delinea.com
Open in
urlscan Pro
199.60.103.14
Public Scan
Submitted URL: https://go.delinea.com/e3t/Ctc/I7+113/d2lz3704/VWl1_m8fSDLzVYqrCh10KbX0W52hptB59RfwMN8DGmDH5nR32W7Y9pgv6lZ3nWW4QtSb24vP...
Effective URL: https://delinea.com/events/podcasts/82-hacking-the-government-with-bryan-seely?utm_term=glbl_q1y24_delinea-podcast-4...
Submission: On February 22 via api from CA — Scanned from CA
Effective URL: https://delinea.com/events/podcasts/82-hacking-the-government-with-bryan-seely?utm_term=glbl_q1y24_delinea-podcast-4...
Submission: On February 22 via api from CA — Scanned from CA
Form analysis 1 forms found in the DOM
/search?searchString=&activeType=
<form action="/search?searchString=&activeType=">
<input type="text" id="site-search" class="hs-search-field__input" name="searchString" autocomplete="off" aria-label="Search" placeholder="">
<script nonce="">
// Add event listener for search button click
const el = document.querySelector('.header-links-search');
el.addEventListener("click", addFocus, false);
//add focus to search field once it displays
function addFocus() {
setTimeout(function() {
document.getElementById('site-search').focus()
}, 500)
}
</script>
<button aria-label="Search"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" width="24" height="16">
<title>Search</title>
<path fill="#fff"
d="M505 442.7L405.3 343c-4.5-4.5-10.6-7-17-7H372c27.6-35.3 44-79.7 44-128C416 93.1 322.9 0 208 0S0 93.1 0 208s93.1 208 208 208c48.3 0 92.7-16.4 128-44v16.3c0 6.4 2.5 12.5 7 17l99.7 99.7c9.4 9.4 24.6 9.4 33.9 0l28.3-28.3c9.4-9.4 9.4-24.6.1-34zM208 336c-70.7 0-128-57.2-128-128 0-70.7 57.2-128 128-128 70.7 0 128 57.2 128 128 0 70.7-57.2 128-128 128z">
</path>
</svg></button>
</form>Text Content
Skip to content
Services
Support
Contact
Blog
Search
Search
* Products
▼
* Protect Privileged Access
* Secret Server
Discover, manage, protect and audit privileged account access
* Privileged Behavior Analytics
Detect anomalies in privileged account behavior
* DevOps Secrets Vault
Manage credentials for applications, databases, CI/CD tools, and services
* Account Lifecycle Manager
Discover, secure, provision, and decommission service accounts
* Secure Endpoints and Devices
* Server PAM
Manage identities and policies on servers
* Privilege Manager
Workstation endpoint privilege management and application control
* Enable Remote Work
* Connection Manager
Monitor, record and control privileged sessions
* Remote Access Service
Secure remote access for vendors and third-parties
* Delinea Platform
* Delinea Platform
Seamlessly extend Privileged Access Management to provide just-in-time
access with easy, adaptive controls
View the Platform
* Solutions
▼
* By common security issue
* Audit and Compliance
* Incident Response
* IT Complexity
* Privileged Access
Management Maturity
* Remote Workforce /
Secure Remote Access
* Service Account Management
* Zero Trust / Least Privilege
* By industry or sector
* Cyber Insurance
* Education
* Energy & Utilities
* Financial Services
* Government
* Healthcare
* Telecommunications
* By role and responsibility
* Cybersecurity Management
* DevOps
* IT Management
* Resources
▼
* Resource 1
* All Resources
* Analyst Reports
* Case Studies
* Conferences
* Datasheets
* Demos
* eBooks
* Free Tools
* Glossary
* Resources 2
* Infographics
* Podcasts
* Product Documentation
* Solution Briefs
* Videos
* Webinars
* Whitepapers
* Trials
* Promo Panel
*
* Company
▼
* About Delinea
* Delinea Overview
Seamless privileged access without the excess
* Leadership
Meet the team at Delinea
* Board of Directors
Our strategic advisors
* Company News
Read the latest Delinea News
* Careers
Discover your possibilities
* Contact Us
Here to help you define the boundaries of access
* Why Delinea
* Why Delinea
Proven leader in Privileged Access Management
* Trust Center
We’ve got you covered
* In the Press
Read the latest Delinea Press
* Social
Spread the word about Delinea
* Customers
* Customers
We work to keep your business moving forward
* Partners
▼
* Partner Program
* Program Overview
Partnership options with Delinea
* Partnership Inquires
Become a Partner or get in touch to talk
* Partner Resources
* Register a Deal
For Reseller, Technology and Trusted
Advisory Partners
* Partner Portal
All the resources you need, in one place
* Find a Partner
* Partner Directory
Search our worldwide Partner Directory
* Strategic Partnerships
Implement and operationalize PAM programs
* Integrations Center
Making your privileged access goals a reality
* Free Trials
▼
* Trials 1
* Secret Server
Discover, manage, protect and audit privileged account access
* Account Lifecycle Manager
Discover, secure, provision, and decommission service accounts
* Privileged Behavior Analytics
Detect anomalies in privileged account behavior
* Trials 2
* Privilege Manager
Workstation endpoint privilege management and application control
* Server PAM
Manage identities and policies on servers
* DevOps Secrets Vault
Manage credentials for applications, databases, CI/CD tools, and services
* Trials 3
* All Trials
Try one of our PAM solutions free for 30 days
* All Tools
Free Privileged Account Security and Management Tools
* Request a Quote
We’re here to give you pricing when you’re ready
Delinea Events > Podcasts > Episode 82 -
Hacking the Government with Bryan Seely
Episode 82
HACKING THE GOVERNMENT WITH BRYAN SEELY
EPISODE SUMMARY
Bryan Seely joins us to talk about cybercrime and social engineering. Bryan is a
renowned public speaker and cybersecurity expert best known for hacking Google
Maps and intercepting calls to the FBI and Secret Service. Bryan’s journey has
seen him work with LinkedIn, Mark Cuban, and Secret.ly, as well as act as
Security Architect and CISO at various cybersecurity orgs. In this episode,
we’ll dive into how hackers mislead and manipulate their victims, and the
importance of enacting new cybersecurity laws.
