Episode 4: Eduart Steiner aka Skyper

Skyper:
Good morning, Nathan.
Nathan Sportsman:
Good morning, Skyper. It’s good to have you here. Hope you had-
Skyper:
Thank you very much.
Nathan Sportsman:
… a good flight.
Let’s talk about you. Let’s start with where you grew up, where you’re from.
Skyper:
Well, originally I’m from Germany. I grew up in a small town in Northern Germany.
Nathan Sportsman:
And when you say small, roughly population size, what are we talking about?
Skyper:
11,000 people.
Nathan Sportsman:
Okay.
Skyper:
Yeah, give or take.
Nathan Sportsman:
And what time period is this growing up in Germany? Are we talking about ’70s, ’80s, ’90s?
Skyper:
Yeah, late ’70s, early ’80s when I was a child.
Nathan Sportsman:
Okay. So this is the time of, we’re at almost the height of the Cold War.
Skyper:
We are, indeed. So, of course, as children, we were taught about nuclear war, about hide and cover and duck and whatnot, and be prepared for it.
But we weren’t scared of it, or at least I didn’t feel scared. It was just the environment, we grew up in that environment. It was just accepted that this is a real possibility.
Nathan Sportsman:
And what did your parents do for a living?
Skyper:
My mother was a typical be-at-home mom. And my father was a salesperson, so most of the day he was obviously working. And on the weekend, he was doing voluntary work for emergency services.
Nathan Sportsman:
So you mentioned your mom. It sounds like she was a stay-at-home, helped raise the kids, and then your dad was a salesperson.
What was your relationship like with your mom? What was your relationship like with your dad?
Skyper:
My relationship with my mom was a nice, caring relationship. Yes, I loved her, she loved me, and to German standards, that’s a big thing.
My relationship with my dad was not so good. He had his up and down. Sometimes there would be violence involved. He would be violent towards me. He would hit me. Days that I spent away, would I run away, I would sleep outside because I was just too scared.
Nathan Sportsman:
And was at the, sort of random and at the drop of the hat? Or was it something that would provoke him to do that?
Skyper:
I cannot recall what triggered it, but surely it was some minor things that perhaps I did wrong or didn’t do right. And it would just trigger him, and he would turn to this very different person, violent person.
At one point, I would learn that I could lock myself into my room, and normally he would stop. He would bang on the door.
But there was one particular incident where he didn’t want to stop, so he took an ax and smashed through the door.
Nathan Sportsman:
Holy shit.
Skyper:
And I was jumping out of the window and just stayed away for a night.
Nathan Sportsman:
So when you say hit, you’re talking about closed fist-
Skyper:
Yeah.
Nathan Sportsman:
… grown man-
Skyper:
Or with objects.
Nathan Sportsman:
… hit-
Skyper:
… newspaper, stakes. Yeah.
Nathan Sportsman:
Stakes?
Skyper:
Yeah.
Nathan Sportsman:
There’s this not always pretty consistently in these interviews, and we talked off-camera about my childhood, all of us had kind of interesting upbringings.
How did that upbringing in dealing with that level of violence, but also unpredictability of when it would come, how do you think that that shaped ultimately who you are, who you became, your involvement with computers? Have you ever reflected on any relationship between that relationship and ultimately how you turned out?
Skyper:
Yeah, it’s really hard for me to conclude on this because I’m not a therapist, I’m not a psychologist. I do not really know how it affected me.
I know that I’m totally against violence. I’m totally against shouting because I know how much it scares me. It still scares me today if I hear people shouting. Even when they’re not shouting at me, if I see two people shouting in a restaurant at each other, it scares me. So I’m totally against violence, I’m totally against shouting.
How it affected my paranoia that I don’t trust people, I do not know.
Nathan Sportsman:
I don’t remember what the quote was, but something to the effect of the best way to seek revenge on those that have wronged you is to not be that person.
Skyper:
Yeah, absolutely.
Nathan Sportsman:
So I’ve never raised a hand to my child. I’m totally against any of that sort of stuff. And making sure that she has a warm, loving environment that’s consistent. So to your point about not comfortable with violence or shouting or things like that is, yeah, we ultimately can just be better by being what they are not.
So this violence and this sort of physical violence, stakes, fists, at what age are we talking about of when this began, and was there a point that it ever stopped?
Skyper:
I can’t really recall when the violence started. To me, it appears it has always been part of my childhood.
And it was not every day or every week, but it was often enough that it would scare me that it would happen and that he’s easily triggered. And he couldn’t predict it. It was just out of nowhere.
And it only stopped when I grew stronger. And there was a particular moment where it completely stopped is when we had to replace the doors in the house, and I showed my dad that I could punch through the door. It was a wooden door and, with a fist, I could punch through it. And he was quite surprised by that.
And next morning, my mom told me that Dad was trying for the whole evening to punch through the door, and he couldn’t until his fist was bloody and blue. And since then, he didn’t touch me again, never hit me again.
Nathan Sportsman:
You couldn’t be picked on anymore.
Skyper:
No, that was it.
Nathan Sportsman:
That was it.
Skyper:
Yeah.
Nathan Sportsman:
So you have this backdrop of sort of these larger forces at work.
But then coming to the small town in which you grew up, 11,000 people, how did you spend your time? What did you do growing up? What kind of trouble did you get into? What did that look like?
Skyper:
I think I had a very happy childhood. Our school days were not long. I was home for lunch every day.
We spent the afternoon in the forest and playing. We would make fires and play with knives, and my dad very early saw that I was fascinated by these things. So he said, “Well, if you’re going to play with fire, at least let me show you how you can do so safely.”
So he showed me all the tricks, how to handle petrol, the different kind of chemicals that you can mix together. And he was quite open with these things to make sure that I don’t get injured. So yeah, we had a great time.
Nathan Sportsman:
And what was school itself like? Did you excel academically? Did your parents push you?
Skyper:
Yeah, I have to remember that. Interestingly, I used to be the smallest guy in my class. I only started growing when I was much older.
Nathan Sportsman:
So for context, how tall are you?
Skyper:
I’m 6’5″, six-foot-five.
Nathan Sportsman:
Okay.
Skyper:
And, yeah, I used to be the smallest guy, and being the smallest guy comes with the privilege that people pick on you. And that was just normal to me as well. If you’re the smallest guy, you get picked on, and that’s okay as well. It didn’t bother me too much.
Academically, I was fascinated with the science. I was not so much interested in some of the other topics they were teaching at school. I was not interested in geography or interested in different languages. It didn’t fascinate me. That came later, later in my years.
Nathan Sportsman:
And when you say sciences, like hardcore mathematics, biology, chemistry?
Skyper:
Yeah. Chemistry, I was interested. Physics, I was interested.
Mathematics, later I was interested. I was so interested that even attended an after-school club, which I founded, just to do more mathematics because I was fascinated by solving problems and the methods that they use and thinking about things together.
Nathan Sportsman:
Did you have a sense of… What was your idea of what you wanted to be when you grew up? Did you think about those things when you were a kid?
Skyper:
I had no idea.
Nathan Sportsman:
Okay. You just love the sciences.
Skyper:
Yeah.
Nathan Sportsman:
Your first foray into computers, when did you start moving more from outdoors to inside?
Skyper:
Yeah, very late, later than most of my friends. My parents did not want me to have a computer. I think my parents liked the idea that I spent time outside.
Nathan Sportsman:
But they didn’t want you to have a computer just simply because it would keep you indoors?
Skyper:
I’m not really sure why. I only know that I didn’t had a computer all my friends had. So I probably had a computer two years after everybody else had a computer, and so I was a very late joiner.
And then they got me an IBM PC, and everybody else had Atari and Amiga, so I couldn’t share games with them. So it was frustrating for me. So I ended up, yeah, just learning programming languages and writing my own games.
Nathan Sportsman:
So did the school provide you access before you had your own?
Skyper:
No. At that age, no. School access and computer science was taught much later in my school years. There was a much different time then.
And by that time, we already figured out phreaking and mailboxes were around, BBS, and that was a different time then. Yeah.
Nathan Sportsman:
So you’re saying you were a couple of years later than your friends. What age were you talking about when you had your first?
Skyper:
I think I got my first computer when I was 13 or 14 years old, where most of them had them when they were 10, 11 or so, playing computer games.
It was a rather boring time, so I had to explore the computer myself. All the commands that you used no one else could help me with. So I read books and I tried to figure it out myself.
And I think that was fascinating, but also to some point frustrating because I just wanted to play games mostly when I was a child.
Nathan Sportsman:
One of the lines in your intake was something to the effect of this sort of intellectual curiosity that you had on how things worked that no toy survived your curiosity. What-
Skyper:
Yeah, that was even before I got my first computer is my parents joked that any toy I get for Christmas does not survive longer than a week, certainly not after New Year, because I just take it apart because I was very curious of figuring out how these things work.
