Famous Hacker Reveals! True Ethical Hacking Stories. Artwork

Cyber Crime Junkies

Translating Cyber into Plain Terms. Newest AI, Social Engineering, and Ransomware Attack Insight to Protect Businesses and Reduce Risk. Latest Cyber News from the Dark web, research, and insider info. Interviews of Global Technology Leaders, sharing True Cyber Crime stories and advice on how to manage cyber risk.

Find all content at www.CyberCrimeJunkies.com and videos on YouTube @CyberCrimeJunkiesPodcast

All Episodes

Cyber Crime Junkies

Famous Hacker Reveals! True Ethical Hacking Stories.

February 13, 2025 • Cyber Crime Junkies. Host David Mauro. • Season 6 • Episode 51

🚨New Episode 🚨We’re joined in-studio by Bryan Seely— World Famous Hacker who Reveals True Ethical Hacking Storie. Bryan is a cybersecurity expert, and media commentator featured on CNBC, Fox News, CNN, and WSJ. He’s also the author of Cyber Fraud: The Web of Lies!

We discuss: true ethical hacking stories, data brokers and privacy risks, wiretapping, Google Maps, data brokers and privacy concerns, how data brokers operate without regulation, and How Hackers Breach Big Tech.

Send us a text

Grow without Interruption. Stop Breaches. Leverage Advances in Technology with NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com

Have a Guest idea or Story for us to Cover? You can now text our Podcast Studio direct. Text direct (904) 867-4466

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss a video episode!

Follow Us:
🔗 Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Youtube (FKA Google) Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: 💬 Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

🔥 In This Episode, We Discuss:

✅ True Ethical Hacking Stories – Insider tales from Bryan’s career
✅ Wiretapping the Secret Service – The shocking real-life hack
✅ Google Maps Exploits – How major platforms get manipulated
✅ Data Brokers & Privacy Risks – How your data is bought and sold
✅ Deepfakes, AI & Open Source Intelligence – The growing threats online
✅ The Dangers of Social Media – What you NEED to know

World Famous Hacker Reveals True Ethical Hacking Stories

True Ethical Hacking Stories. Bryan Seely.

Topics: Are Extensions Safe On Chrome, true ethical hacking stories,cyber crime and cyber security,data brokers and privacy risks,cybersecurity,cybercrime,wiretapping,Google Maps,data brokers and privacy concerns,data privacy,social media risks,open source intelligence,how ethical hacking helps,why ethical hacking is critical,why ethical hacking is important,what is ethical hacking in cyber security,ethical hacking stories,How Hackers Breach Big Tech,investigative journalism in cybersecurity

Chapters

00:00 Cyber Crime and Cyber Security
03:20 The Secret Service Wiretapping Incident
06:11 The Impact of Google Maps Exploits
09:15 True Ethical Hacking Stories
11:53 The Role of Investigative Journalism in Cybersecurity
14:25 Writing 'Cyber Fraud: The Web of Lies'
17:11 The Evolution of Cybersecurity and Data Privacy
19:50 The Dangers of Social Media and Online Presence
22:42 Data Brokers and Privacy Risks
24:40 The Complexity of Terms and Conditions
26:28 Understanding Data Collection and Privacy Risks
29:55 The Rise of Deepfakes and Social Engineering
34:10 The Impact of Open Source Intelligence (OSINT)
36:42 Collaborating with Influential Figures
44:27 Advice for Internet Users

Host (00:00.267)
really the only way we know how to do stuff, right?

Bryan (00:02.863)
I don't know, if I have to be boring, I don't want to do it.

Host (00:05.328)
That's exactly right. So welcome, everybody, to Cybercrime Junkies. I am very honored and very excited today. We have a friend of our show, a world famous ethical hacker, cybersecurity expert, media commentator on CNN, part of Wall Street Journal, Fox News, CNBC, apparently going both sides of the political gamut.

I'm author of cyber fraud, web of lies and keynote speaker to fortune 500 companies and more Brian Seely. Brian welcome to the studio,

Bryan (00:42.062)
Thanks for having me again. It's always a pleasure.

Host (00:43.513)
I had so much fun the first time we spoke. I've been wanting to have you on ever since, honestly, because I felt like I could have talked to you for hours.

Bryan (00:54.99)
I appreciate that. Yeah, that is definitely one of my gifts. Shutting up is not one of them.

Host (00:59.928)
It's always so fun. I've been told the exact same thing. So for those that may not know who you are, you were a Marine, US Marine. real life G.I. Joe. And honestly, thank you for your service. The Marines, the armed services, they're phenomenal. And I know there's a lot of struggle that a lot of vets go through. It's one of the

Bryan (01:18.891)
I mean

Host (01:30.06)
most undervalued things in our society and we all take it for granted. So thank you for that. Since you've been I want to see your first claim to fame was wiretapping the secret service. Let's just glean over that. Let's just glean over that real quick. Like walk us through real quick what happened.

Bryan (01:50.008)
Yeah.

Yeah, that has to be it.

Bryan (01:59.03)
I found some things I didn't like on Google related to spam. And it wasn't just Google Maps. was white pages and Yelp and Bing Maps and all these different places. So people building fake companies and taking business from regular hardworking Americans, small business owners, either taking it directly from them or selling it back to them and calling lead generation. And it just involved exploiting certain things to

put fake companies on the map. And you can find them in a lot of different categories, but it's mainly companies like locksmiths, carpet cleaners, pool cleaners, landscaping, anything. But they have to be ones that come to you wherever you need help. You would never go to your pool cleaner's office. So that type of thing. So finding exploits and making some funny business listings to try to get some attention to the problem.

Host (02:38.827)
Right. True small business, true small local businesses. Right.

Bryan (02:57.958)
and that didn't really work so well. So, I mean, some of them are really funny. Like there was a concentration camp in North Korea that I made an amusement park and the Westboro Baptist Church became an adult toy store. dungeon, dungeon. Yes. And then, why wouldn't it?

Host (03:12.855)
Of course. Of course it did. What about the... then in the White House, didn't you put Edward Snowden's ski lodge or something like that?