Watch the video or scroll down to listen to the podcast:
Subscribe or listen now:
* Meet the Podcaster
* Full Transcript
Joseph Carson
Joseph is Chief Security Scientist and Advisory CISO at Delinea, an active
member of the cybersecurity community, and a frequent speaker at cybersecurity
events globally. He has 25+ years’ experience in Enterprise Security &
Infrastructure and is a Certified Information Systems Security Professional
(CISSP). Joe is also an adviser to several governments and cybersecurity
conferences. (ISC)² Information Security Leadership Award (ISLA:registered®)
Americas Winner 2018.
Hello from Cybrary and Delinea, and welcome to the show. If you've been enjoying
the Cybrary Podcast or 401 Access Denied, make sure to like, follow and,
subscribe so that you don't miss any future episodes. We'd love to hear from
you. Join the discussion by leaving us a comment or a view on your platform of
choice or emailing us at Podcast@Cybrary.it. From all of us at Cybrary and
Delinea, thank you and enjoy the show.
Joseph Carson:
Hello everyone. Welcome back to another episode of the 401 Access Denied
podcast. I'm the host for the episode today, Joe Carson, Chief Security
Scientist Advisory CISO at Delinea. It's a pleasure to be here and I'm really
excited. I always enjoy these times. This is my favorite time of the week is
when I get to have a fun conversation with an awesome guest. Today's guest is
Bryan Seely. I am glad to have Bryan on the show. Bryan, you want to give us a
bit about your background, what you do and maybe how you got into cybersecurity?
What was your entry point? I think that's also very interesting as well.
Bryan Seely:
Yeah. Hi, I'm Bryan. Thank you again for having me, Joe. It's good to see you
again. Let's see. I got into IT when I was about two years old. I had a computer
when I was like two. I started consulting. I lived in Tokyo in a community
around a private school in northwest Tokyo. I think I started getting paid
around middle school. While everyone else was learning how to talk to girls, I
was working on the computer. I think I missed that day at school. It's just been
computers the whole time. I ended up going into the Marine Corps into Signals
Intelligence and a very similar track to one of your other guests on the cyber
podcast, Dave Kennedy.
Joseph Carson:
Yeah, Dave. Yes.
Bryan Seely:
He ended up going much further along with the government services. But very,
very small community there.
Joseph Carson:
Absolutely. It's all well-connected. Everyone knows everybody.
Bryan Seely:
Yeah, lots of mutual connections. We're Marines, so it's a brotherhood. After
the Marine Corps, got into network. Took a course on CCNA and got some MCSE kind
of things all related to Link. Ended up in Seattle 10 years ago. Right around
the time I ended up wiretapping the Secret Service and the FBI without
permission.
Joseph Carson:
Yeah. Tell us a bit. That was probably an interesting moment. I think a lot of
our careers. Especially in mine as well, I've been doing it a long time, similar
to yourself. At school I was making money putting games on computers and then
the IT would take it off at night and I would put games in the next day. We
always got around. That was mostly to feed our passion. It was mostly to deal
with our curiosity. A lot of us had this curious, what can we do? What can we
achieve with this? At the time, it wasn't well documented in a lot of cases, it
was all self-learning and self-based.
Bryan Seely:
It could have been, but there was no internet. I had boxes of floppies that I'd
be cloning them and giving them to friends. Then we got zip discs. Oh my
goodness.
Joseph Carson:
Oh, zip discs. Yeah, they're fun. I've actually got a bunch of them in the back
here. A lot of old retro stuff. Even from me being originally from Belfast, I
had a lot of challenges even. There wasn't a lot of people in Belfast who was
into what I was doing. There was a very small group of us and we would have to
wait for the type in programs coming in the magazines that was really difficult
to get. I remember spending weeks typing in basic and trying to get things to
work and finding problems and so forth.
Bryan Seely:
You have the same problem I did then. I could go down to, there's an area in
Tokyo called Akihabara, which is the electric town. That's where all of the PC
software gets sold. You go there and it's every possible tech related novelty.
You can buy every kind of vacuum now and every thing. But it was Japanese OS,
not English. You'd have to either cope with brand new Japanese and if you
couldn't read the very complicated characters, you're screwed. You had this
language barrier and you couldn't get access to stuff. The internet was just
right around '95, '96 I got. We had a modem and then an ISDN and then a cable
modem. I remember, oh, I could get an MP3 in three minutes.
Joseph Carson:
Remember the little line ware, the things about trying to download things and
upload because the speeds were so slow. You would leave your computer connected
overnight just to try and get a couple of music files.
Bryan Seely:
line ware should now be renamed to patient zero.
Joseph Carson:
Watching those uploads and downloads, it was like watching grass grow. We must
have been the most patient people on this planet. You're mentioning about going
and getting documentation. You have the problem with having it in Japanese and
the characters. For me, one of the things I did was I spent all my childhood. I
never read fiction books, at a very young age. I wasn't reading the books that
you would typically get in an education. I was reading the fridge manual and
basic computer and commodore manuals. I was the manual person. It was a manual,
I would read it from cover to end.
Bryan Seely:
That's so cool.
Joseph Carson:
That was really work and you get into troubleshooting things.
Bryan Seely:
It might not be ideal from being popular or fitting in then, but you look back
now and you're like, why would I have even cared about fitting in anywhere in
that time period of life? Because now you've got a useful skill out of it.