And after I took them apart, normally we would blow them up on Christmas, on New Year’s Eve, so we’d put… In Germany, it’s very big on fireworks, so we’d put fireworks inside and just blow these things up just for the hell of it.
Nathan Sportsman:
And your parents, were they super supportive of the tinkering and the curiosity? Or was it more like, “Ah, we just got you this and you just completely disassembled it?”
Skyper:
Ah, my mom, not so much. My dad was pretty much into, “Yeah, that’s cool. Let’s blow this up. That’ll be fun.”
My mom was a bit sad that I basically broke these things, but for me, that was exciting. That’s what I wanted to do.
I didn’t want to play with this car. I wanted to open the car up. I wanted to see how it works. That was much more satisfying to me than playing with the car all day long.
Nathan Sportsman:
So with the computer, was it sort of similar? Were you coding programs? When you said you were exploring it, and you couldn’t play games with the other kids, what specifically were you doing?
Skyper:
Well, so trying to extend the computer and buying new computer chips, buying cards, buying extension sets, making it faster, having my first sound card, back then computers didn’t come with sound, to buy extra modules for that.
And then, yeah, just figuring it all out. That was exciting. Opening it up, plugging things in and, yeah, developing.
Nathan Sportsman:
Is that slowly where more and more of your time went and any time outside of school you were on the computer? Or was it-
Skyper:
Absolutely. Yes, I really liked this exploring things with the computer, so I would… Because my parents would restrict the time on the computer that I had. They would allow me maybe an hour, maybe two per day, and then they would say, “That’s it. Go outside, play.”
I didn’t want that. So I would get up, I would try to get up at 4:00 AM in the morning before they wake up. I would go on the computer, do my thing. BBSs came along, dial up, other people, communicate with them. And then they would wake up, so shut it all down. Nothing happened. Went to breakfast. “Good morning, everybody.” And yeah, that was an exciting time for me.
Nathan Sportsman:
And when, from the time that you had that first computer to the time that you had some sort of modem or something that you could call out on, what kind of time period are we talking about before you started calling out and finding these BBSs?
Skyper:
That happened very quickly. As soon as I got my computer, I think a year or two later, I bought a modem.
My first modem was 300 bauds, very slow, and you would have to wait for the screen to build. You could see the cursor moving over the screen, and every character would slowly appear. Then you have to hit Enter, and the next screen would slowly appear. And yeah, so that was my first time with a modem dialing BBS.
It was fascinating because a whole new world opened up. There was Fido Network, a network by hobbyists where you could communicate with people from all over the world. You could communicate with people from Australia, from America. It was fascinating.
So I loved it. I loved getting up early in the morning and just communicating with these people, seeing if they wrote a reply or reply to their messages. And we had discussion boards, we would discuss mostly IT problems and, yeah, it was fascinating.
Nathan Sportsman:
And I discovered BBSs in the late ’80s, early ’90s. They were still around. I even ran a BBS at one point.
But there’s a lot of folks that were born much later than us. What is a bulletin board system? Who runs those? Like what is the point of it? How do you find them, right?
Skyper:
Yeah. So I mean, today when you write a message on the internet, it’s immediately available to anyone in the world instantly.
Back then, it was not that way. You would have to dial a computer with your modem. You would only be connected to that computer. And you would write a message there, either to another user on that same system or address it to some other system in the world.
But the message would then take days to travel from one bulletin board system to another bulletin board system to another bulletin board system, until it reached, through a complex addressing scheme, the destinating bulletin board system there. The user would reply and slowly that reply would come back to you by the bulletin board systems calling each other once or twice per day. So they exchange messages once or twice per day.
And so it would be like pass the parcel along these different BBS systems and eventually you would have a message back, and it could take days to get a reply.
Nathan Sportsman:
So, quite literally, you are making a phone call to that bulletin board system, you drop a line to someone. That bulletin board system then has to make a call to another one, to another one.
Skyper:
They would forward it, yeah. They would forward it, yeah.
Nathan Sportsman:
So how did you find those? What kind of bulletin board systems were you looking at? Was it more than just messaging? Did they house files? I mean, what-
Skyper:
Yeah. So these bulletin board systems, you would call up by phone numbers. It’s like how did they use domain names.
Back then, you had phone numbers to call them up, and they were traded, these phone numbers. If you knew a phone number for a cool bulletin board system, that was worth gold.
Nathan Sportsman:
And each bulletin board, they had some sort of theme or some sort of specific interest that-
Skyper:
Yeah, yeah. They were themed. A lot of them were around warez. A lot of them were ware.
Nathan Sportsman:
In that word warez with a Z, what is that?
Skyper:
Illegal software, games mostly.
Nathan Sportsman:
Okay.
Skyper:
Yeah, crack games. The cracking scene was big back then, especially in Germany. So, yeah, it was a lot of people tracking games and uploading them and sharing them and trading them.
Nathan Sportsman:
So a pirated software and so you’d-
Skyper:
Pirated software.
Nathan Sportsman:
… be able to download it and play the game without having to purchase it.
Skyper:
Pirated software, yeah.
Nathan Sportsman:
And were you doing that at all or with your computer? Because you mentioned you couldn’t quite play games on it.
Skyper:
I was playing games on my computer, and it was a natural progression towards to crack these games, either just to cheat, to make it easier, to give you more life credits in the game or even to crack the copyright protection.
So this is how I got experience with assembly and machine code and how programs work. And it was a constant cat-and-mouse game because the creator of the game, they didn’t want us to crack it.
Nathan Sportsman:
Okay, so you weren’t just trading the pirated games. You were actually doing the cracking yourself to get around the copyright?
Skyper:
Yeah, either for me privately and then sharing these cracks with friends, or just publishing them in bulletin board systems.
Nathan Sportsman:
How old are we talking about? How old were you?
Skyper:
15, 16, maybe, around that time.
Nathan Sportsman:
How do you learn something like that at that age, to be able to take a disassembler and understand instruction sets and code, just self-taught?
Skyper:
Yeah, you just start.
Nathan Sportsman:
You just start?
Skyper:
Yeah, you just start, and don’t stop.
Nathan Sportsman:
And were there any bulletin boards that were kind of your go-to favorites where you were known, where you enjoyed the folks you talked to? Any names worth mentioning?
Skyper:
I don’t even remember the names anymore. In the end, I ran my own bulletin board system, and we had a little bit of four bulletin board systems linked together. We created our own network among these bulletin board systems so we could exchange messages between them.
And they were all themed about, one was specific for games, one of them was more for documentation and cracking, and they all themed a little bit so, yeah. And we all connected them to the Fido Network, and it was a great time.
Nathan Sportsman:
And were most of these bulletin boards, they were within Western Germany, or were you calling out to the UK or to France and people all over the world? What was sort of the scale of that?
Skyper:
Well, unfortunately, in Germany, telephone calls were not free. Local calls were not free. So before 6:00 AM, it was half-price, and after 6:00 PM, it was half-price.
But during the day, it was prime time. You paid good money to make a phone call, and every 12 minutes it would be another unit of money that you had to pay that you were billed for.
So one of the struggles was how can we make this cheaper because our parents are not happy that we ramp up these telephone costs. So ultimately, we got into blue boxing and how to manipulate the phone network, to trick the phone network to allow us to make phone calls, but not charge us for it.
Nathan Sportsman:
We had a recent interview, and one of the individuals said that games and cracking was the gateway drug to ultimately phreaking and hacking. Does that resonate?
Skyper:
Yeah, I agree.
Nathan Sportsman:
So you’re starting out, you’re cracking these programs, but you’re having to make these long distance calls. Your parents are seeing the bills, and so you got to figure out how to get around it.
Skyper:
Yeah.
Nathan Sportsman:
You had mentioned your father actually taught you one of the first…
Skyper:
He did, yes, and at that time, I’ve never heard of the term phreaking.
I was, I think, 11 years old when he told me that when he was a child, he had a friend whose father was working at the German telecom. And he told them that there’s a trick where you can make free phone calls from a public telephone booth, but they could never figure out how to do it.
And he vaguely remembered 30, 40 years later, and he only told me there’s a way. He doesn’t know how, something to do with the hook or something. He didn’t remember.
But that’s all I needed to hear was that there was a way. There is a way you can make free phone calls from a telephone booth.
So me and my friend, we just went to the telephone booth, day after, day and tried to figure it out, and eventually we did. We did figure it out to make free phone calls from the telephone booth.
Nathan Sportsman:
Are we talking about red boxing, or is this something else?
Skyper:
I don’t know how it was called back then. It was not red boxing. I think that didn’t work in Germany, or we didn’t figure it out.
In Germany, or the village where I worked, was much easier. When you took the phone off the hook, you had the guard tone, the dial tone, but the keypad was locked. So the keypad only unlocked when you put coins in there.
Nathan Sportsman:
Right.
Skyper:
But because we are not digital back then, we were analog, so every number that you dialed would be an interruption in the voltage line. One would be one interruption, two would be two interruption and so on. It’d be very quick, dot, dot, dot, dot, dot, dot, dot, dot, dot, dot, dot. And it would, how the switch would recognize which number you want to dial.
