#164 Mike Grover - How Hacking Tools Are Changing Cyber Warfare - The Shawn Ryan Show

Summary6 min read

Shawn Ryan Show Episode #164: Mike Grover - How Hacking Tools Are Changing Cyber Warfare

Release Date: January 29, 2025

Introduction

In episode #164 of the "Shawn Ryan Show," host Shawn Ryan welcomes cybersecurity expert and entrepreneur Mike Grover. With a rich background as a hacker, Red teamer, security researcher, and educator, Grover delves into the evolving landscape of cyber warfare, focusing on innovative hacking tools like the OMG Cable and the implications of hardware implants in modern cybersecurity.

Guest Background

Shawn Ryan initiates the conversation by highlighting Mike Grover's multifaceted career:

"Mike Grover, AKA mg. You're a hacker, Red teamer, entrepreneur, artist, security researcher and educator... The most well known hardware design is the OMG cable, a malicious USB cable."
(01:23)

Mike Grover responds by recounting his journey from a help desk technician to a cybersecurity innovator, emphasizing his passion for understanding both technical and human aspects of security.

Hacking Techniques and Red Team Operations

Red Teaming Explained

Grover differentiates Red Team operations from traditional penetration testing:

"Red teaming... is repeating exactly the entire chain. It's often called a kill chain, where you're connecting all of these different vulnerabilities to go from completely outside to completely... to the crown jewels."
(12:19)

He elaborates on how Red Teaming not only identifies vulnerabilities but also tests an organization's response to sophisticated attacks, akin to being "punched in the face" (13:46).

Common Hacker Tricks

When asked about simple tricks hackers use:

"Just ask them, ask them for access granted... you pretend to be somebody you're not. Like, I'm your IT department... at that point you've got their password."
(04:19)

Grover underscores the prevalence and effectiveness of social engineering in compromising security.

Evolution of Hacking Tools

From Exploding USBs to the OMG Cable

Grover shares his early experiments with hardware hacks, including an exploding USB drive designed as a prank:

"When you plug the cable in, it does the keystrokes automatically to open Chrome, login, and execute commands... It's a way to inject malware via keystrokes."
(116:19)

This led to the development of the OMG Cable—a covert USB cable capable of remote access and keystroke injection without raising immediate suspicion.

Notable Innovations

Grover discusses the challenges and breakthroughs in miniaturizing components for the OMG Cable:

"It was $100 drill press at the time. You just do like cross drilling through all different directions... Every time I want to do a run of an A layer PCB, six layer PCB is a minimum $1,000."
(97:28)

He highlights the meticulous engineering required to embed advanced functionalities into seemingly innocuous hardware.

Hardware Implants and Cyber Warfare

Capabilities and Uses

Grover delves into the functionalities of hardware implants like the OMG Cable:

"When you plug it into a computer, it's primarily targeting laptops and desktops. It emulates a keyboard and types really fast... It's designed to infiltrate secure environments without detection."
(112:12)

He explains how such tools can bypass traditional security measures by masquerading as everyday peripherals, facilitating unauthorized access and data exfiltration.

Government and Corporate Implications

Discussing the potential misuse of hardware implants, Grover raises concerns about national security:

"If you're thinking about, like real politics and participating, the creation is amazing to me... It's hard to revoke them."
(80:48)

He reflects on historical instances like the Israeli pager bombings and the Stuxnet virus, illustrating the profound impact of hardware-based cyber attacks.

Building and Scaling a Cybersecurity Business

Manufacturing Challenges

Grover outlines the complexities of producing sophisticated hacking tools:

"I was throwing away 50% of what I made... Spent a lot of time playing with that... Getting the precision right was crucial."
(100:55)

He emphasizes the necessity of outsourcing manufacturing to scale production while maintaining quality and reliability.

Collaborations and Team Dynamics

Highlighting his collaboration with Hak5, Grover discusses the importance of partnerships in expanding reach and enhancing product capabilities:

"Hak5 was amazing. They're like, let me just kind of show you the ropes... All of my products are available on Hak5."
(151:20)

His team comprises diverse experts, including retired military personnel and individuals with unique skills, fostering innovation and resilience.

Security Concerns and Ethical Considerations

Abuse Potential and Safeguards

Grover acknowledges the dual-use nature of his creations:

"There's a lot of creativity involved... I want to make sure it's used for securing environments, not for malicious purposes."
(132:01)

He implements features like geofencing and self-destruct mechanisms to mitigate misuse, ensuring tools remain within ethical boundaries.

Privacy and Surveillance

Addressing broader security implications, Grover discusses the balance between technological advancement and privacy:

"If nobody's got privacy, it changes society in ways that aren't very good... Humans have been what on this planet for some say 300,000 years."
(85:57)

He advocates for responsible innovation to preserve individual freedoms amidst escalating cyber threats.

Future Endeavors and Closing Thoughts

As the interview concludes, Grover shares his vision for the future:

"I don't know yet. I'm just gonna... like hanging out with my kids, spending more time with them while I got time."
(143:37)

He contemplates further innovations in cybersecurity tools and maintaining a balance between personal life and business growth.

Final Remarks

Shawn Ryan wraps up the episode by commending Grover's contributions to cybersecurity and his innovative spirit, expressing anticipation for his future projects.

"You are a super sharp, fascinating individual, and what an amazing conversation."
(154:19)

Key Takeaways

Red Teaming goes beyond traditional pen testing by simulating end-to-end cyber attacks, assessing not just vulnerabilities but organizational responses.
Hardware Implants like the OMG Cable represent a significant shift in cyber warfare, enabling covert access and control over target systems.
Ethical Innovation is crucial in developing cybersecurity tools, with safeguards implemented to prevent misuse and ensure they enhance rather than compromise security.
Collaboration and Scalability are essential for growing a cybersecurity business, requiring strategic partnerships and efficient manufacturing processes.
Privacy and Security must be balanced to protect individual freedoms while advancing technological capabilities to counter evolving cyber threats.

Notable Quotes

Mike Grover on Red Teaming:

"Red taming is going to be repeating exactly the entire chain. It's often called a kill chain, where you're connecting all of these different vulnerabilities to go from completely outside to completely... to the crown jewels."
(12:19)
Mike Grover on Social Engineering:

"Just ask them, ask them for access granted... you pretend to be somebody you're not. Like, I'm your IT department... at that point you've got their password."
(04:19)
Mike Grover on the OMG Cable:

"When you plug it into a computer, it's primarily targeting laptops and desktops. It emulates a keyboard and types really fast... It's designed to infiltrate secure environments without detection."
(112:12)
Shawn Ryan on Mike Grover:

"You are a super sharp, fascinating individual, and what an amazing conversation."
(154:19)

Conclusion

Episode #164 of the "Shawn Ryan Show" offers an in-depth exploration of the intersection between innovative hacking tools and modern cyber warfare. Mike Grover's insights into Red Team operations, hardware implants, and the ethical considerations of cybersecurity innovation provide listeners with a comprehensive understanding of the evolving threats and defenses in the digital age. This episode underscores the importance of staying ahead in cybersecurity through creativity, collaboration, and responsible innovation.