Joseph Carson:
Absolutely. It's interesting because for me, there was always the game side of
things was the passion for me. That was what was the charge. It was the gaming
side, and it was always the goal to get the games. But in order to get there, I
had this curiosity of how could I feed that? How could I fund it and how could I
make it even better? You had to learn how the basics of everything as well. You
always get in those curiosities. Everyone has a certain segue in their life. If
we can elaborate, what took you to wiretapping the Secret Service? What was the
trigger? What made you get into doing that?
Bryan Seely:
The lead into that was, I had worked for a guy helping build a business. What I
thought was actually data entry on Google Maps, Yelp, any directory service that
has businesses overlaid on a map. Then we experience a lot of these same
problems in Amazon or other places where there's fake reviews. Anytime you can
get public opinion to look really good on something, but really it's just a
bunch of people with VPNs. Its bad guys find a way to game the system to dupe
consumers.
This is on such a broad scale. It's in every country. It's not just US isolated.
If you went on, let's say Bing Maps for example, and you've looked for a
locksmith. Locksmith was the primary problem area for a lot of these mapping
engines. Google's the biggest one. That's why I used them in this experiment
because I was trying to get them to solve the problem. I'm like, "Hey, you guys
have a really big issue here. People are faking the top 10 results and it looks
really, really good.
But they're not real." You call the number and it goes to a guy's cell phone or
it goes to another business name and it's a lead gen tactic. It starts off with
somebody who is, let's say a carpet cleaner. It's a business that does not have
people coming to you like a restaurant. You go to the customer. Whether it's a
consumer or a business. Now that guy decides to open up 10 offices around the
city, but he doesn't want to open 10 offices, he just wants 10 places.
He goes to UPS store, postal office box, something like that. Gets mail,
verifies his business, and now he has 10 phone numbers gathering calls and now
he's in the top 10, let's say four or five times for that region. That's
scenario one. Scenario two is, I don't even have a carpet cleaning business. I'm
going to go ahead and just create these all over the country, put them to a call
center. If I'm really clever, I can sell the phone calls to local carpet
cleaners, which if you really think about it, is stealing the calls from them to
sell them back to them at a higher price. If somebody ends up listening to this-
Joseph Carson:
It sounds like odds.
Bryan Seely:
... it's theft. It is. In addition to that, they'll have banner ads saying,
locksmith special, lockouts, $15. You click, you get a person. Whether you did
it through a web form or you called them or whatever, you mention the special,
they show up, they unlock your car, and then they ask for $200 or I'm going to
kick your ass. Or I'm going to steal your money. When I was doing research for
my book, it's not something I'm promoting, it's on Amazon. You can actually get
it for free on PDF from Bryan Krebs' website. If you look up my name, book,
Krebs on security, he published it for free at my request.
Joseph Carson:
Okay. We'll make sure that we can actually get it in the show notes as well.
Make sure it's easier for people to get to.
Bryan Seely:
The Krebs on security edition. Some woman from Google was locked out of her car
on campus. Found one of those ads, called it and got robbed. This is a really
big problem. But the lead gen one where you're not even actually servicing any
of the calls yourself and selling them back, I can see why it grows because it
works. People end up making tons of money and there's so many different
industries. I'm trying to end this and I'm wanting to get Google to fix it, but
they're not.
I'm like, how about I make some funny business listings to try to get some
attention to this? I put, let's see. I renamed a concentration camp in North
Korea, super mega fun time, happy land. It's a South Park joke. I renamed the
Westboro Baptist Church to not a adult toy store and sex dungeon. A lot of
different funny little pranks I would say. The Church of Scientology, stuff like
that. I think I made the Church of Scientology a comedy club and then I changed
the Russian Embassy in the UK to be a gay bar. Then took a picture that somebody
doesn't like of themself with a rainbow background. Used that as the cover
photo. I'm not allowed to go to Russia. Let's just put that...
Joseph Carson:
I'm pretty sure.
Bryan Seely:
But that didn't really get the problem solved. I thought, okay, humor isn't it.
Maybe if I could go a different direction instead of going after money, I could
pretend like I'm going after Intel. What if I were to duplicate a law firm and
get all their inbound calls? Or a campaign for a presidential candidate. Or a
congressman. What about law enforcement? That's when my brain thought, hey, what
about the Secret Service in DC and the FBI in San Francisco? That's when my
brain said, let's do that. I should have had another part of my brain that says,
you shouldn't do that.
Joseph Carson:
That's always the case. Because you're always looking for the biggest impact.
Because if you're in a point of time and you want people to listen and they're
not listening and no one's fixing the problem and you're saying this on a major
skill and you find that there's no way forward, sometimes the biggest impact is
the one that makes people turn their heads. It's the one that can be shocking.
Bryan Seely:
Yeah. I've told this story so many times. But when I hit a certain point in the
story where my brain goes, oh yeah, you remember this? It's like, oh, that's a
bad idea.
Joseph Carson:
You've got the two voices either side. One saying that will get people listening
and paying attention. One's going, you don't know what the potential consequence
of this might be.
Bryan Seely:
I set it all up and I flagged the Secret Service location. The real one in DC as
spam a bunch of times. Like putting on a bunch of fake reviews, but the
opposite, I wanted to take theirs down and make mine the default. It worked.
Joseph Carson:
Yeah, you're switching the priority of the page. Basically you're degrading them
from bad reviews and you're increasing yours from good reviews.
Bryan Seely:
Theirs ended up disappearing. Mine became the default when you searched Secret
Service, Washington DC. Immediately calls started coming in and I started
getting the recordings. Because I was taking the phone number that was on that
listing and forwarding it to the real Secret Service. Then I listened to two of
them and I was like, oh no, I got to call somebody. I called a friend, then I
called a couple other ones and they told me go to their office tomorrow and it's
Seattle.
