Kingpin, aka Joe Grand, was the youngest member of the world’s most well-known benevolent hacker group (L0pht Heavy Industries) who testified before the United States Congress, changed the hardware hacking landscape, brought electronics to #badgelife, and achieved mainstream popularity on national television.
Nathan Sportsman:
Joe Grand, Kingpin.
Joe Grand:
Hi.
Nathan Sportsman:
I appreciate you being here.
Joe Grand:
Thanks for having me.
Nathan Sportsman:
So your story is very dense. There’s a lot of stuff that you’ve done, so we’re going to just sort of start from the beginning with your origin story, and then we’re just going to pull through today.
Joe Grand:
Okay. All right.
Nathan Sportsman:
So, let’s start from the beginning. Where are you from?
Joe Grand:
So, I am from Boston, Massachusetts, and got involved in hacking very early, when I was seven years old, and I used to say the date, so 1982. And that used to be like, “Wow, you got involved in computers so early,” but now it basically is like, “Oh, you’re just old. But yeah, I got involved in computers very early, fell in love with it, and that just sort of set my path from there.
Nathan Sportsman:
And brothers, sisters?
Joe Grand:
Yep. So, I have an older brother, and older sister. My older brother is six years older than me, and he’s the one who actually got the computer. So, the Atari 400 was our first computer, and I’m not exactly sure why he got it, but he was involved in computers, and he was connecting to bulletin board systems, and trading games with people, and he was 13, 14 years old, and then decided, “I’m bored with technology, I want to become a musician.” So he focused all his time on music, and I just inherited that computer setup, and for me, it was like this door opening to a world… I didn’t know what I was looking for, but I found it.
Nathan Sportsman:
And that Atari, I read in one of your presentations about yourself, it came with an 830 acoustic coupler modem.
Joe Grand:
Yeah. Yes. The best.
Nathan Sportsman:
Was that out of the gates, where you were immediately connected when you-
Joe Grand:
Yeah, so it was Atari… Yeah. The Atari 830, the acoustic coupler modem, I actually have one mounted on my wall now. It’s just a reminder of the beginnings. It was just such a special time, because really, home computing was just becoming something of a term. Computers before that were… People just didn’t have them in their homes. So, with the Atari computer, and Commodore, and other computers in other parts of the world, people were just starting to connect to computer systems, and BBSs.
And that modem, yeah, it was like the acoustic coupler. We had our rotary phone. You’d have to manually dial the phone, you’d call the BBS, and it would be busy, and you’d try it again. And I do remember, if my brother or sister were mad, they’d pick up the phone, and screw up my connection, or bang on the desk. So, it was a very analog type of thing. But yeah, I mean you hear these terms of, that was the gateway into the computer, or the networks, and this community of people and it really was a fun way to use the modem, connect to other bulletin board systems. Not really to meet people. My goal when I was younger was to collect video games, and play video games. It just sort of rolled over time, as I got a little older, 12, 13, 14. Okay, video games are fun. I try to amass them from lots of places, and I’ll call bulletin board systems further away, figuring out how to make free phone calls to do that. But then it started being like, “What other information can I trade with people?”
Nathan Sportsman:
One of the things that we’ve heard consistently about the BBSs, and these games, was that was sort of like the gateway drug. People were going to these BBSs to find games, maybe pirate software. Was that kind of the experience that you had as well, and just sort of led to something else?
Joe Grand:
Yeah, for sure. I don’t think any of us… And I know for myself personally, I wasn’t expecting anything else. It started with the games, and then through the elite sections of the bulletin board system, where sometimes a lot of these bulletin board systems would be sort of a general public computer enthusiast bulletin board system for normal people. And then you’d type in a special code and you’d get access to the dark areas. And I remember one was TGIF, that you’d enter at the prompt, and that would bring you into this other area. Then it became not just games, but you’d see people talking about like, “Oh, I have passwords for these things,” or, “Who wants to trade some games for some codes to make long distance phone calls for free?”
And it just started, it was like this sort of information trading, I won’t say marketplace, but it was just like building up this collection. And what I really loved about it is this collection, like I have these books of, I’d hand write all of the different things that I’d discovered through my own war dialing, and exploring, and then things I’d trade with other people. And it wasn’t really to abuse anything. It was just like, “I want to have a password for this, I want to know how to do this.” And it was a little bit, as I got to be in my teenage years, was definitely a little bit of an ego boost, right? Of like, “I have these skills that I can use against people if I want to.”
And what I especially liked in my elementary school years, I was not a popular kid, probably no surprise, given that I liked computers, but this was like something… This world, which I wouldn’t even call the hacker world at that point, just this computer world was something that I had control of, and I was good at it. I didn’t play sports, I didn’t dress cool. I was a skateboarder. Nobody liked skateboarding. I just always gravitated towards sort of the counterculture things. I was involved in punk rock at the same time.
But this computer world, by having access to systems, I knew, it’s like, “All right, I could take over… I could get the credit report of that guy, who’s giving me trouble in school, and I could screw over his parents if I wanted to, and use their credit card.” Just stuff like I knew I could do it, but I didn’t. I didn’t do it at that point against anybody individual, as far as targeting them, but I could have. And that was sort of for me, this power that I really loved.
Nathan Sportsman:
And what about your parents? So your brother is sort of fixated to the computer, he’s calling out on BBSs, eventually he goes to a musician, and then you take over. And so they see you probably up all hours of the night doing this. Was it words of encouragement? Were they just… Didn’t understand why you spent all your time at the computer? How did they respond to how much time you were…
Joe Grand:
So I was the third child, and at the time… And I talked about this with my dad as he got older, he was just starting his career as a physician, and that’s where he was starting to be established. So, he was working a lot. My mom was also working. First she was working in the house, and then she moved out of the house to do work from an office. And I was a latchkey kid, I had a key around my neck, and I would come home from school, I’d let myself in, I’d make food, I’d watch TV, and then I would use the computer.
For me, knowing now that I’m older, looking back on it, like it was a very, for me, a safe space of sort of solitude, but also control, and something that I was just fascinated with. At the time, it was just like I would just go up to the computer room and do things. And my parents knew that I was always on the computer. They knew I was playing games. But just being a parent now, when my kids are on the computer, I know they’re playing games, but I don’t know who they’re talking to, really, and I try to make them aware of dangers of things.
But my parents at that time, in the ’80s, it wasn’t something that parents even knew about, other than like, “Oh, Joey is on the computer.” And once in a while, I do remember they were having a party at the house, and I came downstairs with a printout of George Bush’s credit rating when he was president, and I think it was George… Or maybe… Yeah, I think… I have the printout still, so don’t quote me on it, I have to look at it, but I think it was the first George Bush.
Nathan Sportsman:
You had his credit card?
Joe Grand:
Well, yeah. So I had access to one of the credit bureau systems, actually multiple credit bureau systems, but this one was CBI, and this was one that people would trade passwords for, and you can sometimes brute force them also. But I remember like looking up his credit, printing it out, and bringing it down to this party and saying, “Look, I have George Bush’s credit rating.” Everyone’s like, “Good job.” And just thought it was kind of cool and neat, but it didn’t click that maybe was in a place I shouldn’t be going. So, I was just kind of left to my own devices. I would say that I was sort of a feral child. Not out of control, but just left on my own. And that was with computers, as I got older, also just in day-to-day life, and the hacking world, just sort of… It just is where I fit, and there wasn’t really anywhere else to fit. And at the time, it was still this sort of subculture, where I just felt at home.
Nathan Sportsman:
In that… I had read… We had done a lot of research, and there was something, a story about, I think it was at the age of 10, like 1986 or something like that, that you got hit with a phone bill for calling these BBSs for several hundred dollars. Was that before, or after showing them George Bush’s credit rating? Where like, “Oh, what are you up to, where we’re getting hit with these?”
Joe Grand:
That’s a good question. So when was he president? Was it late ’80s.
Nathan Sportsman:
88 to 92.
Joe Grand:
Yeah. Yeah. So, that would would’ve been 13, 14. So, I would already have been well into that, but I do remember, yeah, I was 10 years old or so, and I was calling a bulletin board system in Rye, New York. So, outside of New York City, outside of… Definitely long distance phone call at the time, when making phone calls cost a lot of money. And I’d heard like this bulletin board system was epic, and I just called it. I didn’t even… I knew it was going to cost money. I didn’t know how much it was going to cost, but I knew they had good stuff, and I had to connect to it.