Loading summary

Transcript501 lines

[00:03]
Mike Grover
What's the best time of day to get a deal? All day with Jack in the box's all day big deal meal.
[00:08]
Sean Ryan
You get to choose from four entrees.
[00:10]
Mike Grover
Like the supreme croissant and five tasty sides, plus a drink starting at $5.
[00:16]
Sean Ryan
So hurry in or take your time.
[00:18]
Mike Grover
You've got all day at Jack. Every bite's a big deal.
[00:29]
Sean Ryan
Mike Grover, welcome to the show.
[00:32]
Mike Grover
Thanks. Thanks for having me.
[00:33]
Sean Ryan
Dude, we just knocked out one of the most fascinating everyday carry pocket dumps I've ever seen. And the fact that you designed all that hardware is just astounding. It's awesome. And so we got connected through mutual friend Bryce Case Jr. And thank you, Bryce. And man, we've been trying to make this happen for I think a year.
[01:01]
Mike Grover
Yeah, over a year. Yeah, over a year now.
[01:04]
Sean Ryan
So. Yeah. Cause I interviewed. He was our. He was last year's Thanksgiving episode and we got connected right after he told me about the OMG cable which you developed. And we'll get into that. But real quick, let me, let me, let me kick it off with an intro here.
[01:23]
Mike Grover
Sweet.
[01:24]
Sean Ryan
So, Mike Grover, AKA mg. You're a hacker, Red teamer, entrepreneur, artist, security researcher and educator. You work for Fortune 500 companies conducting red Team operations to test and enhance their security. You design and build covert hardware implants that bypass and challenge computer security. You also run a business that manufactures and sells your hardware designs which are now used by countless companies and governments to strengthen their own security. The most well known hardware design is the OMG cable, a malicious USB cable. You're also a husband and a father and I'm sure I'm missing a whole slew of stuff, but at least that paints the picture. But you know, I want to do a life story on you, you know, some of the things that you have developed and then probably go down some rabbit holes with cybersecurity maybe. I love knowing what China and Russia are up to if you have any insight into that. But. But before we start anything, everybody gets a gift, so.
[02:39]
Mike Grover
All right.
[02:45]
Sean Ryan
Guys, Vigilance League Gummy Bears. So made right here in the USA, legal in all 50 states. All right, so, you know, I know you guys got some fun gummies out there in California, but this is just candy.
[02:59]
Mike Grover
I'm gonna eat some now. Man. These are.
[03:01]
Sean Ryan
Go right ahead.
[03:03]
Mike Grover
Muscle.
[03:04]
Sean Ryan
Yeah, I'll take some of those. Thank you.
[03:09]
Mike Grover
I'll see if I can not eat these by the end of the show.
[03:13]
Sean Ryan
Good luck.
[03:19]
Mike Grover
Nice. Those are good.
[03:22]
Sean Ryan
Not bad, huh? Yeah, but. Sorry, I'm going to talk with my mouth full. But Mike, I got a. So I got a Patreon account. It's a subscription account. It's. They were a major. We were just talking about before, you know, right before we kick this off, about starting businesses and how this started in my attic. And we're both entrepreneurs and so developed a Patreon very early on. They have been the key component to how I've built my business. And a lot of them have been here since the very beginning. So one of the things that I do is I give them the opportunity to ask each and every guest a question. And so this is from somebody anonymous. What's the simplest trick hackers use that 99% of people still fall for every day asking?
[04:20]
Mike Grover
Just ask them, ask them for access granted. You gotta kind of cloak it a little bit. But you pretend to be somebody you're not. And for instance, like, I'm your IT department, I'm your hr. You call them up, you email them and you say, I need you to do your thing real quick. And that process will generally have them maybe entering their password, for instance, except it's into something you control and at that point you've got their password. That is a method that still heavily used and constantly works.
[04:59]
Sean Ryan
No kidding. That actually happened to us here.
[05:02]
Mike Grover
Oh, yeah.
[05:03]
Sean Ryan
Yep, yep. We had to have Brian Montgomery jump in and save the day. But yeah, it was. We got an email saying, we want you to be on this podcast.
[05:16]
Mike Grover
Yep.
[05:16]
Sean Ryan
And I thought it was bullshit. We had a staff member that. That kind of like pushed me to do this. And of course everything was in a rush and boom, we saw that. Then my guy, they got into our Facebook and almost hacked everything.
[05:33]
Mike Grover
Yep.
[05:33]
Sean Ryan
Took it all. Ken, Doc and Ryan was able to jump in and save the day kind of last minute there, so.
[05:40]
Mike Grover
Nice.
[05:40]
Sean Ryan
Thank you, Ryan. But what's another one, though?
[05:49]
Mike Grover
I mean, that is like the go to, right? Like, I mean, you can walk into a building, but why do that when you can just ask from halfway across the world?
[05:59]
Sean Ryan
Right?
[05:59]
Mike Grover
Yeah. Like, I mean, most companies, you'll still be able to walk in and do all that stuff. It's just not worth the risk unless they've got that level of security kind of locked down, where it's like, okay, you can ask anybody in the company for their password, they can give it to you, but you can't do anything with it because two factor turned on or stuff like that. Different security controls and detections that suddenly requires physical access. You have to take more risks to do that. And it's a Lot more skill, a lot more work to make happen.
[06:28]
Sean Ryan
Interesting. Interesting. Well, I had a little chat with Bryce before, before he got here today. And we were talking. And by the way, have you ever seen, have you ever seen that video of him at the Deadmau5 concert? He's, he's up there, he's rapping and falls off the stage. I gotta roll this club. You've seen this, right?
[06:50]
Mike Grover
I believe so, yeah.
[06:51]
Sean Ryan
Yeah, I gotta roll the clip. It's hilarious.
[07:00]
Mike Grover
Oh.
[07:03]
Sean Ryan
He brought something up that wasn't in your outline.
[07:07]
Mike Grover
Oh.
[07:08]
Sean Ryan
And so might be a little uncomfortable, but I got to ask it. And, and I think it's a good question because it sets the stage for the entire interview and everything we're going to, we're going to talk about. But he says in case he chickens out, ask Mike about his design being so good that they were copied by the most well known hacker of all time, Kevin Mitnick, also known as Condor. So I gotta hear about this, man. Okay, Is this the OMG cable predecessor?
[07:45]
Mike Grover
Right? So I had been doing lots of designs of malicious cables, right? And I had some really early proof of concept just to. Just to show it's possible. No wireless connection, really tiny payload capability, you know, a few dozen, maybe 100 keystrokes, right? Really limits what you can do. It's really slow. I mean, we're not hitting that thousand keystroke per second thing or maybe, maybe a dozen. Really slow, right? But it's like, it worked, right? Can't remotely update it, can't do anything, but it worked. I want to show the world because, you know, hacker, you want to share the information stuff and work with other people. I didn't see it as like a product. It was just more like project, more like art. Like, hey, cool, look at this thing. And yeah, he reached out and wanted to kind of collaborate and have me build one for him. And I started on that process, but I didn't have enough time to complete it with his work constraints as well, because he didn't have time and stuff. And eventually what happened? I didn't know about it, but he went to someone else and said, make this for me. And no shit. It was not like I didn't know about it until it came out. And the thing is, it wasn't very good. I was just like, dude, first of all, it was not very good. This sucks. I wish making this proper product. But also it was like, hey, if you had the resources, fucking I could have used that because I was just doing this on the side, right? But we have solved things since then. I think there's certain levels of communication and misunderstanding. So I don't want to be like, is the worst, but, you know, lessons learned as well of like, you know, if it's something you can turn into a product, maybe wait until it's ready. You know, things like that. Which is exactly what I did with the OMG cable. Right. That's where it's like, thousands of times better.
[09:39]
Sean Ryan
I mean, as enraging as I'm sure that was, it's also pretty flattering that. Oh, yeah, you know, is he really, like, the world's most renowned hacker?
[09:49]
Mike Grover
I mean, well, so Rip. He's no longer around.
[09:52]
Sean Ryan
Oh, really?
[09:53]
Mike Grover
Yeah, exactly. But, yeah, the. The way he would be introduced, I like. But it was always the world's most famous hacker. Is the. The tagline that was used.
[10:04]
Sean Ryan
What made him so famous?
[10:06]
Mike Grover
So, well, he. God, I need a refresher on this. But basically he had gotten the attention of the FBI and they were hunting him down for getting into various places. A lot of social engineering tricks and stuff like that. And kind of a cat and mouse game. There's a movie called Takedown. Right? So. Good movie. Check it out. But he went to prison then and was pretty unfairly treated. There was a whole Free Kevin movement where, you know, they were doing. I think they put him in, like, solitary or something because they thought he could, like, whistle into the phones and like, launch ICBMs or some shit like that. Oh, my God, like, this is like back when everybody's like, oh, my God, hackers, just evil wizards. It's still like that today, but it was much worse back then. They had no idea what was even possible. So, yeah, he was hell for much longer, I don't think. Yeah, I don't want to misspeak here, because I don't go particulars, but he was hell for a very long time. Pretty unfairly. Eventually got out and then went into infosec as, like, a profession using that.
[11:21]
Sean Ryan
And then tried to take your OMG cable.
[11:25]
Mike Grover
I mean, I guess he knew it looked good, so, hey, he's good at that.
[11:30]
Sean Ryan
Hey, you got the world's most renowned hacker taking your stuff. That's pretty cool. Sounds like everything worked out today.
[11:41]
Mike Grover
Oh, yeah, definitely. And just for the record, he had a pretty unfair shake at life. Ended up. I think he got pancreatic cancer and he died before his first kid was born, which is just fucking terrible. So, yeah, I. I've since met up with. With his wife and cleared the air. So we're Good for you. We're good.
[12:00]
Sean Ryan
Good for you, man. Well, let's get to you. So, you know, like I said, I want to do a life story. We got to get into the OMG cable stuff and all the other stuff that you're designing, some Red Team stuff. But actually, actually, in your. In your bio, I know what Red Team operations are, Red cell operations. But could you explain that to the audience?
[12:20]
Mike Grover
Yeah, definitely. So there's a lot of. It depends where we're talking about red teaming, because there's military red teaming, which I would love for you to give me a couple stories on, because, I mean, I'm sitting in a room with a guy who probably knows that really well way more than me, so it would be a little ridiculous for me to explain that to you. But red teaming in terms of corporate cybersecurity is a subset of pen testing. Pen testing is find the holes, tell us the holes. Right? I mean, that's cool, but it doesn't quite test how someone responds. I think there's this, like. I think it's a Mike Tyson quote where everybody has a plan till they get punched in the face, right? It's like, okay, well, maybe a little aggressive in context of cybersecurity, but how do you solve that? Like in boxing, you train, you get punched in the face, right? And then, well, okay, now it's not going to be new when it happens, you might have a plan, but are you going to execute on the plan? Are you going to miss some steps? Is motion going to get involved? And also, I can find holes at different layers, but red taming is going to be repeating exactly the entire chain. It's often called a kill chain, where you're connecting all of these different vulnerabilities to go from completely outside to completely. To the crown jewels. Take them out and succeed. And then you show how you did it after the fact.
[13:47]
Sean Ryan
How'd you get into that?
[13:49]
Mike Grover
Good question. So kind of almost don't even know. But over the course of just life, and I started off as just help desk, it sysadmin, where you learn a lot of things. And at the time, I didn't think it was very applicable. But, like, those are all the systems and the nuances and, like, just the weird compromises. You learn, like, oh, I don't have enough budget, so I'm going to do it this way. Or you learn about the end users that you're supporting as help desk and all the problems they run into. And, oh, they're running into, like, policy that stops them from Working. So they're going to do this. That's going to cause a degradation in security. But it's really common, you know, that having been in helpdesk and Sysadmin, so you start to connect these things together, and it becomes this really valuable bucket of information for, oh, how would I get into the company using that? And, you know, got really into security for a while. It's also a piece of that role. Like, you're going to run all the systems for it. You got to keep them secure, too. Especially in small companies where you don't have dedicated security. It's like, no, you are the security, so you got to learn it that way, which requires you to think, also, how does an attacker do it? Because you got to defend against that, right? So eventually I just kind of got bored of doing it and made the jump into security, started learning. Actually, Bryce is a good connection on this as well. So I had known Bryce for a long time, and I think it was like 2013. First time I went to Defcon hacker security conference, biggest one in the world, in Vegas, every year. And I decided, oh, God, what was this? So there's these unrecorded talks they also do in certain areas. He was on stage. I think he was doing something with bitcoin at the time. And he had this telepresence robot on stage for a guy who was on house arrest. He couldn't come, so he brought a telepresence robot to be Bryce's partner on the stage. And it was just wild watching this. And so I'm in the audience, I'm just like, oh, yeah, Bryce, Whitey cracker. I don't like it. I'm gonna go see what he's doing. And then he gives the talk. And after it's done, I'm like, hey, yo, what's up? Never met you before. But from that point on, we kind of, you know, our relationship grew. Got to know him a lot better. But he also DJs, as you know. And he was DJing for a guy called Fuzzynop, who. Or, sorry, flip that around, Fuzzynop was DJing for him because he also emcees and sing songs, right? So he needs someone, you know, to play that. So fuzzynop was djing for him on a lot of his shows. So I met him, and, well, he is the one who had built out a red team for a new company. Not a new company. New Red team for a company. Large company. And he ended up pulling me over into that team.
[16:54]
Sean Ryan
Oh, cool. Yeah, I love that.
[16:56]
Mike Grover
Guy, man, Bryce is great.
[16:58]
Sean Ryan
I love that guy. The Big game is almost here and this could be your last chance to get in on the action. Don't miss out on the final football game game of the season with Prize Picks the best place to cash in on the big game. The app is really simple to use. Pick two or more players across any sport, pick more or less on their projection, and you could win up to a thousand times your money. Join prizepix, America's number one daily fantasy sports app available to play in over 40 states, including California, Texas and Georgia. So join now because a quarterback will only need to throw 1 yard to win. Download the prizepix app today and use code SRS to get $50 in promo funds instantly when you play $5. That's code SRS on prize picks to get $50 in promo funds Instantly when you play $5. Win or lose, you'll get 50 bucks just for playing guaranteed Prize Picks Run your game must be present in certain states. Visit prizepix.com for restrictions and details. Foreign It's a new year and if you need to hire for your business and want an easier way to find qualified candidates, head to ZipRecruiter and right now you can try it for free@ziprecruiter.com SRS ZipRecruiter is the top rated hiring site according to G2. How fast does ZipRecruiter smart technology start showing your job to qualified candidates immediately. ZipRecruiter's powerful matching technology works fast to find top top talent so you don't waste your time or money. You can invite top candidates for your job to apply and even encourage them to apply sooner. Here's to a new year of hiring made easier with ZipRecruiter. Four out of five employers who post on ZipRecruiter get a quality candidate within the first day. See for yourself. Try ZipRecruiter for free at ZipRecruiter.com SRS that's ZipRecruiter.com SARS ZipRecruiter the smartest way to hire well, let's took a little sidetrack there, but let's. Let's get to you and let's get to your.
[19:15]
Mike Grover
I'll let you get there eventually.
[19:17]
Sean Ryan
Where'd you grow up?
[19:19]
Mike Grover
All right, so I grew up in Wisconsin. Brothers?
[19:23]
Sean Ryan
Sisters?
[19:24]
Mike Grover
Yeah, I got a younger sister, four years.
[19:27]
Sean Ryan
You guys tight?
[19:28]
Mike Grover
Yeah, we, we don't keep in touch as much. Both like super busy, but we could definitely be a lot closer.
[19:35]
Sean Ryan
Is she a hacker too?
[19:36]
Mike Grover
No, she. Culinary.
[19:38]
Sean Ryan
Culinary.
[19:39]
Mike Grover
Yeah. I picked that up for my dad as well. So my dad. Yeah, so he was in the Navy as a corpsman for a while. I think it was like four years submarine stuff. But medicine. Both my parents in medicine. Were in medicine and they did a lot of DIY stuff. So they built their house from the ground up. Designed it from the ground up. So I was in that kind of raw materials environment. Like the house never actually fully got completed, which is actually kind of cool because it's constant, like tools, raw materials around. Growing up, I thought that was an amazing experience. Dude. I remember shoveling out the house because it snowed before we got the roof on.
[20:21]
Sean Ryan
No kidding.
[20:22]
Mike Grover
Yeah, it was pretty cool. I was pretty young at the time, but it was still impacting, like, oh, look, you can just do stuff, right? That wasn't their profession. But they just picked it up, learned it, how to design it, built nearly everything I think they didn't do was the masonry for the basement because. Yeah, the trusses. And then they were rushed with the weather to get the drywall up. So they paid for that. Everything else they did by hand.
[20:52]
Sean Ryan
Wow. Wow.
[20:53]
Mike Grover
Pretty cool. So. But, yeah, culinary, Right? That's going back there. Yeah, he's really into. He was really into just cooking and really, really good at it. Both my parents were doing barbecue competitions for a while as well. I just jacked off. Yeah. Just get into it and go. And I think that was a pretty good learning experience. And obviously that had an impact on my sister who got in the culinary as well and did some. Did some great stuff there. I didn't pick that skill up.
[21:30]
Sean Ryan
So what were you into as a kid?
[21:32]
Mike Grover
Oh, God, definitely electronics type stuff. So I guess it depends on the stage. Video games first. Lots of video games.
[21:43]
Sean Ryan
What video games? What platform?
[21:46]
Mike Grover
I guess it depends over time. So there was the console stuff, like Nintendo, et cetera. So let's go all the way back. So Atari, and this is kind of like the first hardware hack, actually, my dad. So if you remember the, like, Atari joysticks, it's a joystick and a single button, right. That's the whole controller. And we were playing the game tank, right? You just move around like you're in a tank and you fire at stuff, Right. My dad took some speaker wire, a tongue depressor, medicine. Right. And random button, probably from Radio Shack, and just taped it to a stick to the tongue depressor, ran the wires off and soldered it to the controller so that I could have access to my own little, like, button When I, I don't know, I was like four or something, so I could fire the tank while he steered it around. Right. I thought that was pretty cool. And it kind of stuck with me. Like you just modify stuff, like hack and stuff. So very simple. But you know, that was first video game, first hardware hack. Right. That I was kind of exposed to and yeah, spent lots of time on like Nintendo, Super Nintendo. And then I got into Quake. Quake was just extremely impactful for me. That's where I went from consoles to the computer in the house that we had used it for encyclopedia. You could chat with people online. Cool. But it's more just a tool then Quake. You got to start learning things. Back when Quake came out, this is late 90s, you got to learn how dial up work, how to connect to other people so you could do multiplayer. That wasn't just a button or two. You got to learn stuff and, and even running Quake, it's like, oh, you just don't launch it, Reboot the computer in DOS mode and stuff like that. So you're learning how a computer works. But that also kind of. That's where we get into hacking as well. That's kind of like the inflection point of things. Also, Nine Inch Nails was built in that game. They did all the sound effects and you can see the Nine Inch Nails logo on the crates of nails as well if you look in there. But yeah, that was also kind of impactful for me with the stylistic stuff and the art.
