I got interviewed by two NSA suits while I was in the military. I was the senior battle stations Missile Tech serving on the SSBN 630's gold crew. While doing some electeical diagnostics in a panel while out on partol I found that with just a few jumpers I could make it a very bad day for the navy. As in 110 lives lost and over a billion$ worth of scrap metal on the ocean floor. So I notified my Weapon's officer, who verified my findings and then pulled me into a meet with my CO and XO. I was told to keep the info to myself, so I did. The very first people across the gangplank after we got to port was two NSA suits to come meet with me. For a guy in my position they knew about everything about me, including my school records, military evaluations and training and my memberships, and about the members of my family. The meeting seemed surreal, but what it came down to was that if I had a grudge and were suicidal and wanted to end my boat and the guys I lived and worked with they would never have known until it was already done. So the fact that I was there talking to them should be proof enough that I wasn't a threat. The next several days I met with three electical engineers from a Navy-contracted university to help re-design the lauch control systems. About 6 months later they nearly completely re-wired our boat's launcher control system. Either the next patrol, or the patrol after that I found a way to bypass the Captain's permission to fire and the Weapons Officer's permission to fire the missiles. This was launch-only and they would basically be duds. But I was told to just stop it and keep that stuff to myself. The Calhoun has since been scrapped out so none of this matters any more.
if only there was a place that would honor, value and (financially) reward intelligent people more than people hiding incompetence. if you know such a place, let me know please.
OTW trains NSA and other alphabet soup types. He is a civilian and a hackivist. He’s very good at teaching on a level where people can understand without making them feel stupid. But it is remarkable- I would assume that these people who are tasked with defending our infrastructure, and against terrorists known state actors just actually don’t know. You have to think like a hacker to beat a hacker. And they’re coming out with zero day exploits multiple times a day all over the world. The “white hats “ don’t even have time to analyze them and patch them. Much less reverse engineer them.
@@send_loveThey are- they’re called bug bounty programs by major corporations. But they pay a fraction of what a group of “developers “ could get through ransoming/extorting the owners of the databases. Corporations cannot afford to incentivize the bad actors to NOT attack them. Then there’s China: supporting the Lazarus group, that devopes attacks against the USA and every one else in the world who is not B.razil, R.ussia, I.ndia, C.hina, or S.outh A.frica. Putin and Xi and the BRICS have been planning these moves for decades. Don’t believe me, it’s on Wikipedia.
About a decade ago back when I was big into cracking password hashes I remember finding the hidden or obscure ASCII keys. Like you hold the Alt key and you hit on the number pad 168 and you release the Alt button and it's an upside down question mark. And it worked on password hashes that almost nobody was able to crack. Many ASCII obscure symbols can mask your hashes compared to everyone else's, at least for a while anyway.
People do not regularly include Unicode characters as part of their hashcat rules or dictionary wordlists. I imagine there are use-cases where they do, though.
We always hear stories about assaulters who look like average joes, I want to hear stories about absolutely yoked hackers. Where’s the “armed NFL Football team” of the electronic world?
cold war accelerated hiring, but every time i listen to these nsa guys it's the same thing: "my dad worked on the manhattan project and/or hydrogen bomb". started to believe the recruiting process is just nepotism.
It always is; and those same people tell you nepotism is bad. There is nothing wrong with nepotism, just people like this trying to keep your family fractured and weak.
Really stelar interview, anyone who's been to defcon i always enjoy hearing their perspective and gaining insight into their world. Great conversation guys!
Everyone pay attention to just how ORDINARY this man is. He's not some "super spy" as Hollywood portrays, just a guy who does math, doing a real job supporting the troops that keep us free. 💻
This was covered well in the show Burn Notice. If you join an intel agency out of college you will ride a cubicle and get to wear a suit if you’re lucky. If you want to be a “movie spy” you join the military and excel in special operations until one day you are tapped on the shoulder.
Organizations that have as much power with such little oversite like CIA/NSA/DOD turn into complex systems. They have a stated purpose, but a divergence occurs where 90% of employees are average citizens and the sociopathic ladder climbers do whatever necessary to increase then hold onto their power. The church committee proved this. The censorship/authoritarianism of the past few decades display the root of the problem still exists. Which is, humans can be corrupted -power corrupts- and the small % with pathological traits seek power. This is why our constitution and bill of rights was so important. Unfortunately, this small authoritarian group have subverted our rights and sovereignty through fear and propaganda.
