Episode 8: Mohammed Bagha aka “MB”

Mohammed Bagha:
When you’re 15 years old in the 1990s and you want to learn about cool systems, you’re going to have to break into systems.

Michael Schiffman:
Lloyd Blankenship’s, the mentors manifesto. My crime is one of curiosity, right?

Voice Over:
Mohamed Bagga, who keeps his hacker handles anonymous and goes simply by MB was one of the most feared hackers of the 1990s with a larger than life online persona and the skills to back it up. He infiltrated corporate systems, telecom networks, and even the machines of other well-known hackers. He exposed their flaws, mock their code, and dropped their secrets and public forums. But narrow misses with the law soon changed his path and like many from that era, he turned his talents to defense, helping global companies strengthen their security and build lasting strategies.

Mohammed Bagha:
I knew the raid was coming. I put everything I had onto three floppy discs. I rolled them up in a hockey jersey two days later. Sure enough, get rid. It’s US Treasury and FBI. They took all the drawers out of the dressers, they took the mattresses off the bags, they threw everything everywhere and they never touched that hockey. So at this point, we basically had control over the entire country’s telephone system. Almost, I would say probably about 65 to 70%

Michael Schiffman:
Rochelle.com.

Mohammed Bagha:
Yeah. So I had never actually publicly admitted to this, but that was me. Hacking is not a science, it’s an art. The fascination that I had with hacking, it was almost sacred for me. The subculture will never exist again. It’s gone. Nothing like it can ever happen again.

Michael Schiffman:
Welcome to Warlocks. We’re going to not mention your handle from back in the day.

Mohammed Bagha:
We can just have me go by mb

Michael Schiffman:
MB will be what you’ll go by. So to sort of frame this contextually, you and I have known each other for over 20 years, closer to 30 probably through the scene and whatnot. I think we first met in person, probably, I want to say a party at my house, but we had known each other online via IRC before that. And frankly, to frame this, you were and are regarded as one of the most respected, most skilled, and frankly of our era, one of the most feared hackers of that era. And there’s a lot of good stories to get into. So let’s kind of start in the beginning and work our way through it. So where’d you grow

Mohammed Bagha:
Up? I grew up in Minneapolis. I was born in Minneapolis, grew up in a suburb of Minneapolis, raised there.

Michael Schiffman:
You speak a lot. How many languages do you speak?

Mohammed Bagha:
I mean, aside from English, I used to be fluent in Spanish, but most of the North Indian dialects I can get BA in Gu, Punjabi Ka. My parents are from East Africa, so I can speak a little bit of Swahili as well. Not fluently like they can, but I can get BA and nobody can talk to me about my talk about me to my face in Arabic. I spent six years in Saudi.

Michael Schiffman:
So what was early life like for you?

Mohammed Bagha:
I grew up in an interesting sort of environment, right? Minnesota in the 1980s. It was very, what I would call very white bread.

Michael Schiffman:
You described it as a sea of whiteness. You were in a sea of

Mohammed Bagha:
Whiteness. Sea of whiteness. Whereas at home, like my grandmother, we lived with my grandparents, my parents and my dad’s brothers and some of my aunts. So at home we weren’t allowed to speak English at home. It was extreme one culture and then outside it was the opposite. So I grew up with a perspective of both cultures and it was a unique experience in some ways good, in some ways bad. But I feel like I was able to kind of draw perspectives from both cultures and take the good and leave the bad from each.

Michael Schiffman:
Interesting. You mentioned also that your cultural upbringing offer you different perspective perhaps in some of our contemporaries of that era.

Mohammed Bagha:
Yeah, so what you will notice is that a lot of the guys who were black hat hackers, they had a lot of them didn’t have good outcomes. You had people go to jail, wind up homeless, drug addiction about Jonathan Stewart Js, good friend of mine, kind of my protege died of a heroin overdose

Michael Schiffman:
Not that long ago.

Mohammed Bagha:
Yeah, 2018. So there was a lot of that, and I think part of it was leaving this fascination that you have this thing that just consumes your entire life and then now you’re no longer part of that. It’s no longer part of you and you’re seeking to fill that void and you just become directionless. And in a way it’s almost like PTSD, right? Not to trivialize actual PTSD. I noticed that for a lot of the very serious hackers that maintain stability and we’re still grounded and didn’t go off the rails completely, a lot of them came from that similar immigrant background. Either one or both parents was an immigrant and the values that they grew up with. For me, the cultural and religious values that were instilled in me, even though I was kind of wild in my late teens, early twenties, it kind of kept me grounded. And as I matured into adulthood was the stabilizing force in my

Speaker 4:
Life.

Mohammed Bagha:
And my grandmother, she was somebody, she was always was very into social life. She was very into socializing and community and keeping community together. And when I say community, what I mean is the Indian diaspora from East Africa. And that didn’t just include my ethnic community, but it also included Gura, Gujaratis, Punjabis, Shiia, Sunni Hindus. Everybody was kind of part of that group. And everybody knew my grandmother and she was like a matriarch of the community. And so she was always cooking. I remember that she was always making traditional Indian sweets, jalebi, bfi, gulab jam and these types of things. So part of it was any east to Africa, they were already diaspora. Nobody really looked like them there either. And they were all kind of together. And in that time the political polarization and the ethnic and religious polarization that you now see in India and Pakistan, it did not exist

Speaker 4:
In

Mohammed Bagha:
East Africa. And they brought that with them to the us. So it was like I said, one big community, people of different religious backgrounds to the average white person. Ethnically we might seem the same, but to us we knew the differences of course, but it didn’t matter. Now it is kind of sad to see in the modern era, those differences are so magnified and they tend to create separation, whereas when I was a kid, we would go to the Shia events and Sunni, so they would come to RS two. I don’t think you would see that anymore.

Michael Schiffman:
Yeah. So one thing I’m kind of related to this curious about is again, in this sort of very polarized Midwestern upbringing that you had, what was that like for you in terms of growing up as you described yourself, one of the only brown kids there, and not just the kids, but some of the teachers.

Mohammed Bagha:
So I’ll tell you something. Growing up I thought sofa and soda were words from my dialect because I never heard a white person say sofa. So it was always papa couch. The only people who said sofa soda were my family. But as far as growing up there, yeah, there was a lot of racism. Kids are going to pick on anybody who’s different, even if it’s not like a malice, a forethought, it’s just you’re different. I’m going to pick on you for that reason. Even if they really have nothing against you just for being brown or looking different or believing different things.

Michael Schiffman:
But the teachers know better

Mohammed Bagha:
And the teachers knew better, but I got in a lot of fights growing up, it was just a consequence of being different. And a lot of times the teachers would blame me even if I was just defending myself and I didn’t realize it at the time, but looking back in retrospect, there were definitely racist teachers that I had to deal with. I remember one gym teacher, I remember this so clearly, there were two kids picking on me and I was in first grade, so I was about six years old and this one kid, he tried to shove me and I kind of pushed punched him. I was like six. I was like, I’m not throwing a right cross. You’re

Michael Schiffman:
Not a UFC fighter yet.

Mohammed Bagha:
So he falls on the ground and he starts crying and the teacher gym teacher comes over and he grabs my ear and he twisting, he’s like, you’re going into whatever it was, detention or timeout or whatever. And I got in trouble that day and my parents didn’t know any different. So if I got in trouble at school, I got in trouble at school. It was my fault.

Michael Schiffman:
And you got in trouble at home because of that.

Mohammed Bagha:
Yep.

Michael Schiffman:
Do you think that any of this sort of toughened you up for what would become later some adversarial relationships that you would cultivate perhaps through the course of you being in the scene and the persona that you would adopt and all of that?

Mohammed Bagha:
Perhaps in general, you grew up the same era, eighties, nineties, it was a different world. There was no such concept of toxic masculinity. There was just masculine or you’re not the

Michael Schiffman:
Misogyny. It

Mohammed Bagha:
Was horrible.

Michael Schiffman:
All of it was mostly, I think it was made worse by the fact that we could type through a computer and there was almost, in almost every circumstance, there was never any consequence of this behavior. So people said whatever they wanted no matter how offensive. And

Mohammed Bagha:
We were all anonymous too.

Michael Schiffman:
Yeah, pseudo anonymous. Yeah, I would agree with that. And in order to survive, you had to thicken your skin or you just wouldn’t last in this social community that we had built.

Mohammed Bagha:
Yeah, I mean even before the scene I dealt with a lot of that and I’m really grateful that my kids growing up, they don’t have these issues. My sons, my older two boys have never been in a fist fight in their entire lives, which is good. They don’t have these expectations that you got to act like this or you got to act like that or you’re not a man or they don’t have the racism either online or in school. There are a lot of other kids that look like them now, especially where they’re growing up. So I’m grateful for that and I think it did. I think growing up like that did prepare me. I wasn’t shocked by what was going on online and I was fully prepared for it and I was ready to give as good as I got, usually better than

Michael Schiffman:
I can. Indeed you did, and we’ll get to that. You mentioned that you excelled academically until computers and testosterone

Mohammed Bagha:
Intervened. Yes.

Michael Schiffman:
You want to

Mohammed Bagha:
Give

Michael Schiffman:
Some color to that?

Mohammed Bagha:
I was academically, I was very strong as a kid, straight a’s always, 99 percentile, standard testing around the time I was 12, I hate puberty and the testosterone, the rebelliousness 12, 13 and then 14 I discovered computers and that was when it just went completely off the rails and I was like, this is what I want to do now. This is what I’m interested in. Academics took a backseat. Academics really got tossed out the window. We get the backseat and that was what I focused on. There was a point where my parents were so frustrated, we had a very old family computer. It was almost like functioning as a dumb terminal for me.

Michael Schiffman:
3 86 maybe

Mohammed Bagha:
It was a 4 86 SX

Michael Schiffman:
20. Sure, sure, sure. With what? Maybe eight megs a ram,

Mohammed Bagha:
Four megs a ram.

Michael Schiffman:
Four megs a ram. Nice.

Mohammed Bagha:
Yeah, I have an 80 megabyte hard drive.