Bryan (03:26.638)
no, no, no, that was well, that was later on. So I put his secret hiding place on the White House lawn. And that's kind of what media showed the most of. then a year later, I did a TED talk about it called Wiretapping the Secret Service Can Be Easy and Fun. And I put another one in the Oval Office. It was "Edwards Snow Den" It was a snowboarding shop. Yeah. That was my that's still my favorite.

Host (03:47.574)
no doubt! I love it. I mean, if you can't if you yes, that is I think that's one of my favorite things. so I got to ask like, how are you? How did they not come down on you? And like, they've actually praised you. Secret Services praised you. FBI has praised you publicly.

Bryan (04:07.918)
I couldn't have planned it better. If I had planned it, I might Not have done it. This wasn't a good plan. I ended up walking into the Secret Service office to tell them about it in like 15 minutes of just explaining, and they're like ready to let me leave. Like they didn't believe me. And.

Host (04:13.109)
Yeah.

Host (04:26.559)
They didn't believe that you could actually access wiretap things. And then you had to demonstrate it for them, I imagine, right?

Bryan (04:29.74)
Right. Because it sounds insane. That's like, all I got to do is turn my ear and then look towards the North Star and I can pick up radio chatter. Be like, that's what it sounded like. And ultimately, I just told one of the agents in the room, call the DC office of the Secret Service and I'll prove it. And so when he hung up his cell phone, I got a notification. And then I got to play back on speaker his conversation he just had with the agent that

Host (04:56.31)
Oh my lord.

Bryan (04:58.56)
None of the other guys in the room, including me, could hear the other guy because, you know, know, phone calls work. Well, now we can all hear it and we can hear the ringing in the beginning and they they have like really good bearing. They don't get rattled. They don't get surprised. But the first one said, shit. Like he like and then they took all my stuff and then four hours of explaining over and over and over.

Host (05:14.474)
No, of course. Wow.

Host (05:23.648)
Well, yeah, I would imagine right after that, have to make sure you're not a threat. Right. And you're like, no, I'm literally trying to just tell you about this vulnerability so you can fix it.

Bryan (05:28.397)
Right.

Bryan (05:32.974)
They did make it clear I wasn't under arrest. wasn't being detained. I was being asked to stay. I didn't want to push that. Like, I didn't want to find out at what point they were like, all right, now you have to stay because you're an idiot. I mean, we already knew that was the case, but in case they yeah. I didn't want to prove it in court.

Host (05:46.898)
Right.

You know, that's a risk. Look, if you keep talking too much, right?

Bryan (05:55.374)
Oh, no, but see, that's the thing. Like I was sitting in the room and I told this story to a couple of people and they're like, there's no way you did that. And I was like, if you actually really knew me, you'd probably go, yeah, he did that. So I'm sitting there and I'm like, hey, is that the new six hour? And he's like, yeah, it is. like, well, can I see it? If you took all the bullets out, could I see the gun? He's like, no. I'm like, I have a chair.

Host (06:07.622)
Yeah.

Host (06:16.597)
He's like, no kid, you're not allowed.

Bryan (06:20.288)
It doesn't have any bullets. If I have it, I can do more damage. And he just gets up and leaves like he didn't even. I'm like, OK, fair enough. All right.

Host (06:25.449)
Did he really? no, you can't play with the toys. Those are loaded. Like, right. Exactly.

Bryan (06:33.688)
They weren't going to arrest me for that. That wasn't going to be the straw. It was the wiretapping and the federal wiretapping charges that were definitely going to have some weight. But being a smart ass in a room was just...

Host (06:43.649)
my.

Host (06:47.222)
But they eventually came around and they eventually and they've publicly thanked you. It's really remarkable. Not many people can say that.

Bryan (06:47.798)
Yeah, so they called Google.

Bryan (06:58.634)
No, it's not a good idea in any way, shape or form. I don't recommend it.

Host (07:02.069)
Don't go seeking that in general. That's the message to the public.

Bryan (07:05.838)
Yeah, they let me know I used up all my nine lives.

Host (07:09.406)
Yes, exactly.

Bryan (07:11.278)
You're on a list, we'll make a list for you.

Host (07:14.645)
We'll create a list. We're putting a list with your name on the top and then we'll, if anybody else does this to us, we'll add them to your list.

Bryan (07:21.868)
like Santa Claus, but this one they don't need to check twice. There's only one person on the list.

Host (07:25.607)
Yeah.

my wow wow wow well that was back in that was what about 10 years ago or so yeah well and you you you made you made a splash then I mean

Bryan (07:29.858)
Yeah. But that-

10 years ago, yeah. 2014, 2015.

Bryan (07:41.742)
It led to that's a really good hook for when you want people to hear an elevator pitch and go, I'm interested in that. I want it like we all we all stop at car wrecks, train wrecks. Like we want to see someone do something stupid on the news. Car chases, even if we don't wish the guy the best. We've who that guy wiretapped the secret servers. That sounds stupid. Let's watch that.

Host (07:51.943)
Yes.

Host (07:56.146)
Mm-hmm.

Host (08:01.971)
Right.

If.

Host (08:08.755)
Yes. If TikTok were a thing, you could have like filmed yourself the whole time. I mean, it would have been viral.

Bryan (08:16.278)
I have a couple selfies that I took in the waiting room of the Secret Service, which were basically just like, ehh.

Host (08:19.871)
God, I want those. Yeah, that is great. If we get those from you, they'll be right here. I'll put them right here. So they'll be right here. Excellent. That's great. Well, and then you also, you de-anonymized the highly valued mobile app. Yeah.

Bryan (08:29.144)
I'll get you a good copy of one. It's...

Bryan (08:39.746)
That with another researcher, there was an app at the time that's kind of like Whisper, think is the current iteration of something like that, where, yeah, it was really cool. It was a Google engineer named David Baitao, really smart guy, made something. And another researcher and I figured out that if you, and this is actually what led into research with LinkedIn, is if you take an iPhone and build a contacts list,

Host (08:46.568)
Yeah, it was called Secret.

Bryan (09:09.686)
of about 100 or 200 people and call it like person one, person two, person three, person four, and you make up a bunch of numbers that are nobodies and you have two or three numbers or just one number of a person you want to see if they're on secret. Whenever somebody in your contacts list posts something, it'll show up in your feed. Well, if you know one person out of 100 is real, you can attribute that post to them.