Buracracy and red tape is one thing, the Consttitution is another, it becomes a nighmate when the two become viewed as one. The former is a social engineering attack, the latter is the highest law of the land put in place for a reason. This country was created by a group of highly intelligence men who tailored the single greatest document to ever exist. Other than the Bible, which the Constition would not exist without in the first place.
Organizations that have as much power with such little oversite like CIA/NSA/DOD turn into complex systems. They have a stated purpose, but a divergence occurs where 90% of employees are average citizens and the sociopathic ladder climbers do whatever necessary to increase then hold onto their power. The church committee proved this. The censorship/authoritarianism of the past few decades display the root of the problem still exists. Which is, humans can be corrupted -power corrupts- and the small % with pathological traits seek power. This is why our constitution and bill of rights was so important. Unfortunately, this small authoritarian group have subverted our rights and sovereignty through fear and propaganda.
Secure Telephone Unit, LOL. Good thing they didn't call it a Secure Telephone Device. I could just see operations people calling field agents and asking if they had received their STD.🤣
33:30 Badass indeed! It’s ridiculous that the conversation is practically paralyzed because he has to be concerned with being “politically correct “ because it’s going to make someone “uncomfortable “. It’s a wonder “some people “ (millennials) can even talk… Bad actors are who they are: we should be able to call them out for what they are.
You guys should ask Deviant Ollam if he would come on, if you are interested in going down this Rabbit Hole. Hak5, would be a great resource too. Not everyone is necessarily going to want to come on. Kevin Mitnik would of been an uber guest (R.I.P.)
Good discussion but I have to disagree somewhat with Jeff because there *WAS* a hacking community in early 2000's. Perhaps not as large and known to the general public as it maybe today but Bellcore had a unit (Security & Fraud Group) that actually worked with a few agencies at the time on telecom and cyber security and its members delivered briefings (TSARS, SecureComm) on Cyber and who also used to follow 2600 events in NYC (from early 90's)...in addition, members of the Bellcore group also helped capture LoD (Legion of Doom) members. And also one of the Bellcore members was mentioned in Cliff Stohls "cuckoo's egg" who had helped with the investigation.
Absolutely. Skills never do, but like the military, once you're gone and clearance is gone (assuming you dont get a job in the private industry), you're irrelevant. It's not a movie where they track you down to come out of retirement retirement for one last op. LOL.
@@libertylivesin1776 it depends on your expertise. If they need it, you'll be invited back, perhaps to teach, perh to advise, perhaps to go active in a particular operation.
Password managers which don't store your vault online are good and should be used. Much better than repeating passwords even for insignificant accounts.
he strikes me as all wrong. i don't know a single guy that worked for the NSA that goes around wearing NSA tee-shirts, wears NSA ballcaps, etc.. etc.. and the minute details of his stories strikes me as fabricated. Highly detailed stories, including number of students etc, is often the tell of a liar. he didn't say anything that isn't publicly ascertainable.
@@aquicktake You hit the nail on the head. Let alone he has been out of the NSA 26 years and still rocking all that gear XD not a bad dude but i couldn't finish the interview
The red teams in cybersecurity focus mostly on the offensive attacks of computer systems and devices. Yes, there is such a thing called the blue team which focus on the defensive maneuvers of protecting systems. There is no yellow team, but there is the concept of purple team, which tries to approach cybersecurity via a balanced offensive/defensive tactics.
NSA Figure 1. I'm George W. Bush. I think I'm Figurine #1. It's been a wand to remember some things. I just saw a picture of a cop, or a Sheriff, or deputy, or police in his brownwear and hat. This man came to my house and killed me before I died and was reborn as a baby to come back as W. Maybe you got that pic out there in I Know How To Do It Land. I'm going to talk. That blister came after a warning maybe. I needed people to stop sinning until I defeat the scarlet beast. Im a proverb. If I'm a war in the end, I'm a borrow in the beginning, but if I'm a war with my mom, Im an eagle. How can I be a bold man if I'm an eagle? I can play the part of God. That's why eagle wings are on W.'s hair.