So I did. And then sure enough, the phone bill came, and it was a lot of money. My parents agreed to split it with me, which is sort of what I do with my kids now, of like, “All right, if you want this, you work for it, we will cover that just to help enable it.” So they were kind of enabling my behavior, just because I think they knew it made me happy, even though they didn’t necessarily know exactly what I was doing.
But that was sort of a wake-up call of like, “All right, I can’t do this all the time.” And that’s when I sort of worked my way into figuring out how to make free phone calls, which was also based on actually my brother. So, he had… I remember seeing on some floppy disk envelopes, like the five and a quarter inch floppy, he had some numbers on there, some six digit codes, and there was an 800 number. And he explained to me how it worked. I don’t even know if he remembers that, but there’s nowhere else I would have learned it from. And once I learned how to make those calls, then it was easier to call bulletin board systems further away. And because it was only a six digit code, super easy to brute force, get new codes, trade those with other people, and then you start building up your kind of kit of things, in your sort of brand of information.
Nathan Sportsman:
And are we talking about like Timenet, like you’re actually calling a local pad, and then from there calling out? Or it’s some other trick that you’re-
Joe Grand:
Yeah, it was not Timenet. I did do stuff with Timenet later on, but this was like an 800 number for like a corporation, almost like calling card.
Nathan Sportsman:
Okay.
Joe Grand:
I don’t exactly remember what the name was, but it was, you enter… Call an 800 number, enter six digit code, enter the number you want, it would just get billed to some corporation. And it never occurred to me that somebody was paying for it. It just didn’t. It just seemed normal. And I mean, I wouldn’t even care anyway. It just was a normal thing to do. Like my goal is to get to these other bulletin board systems. And a lot of times you’d see bulletin board systems on like the crack screens of games. It’s like, “I got to get to that one. I want to be on there too, because that’s a cool one.” But like the law was not a concern, and never was a concern really, until much later.
Nathan Sportsman:
And so, most of the stuff you’re doing, you’re calling out, it sounds like you’re looking for information, and you’re trading information. There was a group, Renegade Legion, is that right?
Joe Grand:
Yeah. Yeah.
Nathan Sportsman:
And then Knights Elite was a BBS. What I had read is this Renegade Legion, you actually all got pretty close. There was either Spring Break, or Christmas break or something like that, but you went to Michigan to hang out with some of these folks, and that’s where a little bit more of the trouble started for you.
Joe Grand:
Yeah, yeah.
Nathan Sportsman:
Can you talk about that a little bit?
Joe Grand:
Sure. So that was sort of the beginning of that first down, kind of this downfall, I guess you would say. So, all of us with Renegade Legion, were talking on a teleconference, and at some point, somebody had the idea of like, “Hey, it’s winter break, we should all get together at Dr. Death’s house in Michigan.” And I think maybe because it was a kind of central location, we all kind of met at Dr. Death’s house, and of course my parents talked to his mom, and made sure it was a legit place, I wasn’t going to disappear. But went there, and we did have a good time. We played games, and hung out.
Nathan Sportsman:
When you say went there, like everyone in your group showed up?
Joe Grand:
Not everybody in Renegade Legion, but yeah, I think it was… It was Dr. Death, Lawbreaker, Livewire, me.
Nathan Sportsman:
Knight?
Joe Grand:
The Knight didn’t go. He was in… He maybe had gotten in trouble by that point, but it was at least four or five of us all flew in, except for the guys that were local in Michigan, and we were planning to just hang out, play games. And then I don’t know exactly how we got the idea of like breaking into the phone system. It seemed like, “Yeah, screw it, let’s go break into the Michigan Bell parking lot, and break into the vans, and steal equipment.” Get all of this sort of unobtainium, like things that we wanted as hackers that we couldn’t get access to.
Nathan Sportsman:
Like a lineman’s headset, or something like that?
Joe Grand:
Yeah, like lineman, handset, any sort of paraphernalia, memorabilia, documentation. Like we really… We had heard stories about Legion of Doom, and Masters of Deception, and a lot of the phone stuff that they were doing, and sort of loved that, and getting access to Cosmos was the… That was like the pinnacle. So, we were just getting equipment, test equipment, other things. We actually… That was the second time we did it, which nobody knows about. So when we got in trouble for breaking into the telephone facility, that was like day three.
Nathan Sportsman:
So you had already gone and come back, and then you were going again?
Joe Grand:
Kind of. So, this is the first time anybody has heard this, and I’m pretty sure it’s okay, right? What is it, 2025? Like no one’s going to come after us. Day one is, we’re like, “Let’s go to the computer store.” And even just getting like a sound card, a sound blaster was really expensive, and we wanted to upgrade our equipment that we had. We went in, we’re like looking at stuff, and then somebody’s like, “We could take a sound blaster card, and put it inside the box of a floppy disk box, so then when we scan to check out, it’s going to ring up as a floppy disk box, for whatever, $10.99, instead of the sound blaster, which is $109.99.” Which we thought was a great idea.
And when the cashier went to scan the box, they’re like, “This is a really heavy floppy disk box.” So, it’s like a really bad teen comedy, or something. So he picks it up, shakes it, he was about to open it, and there was like three of us, we just bolt out the door, and we knew we were going to get caught, so we’re like, “All right.” So that plan didn’t quite work, but it kind of got this adrenaline of like, “What else can we do? Let’s go fuck with the Ma Bell.”
Nathan Sportsman:
And like you said, flying into Michigan, there was no plan to do that.
Joe Grand:
No.
Nathan Sportsman:
Once y’all were there, hanging out playing video games, then it’s the store, and then like, “Hey, why don’t we try this instead?”
Joe Grand:
Yeah, then it’s the store. Yeah, it’s the store, and it’s like, “Okay, well there’s a Michigan Bell facility.” So day two, we planned this heist, and it had snowed, there’s some snow on the ground, and we went to a smaller telephone building with parking lot. That one was… We climbed up a fence, and then slid down this little shed that dropped us into the parking area.
And we had some automatic center punches that we bought at the hardware store, because those are good for breaking glass. Stole from a couple of vans, broke the windows, stole some stuff. We even like, on one of the Michigan Bell buildings was this big plaque, a big Bell plaque, that was like, at that time, if you had something like that as a hacker, your street cred was like through the roof, if you had any Bell related stuff. And I always just had this thought of like, “If I could take that plaque, and then mount it on some cool thing, like a deer on a wall, but now it’s like a Bell symbol.” That was it. I wanted that. So, I had a crowbar, and I pried it off the side of the building, had that with me. So, we got away with actually stealing some stuff from Michigan Bell, but it wasn’t enough. We’re like, “Let’s do it again in the bigger facility.” Day three is when the shit hit the fan.
Nathan Sportsman:
And from what I understand is, day three you actually did get in, did get out, you were hanging out at a park, and a neighbor or something, saw y’all, and thought you were drinking or something like that, and that’s ultimately how the police rolled up.
Joe Grand:
Yes. So it definitely was a bad crime movie. Like I think in my head it was like this slow motion when we went to the hardware store, and came out with the bolt cutters, and the rubber gloves, and all this, like, “We’re going to go to the hardware store and buy all this stuff. No one’s going to suspect a thing.” But it was like we… Yeah, we got in, we got out. But it turns out that a nosy neighbor across the street saw some teenage kids hanging out at the park, and it was 9:00 or 10:00 PM or something. And so, they called the cops thinking that we were just drinking, but a bunch of us had already gotten away. And then… It was…
Nathan Sportsman:
Your lookout, right?
Joe Grand:
Garfield was our lookout, and he was using a scanner radio that I had actually bought with a stolen credit card, and I’d taken the serial number off, and we’d set it to all of the local Michigan police for that area. So, he was going to listen, and then like honk the horn if we hear the cops coming, and if he hears anything on the radio. It turns out that the frequencies that the police were using were not in the database of frequencies that we had, so he didn’t get any sort of call, and the cops just silently rolled up, saw him sitting there, and they’re like, “What are you doing?” And he said, “Oh, I’m just hanging out.” And they’re like, “What’s the scanner radio for?”
And it turns out that if you’re using a scanner radio in the course of committing a crime, that’s actually a crime. So, they knew something was up, they probably wouldn’t have had enough proof if he had just kept his mouth shut. But we didn’t have that backup plan of like, “Deny everything.” So he ended up, yeah, getting arrested, mentioning our names, police call the mom, Dr. Death’s mom, and then we all turned ourselves in the next day.