Host (09:19.037)
Mm-hmm.

Host (09:30.777)
Really?

Host (09:38.385)
Right.

Bryan (09:39.362)
So now you're stuck with, just, the whole point of the app is gone. Being able to like say things without having people attribute them to. And it's kind of like imitation game where they figured out the Enigma machine's code by decrypting Heil Hitler and then we're able to like expand from that. like having something like that where you, like if you always say chow at the end of your messages, well, that's not gonna work on secret. We all know it's you, idiot.

Host (09:44.776)
Right.

Host (09:59.091)
Yep.

Host (10:08.238)
Right.

Bryan (10:09.186)
So that was a loophole that kind of got a big amount of attention because the app had raised a bunch of funding. The guy was really smart, and they took steps to fix it. They listened. They were really cool about it. Yeah, really, really smart, really good approach to it. I don't actually even know. I think they might have. I'm sure ex-Google engineers, startup founders are probably fine. I'm not so worried about them.

Host (10:15.994)
Hmm.

Host (10:21.424)
that's good to know. That's good. Did they get bought out eventually or is that app still around? Okay.

Host (10:34.182)
Yeah.

Yep. And when you did that, that also made a splash. just want the audience to understand you were on the front page of Wired, CNN Money, CNET, Forbes, and the Washington Post all on the same day. That was a busy day. That was good.

Bryan (10:38.284)
But that led to LinkedIn thing, yeah.

Bryan (10:52.098)
Yeah, that was a busy day. Yeah, my phone did not, and then like Krebs on security posted about it. And that was one of my first times ever meeting Brian Krebs and having him.

Host (11:03.047)
How was that? How was that? Brian Krebs is one of the quintessential security researchers who always has an excellent take, interesting take on a lot of cybersecurity matters.

Bryan (11:15.542)
Yeah, he is one of the most dedicated, I'd say journalists. And you can like, I think he's written about me five or six different times. He ended up writing about the book that I wrote. And I gave it to I gave him a PDF copy to distribute for free through his website. So if anyone wanted to read it and couldn't afford it, go ahead and get it from there. Like the Brian Krebs edition.

Host (11:31.836)
Hmm.

Host (11:36.636)
Great. Yep.

Yep.

Bryan (11:45.134)
I believe in what he does and the amount of things he tracks down and finds and research, it's unparalleled.

Host (11:50.384)
He really does. goes, he does incredible investigative journalism in dark web things. Like it's phenomenal.

Bryan (11:55.854)
Dude learned Russian.

He learned how to read and write Russian to be able to go into dark web form. Like who does that? So I think he's a phenomenal person. There's hard to find his equal in terms of investigative journalism, really smart. And the amount of things he has to deal with now that he has so much publicity, the second he posts anything, the other media sort of swarms around that topic to get another update or.

Host (12:00.977)
Mm-hmm.

Host (12:04.337)
I know.

Host (12:19.803)
I

Bryan (12:28.046)
so they don't fall too far behind. So whenever he wrote about anything I did, was immediately news organizations calling left, and center.

Host (12:28.155)
Right. Yep.

Host (12:36.141)
Unbelievable. Let's talk about your book a little bit. Cyber Fraud, The Web of Lies. Walk everyone, we'll have a link to the actual book for them to purchase it, obviously. What caused you to write the book? What was it that drove you to spend the time and get it published?

Bryan (12:58.338)
That was completely related to the Google Maps ordeal start to finish, more in depth as to all the things that sort of happened, how I did it. Yeah, just the whole story in general needed to be sort of told in one way, form. And it's not particularly well written. I'm not a great writer. If you have a wobbly coffee table, it'll serve a purpose there forever.

It'll hold that up, but it's not a timeless classic. It is more like, this is an interesting novelty. Look how stupid this guy is. And...

Host (13:39.697)
Well, walk us through, you know, I'm familiar with the book, but walk us through as if I'm not. Tell me kind of how you first stumbled upon that vulnerability and what you were seeing with Google Maps.

Bryan (13:56.832)
I had been working with Google Maps stuff and data entry like many, many years prior. And it was just, I had gotten clean and sober, divorced, diagnosed ADHD, living on my own. And I was just bored out of my mind Just, I could not find anything to do. And I'm sitting there on the computer looking at old map stuff. Like, I wonder if this has gotten any better. Cause I ended up leaving that, that sort of career and getting

Host (14:01.979)
Mm-hmm.

Host (14:12.334)
That was a very open way of explaining it. Yeah.

Host (14:20.282)
Right.

Bryan (14:24.01)
into like network engineering and systems engineering more heavily and found out it was worse. Like across the board worse. So at that point I was like, something needs to be done. And then it was just making fake businesses for fun to see if what could be done and then documenting the process and learning how to talk to journalists or getting their attention in one way, or form.

Host (14:51.812)
Right. Making that kind of internal business case, even though it's external, but you had to make the case to explain it, synthesize it down so that the non-technical can understand it.

Bryan (14:57.699)
Yeah.

Bryan (15:03.534)
Right, and then doing my first news story with Como News here in Seattle. I think it's an ABC affiliate and a reporter named Matt Markovich who's been around Seattle forever. That was, yeah, it was fun. They recorded me building like a daycare in North Seattle and I put it in the top 10 rankings within like 15 minutes. And we ended up calling Google and they...

the reporter ended up talking to them on the phone and they're saying, well, that's not possible. And he's like, well, he just did it on camera and we have the whole thing recorded. We're going to show it. We wanted your comment. And they just hang up. they didn't. Well, they do, but they don't want to deal with. They want to go about business their way. And the way that they were solving a lot of the issues was consumer crowdsourcing edits.

Host (15:34.961)
Yeah.

Host (15:40.708)
They didn't know how to address it.

Host (15:48.505)
Right.

Host (15:54.81)
Mm-hmm.

Bryan (15:55.17)
So getting a lot of people all over the place to edit their local neighborhoods. Well, when you have one or two people editing stuff everywhere for malicious purposes, it's hard to figure out intent. It's hard to figure out the good people from the bad people when everything they're doing looks the same.