[23:56]
Sean Ryan
Damn. So you started the hacking stuff at like, how old were you? The same age.
[24:02]
Mike Grover
That was. That was high school.
[24:05]
Sean Ryan
Atari was high school.
[24:07]
Mike Grover
No, Atari. Oh, God, I don't, I don't even know when that was. Yeah, I mean, just really, it's like five or six. Yeah, I don't, I don't even know. It was 80s. Like, I don't know. But yeah, Quake was high school.
[24:21]
Sean Ryan
Right on, right on. So, well, let's fill in the gaps. Were you into anything other than electronics or was it always just electronics? And I shouldn't say just was it always electronics?
[24:33]
Mike Grover
I mean, it's all connected in some way. Like I was in the cars as well. Like, you know, part of it was just like making the car continue to run, but also, you know, like, let's add sound systems to the cars and learn how that works, which is, you know, electronics in some way. Also got new water cooling the computer to overclock it. But that required learning, like water cooling.
[24:57]
Sean Ryan
Water cooling.
[24:58]
Mike Grover
So these days you can just buy a kit and install It. Right. But most computers are air cooled. You got a little fan in there blowing out the heat. Right. If you overclock a computer, you can get a lot more power out of it, especially back in 90s, early 2000s. But it would dump a lot of heat, lots more heat. And air cooling couldn't keep up with that. So what you do, you take little water blocks, basically, like a little piece of copper, strap it to the processor, the video card, and run water loops through it. Kind of like a. I don't know how to better explain that, but it's like a little maze that the water would take through the channels on this block, and it would pull the heat out and you would dump it. And at the time, God, it was a Chevy Chevelle heater core that was just like the perfect size. And you could use that as a radiator with a larger fan on it. So instead of using the small fans that you'd find on, like, laptops or even desktops that, you know, maybe it's like that big fan, that big, and it keeps it quieter while dumping heat. And you can just run these things really hot. And yeah, I had to learn how to make those things. Right? So, you know, you get a pond pump from, like a fish store, you get the Chevelle heater core, get all the tubing wire together. But I had to mill out. I didn't mill it. I drilled it. I used a drill press because I could not afford access to that. It was like $100 drill press at the time. You just. Just do like cross drilling through all different directions, plug it up, and get this cool spiral pattern where the water would go through it and pull heat out of all your devices. And you gotta learn about things like corrosion. Like, you got copper and brass and aluminum, and like, you know, these things are gonna start to corrode. So you learn the chemistry behind how to prevent that from happening, because you don't want corrosion. Cause then your computer's gonna have water all over it when it leaks, just for example. Right.
[26:55]
Sean Ryan
Wow. So you. You like a jack of all trades?
[26:59]
Mike Grover
Yeah.
[26:59]
Sean Ryan
You like taking stuff apart, putting it back together, figuring out how it works, how to fix things at a very young age. And it just exploded?
[27:07]
Mike Grover
Yeah. Yeah, basically.
[27:09]
Sean Ryan
Now, how'd you get into hacking?
[27:12]
Mike Grover
So I'm gonna put that on Quake as well. So you're playing online games, right? And you learn you can do, like, interesting things. You start controlling things in weird ways, and it kind of escalates. You're like, wait a second. At the time there was no, what we call, like, client side security or client side, like, integrity checking. Like, the game files I had on my machine were unique to me. Like, you would download them from the author. At this time, we were actually installing it from CD drives, and you just expected to not mess with that, but. But nobody's stopping you. You go and mess with the player models, for instance, and you can add a really large cross that goes like 10ft above, below on all sides of this person, right? So now you can see them running around a corner because this post is sticking out them and you see them coming from the corner. They don't know that, but it was a good approach. Or a lot of dark spaces, right? You can't really see people in the dark. You're like, cool, I'm going to add a fluorescent color to their skin. And. And there they are. They're glowing in the dark, right? See through walls, right? Like, you've got these textures that would go on the walls and they're opaque, but they don't have to be. You just set them to transparent and suddenly you're seeing through the walls. And that type of stuff was. I had more fun figuring out how to do it than actually doing it. But that kind of just opened the door of, like, there's rules and there's expectations, but there's also not many people checking, like, best way to kind of. God, I don't want to get, like, get into philosophy here, but there's this kind of beautiful. I think it's Jacques Ranciere who defines, like, police politics, right? As like, you got a road, right? And it's painted, there's lines, and everybody just obeys those, right? And he connects that back with politics of like, oh, you're told to vote and do all these things. It's like, okay, but, like, what if you don't follow the paint on the road? What if you go off the road? If you get really close to the edge, Most people, they see those lines are going to get right in the center of the road because that's what you're supposed to do. It's like, what happens if you don't. That's interesting to me. That's where weird things start to show up. Like unintended designs, unintended powers and capabilities, just unintended failures, unexpected failures. It's really fascinating to play with that. Play on the edges, see how close you can get. And I guess now that you make me kind of say this, that's probably a good descriptor for how I think about a lot of things like art, everything across the board. Find the boundaries and what happens if you go on either side of it.
[30:00]
Sean Ryan
Interesting, interesting. Did you get involved in any of these hacking type communities?
[30:07]
Mike Grover
Oh yeah. So yeah. So like early, late, late 90s.
[30:12]
Sean Ryan
More, more.
[30:13]
Mike Grover
Early 2000s. There's a lot of online communities. Some are big. I mean, I think the, the really big ones you would know of that most people would know of. Rather like 4chan and like something awful. Right. Big places that had like the bigger names at the time, but there were also much smaller like specific topics. Water cooling. Right. There was a water cooling. There was a bunch of them. But you know, there would be water cooling communities where people just share their, their techniques and stuff so they could all just improve upon it. And yeah, there were also hacking themed ones. So Bryce and Digital Gangster was one of those. That is one of the several communities I have known him from. And yeah, this was also at a time where online space and meatspace were very separate. Right. Like online dating, for instance. That was like, what now it's like, that's all the kids do these days. It's really weird, but I met my wife from one of those online communities. But eventually those worlds start to blend together when you spend more time in there and you're spending most of your time in there and just talking to these people eventually. I mean, it depends on the community. Maybe not so much like Digital Gangster where it's like just raw crime happening. Is maybe not the best idea to meet up for many reasons, but you know, certain lesser criminal communities. Yeah. Meet up with people and those worlds start to blur together and it's a little bit different than the, you know, 2024 is where it's just. Everything is just mixed together now.
[31:59]
Sean Ryan
Yeah. How'd you made your wife?
[32:02]
Mike Grover
Yeah, I mean, so we posted on some of one of the communities out there. I think it was like from hardware overclocking. Yeah. I can't remember exactly what it was, but I moved out to California. That's its own story we can go into. But when I moved out, I think it was the first week just like, hey, anybody in this community around, want to hang out, show me around town? She was one of those people, was like, yeah. And yeah, it just kind of grew from there.
[32:32]
Sean Ryan
Is she a hacker too?
[32:34]
Mike Grover
Not a hacker per se, gamer. Photography, art.
[32:39]
Sean Ryan
Cool.
[32:40]
Mike Grover
Yeah.
[32:40]
Sean Ryan
How long you guys have been married? Sorry to put you on the spot with that one.
[32:46]
Mike Grover
What year is it anymore? 10, 14 years. It's 2009. 15 years.
[32:54]
Sean Ryan
2009. 14.
[32:56]
Mike Grover
Yeah. So almost 15.
[32:58]
Sean Ryan
15 years.
[32:59]
Mike Grover
Yeah. It's crazy. Yeah, I mean I've known her since 2004.
[33:02]
Sean Ryan
So what's the, what do you think the secret to successful marriage is?
[33:07]
Mike Grover
Oh. Oh my God.
[33:10]
Sean Ryan
Bet you weren't expecting that one.
[33:11]
Mike Grover
No, I was not expecting that one. I'm gonna have to think about that one. Man, I don't know, man. Just because I can connect this back with everything is just kind of understanding. I mean humans are a mystery to me but at the same time there's so much complexity and it creates. It's like a. Everybody's different. Like everybody wants to put everybody into a bucket. Like there's the us and there's the other. But like, dude, humans are messy and complicated and unique and understanding that helps a lot with everything. Whether it's being in a marriage or attacking somebody to get into a company. It's like same thing, right? Like understanding but you know, very different motives and goals behind that. One is just truly understanding the person and working with them and you know, the other is kind of the inverse of that.
[34:07]
Sean Ryan
Right on, right on. Let's talk about, you know, some of the stuff that you did. Did you. What are some of the big hacks? Were you involved in any big hacks?
[34:18]
Mike Grover
Not like Hands on Keeper. I'd like to watch those. So for most of my time, any of the hacking stuff that was me, I kind of viewed it as entertainment. It wasn't power, money or anything like that. For me it's just like, let's just have some fun, right? Yeah, you can mess around. I would do stuff on some of the communities as well. I knew the people who would run the servers. So you can mess around in there.
[34:48]
Sean Ryan
And what kind of stuff?
[34:50]
Mike Grover
I mean, okay, for instance, I gotta remember all the complexities here. But this community was very liberal with temporary bans and stuff like this. I got myself banned and I'm like, get around that, right? And then they could not get me banned in this environment because they had some add ons that they were using for this V bulletin. I think it was V bulletin, might have been PHP bbbb, PHP bbb. Anyway, one of the large platforms at the time just had a lot of plugins that just gave me raw write access to the database effectively and I could post through that. And they had a lot of fun chasing me down in that situation. I'm just like, how are you still here? So very light hearted. In that instance, they were more interested in how it was done than like, oh, you're breaking into my.
[35:53]
Sean Ryan
So yeah, right on. Well, let's move into, I don't know, you know a whole lot about hacking. So. Yeah, yeah, you know, I would, I would love for you to expound on, you know, how you got into it or not how you got into it, but. Yeah, but some of the things that you just found fascinating that kept you going all the way up until building your own hardware.
[36:18]
Mike Grover
Yeah, definitely. And actually, you know, going back into the youth for a little bit, but something probably important. I had a phase where I was really into magic, right? Sleight of hand, deception, that type of stuff. I think that was middle school, right. Actually got my first taste of authority. Not being super ideal for me. Brought in a fake cigarette to middle school, right. And it's the peak of the dare situation, right? Looked perfect. Looked like it was actively lit and you blow on it and you know, talc, I think powder came out, but it looked like smoke that got confiscated. We got. Friend and I got pulled down to the principal's office. I don't know, I think I got suspended for not taking the situation seriously enough. How you can take this seriously. Like it was fake cigarette. But I think my friend pointed out. Oh yeah, that's right. They brought on the. The cops to test it because some of the talc powder came out and they're like, that might be cocaine. And my friend made probably an unhelpful comment of like, that's not even how you would smoke cocaine. But yeah, anyway, sleight of hand, that gets into deception and the human aspect, which is often forgotten a lot in hacking. People are like, oh yeah, it's just knowing computers really well. Definitely a huge piece. But like, it's people as well that have to be kind of like manipulated. You gotta understand them, you gotta convince them to do things. Which is the most common way of getting into so many systems. You say, hey, I'm from your IT department, let me in. And you gotta know how to make that sound legit. And if somebody's like, I don't know, okay, let's do some urgency to make them kind of panic a little bit where their decision making goes down and they're panicking and they're like, oh, I just gotta do the thing or I might get fired or this bad thing's gonna happen. Or you. There's so many different psychological triggers that come into play and create this misdirection.
[38:19]
Sean Ryan
Interesting.
[38:19]
Mike Grover
And you're like, oh, it's like sleight of hand for psychology, right? So you push people into different directions. And you get them to reveal their password or run an application on their computer that just gives you access to everything and that overlaps with the technical and the hardware and all these other things. And just, I guess being a generalist, now that you make me think about it, it just allows you to kind of glue all of those things together and I guess, yeah, at the time, before I officially got into paid security, I always thought that was a weakness of like, oh, I've never specialized in anything. I just. I couldn't possibly keep up with people who did specialize. I mean, that is true. There's like every person I work with that specializes. They go so far into just absolute wizardry that amazes me. And I can never keep up. And because I just cannot sit down and focus and be like, I'm going to do this thing and that's all I'm going to do. I get 80% of there and I want to go play with another thing. But it worked out. It's great for the entrepreneur type perspective as well. We're going to tickle all the things. Keeps you busy, right?
[39:32]
Sean Ryan
Yeah. Yeah. Well, Mike, let's take a quick break, and when we come back, I want to get into some of the hardware that, that you. That you've made and.
[39:42]
Mike Grover
Yeah, absolutely.
[39:43]
Sean Ryan
And how that happened and who's using it, what, governments, all that kind of good stuff.
[39:47]
Mike Grover
See what I can say.
[39:51]
Sean Ryan
Going online unprotected is like leaving your door unlocked when you leave the house. Maybe you trust some of your neighbors, but what about random strangers? Do you trust all of them, too? Do you really want to take that chance? With ExpressVPN, you can stay safe online without having to trust anyone. Every time you connect to an unencrypted network in a coffee shop, at the airport, really, in any public place, your online data is not secure. Anyone on that same network can gain access to and steal your personal data. ExpressVPN changes that as easily as opening up the app and clicking one button to get protected. I've been on the road speaking with all kinds of people, from health gurus to world leaders, and data security is extremely important to me. Express VPN helps defeat hacking attempts by creating a secure, encrypted tunnel between my device and the open Internet. Internet. So you don't have to worry about who else has access to your information. Secure your online data today by visiting ExpressVPN.com SRS that's E-X P-R-E-S-S V P N.com SRS and you can get an extra four months free. ExpressVPN.com SRS you sign up for something, forget about it after the trial ends. Then you're charged month after month after month. The subscriptions are there, but you're not using them. 85% of people have at least one paid subscription going unused every month. Thanks to Rocket Money, I can see all my subscriptions in one place and cancel the ones I'm not using anymore. And now I'm saving more money. Rocket Money is a personal finance app that helps you find and cancel your unwanted subscriptions, monitors your spending, and helps you lower your bills so you can grow your savings. Rocket Money's dashboard gives you a clear view of your expenses across all of your accounts and keeps you informed with alerts if bills increase in price, there's unusual spending activity, or if you're close to going over budget. Rocket Money will even automatically scan your bills to find opportunities to save and lower your bills. Then you can ask them to negotiate for you. They'll deal with customer service so you don't have to to. Rocket Money has over 5 million users and has saved a total of 500 million in canceled subscriptions, saving members up to $740 a year. When using all the app's premium features, cancel your unwanted subscriptions and reach your financial goals faster with Rocket Money. Go to Rocket Money.com SRS today. That's RocketMoney.com SRS RocketMoney.com all right, Mike, we're back from the break. I missed a couple of things in our outline here, so I'm gonna have you pick it up with where we're gonna start with 2600, whatever the hell that means.
[42:50]
Mike Grover
Oh, yeah, yeah. So all the security stuff I was doing, the times I was doing help desk and stuff like that. Security. For the most part, anything security connected was a hobby. So, you know, even. Even the overclocking, water cooling, I was hobby, too. But yeah, 2600 is, you know, kind of a hacker zine. I think they're quarterly. Just lots of people writing in to show, you know, tricks they've done, whether it's with payphones, you know, freaking phone, freaking.
[43:22]
Sean Ryan
Wait, so what is 2600?
[43:24]
Mike Grover
It's a hacker zine, basically. You can. You can go magazine. Yeah, like a little. Little magazine. You can. You can go to, like, Barnes and Nobles and get it.
[43:31]
Sean Ryan
Okay, so, yeah. Wait, so what is it? Is it a book?
[43:34]
Mike Grover
It's. I think it's quarterly, where they will just publish a new set of, like, little, like, kind of Articles written by different people that talk about how to hack something, how they hack something. Just cheats on systems, just sometimes politics, just, you know, hacker minded stuff. Right, gotcha. Yep, it's pretty cool. But that was also when I first got into that, you know, phone freaking and stuff was more popular then as well.
[44:01]
Sean Ryan
What is that?
[44:02]
Mike Grover
Yeah, so that's, that's hacking with phones, basically. So this goes back way, way long ago. God. I think the guy's name was Joy Bubbles. Actually. Deaf guy or sorry, not deaf. That wouldn't make any sense. Blind. And he noticed that there were like tones on a phone when you know, connecting to overseas and stuff. Like this is way back when you, you had to pay long distance and stuff like that.
[44:28]
Sean Ryan
Right.
[44:28]
Mike Grover
Phone calls cost a lot of money. But he noticed they made certain tones and stuff. So he had perfect pitch and he would just whistle them back. And then he noticed the phone network would do stuff when you did that. So yeah, there's what we call in band signaling when you can hear the signal. The other end, there's the switch panel. The phone networks hear these tones and it's like, you know when you push numbers on the keypad and they make a tone. Right. If you do it in a certain sequence, it's like, oh, it hears that there's other tones that the keypad doesn't make that tell it to do other things. It's where the 2600 comes from actually. 2600 hertz. I can't remember what that does at the moment, but it would allow certain administrative type functions and it's like routing around, like, oh, you paid and now you can. About long distance or something like that. Right. But no.