Nathan Sportsman:
Like mugshots and all?
Joe Grand:
Mugshots and all. I did feel bad. I remember the night before having to turn myself in, I felt bad about it. I didn’t know what was going to come of it. But yeah, we all went in. I was the only one under 18, and what ended up happening is the other guys were charged with many felony counts, breaking and entering, all sorts of other things that they just added on. And they decided… I did have to come back and get arraigned, but they decided to not press charges for me, because I was the only one underage, and it would’ve been a whole different court system, and paperwork.
I think the cops… They had talked to my local police department to make sure I didn’t have some other record or other outstanding things. They talked to my parents, and basically they decided not to, as long as I had better supervision when I got home. Thinking back on it, they had said, the cops had said, “We could have put you in juvie in Detroit.” And that would’ve been a bad scene. I was a chubby computer kid. It would not have ended well. It was just lucky.
I didn’t talk about getting arrested as part of my journey for many, many years, until I met my wife, and she was like, “You should talk about it.” Because I think a lot of the hacker world experienced similar types of things. People were doing stuff, we were pushing things, and yes, some of us maybe doing a little more obvious lawbreaking, but there was a lot of this sort of pushing of what was allowed, and exploration, and that’s an important thing to share, because you can’t get away with stuff like that now.
Like as a teenager, you have CTFs, and more controlled environments to hack on stuff. But if you get arrested for something now as a teenager, it’s going to be much harder to have a career in hacking, in anything, really. So, I’ve started talking about it as it is… I come from a time where that almost was normal, of doing this type of stuff, and it was kind of also a badge of honor, of like, “I got arrested for breaking into Ma Bell.” And I have a snippet of the news article that came out about it, and that was like a proud moment of like, in kind of hacker world, but also like, “Oh, shit, I better wise up.”
Nathan Sportsman:
And to that, wise up, and to the kids that were a little bit older, and that were actually… Would be considered an adult, some of them wound up getting jail time. I think I read one of them committed suicide. And so, seeing all of that, where you did kind of get by on the skin of your teeth.
Joe Grand:
Yeah.
Nathan Sportsman:
But seeing the impact of all of that, that was sort of a…
Joe Grand:
It was. It was definitely an oh shit moment, and a little bit of a wake-up. Like I was getting old enough to start realizing like, “All right, I can’t keep going down this path.” The Knight had been arrested in person, for using a credit card. He was hanging out with another guy, and they were trying to buy music equipment at that same time. Also, the Secret Service was coming down on some of Renegade Legion for the Alliance Teleconference stuff. Lawbreaker, who was one of the guys that came to hang out with us, he was under investigation by the Secret Service. I’m surprised… I don’t know why the rest of us weren’t. Maybe we just weren’t yet.
So a lot was coming down. It was sort of like this culmination. And some of the other guys, I think Dr. Death ended up getting probation, Garfield went to jail, and then Lawbreaker committed suicide, which is sad. And there is a lot of mental health issues in our community, in our world that we’re only just starting to talk about. But, I think if he had had somebody to talk about his struggles with, or even if we were able to get on like one more Alliance Teleconference, right? And if he was like, “Man, I’m feeling really down,” we would have been like, “Don’t do that. That’s dumb.” Whatever. Whatever kids say. Maybe we could have saved that, and saved him.
We all kind of fell out after that. I think one of the stipulations for the older guys, is that they weren’t allowed to socialize with anybody. So, Renegade Legion kind of fell apart. The Knight ended up going into like a bootcamp kind of thing, and came out a much different person, with a much different mindset than coming in, which is his story to tell. And then the other guys just sort of went off and did whatever.
It would be really cool to reconnect and sort of see these pathways, kind of trajectories of things. But yeah, that was definitely an important part. Not the only important part, but an important enough part of like, “I got to wise up a little bit.” But the ironic thing is, I had to pay for my mom to fly out to Michigan with me for court afterwards, and I met one of my closest friends at that point in high school, because I had actually… I had been demoted in class. So, a lot of us have, I’m sure, have had sort of struggles in school, not because of the content, but because of the teachers, where I was in like an honors math class around that same time, and got demoted because I was involved in some troublemaking with the teacher.
Nathan Sportsman:
Demoted, like held back, or moved from honors to [inaudible 00:28:26]?
Joe Grand:
Nah, they just moved me from the honors class, where I actually was doing things to it like a standard math class, which to me was just… It was easy. But I met one of my closest friends there, and when I had to go back to Michigan for court, he’s like, “Why are you going to Michigan in the middle of the school year?” I’m like, “Oh, it’s for business.” Because… And my parents didn’t want me to say that I had gotten arrested, and I was like, “It’s for business.”
And he’s like, “What high school kid goes away for business?” He knew it was something, and I ended up telling him, but it was just a time of like… So anyway, I had to pay for my mom to fly out there. That was kind of my punishment, part of it. How am I going to have money to pay for the flights? Oh, I’ll go steal some computers from the school, and resell those. So, even though I had gotten arrested, now I had to do something else to make money to get out of this hole. So, I can see how the cycle of like a legal system, and crime, and recidivism, and all these things, like it’s almost… You’re almost forced into this situation.
Nathan Sportsman:
You get into a death spiral.
Joe Grand:
It’s a spiral. And luckily I didn’t get caught for stealing the computers, but that’s how we ended up closing out the Michigan problem. But also, one of the other stipulations is that I either had to do a sport, or get a job when I came home, to try to keep me active, and busy, and not on the computer. And I was like, “There’s no way I’m working.” Which was like, I just didn’t want to work.
Nathan Sportsman:
In that year, I think that was ’92, you were 16, you also had a helping hand that year, because that’s the year that L0phts began to form, and that they tried to also help keep you on the straight and narrow.
Joe Grand:
Yes, that’s right. So, I had to do a sport or get a job, and I didn’t want to work. So I ended up joining the track team. Again, I was like a chubby computer kid. But my friend who I had met in that math class was like a really good track runner, not technical at all. And I was like, “Wait, he’s on the track team.” Another childhood friend of mine was on the track team, like, “I’m just going to go join track, and we can run around, and do whatever.” It was pretty fun. Have some structure.
And so, I was running track, and starting to get a little more confident body-wise. I was not an athlete by any means. That took a long time. But that was one distraction, and it ended up being a really good balance from my computer work. But, I mean, hacking… I was born as a hacker, and I knew I was going to be a hacker. I knew I was going to continue to use the computer. Being a hacker wasn’t a career path at the time. So, I was focused on, I was going to become an engineer, and design products, electrical engineer. And at that time, the Boston hacker scene was very tight. Everybody knew that I’d gotten in trouble. Restricted Data Transmissions was another little kind of group at the time that formed out of Black Crawling Systems.
Nathan Sportsman:
This is sort of the pre L0pht?
Joe Grand:
Pre L0pht. That was kind of pre L0pht. A lot of guys kind of socializing, and the L0pht had started, which we can get into. And I’d already known those guys for a long time by that… Well, not really long time, a couple of years, but as a kid, that’s a long time. They’re like, “All right, now we know that Joey has gotten that stuff out of his system. Kingpin’s gotten that out of his system.”
Nathan Sportsman:
So the thing in Michigan happens, but at the same time you do have this different group that knows who you are. They’re in Boston, is it Restricted Data Transmissions, this was a group that they had before, and they’re sort of starting to take you under their wing after you have these things, these shenanigans in Michigan. So, can we kind of talk about that, and what was the importance of these folks, and the impact that they had on you?
Joe Grand:
Sure. Right. So, at that time, the Boston hacker scene was somewhat transient, because it’s a college town, a lot of people coming and going. And there were a couple bulletin board systems, like we talked about, that were really kind of fundamental to building that community. One of them, ATDT, was one of these bulletin board systems, and the guys that ran that BBS were like, “We should have a meetup, like a gathering.” And that wasn’t a thing back then really, except hackers would gather to trade games and stuff. But this was like, “Let’s have a barbecue. We have an apartment, let’s do it on the roof of the apartment.”
Nathan Sportsman:
Physical gathering,
Joe Grand:
Physical gathering. And a lot of us had known each other from the bulletin board scene. I’m not sure if we’d even really met before that, but there are some pictures on the internet of this first meeting of some pictures on the internet of this first meeting of a lot of the Boston hackers together and it was just a fun time. And again, I was the youngest, I was almost always the youngest for most of that time until we had new generation coming in. So guys, they’re cooking barbecue, Account Zero and Magic Man and Darby Crash and Brian Oblivion and Dave Ferret who was running the works at the time.