Now without putting coins in, that dial pad didn’t work. But if you click the hook very quickly, you could dial that way. So we figured that out. And growing up in a small village where the phone numbers were four digits long, it was very easy to make free phone calls.
And unfortunately, we told all our friends. Even the teachers knew at our school that we could make free phone calls. So sometimes they would ask us, “Can you ring the mom of so-and-so?” And so they would send us out to the public telephone booth, and we would call the mom to pick somebody up or whatnot.
And unfortunately, the telco found out, and they closed all the telephone booths and put a sign up. “Vandalism has ruined this telephone booth,” and that was the end of that.
Nathan Sportsman:
Did your dad know that you had figured it out?
Skyper:
I don’t think I ever told him, no. No. I may have, I don’t know.
Nathan Sportsman:
But ultimately sharing that information-
PART 1 OF 4 ENDS [00:24:04]
Skyper:
No, I may have, I don’t know.
Nathan Sportsman:
But ultimately sharing that information, it got too widespread that the telcos figured out what you guys were up to.
Skyper:
That was my first experience about leaking zero-days, not a good idea.
Nathan Sportsman:
We’ll definitely touch on that. And so outside of that trick, calling these BBSs, were you starting to, I think you had mentioned blue boxing, you were starting to look at other ways that you could make…
Skyper:
Yeah, that was then later when I was 16, 17, maybe even 18, when we got into blue boxing, we figured out blue boxing. Sorry, just to explain to the audience what blue boxing is. In the olden days, the telephone exchanges, they would use certain frequencies to communicate with each other. And because your telephone effectively is just an entry point to the telco network we could fool the other switch that we are a switch ourselves. Our telephone is a switch now. And we do this by playing certain frequencies into the telephone line, 2,600 hertz, 2,400 hertz, 2,300 hertz. And the challenge then was to find a way around these filters, the frequency filters that the telco stored. And you would come up with weird frequencies, not like sinus waves, but square waves, and you would intermix them with other frequencies so that you could overcome the filter but still be recognized by the telco switch as a valid frequency. So there was a lot of trial and error figuring these frequencies out.
Nathan Sportsman:
And so you could literally manipulate the phone system by just playing those tones into your…
Skyper:
Yes. Yeah, that’s it. In-band signaling was the Achilles heel. And later we see this was buffer overflows and malloc exploitation.
Nathan Sportsman:
Yes.
Skyper:
The same in-line things.
Nathan Sportsman:
And the telcos just could not see that something illegal was happening? There was no risk of being-
Skyper:
Probably they knew that we were doing it, but I don’t think we were too big of a problem for them to take care of it. It was shared among friends. Big blue boxing for everybody stopped because they installed the filters and it was just the handful of people who had the spare time and the keenness to figure out how to get around these filters. So there are not many of us around, so I just think we were just not a big enough problem for them to really address.
Nathan Sportsman:
So whether you wanted to call inside of Germany, or maybe to another country, you would pick up the receiver, play those tones, and then ultimately have the modem then dial after that where it wanted to go. And it would be that connection would be free at that point.
Skyper:
Yeah, you would switch. In fact, it was easier to, we call it breaking a country or breaking a switch. It was easier to break foreign countries, not Germany, because Germany at that point was already SS7, it didn’t work in Germany. So we would use home country direct numbers, which are toll-free numbers to other countries, and then break these countries, manipulate the switches in their country. And it comes with a great advantage that this is then, at least we believed, it was an untraceable call because you would just appear as a switch. You would be not part of any telephone record that this phone call ever took place. And so, yeah, we would bounce through these other countries from one switch to another, and then call back to Germany, or call back to America and download wares and communicate with people for free, to the great relief of all parents.
Nathan Sportsman:
This notion of a gateway, was that a gateway further into phreaking, where you were actually looking at X25, which I guess would come later, like TIMENET, or any of those things? Or was it just for making free calls and the phreaking stopped there?
Skyper:
That was, for me, it was just for making free phone calls, just being able to stay online longer and communicate longer with people.
Nathan Sportsman:
Did you start to form communities, or friendships, or anything like that?
Skyper:
Absolutely. Yeah, absolutely. Yeah, I did it together with a good friend and we’re still friends today. We both joined TZone in the end, a hacking group, we’ll come to that much later. But also back then I could see that already people were exploiting it for financial gains. There were people who would call other numbers and they would get paybacks when they call these numbers, but I was not into that. So people were also in the phreaking scene having criminal intention to make money from it. It was very sad to me to see.
Nathan Sportsman:
And you would encounter these people on these bulletin board systems. Would these also be kids, or people that were older?
Skyper:
They were mostly kids. Yeah, mostly kids.
Nathan Sportsman:
And the individual that you had mentioned on Tzone, we’ll definitely touch on it, but he grew up in your town, or you found that friendship through these-
Skyper:
No, he grew up in my town. Yeah.
Nathan Sportsman:
Oh, wow. Small… Okay. And so and he went down this path together?
Skyper:
Yeah, we did. Went to university together, joined TZone together.
Nathan Sportsman:
And you still keep up with him today?
Skyper:
Yes, of course.
Nathan Sportsman:
When was the last time you saw him?
Skyper:
10 years ago. Maybe longer.
Nathan Sportsman:
But you still keep up via emails and stuff like that.
Skyper:
We do, yeah.
Nathan Sportsman:
Okay. In terms of calling and using blue boxing and getting around these filters, how old are we talking about now? Are you 15, 16?
Skyper:
We started when I was 16 with blue boxing, but that stayed with me until the year 2000 or 2001. We were still do blue boxing then. Even from university, even that we had fast access to the internet, we still enjoyed to use blue boxing just because we believed it was untraceable, more secure to do blue boxing than using the university’s internet.
Nathan Sportsman:
In the States, when you turn 16 the big thing is you want to get a car and have that freedom of motion and freedom to be able to go anywhere. Did you have any desire like that? Girlfriends? Relationships? Or was it really starting to go more and more all your time was towards hacking? What did your life look like outside of the computers, growing up?
Skyper:
Yeah, when I grew older, and we are talking about 17, 18 and starting university, I was more interested in computers. It was not that I was, people would say it’s socially awkward, but I didn’t feel awkward about it. I thought it was great. I thought there were great problems to solve. I was excited about it. I got bored meeting people. I was bored meeting people and listening to them talking about the weather, or where they went last, or what they had for dinner. I just didn’t have the patience. My mind would wander off, wanting to think about these problems that are puzzles to me that wanted to be solved.
Nathan Sportsman:
Yeah, talking small. I have social anxiety and a lot of it has to do with having to come up with conversation for things that I don’t particularly have interest in.
Skyper:
Yeah.
Nathan Sportsman:
And so the phreaking, you’re cracking wares, did you start to touch on hacking at all in high school, or did that start to pivot more once you got to university?
Skyper:
We manipulated the computers of our teachers already in school because we used his computers to dial out. His computer was the only one that had a modem so we would go into his computer to dial out. And I think once we forgot to turn off the tone so the whole thing would start dialing di, di, di, di, and the whole class was like, “What’s going on here?” And we were like, “Shh.” But back then we didn’t really understand that this was hacking. For us it was just we were bored, we wanted to dial computers, and we did.
Nathan Sportsman:
Did you know at that point, okay, computers, computer science, something with this is what I want to do with my life?
Skyper:
Yeah, I knew I wanted to study computers, computer science, yes. I wanted to study computer science. In fact, at that time, they would send these guys to your school, to come to your school and they would advise you what you should do in your life. And he would advise me, “Don’t go into computer science. There’s no future in computer science.” And I couldn’t believe it. For me, that was everything. And clearly there was great future in computer science, and so I did. I searched around what’s the best university in Germany, and that’s where I wanted to go. I didn’t know where it was in Germany, booked a train ticket, was surprised that the train took six or eight hours. Saw oh, that’s quite far away. Came out of a train station, looked on a map where am I? And it’s like, oh, I’m all the way down here. Okay. It was a great time. I didn’t care where it was. I just wanted to go to the best university.
Nathan Sportsman:
But you have a point of view. You know what you want to do. You found your passion. You know what the love of your life is.
Skyper:
Yes.
Nathan Sportsman:
And there were things in your notes that you had mentioned about, don’t talk, right? And whether it’s the phone thing that your father had found, or other things, don’t trust the government. Was that point of view beginning to shape in high school, or is that into…
Skyper:
That was before that. And these are the rules of the phreaking scene. Obviously the phreaking scene suffered when the telcos installed all the filters, and they ruined blue boxing for most of them. So there were these rules, don’t talk, don’t brag, don’t go to conferences, don’t publish anything, certainly not under your name. Stay hidden, stay under the radar and just enjoy blue boxing. Certainly don’t trust the government and don’t trust the telcos. Back then the telcos were controlled by the government. They were by the government, they were the government, so they could effectively decide how easy we could get access to information. The government did make it more expensive or cheaper, give us free phone calls or don’t give us free phone calls, so we didn’t like that. As children we thought this should be free.