[45:21]
Sean Ryan
So hold on, hold on. So the, so it actually has nothing to do with the keys that you're pushing it. It has to do with the tone that they're programmed to make.
[45:29]
Mike Grover
Yeah, I mean, at least at the time. Things have changed since then. But yeah, it was just the tones. You could literally whistle those tones or hum them or whatever. So blue boxing was the other thing it's called. There's, there's many boxes, many colors. But blue boxing just replicated that. You could literally quickly dial a number or whatever you wanted to. You do the administrative codes, play it right into the mouthpiece and it would dial and do all these things.
[45:52]
Sean Ryan
Holy shit.
[45:53]
Mike Grover
Pretty cool.
[45:54]
Sean Ryan
No idea.
[45:54]
Mike Grover
Believe it or not, that's how Apple started. Woz and Jobs made some of their first money selling blue boxes.
[46:03]
Sean Ryan
What is a blue box?
[46:05]
Mike Grover
So it's the device that would allow you to more or less get free phone calls in the age of having to pay for long distance and stuff. Like go to a payphone, just pull out your blue box, hold it up to the mouthpiece, press some buttons, make it do what you want, call whoever you want. It was illegal at the time. What was the. There was a magazine it got into by a guy named Cap'n Crunch at the time. He got that name because there is a whistle inside of the Cap'n Crunch serial that just happened to make that 2600 tone when you blow it. So he didn't have perfect pitch like Joy Bubbles did, but he had the whistle. So you just blow that into the phone. Then you open up certain access with Cracker Jack. Not crackerjack but Cap'n Crunch style toy, which is really cool. But yeah, you can electronically reproduce those sounds. And that's what they were doing. With the blue box, there was like red boxes, rainbow boxes. There was so many different boxes that would do different things that people would figure out and they would share that with each other. And yeah, it was technically criminal, but a lot of people did it at the time. And yeah, Woz and Jobs took that money and started Apple with it.
[47:22]
Sean Ryan
So no kidding.
[47:23]
Mike Grover
That's pretty cool.
[47:24]
Sean Ryan
I had no idea.
[47:25]
Mike Grover
Very cool. And was. I would love to meet that guy one time. But he's a great example of like the old school hacker that was way more about like mischief and just figuring out how things work and not necessarily anything criminal. So interesting, great, great example, interesting thing.
[47:43]
Sean Ryan
So you were working at this, at this magazine?
[47:46]
Mike Grover
Yeah, no, so I wasn't working there. I was just enjoying it. And there were a lot of. Lot of municipal. Different cities would have like meetups, like hey, 2600 meetup. And you go and you know, meet people that are into that stuff. And really tiny where I was from, so it didn't really go anywhere. But that, that was cool. It would get into just more like, hey, here's other ways of hacking that you didn't know about and just gets you to think like, wait, if I can do that, if they did that, that what else can you do? Like, let's play. Like it's just, it's all about exploration, experimentation. Like what is this frontier too? Like, there's just unexplored space. Like what else can you do? And yeah, I mean outside of 2600, there's like, there's all the tools that people knew of the early online days, like sub 7 or netbus. What's that kind of like a Software Trojan, more or less. Basically, you get somebody to run it, or you run it on their computer and it gives you a remote access. Right. You can fully control those machines over the Internet, right? Open up the CD trays, close it up. Just all kinds of wonky stuff that could be for pranks or it could be criminal. God. Okay, there. Reminds me of one of the ways we used it. So again, I was way more about just pranking and having fun. My friend in high school, her name was Heather, she was really into, like, just spiritual stuff and, like, you know, she thought, like, spirits were in her house and stuff like that. It was a phase, right? But friend and I had that running on her computer and you could play noises the middle of the night and. And just like. Like, it was terrible. It was so bad. You know, the CD drives would open just like. You know, she was terrified at the time, but later on thought it was funny. But, yeah, for an example, right, like, you. You can just have fun. You can play with people. You don't. You don't have to actually straight up do crime. Crime. Crime does occasionally pay, though, so some people would get into that.
[49:57]
Sean Ryan
How would they use it for criminal. Yeah.
[50:04]
Mike Grover
God. This goes way back. I mean, we're talking, like, over 25 years ago, so I'm not 100% remembering this, but it would have been. You can do, like, file system modifications, stuff like that, so you can get access to cookies that'll contain, like, login information. You can just get into people's accounts, send mail as them. So spamming was a huge thing back then. I mean, that's where Bryce has gotten a lot of reputation from, from those early days. Spamming. My friend at the time paid for his first computer by spamming for a porn company, actually. Which is funny because he's cashing a check, sizable check, for a porn company, and he's like. I don't know, he was probably, like, 14 or something at the time, getting, like, weird eyes from the bank. It's like. So, yeah, that happened. But what else? Yeah, I mean, did you ever do any.
[51:07]
Sean Ryan
Did you ever do anything illegal that's past the statute of limitations that you can share?
[51:12]
Mike Grover
So a common misunderstanding about the statute of limitations is it's not just about the time in which has passed since you committed the crime. Depends on the crime. But many times the clock starts from discovery.
[51:25]
Sean Ryan
Interesting.
[51:26]
Mike Grover
It's a common misconception that is good for a lot of hackers to realize, but, I mean, I'm sure. So the cfaa, computer fraud and abuse act literally any access to any electronic interface that is not explicitly allowed, that's a federal crime. So literally what I described, you know, getting onto my friend's computer, that's a federal crime. Even though they're cool with it and all this stuff, it.
[51:57]
Sean Ryan
Yeah, Gotcha.
[51:58]
Mike Grover
So literally any of those things can be heavily punished.
[52:01]
Sean Ryan
Gotcha.
[52:02]
Mike Grover
So, yeah, it's tricky, but.
[52:05]
Sean Ryan
Well, let's get into your first job.
[52:07]
Mike Grover
Yeah. So first job it again, like, security was not really a huge thing for the most part. All that was side stuff. But, you know, you still have to be conscious of. Of secure design. My coworker was kind of my mentor at the time. He was ex dod, ex Navy. Had a lot of fun stories, but also got me more into security. We actually did our first security presentation for the company, kind of using some classics here. So the movie Sneakers, amazing movie, still holds up today. If you haven't seen seen it, go watch Sneakers. It's awesome. But they did a lot of like, physical security stuff. Like, you know, if the doors got the hinges on the inside, you can kick it open. If it's on the outside, you know, then you gotta do something different. But what else? There's like the social engineering aspect where they wanted to get through, like a front lobby attendant who had to like buzz them in so they had someone else come in with like. I think it was like a delivery. Like just creating a lot of stress. So one guy's like, yo, I got this delivery. Other guy's like, hey, I got my cake and my balloons. Can you just ring me up? And it just goes and escalates until he's like, ah, just pushes the button and gets in. Right. Of course, you know, he didn't have a cake or anything like that. The balloons were to cover the camera and the cake was, I think it was like a briefcase of some hardware that he had to like, infiltrate into the company that would go attack things. Right. Great demo. We use that, like, hey, here's some physical security things. Get you to think about it and catch me if you can. Another thing where it's, you know, social engineering was used. And believe it or not, that movie based on Frank Abagnale, most of the stuff he said is actually made up. It was like the con on the con. But anyway, yeah, that was kind of a classic thing that still a lot of security presentations today will still use those. Anyway, long story short, kind of got me into the idea of educating on security instead of just playing and having fun and just the entertainment values. Like, oh, you gotta Actually teach people on like, you know, there's a responsibility here, like teach people how to not fall victim. Also did some like live password cracking. Like back in the day, people were using real terrible passwords. So just adding some extra characters and stuff, we were able to, you know, do password cracking. Just in the middle of this presentation of like, hey, this password you can get in 15 seconds. This one's gonna take us 10 hours. In reality, that's.
[54:46]
Sean Ryan
How do you begin to crack a password, basically?
[54:49]
Mike Grover
I mean, there's a lot of different ways. The way we were doing it was just brute forcing. Being able to have the ability to just retry, like word sets, like common password sets. You can just get those. There's a lot of password lists, what we call them, that will. When you're going to brute force and you just want to try them. Well, like, hey, we know these are the common passwords. We know these are passwords from leaked breaches. Shove them all together. Good chance somebody's reusing that somewhere. Good approach. There's cryptography and stuff.
[55:18]
Sean Ryan
But do you use the password manager?
[55:20]
Mike Grover
Oh, yeah, definitely. Highly recommended.
[55:22]
Sean Ryan
Which one?
[55:23]
Mike Grover
1Password'S pretty good. There's different ones depending on what you need.
[55:27]
Sean Ryan
Is Keeper any good?
[55:28]
Mike Grover
I haven't looked too heavily into that one. I know somebody who's very into like that, that space that speaks Fairly highly of 1Password. But it's been a while, so I wouldn't want to be like, yeah, this is the one. Because that space is always changing.
[55:44]
Sean Ryan
But what constitutes a good password?
[55:48]
Mike Grover
One that you don't know.
[55:50]
Sean Ryan
So Password manager.
[55:51]
Mike Grover
Exactly. So if you don't know your password, it should be unique per site and just long as hell. And that means you're going to have to use your password manager to autofill that or, you know, copy paste. However you're going to do it, you're going to need the password manager to feed that back and log into the server site. That combined with Proper two factor, it's going to secure so much when it comes to you being compromised by social engineering and phishing.
[56:19]
Sean Ryan
Okay, that's good to know. Yep. Let's move on.
[56:25]
Mike Grover
Yeah, yeah. So, yeah, after that job, I was kind of bored of Wisconsin and my friend at the time, the one who made the money spamming, he moved out to San Francisco a year earlier and worked for a company called Long now they're the ones doing the 10,000 year clock that a lot of people are associated with. I think Bezos is on there, but Stewart Brand.
[56:52]
Sean Ryan
Hold on, what's the 10,000 year clock.
[56:54]
Mike Grover
Yeah. So it's this idea. I don't think they built it yet, but still working on it. But the idea is that they're going to put a clock, like an analog clock in a mountain that stays accurate for 10,000 years. It's really to get people to think really long term.
[57:14]
Sean Ryan
And what do you mean?
[57:15]
Mike Grover
Just like who's really. It's hard for people to think more like even like one election out of consequences. Right. Like four years, 10 years maybe you think as far as your kids. Okay, cool. Well, how about a thousand years? How about 10,000 years? Like that just changes how you think about the future and what you do, what matters, what doesn't. And it's almost like a thinking prompt for people. Nobody does it, start doing it. This was also, I think it was formed shortly after the Y2K bug, which was hilarious because computers started. A lot of the systems at the time were kind of birthed in the 70s and they had two digits for the year. Right. Like the last two. So 78, 79. You know, eventually what happens when you get to 99? It rolls over to zero. Zero. Is that 1900? Is that 2000? Oh, neither did the computers. Right. But people were only thinking, you know, a couple decades, that's enough. Somebody's gonna rewrite my software. No, it's not. No, we're still using that software today. So that's where the Y2K bug came from. And it's like cool. You needed to at least think, you know, thousand year scale so you can have four digits of space for your ears. That was the entire Y2K bug. But I believe that was kind of around the same time that that. Okay, thousand years. What about 10,000 is probably where that came from.
[58:39]
Sean Ryan
So hold on. They want to make a clock.
[58:42]
Mike Grover
Yeah.
[58:42]
Sean Ryan
That's accurate for 10,000 years and put it. Put it in a mountain.
[58:46]
Mike Grover
Yes. Basically the mountain, I think, is to keep it safe. They have to like keeping time for that period of time. Like you, you can't use any other timekeeping system. Like, you know, the atomic clocks and stuff like that aren't accurate over that time span. So you have to account for like orbit variation, shift in the poles of the Earth and all of these other things. Like they have a whole CAM system that readjusts the calibration of where that clock will be in X years over that span. It's absolutely crazy to like engineer with that in mind. It's like you don't. Nobody thinks about like orbit variance over time of the Earth. Or the poles shifting for the clocks they use. Like it's just not a factor. But what if you had to. I think it's really cool, but interesting. Yeah. So yeah, my buddy got a job just doing system for them and web development and it's like, hey, if you want like a few weeks on my couch, go for it. I'm like, you know what, I'm going to take you up on that. I'm going to use that to just move out there. I had no plan. I just like, I brought three, no plan. I'm just like, I'm just going to do it and figure it out. Which I guess is a very red team approach too. It's like you can't plan anything. You're just going to move and figure out what's in your bag of tricks as you go and work around the problems. But yeah, I'm like, I'm going to bring three suitcases. I prioritized. One of them was like my gaming system. Like a whole suitcase was dedicated to just a computer. I don't know what I was thinking, but yeah, that was 30% of my luggage when I moved out. Stayed out as cash for a bit, got some random odd jobs doing like audio QA testing and stuff like that just to make it and eventually got into the game industry doing said man IT help desk stuff. And it just kind of grew from there. And yeah, I stayed there for like, I don't know, 15 years in the game industry. But on the side, being in San Francisco gave me a lot of unique perspectives. So first of all, Stuart Brand is kind of the guy that was running the show over at Long. Now Stuart Brand is one of the original people on like the hippie bus with like Timothy Leary and all this other stuff, right. They're going around the country doing the acid tests and stuff like that, but lots of just divergent thinking coming from that. And that was interesting just to kind of see like I didn't get that in Wisconsin. This is also kind of where like you know, the PC revolution came from, that type of people, right? Just diversion thinking, what can we do? What mischief can be made. All this stuff, the maker space, maker faire was out there as well. So this is just, this is more like hands on hardware hacking, not like security hacking, just like hobbyist hacking, like 3D printers. Let's just build some stuff. The kind of stuff you'd find at like Burning man, right? Like the art where you start mixing all these things together. That opened my eyes to just like different, different focuses and Aesthetics. There's really good point to kind of deviate here. Something called beam bots. Actually, I'm going to pull up this laptop here to show you a picture because it makes way more sense when you see it.
[62:20]
Sean Ryan
Beam bots, yes.
[62:22]
Mike Grover
You're like, what? So beam bots, B, E, A, M, biology, electronics, aesthetics, mechanics. It's just a kind of a design philosophy around building little robots. So I just kind of had to show it because, I don't know, you're probably picking up a bit of an insect vibe from this, I would assume, Right? So it does a couple things. First of all, there's no PCB on here. It's just freeform soldering and all of these components. There's nothing extra for the aesthetics. It's all functional. So on the back you've got a solar panel soaking up energy. This like, thorax here that's holding the charge from it. And then these. This is really cool. These are LEDs, but LEDs, when you shine light on them, actually emit a little bit of energy on the lines. Like a reverse solar panel. Right. They're inefficient solar panel, but you can literally use them as eyes for this. So depending on what direction it's facing, one eye is going to see more light than the other. That's where the light source is coming from. There's a really tiny brain in the middle. It's literally four logic gates, which is tiny. Like your phone has millions of logic gates in it. Right. Like a calculator. My cable has hundreds of thousands of logic gates. This thing, it's got four. Okay.
[63:50]
Sean Ryan
What is a logic. We call it a logic logic gate.
[63:53]
Mike Grover
So basically, all computing comes down to the concept of binary. On or off. Like think of it like a light switch, right? It's on or off. You can do math with that. Let's go through it real quick. Actually, we got three light switches, right?
[64:12]
Sean Ryan
Yeah.
[64:15]
Mike Grover
Got to think which direction we're going here. So we got one on, two off. That can give us a one. Turn them all off. That's a zero, Right? Easy. Now, we put two in the picture. You turn two on, you basically double the last one. So if two are on, that's going to be three. Basically, the first switch is the value of one or zero. The next one is two or zero, and then the next one will be four or zero. Next one is eight or zero. That's binary math. Right?
[64:48]
Sean Ryan
Okay.
[64:49]
Mike Grover
And all decision making can kind of be based on this. So in this sense it's very analog, but basically this will eventually essentially fill up and have enough energy charged that these four logic gates are suddenly making a decision like, this side's filled. Which eye is sensing the most light, and at that point it's going to fire the opposing leg with all the energy it's gotten here to steer towards that. So you have this little bug looking thing that walks right and it just constantly steers towards the light source. And to me, I thought that was really cool because A, focuses on aesthetics, which is not super common, and B, it uses really cool hardware hacks, like I said, with the lights here that normally it's for emitting light, but no, you can reverse that and use it in an unintended way. And you can use really minimal logic to do what you want. And, you know, I've applied some of that to my cables as well. Not this specifically, just the mindset of, like, you don't need 10 things in this cable. You can just strip it down to one if you're really creative. Wow, that's how you shrink things. So that's kind of where that connects with, you know, like, hey, let's focus on aesthetics, but also minimizing and just using things in unintended ways to get more out of it. So that was kind of a good point in which it kind of just opened my eyes to also soldering in electronics, but also the art of it and all that. So, yeah, beanbots, that was a good pausing point for my many hobbies that I would pick up over time that eventually led into what would become the OMG cable.
[66:49]
Sean Ryan