Nathan Sportsman:
The works being another BBS.
Joe Grand:
Another BBS, yeah, really important one in that time too. Maybe Jason Scott, I’m not sure if he was there yet. Me. And that was the first gathering called Grillathon in 1991. And that has actually persisted to this day. There’s still a Grillathon happening in Boston, which is pretty cool of different hackers. But this association… Some of them actually were around back in the day.
Nathan Sportsman:
When was the last time you went to one?
Joe Grand:
I think a couple of years ago I went. I happened to be in Boston around the same time, maybe it was five years ago or so, which was fun. There was a lot of people I didn’t know because again this transient nature. But GoGo 13 actually was one of the guys. He was at the first one and he’s still running them. And there was a football game. These guys were playing football, which is a weird thing to say around computer people.
So that was sort of where I got to meet everybody in person. Restricted data transmissions was sort of the group. They’re creating some text files and stuff, but it ended up becoming the L0pht or L0pht Heavy Industries. And this group of guys, when I got in trouble and they’re like, “All right, Joey got that out of his system.” Kind of took me in under their wing and I started hanging out with this group a lot more and my parents let me, because they’re like, all right, we know these guys. They’ve gone to some electronics flea markets together. They’re older, they have jobs at actual places, they seem way more responsible than the kids I was hanging out with before. And they knew that I wasn’t going to stop using computers. So this was just a more positive outlet for my curiosity.
Nathan Sportsman:
So you said you’re consistently younger. How much older are we talking about? Two years? Were they’re 18, 20, 21, what was the age gap?
Joe Grand:
I think six years older at a minimum, probably at least four to six years. So kind of brother separation between my brother and my sister and me. And what ended up happening is when the L0pht formed, which was Brian Oblivion and Count Zero at the time, were friends for meeting on bulletin board systems and they were living in an apartment in the south end of Boston. And Brian was upstairs with his partner, Count Zero was downstairs with his partner. Their partners had a little hat pin making business, so they wanted to have a space to do that. And Brian Oblivion and Count Zero had a bunch of computer crap all over their apartment and their partners were like, “Get that stuff out of the kitchen.” Like Black Crawling Systems, Brian Oblivion’s board, he was running that from a little closet, the pantry of the kitchen and Count Zero had just some really cool tech and everything, but a lot of it. A lot of us were doing dumpster diving and collecting computer parts and stuff from Radio Shack besides looking for phone related information.
Nathan Sportsman:
So just stuff everywhere.
Joe Grand:
Stuff everywhere. So the loft ended up starting to be this place for the women to do their hat business and for the guys to have a place to dump all their crap. And really because of their foresight and their desire to bring the community together, it went from just the two, where they started inviting more people to be in this space. When their partners decided to not do the hat business anymore, now there was a whole artist’s loft space around the corner from their apartment that became the L0pht, and that’s why the name the L0pht, which of course is the hacker spelling of a regular loft space. So it was this kind of organic growth and it was Count Zero and Brian Oblivion and then White Knight joined, GoGo 13, Space Rogue. And then I think I came in after 92 or so and it really was just this hangout spot, is really what it was, a spot to hang out and play with technology. And for me it was just a safe space to go.
Nathan Sportsman:
So that was sort of the initial kind of founding team. And so folks like Dildog or Mudge or Weld Pond, they came-
Joe Grand:
They came later.
Nathan Sportsman:
Okay.
Joe Grand:
And it was a spot too when hackers would come into town for whatever reason, we’d found out from bulletin board system post or whatever it was. Sometimes they would sleep there. And it was a very interesting time and for me it was the first experience of really sharing things. I remember specifically the feeling when I brought my own electronics equipment from the basement of my parents’ house where I would do all of my work. When I brought that to the L0pht, it was a very defining moment of now my equipment is there for other people to use and I was becoming part of this community and I was still a punk kid. I was probably the little brother to all of these guys. I don’t know why they chose me out of all the other people, but we really did have a very unique relationship and worked really well together. Just even in this sort of undefined communal space.
Nathan Sportsman:
Everyone kind of pitched in for rent and depending on how much you pitched in, kind of dictated the square footage that was shared. Is that right? And then you being 16 wound up sharing a space with Brian Oblivion?
Joe Grand:
Yeah, so right, the space was kind of split up and some square footage was divided and whoever had what would pay for their space. Also, that’s where we had our VAX. So we had a huge VAX there. Stefan Von Neumann joined later on to work on the power for that.
Nathan Sportsman:
VAX/VMS?
Joe Grand:
Yeah, a whole VAX, it was 11/750 or something like that. It was the shorter ones, but the whole set of it. We had at the L0pht, we had an early website, we had a webcam and it was your typical, now it’s typical, but like hacker space, pizza boxes, computer games, everything. I just remember getting there as a kid was always an adventure and I was still skateboarding, but you had to go through a bunch of different neighborhoods on foot to get to this place or on skateboard or on bike, but as a kid it was kind of venturing through different lands to get there. And once I got there I was like, oh, I made it. And so it really was a refuge for me. Those guys, I learned so much from them and mirrored myself on a lot of their behavior, which is really directly related to what I do now.
And it was such a formative time of seeing their passion for what they were doing and there was no purpose. It was like, we’re going to hang out, let’s set up a network so we can play network doom. Let’s set up a BBS, let’s meet other hackers. One time, it was 1992, we actually came to Austin for HoHoCon and I was still underage, so everybody else got to party and stuff and I just hung out. I didn’t drink or use drugs anyway, I just hung out. But I was still the little kid with everybody else and we’d do road trips to flea markets and stuff, but it was really just a place to go. I don’t think anybody had this vision of what the L0pht would become. It was just like, we’re hackers. We love what we do. Now I have a safe space to do it.
The other guys had their interests that they were doing. Mine was electronics and hardware related. Brian Oblivion was electronics and hardware related, so my little space was part of his area. And the workbench, that hardware workbench, that was mainly his, that’s where I would do stuff also. And my parents would help pay the rent. So it was really like they did support me after the fact knowing that I was going to keep doing computer things. And I do remember going to a therapist after getting arrested and he’s like, “I know a guy that does an IT job at this company. You should talk to him.” And I was like, “No way.” I didn’t want to do IT. I wanted still to be a hacker and it was different. I had no interest in working a square job. I was just still curious and passionate about the things I was curious and passionate about, not anything else. It was really whatever I was interested in, that’s what I wanted to do. And that was the L0pht and exploring.
Nathan Sportsman:
And I remember reading the book and you mentioned it was sort of an adventure to get there and you would run really fast or skate really fast to get there. I think it was south side of Boston was the original place, so a little bit rougher neighborhood. And I remember, I think it was in Space Rogue’s book, he talked about how he would give you car rides home at times. And so these folks that sort of took you in, they were clearly looking out for you.
Joe Grand:
Yeah.
Nathan Sportsman:
The stuff that you learned about information sharing, were there any sort of transformative, just life lessons that you picked up while you were there that kind of bring you through to today, just taking your passion and your knowledge and kind of using that as a force for good, but any other big things?
Joe Grand:
Yeah, right. I mean, Space Rogue would drive me home, which was a lifesaver. The trains were closed by that time, a lot of the time, and he would drive me home on the way back to his house and it was nice to have this support of people and I really looked up to them and really trusted them. When I would see Count Zero at a little meetup, I wouldn’t even call it a conference, a meetup, of explaining some cool thing he discovered or when he would write a text file, sharing what he had learned and just seeing how he sort of carried himself. But really this passion and the willingness to share information, where a lot of times in the hacker world, people wanted to hoard what they had because it was cool. When I started, I was getting games and I had all my codes and credit card information and everything and I would trade that stuff as currency.
But the tricks and the techniques and things that we were learning later on, to see these guys willing to share that and see their willingness to learn from other people also, really kind of opened my eyes of like, that’s really cool. You can learn something, you can teach other people about it, empower other people and then they might go off and do something with it. And it’s all… Everybody has this hacker mindset. I mean that’s the number one thing that really stuck with me is, besides their, maybe they didn’t even… Their subconscious commitment to supporting me and protecting me. That whole mission of sharing information and that willingness to explain things and teach and that unknowing has directed what I now actually do to make a living, which is to me, mind-blowing.