Nathan Sportsman:
And what were the experiences that was forming that view, particularly on the government? Because in the notes you had also mentioned, you figured out you want to go to university, you want to study computer science, and I think one of your friends said he wanted to work for the government and that took you aback a little bit.
Skyper:
That came later. So when I grew up in Germany, we were growing up in an environment where Germany had a very early experience with terrorist groups and so Germany would come up with Draconian laws to be allowed to snoop on people, and follow them, and read the messages and monitor them. So there was already this feeling that the government is not the nice guys. They’re not your friends. They’re here to snoop on you. They make your life hard, even though we’re no terrorists, we were not, but they would be the scary guys. So yeah, that certainly shaped my opinion of the government.
And then in later life, I think it was past 2000, I met a friend who told me that one of his biggest dreams is to work for the government. And it took me by surprise because it was a different upbringing, I guess, than I had. But I also accepted that we are all different, we all have different experience with the government, and he was lucky enough to have grown up in a country where the government was not seen to be evil and nasty, so I had to accept that.
Nathan Sportsman:
There is, and tell me if this resonates, after 911 in the U.S. I remember there was a level of fervor that happened. We had been attacked and people were very focused on retribution. There were very focused on wanting to go to war. And I remember, and this has always stuck with me, I remember watching the news and people that were even just speaking out against the war and what we were doing, the FBI was showing up to talk to them, to understand did they have relations with terrorists? And it felt like in trying to protect the citizens we were overextending on becoming a watch state or a nanny state. Was that what it felt like? That they had these terrorist groups, they wanted to keep things safe, and so in order to do that they started to apply the same practices that maybe you would see in Eastern Germany or in the Soviet Union.
Skyper:
I think there are some similarities, yes. I think it was Bush who famously said, “You’re either with us or you’re with the terrorists.”
Nathan Sportsman:
Yes. Right.
Skyper:
And I thought, well, I’m with neither of you. I think you’re both idiots.
Nathan Sportsman:
It was binary, very black and white the way that they tried to paint it. And so were there specific experiences, either growing up, adolescence, or in university, that shaped that view?
Skyper:
From childhood I don’t remember specific instances, but it was just almost hearsay and word of mouth, this is what the government does. Our parents would tell us the news, what’s happening, and even though they’re very pro-government and a very conservative household, I would hear these stories but I would not necessarily agree with them. So this I think is what shaped my opinion.
Nathan Sportsman:
And so coming into university, you now have internet access and a decent amount of bandwidth. And I saw that-
Skyper:
Yeah, 10 megabit.
Nathan Sportsman:
10 megabit.
Skyper:
That was as fast as it gets.
Nathan Sportsman:
And you said something to the effect of that, “IRC and EFnet was our hood.”
Skyper:
This was our hood, yes. This is where we linked up with everybody. This was our realm. This is where we talked.
Nathan Sportsman:
And so is that where some of these more formative relationships, whether it was more individuals from TESO or a lot of the groups that we’re going to talk about, is that where those formations began? Was that university?
Skyper:
Absolutely. I mean, suddenly you had almost 24 hour access to all this information, to all the people you could talk to in real time. You didn’t have to wait six days to get a reply from someone in Australia, you could communicate with them real time.
Information exchange, exchange of ideas, was so rapid. And we would try to, healthy competition, outdo each other. Who has the biggest ideas, greatest ideas, how we can improve on somebody else’s work to make it better and faster and more efficient? And that was amazing time, amazing time exploring these computers, doing things that the computer and the programs were not supposed to do and figuring these things out. There was barely any documentation back then. There was not easy access. There was no Google, right? Can you imagine a world without Google? And without Wikipedia? You had to research everything. You had to go to the library to borrow books and read them and study them, and study them again because some of these books had mistakes and they were not reprinting books just because of some mistakes. So you had to read a lot of books, ideally all the books, to figure out, okay, how does this really work? And then play with it.
Nathan Sportsman:
You mentioned Australia, and I’ve just seen this consistently over and over again in these interviews, someone from the U.S., could be from the U.K., Germany, Australia. I’m trying to think of a different instance in where not only information is free and unfettered, but so are relationships across all these countries, across all these geographical boundaries. I can’t think of another instance where people are being able to interact with each other all over the world and where they grew up, what country they live in, that fades into the background.
Skyper:
Yeah, and it didn’t matter to us. It didn’t matter to us where you’re from, which nationality or which religion, which skin color, which beliefs you have, it didn’t matter to us. The only thing that mattered to us, if you can take our ideas and make them better, you can contribute to our knowledge.
Nathan Sportsman:
And so this community that formed, what would you define as the core values, the things that each of you all agreed to and believe in?
Skyper:
I think the common thing was that we wanted to try things out and do things that the manufacturer didn’t know you could do with their program, or their hardware, or their protocols. Just to take them to the limit, push the envelope to somewhere where it was new, unknown territory. Do things that people haven’t done before, and play around with all these protocols and programs and see where they break.
Nathan Sportsman:
Your common cause was the desire for learning, for intellectual curiosity to push the boundaries, and so let’s just dive into those groups. You’re at university. Can you talk to me about all these names that are in your intake, the TESOs, the ADMs, and just what that entire web of relationships looked like?
Skyper:
I think all of these groups were born on IRC. This was, as we said, it was our hood. This is where we hang out.
Nathan Sportsman:
And IRC is?
Skyper:
It’s an Internet Relay Chat. It’s like the WhatsApp, but on a text console. And you would join and communicate. You would form groups and you would be invited to a group. There was a key to the group. And if you don’t behave or people didn’t like you or you would just not cool enough, they would kick you and you would be out of the group. And then you had to ask somebody else for the key, the secret key to get back into the group. So this group, this is where we hung out, this is where we spoke and talked and socialized.
Nathan Sportsman:
It’s like you said, like a group on WhatsApp or a channel on Slack, what people would use today.
Skyper:
Yes. It’s very similar, but far more fun.
Nathan Sportsman:
And so is that how you started to get exposed to these?
Skyper:
Absolutely, yeah. So they were where we would talk, and this is where these group were formed. And various groups got formed. TESO is one of them. THC ADM, LSD, Last Stage of Delirium. They’re all hacker groups where they discuss these techniques and tricks that they had, and build these exploits, developed them and researched them.
Nathan Sportsman:
So these groups, and if we really double click on TESO, so my understanding is TESO was a group you were in, among other groups as well. But what was TESO’s first principles? What did they focus on? How did they spend their time? Where did the stuff that they did go?
Skyper:
There was not really a game plan for TESO, there was not, there wasn’t. We were all individuals doing our own things that we enjoyed, but the common thing that we were all interested in was exploring things and not doing criminal things, not to be destructive. We didn’t want to break things. It was not our interest. We didn’t want to deface things. It was not our interest. We just wanted to research, and I think that attracted people to TESO. Or the people who joined TESO they knew that, that we were not there to become the next generation of script kiddies taking down web servers.
Nathan Sportsman:
And for me, I remember I had mentioned to you yesterday, I worked at Sun Microsystems for a little bit. And so some of the stuff that I was doing, it was always just fascinating. The idea that I am a kid, I’m 18 or 19, there’s someone that’s probably in their 40s or 50s that’s a hardcore engineer that developed this thing, and here I am able to get around it. Was it the pursuit of that? Were you trying to showcase how vulnerable things were to make them better? Was it some combination? I mean, what drove the team to want to spend their time doing hardcore research and then publishing it?
Skyper:
Yeah, I think there’s a lot of satisfaction of figuring shit out. It’s stimulating to the brain, understanding how things work. So when you take a look at any kind of user interface that you have, the user interface is always like a door that limits the ability what you can do with the actual API that’s behind that interface. So if you look beyond that and explore the API, and if the API tells you you can insert any value between one and 10, then naturally you would think, well, what happens if you insert zero? What happens if I insert minus one? And things would happen, and these things often give you an advantage.
Nathan Sportsman:
And then the TESO name itself, how did that get picked?
Skyper:
It was initially four members of the Hack RC Channel, and this was Typo, Edi, Stanly and Oxygen. And this is where the name came from because they were the four initial members who split up from the Hack RC Channel and created their own group.
Nathan Sportsman:
And so these four, they formed this group, they’re out of Pound Hack. Where do you come in? Was TESO the first official group that you had joined? And if so, what did that process look like? How did you get clicked up with these first four founders of the group? And when did you get involved?
Skyper:
I don’t even remember how it happened. It’s just one day I was in the channel and we were just having a great time all together, and everybody was throwing around ideas and we were doing these things together. Eventually we all specialized a little bit. Some people would be more going down the exploit development and research part, the other subgroup would go more the network exploration path, then one guy was running the infrastructures, but in the end it’s all overlapping. We all had skills to do almost everything, but we had really good skills doing our speciality.