Michael Schiffman:
Yeah, sure.

Mohammed Bagha:
I couldn’t really do much with it.

Michael Schiffman:
Did you at least have a color monitor?

Mohammed Bagha:
Yes, I had a color monitor, but I wanted to install Linux and I didn’t have a modem. Right. So I saved up when I learned about modems and wanted to get a modem. You

Michael Schiffman:
Went to a flea market?

Mohammed Bagha:
Yes.

Michael Schiffman:
I think you were about 14 or 15 and I’ve always said this, that in our era, in our thing modems were the gateway drug to the hacking scene. Yes. So let’s hear about your journey there.

Mohammed Bagha:
Absolutely. So kid at my school was like, he’s talking about BBSs and I had kind of dabbled in online services because my dad would sometimes bring home free trials. It didn’t really, it was cool, but it wasn’t a big deal. To me it was prodigy and whatever CompuServe at the time. Again, I wasn’t fascinated by it at all, but when I heard about BBSI was like, that’s kind of cool and I really wanted to do it, but I didn’t have a modem or I think the machine had a 2,400 bob modem and you couldn’t call most BBSs with anything less than 9,600 by that time.

Michael Schiffman:
And these are referring to, because folks may not even have any context on what we’re talking about here, this just loosely translates into the speed at which the data could be transferred across the phone lines. Because back then we didn’t have dedicated cable or any kind of dedicated internet connectivity. It was over the public switch telephone network and use a modem to convert the digital signal to the analog

Mohammed Bagha:
Over your copper phone lines.

Michael Schiffman:
Exactly.

Mohammed Bagha:
I saved up for months, random relatives giving me money, shoveled the neighbor’s driveway, whatever. And after a few months I got $50. It took a while, right?

Michael Schiffman:
This is 1995.

Mohammed Bagha:
1994.

Michael Schiffman:
It was 94.

Mohammed Bagha:
Yeah, it was early 1995 by the time I saved up money and then there was this computer flea market thing, this big thing going on at fair and I bugged my dad to take me. It was on a Saturday and we drove out there and I found a modem for 50 bucks.

Michael Schiffman:
Was it used?

Mohammed Bagha:
It wasn’t used.

Michael Schiffman:
Okay.

Mohammed Bagha:
But it was like a cheap generic 14 four modem and I was so excited. I don’t think I even ate that day. I installed it and

Michael Schiffman:
Which to contextualize that back in the day, that’s no small feat to install a peripheral device into a computer of that era. It required a fair amount of, you could open the case, you got to delicately insert this board. We were so, we were conditioned to be so concerned about static electricity back then because of the components, delicate circuitry and whatnot. Anyway, and then you have to install the drivers and get all that so it’s not like it is today.

Mohammed Bagha:
It’s very different. Yeah. There was no plug and play.

Michael Schiffman:
Right.

Mohammed Bagha:
I started calling BBSs and back in that time there was a publication, a free publication, a monthly called Computer User. I don’t know if that was national. Do you remember that?

Michael Schiffman:
I do.

Mohammed Bagha:
So they had them for free at the library
And at the back of computer user there was a list of local BBSs. So I was like, okay, I want more BBSs to call, but for the most part you were dialing into one guy’s computer and then you would post a message and log off and then somebody else would call in, they would respond to your message and the next day you would call in and check. And it sounds so crazy. I’m thinking about it from my kid’s perspective, how that seems now, but it was the coolest thing back then. And I found A BBS, I looked for what sounds like an interesting name and I found A BBS called the Forbidden City. 6 1 2 2 3 2 11 81.

Michael Schiffman:
Do you remember number? I

Mohammed Bagha:
Remember that. I wasn’t thinking about that. It just came to me right now. Sure. They had a section called H-P-A-V-C,

Michael Schiffman:
Hacking Freaking Anarchy Virus and Carding. I think that’s it. Right? And it’s basically the equivalent of four chan today or some sort of subculture of where the less the antisocial type online behaviors could be discussed. At the time,

Mohammed Bagha:
I didn’t know what that was. Right. I was reading downloading Commander Keen or whatever,

Michael Schiffman:
Commander Keen, I remember this. What was that? I have a vague memory of this.

Mohammed Bagha:
It was in software, one of their first games. It was a side scroller. Okay. That’s right. Shareware. I’m referencing it somewhat tongue in cheek because in the bio magazines in the zines, commander Keen was referenced sarcastically a lot. But I actually was,

Michael Schiffman:
I remember playing food, some food fighting game where you could, as you said, this notion of effectively having one move per day, being able to play this game where you get to, I have some vague memory of throwing a piece of fruit at somebody, getting some points and then having to log in the next day to be able to do it again. There was no sense of immediacy. I remember that in today’s world, this is unfathomable.

Mohammed Bagha:
I remember the food fight game. I remember trade wars, Baren realms, usurper Lord was Legend of the Red Dragon or something like

Speaker 4:
That.

Mohammed Bagha:
But I’m looking, I thought it maybe had something to do with air conditioning or something. HP, hvac. Hvac. And one day the cis up the system operator broke into chat with me and his name was Vega. And I asked him, Hey, what’s this HP VAC stuff, this section you have? And he was like, dude, you don’t know about this stuff. I was like, no. He said, it’s really cool. It’s hacking and freaking and hacking is breaking into computers and freaking is breaking into the phone system. And I was like, that sounds pretty interesting. He’s like, download the latest frac, it’s in that section and read it. And I downloaded it. It was FRAC 46 I think it was.

Michael Schiffman:
There was one issue before, I think I took one or two issues before I took over editorial ship of FRAC Magazine.

Mohammed Bagha:
You took over at 48? I think

Michael Schiffman:
It was 48. Yeah.

Mohammed Bagha:
So I downloaded, I read it and I was so fascinated by it.

Michael Schiffman:
Prac Magazine being sort of a amalgam of freaking and hacking and a magazine of all of these articles by the hacking scene for the hacking scene kind of thing.

Mohammed Bagha:
It was like the underground zine. Everybody knew frack and it was kind of the gold standard for underground hacker zines. And so after reading it, I was like, I want to read more about this stuff and learn more about this stuff. So I went to the library and I looked for anything hacking related and I stumbled across this book called Masters of Deception, the gang that Ruled Cyberspace. And I read that and I was blown away. I was like, I want to be just like these guys are doing the coolest stuff. And so I started, I downloaded Tone Lo, I started

Michael Schiffman:
Tone Lo is a ward dialer. You want to describe what that is?

Mohammed Bagha:
Ward dialer. Basically what it would do is you would have it scanned for modems, right? Everything was dial up, so you would tell it, okay, scan 6 1 2 8 88 XXXX. Yeah. So what I would do, I would run it at night while everybody was asleep and I wasn’t hacking or by that point I started going to school less and less. So I would run it during the day and then I would sleep while it ran and then my parents would come home and I would pretend like I’d been in school the whole time and it would record whatever as you said, it would record whatever carriers had found and it would create a log of whatever interaction it had with that modem. At some point I found the University of Minnesota’s terminal server and at this point I’d found some cool systems I’d been hacking

Michael Schiffman:
At this point you would consider yourself, you’ve sort of entered the hacking scene.

Mohammed Bagha:
Yeah, I was calling other hacker. I was now starting to break into PBX’s,

Michael Schiffman:
PBXs being sort of private brand change, private phone networks for companies and such,

Mohammed Bagha:
Which gave me the ability to dial long distance and be untraceable and all of that. But sometime in 1995 when I stumbled across the University of Minnesota’s terminal servers, I realized you could see everybody, all the sessions that were active without logging in, you could see, okay, Joe Lan is going to acm, do cs.edu.

Michael Schiffman:
Internet host is what you would learn. This was internet host.

Mohammed Bagha:
Yeah, LAN is an Arabic just for random person like Joe Schmo. And then you could see this other guy is going to some host outside looking at that. You could get an idea of a lot of the hosts that were on the network. And so what I started doing was I would connect to some of these hosts and I would try logging in using default usernames and passwords that I found in text files or that I’d learned about by that point because I was already kind of hacking UTIC systems just wasn’t that great at it. I was limited to what I could find.

Michael Schiffman:
Everybody starts somewhere.

Mohammed Bagha:
So I started breaking into these systems and then I realized that I could go anywhere on the internet and kind of just became my personal computer lab. First the University of Minnesota and then the greater internet.

Michael Schiffman:
This is an important inflection point in your embryonic hacking career is the terminal server. You discovered here was your gateway to the internet and that was how you first discovered and then eventually onboarded yourself to the internet as it were. You were also something that current generations will never know the pain of with the advent of large language models and a GI and all of that great stuff you like so many of that era were self-taught. We had to learn the C programming language through things called books. We had to read source code. You did all of that. You taught yourself C Unix, T-C-P-I-P. Talk a little bit about the challenges of doing that in the mid nineties, what that journey was like for you. Nobody’s going to understand what that pain like back then

Mohammed Bagha:
We didn’t have Google. We didn’t have even books for a 15-year-old. You were limited essentially to what you get at the library. My parents were not buying me at that time, 50 to $70 books. I did manage to get to see programming, grabbing language, the

Michael Schiffman:
K, r,

Mohammed Bagha:
K and R. I still write code like that to this day.

Michael Schiffman:
So if I ever get the chance to, I haven’t written C code in a while, but C was

Mohammed Bagha:
When I do code, I don’t call that often anymore.

Michael Schiffman:
Either C was our big hammer and everything looked like a nail. I wrote, see, as long as I could, even for problems that probably were better solved with other languages.

Mohammed Bagha:
For me that was kind of part of the fascination. You’re figuring stuff out on your own. And to me, that’s what a hacker really is. And Red Dragon, who is one of my oldest friends, you know him

Michael Schiffman:
David Meltzer? Yes.

Mohammed Bagha:
Yeah, I wasn’t going to say his real.

Michael Schiffman:
I think it’s okay. I think it’s well known now.