But it was such a huge moment of you can do what you love to do in a controlled environment where you’re not going to get arrested. And yes, later on we started pushing buttons of corporations doing disclosure and things like that. But it was, I would say this first revision of the L0pht was this very, to me, an innocent kind of no direction, but this supportive environment where it was just so formative for me that I don’t know what would’ve happened without it.
Nathan Sportsman:
And so these people that working with, six years older, bigger brother, fatherly figure, but clearly some sort of mentorship happening, were you aware of it at the time that that was happening or was it just looking-
Joe Grand:
Yeah, they were looking out for me, and they looked out for me when we went to meetups and conferences too, where there were people that had a reputation for maybe having an affinity for younger children, younger boys. They would make sure I was sheltered from that and I didn’t really know why… They’re just like, “Move over here, get away from him.” They were doing this stuff. So it really… I mean it was hugely important and I still don’t know, again, why me? But I’m extremely thankful for it because it really shaped everything about my life.
Nathan Sportsman:
And that team, that group, the L0pht, the level of novelty and the research and the stuff that you had a chance to do. Remember we were talking last night, I think it was 97, but HOPE Con was kind of one of the first moments where it started to hit folks just how, for lack of a better word, famous the team was becoming.
Joe Grand:
That was later. So I basically would split the L0pht, the era of the L0pht into two sections. One would be the old L0pht or the original L0pht. At some point, I think it was 94 or 95, we moved to a different space, which was the new L0pht, and that was in Watertown, so a suburb outside of Boston, more of a light industrial neighborhood and we could have a little more space. There was a lot of personality and kind of personnel changes happening also. So I think Beyond HOPE came later, but that is where I first realized, oh, people are really paying attention to the L0pht as maybe not an intentional representation of hackers, but it eventually morphed into, we were really trying to spread this message to the public about what the hackers were doing on a good side and what the public could take from that. And going to Beyond HOPE, that was the first time when some kids came up to me and asked for my autograph and it was like, wow, we just have a website with some project pages.
And it’s not like we were doing that for any reason other than again, sharing information and sharing our projects. But there were definitely some changes as far as Count Zero who was one of the founders of the L0pht got kicked out, Mudge came in, he became the de facto head. It just changed a lot between those times and it really was this… We changed location and it kind of shifted our mission a little bit also, where the looseness and the fun became a little more organized of all right, now we have meeting minutes, we’re taking meeting minutes of who’s doing what, who’s pulling their weight, who’s bringing in some money to help pay rent. So it’s just a little more structure around it, which was still fine. I didn’t mind the structure and I liked having a responsibility and having these guys put responsibility on me and that I could actually contribute in a meaningful way of doing things.
Even as far as getting the T-shirts printed or bringing stuff to the post office, that was a way of sort of trust. They’re entrusting me as part of this and I knew that I had to contribute because that was what was expected. But it definitely shifted with some of these different personalities in a both positive and negative way. And I have some regrets about how we handled the situation with Count Zero, and I have some regrets later on with some of the other guys as we moved towards @stake. All learning experiences and things that I’ll never forget and things that I’m very rigid about now as far as making sure that those mistakes that I was part of would never happen again.
Nathan Sportsman:
Yeah. And so do you see L0pht as sort of two epochs and really those epochs tightly coincide with these different spaces and so there was sort of version one with the original location and then version two is about when new people were coming in? I guess that’s when Mudge, Dildog, Weld Pond, is that the time or was it more of a transition of people joining?
Joe Grand:
It was definitely, the change of physical location really changed… It really solidified our new direction. Mudge had came into the L0pht a couple of years after me, but before we moved, Weld came into the L0pht a couple of years before we moved, and Weld and I ended up sharing a space also. But it was really that transition of when it’s like, all right, what can we do? And hackers were becoming more discussed in the mainstream anyway, and maybe certain people had different end goals of what they wanted to do with the L0pht or what they wanted to use the L0pht as a platform for something else or a stepping stone for something else. Basically I was just going along for the ride. Again, I was younger. Given what I know now about myself, I had basically, and have very little empathy, very little attention to outside and very focused on stuff that interests me.
So I was just, again, these guys were providing this safe haven for me and I was going along with it and trying to pull my weight. So it’s a lot easier to look back and be like, oh, we should have done this different, should have done that different, but for what it was… And nothing like that existed really before as a hacker space. You have like CCC and things going on in Europe. You had the 414s back in the day, but a physical hacker space like that, at least in the US maybe, that was the first real kind of defined effort, but it definitely changed. Not that we were trying to have a company, but we just wanted at that point to see if we could be self-sufficient and still do what we loved. And we were all still coming in at nights and weekends to hack on stuff. It was just, we were all growing up.
Nathan Sportsman:
And we will certainly talk about this in a second, but the testimony from 98, that’s obviously a high profile memory. Going back to version one, epoch one, when you think of that version of L0pht, what was your fondest memory?
Joe Grand:
My memories are all about flea markets. After flea markets, when we’d all come back to the L0pht and look through all the stuff that we had. The drive home from Space Rogue… Same thing even at the new space when we would do road trips to flea markets and it really wasn’t these public groundbreaking things. The Senate testimony was fun, but it didn’t have this personal impact to me, just like these day-to-day trivial things of like, oh, let’s go hang out. We’ll go to a restaurant, we’ll just work on a project or fix the Battlezone machine or hack on whatever, set up our voicemail box so people could call in.
So it was just these little things of this group effort that I have the fondest memories of way more than maybe the technical achievements or the things that people know about the L0pht, but it was so much a part of me that as things progressed, it really hurt when things changed where I had this hope that it wasn’t going to, but it ultimately did and things do change. It was just not quite what I expected and probably not what other people expected to.
Nathan Sportsman:
Part of what I’m hoping about this is, and I’m already seeing it with Brout and other folks, people are reconnecting after 15, 20 years and people being able to talk again and catch up and not just about back then, but catching up on what their journey has been since. So hopefully that stuff happens. So then it’s starting to make sense. I’m starting to get an idea between version one and version two. In 97, along with Beyond HOPE, Cambridge Technology Partners. So this was definitely L0pht version two where y’all started to work with them and they hired you to do basically a penetration test. Is that right?
Joe Grand:
Yeah, so came a little… I think that came after our Senate testimony in 98. I could be wrong. I have our final pen test report so I could look at the date. But basically at the new L0pht is where we got more focused into spreading the good side of what hackers can do, where the old L0pht was really a passion, an outlet for our passion, our curiosity and within our hacker community. Second L0pht was kind of breaking out of that bubble and we loved the media attention, we loved the exposure. Even if we were misrepresented, it was still an opportunity for us to get some exposure outside of the hacker scene and felt like it was our responsibility to show that good side because the media at the time, the reports were all negative about hackers and we thought and felt that we were doing something positive and wanted to share that. So that’s when the disclosures started happening, mostly on the software side like Mudge or Dildog or Silicosis or some of the guys that came later, Weld, had some vulnerabilities and start talking to companies to do disclosure. That became a thing.
We wanted to try to have the L0pht be more self-sufficient. At the time I was a professional design engineer, so I graduated college and was working to design electronic devices and medical devices and really learning and kind of honing my skills as an engineer, which came in handy a little bit later on. Loved it, loved that job. I was shielded from all the politics. I got to do my work. It was a family friend that ran the business and they did amazing design work and it was just surrounded by very competent, talented designers of all types. It was amazing. And I probably would’ve still been there today if I hadn’t have gone this other way, but we were all working jobs and we’re like, what if we could be self-sufficient? Maybe not get paid, but we can pay for the rent, we can pay for the utilities, the phone, the internet, everything.
That’s a good start. So I don’t exactly remember where that sits in timeline with the Senate testimony. The Senate testimony definitely brought the L0pht into even more of a public eye outside of local regional areas. But that desire to do it full-time and be a hacker full-time was something that it just wasn’t happening at the time. That wasn’t a concept that people even thought about. When we started shopping that around, it was mostly Mudge’s idea. And he was doing some training classes, I think with organizations and he was sort of dropping a hint of like, “Hey, you want to hire some hackers?”
But most people thought we were crazy. Now it’s a common thing of you have researchers that hack on things and give talks and disclose. They’re not billing hours, they’re building knowledge to share with people, which is such an important part of any organization now. But back then it was like, why would somebody pay seven hackers in this clubhouse basically to do anything? But we started seeing other people doing, friends of ours doing security related consulting work, and the internet was starting to become more known outside of typical computer people. And I think some of those guys just saw that there was an opportunity that we could actually become hackers and started going that way of how can the L0pht turn into something self-sufficient that we can all quit our jobs and do full-time?