I know everybody out there has to be just as frustrated as I am when it comes to the BS and the rhetoric that the mainstream media continuously tries to force feed us. And I also know how frustrating it can be to try to find some type of a reliable news source. It's getting really hard to find the truth and what's going on in the country and in the world. And so one thing we've done here at Shawn Ryan show is we are developing our newsletter. And the first contributor to the newsletter that we have is a woman, former CIA targeter. Some of you may know her as Sarah Adams, call sign Superbad. She's made two different appearances here on the Sean Ryan show. And some of the stuff that she has uncovered and broke on this show is just. Just absolutely mind blowing. And so I've asked her if she would contribute to the newsletter and give us a weekly intelligence brief. So it's gonna be all things terrorists, how terrorists are coming up through the southern border how they're entering the country, how they're traveling, what these different terrorist organizations throughout the world are up to. And here's the best part. The newsletter is actually free. We're not gonna spam you new. It's about one newsletter a week, maybe two. If we release two shows. The only other thing that's going to be in there besides the intel brief is if we have a new product or something like that. But like I said, it's a free CIA intelligence brief. Sign up links in the description or in the comments we'll see in the newsletter. Let's move into Defense Distributed.
[68:33]
Mike Grover
Yeah, so I think this was about 2013. So first, defense Distributed, it's the company behind the Liberator, which is a 3D printed gun, and also the Ghost Gunner, which is a mill. Desktop mill that you can mill out a lower receiver, AR15 platforms. It was the first commonly.
[68:56]
Sean Ryan
You're the one that did that.
[68:57]
Mike Grover
I did not. No. So I got very interested in. In that. That was done by Cody Wilson. So let's crack that whole topic open a little bit more. So I think it was 2013, there was a lot of experimentation in the 3D printing space with firearms. Right. Cody introduced it to the world. He basically inflicted this idea upon the public psyche in like this amazing way that just caught my attention in a couple ways. First, it's this approach of like, hey, we're going to give this to the world in a way that is irrevocable. Like, going back to that, like the police politics concept I was mentioning, it's just like, okay, what if you create something? Like there's voting and opinion having, but you create something to put in the world that nothing can change that at that point, I just thought that was just amazing. From, like the political standpoint, regardless of what topic or what opinion you may or may not have on firearms, the politics of it and the power of creation was amazing to me. And he did it with a level of art and bravado that was just perfect for the delivery of this.
[70:22]
Sean Ryan
So what? Van, that's. So what you're saying is bringing something to the world that cannot be taken back. Like Bitcoin.
[70:31]
Mike Grover
Yeah. Another great example of like, no opinion on that is going to change its existence. It exists. And like, if you're thinking about, like real politics and participating, like, creation is one of the most powerful things you can do. And that's what I kind of learned from watching that. But yeah, I decided, like, hey, I would want to know more what they're doing. And I'VE helped out with security and just computer stuff in general. Used what I had, like, hey, can I help? To a lot of different places, whether it's like Nine Inch Nails communities just to get more insight of how the artistic process works there, or in the case of Cody, just helping out with the security of that just to kind of see how they work. A bunch of anarchists getting together, building a company and just, just the whole like fight that they were in. It was very fascinating to me just to observe that. And that kind of stuck with me. Both the creation, the power of creation and the artistic approach they took to it. That was one of the things I kind of had in mind when I first created the OMG cable. It's like, hey, at the time I thought I was just going to open source this thing and put it out there. That ended up not making sense because it was really hard to make. You can't just DIY it. But yeah, it was one of the motivators in my head at the time when I was first putting it out in the world. So yeah, one of the many things is just like, hey, this is a fixation. I want to know more and I'm just going to focus on it for a while. So yeah, they're still doing their thing still.
[72:17]
Sean Ryan
So what did you do there?
[72:18]
Mike Grover
I just helped out with some security stuff. Like I didn't have security stuff, network and it, I mean every company's gotta have that. Right. So I'm like, hey, you know, you're probably a small shop, probably don't have the level of security understanding for your systems, but I don't know, maybe I can help. So it just helped out and it allowed me to get more insight into how they run things and just, just, just more exposure to like how, how the artist works. Right. Because that, that allows me to just kind of figure out there's, there's a lot of things I would experiment with, but I never found like my medium. Right. Like as an artist. Right. Like I got into music, you know, I'm not, not that great with music, you know, visual arts. Not that great.
[73:07]
Sean Ryan
I mean, 3D printing is everywhere now.
[73:09]
Mike Grover
Yeah.
[73:10]
Sean Ryan
You know, and so you were at the forefront of this. You were on the. I mean, I.
[73:14]
Mike Grover
So I wasn't doing anything besides like the security for them. It's just, just kind of, even if I didn't do any work for them.
[73:21]
Sean Ryan
Just that just being a small part of it.
[73:24]
Mike Grover
Yeah, exactly. But even just seeing it happen would have been enough for me to kind of kick start Some things, it's another.
[73:32]
Sean Ryan
How did that come across your radar?
[73:34]
Mike Grover
I mean it was everywhere at the time. It was like in Wired and all these other places, like 3D printed gun firing. Everyone can print a gun now regardless of laws. And that was kind of the message going around in the press. This was also kind of another pivotal time when the NSA ant catalog so snow didn't happen around the same time. This, this is often incorrectly misattributed to him. But there were a lot of leaks that happened around that time both with and without Snowden. That kind of opened my eyes to the level of games and just technology happening in computing. Yeah, I mean I already knew a decent amount of it. But the ant catalog, oh man, that head. It was just like, you know, when you're growing up and there's like the spy tools in the back of the magazine disappearing anti and you know, all those things. This was like that on crack, dude. It was like they. They had a malicious cable in there. This k. When was was leaked in 2013, the catalog was dated 2008 and they were announcing in 2009 they would have these cotton mouth cables available for, you know, purchase. So they. Their ecosystem of whoever they sell to in the nsa. The price on those, I think it was a minimum order quantity of 50 with a $20,000 per cable price tag. It's like, wow, amazing. But it had all these electronics inside, a radio inside. And that was cool. And actually, let's pull this up again. So Cottonmouth. This is the page out of the catalog where it shows it's really chunky cable, like really, really thick hood. But they sandwich a whole bunch of different PCBs inside of this thing. And you know, that stuck in my head obviously.
[75:52]
Sean Ryan
So what does that do?
[75:53]
Mike Grover
They weren't super specific about the exact capabilities. But you know, it had a radio, it had some ability to manipulate usb. I mean, I would, based on all of my reading in here, the latest generation OMG cable is basically a dead match to its capabilities from what can be deciphered from this page stage. So all the way down to like covert exfiltration and stuff like that.
[76:22]
Sean Ryan
What were they using it for?
[76:24]
Mike Grover
It's a good question.
[76:25]
Sean Ryan
What's the thing? What does the sheet say?
[76:28]
Mike Grover
It doesn't. It just. It just. It's more of a capabilities thing like getting through and breaking security effectively. So I mean, I would imagine this gets implanted into spaces that are higher security. Like, you know, if you can't just walk in and do stuff or if you can't do the easy things. You're going to start having to use these types of tools to get into a place, have somebody plant a cable, and then you've got remote access. There were a lot of other tools in this space, like implanted video cables that you would implant on a monitor so you could remotely read what's being displayed on the monitor. Lots of cool tricks like that. Some were long range, some were short range, but all kinds of crazy spy gear that would allow impressive capabilities that very few people in the private civilian space even consider defending against.
[77:31]
Sean Ryan
Interesting.
[77:32]
Mike Grover
Yeah.
[77:32]
Sean Ryan
So what is the ANT catalog?
[77:34]
Mike Grover
Yeah, I forget if there was ever a mention of what ANT stands for, but it was just this leaked catalog with all of the different.
[77:43]
Sean Ryan
It was a leaked catalog.
[77:44]
Mike Grover
Yeah, somebody leaked it. A lot of people say it was from Snowden, but if you actually trace it back, it wasn't. It was never at least attributed to Snowden. Yeah, that just came out. And you get to look at the amazing spy gear that is out there.
[78:02]
Sean Ryan
What's some other stuff that caught your eye?
[78:06]
Mike Grover
Definitely those video cables. I'm trying to remember all the different things. We can pull it up actually, but. Yeah, you want to pull it up right now. I can pull it up on the Internet.
[78:15]
Sean Ryan
Pull it up.
[78:15]
Mike Grover
Sweet. All right, cool. So, yeah, let's go through just a few of the pages of the catalog. I haven't done this in a while. So rusty. But yeah. So let's look at just the hardware stuff we got. Let's see. What is this? This is a short to medium range implant for RF Trends receiver. This is a component that adds RF to one of the other pieces they have in here, which they call a digital core, to provide a complete implant. So it's kind of like a customizable. Build your own. What kind of implant do you need? They put this into various pieces of hardware. There's actually. I think it's over here. Here's kind of another implant. They call this the flux. Right Rabbit. It's a hardware implant designed specifically for Dell poweredge servers. Like a specific one hooks to. It's called a JTAG debugging interface. Basically a lot of hardware has like a debugging interface. If you get access to that electrically, you can do a whole bunch of stuff. You can implant things at a really low level on that machine. That gives you all kinds of access. Right. Gives you lots of data. So if you've got an implant that goes. Goes into there and hooks up to it, you've got like permanent access similar to the I was describing with the USB cable with that covert exfiltration mechanism. But this is baked into the machine. So I would imagine the way this happens is during mailing interdiction. So you know, Dell ships a server over to the customer, right. And our government knows this is happening, they grab it in the mail, crack it open, put one of these inside, close it back up, send it off to the intended target. And now they've got long term access inside there. Even if they wipe everything like down to the hard drives, put new hard drives in, you can still get right back in. They would have to crack everything open and look at all the hardware to find this type of stuff. Really cool, really cool. Types of implants.
[80:22]
Sean Ryan
Wow. And there's no way to know that.
[80:25]
Mike Grover
I mean there are ways. Yeah, you got to know what you're looking for basically.
[80:30]
Sean Ryan
Do you worry about that stuff at all?
[80:32]
Mike Grover
I mean it depends. Like I, I, me personally know, I know the types of targets that this is destined for and like you know, I, I, I'm not one of those targets.
[80:49]
Sean Ryan
What kind of targets is that?
[80:50]
Mike Grover
I mean, well I mean the, the Israeli pager situation. Great example of like, like do I worry about my pager exploding? Like I, I'm not Hezbollah. So no, I'm not worried. Just for example, just to put a very pointed like answer to very current topic. For instance, right now there are certainly lots of gray area, we've seen lots of gray area where it's like wait, you're doing surveillance on US citizens and like, like that generally isn't happening like with hardware implants and stuff like that. That's access to telcos, Internet providers and yeah, that's, I operate very openly so it's not, you know, I'm a little less concerned but it's more of a political and philosophical like you know, when nobody's got privacy, it changes society in ways that aren't very good. That's where I'm more worried.
[81:52]
Sean Ryan
How often do you think the US was using this on its own citizens?
[81:55]
Mike Grover
I mean this specifically like I would.
[81:57]
Sean Ryan
Suspect these types of things.
[82:01]
Mike Grover
Well, hardware implants, let's go with hardware. I don't know how often hardware implants would be used that tends to be super targeted like and super targeted also generally I would assume, I would hope means significant more legislative kind of. Not legislative, just legal oversight where you're getting the warrants and all these other things. Whereas these really wide net things, which hardware is much harder to make. Wide net, wide nets where you can collect all the things because you've got Access to telco, phone, Internet type providers and you're just slurping everything up. Yeah, Everybody would then be pulled into that. That's the kind of stuff that Snowden showed. Right. That's a different story. That's everybody get pulled into that one way or the other type problems that occur. So do you have to worry about people breaking into your network and just causing problems in your life? That's a complicated topic. It's more privacy invasion at that point. And it's like, yeah, what are we worrying about? Are we worrying about our personal safety, our personal freedoms, society as a whole and the health of it? If they, you know, and a free press? Like it's. Yeah, it's. It's a very large complicated topic.
[83:18]
Sean Ryan
Do you think China's putting this stuff into the electronics that we're buying from them?
[83:23]
Mike Grover
I mean, not like in the sense of like consumer levels. I mean it depends, right?
[83:30]
Sean Ryan
Like could it be accessed from that.
[83:32]
Mike Grover
Far away if they wanted to? Anyone, if anybody wanted, wanted to do that, yes. But the thing is doing it to just like off the shelf consumer stuff is a lot harder to do in terms of hardware implants, if you wanted to do it that way. That's where we get more into the software level, like software backdoors, which we've seen in things like cryptography. Right. It's posited that a lot of cryptography backdoors were put in by cooperation with the NSA for an example. I'm a little rusty on this stuff, but basically that becomes very valuable when you're slurping up all the Internet data. And a lot of that's encrypted. But if you know how to quickly break the encryption, well, now you can see the contents and that's where that comes in. And yeah, it's.
[84:21]
Sean Ryan
I mean a lot of people say that that kind of hardware is installed into our power grid.
[84:32]
Mike Grover
Depends, I would say. Well, God, I have forgotten. I think China makes a lot of our power transceivers and stuff, but make a ton of it. Honestly, from what I've seen and the people I talk to that work in all this stuff, I don't think physical implants are quite needed. Things are just not secure remotely, like externally, like if you don't want to. Literally. I think it was yesterday maybe. I don't know. It's something that news that has come up over the last few weeks where our own government is saying everyone, I think it was actually to their own government employees to use signal, use imessage, use encrypted chat. Do not use text messages because China has, they're just in all of the telco systems right now, which means they would be able to read the text messages. Right. They didn't need hardware implants that I know of to do this. Maybe they did that to get in, but now they're in that system. Right. Like they're, I've, I mean, I've helped in environments that a foreign adversary had gotten into and it took a bunch of time to evict them and find where they are. That was done all remotely. Right. Like there's a lot of this stuff doesn't require like the James Bond type hardware to get in.
[85:54]
Sean Ryan
Interesting.
[85:55]
Mike Grover
Yeah, that's a tricky topic.
[85:57]
Sean Ryan
Interesting. Do you worry about it?
[86:01]
Mike Grover
I mean there's so many things to worry about though. Like yes, kind of. There's. Once you've seen enough like horror shows though, you're like, oh wow, everything's just broken. And society as a whole, it's amazing that it operates. Just the levels of trust. Like one person is all it takes. With enough well placed damage. And whether it's security or just electrical, power grids, all these things, all of it can just tip over. Right. With just enough of a push and everything's that way. It's not just security. Yeah. So I don't know, I kind of just lump it all together of like this is a really good experiment for humanity. I mean, humans have been what on this planet for some say 300,000 years. Right. Like we're living in the best time. There's like, I don't think there's a single person alive today who would be like, yeah, bring me back at random more than a hundred years ago, sign me up. Like that's, that's, that's not a good, the odds are not good. Right. Like we're the most comfortable. We've been most well off on average across the earth in this last hundred years. And you know, it's a good experiment and things are volatile. I mean that's kind of the consequence of freedom too, right? Like it's the people gotta, gotta maintain it.
[87:32]
Sean Ryan
What text messaging app do you use? Do you use.
[87:34]
Mike Grover
I like Signal. Signal sounds great.
[87:36]
Sean Ryan
You know, there's a lot of rumors that the CIA created Signal.
[87:39]
Mike Grover
I'm sure they did. I mean, so the, I think they helped fund it actually. But they helped fund a lot of things, our government, in many ways. But I mean Signal is an amazing tool if you're an agent as well, like you're going to be overseas in hostile environments and you need to communicate. How are you going to do that securely? Are you going to use a secure tool that stands out like a giant red flag because nobody else is using it? Probably not the greatest thing. It's like, hi, I'm an agent. I don't know what you're saying, but there's an agent right there. Right. I mean, obviously there's answers to that and stuff. But it's valuable as like, oh, that's just the tool everybody uses. Signal. Everybody's got that. Right. That's valuable. Obviously there's always trade offs. Right. It's like it can be used for bad, it can be used for good and who's bad and who's good and whose perspectives. Yeah, right.
[88:33]
Sean Ryan
I mean, that's how we communicate via signal.
[88:35]
Mike Grover
Yeah, yeah, exactly.
[88:36]
Sean Ryan
Is that how you communicate with everybody?
[88:38]
Mike Grover
A lot of people? Yeah. I mean, I will meet them where they're at. Right. Like my manufacturers and stuff don't use signal. They've got different governments over them and things like that. That, yeah, it's interesting. So, yeah, whatever you use, I'll meet you there. But contextually it matters, like, okay, I'm on this platform which can be seen by these adversaries. Cool, noted. I'll make sure I keep that in mind. Which is kind of the whole point of the psychology. When you know you're being watched changes how you behave in ways that can be negative. Like what's, you know, if you're always being watched by somebody, what does that make you? How does that make you behave so different? So, yeah, yeah. I mean there's, there's lots of other, other cool things in this catalog, like reflector. So this is for picking up audio. This is standard audio. Bugs, right? Like, you know, spying on what's happening in the room.
[89:45]
Sean Ryan
What else?
[89:45]
Mike Grover
We got lots of cellular based stuff. Stuff. Now this, this is like 10 years old at this point. So a lot of this stuff is well known. Really tiny implant. So this is, this is like a, probably a VGA cable here for like an older monitor, which made more Sense back in 2008. Really tiny implant into that cable, tap to one of the color signals and it would allow somebody to kind of energize it with like a radio pointed at it more or less and then receive the signal bouncing back with the, the video signal encoded in the bounce. So then you'd be able to see what's on their screen.
[90:32]
Sean Ryan
Wow.
[90:32]
Mike Grover
Really cool stuff. Right?
[90:34]
Sean Ryan
What do you think was in the spy balloon that was traversing the.
[90:37]
Mike Grover
I don't Know, I. I haven't studied those well enough, but, I mean, there's a lot of amateurs that just do that. Like, it's. They'll just set up a balloon, and it's kind of like the. The ham radio space kind of in a way where they're just like, oh, you know, we. We can track it, and there it goes. It goes around.