Minor gripe here but can you maybe not advertise while the speaker is talking? Not only could this be misinterpreted as if the speaker has an affiliation or endorsement with what you’re marketing, it’s also quite annoying for the viewer, who clicked this video to hear this man speak, not buy your patreon. It’s frankly disrespectful to the speaker who volunteered his time to speak only to be used as advertising for 3 consecutive hours.
Nothing is unbreackable for example you can create the whole AES take text sample a and create all AES possibilities with each SHA password and that is like saving in dictionary all the SHA the same goes for everything else. Size isn't security.
@@gardensalsasunchips562 Creating dictionaries for all encryptions is possible for all algorithms because they are based on size. But even if they where based on time or quantum the same would apply.
Just because he left government service does not mean he stopped developing his skills. The nation needs more people like him who know both the intelligence and civilian sides.
@enormuspeter69 He is a great cyber lord and I should know I live with him, I've watched him growing up so how about if you don't like the guest you don't watch the video
![Seungmin "그렇게, 천천히, 우리(As we are)" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/kAzmhLHePqU/mqdefault.jpg)
I got interviewed by two NSA suits while I was in the military. I was the senior battle stations Missile Tech serving on the SSBN 630's gold crew. While doing some electeical diagnostics in a panel while out on partol I found that with just a few jumpers I could make it a very bad day for the navy. As in 110 lives lost and over a billion$ worth of scrap metal on the ocean floor.
So I notified my Weapon's officer, who verified my findings and then pulled me into a meet with my CO and XO. I was told to keep the info to myself, so I did.
The very first people across the gangplank after we got to port was two NSA suits to come meet with me.
For a guy in my position they knew about everything about me, including my school records, military evaluations and training and my memberships, and about the members of my family.
The meeting seemed surreal, but what it came down to was that if I had a grudge and were suicidal and wanted to end my boat and the guys I lived and worked with they would never have known until it was already done. So the fact that I was there talking to them should be proof enough that I wasn't a threat.
The next several days I met with three electical engineers from a Navy-contracted university to help re-design the lauch control systems. About 6 months later they nearly completely re-wired our boat's launcher control system.
Either the next patrol, or the patrol after that I found a way to bypass the Captain's permission to fire and the Weapons Officer's permission to fire the missiles. This was launch-only and they would basically be duds. But I was told to just stop it and keep that stuff to myself.
The Calhoun has since been scrapped out so none of this matters any more.
if only there was a place that would honor, value and (financially) reward intelligent people more than people hiding incompetence. if you know such a place, let me know please.
@@send_love If such is out there I haven't found it.
OTW trains NSA and other alphabet soup types. He is a civilian and a hackivist. He’s very good at teaching on a level where people can understand without making them feel stupid.
But it is remarkable- I would assume that these people who are tasked with defending our infrastructure, and against terrorists known state actors just actually don’t know.
You have to think like a hacker to beat a hacker.
And they’re coming out with zero day exploits multiple times a day all over the world.
The “white hats “ don’t even have time to analyze them and patch them.
Much less reverse engineer them.
@@send_loveThey are- they’re called bug bounty programs by major corporations.
But they pay a fraction of what a group of “developers “ could get through ransoming/extorting the owners of the databases.
Corporations cannot afford to incentivize the bad actors to NOT attack them.
Then there’s China: supporting the Lazarus group, that devopes attacks against the USA and every one else in the world who is not B.razil, R.ussia, I.ndia, C.hina, or S.outh A.frica.
Putin and Xi and the BRICS have been planning these moves for decades.
Don’t believe me,
it’s on Wikipedia.
@@stevelux9854it’s called entrepreneurship
Man i was super excited to listen to this! Grandpa didn't say a whole lot of his experience with No Such Agency. Great to hear Jeff's perspective
About a decade ago back when I was big into cracking password hashes I remember finding the hidden or obscure ASCII keys. Like you hold the Alt key and you hit on the number pad 168 and you release the Alt button and it's an upside down question mark. And it worked on password hashes that almost nobody was able to crack. Many ASCII obscure symbols can mask your hashes compared to everyone else's, at least for a while anyway.