Nathan Sportsman:
And at the beginning, at the height of the group, how big would you say it was? How many members?
Skyper:
At the height of the group, maybe 12 members, core members. Yeah. Reasonably small.
Nathan Sportsman:
Publishing a lot of research for that size. And so what were some of the biggest things that you were most proud of that TESO either researched, or just experiences, whether they’re hilarious or epic, just things that you saw while you were in that group?
Skyper:
Think the SSH exploit is one of the best exploits, or most important exploits ever been, just because SSH back then was used, it still is used, to get into almost every server. Every administrator used it. And that was the first big remote exploit, which worked reliably among most of the servers on the internet. So suddenly you had this power that you could enter almost every server you like. I think that was a very nice and beautiful exploit.
Nathan Sportsman:
And so for those that aren’t familiar with SSH, I don’t know if this is a good analogy, but you might log into a Gmail or to a bank, you have to provide a username and password to get access to functionality. SSH is a administrative interface where people can log in to access a server, and it’s supposed to be encrypted. It’s supposed to be secure.
Skyper:
Yes, secure and encrypted. Unbreakable. And it allows normally the administrator to lock into the server, to access the server security and modify the server. Now with this exploit, which is the tool to attack this server, we were able to enter that server without the password, without the credentials, without that administrator knowing, without us showing up or creating any logs, we were just able to modify the server, change the server, without anybody knowing.
Nathan Sportsman:
And it’s a big, big deal. I mean, we use SSH to this day because it’s a remote access that is typically oftentimes visible on the internet. And so finding that zero day in SSH, a lot of systems that are just on the internet were immediately vulnerable and couldn’t account for it.
Skyper:
Immediately. Immediately vulnerable and firewalls were not really used. People just blindly assumed SSH is secure, it doesn’t need to be firewalled.
Nathan Sportsman:
And so something like that…
PART 2 OF 4 ENDS [00:48:04]
Skyper:
… secure. It doesn’t need to be firewalled.
Nathan Sportsman:
So something like that, how do y’all… because what we had talked about previously was the minute that you had told too many people about the clicks on the payphone, the telco found out and then they shut down the payphones. What’s the rubric for deciding, “Should we just keep this to ourselves? Because the minute that we release it, one, people are going to take advantage of it too, but they’re going to close it. They’ll patch SSH.” How do you decide something like that?
Skyper:
Generally you would keep it secret. You would only start publishing it if either someone else has published it, you exploit leaked, or they were fixing it either because they found out that you had an exploit or they fixed it by coincidence, sometimes bugs die because the guys didn’t even know they were fixing a bug. It just happened that they destroyed a bug. They killed a bug. And so, then you could publish your research. But surprisingly, the SSH exploit stayed zero day for some time, and it was great fun to have on the internet. It was only shared among some groups, a handful of groups.
Nathan Sportsman:
It was TESO sort of research, but other groups, that-
Skyper:
Other groups as well. So, there not… TESO does not claim ownership on the SSH exploit. Other people had exploits as well. I just think the TESO exploit that TESO did was the most reliable one. And it was just a beautiful exploit. But other groups had the same or very similar exploit, the exploited the same vulnerability. The vulnerability was more known than the exploit.
Nathan Sportsman:
And so, you mentioned, one of the things I saw in the notes, it was almost like a rite of passage or a badge of honor that oftentimes people would join these IRC channels.
Skyper:
Yes.
Nathan Sportsman:
From…
Skyper:
I think we have to explain that. If you go on IRC, you would show up with the IP address or the domain name of where you are coming from with your source IP or source domain name. So, even before the TESO exploit and the SSH exploit, it was almost a rite of passage to show up on IRC with a cool domain name.
Nathan Sportsman:
In a domain name. So, if I work at Apple and I show up to IRC because I’m at Apple, my domain name might be nathan@apple.com.
Skyper:
Apple.com, yes. So, if you would then show up on IRC and you would come from army.mil, it effectively means that you’re on the army.mil server, because that’s the only way how you can get… can you show up on the IRC with the army.mil domain. So, that was a cool thing. I think a lot of people who were on IRC were spending a lot of time just to show up with cool domain names.
Nathan Sportsman:
And whether it was a .gov, .mil.
Skyper:
.gov, .edu, .whatever cool domain names.
Nathan Sportsman:
Showcasing that you have compromised that network, installed a client, and now you’re hanging out on IRC from their network?
Skyper:
Yes, from their server.
Nathan Sportsman:
And so, this SSH vulnerability, it could be used for shenanigans like that just for tongue in cheek, but also it could be used for more nefarious purposes. Was there anything that you were ever made aware of that you saw where like, “Oh wow, this thing that has been with us for a while, but then ultimately in the public domain.” You got to see some of the effects of that being used?
Skyper:
Yeah. The script kiddies entered the hood, and they were very keen of getting the exploits from us, and we were not very good at not leaking. It just happened. If you share something among three friends, someone will share it with a fourth friend, and that fourth friend will shared with two more friends. And before you know it, to nobody’s surprise, these things leak. And then kids came along who would publish them. They would get fame out of publishing zero days, they would get news articles. And TESO got quite upset when one of their zero days got published on one of these sites. So, one member of TESO decided to DDoS them.
We were not into DDoS at all, but he just couldn’t take it. So, he DDoSed the site. It was a site in South Africa, hack.co.za, and took the site offline completely. And even when he stopped the DDoS, the site was still offline. It was a bit of a surprise because normally they come back up, but this one did not. Only years later, eight or 10 years later, the guy told us TESO actually physically burned one of the switches. It just overheated. And just the entire server center was down.
Nathan Sportsman:
DDoS attack. So, distributed denial-of-service, which is you’re basically, you’re doing one of two things. You’re either flooding the network with traffic or you’re exhausting the resources on the servers themselves, where the site server, whatever, it is, it just becomes not operational, it’s not available. You’re effectively taking it down?
Skyper:
Yes, you overload it.
Nathan Sportsman:
Yeah.
Skyper:
You overload it. You have a bigger gun, you have more servers. You have a bigger pipe than the server center, and you flood it with random requests. And the server center just is overloaded. And if you haven’t calculated your energy consumption for your switches and the air conditioning requirement, then these switches burn. And apparently that’s what happened in that server center.
Nathan Sportsman:
And so, this SSH exploit, your version, it was one of the more stable, it was reliable. It just executed flawlessly. In terms of epic experiences or even funny stories, what’s some of your more memorable moments for the time that you ran around with TESO?
Skyper:
There were so many memorable moments.
Nathan Sportsman:
Was that the group with the casino or was that separate?
Skyper:
That was a separate activity end. As you know, a lot of these groups intermixed, and there was always these guys who are not member of any group, but they would still be friends with many members who are in groups. And it was one of these guys who approached me one day and asked me if I can help him with a specific problem about a casino. He wanted to figure out how he can perhaps cheat the casino and ultimately came down that he could manipulate the random number generator. And so, when he would play in the casino online, he would just be a little bit more lucky.
And I think he tried to make a little money from it, maybe a hundred or thousand dollars or so. And he did, in the end he won and he was very happy, but the casino never paid him. And because he compromised the casino as well, he was reading the administrator’s emails and the CEO’s emails, the administrator and the software developer would say, “This is not possible. These guys cannot win because we already rigged the system that nobody is supposed to win.” So, he never got paid, but he tried to steal from the criminals who were already more criminal than himself.
Nathan Sportsman:
Wow. And so, on the TESO side, you’re doing all of this research. It does have an effect. You’re not worried at all though that either governments are going to start taking an interest in you, or even for the purposes of the script kiddies, you would, if you have a team of 12 that’s doing that sort of hardcore research. Some of it’s published, but some of it’s probably held back. It would feel like that team would be a target for nation states or whoever would want access to those capabilities to use them. It could be a black hat hacking group, but is there any-
Skyper:
It could be, but I think we were too early for that. The government was really not up to speed. But we were doing. Later it came that the government approached THC and perhaps other groups as well and they asked for information. One particular instance, I created a server back then called Sack Vault, where we gave free UNIX shells to just researchers, and we wanted to move the server to a cheaper server center. And the server center told us, “Oh no, don’t. We are a big fan of you. We now pay your bills.” For us, it was a clear setup that the authorities were listening on our communications. And so, we moved it very quickly.
Nathan Sportsman:
And this is sackvault.net?
Skyper:
Yes.
Nathan Sportsman:
Giving root shells out to hackers?
Skyper:
Yes, yes.
Nathan Sportsman:
So, TESO is one of the more prolific groups that I certainly remember from back then. They did a lot of cool stuff. But there’s a lot of these other groups, ADM, HAGIS, Fluffi Bunni, that you mentioned, we were talking about off camera, but I watched The Wolves Among Us, I think was the Devcon talk with UNIX terrorist, I think Silvio, was he in TESO? Was he at ADM?
Skyper:
Yes, he was in-
Nathan Sportsman:
Floated around a little bit?