Host (16:01.892)
Great.

Host (16:10.969)
Yeah.

Bryan (16:13.145)
So they, yeah, we had disagreements on that. Well, yeah, they had to make some changes. did, they got rid of Google Map Maker as this whole product backend editor. And I can't say it's all me, but some people who don't like me say it was me that that is the reason we can't have nice things. So, so sorry.

Host (16:15.183)
How has it evolved since then? Has Google made changes to make it a lot harder?

Host (16:32.099)
Mm.

Yes, because we break them, you know, even for a good intent, right, even for a humorous intent.

Bryan (16:42.316)
I'm not sorry if you built it badly and it got misused and you didn't prepare. An idiot like me shouldn't have been able to take down the whole system, is what I'm saying.

Host (16:44.772)
Yes.

Well, y-you know-

Host (16:52.683)
Right. Exactly. Well, and I think you raise a good issue that is a it's an inherent issue in cybersecurity right now. And that is just secure by design. Right. Like the the a lot of things come built for convenience and fun without any thought whatsoever to the risk to what would somebody with bad intent do for this or what would somebody for

for laughs want to do for this, right? Well, how would some, you know, unsupervised child go in and break this thing? Right. And, and

Bryan (17:28.812)
I have been referred to as an unsupervised child. That's a good description.

Host (17:31.435)
Not that you were. No, but you know what I mean. I mean, I mean, think about it like laptops when you get a laptop, it comes with like super admin privileges. Like you have to hone down these things and configure these things down so that they can be used what they're designed, like what they're actually going to be used for.

Bryan (17:49.922)
We all know like if you buy a laptop from Best Buy and you've got the super admin privileges on laptop, it's not Microsoft's fault if you don't set a password. It's not Microsoft or Dell's fault if you don't set things up properly. Using a car, like you forget to change the oil because you don't know what the symbol means.

Host (18:10.55)
Right. That's not the manufacturer's fault. Yep. That's exactly right. So the book lays out the, not exploit, but the vulnerability and all the different examples of the vulnerability.

Bryan (18:31.34)
Yeah, it doesn't lay all of it out, only because there's a lot of different exploits that are difficult to related to either the postal service or other third parties. there's too many variables to kind of say this is the only scenario in which this applies. It's like it's a million different ways you can kind of go. But the overarching problem is presented that way and working on. I think I'm working on at least one or two books.

concurrently, which is probably not the way to do it, but I can't get the ideas out of my head fast enough. One will be more on the mental health side of things related to more in my life and tech in general and stuff since about that time. And then another one's more like a how to guide for dealing with stalkers, protecting your family, that kind of stuff.

Host (19:08.504)
Good.

Host (19:13.944)
Yep, good.

Host (19:20.488)
very good. yeah. yeah, that's great. I mean, when you think about. Romance scams and pig butchering and a lot of the a lot of the, you know, online violence, the sextortion that goes on. It seems to me that AI and Deep Fakes have really accelerated that. What are you seeing? What are you finding?

about in stories that you're reading about or in experiences and guidance that you're providing.

Bryan (19:56.894)
One of my agents, a representative who books me for speeches, her daughter was on a trip to Mexico and she got a phone call that sounded like her daughter in a trunk of a car.

Host (20:11.723)
Yeah, saying that she was saying that she was what being held hostage.

Bryan (20:15.724)
being kidnapped and screaming and then the phone being passed to some dude. And that, I mean, she had to take a year off work and I mean, it's, but her daughter's fine. Like her daughter's at the hotel. Like they just knew she was traveling. So it's, it's OSINT, it's OPSAC, it's teaching your kids not to post. Like, okay, if you want to be an influencer, fine. Like you want to get free trips and travel so you can just take a few photos and so you can look cool on Instagram, fine.

but maybe delay it or at least know what the risks are. Right.

Host (20:46.432)
Right. Post it when you get back. Right. Post it when you get back. Not that, I'm going there next week. I'm going to be there from here to there. You're laying it all out for somebody.

Bryan (20:55.238)
Hey, here's the time period I will be away from my apartment for sure, so have at it. Because it's not that hard to find out where people live. And it's not hard to find out where they've moved to. And even when you've cleared maybe your current location, there's a path or a trail that you can follow.

Host (21:00.031)
Right. Yeah.

Host (21:06.741)
No, not at all.

Bryan (21:19.47)
Even when people become celebrities and sort of, they pay someone to wipe their stuff, they don't do a good job. You've got footprints in the snow.

Host (21:28.46)
Yep, absolutely. Let me ask you, is there anything that can be done or what should be done rather about data brokers and about, I mean, there's so much good that data brokers provide for businesses in terms of leads and interest and things people are searching for to identify the people that actually want your product or service at the time that they're looking, right? But

Bryan (21:52.238)
I don't I don't mind getting targeted advertisements. It's kind of helpful sometimes. And like you learn about new products. I definitely get annoyed when like I buy a toilet seat on Amazon and then I get like an ad for a toilet seat. I'm like, dude, I don't need more than one. I'm not collecting these. Maybe context. Right. Do not look up engagement rings. What's so you are going to.

Host (21:58.807)
There is a benefit. Yeah.

Host (22:08.683)
I know. It's not a collection, man. It's not stamps. It's not.

Host (22:17.978)
my.

Bryan (22:20.97)
or wedding dresses, you're gonna be bombarded for a very long time with ads.

Host (22:25.229)
Yeah. But what about the, mean, there's so many, like people, just don't think realize how much of their data, like I speak with business owners and individuals who are so shocked that people can find out like all the different places that they've lived and how long they've lived there and the people that they're affiliated with. And even a lot of the times the data is wrong. Like they have the wrong relatives affiliated with you or whatever, but it's all out there.

and they just kind of keep compiling, they connect A to B and everything that you have, because there are certain elements of public records that are out there. You know, there's real estate purchases or leases, whatever, right? And that's all public. And then there's, and then there's all the other aspects. But is there anything like that you see in the industry that either can be done, should be done or

There's initiatives because they try and curtail data brokers. just don't see how they get. I don't see how they ever get control over that. think it's too big and too decentralized.