There is a Secret Service office here. I walked in and told them. Well, they
told me to leave. They didn't believe me. I'm standing there with three agents
in a room. I'm like, "Okay, I just did the dumbest thing in the world. Came and
told you. You guys are just like, go, we'll get ahold of you if we have any
issues?" "Okay, I can prove it in less than five minutes. Just call the DC
office of the Secret Service right now from your cell phone.
Just call them and I'll deal with it. If I can't prove it, I'll leave. If I can,
you'll listen." Seems so stupid in retrospect. The guy picks up his phone, he
taps on it a few times. He talks to the guy on the other end. You can tell a
couple of things by this call. He knows that person personally. They've spoken
before. It's a small agency. Quick one minute phone call hangs up. I get a
notification on my phone. Would you like to listen to the campaign, new call to
the campaign, Secret Service?
Yes. I would. Click. Speaker. Then I played back and you hear ringing and you
hear guys like Secret Service. So cool. The guy's so cool. Now you hear both
voices and the other agents in the room who weren't on the call either they
heard it and I heard it. Then they lost their sense of humor completely. I lost
all my stuff. They handed me a form saying, "You understand your Miranda rights,
however you're not under arrest." For all the people, have you ever seen those
YouTube videos of people going, "Well, if I'm not under arrest, am I free to
go?"
Joseph Carson:
No. You're in quasi land, you're in this gray area.
Bryan Seely:
I found my way into this weird little world where they're like, "We'd love you
to come back to the guest suite for a few hours. We'd like to ask you the same
question a hundred times." I demonstrated how to build a listing five, six times
building new ones. It took a little while because they wouldn't let me on their
wifi.
Joseph Carson:
I wonder why.
Bryan Seely:
That resulted in the assistant to the deputy director is on the West coast, so
that's like number four in the organization. He actually is out of Seattle. He
called Google, yelled at them for a bit. They turned off map verifications for
two months. They ended up getting rid of MAPMAKER as a product, which is the
backend community editor. I ended up getting death threats from people for it,
which the Secret Service actually got removed.
Joseph Carson:
Where was the death threats coming from?
Bryan Seely:
Locksmith scammers. People who are building listings using the methods that I
showed them how to use.
Joseph Carson:
The ones who were basically getting away with the fraud side of things. The ones
who are creating their own ads for-
Bryan Seely:
Right. Now I've not seen many things get removed from the internet, let alone
quickly. But the death threats on this one forum were removed in 10 minutes.
Gone. You couldn't find them after one phone call. That's magic.
Joseph Carson:
I'm pretty sure government has a good, forget, was it, program that will search
the internet and make things disappear very quickly. I'm sure that that does
exist somewhere.
Bryan Seely:
Yeah, you get a phone call from them, you're like, okay, all right. That was
right after I got diagnosed with ADHD. I ended up getting clean and sober. There
was this whole world opening up in terms of my life got switched on. Because I
was getting medicated for the first time. Noticing and actually being able to
apply the fact that I was decent at solving puzzles. Maybe with a little bit of
a rebellious hacker attitude. That's what the community's taught me since then
is, you don't have to have a proficiency level score in anything to consider
yourself a hacker or a information security professional.
You have to have the challenge authority or challenge the way things have been
done to do things a different way and try it and actually do it. Because how
many people think, oh, that would be a great invention and then do nothing. It's
the people who are like, all right, well, I'm going to try it. Nope, try it
again. Nope. Try it again. Nope. Persist through.
Joseph Carson:
Yeah. Let's come back to that curiosity where you mentioned in the beginning.
When you're finding a way. Sometimes, as I mentioned that was the drive, a
passion, something else you want to do, you're always finding ways to make it
possible. That's the curiosity side. I think in majority, sometimes is this
misperception that we have on social media, on the internet for the security
world that-
Bryan Seely:
If you say hacker, it's negative.
Joseph Carson:
It's either a negative from a media or public side of things, it's a malicious.
Or that it's a certain skillset. But the hacker is such a broad term and it's a
mindset. It's really the curiosity. I think it's really, we have to get into
that. Majority of hackers are good people that's just curious about trying to
solve a problem. Are trying to do something that drives their passion or drives
their need for something. Either they just want to know how something works, so
they pull it apart and they try to understand how everything works and connects.
For me, it's a mindset.
Bryan Seely:
It can be as simple as the movie Idiocracy when he's in prison. He just turns
around and walks backwards and goes, "I was just in there" the guy's like, "All
right, get out of here." If I walked forwards, that's normal. If I walk
backwards facing forwards, what happens if I do that? Or challenge it this way.
Because adversaries don't think like normal people. Oh, I saw a podcast about
this, actually very recently. There was a CIA agent who's no longer with the CIA
saying, "I get along better with criminals than I do with normal people because
they understand everything I'm trying to do."
Like saying, "Hey, my name is Bob." Well, why would someone change their name?
People don't wrap their heads around it. The confidence to go along with that
could mean, all right, this guy's lying to me. Strippers do it every day. But
you change your name to however you're going to try to pretend to be something
for whatever reason, but it doesn't have to be criminal, it can just be an
exercise in social engineering or practice or whatever. But being able to do
that and think, well, why can't I do that? Why wouldn't I just go pretend to be
Bob for a day and introduce yourself and create a whole new life? It becomes
complicated and if you don't have a reason for it, it's silly. But the idea is,
criminals already think like that. If you can't think like them, they're going
to win every time.
Joseph Carson:
Absolutely. That's one of the things I always think is getting into that
mindset. The better we understand their mindset and techniques and their thought
process, the more we can make it more difficult to make it more challenging and
putting up things that basically turn them away to other targets or other
mechanisms. Absolutely. I think it's really important. That's something that we
have to get into is that this is, as you mentioned, the social engineering side
of things.
They create different personas based on what they want to be that day. Everyone
who's doing social engineering is looking, whether it being in the physical pen
testing or digital pen testing online, they're creating those personas that will
basically get them closer to the people they're going to interact with. They're
going to have those conversations so they can actually be accepted much faster.