Nathan Sportsman:
So on the Cambridge, that voicemail gave you a chance to really understand their intentions, give you all a chance to walk away from that. And then on the network side, I think this was also in Space Rogue’s book, there was apparently an explosion in downtown Boston or the area, which caused a server that was running on a UPS, for the UPS to drain, server gets rebooted, Apache’s running route. They break into that and apparently even though it was in the report, that implant was still calling back, trying to call back out to the L0pht even years after the engagement.
Joe Grand:
That’s the story.
Nathan Sportsman:
Yeah, that’s the story.
Joe Grand:
I can either confirm nor deny.
Nathan Sportsman:
That’s the story.
Joe Grand:
Which is actually a very apt example of corporations might know they have a security problem, but they don’t want to fix it or they don’t believe it’s a problem or it’s too difficult to fix because of other things around that environment and it stays open or they’re not patching something or whatever it is for whatever reason, we see this day in and day out in modern computing times, even if there’s a patch, it doesn’t mean everybody’s suddenly going to fix it. So that was a good example of that. They just didn’t do it.
Nathan Sportsman:
And I might be getting the timelines mixed up, and so whether Cambridge was before or after testimony, but if we can kind of pivot to the testimony and something that… I guess I’ll start with, I read that Joe Lieberman, Senator Lieberman, he starts to open up the testimony who became Al Gore’s vice president by saying, “Mr. Chairman, I thought you were the kingpin before y’all kick things off?” Is that actually true? Did you hear that?
Joe Grand:
Yes, it is true. That’s in the public record of American history. And the reason he said that is this Senate testimony, there was a number of firsts for it. Of course, hackers meeting with the government was a no-no back then, unless you were arrested and had to deal with them. The fact that we were willingly going to talk to the man about computer security was a huge thing. Some people thought it was really cool, some people thought we were total sellouts for doing that. I thought it was a great opportunity. We all thought it was a great opportunity to again spread our message outside of our bubble, which is something I still strive to do today because there’s so many people out there that could learn something and maybe get inspired by it.
Nathan Sportsman:
How did that even begin? How did L0pht find themselves in that room? How did that transpire?
Joe Grand:
Yeah, so let me answer this other part first. So this was the first time of people testifying in front of the US government with pseudonyms that were not part of the Witness Protection Program. And it was a very novel thing. So we had placards on our desk with our hacker names and part of that, we insisted on doing that because of how controversial it was of hackers going there. We also were not using our real names at that point for anything. And we preferred that privacy aspect of it because we’re really pushing things further than other people had, and the senators had never seen anything like it. And so when they’re reading all our names, and it was Senator Thompson who was leading that group, he was like, “We have Space Rogue and Stefan and Tan and Brian Oblivion and Kingpin.” And then Senator Lieberman was like, “I thought you were the kingpin?”
Which is hilarious because to them it was like, I don’t know exactly how old they were at the time, but they were not from our world. And to us having pseudonyms and hacker names, that was normal. And I’ll still call Brian, Brian Oblivion and Count Zero and Space Rogue. That’s a normal thing. But to outsiders, it was totally unheard of. So it was a very novel thing for them, and it kind of broke the ice also because it was a little tense. I didn’t realize how huge of a deal that was going to be, but there was cameras everywhere and people everywhere. It was my first real public speaking experience and that broke the ice when everyone’s like, ha ha ha. And then it was a little easier to build this kind of rapport.
So it was cool that he said that. They had a bunch of other choice quotes in there. They’d called us modern day Paul Revere’s, and I think that was also Senator Lieberman, and he is like, “Except it’s not the British that are coming. We don’t know who’s coming.” And he sort of saw the importance of cybersecurity and hackers. And if seven guys in a warehouse, clubhouse could hack on stuff, what could other adversaries do, state-sponsored adversaries, things like that? So he really saw it. Of course that was just the beginning of cybersecurity growing, but a very interesting period.
Nathan Sportsman:
I mean even to this day, that famous scene with all of you standing before the Senate hearing. And so how does that start? How does one get even invited to a Senate hearing to talk about the concerns of cybersecurity?
Joe Grand:
Yeah, so there’s some conflicting stories around that. And going back to the different perspectives, I think as close as we all were, I think there’s some things that we don’t know other people were doing. My understanding is through some of the media exposure that we had through local news outlets, there was one article written about us in a local independent paper, and then that got picked up by one of the Boston newspapers, that got picked up by The New York Times, which went to the Washington Post, and then somebody from the Senate office saw the Washington Post article and invited us. There was some other communication at the time with Richard Clark who was the cybersecurity czar under, would it have been Clinton? Bush? [inaudible 01:04:31].
Nathan Sportsman:
Bush or Clinton, one of the two. It was around that time.
Joe Grand:
Yeah, around that time. I think Mudge had a connection to him through some of the stuff he was doing outside of the L0pht. But whatever it was, we had a meeting with this guy and some of them came over to the L0pht. And I do remember I was brewing my own root beer at the time and I was trying different recipes and everything. It was just a fun hobby to do and I was serving everybody their own can of root beer. It had a L0pht root beer label and everything.
But I specifically remember that day because everybody got sick, either headaches or stomach or worse, not immediately. The headache actually came on immediately. The other stuff was a little bit later and it turns out I just hadn’t sanitized the bottles properly. So it was amazing that they actually invited us after I basically poisoned them. But we had kind of a meeting, a feeling of minds, and then we received a formal letter, which we knew was coming, formal letter, we invite you to testify in front of the US Senate. So however path it took to get there is not totally concrete, but it happened and it was definitely an interesting experience. What I really remember most about that was, again, not the testimony, but the road trip down to Washington D.C., and the fun of being around those guys and sitting in the hotel room the night before all working on our different speeches the night before, all working on our different speeches that we were going to say. And that camaraderie around that was, for me, such a cool part. And the testimony itself was terrifying. And I didn’t say anything really that made sense. I do remember at one point Mudge tried to lead me, he’s like, “But what about those things?” And I just couldn’t answer. It was a very strange experience to have as your first public experience.
But it was super fun. We got to tour the White House, the Situation Room where, when shit goes down, everybody’s there, the underground tunnels, the Executive Office Building. They really showed us around and treated us really well. Even when we checked into the hotel, they had pseudonyms for us, and not our hacker names, but we had other names that I’m sure the government just issues to everybody starting with A. There was Al Anderson, Bob Brown. I don’t remember what C was. It was like George Green. So, we all had these names that were anonymous. Even though, of course, they knew our real names because they needed to do background checks and everything, they really respected our desire to remain private. But those are the things that I remember and appreciate even more than the testimony itself.
Nathan Sportsman:
Yeah, it’s the actual unique experiences that are to the group, and I can’t imagine the jitters I would have having to do that. But the material that was presented for me and my generation, to me, what y’all were warning about, it did look like a premonition of what’s to come. And the L0pht was seen around corners and trying to let people know how they need to start thinking about this stuff and taking it seriously.
Joe Grand:
Yeah. That’s what they had asked us to do. So, the government was like, “We want you to provide a doomsday scenario.” And it was based on our experiences of working at stuff at the L0pht, but also the experience of some of these guys that were actually working in organizations that they had insight into areas that even I didn’t have insight into, but they knew what was coming. They could see what was happening with the internet and with networking. And it was super fun.
There was a picture of us outside of the hotel right before we went, and I’m holding a briefcase. We were all trying to be professional. We’re all wearing suits. And we’d always joked, “The only time that we’ll ever wear suits together is either at a wedding, a funeral, or if we’re going to court.” But now, this was the other option of, oh, we’re testifying in front of the Senate. But it is one of those things of we were out of our element, but we were providing this face of the hacker world. And whether we saw that at the time, it really was this first time that the government and the media and a lot of mainstream people had heard of hackers in that positive way.
So, maybe it wasn’t directly known that we were representing other people. We tried our best to at least show what we were passionate about. But we didn’t know the impact of that. My parents didn’t even come. Nobody really knew that it was a big deal or that it would become a big deal or that people would even talk about it however many years later. But it is really fascinating to know how impactful it was and how some things have changed since then, but other things haven’t.