Bryan (23:30.61)
I don't think that'll be solved until we solve lobbyists in general. We live in a country that values corporate America more than individuals or citizens. That's just a fact. Other countries have better privacy laws. You have the right to be forgotten. You can pull your data offline and you can get peace of mind that way. You have no rights to do that here. And

Host (23:34.622)
Right. Yeah. Good point.

Host (23:44.236)
Correct.

Host (23:55.596)
Hmm.

Bryan (24:00.254)
If wanting to do that, wanting to curtail data brokers, A, the data brokers are going to be pissed. That's their livelihood. I mean, I get that. But if you played video games as a kid, like Civilization or any these human progression sort of things, what we're doing or what we actively do is try to reverse progress at a certain point. Be like, we're not done with coal. We got to keep clean coal.

Host (24:08.051)
Right.

Bryan (24:29.612)
That's a marketing dude who just put the word clean in front of it. And suddenly people are like, well, then it must be fine. No, no, we're going backwards, idiots. We're not moving towards like the reason we have MRI machines is because of NASA. I know it's not a clear leap, but that's one of the things that kind of came out of it. There's lots of things like that. But if we don't keep progressing and we don't

Host (24:32.499)
Right. Right.

Host (24:54.059)
Mm-hmm.

Bryan (24:57.582)
get rid of things that aren't serving us, we're not going to be a superpower very long.

just plain and simple. There is no superpower out there that's been around and killing it for like a thousand years. They all had their, and then, and then, and then they fall.

Host (25:13.718)
They don't last long, that is for sure. I mean, when you think about so many people, especially those born here and raised here, especially in the digital age, right? They don't realize how young of a country we are and how fragile it is. And the analogies between the fall of Rome and the US, there's a lot. I mean, it's actually extremely fragile.

And I think your point is absolutely valid. So there's really no getting a handle around data brokers is there? mean, because so much of it seems to be used for good reasons, even if it's good. Yeah, legit. Yeah, good point. You're right. Yeah. If it's good for.

Bryan (25:52.674)
Yeah, mean, legit or let's call it legitimate.

Bryan (25:59.95)
I don't know if it does good. In the business context, it serves a purpose. I'm not saying they're evil. People who collect data on people who've gotten abortions, maybe those people suck a little bit. people who want to know, like, median income, people who visited this website or collect information, the information's out there. And people have agreed to

Host (26:02.346)
Yeah, that's good.

Host (26:06.666)
Right.

Host (26:15.857)
Yeah, exactly.

Bryan (26:29.624)
Terms and conditions way too many times to count. There's no way we're reading at all. It's going to be a while before we get. Yeah.

Host (26:32.978)
Yeah. Hey, let's talk about that. I wanted to ask you about that. I wanted to ask you about terms and conditions, because I think that is one of the I mean, we just saw the whole tick tock ban event happen where it was banned. Everybody was like up in arms and it was back up after an hour or so.

Bryan (26:51.214)
Whoever, someone's turning the crank on the propaganda calliope of just like, come on, spin, spin. Like it was bad and now it is good. And then I voted to get rid of it and then I'm the savior of it. And then China bad, America good. then you've, I've literally had friends come up to me going, I thought China was like a third world country. I'm like, yeah, I know.

Host (26:57.406)
Yeah. Yeah.

Host (27:08.298)
Right.

Bryan (27:19.886)
Because you guys have never left this country. I've spent most of my life out of it. And I'm walking around here like, what the hell is going on? It took us in Seattle years to build one train track that still sucks. And it's got like four trains that kind of go back and forth. And it just made it up to like the suburb area. One, one. And they share one train. It's not even like two side by side. They've got to wait for one of the station.

Host (27:23.924)
Right.

Right.

Host (27:44.073)
Yeah.

Bryan (27:50.474)
It took them so long to do it. then living in Tokyo, they're like building subways 300 meters below the city and they do it in a weekend and it's flawless. You're like, yeah, this is that's good. This sucks.

Host (27:50.501)
Wow.

Host (27:54.908)
Host (27:58.312)
Right. Yes.

Host (28:04.976)
That's progress. That's progress. Yeah, so the what I want to ask about terms and conditions is forget the risk of espionage or the national security. Just put a pin in that for a second. To me, I think a lot of people download apps and just accept the terms and conditions because that's the button you have to press in order to get the app right. And they don't realize

I had no eye. I've heard this so many times. I had no idea it's collecting all this other. Analytics and data from from from people right like it's collecting keystrokes on any app that you do when you download that app on your device.

Bryan (28:50.144)
A lot of them say a lot more than what they're actually probably even doing, but they're saving keystrokes for analytics. They're not selling your keystrokes or spine, but you got to think of like how big of a machine, whatever it is that you're joining. How many people are they really using? Like there's no way they're listening to all of our phone calls. Obviously we've got, you know, voice technology and AI to be able to do that for us now. It's pretty incredible, but.

Host (29:16.659)
Mm-hmm. Yep.

Bryan (29:19.32)
There are apps that are transparent about what they're doing and still come out being malicious. And then there's ones that aren't. Those are the ones that are really kind of scary. It's Chrome extensions that get put into the other Chrome store or updates to the Linux kernel that somebody slowly became. It's very difficult to find like embedded double agents.

Host (29:37.903)
A lot of a lot of issues with Chrome extensions, aren't there? There's so many.

Bryan (29:49.166)
if their goal is to do something simple and small after building a long term 10, 20, 30 year period of trust. I mean, you can be married for 30 years and then find out 30 years and one day into it. Oh, I'm a double agent. I don't really love you. I just got really good at pretending. And then that's a whole TV show. Like we're all entertained. How could that possibly be? Was there any clues? be like, they might not have been.

Host (29:57.331)
Hmm.

Bryan (30:18.466)
There's no way to know what's going on in someone's head and what the intent is behind something.

Host (30:22.203)
Yeah, and it's the same way in the code in those apps or in those Chrome extensions.