Be accepted as one of them.
Bryan Seely:
The practice of trying to think like a bad hacker isn't something new and law
enforcement does it every day with undercover operations. But in order to get
accepted in undercover, it's not just a digital identity. You got to look the
part. You got to grow your hair or cut your hair or grow a beard or shave your
beard. You got to do a whole bunch of extra physical stuff and that's effort.
Then you got to get good at lying to people in person. It's significantly easier
to lie on the internet.
Joseph Carson:
When you've got someone normally I think people have. That's one of the problems
of course in social media, people. They feel, because there's no direct
connection to them, they feel it much easier. There's less, let's say-
Bryan Seely:
Exposure. Yeah. You're not out in the sun like, come and get me. It's for like-
Joseph Carson:
In the social world and online, the ethics like somewhat can disappears a little
bit for a lot of people.
Bryan Seely:
There's out of sight, out of mind disconnect. It's just a game.
Joseph Carson:
The reality of the impact. They see it potentially is little harm can be done as
a result of it. But in a lot of cases actually the online can be somewhat more
harmful to a lot of people as well. After you went in and you revealed and you
showed the boys, what was the next stages going through that process to-?
Bryan Seely:
There wasn't a lot extra. It was about four hours in a holding room and board.
But after that, they're like, "Well, we don't see any criminal intent. You came
to us first." That's definitely an anomaly that it fits with responsible
disclosure. However, it's not a gamble that you should take. For anybody who
ever has a responsible disclosure question of how should I go about this? I've
had circumstances where I've reported a bug to a company or found something that
was so devastating live.
One of which one of those things was the largest bond insurance company in the
US. I found bank accounts, records that had $15 billion in them throughout
different accounts. All you had to do was, there was a form online in there. You
deleted a slash out of a URL and it gave you admin access without a username or
a password. It wasn't breaking any laws. It was a SEV 10 CVE from two years
prior that never got patched because there aren't a lot of Oracle experts.
There aren't enough people and they're expensive, so these organizations didn't
hire them to patch their stuff. If you faxed in the form with a new name saying
add this person as an account manager, if the burden of the authentication
process was, does this person have the phone number and the form? If you do,
then they're just going to add it. I could have taken enough money to go to the
moon. I'm pretty sure the extradition treaty's fairly weak with the moon. I
would've had a lot of money, but they didn't answer.
Joseph Carson:
Very expensive to they get somebody from the moon as well.
Bryan Seely:
I had to get Krebs involved and he ended up calling them and putting an article
up. At which point they're like, "Oh, well we thought he was trying to phish
us." The message where it says, I'm not trying to phish you, I'm not trying to
send you any links. Go to these places, delete this. Explaining it as easy as
possible. I don't want any money, fix your problem. They didn't. It's not always
according to plan.
Joseph Carson:
Absolutely. I think at least the good things in recent years is that at least
the laws around the computer misuse act is actually improving. It's getting
better. Previously, even if your motives were in the right intentions, you could
still be very harshly criminalized. It has been getting better to now it's where
it depends on the motive. But you have to prove the motive in order to make sure
that was your motive for good intentions.
The laws are getting better and the responsible disclosure is getting much
better. A lot of organizations are moving that direction where they're willing
to get on the side of security researchers and ethical hackers and work together
in order to make the world a safer place. But of course there is a lot of
organizations which are very, let's say old school and they're not willing to
change and they still do the old methods.
Bryan Seely:
Those are the ones that are going to cover up a breach instead of disclosing it
and actually doing the right thing.
Joseph Carson:
Absolutely. Those are the ones that's going to pay it off. They're going to pay
the ransom. They're going to pay the attackers and ultimately fund the crimes in
this.
Bryan Seely:
That would be an uber mistake if I were to guess.
Joseph Carson:
Absolutely. After that happened, did you find a new path in your journey
eventually?
Bryan Seely:
A bit, yeah. I was still working as a high level systems engineer. It definitely
moved towards more public speaking. I got a TED Talk out of it and was able to
start realizing like, oh, I like educating people. I like explaining stuff to
people. I've spent my whole life on the fly, speaking English at a different
proficiency level depending on where I live or who I'm talking to. If I'm
talking to people in Saudi Arabia, I'm not going to speak as fast.
I'm going to enunciate better. If I'm back in Japan, same thing. It's wanting to
convey the message in a vocabulary set at a level that everyone understands
rather than, you need to adapt to me. I want to make this interesting for
people. I've always had a draw to standup comedy, and I did open mic stuff for a
couple of years prior to getting famous for the Secret Service thing. Which was
like, damn it, I wanted to be a famous standup, not this.
Joseph Carson:
Well, it's funny, the friends of mine in the same industry that quite a few of
them actually go to do standup. A while back we had Ian Murphy on, whose one of
my favorite guys from Liverpool. Even though we have a conflict, I'm United
States supporter, he's a Liverpool supporter. We have that conflict. But I
always find that he also does standup. He does these cyber house parties and
stuff. I think it's great because having that comedy, bringing comedy.
We need more comedy in our industry. Because it is a very scary frightful
industry. I'm always talking about, we need to bring the fun back in. We need to
bring some of those pranks that we used to do years ago. I find that the pranks
have disappeared in this industry. A lot of it from the legal side, and it's
more visible.
Bryan Seely:
There's been a lot of boring just everywhere. If you take yourself too seriously
for too long, you're living in a world that's not one you want to live in. Even
hiding stuff in code or finding clever ways to say something-
Joseph Carson:
Comments.
Bryan Seely:
... inappropriate or immature. For example, my logo on here is BS. It's my
initials, but that's the logo on my business card and it's a hundred percent BS.
Joseph Carson:
It's memorable.
Bryan Seely:
Is what I tell people.
Joseph Carson:
It's definitely memorable statement and people won't forget it.