[90:53]
Sean Ryan
And let me rephrase that question. What could have been? What could it have been?
[90:57]
Mike Grover
I mean, I don't. I don't know, man. There's that. That's probably outside of my skill set and awareness and research, but, I mean, it could be used like a balloon. I mean, I probably. Probably be using a drone more because the problem with balloons is they're much more higher altitude, which causes problems for a lot of electronic circuitry because it gets really cold and stops functioning. Also, you know, you've got power that you got to deal with, so best you can get is battery. That's not going to. Batteries also start to fail at that level of cold, right? So you need special batteries, something to keep it warm, which means more energy. So you're getting from solar. Solar power, probably. This is really low power stuff, right? Like, I don't know, maybe just the value of how does someone respond to putting something in their awareness, which is absolutely a thing. Right. How does someone respond? Which, I don't know, similar to the drones that are popping up and, like, I don't know where that's coming from. New Jersey had one recently, but there's lots of, like, drones in the sky. I'm like, I don't know what that is, but I would love to find. And is it collecting data or is it just seeing how people respond to unknown, unreported drones in the sky for, you know, tactical knowledge in the future?
[92:18]
Sean Ryan
All right, Mike, let's get into some of the stuff that you make. I know you have exploding hard drives. You got the OMG cable. You're making all kinds of just crazy wazoo wizardry gadgets that I am just fascinated with. And so where. Where did this kind of start? Did it start with the exploding hard drive? USB drives?
[92:39]
Mike Grover
Yeah, I mean, kind of. Like, I had always been tinkering with things like. Like those beam bots, right? But yeah, so I think it was on Twitter or something. I saw just a picture of somebody with a USB drive. The shell was open, and there's just like a firecracker sitting inside of it. No idea if it worked or not, but I'm just like, everybody has the same Visceral response to seeing. And I was like, oh, shit. Exploding thumb drive. And I'm like, you know what would be cool? As if it was worse. So, USB rubber ducky. Got to explain what that is. First, for this to make sense. My now business partner, Hak5, invented the USB Rubber Ducky. I don't know, like, 15 years ago now, something like that. It does the same basic keystroke injection that I had demoed with the cable. Right. Where you plug it in, it types something really fast. Whatever you want to control a computer or whatever you want. Right. I wanted one of those that also exploded. So first thing I had to do is, if you open up a rubber ducky, there's not much space in there. It's all electronics. I'm like, okay, how can I shrink this really tiny so I have space for something that goes boom? So I spent a lot of time playing with that right now. I. I didn't recreate a rubber ducky exactly. Like, it's a really, really limited version. Like a few hundred keystrokes, really slow done right. That's it. Really hard to use. But it was tiny. And I shrunk it and shrunk it, shrunk it, shrunk it. And it's just. I don't know. I think it was like 8 by 10 millimeters when I was done. Like a pill, basically, that left the rest of the thumb drive empty that I could hook up with a little mini detonator and some. Maybe firecracker or two and a bunch of confetti. And I rig this up to a keystroke injection payload that opens a browser to an animation of Jack in the Box. And he's cranking it right on the screen. Except it goes for an awkwardly long amount of time to build up tension. And it's going, it's going.
[94:44]
Sean Ryan
That's what shows up on the screen when you plug it in.
[94:47]
Mike Grover
So you're watching that hat and then pop the. The drive blows up. Confetti goes everywhere. And I'm like, yeah, that was cool. I. I just viewed that as fun.
[94:57]
Sean Ryan
Yeah.
[94:58]
Mike Grover
Another type of art or something like that. Put it out on the Internet and it was like, that's crazy. A lot of people ask me to sell that now. No, that's a terrible idea for so many reasons. Liability, et cetera. When you put something into the world that can be used negatively, it's always worth gaming out. Like, how bad can it go and can you prevent some of it? Which I've done a lot with the cable, but in this case, it was just something I wanted to put out there. But at that point, I had a really tiny ducky that I could maybe I could put it in other things. And eventually I got the idea, probably in doing my IT job, looking on Amazon for spare parts for hardware and stuff, I noticed there were, like, USB cable repair ends and boots. I'm like, wait, what, you just get those? You know, at the time, I didn't know much about manufacturing, right? Got some of those and realized there was enough space in them for the cables. And this really tiny, you know, fake ducky, right? Shove it in there and I get the very first proof of concept of a malicious USB cable. Yeah, I put that out and I already told the story about that one where it gets out there and a lot of people like it and then a lot of people wanted it. I think almost a year goes by before I'm like, you know what? I could make that way better. That was a toy. This is a cool gimmick to show a very basic prank. Barely even worked for that. What would a proper tool look like? I was getting way more into the concept of I want to do red teaming as well. So I'm combining those things. And, yeah, like, okay, well, I need WI fi. I need remote control to update payloads after it's already in play. Because the idea is you can either deploy a cable, like, physically get insight, or you could just leave it in somebody's bag. Just leave it around. And eventually people are going to take a cable sometimes, and they'll bring it in with them to the secure space. Like, cool. I didn't have to even go in. Great. Which creates some interesting legal problems which we can get into that I've also solved. But, yeah, that kind of is just how it kept evolving. And then at that point, it's like, okay, this is a real tool. At the time, I was thinking I should do this in a way that I just make it open source and everyone could make their own.
[97:28]
Sean Ryan
Are we still talking about the usb?
[97:30]
Mike Grover
Yeah, USB cable.
[97:31]
Sean Ryan
Okay.
[97:32]
Mike Grover
And that's. I thought about that, right? Like, I was prototyping this cable, this new one, like, on a desktop mill for cutting PCBs, right? Like, I was pushing the limits on this machine where you can mill a pcb. So the pcb. Actually, I got a little problem for this. So a pcb, like, here's a complete product. This is a Raspberry PI, right? When I say pcb, I'm talking about just the green part here.
[98:01]
Sean Ryan
Oh, good.
[98:02]
Mike Grover
That's Just, it's basically a fiberglass and epoxy with a thin layer of copper on it that gets turned into traces and that connects all of these components. The black thing there, that's a component. And all the little things you see on there, they're soldered on it's components with copper traces connecting them together electrically. Right.
[98:22]
Sean Ryan
Okay.
[98:23]
Mike Grover
So, so I used a mill to kind of cut out the copper traces. And I would assemble in my garage lots of different test versions of what this cable could look like. And I got the idea, kind of going back to the defense distributed concept where, oh, open source is this. People can make it on the desktop mill, go that direction. What I Learned over the 12 months of revising and revising is it's really hard to do this. DIY was just not in the cards. Nobody was going to be able to do this. I'm like, okay, well let's throw out the DIY. I can just turn up the complexity. There's PCBs with two layers, like copper on each side. Right. That's the common one. I can make those in my garage. But okay, what if I want eight layers or something like that? That gets really expensive. We're talking every time I want to do a run of an A layer PCB. Six layer PCB is a minimum $1,000.
[99:28]
Sean Ryan
Okay.
[99:29]
Mike Grover
Like I have to send that off to a factory. They're using lasers and all kinds of crazy X ray inspection stuff to do this. So I'm like, okay, if I can use that, how far can I go? And that kind of is how I evolved into making a more and more and more complex cables cable that is like the latest generation OMG cable. It does all of these different things and.
[99:53]
Sean Ryan
Yeah, very interesting, very interesting. So, so how did you go. So you went from the exploding usb.
[100:01]
Mike Grover
Yeah.
[100:02]
Sean Ryan
To the, to the. What do you call it? What do you call the, the usb.
[100:07]
Mike Grover
The exploding usb.
[100:08]
Sean Ryan
The other one.
[100:10]
Mike Grover
The. The OMG cable.
[100:11]
Sean Ryan
Yeah. Yes.
[100:12]
Mike Grover
Yeah, I just. OMG cable.
[100:14]
Sean Ryan
But there was a hard drive, there was a USB cable that did with the om.
[100:17]
Mike Grover
Oh yeah. So I guess I just kind of call it like early prototype tests. I was referring to it kind of at the time as like bad USB cable, which is not an accurate description. It was more of a nod to some research at the time that was called bad usb. That's where you would take an actual thumb drive. There's a few old, old thumb drives that, that you could take and reprogram the controller on it. Actually do keystroke injection among many Other things. It was also a worm that would replicate to other thumb drives you would plug in. Cool concept.
[100:51]
Sean Ryan
But what was the first product you took to market?
[100:55]
Mike Grover
OMG cable.
[100:56]
Sean Ryan
Definitely the OMG cable.
[100:58]
Mike Grover
So here's the thing is I was making a lot of these things for personal use, but I would also kind of sell them to friends and stuff. It's kind of like the back alleys of defcon type situation. I wasn't advertising this, like if you know me, I know you. I'll give you some of these things. Gotcha. But it became clear like I had to start scaling up like the first batch of prototype OMG cables. I think it was 2019. I brought as many as I could. They took me. It was like 8 or 16 hours per cable and 50% of them were failures. Because. Because. Which is terrible. When you make something like an electronic product, usually you get like 95, 99% yields, which means 1 to 5% are failures that you throw away. These things were so hard to self assemble that I was throwing away 50% of what I made. So that automatically doubles the amount of time invested to make a cable. So I'm doing 16ish hours per cable to make them.
[102:05]
Sean Ryan
Wow, 16 hours of cable.
[102:07]
Mike Grover
Silly. So yeah, I was kind of hitting my limit of like what I could accomplish with the time I had. And it's like, you know what, I need to learn how to like delegate this outsource manufacturing assembly because I was also doing this like hand placing things. You go to an assembler. So there's a couple steps here. So I'm going to run you through basically. Basically the manufacturing pipeline that I slowly learned is important here. But first, Hak5. It's really important to mention Hak5 here. So USB Rubber Ducky already mentioned, you know, that's Darren. Darren Kitchen is founder of Hack5. He, you know, that was his baby invented about 15 years ago. He's got so many other things. Like the Land Turtle. The WI FI Pineapple just packages.
[102:55]
Sean Ryan
What are these?
[102:56]
Mike Grover
They're similar to the antenna. Exactly right. So all of these are different kind of like hardware implants or hardware tools for. They're multipurpose but often used for offensive security. So like the Land Turtle is like a network implant that can control a computer but also like sniff up network data or just do malicious network stuff. What else? WI FI Pineapple. This is a little box with antennas on it that allows you to do network attacks. Right. Really cool stuff.
[103:30]
Sean Ryan
Network what?
[103:31]
Mike Grover
Network based. So WI FI attacks. Like you break into WI fi, you can they call them like man in the middle concept? I like to refer to it as mischief in the middle. But basically you've got your device here and the wireless access point here, right. They're talking but you bring in a WI fi pineapple and it can kind of intercept in between the two. There's so many different ways you can do this. There's no one single way. It's lots of wifi based tooling. Another example, it's not so much relevant these days but you know, when you connect to like your free WI fi access points, coffee shops and stuff, your phone remembers that typically you've told it to remember that usually. So next time you're in range it's gonna automatically connect. Right. The WI fi pineapple for instance, can say, guess what, I'm that WI fi too. Right. So if I pull up one right here and put it next to you or just anywhere you happen to be, your phone's going to be like, oh I know that WI fi, let me connect to it. Right. So that type of stuff, there's just so many different attacks that I couldn't possibly run through all of them. But that just as an example, there's so many different approaches to security. We think about computers and plug in USB in, but yeah, there's other things. There's the network, there's the wireless, there's near field communication with badges and things like that. Totally different tools, totally different specialties and focuses the badge readers you don't think of as computer security for the most part. It's just building access. Right. But that's all one whole, whole thing. Interesting. You're doing proper, complete security awareness and testing.
[105:19]
Sean Ryan
Well, let's take a quick break.
[105:20]
Mike Grover
Yeah.
[105:21]
Sean Ryan
When we come back I want to get into what is the actual OMG cable.
[105:25]
Mike Grover
Oh yeah, good point.
[105:26]
Sean Ryan
Perfect. The economy has been a major burden on Americans. Wages are flat, expenses are up and it keeps getting harder to pay all the bills without reaching for credit cards. If you're a homeowner owner and you're frustrated with that cycle, I want you to make a 10 minute no obligation call today to the people over at American Financing. Interest rates have dropped and if you're constantly carrying a credit card balance each and every month with a rate in the 20s, American financing can show you how to put your hard earned equity to work and get you out of debt. Their salary based mortgage consultants are saving their customers at an average of 8, $800 a month. And if you get started today, you may not have to make the next month's mortgage payment, call American Financing today. 866-781-8900. That's 866-781-8900 or go to american financing.net SRS this episode is sponsored by Roka. Roka is a performance eyewear brand for people who want to invest in themselves. Roka manufactures premium sunglasses, prescription eyeglasses and readers, and cuts all of their lenses here in the US at their headquarters in Austin, Texas. ROKA recently partnered with one of my favorite guests, Dr. Andrew Huberman, to launch a new line of glasses called the Wind Down Collection. Guys, I've tried these. You know I have problems sleeping. I absolutely love, love, love these frames and lenses. They're available with and without prescription and have a proprietary red lens that helps filter out short wavelength light. Short wavelength light is in pretty much all artificial light and it's terrible for your sleep. Roka Let me try a pair of these things and I can feel the difference whenever I wear them. I wear them in the evening after the sun goes down. I pretty much start it at dinner and I wear it until bed. And let me tell you, these things work. With so many options and eyewear and wellness products out there, it's a relief to know the glasses I'm wearing help. Two things I really care about, my vision and my sleep. And as a business owner, with all the decisions I already need to make every day, wearing a pair of Roka's glasses is one of the best ones I've made. Check them out for yourself@roka.com and use code SRS for 20% off site wide at check check out. That's roka.com with code SRS. Even though I'm excited for the new administration, there's a lot of tension in the world. Russia, Ukraine, the border, inflation. Who knows what could happen next? Me, I'm not waiting around to find out. And I don't think you should either. Look, it's simple. I want you to go to Sean Likes Gold dot com. You'll learn about my partners over at Gold. They're a great precious metals company that I trust. They're one of the top rated gold companies in the industry with impeccable customer service and they support the show. And for my listeners, they're going to give you a free Gold and Silver kit where you can learn about how precious metals could help you protect your money. You could also get up to a 10% instant match in bonus silver on qualified orders. That extra 10% is a great way to get started. Plus it helps support the show Show. All you need to do is go to SeanLikesGold.com that's SeanLikesGold.com make sure you do everything in your power to help protect what's yours. Performance may vary. Consult with your tax attorney or financial professional before making an investment decision. All right, Mike, we're back from the break. We're talking about the OMG Cable, but, you know, we need to, I want you to discuss and talk about exactly what, what it is that the OMG Cable does. And, and show us an example. And, and for those that are listening, if you go to Mike's. Everyday Carry does a phenomenal job at actually showing what it does real time on computers, on phones. It's fascinating. But go ahead and give us the, you know, show us what it is and, and, and walk us through what exactly it does.
[109:44]
Mike Grover
Yeah, definitely. Let's pull one off the visual. There's a good one. So OMG Cable, right? Looks exactly like one of the many USB cables you've got. And if it doesn't, I got a whole bunch more hair to guarantee it does here.
[110:05]
Sean Ryan
Yeah, pull that. Oh, let me see that. But yeah, so it's got a whole, a whole line of them.
[110:13]
Mike Grover
Yep.
[110:14]
Sean Ryan
And I got the complete set.
[110:16]
Mike Grover
Yeah, you did.
[110:16]
Sean Ryan
Watch out. But yeah, so what is. So each one of these fit a different phone or, and, or USB drive.
[110:24]
Mike Grover
Yeah. I mean, so basically think about.
[110:27]
Sean Ryan
I should say.
[110:27]
Mike Grover
Yeah, I mean, think about all the different. And it's. Think of it as camouflage, basically. It's like, what's the environment? Do they use white cables? Do they use usb? A USB C? Is it a Mac shop? Cool. They're going to have lightning on one end. Maybe if they got the older phones. If it's newer phones, cool. USB C. And it's really about blending in to fit what's already in place. So you could swap it out or you can do other things. There's a lot of different approaches and techniques you can have when you have a device that is physically invisible and just hiding in plain sight. So that's the physical aspect of it. And that took me a huge amount of time of shrinking down the components, which I will describe in just a second. But shrinking it down, it just took absurd amounts of time. Just designing the PCB that goes in here and then beyond that, just the entire process of integrating the PCB into a cable that just took like a year basically.
[111:30]
Sean Ryan
Well, before we get into, into how you manufactured it, let's talk about what it does.
[111:34]
Mike Grover
Yeah, exactly. So the PCB inside of Here, what it does is when you plug it into a. It's primarily targeting laptops and desktops. It's got a PCB that will wirelessly kind of light up and it'll connect back to you. There's so many different ways you can configure it. But this wireless connection allows remote connection into the cable. Get a full web UI in your web browser. Right. Whether it's on your phone or laptop, can even connect out to the Internet. And you can connect to this thing from anywhere on earth if you do it that way. What's it do, though? You got control of this wirelessly.
[112:13]
Sean Ryan
When you say it can connect to the Internet, does it bypass passwords?
[112:17]
Mike Grover
No, you still gotta have a wireless network it can connect to. Or. Or you bring one in. Like, if I open my phone right now and looked at all the wireless networks, I bet there's probably one in there I could connect to. If not, like, are you going to notice, like a free coffee shop WI fi nearby?
[112:35]
Sean Ryan
No.
[112:35]
Mike Grover