Skyper:
They were floating around, yes.
Nathan Sportsman:
It felt like that there were somewhat of cliques with groups and a level of animosity between groups. Was that just hyped up from that presentation or was there rivalries between these various groups, whether they were black hats, gray hats, or whatever the case was?
Skyper:
So, that movement existed before the talk, and the problem was that security researchers joined the scene and they didn’t really do their own research. They just took things from the group and published them or used them in the companies and made money from it. And it upset a lot of people. A lot of people in the scene got upset about that because no credit was paid to them, no reference was made that somebody else created that research first.
Nathan Sportsman:
Wouldn’t that be grounds for immediate dismissal from the group? Would the group kick people out for doing that stuff?
Skyper:
Yeah. But it didn’t always happen that way. And there were some groups who would tolerate that and other groups would not. And because people were going in and out from different groups, it felt like it was hard to control because people talk. And so, things that you didn’t want to have published ended up being in the hand of some corporate who would make money from it.
Nathan Sportsman:
Okay. And so, there was some sort of groundswell that was happening, some sort of buildup that was starting to create schisms in the groups. And before we talk about Phrack High Council and ~el8 and some of that stuff, what other groups were you a part of in this collage of all of these hacking groups? What else were you-
Skyper:
If I recall, I was part of HERT, which was probably the first group I joined, which was the Hacker’s Emergency Response Team, which was just a funny name, just a counterweight to the CERT, which was back then founded the Computer Emergency Response Team. And the French gentleman who founded HERT had the opinion, rightly so, that these guys at CERT don’t know much and are not up to date. So, he wanted to have a similar organization, but for the hackers to research these things and publish these things.
Nathan Sportsman:
Was that something you were involved with at the very beginning or-
Skyper:
Yeah, with HERT I was, yes. So, there it was HERT, there was SACFOD, obviously we were on our own subgroup. We had the IRCS Network, which was the first encrypted IRC network, which we hosted. We had over a thousand people. Back then, that was a big number. TESO, of course. And then, yeah, we were floating in and out of these groups as individual members. There was not really a hostility among these groups. You were pretty, pretty welcome, most of them. They were all friendly.
Nathan Sportsman:
Is my understanding correct, you were a member of multiple groups simultaneously, so the time you were in HERT, you were still in-
Skyper:
Yeah. And that was rather normal.
Nathan Sportsman:
And with HERT, was it a similar thing where you would just meet these people on EFnet, Pound Hack, they’d get to know you, understand that?
Skyper:
Yes. And often these groups also provide different things. They had maybe different infrastructure. They had different access to different systems. The architecture. So, very important is when you do exploitive or any kind of research, you need to test it somewhere. So, you need access to the vulnerable systems, or you need access to certain computer systems. And these groups would have access or they would provide these servers for you to test on. They would provide mailing lists and infrastructures just to use your research.
Nathan Sportsman:
I guess from a philosophical standpoint, the argument was, look, the people that know how to do this are already doing this. We’re just making the information available to those to try to increase awareness. Is that how you thought about releasing these O-Days?
Skyper:
No. I think it was a terrible mistake to release O-Days to the public because ultimately they were taken by script kiddies and used as weapons to destroy things. And that created a lot of noise on the internet. It created a lot of noise in the media that they would take down big servers and deface them, and was not in our interest. When the script kiddies showed up and started to do the mass owning and botnets, that was a terrible time for us.
Nathan Sportsman:
What is a botnet?
Skyper:
Oh, a botnet. Okay. If you have to explain that, a botnet is when you compromise many, many machines and you install a certain type of software called a bot, and you could instruct these bots remotely to execute commands simultaneously. And often this command would be flood the server. So, you would tell your 1,000 or 10,000 or 80,000 hosts, on this day on this time start sending packets to a target, and it’ll likely take the target down. And there was a big run to create these huge botnets by these script kiddies because they wanted to take down other people, they wanted to kick them off IRC. That’s what it was about.
When an IRC network splits, you have this opportunity that you can recreate a channel that was key protected because the key is now gone. The key is on the other side of the network. And then when it rejoins together, you would join the channel without knowing the key. So, it merged. And so, people were just doing that, just flooding servers. It was disruptive because they got a lot of media attention. The media put all the hackers into a bad light. They considered these script kiddies are hackers, which they really were not. They were not doing any research. They were not interested in intellectual ideas. They were just there to cause trouble really. And in TESO, we didn’t like that. We didn’t like the media attention. We didn’t like that people were using our exploits to do bad things.
So, there was a subgroup of TESO that formed and decided to go after these script kiddies, to take down their bot networks, which we discussed earlier with the flood networks to mount attacks against other servers. And so, TESO did. And TESO spent many, many man-hours, weeks taking down botnets, thousand, 10,000, 100,000 host strong and just automatically locking into these systems on the internet, removing the bot software and fixing the vulnerability that the script kiddies used to get access to the servers. So, there are a lot of admins out there who don’t know that TESO fixed their networks and TESO fixed their computers and updated their software.
Nathan Sportsman:
So, you kicked off the botnet herders, got them out, patched the system so they couldn’t get back-
Skyper:
Patched the system so they can’t get back in. And then to us the world was safe again. But ultimately we lost that. The overwhelming number of script kiddies showing up was so huge.
Nathan Sportsman:
There was just too many of them to-
Skyper:
There were too many. And we were just a group of three, four people who were trying to take on these thousands of script kiddies who entered the scene. It was impossible.
Nathan Sportsman:
Yeah. But that’s still very admirable and very cool. That’s awesome.
Skyper:
Yeah. Foolish but..
Nathan Sportsman:
It’s still very cool. Still very cool.
Skyper:
Yeah. But TESO eventually stopped being TESO. People just went different ways, and-
Nathan Sportsman:
Why do you think that was? Just people just getting older and growing up, or?
Skyper:
People getting older, people growing up, people didn’t have the time anymore. And also at that time, in 2002, 2003, they got bored of it. They have done the exciting part. Now they saw big corporates moving in, lots of researchers moving in. It was just not new enough anymore. TESO liked to do the new things, the unknown things that people haven’t done. In 2003, 2004 that was finished. And so, TESO, people went different ways, maybe formed different groups, formed companies and found excitement in that. But I was lucky enough that I joined THC and found a new home there and continued research doing with these guys.
Nathan Sportsman:
And THC, very famous and prolific tools. What were some of the bigger tools that they created?
Skyper:
I think six or seven tools are part of the Debian distribution.
Nathan Sportsman:
Debian be a version of Linux?
Skyper:
Linux, yes. Most Linux are based on Debian. They all come from Debian ultimately. And some of the tools, Hydra, THC Hydra is a brute-forcing tool.
Nathan Sportsman:
I used it.
Skyper:
Yes. There’s IPv6. The first IPv6 attack framework is done by THC as a map, THCA map, which later also inspired some features in NMAP. Yes, AFL, Fuzzers. They create a lot of tools.
Nathan Sportsman:
Can we talk about Phrack a little bit?
Skyper:
Yes, please.
Nathan Sportsman:
Mike Schiffman, he is involved as the editor-in-chief, I think from ’96 to 2000. But you feel that Phrack is in a certain state where it’s starting to, I guess, atrophy and you decide to take it over and start running it. Can you talk to me about that transition and how do you do that plus be in all these other groups and find time to sleep and everything else?
Skyper:
Yeah, so it was around the year 2000 when it just became apparent to me that Mike has done really well for Phrack. And it was a fantastic time when Mike was editor, but there was no release, no call for paper coming out for over a year. The web server was often down. He couldn’t get access to the magazines. So, I decided if there’s a good time to take over Phrack, then it’s probably now. So, I started looking around and playing with idea and started to acquire the domain name phrack.org and started to recreate the web server under a new domain name. Back then, Phrack was phrack.com, phrack.org was not associated with Phrack, but I got hold of the domain name and recreated the web server there, typed in all the articles into a database and got it all ready. And then asked internally in HERT and TESO and some other groups if they would be willing or excited to write the first articles among the groups, and then publish on a Phrack. And everybody was excited. And so we did.
Nathan Sportsman:
And then the servers being down before you stepped in and you took over, is there any commonality between that and a few years later with TESO where some of these just pioneers and trailblazers, to your point, they’ve been there, done that, they don’t feel it’s as novel and they’re stepping back? Is that what happened with Phrack or why do… because it’s so… We have the latest version behind this. It’s been around since ’84, something like that?
Skyper:
Yeah. ’85.
Nathan Sportsman:
’85.
Skyper:
40 years anniversary next year.
Nathan Sportsman:
From your perspective, what’s causing it to just slow down and start to wither?
Skyper:
I don’t know. And Mike would be the best person to ask. I just noticed the effect that it wasn’t publishing, and I knew that we had the skills among these groups to publish another great magazine.
