit crimes for you by sending packets for free around the world. That’s the best feeling in the entire universe.

That’s well put. I got on mainframes in the early ‘80s.

How did you learn all this so young?

It’s because I had nothing else to do. It was cold outside. You were going to die if you left the house and I had a 300 baud modem. The thing was, the university had mainframes, which in those days, were VAX mainframes. VAX, to be clear, has the computational power of a Tamagotchi but it was a multi-user computer, and it could have 100 people connected at once and a lot more in the computer lab at the university.

The most boring LAN party possible.

It was the most boring LAN party but we were all so excited. The cool thing was because I was a kid with nothing else to do, I managed to finagle my way onto the system even though I’m a 13 or 11-year-old kid, whatever it was, and everybody else was a computer science professor. They didn’t know I was a kid, but they all had jobs and in school and stuff to do and I didn’t have anything. I could spend sixteen hours a day learning about the mainframe, but it was painful. I learned the hard way as I’ve told other people. I learned to code by reverse engineering 6502 assembly language. There was no one to teach me. There was no YouTube video. There was no how-to for dummies guide.

You didn’t get the Commodore 64: Programmer’s Reference Guide?

I had Apple II and I had the manuals that came with it, but that was not how to code.

There’s an assembly reference in that, isn’t there? There isn’t a Commodore.

There is a reference that’s generous. It shows you, “Here’s what jumps statements are in hexadecimal.” What does a jump statement do? I don’t know. Let’s delete them all and see what happens. It was bad. I had pin-free Dot Matrix printer so I could print out all the assembly for a program.

Was it like fanfold?

Yeah. You printed all that, it would be hundreds of pages and you would go through and look like how you would crack video games in those days. Find all the jump statements one bite at a time. I didn’t learn a lot too fast but I had made up for it by time and enthusiasm.

That’s what they called talent, time plus enthusiasm.

These days, that’s about as good as it gets. Once I got on the mainframe, I could finally talk to people who knew more than me and there was an email system on there where you could email the other people on the mainframe. There are a couple of hundreds of people you could talk to, so I would ask them dumb questions, “How does this work? What does that do?” Because the mainframe was limited, you could only get so much processing time, so much storage and memory, and I always wanted more.

I would write these programs, which we call Mail Bombs, and you would write a little program in DCL, which was the scripting language for the mainframe for VAX and you name it like Star Trek Game. You would email it to somebody and get them to run the Star Trek game. It would give them an innocuous error because they didn’t have a game. It would give them errors and I’d say, “I’ll go try and fix it,” but in the background, it would be locking them out of their account if they’ve given me all the resources and access to all their stuff. It’s a computer virus, but we didn’t have that nomenclature yet. We independently invented Mail Bombs.

I believe that’s called a Logic Bomb, not a virus because it doesn’t make more viruses

If you’re nitpicking, that’s true. I didn’t get to the automatically replicating part of it. The point being, that’s what, in a nutshell, my childhood was like. It was trying to learn as much as I could about computers and having nobody and almost no resources to lean on, and now it’s so much different. Kids can go on YouTube and watch how-to videos with animated cartoons explaining everything. The point being, by the time the internet came along because there’s a window of time where you got past mainframes into BBSs and things like OBS.

I’m one tech generation later, like four years later.

BBSs were more accessible communities of fringe wackos essentially who wanted to get into nerd stuff.

For me, you go over to the Disk Copy Party that happened once a month and steal everybody’s software with each other and copy everybody’s stuff. Somebody came into a place that I’ve had my first job and they had a duffel bag full of pirate floppy disks. No envelopes, nothing protecting them, it was jammed in there.

Floppies were oddly resilient.

It’s so true. It’s surprising compared to even a CD or a DVD. You get a little scratch in the plastic and it’s all ruined. Out of the backdrops CCGMS, the modem program for Commodore 64. I had no idea. I didn’t have a modem so I’m asking this guy what does he do and all this stuff. We end up becoming short-term friends. He was on the run and making his way toward Vancouver and had some stuff. He was from Portland and they had some stuff going on.

He was on the run with a duffel bag of floppies.

We stayed in Arlington for a little while and we were friends for a minute. I went to his house once and there were five discs left on the floor and he’s gone. Everything is gone. In that meantime, he taught me how to get Sprint to issue a calling card that didn’t bill. I thought, “This is acceptable. This is my solution.” This guy tells me one thing and for eighteen months, I don’t have to work to dial internationally. I’m not a freaker. I script kiddie the solution from a guy and that solved my problem. I got a 300 baud modem, 1,200 baud modem, and 2,400 baud modem as fast as I could upgrade. I got two and ran a little BBS of my own.