Bryan (30:29.486)
Yeah, a lot easier to hide. And it takes a lot of people a long time to investigate and discover these kinds of things. And the one Linux update that I saw on a YouTube video talking about it, there was some developer who noticed a spike in his CPU when he did an update. He saw an incremental increase. And he's that level of a nerd to know. And I say that as a fellow nerd.

Host (30:56.648)
Right.

Bryan (30:58.638)
Like he noticed the spike and was like, that's odd. I wonder if there's something here. And he went and traced it down and found a new contributor in GitHub. And like it turned into this whole thing. And like then these accounts disappeared and contributors disappeared because they were spies from somewhere. It could be Russia. It could be Antarctica. We don't know. Probably not there, but you know.

Host (31:08.55)
Wow.

Host (31:15.751)
Right. Right. Yeah. Yeah, it's it's it's really, really shocking. What's your what's your what's your view on? I'm I'm really curious about asking about the the development of a deep fakes and and how they're being leveraged to enhance social engineering. Right. Like.

Now you don't just get an email, you get an email followed by a calendar invite, and then you get on a Teams call or a Zoom call and the person that sent you the email is on there and they work for your organization and they look like them and they sound like them. I mean, like, what is like?

Bryan (31:58.286)
Thank you.

You're it's what I could even in even in scams or even getting robbed. can't get away from teams or Zoom like these like you're getting hope this hope this email finds you well. Like, no, you don't. No, you don't. Why do we always got to talk like this? But you're right. It's hard to detect defects. It's going to challenge responses.

Host (32:11.016)
Bryan (32:30.478)
Bryan (32:34.07)
I've tried, I watched videos with my son and we notice things that I've started to point out like AI does a really poor job of reading acronyms or abbreviations. So FBI is very difficult for them. They don't know how to deal with it. Little language things that don't make sense like aluminum and aluminium. One spelled differently because of how differently they want to pronounce it.

Host (32:46.663)
Correct.

Yes, right.

Host (33:01.84)
Right.

Bryan (33:02.934)
And you could say that from each side. It doesn't even really matter. The way British speak is not the same English vocabulary as the way Americans speak. And within America, it's a whole different ballgame, too. So if someone says they're from Milwaukee, you can expect a certain sound to come out of their face. But then if it sounds different, they better have a good explanation. Like, wow, you sound Australian. That doesn't make sense. Well, I grew up in Australia. All right, starts to make more sense.

Host (33:15.013)
Right. Different parts. Yep.

Host (33:22.789)
Right.

Right.

Right. Okay. Yeah.

Bryan (33:32.6)
But then if they don't know a city in Australia, maybe there's a problem. Like you're constantly going, this right? Is this real? Who is this person? If someone's

People aren't as brazen as I think people are used to, or they are in a different way. So someone can set up a Teams meeting, you see my face, but if my face isn't really me, then I'm sort of protected, like a VPN protecting an IP address, because you don't know who's contacting you and you want to protect yourself as a scammer.

Host (34:01.575)
Right.

Bryan (34:10.644)
You can detect that, but ultimately it's going to be download this, enter in your credentials here, give me access to something or send me your money. And all of those normal red flags lead to somehow taking your money, your Bitcoin, whatever. And it's pretty easy to avoid. So they come up with different ways of bait or threats. You either get carrot or you get stick.

Host (34:20.556)
All of those normal red flags that.

Right.

Host (34:36.08)
Mm-hmm. Yep.

Bryan (34:38.606)
I get emails today. I have, I had somebody who was collaborating on the stocking thing, who's an adult actress. And she had someone posting her information all over the place and helping her pull that sort of wrangle that down and a lot of harassment and death threats and types of things. So then a few months go by and I get, hear she gets an email and it's a

Like it's a Bitcoin related threat and I got one today about it, but it's this is one of the older ones. She gets one with her home, her house picture on it. And her address. And. She got suspicious because they said we have your webcam at home. Of you watching adult films. And she's like, wait.

Host (35:15.719)
Ugh. my.

Bryan (35:34.488)
What? Because she uses that to film content for OnlyFans. So they're threatening her with releasing videos of her naked. When she does that for a living and has no pro- like, you mean you guys want to advertise for me? Like, you guys are trying- you guys were wanting to do some of the work for me. What? What is this? Like, it didn't make any sense to her. like, you're-

Host (35:40.742)
Right.

Host (35:50.714)
Right.

Host (35:54.628)
Right. Yeah, it's like.

Bryan (36:03.63)
Yeah, it just didn't. It's it's a form filled thing. They fill in your city. You have no idea what I'm capable of in Linwood, Washington, and you need to send $2000 in Bitcoin. Well, if they had known where they sent that letter based on the house value or what the person made for a living, $2000 may be a big deal, may may not. I mean, it's going to the Hamptons. You could ask for more.

Host (36:04.228)
It's part of a campaign, right? It's, it's, it. Right.

Host (36:13.604)
Right.

Host (36:21.722)
Right.

Host (36:29.232)
may not be. Right.

Right, exactly. But they don't know because it's just part of a blind campaign, generally.

Bryan (36:37.038)
It's it's the premise of how much information about you do I have to know? before it freaks you out and Usually it's not much

Host (36:45.307)
Mm-hmm.

Host (36:49.74)
Amazing.

Bryan (36:50.134)
I ended up getting a gig talking about OSINT and doing a speech about it when the two directors of this venture capital firm got on a phone call and they're like, so what kind of stuff could you tell us? And I said, well, you are pretty competitive in long distance races, but you usually run at like the end of the weeks. But if you're on the road, you tend to run like three to five miles.

from your hotel, you do some weird little loop and then you come back, you stay at the same hotels when you travel. So you go into the same clients over and over again and you compete and you're pretty competitive with this guy who keeps beating you for some reason. I'm not really sure why and these 100 mile races. And and then the other guy said, well, you are you using the same bank that you did when you got your mortgage for your current home? He goes, yeah. And I'm like, well, they have really poor security in this way. You might want to pull your money out of there. But

Host (37:36.013)
Hmm.

Host (37:48.195)
my.

Bryan (37:50.518)
your wife is a registered Republican and you're an independent, does that cause any conflicts at home?

Host (37:55.415)
Yeah, what is Thanksgiving like at your house, right?