Mohammed Bagha:
I guess he probably doesn’t care. So David Meltzer, one of my oldest friends, one of the mentors in my career and in life, he wrote small like thing called Are You a

Michael Schiffman:
Hacker? I recently reread that

Mohammed Bagha:
And I made fun of it at the time, right? This is like we’re teasing Dave. But even then I understood that it was so profound because he’s essentially saying that the guys who are running the exploits or asking questions or talking about how elite they are or whatever they’re doing, that’s not hacking. Hacking is figuring out yourself. It is the journey. It’s figuring all of that out yourself. It’s learning on your own. I started teaching my youngest, not my youngest, one of my oldest sons, they’re twins, one of them eunuchs and sea, and he’s taken to it pretty well. He’s interested in it and he’s taken to it pretty well. But sometimes he’s like, dad, how did you figure this stuff out? How did you learn all this stuff? And I’m like, think about this. I didn’t have Google back then. Didn’t have any of this stuff. And he’s just like, wow. But ultimately I think he’ll, however far he chooses to go at that he’s smarter than me. I’ll put it that way.

Michael Schiffman:
Well, the way I’ve tried to describe hacking is exactly as you put it. And I wish that sort of modern media and culture would accept this definition of hacking as finding a clever solution to a problem. And if we just anchored on that, nothing else, I’d be much happier. I mean, if you think of Lloyd Blankenship’s, the mentors, manifesto, hacker manifesto, way back in the day, my crime is one of curiosity, right? To sum it up,

Mohammed Bagha:
I mean I’ve discussed with you some people analogized us to bank robbers and they’re like, oh, would you hire a bank robber to protect your systems? We weren’t bank robber, we weren’t taking anything away from anybody. When you’re 15 years old in the 1990s and you want to learn about cool systems, what option are you really going to have? And I’m not saying that you should do it, but there’s no other way to do it. To learn about these cool enterprise systems and figure them out and learn Unix and C and T-C-P-I-P, you’re going to have to break into systems. And we did.

Michael Schiffman:
I wonder if in some alternate reality where none of that nineties hacking scene existed and none of this happened, how much that would’ve slowed the growth and the pace of technological innovation over from early aughts onward or late nineties onward because of this scene and this culture. There were so many luminaries that came from it that did, that built so many incredible companies and technology.

Mohammed Bagha:
I mean pretty much any major tech company you can think of either was founded by or had people in on the ground floor from that scene and even before the nineties, like Apple, right? Steve Wozniak and Steve Jobs selling blue boxes in their dorms.

Michael Schiffman:
You mentioned at some point around this age, I think it was where you, a seemingly innocuous change of an image on a school computer resulted in a pretty seismic event in your early hacking

Mohammed Bagha:
Career. So sometime in the mid nineties, I had a friend come over and he was interested in computers. He wasn’t a hacker, but he was interested in computers and technology and he knew he was a pretty good friend of mine. So he knew I was getting into this kind of stuff and he said, show me something cool. So I said, okay, we logged into the city’s systems and we kind of bounced around a bit. Then we found the webpage for our school and I said, Hey, check this out. And I changed a picture of one of our teachers to something just goofy and stupid and probably a little bit obscene. It was something like bizarre, like a martian or something like that,

Michael Schiffman:
A relatively harmless spring.

Mohammed Bagha:
It was relatively harmless. I didn’t think it was a big deal. I didn’t intend any malice. I had no enmity with the teacher whatsoever. We just thought it was funny. But it turned out that it actually was a very big deal. I got raided shortly thereafter

Michael Schiffman:
By explain a little more principally what this means.

Mohammed Bagha:
Okay, so the FBI and the police came to my parents’ home. Cars up on the lawn, almost knocked the door down. Thankfully it was six o’clock in the morning. I had just gone to bed now earlier, and they’re begging on the door and my parents wake up, they open the door, they come guns drawn. It was crazy. I’m like a kid. It just seemed very excessive and I remember trying to act very tough and I’m the gangster here inside I was, I was wearing my pads. I was scared, but they’re like, you’re going to jail and cursing at me. And I’m just like, I’m a minor. What are you going to do? And I remember at that time, one of the agents, he took me aside. He, all right, tell me about your unisex operating system. Unisex operating system. I just, that lightened the mood for me a bit. I just couldn’t help it. I started laughing.

Michael Schiffman:
I mean, this is also probably a testimony to how unprepared law enforcement was to deal with stuff like this back in that era, because there’s just no understanding of the technology. Clearly he thought that what he was referring to is eunuch. But even the question of if he had gotten the term right still is almost Is this laughable?

Mohammed Bagha:
It is, yeah. I mean, they couldn’t even do forensics on Windows back then. Forget Linux. So they took me to jail, threw me in a cell, I guess, softened me up. I sat there for a few hours and then they brought me out and into an interrogation room. I hadn’t slept, I hadn’t eaten, and they were just peppering with questions. I was just like, I don’t want to say anything. They’re like, all right, we’re going to take you downtown. You’re going to go to jail for the night. And they’re like threatening me. Are you going to spend the night with Bubba in jail? After hours of this? They asked me, do you know anything about this image that was changed on the school systems? I was like, alright, I’ll get these guys off my back. I started laughing. I was like, okay, this is the least of my sins at this point.
To a teenage kid at that time, that was such a small, insignificant thing. I was like, how much could this possibly matter? And so I was like, yeah, I did that. And they’re like, okay, great. Then they let me go and they kept my computer and everything and I was like, okay, cool. It’s all over. But it turned out that it was actually a pretty big deal and the teacher was really upset by it. As I said, she felt targeted or something. It’s not my intent at all. So Mrs. Tanner, if you’re watching, I’m sorry, but yeah, I was essentially, the principal called me and he was like, I don’t think you should come back. And I essentially was expelled school. You

Michael Schiffman:
Were expelled over this?

Mohammed Bagha:
I was expelled over this.

Michael Schiffman:
Wow.

Mohammed Bagha:
Yeah.

Michael Schiffman:
So you also mentioned that you were more worried about your parents’ reaction to this than perhaps the law enforcement.

Mohammed Bagha:
Yeah, I was. What was

Michael Schiffman:
The fallout there?

Mohammed Bagha:
I mean, grew up in a South Asian family. My parents were very upset. There was a long period where they just did not trust me around a computer, probably rightfully so. I did not stop hacking after you got to understand the level of addiction and the fascination that had for us.

Michael Schiffman:
How about the sense of community that you start building too?

Mohammed Bagha:
So that was a big part of it too. Initially I had kind of avoided the whole social scene. It didn’t interest me. But in that world, especially being in Minnesota 1990s, there were not a lot of people I could relate to in real life. Sometimes it wasn’t cool to be a geek in the eighties and nineties, not like now where everybody calls themselves a geek because they like Spider-Man or whatever. At that time, if you were a geek, you were an outcast or a weirdo. So I kind of played that down a little bit, but I didn’t really have to. I could be myself with people like yourself or Steven Watt and the haggis guys, the MOD guys. These people were intellectually my peers and socially I could interact with them. You

Michael Schiffman:
Can relate to them.

Mohammed Bagha:
I could relate to them.

Michael Schiffman:
Sometime before your first raid, you had broken into a PBX of the office where the investigators had worked and you called one of the investigators at their home almost in a sort of catch me if you can kind of moment.

Mohammed Bagha:
Yeah. I knew that they were trying to get evidence and I figured they probably knew my real name. I had no idea how much they actually really knew about me, which was a lot. But I called his house from and made it appear. I was calling from his office and I told him, I’m sitting in your office right now. And he freaked out naturally and I guess I don’t know if they sent people to the office or what happened after that, but it was one of the things that led to them really wanting to find a reason to raid me and stop me from what I was doing. It wasn’t actually anything I did that resulted in that I had what you could say is like a family friend who started getting interested in this stuff, but he had no real intellectual curiosity. He was interested in fraud, which never appealed to me. Not something I ever wanted any part of. Right. The H and the P appealed to me, like the hacking and the freaking, the anarchy virus carding no interest for me.

Michael Schiffman:
Yeah, you never had any part in that. I remember quite distinctly you were feared and respected for your level of technical skill, but none of that other stuff was with you.

Mohammed Bagha:
It wasn’t me. But this kid was like, he was always telling me, show me how I can get credit card numbers. I want to learn how to hack just so I can get credit card numbers. I’m trying to explain to him that’s not what it’s about. But he didn’t care. And then he got arrested because he was carding stuff to his own house. He was fraudulently ordering stuff to his own home, which inevitably you’re going to get arrested. He and his friends got arrested. He told all his friends about me, I’d never even met them. And they got arrested and according to the guy’s older brother who this guy was like gangster, he was mad at his kid, brother because he snitched on me. As soon as they got arrested, he came to me and he was like, Muhammad man. They were crying like babies and they were like Muhammad’s a mastermind. They were trying to say their own skins

Michael Schiffman:
And this is why this is the basis upon which your first raid

Mohammed Bagha:
Happened. That’s how I got rated. Yeah.

Michael Schiffman:
Okay. Chronologically, the second raid, how long after the first was that?

Mohammed Bagha:
So the second raid was a few months after the first. It was kind of an aftershock raid of sorts. They wanted more information. I was still hacking at that time. I was a little more careful about it, a lot more careful about it actually. But one,

Michael Schiffman:
What does it mean to be more careful?

Mohammed Bagha:
So what it means to be more careful is to cover your tracks, to be stealthy, to be careful how you access systems and to not leave artifacts mind forensic artifacts

Michael Schiffman:
On the computer systems and

Mohammed Bagha:
Stuff. On the computer system. Because of the fact I didn’t really have a computer, the feds and the cops had taken my computer, so I kind of cobbled together from parts that I found from friends and randomly that had been sitting in the basement a 3 86 and I used, it was like a 1200 Bo Hayes mode.

Michael Schiffman:
For context, it’s really hard to put actually to frame this in modern terms, how this is the equivalent of MacGyvering together a computer out of spare parts you find in the garage. And I mean 3 86 CPU even this is still, this is probably 96, maybe ish,

Mohammed Bagha:
96 ish.

Michael Schiffman:
I mean, that’s

Mohammed Bagha:
97 maybe.