So, let's learn some Japanese :) or A®abi© ;)
People do not regularly include Unicode characters as part of their hashcat rules or dictionary wordlists. I imagine there are use-cases where they do, though.
We always hear stories about assaulters who look like average joes, I want to hear stories about absolutely yoked hackers. Where’s the “armed NFL Football team” of the electronic world?
I would imagine their busy with shit
Hard to keep muscle when you sit at a desk 16 hours a day
We calls thems cyber marines
Look up David Kennedy.
Look up SOT-A. Special operations team alpha
Great interview. Thank you.
cold war accelerated hiring, but every time i listen to these nsa guys it's the same thing: "my dad worked on the manhattan project and/or hydrogen bomb". started to believe the recruiting process is just nepotism.
It always is; and those same people tell you nepotism is bad. There is nothing wrong with nepotism, just people like this trying to keep your family fractured and weak.
Well then they had some smart dads/moms, the kids weren't stupid either probably.
Duh. His mom got him his internship.
Government is mostly nepotism.
1:10:46 2600 is still around! I saw it in barnes and nobles recently, no joke.
Mr. Man, like all of your guests, was fantastic.
Really stelar interview, anyone who's been to defcon i always enjoy hearing their perspective and gaining insight into their world. Great conversation guys!
There is/are no link(s) on the info page under the video to Jeff Man or the Security Weekly podcast that is mentioned ~ 2:32:45
Everyone pay attention to just how ORDINARY this man is. He's not some "super spy" as Hollywood portrays, just a guy who does math, doing a real job supporting the troops that keep us free. 💻
This was covered well in the show Burn Notice. If you join an intel agency out of college you will ride a cubicle and get to wear a suit if you’re lucky. If you want to be a “movie spy” you join the military and excel in special operations until one day you are tapped on the shoulder.
@@droptableaccount1820ooooor just become an actor in Hollywood
The indoctrination is real
Watch Paul's Security Weekly to see just how average they are. Just a bunch of stogie loving infosec nerds.
Organizations that have as much power with such little oversite like CIA/NSA/DOD turn into complex systems. They have a stated purpose, but a divergence occurs where 90% of employees are average citizens and the sociopathic ladder climbers do whatever necessary to increase then hold onto their power.
The church committee proved this. The censorship/authoritarianism of the past few decades display the root of the problem still exists. Which is, humans can be corrupted -power corrupts- and the small % with pathological traits seek power.
This is why our constitution and bill of rights was so important. Unfortunately, this small authoritarian group have subverted our rights and sovereignty through fear and propaganda.
He's right about the book The Cuckoo's Egg. It's absolutely fantastic. I think I've read it three times over the years.
Love podcasts like this😊. Thanks boys.
Buracracy and red tape is one thing, the Consttitution is another, it becomes a nighmate when the two become viewed as one. The former is a social engineering attack, the latter is the highest law of the land put in place for a reason. This country was created by a group of highly intelligence men who tailored the single greatest document to ever exist. Other than the Bible, which the Constition would not exist without in the first place.
🔥
Organizations that have as much power with such little oversite like CIA/NSA/DOD turn into complex systems. They have a stated purpose, but a divergence occurs where 90% of employees are average citizens and the sociopathic ladder climbers do whatever necessary to increase then hold onto their power.
The church committee proved this. The censorship/authoritarianism of the past few decades display the root of the problem still exists. Which is, humans can be corrupted -power corrupts- and the small % with pathological traits seek power.
This is why our constitution and bill of rights was so important. Unfortunately, this small authoritarian group have subverted our rights and sovereignty through fear and propaganda.
Actually they're both social engineering attacks and fabricated man-made laws hold no value whatsoever.
Agree
Well said
Patch Tuesday….followed by IT scramble Wednesday….😅
Secure Telephone Unit, LOL. Good thing they didn't call it a Secure Telephone Device. I could just see operations people calling field agents and asking if they had received their STD.🤣
Lol.
I recently seen the Cliff Stall on a tv program i think it was Mysteries At The Museum because something he used is in a museum now :)
That attack I guess you could call an early day version of social engineering
33:30 Badass indeed!
It’s ridiculous that the conversation is practically paralyzed because he has to be concerned with being “politically correct “ because it’s going to make someone “uncomfortable “.