It’s like being part of a global underground.

Our German teacher was the head of Brain Damage Studio, which was a distribution group in the Pacific Northwest, pulling out of Frankfurt. He would be on the phone on one of his phone lines 24 hours a day pulling down from Frankfurt. I was like, “I’ll help.” He’s like, “Great. Here’s another Fairlight BBS. You go here and get this stuff and bring it in.” That was my introduction to it. I fell into it.

I had a sense that that existed out there but I was far removed that I couldn’t get to that thing. There was no place to do floppy copy parties. I remember one time, I met a guy on a mainframe, who also had Apple II. My parents drove me across town to a sketchy mobile home park, a trailer park. They dropped me off to hang out with some weird guy.

Mine did too. I did the same thing too.

I went to his house because he had dual floppies and I only have one, so it’s a lot better to copy. That was weird stuff. That seems amazing because you probably got far fast doing that.

I got to learn about password security and logging. Joe Grand was the one who remembered this guy’s name. There used to be a guy on the East Coast and it’s because I could call anywhere on this scheme at the time. There used to be a guy on the East Coast who would set up voicemail boxes because all the voicemail systems were brand new at the time, they all had stupid hardcoded backdoors. You could call into one, dial a few different codes to see which brand it was, get yourself administrator privilege, and set up a voicemail box on (77245) extension, which no one is ever going to dial in history because it’s a two-digit extension box. (77) is not allowed, so you’d make these absurd voicemail boxes, no one ever knows they’re happening. This guy would call in and he’s like, “Here we go. I’ve got numbers for six bulletin boards,” and read them fast. It was like the Micro Machine’s commercial guy. He read them so fast. He’s like, “Here are thirteen Mastercards all fresh in the last 24 hours. American Express, Visa.”

The Hacker ethos has always been anti-aesthetic. It’s not as good to look good as it is not to be cool.

Tweet

He’s reading the stuff up in the voicemail boxes.

He’s not even putting it on a digital packetized thing and leaving a modem tone or something. He reads it off. The capacity to do stuff was far away from the practice of how to do it. If a guy is reading you into a phone and you’re calling, in the end, the next voicemail box would be a phone number and a voicemail by extension. That one would never get used again and get deleted a couple of days later. Once you get on the train, you’ve got to stay on the train. It’s like a podcast that was hard to get.

When did you first end up going to DEF CON?

Shortly after all of these shenanigans, my age of majority was starting to approach and I was working a lot. I bought my first car when I was fourteen. I wanted to get going in life. With Operation Sun Devil and some of the other police anti-hacker moves in the late ‘80s and at the transition to the ‘90s, with that stuff going on, I decided to put away all of those childish things and go out in the world and do my thing. I got my first programming job before my eighteenth birthday and went fully professional. I helped the guy who built the Sonic Arris Assembly Line and all these little projects and cool little things I fell into working with Datalight, Roy Sherrill in particular. They lifted my career up.

I went in for a programming interview and they said, “The Program is Tic Tac Toe in C.” I was like, “Cool. Do you have a book on C? I’ve never seen that language before.” I sat there and for eight hours, I learned C and got a partly working Tic Tac Toe and they were like, “If that’s your first day in C, you are in.” That was mostly because I’d had Mr. McKay and Ainsworth in the Marysville high school system. They put a lot of effort into exposing kids early and effectively to programming. I learned logo when I was eleven. I would assume it would be now the normal programming course. I’m meeting more kids that haven’t taken a programming class and I’m a little surprised.

It’s finally been legitimized. When I was a kid, I remember everybody’s parents wanted them to grow up to be a doctor or a lawyer because those were legitimate career choices. Computer programmer sounded psychedelic. Now, it’s like, “You should be a computer programmer or doctor, definitely not a lawyer.” That’s the progression. It’s the revenge of the nerds. We ended up succeeding at making careers, businesses and a lot of money.

The explicit goals of the Ghetto Hackers were to improve our skills, our revenue and our careers.

Hacking was a thing when you’re a kid and you ended up getting jobs. I remember when I got out of high school, I got a zillion computer consulting jobs. Whenever somebody wanted to do something with a computer, somebody goes, “Call this guy because he knows computers.” I never knew what I was doing. It’s like the C thing, I’m like, “I’ll figure it out.” I figured it out because I wanted to prove that I could do it or I wouldn’t get another job. That’s was my whole early career, but I might still be doing that.