Nathan Sportsman:
And I know Richard Clarke, I think through that testimony in meeting the L0pht, he went on to write Cyber War and then The Fifth Domain with Bob Knake. And so the story goes, he went to the L0pht, he had a chance to see everything that you had assembled through MIT flea markets and everything else, and he walked out in shock. And so the story goes, he was whispering to his assistant as they had got done with the tour, and some of the L0pht members came over and said, “Hey, we just opened all of this up to you. Why are we still whispering and keeping secrets?” And his response was, “We thought that what y’all have assembled only a nation state would be able to do. We have to completely rethink our threat model.”
And so I think that testimony was a wake-up call and a siren warning of how serious this stuff could be and people need to start taking this stuff seriously. And to your point, a lot of this stuff still isn’t fixed, but society’s dependency on technology and the underpinnings of security is more and more there than it was [inaudible 01:10:47].
Joe Grand:
Is huge. Yeah, and that’s also, even if you think about some of the cybercrime groups now and ransomware groups are really groups of individuals either controlled by a government entity or doing it on their own, but there are small groups like the L0pht highly focused on some particular thing. And it’s very hard to define because those groups can change, and skills change depending on what the goals are of the group, but it is this different landscape than your traditional adversarial defender relationship.
Nathan Sportsman:
Right. And it’s not credit cards anymore. They’re taking over hospitals.
Joe Grand:
Right. It’s not this curiosity and this mischievous little things. It’s focused on, I guess what you would call cyber warfare, which I know so many of us are poo-pooing that term when it was first used. But it really is, because of our reliance on so much of that technology, it is targeted attacks against infrastructure and against things that can really impact a group or a place, hospitals, whatever. And that’s just the intentional adversaries country to country. But then with ransomware groups, they’re targeting places to make money also to cause… Which would inflict damage because those places might be more willing to pay up to get out of that situation. And it’s happening everywhere. And it’s just like the opportunities, I guess we would call the attack vectors, have just expanded. And the threats also have just changed, but the core problems are still there.
Nathan Sportsman:
And so I know the impact it had on me seeing that testimony, and there are a few key things that shaped why I wanted to get into this, but what impact has it had on you looking back all these years later?
Joe Grand:
That’s a good question. I’ve never actually thought about it. And it’s interesting to hear when you say it had an impact on you and other people are like, “I remember seeing that testimony, and fact wanted to get me involved in security,” or whatever. My impact was the mentors’ conscious of a hacker. The Hacker Manifesto, I saw that in Phrack, and that was like, holy crap, that’s me. I get it. I understand that world.
So, that was my impact or what I got from that, where he maybe was influenced by somebody previously. So, the testimony, I don’t know if I have anything that directly impacted me about that. I thought it was great. The fun when Mudge was like, “Hackers can take down the internet in 30 minutes.” When one of the senators asked him, “I heard you could take down the internet,” and he’s like, “Yes, with a few packets in 30 minutes,” or whatever it was, because he had a known vulnerability and some BGP something, something, something.
And that’s really what the media picked up on, is this hackers can take down the internet in 30 minutes, which we all thought was fun. And we ran with that and made T-shirts and all sorts of stuff. And that’s still the quote that people remember. But a lot of other discussion came out of that meeting, but nothing really impacted me as far as changing my direction. It was just a fun experience and a novelty, again, because I didn’t think it was going to be anything. I don’t know if the other guys thought different. It was just a novel, cool thing to talk to essentially our grandparents about technology and the experiences that we were having, or at least trying to. I don’t know if anything stuck with me like the previous era of the L0pht stuck with me.
Nathan Sportsman:
I mentioned this to Route when he was the editor-in-chief of Phrack Magazine as other pivotal moments, the generational effect. And so I can just speak for me personally, but seeing that testimony when I was 18, that caused me, and I’ll bet you a nickel so many others, wanting to go down this route. And so it did have a pervasive impact, not just towards the government’s understanding and a wake-up call, but people, “Wow, this is important. There’s impact here. I want to do this as a career.”
Joe Grand:
Which is awesome.
Nathan Sportsman:
I appreciate it.
Joe Grand:
That means more than anything, of seeing how that actually that people took that as their catalyst or their starting point for something is super cool.
Nathan Sportsman:
After the testimony, L0pht, the notoriety and the familiarity with that crew explodes. And then in 2000, the whole business thing starts circling again. And for me on the outside, when I look at the name @stake, I think of Katie was there, Wendell Schneider was there, you guys were there, Mike Shipman was there, and it was just like, ah. But sometimes how you see something from a distance is different from how it seemed when it’s up close. How did the @stake thing come about? And what was your experience through that?
Joe Grand:
Yeah, so it definitely around that Senate time, we had been toying with trying to do the L0pht full-time. So, Cambridge Technology Partners, other companies were starting to form around that time, and we’re like, “Why can’t we? We’ve been trying to go full-time. This is the time to do it.” And we decided to basically join forces and merge with this company that was starting, which was @stake. And the intent was that the L0pht would continue to be the L0pht. It would be the L0pht R&D lab, the research group within @stake. And really, it was like, could we actually be hackers full-time? We didn’t know it was going to be possible, but all of us at the L0pht made this commitment of if this is going to work, if people actually want to buy us, we’ll all quit our jobs and go for it.
So, @stake started, and it was very much like, yes, we hire hackers and very rah, rah. We’re bringing in hackers. It might be controversial, but hackers, they understand what we’re trying to do and they’ve hacked the systems that we’re trying to secure, and all these things that we know now. And just like with the Senate testimony, where we were doing something a little controversial of hackers reaching out and talking to government, with @stake, we were essentially selling out. We thought about it as a band, a garage band signing to a major label kind of thing, is we’re taking that leap. Where some of the diehard fans were saying, “Sellouts,” whatever, other people were supportive of it. But we thought it was giving us more of an environment to do more things and thought it was just the next logical progression.
There was a great photo I took of the L0pht that we’d cleaned out all the stuff, and on the walls there was spray paint that said Sellout. So, somebody wrote it. We don’t know who wrote it, clearly a Boston area hacker. Maybe it was one of the guys in the L0pht. I don’t know. I learned a lot from a personal level that really changed me a lot. So, just like the L0pht, I learned a lot as a teenager about teaching and inspiration and how to carry yourself and all of these things. @stake, I learned a lot about business, the bottom line. It didn’t feel right to me. It felt a little forced and it didn’t feel like something I wanted to stay involved in, especially as there was more personnel changes. Space Rogue got fired very early on, and one of my biggest regrets from that time was not supporting him in that way.
So, just like with Cambridge Technology Partners where they realized they didn’t understand Joe and Brian and everybody backed that up, when @stake didn’t recognize Space Rogue, the rest of us didn’t step up and say, “Wait a second, we come as a package. Space Rogue, you put him in marketing because he’s doing Hacker News, that was your decision, but he’s part of our group. If he leaves, we all leave,” or do something like that as a union, as a group. And we didn’t. And that, I feel like was a… That was the beginning of this domino effect. One guy leaves, we get split up, hierarchy.
The final thing for me was when Brian Oblivion got fired, and he was really the catalyst of the L0pht and the founder of the L0pht, and not always the most public figure, but the most structure and the most supportive and one of the people I looked up to the most, along with Space Rogue and along with Tam and some of those guys. And when he left, I was like, “That’s it. I’m done.” I’d had enough of the, I just didn’t like the politics, I didn’t like the corporate structure, and I had known from my engineering job what an environment was that I liked to be in. And this one I just didn’t. And it’s funny because most people see the positive sides of a business, especially @stake and the impact of that, but it just happens, for me, it wasn’t for me.
Nathan Sportsman:
There tends to be this thing towards bottom line and spreadsheets and all that stuff, but not everything that counts can be counted, and not everything that can be counted actually counts. And I remember Hacker News Network, H&N, and-
Joe Grand:
Yeah, it’s huge.
Nathan Sportsman:
… when they shut that down, it didn’t make sense because they couldn’t… But they couldn’t see it from a bottom-line perspective. Same thing with research and innovation. I had talked to Singh Freud about this, and pulling it back from just @stake, but @stake Garden, ISS-
Joe Grand:
Foundstone.
Nathan Sportsman:
Foundstone. Do you see about that time, 2000, as this inflection point where the culture lost some of its innocence as it turned into business as money came in, that sort of stuff?
Joe Grand:
Yeah, that was definitely a transition of these hacker groups, not just the L0pht, but other people now becoming paid employees of larger companies and doing consulting and turning hacking from a passion or a lifestyle to a job. And a lot of us, maybe all of us, went through it because that was .com boom. We’re realizing, trying to justify following our dreams and trying to make a living, but there was other influences. And businesses are there to make money.