Michael Schiffman:
Yeah. You were lucky that you were able to get online at this point.

Mohammed Bagha:
I was lucky to be able to get online, but again, 1200 bought modem is so painfully slow. I don’t even know how to put that into

Michael Schiffman:
The latency from when you type a key to when you actually see that key, the character appear on the screen was probably palpable.

Mohammed Bagha:
It was, yeah. I mean sometimes just to mess with me, my friends, if I was on IRC, they would dump a page of text, would take five minutes to load. I’d be like, guys cut it up. And because of that, I couldn’t really do anything in the same stealthy way that I would’ve liked to. I had to dial up directly to places. My traffic was not necessarily encrypted all the time. And so I knew the raid was coming, right, because while they were monitoring me, I was also monitoring them and I could see some of the communications that were going back and forth with some of the sites that I had compromised, the FBI had contacted them, they were communicating using PGP, but I had bachelor P pg P bin.

Michael Schiffman:
Let’s unpack that a bit. So PGP was, at the time, it was pretty good privacy and this program written by Phil Zimmerman that was cryptography for the masses and you patched it, meaning that you modified the binary.

Mohammed Bagha:
So every time they encrypted something, and I had a lot of other operating system patches that worked in conjunction with that, but every time this guy encrypted something, it would create a hidden copy for me elsewhere so I could see his communications. I knew it was coming. So I think two days before the raid, I got rid of a lot of my stuff and I put everything I had onto three floppy disks. Right.

Michael Schiffman:
We used those back then.

Mohammed Bagha:
Yeah, it was 1.44 meg

Michael Schiffman:
Floppies. Were these three and a half or five and a quarter?

Mohammed Bagha:
No, they were the three and a half.

Michael Schiffman:
Okay.

Mohammed Bagha:
This was in the nineties, right. So three and a half

Michael Schiffman:
Was I guess so yeah.

Mohammed Bagha:
So I took these three floppies and I rolled them up in a hockey jersey. Old hockey. I played hockey when I was a kid, grew up in Minnesota and I stuffed that hockey jersey into my old hockey helmet from when I was a kid. Left it on the shelf in my closet two days later, sure enough, get ready. It’s US Treasury and FBI this time. And they come in and they tore the house apart. It was bad. My mom was so mad. They took all the drawers out of the dressers, they took the mattresses off the beds, they threw everything everywhere and they never touched that hockey outfit. They didn’t really have anything. Whatever monitoring they had was, there was no warrant for it, so it wasn’t admissible per se. I was still a minor and they never got any evidence from the raid. So they took my stuff and they left and that was it. After that was when I became very, very, very careful.

Michael Schiffman:
So I think it was when you were maybe 17 or so, you were working as a security admin for some ISP somewhere and you got a phone call.

Mohammed Bagha:
So I was essentially helping them out in exchange for an account and I got a call from the Secret Service and they said to me, it turned out what had happened was they had called the owner of the ISP and they said to him, we’re looking for this guy. And they used one of the handles that I was using at the time and he said, yeah, okay, what? Call my security admin and talk to him about it. So they called me and the secret service agent calls me asking about, he said, yeah, we’ve heard that there’s or gotten information that there’s this hacker named that handle at the time using this site. Can you tell us anything about that? They were essentially calling me, asking about me. They didn’t know that, of course. But that was a very kind of a jarring experience. And one of the things that I had already been rated, I didn’t want to get rated again. So it was one of the things that scared me straight, so to speak,

Michael Schiffman:
Scared you straight to being more careful

Mohammed Bagha:
At that time, more careful, and then eventually phased out my hacking as I started to become a professional, phased out my quote, black Hat Hacking career,

Michael Schiffman:
While you were still deeply in it, you were part of or adjacent to some of the most notable and notorious and skilled groups of that era. Groups like Haggis, BMOD, can you talk about, let’s start with maybe haggis for example. Let’s start with the genesis of that group, notable members and some of the things that went on,

Mohammed Bagha:
So was, initially it was a fake group and the magazines or the bine, they would have, there were all kinds of fake group shoutouts listed and one of them was Haggis, which was backer named later to Hackers Against Geeks and Snowsuits, which is nonsense, but it was funny.

Michael Schiffman:
So BA came first. BA came first,

Mohammed Bagha:
And Haggis was like

Michael Schiffman:
Being the brotherhood of Wares.

Mohammed Bagha:
Brotherhood of Wares,

Michael Schiffman:
Which I think was a tongue in cheek reference as well.

Mohammed Bagha:
Yes. So I’ll explain a little about Bao. So Brotherhood of Wares was at that time in the early mid nineties, there’s a lot of overlap between the software piracy or wares scenes and the hacking scene. The hackers, as things started to coalesce into their own little silos, the hackers really looked down on the wars kids, right?

Michael Schiffman:
Because

Mohammed Bagha:
It doesn’t take any talent to send files back and forth.

Michael Schiffman:
There was a small, maybe elite group of folks that would be able to actually crack the software.

Mohammed Bagha:
Yes, those people were very different.

Michael Schiffman:
That took skills, but to actually just disseminate and distribute, there was no skill in that,

Mohammed Bagha:
Which was the majority of the war scene.
So there was a scene that came into existence called Brotherhood of Wares, which kind of mocked the whole wares scene. And they used wheres terms and they pretended to be part of the wheres scene. And that’s interestingly, this is actually where the term zero day in the context of exploits and vulnerabilities comes from. Because initially that was a wheres term, right? Zero Day was software that was unreleased and unpublished and somebody had it, they could send it to you. That was Zero Day Wares Bow used that sarcastically. It kind of caught on in the hacker scene because of that usage. And it’s so fascinating and funny to me today I’ll hear marketing people who have never seen a Unix command line in their life refer to zero day exploits. They’re using a term that came from hackers mocking the wearers kids in the 1990s.

Michael Schiffman:
So lemme contextualize this. So were, I remember Bao, I remember Haggis from back in the day. And you were part of both of those

Speaker 4:
Groups?

Michael Schiffman:
Yes. And this, I didn’t know until I read your intake that to contextualize this properly, you guys are credited with popularizing the term zero day in the industry. This is now an accepted term in the computer security industry to refer to vulnerabilities and such or rather exploits of vulnerabilities that are unreleased or not widely known about. And the genesis of that you guys, and that’s a fantastic

Mohammed Bagha:
Story. It’s funny, right?

Michael Schiffman:
Yeah.

Mohammed Bagha:
I mean it happened. That started even before I was in the scene, right? Bow started in 94 ish when I was still saving up for my first modem, 93 or 94. But yeah, though Haggis was two guys, trout and sloppy and they had taken the name from one of the bine and they were using it. And I wound up, it’s a long story. Basically I wound up hacking Trout and I started talking to him and I realized this guy is actually legit and sloppy was like a friend of ours. Sloppy is everybody’s friend. If you got a beef with sloppy, you are the problem. There’s something wrong

Michael Schiffman:
With you. I remember he was the nicest guy.

Mohammed Bagha:
He was the nicest guy. So Trout, he was haga. So I kind of joined up with them. They were kind of the founders of that group. Around the same time I was close to a lot of the MOD guys. So Masters of Deception, the book about them influenced me a great deal. And when I started talking to and meeting these guys, I thought they were the coolest thing ever. I still think they’re pretty cool. MOD was guys like Fiber Optic who probably knew more about the telephone system than anybody alive. Eli or Acid Freak, who was kind of a mentor to me, still to this day in my career and in the scene, Zeke or sn, who also a mentor to me in my career, somebody, they were all about a decade older than me. So when you’re particularly like 16, it’s a big difference. Big

Michael Schiffman:
Difference. Yeah.

Mohammed Bagha:
I looked up to these guys and there were other people associated with MOD, but nobody ever came to me officially and said, wow, you’re an MOD now. Right? It was just kind of understood.

Michael Schiffman:
That’s always been colloquially how I’ve understood it as well. Everybody that you talked to. Yeah, Mohamed was the MOD.

Mohammed Bagha:
Yeah. But because of that, never they were around and they were active during a very specific period and they had shared experiences that I wasn’t a part of. So I didn’t necessarily go around claiming MOD the way I did haggis, which we took that stuff very seriously at the time. Our secret gangs or groups or Oh, I remember were kids.

Michael Schiffman:
I remember I a little bit older than you guys, but I was frankly you and some other folks, maybe some other hackers folks, but you in particular had a very well-deserved reputation of hacking other hackers and very successfully doing so many times over. Specifically. I was somewhat notable in the scene in that era. I ran a number of machines, probably foolishly so that were in it at addressable, and I’m pretty sure that you probably owned them at least once, if not twice.

Mohammed Bagha:
I did twice that I can remember. First was very, very early on when you had FTP info access.com. The second I remember more clearly because I remember talking to you about it and you asked me, and this is another thing I can’t believe I remember, there was a guy you were friends with, I think he was your roommate, his name was Vision.

Michael Schiffman:
Oh yeah, sure.

Mohammed Bagha:
And because I owned Info Nexus, I had his passwords everywhere, and you asked me for one of his passwords, he wanted to mess with them. And I still remember his password was Dollar Sign is no, OBJ Money is No Object. I don’t know if you remember that. I

Michael Schiffman:
Don’t. But that is fantastic. And

Mohammed Bagha:
You thought it was hilarious.

Michael Schiffman:
It really frames him well as I remember him. Wow. And also you were part of a infamous to me incident of when my phones were forwarded.

Mohammed Bagha:
Yeah, so at this point we basically had control over the entire country’s telephone system. I would say probably about 65 to 70% of the country’s telephone system. And we forwarded the airlines to a conference bridge. Initially I was very serious. I wasn’t into all these pranks. Sometimes we would do it, we would forward a pizza places line to a bridge and pick up the phone. Your

Michael Schiffman:
Phone, lemme contextualize this just for to be clear, you did a lot of stuff. But these were effectively pranks. These weren’t, there was no theft. There was no necessarily malicious intent. There was no reputation damaging, not an intent. This was just the equivalent of hazing.