It’s a wonder “some people “ (millennials) can even talk…
Bad actors are who they are: we should be able to call them out for what they are.
Gen A + iPad Kids are even worse
You guys should ask Deviant Ollam if he would come on, if you are interested in going down this Rabbit Hole. Hak5, would be a great resource too. Not everyone is necessarily going to want to come on. Kevin Mitnik would of been an uber guest (R.I.P.)
Yes, he's great. Love his talks
Omg my grandpa wore suits and went on out of town trips he was an engineer. Maybe he was nsa😂
This was great interview
Great interview
The second shelf opens to a hacker room...
My granddad had something of sort with same dimension and I find truth in this.
WWII Bletchley Park and Alan Turing were breaking the supposed unbreakable Enigma code. Based on random passwords. Not a mention.
Why should they give mention to a gay?
@@rusi6219Lmfao 😂 yea they get more than enough recognition here lately
When I started at NSA in 1986, the fact that the Enigma had been broken was still classified. Why? Because it was still being used.
@jeffreyman5516 this wasn't for me at all, but the Germans were still using it in the 80s? That's wild!
the Patriot act kinda scrambled the rules there, , ok buddy
Yeah cause no amendment was ratified by the states but ndaa and patriot act and courts, potus’ and thousand congressional members don’t seem to care
Ya I noticed that too.
Thanks guys
He's the evil in this lie being told. That means he is no real judge.
Good discussion but I have to disagree somewhat with Jeff because there *WAS* a hacking community in early 2000's. Perhaps not as large and known to the general public as it maybe today but Bellcore had a unit (Security & Fraud Group) that actually worked with a few agencies at the time on telecom and cyber security and its members delivered briefings (TSARS, SecureComm) on Cyber and who also used to follow 2600 events in NYC (from early 90's)...in addition, members of the Bellcore group also helped capture LoD (Legion of Doom) members. And also one of the Bellcore members was mentioned in Cliff Stohls "cuckoo's egg" who had helped with the investigation.
Security will not be taken seriously until there are actual financial consequences.
It's typically after the fact... then they over do it and over spend ... and still get hacked!! 😂
Haha, does anyone ever REALLY leave the company?
Absolutely. Skills never do, but like the military, once you're gone and clearance is gone (assuming you dont get a job in the private industry), you're irrelevant. It's not a movie where they track you down to come out of retirement retirement for one last op. LOL.
@@libertylivesin1776 it depends on your expertise. If they need it, you'll be invited back, perhaps to teach, perh to advise, perhaps to go active in a particular operation.
Listening to this while working on my Sec+ cert
4:10 So, you destroyed all the corals, just for your tallmudders' arrogance?
1:18:30, I'm finding the exact same thing attending conferences etc.
Yes my fav pod! ❤
The opening sequence make me think i was watching SNL
Password managers which don't store your vault online are good and should be used. Much better than repeating passwords even for insignificant accounts.
We used PGP where I worked then we went to Bouncy Castle…. Love that name.. Good to know govt agencies don’t care about naming huh…
5:51 I see what you did there.
I wish I could train with Jeff.
@attribute-4677 True... otherwise he would not disclose it 😅
Is this the "occupy the web" dude? His speech patterns are super similar.
Great video 👍
Noticed his WIFI had no audio or video hiccups. 😅😅
1:50:38
Thanks ❤
This guy likes to drone on and on and on without saying much. Even declines to answer the few questions asked hahaha
he strikes me as all wrong. i don't know a single guy that worked for the NSA that goes around wearing NSA tee-shirts, wears NSA ballcaps, etc.. etc.. and the minute details of his stories strikes me as fabricated. Highly detailed stories, including number of students etc, is often the tell of a liar. he didn't say anything that isn't publicly ascertainable.
@@aquicktake You hit the nail on the head. Let alone he has been out of the NSA 26 years and still rocking all that gear XD not a bad dude but i couldn't finish the interview
Thanks Jeff aka OTW
😮
👀
He hacked your network when he connected.
He’s still in your network.
Prove me wrong.
Strange ... Who'd have thought that another anonymous login .. was really where u started
1.44 MB good old days i guess ...
Does anyone know what headphones is he wearing ?
V-Moda Crossfade M-100
@@jeffreyman5516 Thank you!