Bryan (37:58.208)
And he just said, huh, my wife's a very opinionated woman. And that's all he said. And I got the job. It was my favorite thing ever. It's like he didn't care that I found it. He was just like, yep, you're right.

Host (38:05.614)
Wow.

Host (38:14.031)
Yep. That's always amazing. Yeah, the amount of information that is. Obtainable through OSINT through open source intelligence is just remarkable.

Bryan (38:28.16)
And it's benefiting, people will try to spin it and be like, well, it's freedom of speech or it's free press or it's transparency.

Host (38:36.514)
I think it's a matter of expectation of privacy. I don't think people realize how much of it is out there.

Bryan (38:42.246)
Why don't we have a better expectation of privacy? I mean, I don't think it will change until there's a senator or multiple senators or congressmen get doxxed or something bad happens. But that was happening with Supreme Court justices and people on both sides of the aisle. And it still hasn't changed. So companies who control the regression or that type of money and that type of income source, they don't want anything to change.

Host (38:45.923)
Right.

Host (38:53.868)
right.

Host (39:00.558)
Right.

Host (39:05.485)
Mm-hmm.

Bryan (39:11.392)
If anything, they want to roll it back. They want to have more ability to do stuff without our consent.

Host (39:16.324)
Yeah, absolutely. Hey, the work you did, I saw that you did work with Mark Cuban and he said great things about you. You did work for John McAfee. What was it like to collaborate with those influential people?

Bryan (39:32.302)
Mark is a man of few words. He's fairly...

Host (39:35.03)
I guess very, very, very quiet, somber, somber person. Yes.

Bryan (39:39.512)
He's a fairly busy person. And it's interesting to watch his career progression. His brother and I are a lot closer. We both speak about addiction. I mean, not to throw him under the bus, but he wrote a book about being an addict. it's fairly good. Great speaker. Mark launched an app that was called

Host (39:54.818)
Hmm.

Host (39:58.221)
Yeah.

Bryan (40:08.044)
Cyber Dust back in the day. I don't remember. I think it just changed to Dust after a while. essentially, it was a way for your messages to disappear after a really preset amount of time. had been going through some lawsuit that was related to text messages that he realized once you've sent a text message, you don't own it anymore. You have no control over its existence, and people can use it against you. So create something that's more privacy focused. It was really cool.

Host (40:18.602)
okay.

Host (40:26.827)
Mm-hmm.

Bryan (40:34.542)
found some issues in the underlying architecture with my researcher friend Ben and Ended up contacting him through somebody who worked at that company indirectly and then told him about some of the stuff and I said well I know marks private emails this even though he lists this email on his On the billboard at Mavericks games if people want to email

But I know that his private email is this one and he probably doesn't want anyone to know about it, which is why I'm only telling you and I'm not posting it for the whole world. And he goes, well, are you trying to like blackmail him? I'm like, no, I just like want to say hi. And so I get an email and it was on my birthday that year and I get an email and he's like, so I heard you found some problems with Dustin's like, yes, sir. This is the other. And what occurred to me, I was like, well, Brian Krebs should want to write about this. So I end up calling.

calling him at that point, I'd already worked with him before. And I said, hey, Mark Cuban confirmed and hired me and my buddy Ben to work on his app. And I tracked his email down using this LinkedIn exploit along with something else using an iPhone and got his private email, which then told the CEO of Dust, who then introduced me to Mark and then Mark let us work on his app. And he goes, yeah, but no one's going to verify that. I can't prove that.

Host (41:57.09)
Huh?

Bryan (41:57.528)
based on screenshots. And I'm like, what if Mark told you? And he goes, well, yeah, but you're going to get a billionaire to email me? And I'm like, hold on a second. And so I emailed Mark. said, Brian Krebs wants to talk to you, but I wouldn't give him your email until you gave me permission. He goes, very good. Give it to him. And then he said something really nice, and Brian printed it. It was like, huh, whoa, whoa, what just happened?

Host (42:12.354)
There you go.

Host (42:18.786)
That's phenomenal. That's phenomenal. I love that. Yeah. Well, it just shows. Yeah, right. Right. So walk us through the the LinkedIn vulnerability that you found, or was it? Yeah, what was that? I mean, there've been so many issues, a lot of it is scraping of data. What is it correlating certain things?

Bryan (42:21.42)
It was amazing.

But it was like, he wanted something, he wanted something. There was no downside for either of them, and it just made sense.

Bryan (42:39.8)
That was so simple. I mean, not as smart as.

It's think of it like that. Think of it like the secret thing. So if you take a phone and you put in a bunch of made up email addresses, so you've got 100, and then you guessed.

Bryan (43:04.992)
Jimmy Kimmel at iCloud.com. Jimmy.Kimmel at iCloud.com. Jimmy.Kimmel at Gmail, at Hotmail, at Yahoo. Right.

Host (43:13.698)
Right, all the variables, right?

Bryan (43:17.644)
Right. every possible iteration, and you make a big list, you put them into your phone, and you upload them to a new LinkedIn account. When it says, we know that you have these connections in your phone, we'd like to match them up with ones that are on LinkedIn. So what it does is it matches the emails.

Host (43:38.804)
the different ones.

Bryan (43:40.267)
if they're real.

And you can kind of tell based on profile photos or whatever. But then you don't really know which one matched because it doesn't tell you whose email was signed in. So the only way you can do it is by waiting for the next screen to then say, hey, these contacts aren't on LinkedIn. Here's their emails in your list. Would you like us to email them on your behalf so that we can invite them to join? Because we assume that those are real contact info.

Host (43:51.242)
Right.

Host (44:09.523)
was an automation that was built into LinkedIn to build LinkedIn to build to get people to build it. yeah.

Bryan (44:13.122)
Yeah, yeah, So then all I did was subtract that list out of the current list, and now you're left over with all the, all right, he uses iCloud, he uses Gmail, and this spelling.

Host (44:24.904)
That's amazing. You know, and that's not even that's not even. It's not an exploit, it's not a vulnerable. Yeah. But that's so common, though, like there's so many. It's a really good example of like something was designed for convenience or designed for the developer to grow it by people's helping it out. And then you can see how it can be exploited because you can see how that could be done for for.