Why not? For instance? Right. The flexibility is the name of the game. With this, there's no one way to use it. There's so many ways. Because in a Red Team scenario, you don't know what you're up against and you're going to need some options to circumvent a move. But yeah, still, what does it even do? You're connected to it, but it primarily emulates a keyboard. Says I'm a keyboard, and it types really fast. So what does that do? Literally anything I could do sitting at the computer at the keyboard. So whether that's implanting malware or whatever it may be. Right. That's kind of the basic, basic functionality of it. But I mean, it's not it. USB cables can often connect a keyboard to a computer. You're sitting at a desk, swap out that cable, and this can now intercept the keystrokes, which is really good. Just like one classic use case is if the machine is locked. I mean, you can type all you want, but you're at a lock screen. You need to get past the lock screen. What do you need to get past the lock screen? You need the password. Right. How do you get the password? There's a lot of ways. I mean, you could call up the person and effectively ask them for it by saying, I'm it or something like that. But if you're deployed between a keyboard, you can just pull it right off the lines. They're going to type that password every single time they log into the computer. You remotely see that you rebuild a New payload that maybe when they go to lunch in the evening, when, you know they're not at the machine anymore, anymore, it's just going to type in that password automatically, unlock the machine, and then do all the nefarious things you want it to at that point.
[114:20]
Sean Ryan
So you just have full access to the computer. Yeah, at that point you can see everything. You can access anything so long as you capture the password from the keystrokes.
[114:31]
Mike Grover
Yeah, not so much seen. Not. Well, there's a lot of. It depends. Right. But it's more like.
[114:36]
Sean Ryan
Is it like a screen share, like that team viewer thing?
[114:40]
Mike Grover
Not at this stage. So at this stage we're just blindly sending keystrokes in. Right. So as long as you know what OS it is or something like that, that's all you need on a desktop. Like, I know if I hit command space, it's gonna open up Spotlight on a Mac and then I can open up Chrome and then go to the address bar, do some things. Right. For example, like that's a very repeatable series of keystrokes and you can do them really fast once you know it, just for an example.
[115:08]
Sean Ryan
Okay. All right.
[115:10]
Mike Grover
So that's the basics of the very core functionality. And then you combine that with key logging and suddenly you're getting a bigger picture here. But there's also other.
[115:21]
Sean Ryan
Hold on, I want to go down.
[115:22]
Mike Grover
Yeah, yeah, totally.
[115:23]
Sean Ryan
I'm a dummy with shit.
[115:25]
Mike Grover
Yeah, let's go deep.
[115:26]
Sean Ryan
So. Yeah, so what would you. So now I didn't even understand that, to be honest, when we did the EDC pocket dump. So basically you're so in that little window, you said there'll be a window that might pop up for.
[115:39]
Mike Grover
Oh, yeah. So you see a little window blink. Right? That's basically your terminal. In that case, there's a lot of things I could do. But in that case, on that, I think it was.
[115:50]
Sean Ryan
So you could put some type of a Trojan horse or something in there and implant it in the computer, like very.
[115:58]
Mike Grover
Exactly.
[115:58]
Sean Ryan
Right Through a series of keystrokes.
[116:01]
Mike Grover
Exactly. And then if you detect the Trojan on there and you remove it and the cable's still in play, which it's designed to be, just put it right back on.
[116:11]
Sean Ryan
No shit.
[116:12]
Mike Grover
Which is absolutely a thing that has happened with a bunch of my customers that they have told me that, you know, they did an engagement with a very high profile client, we can go into these types of things. But that reinfection vector is exactly what they used.
[116:26]
Sean Ryan
Do you prompt it or does it just automatically do it when you put it in the computer, either or.
[116:30]
Mike Grover
So all about flexibility. So you can program this a couple different ways. So what I showed was me remotely connecting to it and I hit go. But this can be configured that when it powers up, when it gets plugged in, it powers up. It can immediately run a payload. It can wait a series however long you want and then run a payload.
[116:52]
Sean Ryan
Is the payload the actual keystroke or.
[116:54]
Mike Grover
Yeah, exactly. So we're not. When I say payload, it's the series of keystrokes that gets run and the.
[116:59]
Sean Ryan
Malware or the Trojan horse or whatever you can.
[117:03]
Mike Grover
There's ways of typing out, like if you got like a small executable that you want to transfer over. There's a couple of ways to do that. Like, you just use the keystrokes to download it. Right. You can download stuff from like the terminal, for instance, or I could use Chrome and download it there and go to the downloads folder and open it up there.
[117:20]
Sean Ryan
Your keystrokes?
[117:21]
Mike Grover
Yep. I can navigate everything with keystrokes.
[117:23]
Sean Ryan
So you could. I have no idea what the hell I'm doing with this shit, but I'm learning.
[117:29]
Mike Grover
We need to do some fun stuff.
[117:30]
Sean Ryan
So you could send somebody an email and with a. With a downloadable. Whatever.
[117:37]
Mike Grover
Yep, that's one way. Yep.
[117:39]
Sean Ryan
And then plant that cable on them. They plug the cable in, it does the keystrokes automatically to. To open Chrome, log into their email, download the thing.
[117:52]
Mike Grover
Yeah, it's one way. Yep.
[117:53]
Sean Ryan
Go to the downloads folder, download it, then you're in. And it all happens within like a couple of seconds.
[117:59]
Mike Grover
Yep, that's one way. I mean, I probably wouldn't email it to them because if I was going to email it, I probably include an email that convinces them to just run it for me. But if I'm up against a hardened target where they're not susceptible to that, they're unlikely to do it. I'm like, okay, well, let's get a cable. That'll do it for me. Me as. As an example. Right. This can also do mouse movements too, if we need lots of control there. And yeah, it's. You can also. Yeah, so the, the malware. Right. You can download that. You can also type it back out. It's called base 64. It's just a whole bunch of. It looks like random garbage characters. If you open, like if you open up an executable with the notepad, roughly stay in high level here, you're gonna see a bunch of garbage text. Right. But you type that same text out in a notepad and save it it's that executable. So I can type that back into the computer and boom, there's the executable, which is something we've done quite a bit in environments where they're checking what is being downloaded from the environment. The Internet. Okay. You're looking at the Internet. Cool. I'm gonna just type this, this little piece of malware back into the computer. Lots of cool tricks you can do like that.
[119:18]
Sean Ryan
Wow.
[119:19]
Mike Grover
Ton. And, and so there's other aspects of this too. So you know, keystroke injection, mouse injection. I showed you the key logging. Oh. You were asking about the ways of triggering it. So I showed you remotely. I can click, click go. We can have it boot up and go. There's also what I refer to as geofencing. Basically it's got wireless in there, so it can just look at the nearby networks and figure out where it is and where it isn't. And you can trigger or block things on that. And there's a self destruct function where it'll erase everything on it. Now, it sounds super nefarious, but it's actually prompted by legal. A lot of places have strict controls. So with the USB rubber duct buggy, does the keystroke injection. Looks like a thumb drive by Hak5. That's my business partner. They invented that 15 years ago. Ish. What they would do is you could put salaries XLS on it. So it's like, oh, that must be the company salaries. And litter it in the parking lot. That's one way that people would be convinced to pick it up in the parking lot, bring it inside, plug it in, see what's on it, and. And boom. They've just infected themselves with malware. Right. There's a downside to that, which is depending on how bad that payload is, if you're a red team, you're an employee of this company, right? You've got malware sitting on a loose object that anyone could pick up and bring it home, bring it into another business. And now you have just infected another business. That's not ideal. Right. So certain environments, their legal team is like, no way. You put geofencing on this. You have a payload where it boots up and it just says, am I in the office? Is the corporate WI fi present cool. If not completely wipe everything.
[121:11]
Sean Ryan
Are you shitting me? So you. Wow. Wow. So it knows where it's at.
[121:18]
Mike Grover
Yep. And where it is isn't.
[121:22]
Sean Ryan
Holy.
[121:24]
Mike Grover
So this, this scan right here, this was done by Lumafield. They've got a CT scanner, which is basically An X ray scanner that takes a lot of X rays, little slices across a product, and then assembles it into a 3D object. So Lumafield, I actually just did some work with them to, you know, sit down and talk about their machines they use for all kinds of things. Manufacturing, inspection, but also starting to get into, like, a lot of security stuff, like where you can literally see inside. This is a scan of the end of one of my cables. So right here is the connectors, USB connectors. And over here we got the components. So this is the main processor. And this little thing over here is the antenna. You can kind of see the USB wires run out the bottom there.
[122:09]
Sean Ryan
Wow.
[122:09]
Mike Grover
And the cool thing is. Let's see if I can turn this. There it is. That is the whole internal. And lots more components kind of on the back. You can use this to step through every layer and just see literally every little detail about something. So if you got untrusted hardware, for instance, that scanner would reveal all of the internals. In this case, it's just really cool and it shows off. Here's what's inside my cable. That's all the magic.
[122:41]
Sean Ryan
You got to get that framed.
[122:43]
Mike Grover
I think I'm going to. It's a beautiful scan.
[122:46]
Sean Ryan
That is very cool.
[122:47]
Mike Grover
Yeah, they have done a lot of work to kind of democratize the access to CT scans. Connecticut scanning machines are normally this industrial machine that's really hard to use and really expensive. Like, we're talking like a million plus dollars for machines. Roughly. They do a subscription where it's like the cost of a maintenance contract. And they did some amazing stuff to make it super usable. Like, you can see me turning this. It's super easy to use the outputs and set it up. And they did something magic. And I don't know that they communicate this, but the sensor on a X ray machine normally decays and you have to replace it. They've somehow made like an eternal scanner, so reduces the cost as well, which I don't know. I'm completely obsessed with your technology right now, so sorry for the momentary splurge on that, but.
[123:40]
Sean Ryan
Oh, that is super cool. Super cool.
[123:42]
Mike Grover
Good stuff.
[123:43]
Sean Ryan
Who are your customers?
[123:44]
Mike Grover
I got everyone, basically. So here's the thing. Me personally, I've got one customer, Hak5. And we can probably go into the story about how we met, but basically when I was making these things by myself and I needed to take the jump into manufacturing, had a lot of bad experiences. But Hak 5 was amazing. They're like, let me just kind of show you the ropes, right? Like manufacturing, running a business, all this stuff. Darren has been great to me, so I sell all of my stuff to him and all of my products are available on Hak5. As a result, they take care of who gets it and they have very tight expert controls. There's a lot of countries they just will not ship to.
[124:30]
Sean Ryan
Can I just go on there and buy it?
[124:32]
Mike Grover
Yeah, you can. You're not in a prohibited country.
[124:35]
Sean Ryan
Wow.
[124:36]
Mike Grover
So, yeah, you can just go in there and buy it and hobbyists can use it. Security researchers, awareness training. So that's where you go on stage and kind of just show off concerning things so that people change their behavior. And primarily red teams. There's lots of red teams in the private space. You know, Fortune 500, military, industrial, government, all have their own equivalencies to that. And again, the red team is where you are emulating what an actual attacker does from end to end, penetrating to the, getting into the company and all the entire chain of hopping around and getting to the crown jewels, pulling those back out. That is red teaming. And this is used a lot there. So I have a lot of customers who will also reach out just for advice on how to use the cables. Or maybe they've run into a situation like that legal constraint, like, hey, this is cool. But like, oh, yeah, cool, let me just fix that and solve that legal problem now. I don't know, like the full scope of what they're doing, but it's like, oh, here's a problem. I can solve that for you. There's. Yeah, every. They. They are the people I've talked to. And now I. I've. I know a lot more than I can talk about here, but there are plenty of people who have said, yeah, you're going to. Sean Ryan, go ahead and you can talk about it this way. Couple people.
[125:59]
Sean Ryan
Who are those people?
[126:00]
Mike Grover
Yeah, so.
[126:03]
Sean Ryan
Is it my former employer?
[126:06]
Mike Grover
I mean, possibly. So I don't know that level of detail and don't really want to, but as long as they're part of, like, the okay entities.
[126:14]
Sean Ryan
Are there any okay entities?
[126:16]
Mike Grover
Yeah, I know exactly right. The ones who aren't.
[126:18]
Sean Ryan
Hold on. Podcast.
[126:20]
Mike Grover
This is going to be defined on who is or isn't going to put me in prison. So that's my definition of good in this scenario, is keeping those people happy. But to be clear, there's another advantage here, which is some of these places are critical infrastructure that they work at or are tasked with securing or improving the security. So we all benefit from that. I don't want A place that has some form of nuclear material in it getting compromised. Because the people who want to compromise those places are probably looking to hurt me in some way. Right. So let's help them. So the other feature kind of added to these cables recently is call it HID X Stealth Link. It's kind of the branding of it to explain what it is, but ultimately still acting as a keyboard, but now it's got bidirectional data transfer. So like a network interface, but without ever showing as a network interface, you can send data back and forth between the computer and it just looks like a keyboard to the target system. This was used for quite a few people in a lot of environments. But in this case, the critical infrastructure was not looking for this type of exfiltration technique. And it worked really well. Got them in and they achieved their objectives with this critical infrastructure and got it fixed. I was told that my name got put into a report that I will never have access to. But that's extremely cool. It's like cool. I got my name into a report to fix some critical infrastructure with a technique that we developed with my team. And honestly, I'd love to pause and even talk about that team because while I make the hardware and the manufacturing and run the business, all the tricks this does heavily about the actual firmware that runs on this and that requires multiple people to pull off.
[128:17]
Sean Ryan
Let's talk about your team.
[128:19]
Mike Grover
Yeah. So there's a couple pieces of this, but one guy is retired and just loves working on hardware. Prior to this, I mean, he did. Did a lot of things, but prior to this he was working on the firmware for police body cameras. So very interesting background there. Another guy is blind and he does kind of the. The ui. You see, it's kind of poetic. He's the. The blind guy is in charge of the ui. He's got a lot of experience.
[128:47]
Sean Ryan
What is ui?
[128:48]
Mike Grover
Yeah, so the, the visual interface, when you open it up in the control panel and you got all the buttons and stuff in there, you.
[128:55]
Sean Ryan
Hold on. Pick that cable up.
[128:58]
Mike Grover
Yeah. Yes.
[128:59]
Sean Ryan
When you open that thing up and look at the control panel and the buttons wirelessly.
[129:03]
Mike Grover
So when you connect to it wirelessly with your web and then you open your web browser and then connect to the, the IP address, you get like a, a web web page. Right.
[129:12]
Sean Ryan
Okay.
[129:13]
Mike Grover
With all the buttons on it that give you the controls, you can view the key logs, open the hundreds of payloads you can save on here and run, run them all. That's purely visual. Click on stuff. It doesn't have to be. You can automate it. But yeah, it's primarily visual and it allows all the cool controls to happen. So got another guy who you know in education and a lot of them are familiar with, you know, the government contracting spaces as well. Fairly small team, but they've been along for the ride the whole time and just constantly interested in picking up just challenges. And like the way the keylogger works on here is like that's not supposed to be possible.
[129:54]
Sean Ryan
How did you get this word out? How are you marketing this?
[129:58]
Mike Grover
That's a really good question, actually is I have not done any marketing yet. This thing kind of has its own.
[130:03]
Sean Ryan
Legs, which I mean, I could imagine. But I mean, what was the first thing?
[130:07]
Mike Grover
Like how did I put a. I think I just put a video out. Video of like, hey, like I made this with my mill. Check it out. Out. Here's what it can do.
[130:18]
Sean Ryan
Excuse me.
[130:19]
Mike Grover
Yeah, no worries. Here's what it can do. And then just took off like that was mostly in the infosec space. So, you know, it kind of went around the hacker community and the professional security professionals. Security professionals. And at some point it just kind of goes outside that bubble because it gets enough traction. Like Vice took it, Forbes took it. You know, there's so many different high profile.
[130:47]
Sean Ryan
This has been in Forbes?
[130:48]
Mike Grover
Oh yeah. This has been in Forbes a couple times. Look mom, I made it to Forbes. Yeah, it's been pretty wild. I am at the point though where I am starting to think about focusing purely on this because it has just become this awesome monster that, that takes a lot of my time as well as running Red Team as well. So that's probably something I'm going to be pivoting into very shortly and focusing on that, helping the team and seeing what more we can do. Probably going to relax for a bit though.
[131:28]
Sean Ryan
Good for you.
[131:28]
Mike Grover
I'm tired.
[131:29]
Sean Ryan
How is business? Is it going well?
[131:31]
Mike Grover
It's very good. So I'm probably long overdue to join jump.
[131:37]
Sean Ryan
What do you think you'll grow into with this?
[131:39]
Mike Grover
I have no idea. So I've never had a plan ever on any of this. It's just what's the thing and the opportunity at the moment and how can I play with that in an interesting way, which there's a lot of things why you would want to plan in business, but I don't know, maybe eventually I'll have a plan.
[132:01]
Sean Ryan
Do you have any fear about this being on the market, Sylvia?
[132:05]
Mike Grover
I mean, it's been five, six years now and I'm very Proud of, like, the results of it with all the places where it's been fixed and the very low abuse scenarios. Like, we're very intentional when we think about, okay, let's add a feature to this, but let's figure out who wants this feature, who's going to make use of it. Like, for instance, like, the number one that I want to avoid is like, stalkerware. It's mouseware stuff. People look at this and they're like, oh, yeah, I need that for that. I'm like, no, I'm going to make that hard. Like, that's not as valuable to a Red Team professional. We're trying to get into corporate infrastructure. We're trying to do, like, Ocean's Eleven shit on Fortune 10 or something like that.
[132:49]
Sean Ryan
This would be so easy to plant in any government facility.
[132:54]
Mike Grover
Yeah, that's.
[132:57]
Sean Ryan
I shouldn't say any government facility, but, you know, it might be. It's been a while since I've been to a scif, but, you know, it's. They seem to have a pretty. Oh, yeah, you know, pretty good gauge on what's going on. But I'm talking like D.C. congress.
[133:13]
Mike Grover
Yes.
[133:14]
Sean Ryan
Senate.
[133:14]
Mike Grover
Absolutely.
[133:15]
Sean Ryan
Politicians. Those types would be. It would be a fucking joke just to. You could hand them out.
[133:26]
Mike Grover
Yeah.
[133:27]
Sean Ryan
And they'll use them.
[133:27]
Mike Grover