Bryan Seely:
Everyone laughs. Everyone knows what it means. But we all have to be in button
up and we all have to be proper and professional so that if I'm more
professional than this person, then I'm better than this person. It becomes this
competitive thing. I don't like that at all. I don't want anyone to feel like
information security or the hacking community is a meritocracy where you only
earn your way in and then you have to try to be better than people. It's more
like, come in here solving problems and having fun. If you say you're here,
you're here. You're not less than. You don't have to keep earning it.
Joseph Carson:
Yep, absolutely. I think a lot of people, those who are doing the research, they
do love the pranks. They do love to enjoy and bring the fun as much as possible.
I remember years ago, one of the developers I worked with, he used to put in the
error codes. The error code messages were hilarious.
Bryan Seely:
That's my favorite.
Joseph Carson:
Anytime something came up with an error code, there was some comical statement
around it. Like a joke saying we're sorry you came to this point and just some
comedy statement.
Bryan Seely:
But if you had to sit down and write out error codes, let's say that's your task
for the next two hours. If you made one of them funny, you're like, I wonder if
I could make the rest of them funny. That two hours just turned into a whole
bunch of fun. Instead of ugh.
Joseph Carson:
I felt bad. Years ago there was a period where there was a lot of pranks and fun
happening. I remember it was one of the guys I worked with. What we ended up
doing was, that was a time where you could turn a monitor upside down and it
didn't look anything different. Then you would take a screenshot of the
background and you would hide all the icons and turn the screenshot upside down.
All of a sudden, so that person came to the computer and every time they moved
the mouse, it would go in the opposite direction.
Bryan Seely:
It's so disorienting.
Joseph Carson:
Just watching that, it was the funnest part of the day. It was enjoyable. I
think that's what I enjoy. I think definitely we need more comedy in this. We
need more people who's doing standup and bringing some of those fun back in.
Something absolutely-
Bryan Seely:
If you think about it, if I have a task that I'm trying to learn, there's not
many things I won't try to learn in that process to solve the goal. If I need to
learn a few words of French, oh, well. [foreign language 00:33:48]. I'll learn
French. That's not a barrier. If I wanted to learn how to flip the monitor
upside down after taking a screenshot with all the icons and then hiding all the
icons, so now you've got a screenshot that has icons, but none of them are
clickable. If I need to learn how to do that, you better believe I'm going to
learn it and I'll remember it way easier than if it was a task on just a to-do
list. It's something you have to get through.
Joseph Carson:
The other one was the fantastic blue screen screensaver. That was a fun one. You
used to disconnect the mouse and you'll let the blue screensaver go on and the
codes would change every minute or two.
Bryan Seely:
There's a fun security application for stuff like this that I'm going to be
doing a demo for some clients.
Joseph Carson:
The bad USB is it?
Bryan Seely:
Yeah, this is the OMG cable by Hack five. The MG developed it, and that guy,
bravo. Bravo.
Joseph Carson:
He really changed a lot of some of the industry things. Especially people
getting any type of USB device. You never know what that cable's going to be
capable of and really drove this whole data port blocking.
Bryan Seely:
Even experts like us wouldn't think that there's a web server in one of the ends
of this. You don't even have to plug both ends in for the bad USB to be active,
for a keylogger to be active, for me to be sniffing all of the keystrokes. It
looks completely stocked. What I'm doing for a demo, which is, it's a different
exercise. Because A, all the devices in the audience are not mine. I can't
really do anything like exfiltrate all their contacts to a Dropbox to show them
that it's possible because they might have feelings about that. Instead, it's
using my own device to rick roll myself while an audience member's holding it.
Joseph Carson:
Yeah. That's always great fun. I remember years ago I did one where basically I
hosted my own web, basically wifi access point. Just giving people free wifi and
people would connect to it. I had a little basically acceptable use clause. But
what I ended up doing was, I was saving all of the advertisement images that was
being fed back to the browser. Of course that's based on advertising
preferences. What I did at the end of the day.
I took all of those advertising images and I just went through my session just
one by one showing all the images that were displayed back in their browsers as
advertisements. It was hilarious. It was harmless things. It was like people
looking for hotels. People looking for car rentals, books, vacations. People
were doing online educational searches. But then there was a lot of interesting
images that eventually came up facing some people's interesting browsing habits.
It was a fun exercise. The shock that people had about what data you can gather
by just basically capturing some simple traffic. Because a lot of the data was
encrypted, but you could still see the external source images. You couldn't read
their emails, but I could see what advertisement was being fed back based on
their advertisement preferences. A lot of fun.
Bryan Seely:
The barrier to entry for that and the knowledge is fairly low. You could get a
wifi pineapple. You could go do war driving. You could go do a lot of different
things, and that's all doable in real life. Bad guys or a good guy could become
a bad guy and do a lot of that stuff very easily.
Joseph Carson:
Absolutely. There's the low level entry side. But there's also even when you're
into things like RFIDs, that can get a quite expensive hobby, even a hardware. I
remember having Paulino the guys on with Beau Woods and the hardware hacking.
That can be an expensive hobby when you get into that side. Even the Joe Grand
side of things, that's level expensive when you're talking about the telescopes
and doing basically.
Bryan Seely:
Oh yeah, goodness. But some of the research that comes out of that, we're able
to get encryption keys from the air gap computer using wifi sonography. You're
like, all right, dude, you need a hobby.
Joseph Carson:
Just waving an electronic brush over to the chips to change pitch.
Bryan Seely:
Dude, that's a wand and you're a wizard, man. That's magic. It is. But those
people advance things and that's what we need a lot of.
Joseph Carson:
The eye-opener. It really shows you when you get into the bits and the binaries,
what you can extract. I've got a question. One thing was interesting you
mentioned earlier was about ADHD. What is it like working in this industry?