Mohammed Bagha:
And it wasn’t even the main or primary goal. The goal was to learn about the telephone system. But sometimes being 16, 17-year-old kids, we would get up to forwarding a phone line to a bridge and answering it and telling everybody, you died of dysentery or whatever it was,

Michael Schiffman:
Right? At the time, I remember this was very upsetting to me and my girlfriend because I was very much into this scene as we all were and was, I mean, culturally, this was my high school reputation. So I remember being really wrapped around the axle about it at the time. But in hindsight, I think I see it for what it was, and I find it hilarious.

Mohammed Bagha:
It was just, we had no malice toward you either. I’ve always said, all of us looked up to you because you were the little bit older guy. You were physically muscular and ripped, and the ladies always loved you. You had the cool car and all of all this stuff that I’ve told you about. So we kind of looked up to you, but we picked on you just because that was what we did.

Michael Schiffman:
I was a very easy target.

Mohammed Bagha:
You were an easy target. We were very earnest and you were very mature compared to us. And it was a low bar to clear, but you were definitely more of an adult than we were.

Michael Schiffman:
And at some point, you and I started playing the Nitris together, right? Let’s talk about that.

Mohammed Bagha:
That is my favorite Mike Schiffman story. So

Michael Schiffman:
Net is this networked version of Tetris,

Mohammed Bagha:
Right? It’s not even bitmap, it’s like curses based. So

Michael Schiffman:
No graphic, ask characters,

Mohammed Bagha:
Askie characters, blocks dropping, and you would play head to head with somebody on the internet. And you and I play head to head and I consider myself a pretty good Tetris player. There’s not a lot of people I know in real life who can beat me. You smoked me every dang time. I was so frustrated. I was like, how can I beat this guy? And so being a hacker, I went and looked at the source code for mattress. I changed it to give me only lines and blocks, and I recompiled my client and then we played again. And I beat you three times in a row. And I remember you were just like, what is going on? You couldn’t deal with it so frustrated. And then I couldn’t keep it up. I thought you would notice right away, but you’re intensely focused on your own game, which is how it is with Tetris. And so then I just confessed to you after beating you three times.
I did get my revenge later when we played Words with Friends and Boggle, whatever else it was. So for those who don’t know, LOD was a legion of doom. That was in the 1980s. That was the pinnacle of elite. If you were really, really good, you were in the Legion of Doom and they were the best of the best. So the official narrative is that there was a falling out fiber optic who was in the Legion of Doom and the Legion of Doom and Fiber Optic and his friends in New York and Pennsylvania and New Jersey went on to form MOD. Realistically, the reality of what happened is that there was one guy in LOD, Eric Bax who had a beef with fiber optic and who had a beef with some of the other guys that later went on to form MOD. But the majority of the leg of Doom guys were always cool with the MOD guys. These guys talked, they were friends. And so that’s why I always like to say rather than factions, it was tears. And I’m not going to say who was more elite and who was better and whatnot, but you can draw your own conclusions on that. I have no beef with anybody anymore. I have no beef with Eric Blood Acts, the old school LOD guys like Marauder,
Consider him a friend. I haven’t talked to him in a long time, many, many years. But these guys really knew their stuff like Gatsby, Marauder, mark Tabis, absolutely brilliant guys. And they were all still cool with the guys from MOD.

Michael Schiffman:
You also wrote about Scorpion and escape.com. Can you talk about contextualize who Scorpion was and kind of that whole episode?

Mohammed Bagha:
Yeah. So Scorpion was one of the members of MOD, and this was when I had just started to get to know some of them. So I got root on escape.com,

Michael Schiffman:
Root meaning Privileged Access,

Mohammed Bagha:
Privileged access. I hacked escape.com. And I’m looking around, I’m like, I wonder if there’s anything cool in Scorpions directory. And I see an encrypted C program and wondering what’s this? I got to find out what it is. So this was very early on. So the first time I was patching PGP, which as you mentioned is a pretty good privacy program for encrypting software. So I probably didn’t do it as slick as I could have or should have. But I patched his PGP binary, he had his own in his directory. And then I waited for him to decrypt his file. The next day I checked and he had linked my output file to Dev Null, which is the unique equivalent of the nether whatever goes to Dev Null is just gone forever. Gone forever. I was like, how did he find that? So

Michael Schiffman:
In other words, he had some suspicion of what was going on. He knew. Yeah, and this was his

Mohammed Bagha:
Countermeasure. That was his countermeasure so that it didn’t matter. He was using the backdoor PP, but the password would never get recorded. It would just get sent to another. What I did was I took that dev null link and I made a file called Dev Null Space and I relink it to Dev Null Space and he ran it again. And then I happened to talk to him on IRC like a day or two later. And what I had found was that he was using a vulnerable set, UID binary.

Michael Schiffman:
That was what the source code was.

Mohammed Bagha:
No, the set UID binary was somewhere on the file system that he had hidden away and he had the source code for an exploit for it. So that’s a very roundabout and awkward way of getting super user access.

Speaker 4:
You’re

Mohammed Bagha:
Going to put in a vulnerable binary that only you can see, and then you’re going to use exploit for it to get root. And so I asked him, why are you getting root that way? And he was like, how’d you get my password? I linked it to Dev Noll, it’s still linked to Dev Noll. And I said, check again. It’s linked to Dev Noll space. So he found that kind of amusing. He thought that was sneaky and amusing. That was, I think the only time I ever talked to Scorpion. He would come on IRC sometimes it was usually his girlfriend coming on IRC and that’s a whole nother story.

Michael Schiffman:
What about the, let’s talk about Wing and LO d.com and maybe contextualize who Wing was and is. It’s certainly in the context of the nineties hacking scene because he’s a significant figure.

Mohammed Bagha:
So Wing, I won’t use his real name here. I don’t know what he’s comfortable with or what he’s not comfortable with, but Wing was one of the most brilliant Unix hackers,

Michael Schiffman:
Also very feared back in those days.

Mohammed Bagha:
Also very feared back in the day. Wing is somebody, I’ve had a close relationship for a very long time. He’s slept on the floor of my childhood bedroom before. So as I mentioned, the MOD guys were still cool with the LOD guys Wing had an account on lod.com, which was Marauders site for Leg of Doom Communications. And I made myself an account because I hacked lod.com. Marauder knew he didn’t care. He was okay with it.
He was like, just don’t do anything messed up. And I noticed Wing had a file, and this was when I was still, I had just kind of started to get to know him. He had a file in his home directory that was also an encrypted C program. And I don’t know what it was with these MOD guys, but nobody else ever caught PGP backdoors. These were still very early kind of not the slickest or stealthiest, but I backdoored the PGP binary on lod.com for everybody. And everybody was decrypting away. Nobody realized, and I was just waiting for Wing to use the PGP binary to decrypt what it was in his home directory. And I suspect I suspected that it was just a honey pot file just there to draw attention because he had a text file description that made it seem like it was something very cool.

Michael Schiffman:
Something about this is I jump over walls

Mohammed Bagha:
As in this is how I get around firewalls, which you wouldn’t leave that sitting in your home directory on a shared system if it was something like that, right? But one day I checked the log and I see that he’s left a note that says, you’re sloppy. You only catch lemur. Is better luck next time? Or something like that. I was mortified because this was a guy that he was respected and feared and everybody thought he was elite.

Michael Schiffman:
Well, he just kind of proved it right there too.

Mohammed Bagha:
He kind of proved it and I felt really lame. Years later we laughed about it, but at that time I was like, dang, I feel really lame.

Michael Schiffman:
What about the HFG haggis conflict? HFG was that hacking for Garley, something like that, right?

Mohammed Bagha:
Hacking for what

Michael Schiffman:
About the for and was Merck part of this?

Mohammed Bagha:
Merck was part of it

Michael Schiffman:
And contextualize who Merck was.

Mohammed Bagha:
So Merck at that time, he was the most feared hacker around. People were terrified of this guy. He managed to own everything and he was very vengeful and vindictive. If you mess with this guy, he’s coming for you. He’s coming for your neighbors, he’s coming for your family. He’s going to destroy all your systems. He’s going to dump your information everywhere. He’s going to embarrass you. He was like that, and he was very smart. He was very persistent. He was like what I would call a complete hacker. And when I say complete hacker, I mean somebody who can code, who understands telephony to some extent, who can do it all Unix at that time. Vax VMS telephony programming.

Michael Schiffman:
That’s an important point to make that we don’t often talk about is that a lot of people specialize. Most people would specialize in one area. For example, me, I focused on networking and understanding T-C-P-I-P and writing network code. That was my thing. But to your point, Merck was like, he was the full stack hacker, right?

Mohammed Bagha:
Yeah. Maybe not the telephony part, but everything else. He was a real deal.
And he owned a site that trout and sloppy used that was run by a guy from Pittsburgh named Panzer Boy. And Panzer boy set up this site for anonymity and trout and sloppy it to break into. It was kind of like their home base. And so he logged everything they did for months, and then one day he got on IRC and he started pasting logs of them and mocking them, making fun of them about how lame they were and whatever, and how he owned them and how they were nothing. And this and how they represent haggis and haggis is nothing.
So we took this secret group thing very seriously and I mean, they were my friends. They were my good friends. And so I felt like we had to, and the parlance of that era roll up on Merck. And so I did. We broke into everything that Merck had. I monitored everything he did. He and there were a couple of other guys associated with them, disorder, Jericho and Blockbuster, but Merck was like the main guy. They were kind of the sidekicks. I logged everything he did. I logged the other guys too. But it was very interesting because he had close relationships with a lot of people who were running security companies. So at that time, security companies, vulnerability research was one of the primary means of hackers going into this legitimate security industry. And so I got a lot of zero day exploits by hacking Merck because I was able to compromise a few other security companies through that same avenue.
But Merck was ready to kill me. He called. So he called up Sn and he, he emailed him and he sent him an email saying that, who is this guy? And he used a handle of mine and he said that he’s claiming to be doing this and that and whatever people say he’s associated with MOD, he’s claiming that I’m a hacker and I’m not hacking. Merck’s whole thing at that time was he was hiding behind this layer of plausible deniability and he would refuse to ever admit that he was hacking. But I mean, we had him dead to rights. So there’s this kind of back and forth war where they defaced the New York Times website and they called us out and then we would call it. And then after that it was like I dumped all of his stuff on IRC. He was enraged, he was ready to kill me. That was kind of the L-O-D-M-O-D war of the late nineties. I will say that I don’t have beef with anybody anymore. I buried the hatchet with Merck years ago, and I’ll say in spite of the literal war we had, I always respected him for his technical annuities and how seriously he took his craft.