Nathan Sportsman:
I think what you’re doing is great. And you are, in some capacity, still involved with Phrack in terms of the-
Skyper:
Yes, oddly enough, after having been hands-off for a long time, and the current staff last year contacted me and they said that they can’t release it anymore. They just, as you say, people have different priorities in life, and they wanted to shut it down. They said, “Maybe we do one more release and then call it a day.” And we got some of the old people, including Mike, back together, and we brainstormed together. “What can we do? Is it really finished?” And we decided, “No, no, no. This is not finished.” As long as there’s curiosity, there’s the need to publish and there’s a need for Phrack.
Nathan Sportsman:
It’s part of history. I think it’s important to keep it alive, so thank you for doing that. And so, that spirit, that innocence, there’s some sort of groundswell that’s happening among the security community. Some people are stealing other people’s work and claiming it as their own. Some people are releasing exploits and people are starting to wonder, should we be just releasing these for people to take advantage of? Can you talk to me about what happened? Because it looked like there was a period of time where the security community turned on itself and they all started hacking each other. At a high level, is that…
Skyper:
Yes, cannibalism.
Nathan Sportsman:
Yeah.
Skyper:
We call it. We were going after each other. And it appeared that some people were rightly or wrongly upset that no money was involved. You could get paid for zero days. You could get fame for zero days. You could release a zero date with the branding of your company, and it would make your company famous because it would show that your company has these skills. So, PHC and some other people decided that, “Let’s go after these hackers or researchers that steal from the community. Let’s dox them. Let’s show the community that they’re working for the government, that they’re working for big corporates, that they’re being paid for the tools that they steal.
And so, they did. PHC showed that it was important that the scene knew that, but ultimately they just caused also a lot of collateral damage to the community. For me, there were so many more bigger problems that I think we should have focused this manpower on rather than going after each other. There were big problems that needed to be solved. PHC initiated a witch hunt, and they were not just going after people who steal, they were just going after everybody they didn’t like. Everybody who wasn’t following their narrative was the enemy. And it scared a lot of genuine, good researchers in the community.
Nathan Sportsman:
And is that the same for ~el8, which was a similar group where they were trying to compromise researchers?
Skyper:
Yeah.
Nathan Sportsman:
Okay. And their Project Mayhem was the principle behind Mayhem to compromise these white hat researchers and take the research that they were publicly?
Skyper:
And expose them. So, not necessarily to take the research but expose them that they were leaking exploits to government, that they were leaking exploits to the media just for their own fame, for their own gain.
Nathan Sportsman:
What they were upset about makes sense. The way in which they pursued it maybe was counterproductive. How do you think time could have been better spent, or what do you think a better solution could have been to that issue or that challenge of people doing this?
Skyper:
Clearly stealing is wrong, but I felt that all this energy should have spent on one of the big problems that concerned us. It was free speech was a problem, there was firewalls popping up in some countries that didn’t have access to the free internet as we know it. I think this effort could have spent on helping these guys rather than going after each other.
Nathan Sportsman:
So, we talked about SSH and creating one of the most reliable exploits for something that was pretty prolific. What are some other-
PART 3 OF 4 ENDS [01:12:04]
Nathan Sportsman:
… pretty prolific. What are some other projects that TESO did that are interesting to talk about?
Skyper:
Yeah. So one of the struggles was always to find out which servers are vulnerable. And when you had a zero-day exploit and you didn’t know how many servers are affected, how much of the internet is affected, so it was a problem to us. I identified the problem and we knew we could solve it by just scanning the entire internet. And so-
Nathan Sportsman:
The entire internet.
Skyper:
The entire internet, all IP addresses, all IP spaces. To do that, back then, computers didn’t really had that much memory that you have today so you had to write an internet scanner that works stateless, doesn’t really keep a state, it doesn’t waste much memory. So we did. We scanned the entire internet. We created a database of all the banners, and so then when we had an exploit, we could just look it up, and we knew which servers were vulnerable. We knew what percentage of the internet was vulnerable. I think that gave us an edge over all the other groups because we just immediately knew.
Nathan Sportsman:
That’s insane.
Skyper:
Yes.
Nathan Sportsman:
So your friends, they were probably working on internet backbones or at ISPs or somewhere where you could be able to have that kind of pipe to do something like that?
Skyper:
Yeah. Many of our friends had jobs in the IT industry. They were not necessarily in the IT security industry, which doesn’t really exist back then, but they were IT administrators, some of the big backbones, and some of web administrators and some worked at universities. So they gave us access to these computers that normally are really well-connected, especially universities. They have really good connect to the internet.
And at the same time, we would monitor the mailing list and we’d monitor CERT. And emails would pop up that they detected a scan of the internet and really fast scan going on here and there. And then, when this happened, we would change the servers to a different server, and then the scans would appear from different server. And you could see the emails again popping up from CERT and advice would be for that there’s a massive scan on the internet going up.
Nathan Sportsman:
To give people that are watching context on bringing these two projects together, 60% of organizations today, in 2024, expose SSH to the internet. So you’re talking about greater than 50% of organizations could have been compromised with what you created.
And now you have this catalog by scanning the internet and you can quickly answer the question of, “Okay, we have this new zero-day for SSH.” What are all the servers that could be potentially exposing this involvement?
Skyper:
Not just SSH, but Apache, Vue, FTP, whatever service that was around, we could just look it up. Because not just did we scan the internet for which ports are open, we also grabbbed the banners so we knew which service version was running on the internet on which servers they were running.
Nathan Sportsman:
That’s insane.
Skyper:
Yeah.
Nathan Sportsman:
I heard a story, something about how you wanted to test it and you wanted to test it against ADM. Can you tell me a little bit about that story?
Skyper:
Yes. So, TESO found the zero-day in Vue FTP and wrote an exploit. And there’s no nefarious ideas. They just thought, “Let’s test it on our good friends at ADM.” And we were really good friends with them. People were moving among these groups freely. And we were testing one of their servers and we couldn’t exploit it. It was a bit of, to our surprise and we-
Nathan Sportsman:
Surprising because it’s a zero-day it should work.
Skyper:
It’s a zero-day, it should work. And it was the right version as well. The version matched, and yet it didn’t work against his system. And weeks later we told him and he said he knew about it. He also has a zero-day. He fixed it in his cell.
Nathan Sportsman:
And I think that point is so salient for people that question whether we should be releasing vulnerabilities or exploits when you hold back, all that’s happening is the people that are in the know, like someone else at ADM that has found the same issue, they’re going to be in the know and the public and the people that are running these servers are not. And that’s why we need to be open about these issues, disclose them so that people can fix them.
So 2000, 2004, TESO starts to break up. Around 2000 to 2004, maybe ’99, venture capitalists starting to enter into the equation. They’re starting to fund these security companies. Can you just talk to me about how you watched the industry, or I guess I would say not even an industry, a community, turn into an industry and how things changed and these people that you knew and where they went on and what they went on to do?
Skyper:
Yes. It appeared that many of these people from our groups started creating companies, not necessarily telling everybody else about it, but keeping it separated from the scene. And only later we found out that while these companies were actually created by group members of ours, by friends of ours. And then often we would start working for them and we’d switch between companies as well.
And it was a time when the term hacker was really not a nice term in the media. It was associated with script kiddies and people who do destructive things. And this famous thing that these IT security companies would famously say on the webpages, “We don’t hire hackers.” But yet the founders were hackers and all the hackers that I know were working for these companies
Nathan Sportsman:
To this point, I didn’t realize the level of magnitude of what you’re saying until we started creating the Miro board and seeing these relationships. And certainly academic institutions were a part of this. Certainly intelligence communities were a part of this, but the number of companies and founders that came from these hacker subgroups that went on to… It’s insane and the indelible imprint that those groups have had on our industry.
Skyper:
I think you will have a hard time naming a company that was not founded by a hacker.
Nathan Sportsman:
I guess a big question for you is how do you feel about that? When I was speaking to another individual, when their point was this, “When the money came in and things turned into companies and turned into revenue and P&Ls, we lost our innocence, the community got professionalized and something got lost with it.” Where do you lean on that point of view? Was it just inevitable? Did we sell out? What happened?
Skyper:
I don’t think we sold out. I think the industry grew from nothing. There was no IT security before ’97. It started. And the internet grew as well so security was necessary. And the internet would be in a sorry state it wasn’t for all the IT security companies who made it secure. So it was definitely necessary.
Nathan Sportsman:
And you were one of those, you founded a company.
Skyper:
Well, my first company that I worked for was an IT security company in Italy. And I wasn’t the founder, but I was one of the first employees. And I worked with many great skilled people there from all over the world. That was a great time.
Nathan Sportsman:
And was it 2008, 2009? Because ultimately from the companies that you worked at, even as a founding team member, you did go on to ultimately found your own company. Is that right? You guys did some epic stuff too?
Skyper:
Yeah, we tried to secure mobile phone communication. Back then, it was a time where you didn’t really had internet on your phone, so we would trick the phone into doing modem to modem calls with mobile phones. And using this what’s called the CSD network to encrypt the voice channel.