Because I know it's a big topic as well. Especially, I have a lot of peers who
even just recently diagnosed with ADHD. It really can also highlight that I
think it's the industry that attracts those who are able to focus and pay
attention to detail for long periods of time. What would you recommend for
people who did discover recently that they had ADHD, what would it be? Is there
anything that they should avoid in the industry or anything that they should
more focus on? What would be some of the recommendations for those who do have
ADHD?
Bryan Seely:
I would go on YouTube and look up Dr. Barkley. He is one of the leading experts
on ADHD. For me, I have kids and both of them have it. Both of them have a
different subtype. There isn't ADD anymore. It's ADHD. There are two subtypes,
inattentive and driven by a motor, essentially. My eight-year-old son who's just
constantly-
Joseph Carson:
Fidgeting and changing.
Bryan Seely:
That kid is just, it's impossible to nail him down. He's driven by a motor. Now
my daughter, she is, it looks a lot like depression. I'm inattentive as well.
The number one way to deal with ADHD is to medicate and then do behavioral
therapy. Without the medication, whether it's a stimulant or non-stimulant, CBT,
cognitive behavioral therapy doesn't work. It's like trying to will yourself
through a brick wall. It just doesn't work.
It's like a combination of negative emotions and the difference between
believing it's possible, and I don't even care if my house is on fire. You can't
get the motivation unless something extreme happens like someone's hitting you
or someone's stealing your stuff. It's really frustrating. But once you start
getting medicated properly and you're on the right dosage. It can take a little
while to get the dosage right. You start off at a instant release or an extended
release, whatever.
I encourage people, if someone's telling you not to take medications, that's a
belief that they have for them. That's for them. I also don't drink. I don't
drink alcohol and I don't like broccoli. Now if I go to dinner and they order
broccoli and a beer and a burger and I order something else and I have a Red
Bull, they're like, "Oh, you don't mind if I drink, do you?" I'm like, "No, why
would I?" I don't like broccoli either.
Don't make me eat that. I'm not going to have the alcohol. I'm not going to have
the broccoli or Brussels sprouts. Those are the things I just don't like. But
the alcohol is the one thing that the people have a problem with or think that
I'll have a problem with. Maybe out of courtesy or being respectful. ADHD, a lot
of people have a lot of opinions and none of them matter. Your doctor matters.
Your mentor or maybe advisor or your family who you trust, that's who you should
listen to.
Start with Dr. Barkley lectures on it. He talks about it helping parents deal
with kids or for yourself. It was like switching on a light switch. I went from
not reading books for 10 years. Off and on I was a homeless drug addict twice in
my twenties. To writing a book and having a career and being a single parent of
my kids and a complete life turnaround. That was one of the biggest changes. It
was night and day.
Joseph Carson:
Is there any specific area that you find that you enjoy in the security industry
that your ADHD benefits with or can you can actually relate with? Is there
specific connect?
Bryan Seely:
One thing I like to say is I don't do well when there's only a thousand or 2000
RPMs on the gauge. If my brain's engine is only running at just idle, it's hard
to get momentum. I try to listen to music that doesn't have lyrics or it's in a
language I don't understand because now it's not processing in my brain.
Joseph Carson:
It's revving up the brain cycle.
Bryan Seely:
If I listen to EDM, I'll listen to techno, I'll listen to stuff with bass in it.
Something that starts to build and could have 45 minutes. Sometimes it's a DJ
set. Whatever I can do to just all right, start getting in the groove. Because I
don't like getting interrupted. Changing tasks is really hard for people with
ADHD. It takes a while to learn that. Hyper focus is a symptom, meaning you
focus really well on one thing and then abandon everything else. But if you're
not into something, it's so hard.
Joseph Carson:
It's just getting the motivation and the acceleration.
Bryan Seely:
The trick is what we were talking about earlier is finding a way to gamify it or
make it fun, then it's a whole different thing. If you're making fun of stuff or
you're finding ways to get your job done while goofing off with your friends,
it's not a chore anymore. But if it's work and it's supposed to be work and it's
not supposed to be enjoyable, oh, good luck.
Joseph Carson:
Yeah, we definitely need to do more gamification that make it fun. I'm
definitely for that. Of course, you're always doing a lot of speaking
engagements since you are doing usually a lot of keynotes. Is there any places
you're going to be in the near future where the audience might be able to catch
you at? Is there any upcoming speaking where you're going to be able to-
Bryan Seely:
A lot of them are private. I will be almost for sure in Austin in September for
Spice World.
Joseph Carson:
Okay, for Spice World, yeah.
Bryan Seely:
That should have some, whether you remember, I don't know how the availability
of the tickets go. People can always reach out to me on LinkedIn or on Twitter
while we still have it, I guess.
Joseph Carson:
I'm confused with this new logo of some, was it like a woof or something, a dog?
Bryan Seely:
I'll look in six months when things finally calm down. But yeah, I'm on LinkedIn
a lot. My website is bryanseely.com. You can find me there.
Joseph Carson:
We'll make sure that from a social, we'll get all those links in the show notes
as well.
Bryan Seely:
I do a lot of private events where a company will pay me to speak internally or
speak at their whatever, conference. Sometimes I've spoken at RSA, I was there
for VMware once. They paid me to speak at an event. Let's see, I'm in Luxembourg
in June. At the end of June, I'll be in Luxembourg for four days.
Joseph Carson:
We do have an international audience.
Bryan Seely:
The IT gala. There's an IT gala where there's like CISO or CIO awards. I'll be
the keynote there. Yeah, it's hit or miss sometimes. There's a few places in the
US in the next month or two, but those are all private events, I think.
Joseph Carson:
Okay, fantastic. But for even the audience, you're looking to get Bryan to come
to your events, we'll make sure that you have the excess as well. Maybe you're
not attending event, but maybe you're looking for someone to speak and somebody
to come along. We'll definitely make that connection for you. Bryan, it's been
fantastic having you on the show.
Bryan Seely:
Oh, it's been an honor. Thanks.