Michael Schiffman:
Wasn’t there something about ut.org related to this?

Mohammed Bagha:
Yes. So that was kind of collateral damage in this whole thing. Merck’s base was upt.org, which was unfamiliar territory, familiar with a p pH. It was run by his very good friend, invalid Media. I think they have since had a falling out my understanding. But they had a standing challenge to hack UPT and it was like, we will give you a thousand dollars if you can hack UPT.

Michael Schiffman:
You didn’t even need to offer Muhammad of late nineties a thousand dollars. If you issue the edict that nobody can hack this site, that’s

Mohammed Bagha:
Enough. Yeah, I didn’t just hack an, I also broke into Invalid Media’s home network, his local area network and got all of Merck’s stuff, all of his files, everything. I think to this day I’ve seen invalid media here or there in a social context. He just refuses to speak. I regret that he kind of became collateral damage in that situation. I messed with his systems quite a bit. I never had the habit or pattern of being destructive, but this was,

Michael Schiffman:
Some people will have trouble getting over it. I guess switching gears a bit, what about the egos story?

Mohammed Bagha:
So this came later, the egos story, my good friend Mr. Madness, he was very passionate about Eggo waffles, and I also love Eggo waffles. My whole life, I’ve loved Eggo waffles. We felt like Kellogg’s was not doing enough marketing for waffles. We felt like in the pantheon of breakfast foods, like frozen processed breakfast foods, Eggos should be higher and Kellogg’s needed to do more to promote Eggos. And we decided that we were going to register eggos.org, which happened to be free. And we registered eggos.org and we set up this gorilla marketing campaign. And of course we were still very, very young. We were still kids and maybe 19 or so. And we set up this site with poems about Eggos and pictures, Ando recipes, which is all just very stupid and sophomoric and kind of tongue in cheek, but also kind of like we really did Eggos. And then one day a lady emailed us asking about a product that was being discontinued called maple waffles, which was, they were waffles, they were injected full of syrup. Yes, maple syrup, some

Michael Schiffman:
Unholy process that they used to inject syrup into the frozen,

Mohammed Bagha:
I dunno who would eat that. I mean I guess we did. But I told her, which this is a lie, I said, we have a whole pallet of maple waffles we can send you, but we need you to star in our film. And I sent her the plot outline and some dialogue and she goes very offended the idea that we had. And she contacted Kellogg’s and Kellogg’s, now they start to take legal action, but they have no idea who we are. So they call up a friend whose name we’d mentioned in one of our screeds, one of the rambling screeds on the site, and they left a voicemail for him. And he calls me and he is like, dude, what’s going on with this? Kellogg’s is calling me and threatening to sue. So we contacted Kellogg’s and they said, you got to take the site down.
And we said, okay, we’ll take the site down. What are you going to do for us? And so they sent us a bunch of these hubris of youth, the hubris of youth. They actually sent us a bunch of free Eggo coupons, I don’t know how many it was. And then they sent an Eggos fleece to me, which I have a picture of myself wearing it. And I loved that fleece. And sadly my wife threw it away. She denies it to this day, but it was right after we got made. I think she just thought, what the heck? It was like a bright golden fuzzy fleece with the red Eggos. That sounds amazing. It was awesome. So that was the egos.org story and after that we took it down and that was the end of it.

Michael Schiffman:
Fantastic. What about the Doctor of Boom story?

Mohammed Bagha:
It’s the Doctor of Boom. This is actually more of, so in that era, as you alluded to, it was very testosterone filled, very toxic, kind of like everybody at each other’s throats, lots of obscenity and misogyny. It was not,

Michael Schiffman:
I would frame it even further to say that if any one of us was confronted with logs from that era of what we said, myself included, would be aghast today. Absolutely. I’ve seen some logs of very not interesting stuff and it’s just cringeworthy. So a hundred percent agree with you there.

Mohammed Bagha:
Yeah, it was not like, I am very happy the world has changed the way it’s changed. But in that time it was like a battle royale constantly. And in this environment comes a guy who in modern parlance would be described as having golden retriever energy, super nice guy, very intelligent, but very earnest, eager, very open and friendly. And so naturally people see it’s like a golden retriever come to a bunch of wolves, they’re just ready to tear this guy’s throat up.

Michael Schiffman:
He’s a very broad attack surface. He provides

Mohammed Bagha:
A very broad attack surface. But I liked him. He was very genuine and he was very smart. And this was Napster, the guy who started Napster. And so we started a hacker group together. He called it the crazy techno dwe switch. In retrospect, it was a little silly, but we had good memories. It was a fun time and nobody was taking it that serious, but he was more focused on programming and learning how to program and stuff like that. So I remember one day he came to me and he was like, I’m working on this music file sharing thing. And me, I was like pure black hat hacker all the time. I was like, what’s Elaine? Why would I care about sharing music? Because he was like, do you want to work on this with me? I should have probably taken up about the offer. Right?

Michael Schiffman:
Hindsight’s 2020, hindsight’s

Mohammed Bagha:
2020. But there was another guy who was part of that dweebs group who he had a habit of latching onto anybody he could. He was not clever or intelligent or he didn’t have any real skills himself. His whole goal from when I first encountered him was to latch onto somebody else’s star that would make him rich. And there were a lot of very intelligent people in this world, and a lot of them did become very wealthy. One of the people he latched onto was our mutual friend Snow Crash. And he started, he tried to start a security company with him and released an advisory. So what we did was the vulnerability that they had, we kind of released it first and then we released, we passed their advisory that they’d written about the zero day vulnerability around everybody and kind of made a big joke out of it, snow crash. And I became friends later. But this other guy, he went by the handle Dobb, doctor of Boom, D zero B, and the second person he latched onto was an Napster, even though he had nothing to do with Napster, whatever commercial success Napster had and the enormous cultural success,
He kind of parlayed that into, I was a founder at Napster and then he was consequentially brought on very early at Facebook do’s name, his real name is Sean Parker. So

Michael Schiffman:
Portrayed by Justin Timberlake in the social network.

Mohammed Bagha:
He managed to get on early at Facebook and after a very short while, I guess Mark Zuckerberg realized this guy does not know anything is not going to be useful to me. And they gave him the boot, but he kept his shares and he’s a billionaire now. So I guess he got his way where he managed to achieve his goal.

Michael Schiffman:
I think you and I were talking about this earlier, there are a lot of people from our era that, as we said, either through their own direct involvement in the hacking scene or being orthogonally right place, right time, were part of very seismic shifts cultural technology and consequently became fabulously wealthy. A lot of folks on the sort of whole rubric of the hacking scene and the culture that you and I were deeply enmeshed in, you wrote that it’s gone now and it’ll never come back again.

Mohammed Bagha:
I mean, the whole paradigm no longer exists and there’s no way for it to exist anymore. I think now for somebody who seeks to follow that same path, it just doesn’t exist right now. You have Google, everything is open source, everything is available. I kind of liken it to how when I was a kid, I loved going to the arcade. You got to play cool games and whatever. You didn’t have that at home. My sons have zero interest in ever going to an arcade because why would they? They’re going to go play. They have all these awesome games and everything at home. They have the powerful systems and every game, they could want zero reason for them to go to an arcade. It’s kind like that. We didn’t have those systems, we didn’t have access to those systems. And in order to get that access, we had to break into ’em. Now, personal systems are so much more, they’re more powerful than enterprise class systems from when we were kids, right? Considerably more so probably our iPhones are more powerful than most enterprise classes systems from that era. It doesn’t exist anymore. And I would say now, if somebody is kind of seeking to follow a similar path into cybersecurity, the way to do it is to learn technology from a foundational standpoint, just like you would’ve had to be successful hacker back in the day.

Michael Schiffman:
The other thing that I would say, I’ve opined the same in the past, that our thing is ephemeral and it’s gone. Now modern day, you have any single question that you have about technology can be answered for you as quick as you can type it.

Mohammed Bagha:
Technology is also much more homogenous now, right? It’s all Linux and Windows. There’s a billion different types of systems back in the day,

Michael Schiffman:
Security, computer security and the hacking scene, all of that has evolved differently as well now too. It’s far more high stakes. There’s nation state threat actors, there are lives on the line. It’s a much different playing field than it was 25, 30 years ago. And back in that era, I remember thinking, I love this culture. I love this pursuit of knowledge. I love what I’m doing here. I had also recently watched the movie Sneakers, which I think came out in like 93, Robert Redford, and they romanticized this idea of breaking into computer systems as a job. And I’m like, that’s what I want to do. And I remember making this cognitive decision in my mind that I was not going to do anything that would put that in jeopardy. So maybe talk from your perspective in that era and also having benefit of hindsight, what were your thoughts around that and how did you make the evolution from black hat scene to professional career?

Mohammed Bagha:
I mean, for me it was a very simple calculus. I was turning 18. I had already been rated, I had gotten a job offer to go work full time, and I was also, the challenge was now it was becoming increasingly, it was diminishing, whereas there were other challenges that still existed. There were still other things that I could learn that didn’t have anything to do with breaking into systems. Having said that, I think having that background and having had those experiences gives you a unique perspective and gives you a unique ability to know how to defend systems. Because we both know penetration testing is not the same thing. Even red teaming is not the same thing. Unless you’ve done it and you’ve had that perspective, you’re not going to be able to defend systems as well as somebody who has, which is not to say that somebody who didn’t come up in the same way or follow that same path can’t be good at what they do. But I’m just saying that there’s kind of unique abilities and perspectives that come with having had those experiences. I’m sure. I think companies are kind of starting to catch on. There is this trend for a long time of a guy who’s in charge of security, look good in his suit and have an MBA and whatever. And a lot of organizations wind up getting old because of that, right?