What is the meaning of Red team. Does this mean there is also yellow and blue team as well?
The red teams in cybersecurity focus mostly on the offensive attacks of computer systems and devices. Yes, there is such a thing called the blue team which focus on the defensive maneuvers of protecting systems. There is no yellow team, but there is the concept of purple team, which tries to approach cybersecurity via a balanced offensive/defensive tactics.
Now they use Wickr
Wickr isn't a thing anymore but they do know about it.
Did jeff ever work with the Cyber national mission force?
A very interesting guy .. does he have twitter or a way to connect with him?
@MrJeffMan
Fascinating but the man is in love with himself to the point it makes listening difficult.
Seriously great stories.
Guys please bring Major Abhay Sapru ( 1 Para SF ) Indian Army
IS A FIREWALL FOR AN ANDROID PHONE A JOKE?
OR CAN THEY WORK???
SWEET DEALS!
I bet you the NSA is watching this 😅
I hope so! But only if this video leaves out geographic borders:)
@805drifter Yep, we all share the same database with SIS-MI6, GCHQ, ASIS, CSIS, CIA, etc.
He fits the description ;)
That's racist of you. Chubby nerds are people too.
NSA = NO such agency!
Not enough math. Needs more math.
thats a lot of liqour
Thank you
No Body has a great story with DOJ
😮😮😮 just 😮😮😮
@11:25 🙄
REALLY DUMB TO LIMIT GROUP CHAT FOR PAYMENT ONLY
the fascists are evolving into the 90s sysadmin archetype
needs MORE beard
NSA Figure 1. I'm George W. Bush. I think I'm Figurine #1. It's been a wand to remember some things. I just saw a picture of a cop, or a Sheriff, or deputy, or police in his brownwear and hat. This man came to my house and killed me before I died and was reborn as a baby to come back as W. Maybe you got that pic out there in I Know How To Do It Land. I'm going to talk.
That blister came after a warning maybe. I needed people to stop sinning until I defeat the scarlet beast.
Im a proverb.
If I'm a war in the end, I'm a borrow in the beginning, but if I'm a war with my mom, Im an eagle.
How can I be a bold man if I'm an eagle? I can play the part of God. That's why eagle wings are on W.'s hair.
You’re hired
Makes sense
ECHELON?
CAIMEO?
Comment for the rithm...
LFG !!
Shameless plugs 😂
brief intro?
"Long story short." Too late
da intro
Leave the man and his decoder ring alone.
Sit down and let me tell you a little something
Go Red Team...
👍
!(: ❤, THANKS ;)!
A VIEWGRAPH PROJECTOR!!!
Traitors
Minor gripe here but can you maybe not advertise while the speaker is talking? Not only could this be misinterpreted as if the speaker has an affiliation or endorsement with what you’re marketing, it’s also quite annoying for the viewer, who clicked this video to hear this man speak, not buy your patreon. It’s frankly disrespectful to the speaker who volunteered his time to speak only to be used as advertising for 3 consecutive hours.
Subscribe to our patreon and get all of these episodes ad free.
Basic tapes
5Header
CdC!
Nothing is unbreackable for example you can create the whole AES take text sample a and create all AES possibilities with each SHA password and that is like saving in dictionary all the SHA the same goes for everything else.
Size isn't security.
Go on then
If you could break SHA or AES you would almost instantly become a billionaire
@@gardensalsasunchips562 Creating dictionaries for all encryptions is possible for all algorithms because they are based on size. But even if they where based on time or quantum the same would apply.
@@mattlebutter9162 Because no one hosts online all the password texts until 20 characters length for SHA doesn't mean it is impossible.
@@mattlebutter9162 If you encrypt with AES the text A with SHA password A the "random-different" output that can produce is not unlimited.
Disappointing guest, seems to try and politely say how great he was as a "cyber lord" yet he left in NSA when dial up internet was still a thing.
Just because he left government service does not mean he stopped developing his skills. The nation needs more people like him who know both the intelligence and civilian sides.
@enormuspeter69 He is a great cyber lord and I should know I live with him, I've watched him growing up so how about if you don't like the guest you don't watch the video
ruclips.net/video/1h7rLHNXio8/видео.html
CTI Summit Keynote - Cliff Stoll