Joseph Carson:
We're always learning a lot. It's been a long time since we spoke, so it's
really great to catch up again. Any final thoughts of anything you would like to
leave the audience with? As some key takeaways or something that they would find
it to maybe improve from their speaking? Or their passion or how to get their
motivation going?
Bryan Seely:
If anyone's trying to keep you from moving up levels in IT security or creating
artificial barriers or being a gateway type person, you don't need their
opinion. Those aren't the collective community. For anyone trying to get into
IT, remember that every single person on earth learned how to tie their shoe
from someone else. Not a single person here invented tying their shoes. They
read a book before you did. They didn't write the book.
It doesn't make them better than you. It doesn't make them more capable. You'd
be surprised at what you can actually accomplish. If you take care of yourself
and you just give a crap. There are people like myself and others who actually
care about mentoring other people and answering questions and being helpful.
It's not like high school where people are bullying you or pranking you or it's
a setup and elaborate trap to make you humiliate people. There are really good
people in this industry. A couple of people I noticed were on the cyber podcast
like Lance James. Love that guy. I co-founded Black Hat and Riyadh, he came as a
speaker last year.
Joseph Carson:
Yeah, Black Hat and Riyad was, I saw a lot of speakers that was going, it was
impressive. I would love to get to go myself.
Bryan Seely:
You want to?
Joseph Carson:
I would love to, absolutely.
Bryan Seely:
I'm not saying I co-founded it because I'm trying to blow smoke. I actually
co-founded the conference.
Joseph Carson:
No, it's completely impressive. A lot of my peers who were there, were sharing a
lot of their experiences. For me, I've been there quite a few times over the
past. I just thought the Black Hat, the show that they put on was impressive.
The speakers they've brought in.
Bryan Seely:
I don't even know how to explain it. I was sitting in the green room at the very
first one, it was actually called Ad Hack. Bruce Schneider and I brainstormed on
a topic and he actually gave me a speech idea. The title and gave me a bunch of
really good advice. I'm like, I'm sitting with Bruce Schneider. What is going
on.?
Joseph Carson:
Absolutely. Bruce is amazing. Amazing dog.
Bryan Seely:
I'll get you in touch with him, Joe.
Joseph Carson:
Absolutely. That'd be fantastic. Again, many thanks for being on the show. It's
fantastic to have you. We'll definitely make sure that all of the links and show
notes that we'll make sure we're available for the audience. Again, for the
audience, Bryan brought up an important point that just reminded me. A book that
I read quite a few years ago now was called, It's The Way of the Superior Man. I
definitely recommend reading it. It's about how to prioritize your life.
Bryan brought up an important point about when you have barriers that's in your
way, that it's always important that you can't take care of anyone else until
you take care of yourself first. That's the most important thing, is that you're
the most important priority. Always make sure that before you try to help
others, that you're helping yourself first. Put time aside for yourself. Put
time aside for yourself for learning, for progressing your career, for enjoying
life.
That's the best way that you can do in order to progress further. The Way of the
Superior Man will definitely put it in. It was an impressive read for me. It
really helped me make a lot of changes in my life in order to make sure that
you're the most important and take care of yourself first. For everyone, again,
thanks for tuning in. Tune into the 401 Access Denied podcast. Every two weeks
we'll bring in great speakers, thought leadership to really help provide you a
direction. To really help get you all the information you need to make sure that
you're on the right track and getting all the information to help you ultimately
make the world a safer place. Again, thank you. Tune in every two weeks. All the
best and take care. Stay safe.
OTHER EPISODES YOU MIGHT LIKE
HACK THE COMMUNITY WITH PHIL WYLIE
Phil Wylie, author of "The Pentester Blueprint," joins the 401 Access Denied
crew to discuss...
DECENTRALIZED CENTRALIZED PERIMETER SECURITY WITH BRIAN HONAN
As cybersecurity continues to evolve year after year, how have businesses
learned to adapt? Joe...
THE BEST OF RSAC & CYBERSECURITY STRATEGIES WITH BOB BURNS
The RSA Conference is an annual cybersecurity conference that brings together
experts and...
Blog
Login
Contact Us
Follow us on LinkedIn Follow us on Twitter Follow us on Facebook Subscribe on
YouTube Subscribe on YouTube
* Products
* Account Lifecycle Manager
* Connection Manager
* Delinea Platform
* DevOps Secrets Vault
* Privilege Manager
* Privileged Behavior Analytics
* Remote Access Service
* Secret Server
* Server PAM
* Solutions
* Audit & Compliance
* Incident Response
* IT Complexity
* Privileged Access Management Maturity
* Remote Workforce
* Service Account Management
* Zero Trust / Least Privilege
* Cyber Insurance
* Education
* Energy & Utilities
* Financial Services
* Government
* Healthcare
* Telecommunications
* Cybersecurity Management
* DevOps
* IT Management
* Services
* Professional
* Training
* Support
* Get Support
* Find Help
* Partners
* Program Overview
* Partner Directory
* Partner Portal
* Partnership Inquiries
* Register a Deal
* Strategic Partnerships
* Resources
* Analyst Reports
* Case Studies
* Datasheets
* Demos
* eBooks
* Free Tools
* Infographics
* Product Documentation
* Solutions Briefs
* Trials
* Videos
* White Papers
* Company
* About Delinea
* Why Delinea
* Contact Us
* Customers
* Careers
* News
* Trust Center
* Delinea Social
* Legal
© 2024 Copyright Delinea.
Privacy PolicyTerms of UseMSLASitemapYour Privacy Choices
Your Opt Out Preference Signal is Honored
PRIVACY PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
Cookie Policy
Allow All
MANAGE CONSENT PREFERENCES
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Cookies Details
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Cookies Details
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Cookies Details
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
Cookies Details
Back Button
COOKIE LIST
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Reject All Confirm My Choices