Back then it was very complex. Today it’s very easy to do. But we are one of the first who are doing that, and it was an exciting time. But ultimately, I think we were too early and the company ultimately failed for many different reasons.
At the same time, I had also had a natural interest to understand how their current network works, how it is secure. And there was an encryption involved already, A5/1. And ultimately, we managed to crack it. We managed to exploit it and to break the encryption.
Nathan Sportsman:
And to make sure that I fully understand. So, today on modern network, so you have a 5G network, which is what my phone is attached to if it’s not attached to the internet. Back then, the leading network was called GSM.
Skyper:
GSM, yeah.
Nathan Sportsman:
And you figured out a way to code break, to crack where the encryption where you could actually listen to someone else’s phone call.
Skyper:
Yeah, so there are two parts of it. One of the part was to create a radio receiver and the software for the radio receiver that you can actually pick up the signals from the air. Back then there were not many radio receivers out there that you could program. In fact, there was only one, the USRP. You could program the radio receiver. And then you had to find out the algorithm that the GSM used to dissect the signals, actually get bits out, ones and zeros. And then the second part of the project was to find a way how to crack that algorithm, how to decipher these phone calls without knowing the keys to crack the encryption.
Nathan Sportsman:
How did the telcos, how did the providers react to that research?
Skyper:
Well, firstly, we identified that the GSM association, the organization who was guarding the GSM standard and the technology, they were not really interested in securing the phone network. I don’t know why. There are conspiracy theories why not because maybe they were in bed with the government. I do not know. But there was no knowledge that they were fixing the network anytime soon. And it was slowly getting more and more known that A5/1 might not be strong enough, that certainly government might possess the technology to crack it. But I wanted to demonstrate that anyone can crack it.
Nathan Sportsman:
And by anyone, from a research that I’d done, we’re talking about 500 bucks and a laptop, is that right?
Skyper:
That was the idea, yeah. Ultimately, it was a bit more expensive of a few thousand bucks. And the first cracking device that we did, I think could crack a phone call in average of 12 minutes, which was a long time. But then it was one of these nice research projects that the more you dig into it, the more you focus on it and the more you bang your head against the problems, the more you get out of it. And we managed to bring it down ultimately to I think 256 cracks per second. This was down from one crack per 12 minutes to 256 cracks per second.
Nathan Sportsman:
And when we say, “Cracks and from one in 12 minutes to 256 per second.”
Skyper:
Yeah. Phone calls.
Nathan Sportsman:
Individual phone calls,
Skyper:
Individual phone calls that we could decipher.
Nathan Sportsman:
So you’re able to quickly do it at scale?
Skyper:
Yeah. Oh, that’s real time.
Nathan Sportsman:
Yeah. So this is why for me, this matters. And typically, businesses are not going to fix something on their own accord because there’s cost associated with it. So sometimes the best way to deal with these issues is sunlight is the best disinfectant. And showcasing to the public, you’re leveraging these phones, you’re leveraging this network, and it is not secure. We need to do something about it. And was that ultimately what your Dubai presentation was about, was just showcasing how you did it?
Skyper:
Yeah, I mean, we had no criminal intents with that. We did not want to listen to your phone calls. We were not interested. We had more exciting things on our minds. We wanted to do research. At that time, I was living in the UK. And there was already a story where a professor from Sussex, I believe, wanted to publish it and he was silenced by the government.
So I thought, “Okay. Let’s play it careful and let’s just get there. Let’s ask the government how they feel about it.” So I got invited to GCHQ and I told them, “This is what I’m doing right now, and I would like to publish it because I think it’s in the common interest that ultimately the GSMA has to get their shit together and secure the network. And the time is now to show them.” And they were okay with it. They were like, “Yeah, absolutely. Go for it. It’s great academic research. Go for it.”
Little did I know that the government is a big machine and not everybody you talk to is the person who calls the shots. So when I was at Heathrow, I was taken aside by I think six security officers with guns. And they would search my bags and take away my equipment that I was about to demonstrate at the conference. The organizer had to postpone the talk by a day. And a friend from the US flew in and he came with his equipment, and in the end we managed to make the presentation and demonstrate the technology.
But the real problem then happened afterwards because it got in the news that a researcher was arrested at Heathrow and his equipment taken away. And it didn’t put the UK government in a good light. So ultimately, the government came to my company and came to the venture capitalists of my company and demanded that I… Well, not demanded, but suggested it would be a right move and a good move if I would be removed from the company. So it’s a tough choice. Either you continue and you know you can’t because you’re dependent on the money of the venture capitalists. And then 50 families will go jobless and without food, or you leave. So I took the hard choice and I left.
Nathan Sportsman:
It’s speculation. Maybe the government just didn’t want it public because a lot of people would do this. Maybe they didn’t want it public because they were already doing this and they would lose a capability. Who knows? But ultimately, they took someone that’s just trying to put something in the public domain that I think the public should know about. And the end result is you’re losing your job over it.
Skyper:
Pretty much it. Yes.
Nathan Sportsman:
So how does that experience, and then going back to even your childhood, how do you think about the role of the government and what their responsibility is to society and where the line is for them?
Skyper:
Well, the role of a government is to serve the people. I don’t think they helped the people by delaying the security that ultimately did happen. And when 3G came along and now 5G came along, it’s a much secure network. WhatsApp came along and Signal came along, many secure messengers. And clearly to us back then it was very clear that security and encryption is the future. The citizens deserve it. We don’t want criminals to listen to our phone calls. And the government didn’t share that vision.
Nathan Sportsman:
How should I think about this in terms of where we’re at with cyber, how the government leverages it? Someone said, “It’s funny. We’ve made technology to the point of a dependency on society that it’s no longer an option, but we treat security as an option. And now there’s these ever-advanced actors that are leveraging this sort of stuff.” How should I think about all this in terms of where we’re at and where this might go?
Skyper:
It’s hard to say. I think we are probably in a better state now than we were back then. The internet exploded. Everybody’s connected now. It’s probably the internet is more secure now than it was back then. But also the attackers have gotten smarter. There’s money involved. There are ransomware groups. They’re not doing this for research. They’re not doing that to better society. They’re doing it for greed, to make themself richer. So yeah, we need to protect the citizens and make sure the citizens aware of the risk. And research and show them and make sure they understand that it is important to protect yourself on the internet.
Nathan Sportsman:
Right. And the people that are responsible for GSM standards or the government or the telco providers, they shouldn’t decide what the level of security is. Their customers and the people should, and they need to be aware of what the risks are. So then where do you see yourself fitting into this? We had talked off camera. We’re so radically focused in our work that we go through these episodes of absolute love and 90-hour work weeks to burn out, and we have to take a break. And from the notes I had read that you had stepped back and retired for a little bit, but ultimately you’re getting back into it. Where are you at on your journey in all of this and what ultimately caused you to fall in love with everything again and get to work?
Skyper:
I tried to retire from the IT security industry. At some point in my life, maybe around 2015, everything got a bit boring. Everything was just the same old thing again. And I tried it for two years and it was terrible. It was just absolutely brain numbing. And I was so bored and my brain was so dead, I just missed the creativity of it. I missed researching and finding things out. So I started getting back into IT security, starting to research again, writing software. Now again, I get up at 4:00 AM in the morning before the kids wake up and I have my two hours on the computer just to research things.
Nathan Sportsman:
I’m the same way. I’m like a shark, I got to keep moving or I’m going to die.
Skyper:
Yeah.
Nathan Sportsman:
And so on the Warlocks, I go through episodes. And folks I work with, some folks get what I’m doing, and then some folks don’t understand what I’m doing with this. But for me, what I can tell you is I’ve gone through those episodes of adulation and love for what I’m doing to just complete burnout and I don’t want to touch another computer. This show has caused me to fall in love with our industry all over again. It reminded me why I got into this in the beginning, and I have just this level of excitement and energy again that I haven’t felt in years up until we started this. Why are you doing it? What are you hoping to get out of it or to the community or what’s your reasoning for spending a few hours and sharing your story?
Skyper:
I think it’s important to put the beginning of the IT security industry in around ’97, 2000 just to show people that we were not criminals. We were just kids. We were just interested in research and figuring things out. We had no criminal intent. Things have changed, but yet there are still people out there who love doing research, who have not found a company or a home or a medium to share this research. I would like to just tell these guys that they’re not alone. There are many people like them who get up at 4:00 AM in the morning, who can’t sleep because they love thinking about these problems, how to crack them, how to solve them, and being obsessed about problems. And get this community together and share research and make things better.
Nathan Sportsman:
Yeah, no, not criminals. You guys are trailblazers. You guys are pioneers. You guys are titans.
Skyper:
That’s the idea. Yeah.
Nathan Sportsman:
I really appreciate you doing this.
Skyper:
Yeah.
Nathan Sportsman:
Thank you, Skyper.
Skyper:
Yeah, thank you.
MUSIC:
I see you.
I see you.
I see you.
PART 4 OF 4 ENDS [01:32:48]