Bryan (44:29.58)
It's not an exploit, it's not a vulnerability, it's just a misuse.

Host (44:55.861)
bad purposes for another way of saying it, right? Interesting.

Bryan (45:00.716)
Right. And there's other apps that do the same thing. Facebook. So if you just build a whole bunch of contacts with a certain area code and just start systematically going through it, you can collect every Facebook profile that uses these numbers within a certain area. And then now you know which number probably has a person associated with it. There's a lot of different ways you can do it and gather intel. But yeah, that was a

Host (45:06.017)
Mm-hmm.

Host (45:10.465)
Sure.

Host (45:23.179)
Right.

Bryan (45:29.27)
a unique way of meeting people.

Host (45:32.094)
I can imagine. Yeah.

Bryan (45:34.038)
I mean, it's not recommended. It doesn't always go well or you just don't always meet the person or they don't believe the email that they got because they think you're scamming them. There was a big bond insurance company that thought I was trying to scam them and they're like, yeah, we thought he was really like trying to fish us or, you know, hold us for a ransom or trick us into clicking on a link. And so like, well, what about the voicemail he left that said

I'm not trying to send you some suspicious link. You don't have to open an email. You need to go to your own browser, type in your own website, and then remove one of the slashes from a thing and it'll do something unexpected. It's not magic. I'm not that good at computers where I can get that to happen from your own terminal. You don't have to touch anything. You don't have to believe anything I said. Just go do this thing. And they still thought I was trying to hack them.

Host (46:03.911)
Right.

Host (46:12.769)
Right.

Host (46:16.937)
Right.

Host (46:25.13)
Right.

Host (46:30.642)
You've you've come across that. mean, yeah, in our in our conversations, you've come across that quite a bit, right? Where you're genuinely trying to raise awareness and show people here you need to fix this. This is a problem you have and people don't believe you.

Bryan (46:30.648)
billions and billions and billions of dollars.

Bryan (46:40.649)
I might be taking...

Yeah, yeah, I might be finding the roundabout way to get diagnosed with autism. I was literally getting ADHD diagnosis waiting at my doctor's front desk and they put up a sign which was like, we're now offering OCD treatments, blah, blah, blah, blah, blah. I'm like, hey, there's a typo. crap, is that how they get you? That's how they get you.

Host (46:50.12)
It's OK. There's a lot of.

Host (47:06.752)
my god, that's hilarious.

Bryan (47:11.756)
I mean, that really happened. And they're like, we didn't notice that sign's been here for like six months. I'm like, no one noticed the typo? Except for me. Damn it. Like, it's not what you want.

Host (47:14.143)
I believe it.

Host (47:18.592)
There you go. That's hilarious. Hey, so let me ask you this as we're wrapping up. what if you had to give one piece of advice to users on the Internet? It's a general statement, obviously. But what what are some of the best advice that you give people like? Like there are some people that like hang their hats on passwords or MFA on everything or whatever. Like what do you?

Bryan (47:42.179)
Fine.

Bryan (47:47.822)
If you're looking for one specific thing, you're not going to find it. There's a good principle of finding a place to ask questions and then never stop asking questions. So like a Reddit forum, like NetSec, or I don't know where people, like Spiceworks communities, there's plenty of places to do that. And there are people willing to help. Like Blue Sky, there's probably a lot.

Host (47:51.964)
No, that's the way I am.

Host (47:59.943)
Right. I would agree with that. Completely.

Host (48:07.999)
Mm-hmm.

Bryan (48:16.16)
of people who've moved over there for whatever imaginary reason or not. For some reason, Twitter is problematic for whatever mysterious reason that is.

Host (48:18.857)
Yeah.

Host (48:27.578)
I am. I am.

Bryan (48:29.774)
Like the world is the world is bizarre right now, but it's gonna make really it's gonna make very good television

Host (48:33.807)
Yeah, it is this 50 years from now they will be looking at us and mocking us, you know. Yes, and they'll be like, these people were really dumb. So what so? Exactly. And why did they gain so much control?

Bryan (48:41.774)
sifting through the rubble with anthropologists.

Bryan (48:50.286)
What the hell's a Furby? It's like ancient cultures valued these beanie babies so highly. They wrote about them, they prized them, we don't know why. We're like, neither did we.

Host (49:06.291)
They identified as the whole thing, right? Unbelievable, unbelievable. What's on the horizon for you? What do you have coming up? I mean, you're working on two books.

Bryan (49:15.522)
Working on the book, yeah. Yeah, I was in a car accident a couple of months ago in the backseat of a car that rammed into somebody. And so I've been recovering from that. working on books, hopefully we'll have one, if not two done in the coming year and more speaking stuff. I think I'll be able to pull the trigger on launching more YouTube content, maybe doing podcasts.

Host (49:25.216)
that's not good.

Host (49:35.667)
That's great.

Bryan (49:43.596)
more just more podcasts with other people. I'm less like this by myself. It's a little harder to be Robin Williams all the time.

Host (49:45.951)
Great.

Host (49:52.061)
Right, yeah, it feeds on itself.

Bryan (49:53.944)
But this is one of my favorite things to do, so I wish I could get paid doing it.

Host (49:57.779)
Yeah, well, that's phenomenal. That's great. Well, we will have a link to your existing book and we encourage people to get it because it's really, really interesting just how it happened, how you came upon it, how like how you tried to explain it. It's it's it's actually very good. And then when when you get your other two things baked, I definitely want to hear. We'll definitely have you back.

Bryan (50:23.35)
I will definitely let you know.

Host (50:27.427)
you're always welcome here, but, definitely want to hear about them as you're developing them, both of them, like one is a more personal one, but it's one that resonates with a lot of people. And so I think that that would be very, very valuable. So awesome, man. Well, take care of yourself. Yep. And, always, always great to have you on. you're always welcome and, we will, we will talk to you soon. Thanks buddy.

Bryan (50:43.704)
Well, I appreciate that. Thanks, Tim. Looking forward to next time.

Bryan (50:55.736)
My pleasure. Stay safe, man.

Host (50:57.385)
See ya.

People on this episode

David Mauro

Host

Cyber Crime Junkies