Michael Schiffman:
People without practical experience that end up in decision making roles,

Mohammed Bagha:
That, and even if you don’t have to be technical, you still got to hire people who are technical.

Michael Schiffman:
So how does your background enable you to make those decisions? You are in a position now where you do have to make those kinds of decisions.

Mohammed Bagha:
Yeah, I mean, I understand things from the way a hacker would look at it. Things have changed, technology has changed conceptually, still primarily the same. And of course, everybody has to keep up to date on shifts and changes in technology as we all do. But also that mentality, that approach of solving problems using technology is enormously helpful. The ability to do it without having your hand held is something that has served me very well throughout my career.

Michael Schiffman:
So you also wrote about some of the mentors you had both sort of in that era in the scene and then that have carried through into your more modern life. You want to talk about some of those

Mohammed Bagha:
Folks. So some of the mentors and influences that I had in the scene, like the MOD guys, primarily Acid freak or Eli Asen, N being one of ’em, red Dragon or Dave Meltzer as we discussed. JSZ. Also somebody who I got to know later, but I had a big impact on my career and still today, talk to him, see him when we’re in the same city. And did I mention Red Dragon? Yeah, red Dragon and a few others in my career who in my life, who had an influence on me on the direction that my life went and my career went

Michael Schiffman:
Outside of work. What are your greatest joy in life nowadays?

Mohammed Bagha:
My kids, same as you, Mike.
My greatest joy in life, I love spending time with my older two boys. They’re twins, as I mentioned, they’re 15 right now. So with them, I do things with them. I’ll watch a movie with them. We went through all the eighties movies and my favorite movies of the past. And recently we watched The Godfather Trilogy, which they loved. That’s great. I feel like they’re finally old enough for that sort of thing, teaching them how to drive now, how to shoot. As I mentioned, teaching one of them Euch and c, I taught them chess. One of them really took to it. The other one is more interested in piano, but I cannot beat my son who’s into chess anymore. I can’t even get close. He crushes me now every time, and I always give them the maxim of Mao Zong, civilized the mind and make Savage the Body. And recently one of ’em was like Mao’s body wasn’t very savage.

Michael Schiffman:
You also mentioned your other two are younger in the bedtimes and everything. And that resonates deeply with me as well, because that’s a hollowed thing that we only get for a temporary amount of time raising our kids. Right?

Mohammed Bagha:
You’re right. My daughter, she’s 12. She is my princess. She’s only got one daughter and my wife complains that I spoil her. We have this whole bedtime routine. We have a secret handshake that we’ve been doing since she was seven. And we do the New York Times crossword mini and the connections and such together at night as part of our bedtime routine. And there’s this whole complex routine that goes into it, but that’s one of my favorite parts of the day. And then with my youngest, he also has kind of his own bedtime routine. He has me read him a book or a chapter of a book. I find an icebreaker, which is sugar free behind his ear. Otherwise my wife wouldn’t allow it behind his ear. And he gets to have that. He puts on my shirt before going to sleep. He likes wearing my shirt. And he is very attached to me. And he’s the reason that during the school year, I don’t really get any sleep because I suffer from insomnia. So I tend to sleep later and wake up later. But during the school year, he’s up at seven. He comes, wakes me up at 7:00 AM and then it’s time to go.

Michael Schiffman:
Yeah, kids are the best man.

Mohammed Bagha:
They really

Michael Schiffman:
Are. That’s the best thing. That could be dad.

Mohammed Bagha:
My youngest still is at the age where he thinks I am the strongest person alive besides Mike Tyson. He hasn’t met you or Steven Walk.

Michael Schiffman:
My son thinks I’m so tall. And why did you agree to do warlocks in the first

Mohammed Bagha:
Place? A few different reasons. Number one, the subculture. And that period of time in my life when I was hacking, it was so important to me. And the friends that I made in this scene and the people that I got to know, some of them are, I count them among my best friends. That the fascination that I had with hacking, it was almost sacred for me. And it’s important to me that it be memorialized. The subculture will never exist again, right? It’s gone. Nothing like it can ever happen again. And I’m happy that somebody is doing this, memorializing it. And then I have other motivations among them being that one of my youngest son’s cousins happened to Google me and they found an article and my older sons have found this as well about me from work from the year 2000 where it calls me reformed hacker using my powers for good.
He went and told my youngest son, Hey, your dad is a famous hacker. And so my youngest thought that this was the coolest thing ever. And he’s like, oh, okay. My dad’s a famous hacker. And then he found out about this interview and we went back and forth for a few months. Initially, I think we started talking about this almost a year ago, and that’s one of the reasons I want to do it as well, because I want this to be something that my older two will understand this now, and I want them to see this and I want them to know about it. It was so important to me that I had them read the MOD book, the Masters of Deception book, and they came back to me, they’re like, dad, this is really boring. I was like, what? He’s like, this guy calls a bulletin board system and this guy is like, it’s about a bunch of guys sitting at computers.

Michael Schiffman:
It’s just not profound for them.

Mohammed Bagha:
It’s not profound for them, which I guess is a little bit of their revenge. I told you we watched movies together. We watched Ferris Bueller’s Day off a couple of years back, and I told them, imagine if it was your guys’ day off, it would be eight hours of somebody sitting in front of us of a screen. And so they’re like, well, this is literally about people sitting in front of a screen and you read a book about it. But yeah, I want them to know about these experiences. They formed. Who I am is a big part of who I am.

Michael Schiffman:
You want to institutionalize this for posterity. Exactly. That is one of my deep motivations as well. So continuing through your Reign of terror, let’s talk about some of the other notable hacks of that era, rochelle.com.

Mohammed Bagha:
Yeah, so I never actually publicly admitted to this, but that was me and I kind of tried to throw people off the scent by,

Michael Schiffman:
But let’s talk about what was root shell.com? Why was this

Mohammed Bagha:
Notable? So root shell.com was a for software exploits and hacking tools and all of that kind of thing. And it was known as the site for that back in the day, back at that time. And everybody used it. If you needed to look at an exploit or you needed to download something, it was there. So I had owned root she.com for some time and wasn’t doing anything with it. So I happened to, I changed the webpage and kind of mocked the site admin. His name was Kit Knox, I dunno him, I assume he’s a good guy, different time, different place. And then just to throw people off the scent, I mocked everybody in the scene. This was a site used by hacker scene people. So I was kind of addressing the entire hacker scene, and I just made fun of everybody and to throw people off the scent, I made fun of MODA bit. I got an earful about that. Some people were very upset that, Hey, why would you dis MOD? But it was funny, there were all kinds of rumors about how I did it, and it was amusing. I remember I called the Legion of Doom, the Legion of Dos and Masters of Deception, the Masters of Drops stat.

Michael Schiffman:
These are references to old technology,

Mohammed Bagha:
To old dos being discovery, drop stat being an exploit. That was at the time, it was leaked to the public in 1994. It was very, very advanced like NextGen, cutting edge. And it was leaked to the public because a guy named MOOCs left it in his home directory on a site that everybody was watching because everybody back in that time had this perception that MOOCs was some kind of legendary secret service or NSA agent. And he had all these cool exploits and he could break into anything. Having heard these stories myself, I’m like, okay, I got to see what this is about. This guy is so well known that in early IDS implementations,

Michael Schiffman:
IDS being intrusion detection, intrusion detection, that were looking for patterns of attack to try and detect malicious activity on a network

Mohammed Bagha:
Or host.
There were signatures for this attack. And I remember looking at Ron Gulas Dragon, and he had this signature in the file. It was R pc, stat D MOOCs. So everybody knew it came from moogs. And so I wanted to find out what the deal with MOOCs was. So I owned him, and of course all of that stuff was hype. It was just made up. But I enjoyed, he was a very smart guy. He knew Sun, Solaris, MOOCs and JZ are two of the people that I would say, I would comfortably say no son Soliris better than I do.

Speaker 4:
That’s

Mohammed Bagha:
A very high bar for me. That was my specialty. So it was fun playing the cat and mouse game with MOOCs. He would try to find what I was doing. He knew that I was hacking him, and he would get annoyed sometimes. And we were friends on social media until recently. And then he realized who exactly I was, and he removed that connection. So I don’t know if he still has a beef or not, but I know him and JSC are still close. So I hear about him on occasion.

Michael Schiffman:
What about netsy.com?

Mohammed Bagha:
So netsy.com was a site run by Len Rose, Terminus from the Legion of Doom,
And a lot of hackers used it. It was popular with the old, I happened to own Netsy, and I was at this time about 17, and I wanted to start working professionally. And I was on the phone with another hacker who knew Len, and he called Len up and I was on three-way muted. And he said, Hey, Len, I know this really sharp kid who’s looking for a job. Can you help him out? And he said, yeah, how good is he? Really? Everybody says they’re sharp. Is he really good? Can you really break into stuff? And my friend tells him, well, he owns Netsy. And Len says, yeah, he owns Netsy. Big deal. Everybody has an account on Netsy. Let’s see him break into, and then he starts naming these systems. And then I’m still on mute, right? But I am messaging my friend, his root passwords for the systems that Len is talking about. And so my friend reads aloud the root passwords, and Len flips out. And so my friend sends him my resume and he emails me back and he says, I’ll take a look at your resume. I didn’t appreciate the unauthorized access. And I was like, well, you are kind of challenging me there. So I mean, can’t really complain. But he never held it against me. He never hired me for anything either. But

Michael Schiffman:
Speaking of, we spoke earlier, FRAC Magazine. What about Night Lightning,

Mohammed Bagha:
Which was

Michael Schiffman:
One of the early frac editors?

Mohammed Bagha:
Yeah. So Night Lightning, one of the first editors, the first editor of FRAC with Taryn King, he worked at, we’ll just say a very famous and well-known internet background provider and had to own, if you wanted to own the internet, this was a good place to start. So of course, I had access to this provider, outed inside and out, and I had access to his workstation, which was a sun system. And on his son system, in his home directory, he had a file called KL Info List Night Lightning’s Info List. This was a database of literally everybody in the hacker scene, email addresses, real names, phone numbers, random information. If they ran a BBS, it was extremely detailed.