So here's the thing, though, is that's the other aspect is there's a lot of very detectable defaults. You have to really know how to use the tool to work around these things. But by design, it's supposed to be detectable. If you're doing good security, like, this is going to light up and it's literally. It announces itself as an OMG cable out of the. You know, effectively out of the box. Right. So hopefully you're at least checking that.
[133:53]
Sean Ryan
In all of your experiences is doing Red Cell operations.
[133:59]
Mike Grover
Yes and no.
[134:00]
Sean Ryan
How many people do you think are testing that?
[134:02]
Mike Grover
So here's the thing, is the people who are that low on the bar of security, I don't need these to get in. I just pick up a phone, I send an email.
[134:10]
Sean Ryan
Okay, fair enough.
[134:12]
Mike Grover
That's that sweet spot where it's like all. You know, you map out all the desires, the capabilities and the threats and the negative consequences and just thread the needle to get just that sweet spot. And we spent a lot of time thinking about that. But right now I just point to the last five years of like, look the results. And that way I can talk all day about how much intent we put into it, but the results are far better than the intent in Terms of convincing somebody. Another thing. So I think I showed you, you these, these should actually ship deactivated for multiple reasons, which you can imagine. There's a, a little call it the programmer. It's kind of a firmware tool. So you plug this into your computer to activate it. Right. This doubles for multiple other things. So if you do like a self des, self destruct on it, you recover the cable with this if you wanted to, you have to get it back out of the field. But self destruct, we'll just put in doing neutral cable. That's just not harmful at all. Really good. If you can't pull the thing back out of the field, you want to neutralize all your stuff. However, if you're blue team and you found this, you can also use one of these to dump every bit of firmware that's running on here, which will include payloads and all this stuff. So as long as it hasn't been self destructed, you can just dump that and do a full forensics on it. So they get to practice as well. Wow. Yeah, we've done a lot of things that kind of show off the forensic capabilities and ways of approaching. So it's meant to be holistic for security, not just purely offensive use. But it's really about raising the bar, basically.
[136:00]
Sean Ryan
Interesting. I mean when I look at that, I've always heard, I've always heard RIT guys always telling us, don't be buying shit off Amazon. If you're going to get, if you're going to get an iPhone cable, get it from the Apple Store, not from Amazon. If you're getting WI FI extenders, go from the manufacturer, not some shit on Amazon. Is China putting this shit into our ecosystem?
[136:23]
Mike Grover
I doubt it. So these are highly targeted.
[136:27]
Sean Ryan
So it's kind of things like this.
[136:29]
Mike Grover
Yeah, exactly. But I think it's good to think about it like let's step back to different type of crime like pickpocketing versus like Ocean's Eleven bank job. Right. Like this is more on the, you know, the bank job. Whereas pickpocketing, that's what you're more likely to experience as just a random individual. Like that's going to be more equal to like phishing emails, like really low grade commodity malware type stuff that's delivered over email. Like the risk of physically delivering this stuff stuff is too high. Or in the case of like, oh, we're going to contaminate the shelves effectively online or not. That's so high cost and so easy to find. That's like Some you just need one person to detect that this happened. And we'd all hear the news story, which kind of reminds me of that Bloomberg grain of rice story, right? Which was complete bullshit. My friend Joe Fitzpatrick is a great guy to talk about this, but basically there was this Bloomberg news story that a little grain of rice component was found implanted in a bunch of servers, right? And it just doesn't make sense, which is why that story didn't make sense, because there are so many other ways of approaching that that are way less detectable. There's anybody. How do you control where that goes? It's very hard to control where implanted hardware goes. And if you don't have control, anyone's going to find it. I think the closest you can get to that might be that Israeli pager story where they had to create a fake manufacturing plant to develop these things. And that is how they controlled where it went.
[138:21]
Sean Ryan
Ron, I don't. I'm not familiar with this. Go into this.
[138:24]
Mike Grover
Yeah, yeah, totally.
[138:25]
Sean Ryan
This is the Israeli pager story where they blew up all the Hezbollah guys.
[138:28]
Mike Grover
Yes, exactly. So fascinating. Thousands of pagers. I think it was a batch of 5,000 and 4,000 went out. So, yeah, a lot of booms. But basically what they did is set up a fake manufacturing company, right? And I think they had their own manufacturing plant and everything. They licensed a legitimate model of pager from a legitimate company, well known. This is a typical relationship for a lot of hardware. You just license it and you sell it. And then you're like, yeah, put my name on it. Depends on what it is. Like, obviously Apple's gonna do their own thing, but we're talking pagers, right? This is like 30 year old technology here. So they did that. They had a bunch of. They even went as far as getting a bunch of random customers and gave them good pagers. But then they got their Hezbollah client. And I'm always curious about how they did that. I have some postulations. But they got their Hezbollah client and they made exploding pages for them. They put high explosives in part of the battery and a detonator in there. And basically it was configured to explode, detonate this thing after a specific message was sent to the pager. And the way pager networks work are all broadcast, so you can send one message that goes to all pagers in the network, which is probably what they did. Anyway, this was in play for, I don't know, I think it was like one or two years these were out there and slowly going through the IT operations of, hey, Guys, we got new hardware and slowly sending them out into the field. I think they were encrypted pagers. It was funny in some ways that this pager focus was entirely because they knew their cell phones were compromised. Like, oh, start using pagers. Or maybe it was the walkie talkies, I forget. But they were moving away from one comms to another to avoid surveillance. And as a result, they got explosions. But that's the kind of level of control, if those got out to someone else, which, I mean, there's still opportunity for that. They're not watching one pager go from hand to hand to hand. It's like, oh, we deployed it to Hezbollah. And it's reasonable to assume that this level of dissemination with this marginal error and other people touching them. And they probably did the math on that, right? I didn't, but that's kind of a good example of how far you can go and the risks of discovery. Stuff like Stuxnet. Stuxnet's another good example of. I think it was the Iranian enrichment facilities where, oh, I can't remember the full story here, but there was like a thumb drive with a worm on it, and it got in, basically, it got carried into this enrichment facility and it would damage part of the enrichment machinery. Right, right. But didn't do it all at once. It would randomly pick one or the other because you don't want to be discovered. Right. If you did it all at once, you're like, oh, something's up. Just like, oh, one went up, Whatever, it must be bad. Right. Like, see, there's like, the psychology of making sure. It doesn't seem like it's something to investigate. It's like, oh, bad machines. Must be bad process. They kept doing that, and eventually I can't remember how it got discovered, but there was an issue where it started spreading around elsewhere, like the worm or something like that. And somebody noticed it, I think. I can't fully remember, but there was a discovery event because it kind of got too wide. And once it's discovered, okay, now you can defend against it. Now you can find them in the wild. And, dude, the moment somebody found anything in inner stuff, they're going to tell the world, like, hey, look at this cool thing I found. I'm a security researcher. So that said, on the flip side, there's plenty of places we don't look. Most of the stuff you find in there is just vulnerabilities like, oh, I didn't think there would be a hole on whatever some aspect of a product. Like, oh, if you just log in 10 times and do this, you get in, you bypass everything. It's like, wait, what? You do what? That's the type of stuff that's typically. Well, nobody thought to try that, so. So yeah, it really depends. Physical implants are much easier to discover because, I mean, they're physically there. You can't revoke them. You can't be like, oh, self delete. It's there. I mean, not counting the pager situation, that's a different type of delete. But you know, delete in a way that doesn't leave the evidence around.
[143:12]
Sean Ryan
Yeah, yeah. Like what's in your head, man? What's next for you?
[143:17]
Mike Grover
I don't know yet. I'm just gonna.
[143:19]
Sean Ryan
What are you thinking about?
[143:19]
Mike Grover
Like, I have been focusing more, more on personal stuff. Just like hanging out with my kids, spending more time with them while I got. Got the time and they're growing, you know, 114. So, you know, you can shut it off. No. Yeah. So learning how to do that is part of, part of it.
[143:37]
Sean Ryan
So I haven't learned how to do that.
[143:40]
Mike Grover
Yeah, it's, it's.
[143:41]
Sean Ryan
When you do, let me know.
[143:42]
Mike Grover
Dude.
[143:42]
Sean Ryan
It's hard because you love this. I can tell this is your passion.
[143:47]
Mike Grover
Yeah.
[143:48]
Sean Ryan
You're moving into this full time. This is going to be your full time business. Give me a snapshot. What are some of your ideas?
[143:58]
Mike Grover
Here's an example. So I'm reusing the same implant in a couple of ways. So I mean, this is an easy one. So USB adapters, basically a cable, right?
[144:06]
Sean Ryan
Cool.
[144:07]
Mike Grover
I had a thing where customers were enjoying the firmware so much for like payload development. They would get the cable and cut the end off, like, dude, no, that's my baby. What are you, what are you doing? So, you know, there we go. Keychains that, you know, don't have the cable on it. Cool. Got that. Now here's another one. Are you familiar with USB data blockers?
[144:32]
Sean Ryan
No.
[144:32]
Mike Grover
So it's a commonly recommended like secure charging mechanism. You're like, oh, I can't trust the air airport charger or something like that. You're like, well, get a data blocker.
[144:44]
Sean Ryan
Can you trust an airport charger?
[144:47]
Mike Grover
Mostly. I mean, I'm personally more concerned about the quality of the electricity coming out there frying my phone than I am about a data situation. Because going back to the discoverability, you put something in a wide space like that, once it gets detected, you hear about it. We've not heard about it.
[145:06]
Sean Ryan
Gotcha.
[145:06]
Mike Grover
And especially in a secure space like all the airport locations. Like, there's. Everybody's on camera. Right. Like, good luck. It would be really hard. There's advisories that come out, and I think the FBI was doing them. They get a lot of flack for that because there's no, like, proof it existed. But I don't know. Like, I. I don't have the intelligence they have either, so. So, I mean, there's things you could do. I also don't consider my creativity to be all inclusive in all ways. You can do something negative. Like there's plenty of people with different motives and minds than me, so. Yeah, we'll see. It'd be a cool story, but yeah, data blockers. That's the idea. You now have safe charging. I'm like, cool, I'll put one of my things in a data block locker now. You know, cat and mouse.
[146:00]
Sean Ryan
Yeah.
[146:00]
Mike Grover
I just thought it was funny. But just as an example, just kind of chase that a little bit. Go from there. I don't know. We'll see.
[146:09]
Sean Ryan
Do you have any wazoo crazy inventions that you. That you're dreaming up?
[146:15]
Mike Grover
I've done a lot with on the manufacturing side. So I've had to invent so many tools and mechanisms both for creating these cables, which turns into their own products because I'm teaching other people how to use them and it breaks and I gotta do support for those products. And they're their own PCBs and everything. It's a hardware product with its own firmware just to test these cables at multiple stages. So I'm still packing these at home with the kids. And the envelopes, I gotta label those. That gets really annoying over time. I'm like, you know what? I'm gonna create a machine to label these. So I just keep chasing that down and seeing how much I can do. Do you know there's a guy called Cliff Stoll? He does a lot of really cool things. Science, math. He's got a book on security. But he also makes something called Klein bottles. Total deviation here, but you'll see why. So Klein bottles are, you know, a Mobius strip. You take a strip of paper and you pull the ends up, rotate, tape them together. Now you've got a 1D dimension. So if you follow it around on a pen, it's one dimensional. Klein bottle is a 3, 3D version of that. Anyway, I think he lives in Palo Alto. Small place. He runs distribution entirely out of his house for that. So under his house, he has built an entire robotic warehouse system. Drives the thing around, pulls and stuff out I think that's cool as hell. And it goes back to the old school hacker mindset of, of just doing that. That kind of stuff just catches me and I'll like, okay, cool. I want to do as much manufacturing in home as I can because a, my stuff is really small. But also let's just see how far I can take it, how much more I can optimize. This orange clip that goes on, these things that I ship with so you know which ones are bad. I have to redesign that like six times so far.
[148:18]
Sean Ryan
Just wow.
[148:18]
Mike Grover
Like I don't know, I just want to see how much further can I take it.
[148:22]
Sean Ryan
Wow.
[148:24]
Mike Grover
Yeah.
[148:26]
Sean Ryan
So are you manufacturing these yourself or.
[148:29]
Mike Grover
It's a mix. So the process for it, I'm going to go back to this PCB as a reference here. But real quick, the process that I'm kind of taking right now is I ask 1, 1, 1 manufacturer make the raw, the PCB the green piece here. Then that gets shipped to another place that assembles the components to the pcb. They're, they're basically running it through high heat that melts solder and they all get like glued to the board. Right now they're, you got a functional piece. And now once it's glued to the board, here's one of my implants. And we can get some close ups later. But here is, that's one of the implants. That's the size of it.
[149:22]
Sean Ryan
This is what goes in the little USB thing.
[149:24]
Mike Grover
Yep. Inside the boot of the cable.
[149:26]
Sean Ryan
Basically this little bitty ass thing.
[149:28]
Mike Grover
Yep.
[149:29]
Sean Ryan
Connects to the Internet.
[149:31]
Mike Grover
Yep. It's.
[149:33]
Sean Ryan
Wow. Why the fuck is my modem so big?
[149:37]
Mike Grover
Yeah, I know.
[149:39]
Sean Ryan
I mean, are you serious man? Wow.
[149:42]
Mike Grover
Yeah. There's a lot of compromises to make that happen. Like look at that damn thing. Yeah. If you were not size constrained on that, that would be 10 times bigger because it would be so much easier to make with 10 components instead of two or whatever. I forget how many I have in there. I think I got like 12. But you know, times 10 the components is normally what you'd see. So that creates the need to do a lot of creative engineering mirroring to compromise and get, get small. But at some point I'll show you here, I'll just show you the rest of these. Here's that little one with the USBC end on it. And here it's gonna USBC A. So that's kind of, you know, okay, components are on there. You know, one shop did the green pcb. One shop put all the components on There.
[150:29]
Sean Ryan
Cool.
[150:29]
Mike Grover
Well, that's what I got right now. Right. It's not cable yet. It's another shop going to help integrate that into cables. And so this other shop's going to integrate it into cables to some extent. There's still unfinished work to do, unfinished testing then. And if it's the woven cable, there's another factory has to like do special cutting and crimping and searing of the end so it doesn't unravel anyway. So, you know, three, four factories later ships over to me. I'll do the finishing work on them. Sometimes it's closing the actual cables up, but at a minimum it's testing everything, calibrating them, putting like that initial firmware on there, tons of QA and QC work, packaging, shipping it off to the Hak5 warehouse.
[151:21]
Sean Ryan
Wow. Lots of work. So where do people find this product?
[151:24]
Mike Grover
Product, yeah. So two places. Basically you can go to the O MG LOL website. That's my primary website. Or you can go to my business partner. It redirects to my business partner effectively, which is hak5h a k5hack5.org OMG. And all my products are up on their site.
[151:48]
Sean Ryan
Wow, that's incredible, man.
[151:51]
Mike Grover
That is incredible. Fun stuff, man.
[151:55]
Sean Ryan
I can't believe if the agency's been in touch with you to come work with probably Science and Technology department or.
[152:04]
Mike Grover
I'm not sure. I would know.
[152:07]
Sean Ryan
You would know.
[152:08]
Mike Grover
Yeah. And there's been a lot of interesting challenges too.
[152:12]
Sean Ryan
Like, I mean, I'm, I'm saying, you know, that's, that's actually not a joke. That's.
[152:17]
Mike Grover
Oh yeah, totally, you know, yeah.
[152:20]
Sean Ryan
Very sharp guy, very inventive, very impressive.
[152:24]
Mike Grover
I'm. I'm happy to help all kinds of people secure their environments. So, yeah, I mean, they know where to find me.
[152:34]
Sean Ryan
I'm sure they do.
[152:38]
Mike Grover
Let's see, there's. Oh, you know, another thing might be interesting here is this kind of kicked off right when the pandemic kicked off. It's like, you know, working with the factories had to do all that remote. And that immediately ran into the chip shortage. I saw that come in from like six months before everybody else did. So immediately had to figure out all the supply chain logistics, where to find chips when they are out of the market, everywhere hoarding them mass like I. This, this is something I have put the, oh, first two or three years of profits entirely back into production. Whether it's improving the pcb, improving the capabilities or storing extra components because we're in the middle of a chip shortage. So I can still make my stuff. That was. That was a wild time. And it felt like there was just one thing after the other, that it was like, no, you can't sell these. No, the market's down. No, you can't have access to the chips. And just trying to find ways of working around that down to, like, all these little tiny components come in a really long piece of tape coiled up on a reel. Right. I count those. I assemble those by myself as well. So I got machines to count them and assemble them so I can just send it off to the assembler. There's so many different facets of running a hardware business that is like this. That is really unexpected, and I'm just kind of learning on the fly, so. Yeah. Thanks, man.
[154:19]
Sean Ryan
Well, I think we're wrapping up the interview, but I just want to say, man, you are a super sharp, fascinating individual, and what an amazing conversation.
[154:33]
Mike Grover
Thanks, man.
[154:33]
Sean Ryan
Very informative. Thank you.
[154:35]
Mike Grover
Thank you.
[154:36]
Sean Ryan
And, you know, I'll be tracking you. Where can people find you?
[154:42]
Mike Grover
Oh, yeah. I mean, I'm all over the place. Definitely on Twitter. Underscore MG Lots of other social networks starting to form and fall apart and whatever they may be. I'll try to keep all of that on the contact page of the O. MG LOL all site, though.
[155:00]
Sean Ryan
Perfect. Well, Mike, I wish you the best of luck, and I can't wait to see what you come up with next.
[155:07]
Mike Grover
Thanks.
[155:07]
Sean Ryan
All right, brother. Cheers.
[155:11]
Mike Grover
Thank you. Hi, I'm Joe Salsihai, host of the Stacking Benjamins podcast. Every week, we talk to experts about saving, investing, personal finance trends, crypto. Can't do it.
[155:33]
Sean Ryan
You could have done all that research, all the breadcrumbs, and thought, this company's never going bankrupt.
[155:38]
Mike Grover
Foiled again. You never knew personal finance could be this fun. Throwing down the gauntlet.
[155:43]
Sean Ryan
I'm bringing it today.
[155:44]
Mike Grover
I'm only gonna be off by six.
[155:46]
Sean Ryan
Figures instead of seven.
[155:48]
Mike Grover
Every boy has a dream, doc.
[155:49]
Sean Ryan
Every boy has a dream, for sure.
[155:51]
Mike Grover
Stacking Benjamins. Follow and listen on your favorite plat.