Michael Schiffman:
That’s a treasure trove for a young Mohammed.

Mohammed Bagha:
It was like a cool souvenir.
And I know when it got out, some people were very upset that he was keeping this database, but what had happened was I took this file and I’m like, okay, I gave it to two people. One was SN and one was sloppy. I know how it got out. I’m not going to name names. I told them, please keep this strictly confidential. It got out almost immediately. It was everywhere. So this backbone provider realized that they were owned and they started trying. I still had access, but I didn’t go on his workstation again, and I certainly didn’t disseminate any files from his workstation. Again,

Michael Schiffman:
Not to excuse unauthorized access because sure, that’s probably not a very social thing to do, but of that era, if you are involved in security or the hacking scene and to keep a file unencrypted, I mean, you’ve proven that that’s not necessarily a challenge for you. But nevertheless, to keep a file like that, that’s so valuable with a lot of that kind of information, maybe you should have thought about how you should be custodial that information in the first place

Mohammed Bagha:
Or just not keep it to begin with.

Michael Schiffman:
Sure. So again, talking about frack editors, you had some interactions with Eric B Eric Bullock.

Mohammed Bagha:
Yeah. So MOD obviously had beef with Eric B going back before when I was still little kid. And then I kind of inherited that, and I messed with him here and there. And the most notable incident for me is he used to come on IC from a host called Free Side FC Net. And you remember that? I remember that. So one day I was bored and I owned everything about Eric B. For a long time. I was bored. I was sitting there. This is kind of by the way, when the transition came to do I really need to be doing this anymore when it ceases to be about the technology and the challenge and became less and less challenging, and then I realized are other challenges to be had elsewhere. And the Somo pranks no longer were so interesting or fun. So I got on IRC as Eric B from free side ffc.net. People are messaging me. He was a very well-known figure in the scene, and

Michael Schiffman:
You were impersonating him from the chat

Mohammed Bagha:
Network. And I was making it very obvious that it was not actually Eric B by the way. I was acting very ridiculous and very silly and whatever. And somebody called him and I’m watching the system and he logs in and he’s trying to figure out what happened. And I’m watching him and logging everything that he’s doing, and he’s like, I’m watching him hunt around trying to figure out who’s on the system. And then eventually he logs off. So what I did is I took that log and I commented all of his actions, and then I distributed that throughout IRC. It was kind of a jerkish thing to do. Again, in the present day, Eric b and I probably, it’s been over 20 years since I talked to him in a friendly way. And we were fine. In fact, we didn’t work directly together, but for the same company for a period about 15 years back, he was consulting for them. I was a full-time employee. So

Michael Schiffman:
What about some source code distribution modification?

Mohammed Bagha:
So this became a much bigger thing later on with operating systems and backdooring. But initially, the way it started off was very early on in my hacking career, there was a popular IRC bot called Egg Drop,

Speaker 4:
Which

Mohammed Bagha:
You probably remember. And this was one of the very first source code distro that I backdoored backdoor meaning. So I patched it so that if an egg drop bot received a specific command, it would then launch, it would listen on port 5, 2, 4, 7 7 and wait for commands.

Michael Schiffman:
So basically open up a way for you to connect to it on the network in a place that you know where to look for it and execute privileged commands on that machine.

Mohammed Bagha:
Exactly. Yeah. Not really privileged because it ran in the context of the egg drop

Michael Schiffman:
Bot,

Mohammed Bagha:
But that was very trivial from there, right?

Michael Schiffman:
Yeah. You could see a toehold and from there you can

Mohammed Bagha:
Move later from there. Super user access was inevitable. And really it was more just about the fun of it. So every channel on IRC had an egg drop bot in it at that time. Pretty much every channel.

Michael Schiffman:
I think a modern example of this is we can look at some of the supply chain attacks have happened in recent memory, like the XE U utils of 2024, where, I mean, that’s obviously on a much, much larger scale and far more sophisticated, but what you just described can be thought of as a precursor to

Mohammed Bagha:
That. Yeah, I mean, it was even a precursor to my own later on, and I’ll keep that at a high level, but I did compromise pretty much every major operating system distribution site and source code repository from cvs@openbsd.org, red Hat free bsd.org was the most interesting one because prior to me owning free bsd.org, they had gotten hacked by a very sophisticated, the tool set that was used was very sophisticated, but the hacker themselves was not. It was a very amateurish hacker with a very, very sophisticated set of tools, which to me, when I look back on it, that’s exactly how nation state hackers work now. And I suspect that was a very early nation state, a PT, so to speak, advanced persistent threat. And I still have the binaries because they saved the binaries. I still have the logs and the emails talking about everything. These guys were really smart. So they were able to take apart heavily obfuscated and encrypted binaries that the attackers had put on the system, and that was one of the more interesting ones.

Michael Schiffman:
What about phone losers?

Mohammed Bagha:
So Phone Losers of America, phone Losers of America was a group, it was not a hacker group, but it was like when I was still even learning very basic stuff about hacking. This is a group that I encountered in, there was a guy named Al Hafe and a guy named dha, Dr. Haight, and they were the phone losers of America. They had a zine that was very popular. They would make prank phone calls, and kind of the self-proclaimed leader of this group was a guy named Red Box Chili Pepper,
RBCP, kind of a play on where it’s red hot chili pepper and red box, meaning like a device that you could use at a payphone to get free phone calls because it would imitate the tone of a quarter being dropped. So RBCP, for whatever reason, he didn’t like me at all. He thought that I was too into hacking, and he didn’t like that. For whatever reason, that was the direction I was going. And this was around 1995. And so I was pranking people with Al Hefe and d dha. It was kind of like a jerky boys type thing.
And I didn’t stay interested in, I was more focused on hacking. But what really upset me was that later on Red Box Chili Pepper released the last issue of the phone, losers of America zine, and he had the membership listed and he left me out on purpose. Al Hefe, who used to call Zach, he actually, he transitioned actually, he calls himself or she calls herself, sorry, she calls herself Carrie now, dha, Jeremy, I talked to him recently, actually, I guess it’s been a few years, but he’s doing, he seems to be doing well in life, but they were both upset on my behalf. That was not a cool thing that he did. That was something, it was really the first group that I was involved in, even though it wasn’t a hacker group, so to speak.

Michael Schiffman:
How would you characterize the skills required to be successful at hacking?

Mohammed Bagha:
I would say hacking is not a science. It’s an art. There’s this stereotype that exists of hackers being either very nerdy, geeky, antisocial types or conforming to this cliched, punk, skater, whatever, kid stereotype on skate, but

Michael Schiffman:
Wearing the hoodie.

Mohammed Bagha:
Yeah, wearing the black hoodie.
And that does exist. There is that to some extent, but for the most part, most hackers that I know, they are analytical. They are both left and right, but they’re also, they’re creative. They love the party, they love the arts just as much as they love the sciences. And I think you really need both of these, right? If you’re solving problems creatively and you’re coming up with things that nobody else can see, you need to have that creative aspect, the right brain or left brain. I always screw them up, whichever one is which. But that’s what you really need to be a successful hacker along with strong intellectual curiosity and maybe a little bit of disregard for or rebelliousness or disregard for authority.

Michael Schiffman:
Couldn’t agree more. Creativity is so important. So if you had to look back on your long career as both a professional computer security practitioner, and in your younger days in the hacking scene, is there one bit of advice you would give yourself, having the benefit of hindsight and the wisdom that you’ve accrued over the years?

Mohammed Bagha:
I would say be more mindful and more kind earlier in life. That’s something that I kind of progressed towards in my twenties, but if I look back the person I was when I was a teenage, I was a kid, but I’m not particularly proud of how I was even into my twenties. And again, I think that that upbringing that I had kind of grounded me and helped me be more down to earth and see things as I should later on in life as I reached my twenties, which sounds weird to say. That’s later on in life being 45 now.

Michael Schiffman:
So you mind if I just ask a rapid fire a bunch of different questions to throw some topics at you?

Mohammed Bagha:
Yeah.

Michael Schiffman:
Okay. So let’s start with Scott Yek.

Mohammed Bagha:
Scott Yek. So Scott Yek was a self-proclaimed security expert, still is to this day, as far as I know, who we would kind of pick on him and say, yeah, you don’t really know what you’re doing. He would tell us that we were crackers, that’s the term he used, and that we were not real security people. We didn’t know anything about actual security. And we were on IRC one day and I was talking to him with a couple of friends and he was like, yeah, you can own lame stuff. You can deface webpages, whatever. And keep in mind, defacing webpages was like 0.001% of what we did. It wasn’t something that was interesting or challenging.

Speaker 4:
It

Mohammed Bagha:
Was just like a side prank thing

Speaker 4:
That

Mohammed Bagha:
Didn’t really mean anything. And he said, let’s see. You break into the system that I am on IRC from right now and the wrong thing to say to a 17-year-old me, right? For sure. So I pasted IRCA listing of his home directory and what he was doing and logged in less than a minute after he said that, and he freaked out. The funny thing was he had a file in his home directory called Haggis, but he pulled the cable before I could see what it was,

Michael Schiffman:
Pulled the cable, meaning he freaked out and did the only thing that he knew to do at that point, which was

Mohammed Bagha:
Unplug it from the internet, take out the ethernet cable, and there was no wifi back then. I still have a log of that because I don’t know if you remember Zox.

Michael Schiffman:
I do.

Mohammed Bagha:
He was present and he thought it was the coolest thing ever. Zox was a character. He was not a hacker, but he was just a character for that era. He was exceptionally obscene and crazy, and that was a high bar. He was definitely an interesting cat.

Michael Schiffman:
I remember him. Muhammad, you’ve had an amazing career in the hacking scene, a fantastic life afterwards. You’ve had some amazing stories from the source code modification to the trolling investigators, multiple raids. You’ve had just such an amazing set of experiences. Thanks again, man, for doing this. Yeah, it was an honor.