We thought that we’d be able to help make other companies more secure. And we hear a lot of stories of consulting companies, sometimes they run some port scans. They write a report. It’s very generic. But we felt like we were trying to help. And some of the projects that came out of @stake were great. A lot of consulting projects with really big companies that I wasn’t involved in, but I got to see other people do it. But it really felt like a division between the consulting side and the research side. And it went very quickly from, “Damn straight we hire hackers,” to, “No, we don’t hire hackers.”
There’s a story that happened when Fiber Optic applied for a job.
Nathan Sportsman:
I remember this.
Joe Grand:
And he called up and applied, and HR was like, “Oh, we don’t hire hackers. Sorry.” Because he had a criminal record. And, of course, none of us had any input into that. And we’re like, “What the fuck are you doing? It’s Fiber Optic. Are you kidding me? The skills that he has, he would be amazing here.” And that was really that example of the company not understanding the value of the people that are in it. And it didn’t matter if you had a college degree, if you had a criminal record, for us, as hackers, we didn’t care, but for the executives and the reputation in the business world, that was something that they mistakenly thought was important.
And it was just a shame because we missed out on some opportunities with great people, but it showed how the business was structured, and they didn’t appreciate who was there. And again, for me, it was just this experience of recognizing when something doesn’t feel right to make a change. And it’s sometimes hard. Sometimes you don’t have that opportunity to be able to leave a situation that you don’t enjoy. So, I’m very grateful again and lucky in that situation of I could leave and go on my own because I was so fed up with it, but a lot of people don’t have that chance. So, it’s something I recognize that that turning point, again, that path, I was just lucky to be able to do that.
I still had no idea what I was going to do. I think that the misconception a lot of times with people is if you look backwards, it’s easy to be like, “Oh, you did these accomplishments,” and whatever, which, to me, are not the important part. And this path, I had no path. I was just at the right place at the right time for things to happen. And when I left @stake, I wanted to do something… I was trying to do, “What could we do as a L0pht 2.0?” Dabbled in a couple things with some of the other guys, and then I was just like, “I’ll just go on my own. I’ll do some product development, try to license products to other people. They can manufacture them and sell them.” So, get back into engineering and leave the security drama behind, but I didn’t know what was going to happen.
Nathan Sportsman:
Right. I think you were there for a couple of years. And to your point, there are people that are in certain situations and it’s hard for them to get out, but for those that do have a vote, you get to vote with your feet. And so you got a look at the way things are done, and it feels like you took those lessons. And then in 2002, Grand Idea Studio, bringing the values that you have and hanging your own shingle in the way that you want to do it, you forked off and started your own thing.
Joe Grand:
Yeah, exactly. And it was mostly just I saw how this particular business was run, I saw how people behaved when money got involved, and it just wasn’t for me. So, I just had to go back to my roots of what I believed in. And I basically vowed to not work in a corporate environment. I was like, “I would rather eat dog food out of a can than go back to work for people and have them tell me what to do.” And I just never looked back, and I figured out how to make that into something. And it just luckily turned into something. And if I had to, I would go work in a place, but I would find an environment that worked for me.
And I think it was just that, to me, given how I grew up in the L0pht and how important that was, having that change with @stake was the most traumatic part. It wasn’t even the business and the executives misunderstanding hackers. It was like the L0pht was my childhood. It was my formative years. And seeing that we willingly went in there and we willingly tried to make something from it, but I didn’t know how much that would impact me until it all got torn apart.
Nathan Sportsman:
And you mentioned fatherly figures, almost like witnessing parents getting divorced or something like that in this group that was very tight-knit, starting to go their own.
Joe Grand:
Yeah, everybody got assimilated and went their own ways. And I am very stubborn and not easy to work with a lot of times, and I also realized those traits of that it makes sense for me to work in a place where I’m doing things alone. It’s very rare to find people that you can work with, and the L0pht was so special in that way because we could all work together. That doesn’t happen very often. And when you get other people involved, the dynamics change. Once I realized it wasn’t for me, then I just made that decision, again, without knowing what would come of it, just knowing I wanted something different.
Nathan Sportsman:
Right. And so you forked the code. So, tell me about Grand Idea Studio. You do a lot of stuff, but where did you start? What are you up to now? I know training’s involved, but can you tell me a little bit about-
Joe Grand:
Yes. That was 2002 I started my own company, which is Grand Idea Studio. It’s just me, but I have the company as this corporate structure for protection, liability and things. And it started off as just engineering, where I would invent products. So, the name, the Idea Studio part was I wanted to invent things, and because I had an engineering background, I could come up with ideas, build prototypes, and then go to companies and license those products to them. That way, I didn’t have to do the manufacturing myself. I didn’t have to sell things myself because I feel weird selling things. That relationship with the person I don’t like. I also don’t like taking money or taking something from somebody in a way where I feel like I owe them something back. So, this typical sales thing I didn’t enjoy, but licensing to a company who is designed to manufacture and sell things was awesome.
And did that for a couple years, and then little by little started getting pulled back into the hacker world. And I just needed a little bit of a break from that. And that really started with the Dark Tangent, so with Jeff Moss, who started Black Hat, started DEF CON. I’d given some talks at Black Hat over the years and a couple hardware hacking talks at DEF CON. And he had started doing training classes. And I think it was the second or third time where he was doing trainings, where mostly it was one or two trainings, networking, web app, whatever at the time.
We were talking once, we were at Black Hat in Tokyo together, and I remember I was lying on the floor in a green room off to the side, totally jet-lagged, we’re eating little bento boxes and he’s like, “Hey, I’m doing these trainings. Do you want to do a hardware hacking training?” That had not even crossed my mind because I don’t think in that way of how can I make money or how can I do it? It just didn’t cross my mind. He’s like, “Do you want to do one at the next Black Hat in Europe?” I’m like, “Would anybody want to hear it?” I don’t know. I’ve never taught a class. But that was the catalyst.
So, he foresaw a couple things that changed some of my direction later on. But I put together a class basically mimicking my process for hacking a piece of hardware. And that was the only thing I knew how to do because I can teach my process. I can’t teach somebody else’s process. So, I made this curriculum based on my process and taught a class at Black Hat, did it again six months later, and was only doing Black Hat trainings. I was like, “Oh, this is fun. Really hard work, but fun.”
And what ended up happening is people who had taken the class publicly at Black Hat would go back to their organization and say, “Hey, Joe, can you come and teach the rest of my team what I learned at Black Hat?” So, I started doing these private on-site trainings, which was super fun because I got to be in these different places without having to work there. So, I got to have this insight into all these different places where, for a couple of days, it was really fun to be in there, but I know that I wouldn’t be able to survive in that environment. But more importantly, I was able to share what I love to do and what I really only know how to do, but share that with people and hope that they take bits and pieces, whatever it is, given their job role, and do something with it.
And that goes all the way back to the L0pht of sharing information. If you don’t share what you know, there’s no point in learning something, I feel like, besides there is a satisfaction in solving a problem and learning. But if you keep it to yourself, there’s less of a benefit than when you share it. So, that snowballed into more and more on-site trainings. My training curriculum expanded, and now I travel a lot, and I love it. And I teach training classes about hardware hacking that is just unplanned turned into, I guess I would call it a career, but that is just the main thing I do.
Nathan Sportsman:
And I have two questions, and I am probably going to get the name wrong, but I think there’s this concept from Japanese culture called ikigai, if I remember it correctly. But it’s basically, what are you passionate about? What can have impact? What are you good at? And then for those of us that have to work and earn a living, what can you make money on? And the role of an instructor or a teacher, that’s a great way to help society, but to how you teach, I’m just curious because you can teach folks the process, but to be a hacker, to me, it’s more than just this, this, this, and this. It’s a way to think differently. You’re looking for the edge.
Joe Grand:
Yes.
Nathan Sportsman:
Is that something that can be taught to someone? Or some people will get it, some people-
Joe Grand:
Yeah, yes and no, but I totally agree. One of the first things I say anytime I teach a class, regardless of the curriculum, is, “Anybody can learn how to use a tool.” But what I try to do, and nothing I teach is groundbreaking, but what I try to do is let people know, “Here’s how an adversary might think. Here’s how a hacker might think. Here’s how an engineer might think,” depending on what angle somebody is dealing with. So, it’s definitely more about the mindset, the thought process, and then using the tools in such a way that they can then apply those outside of class.
So, if somebody is just following something that isn’t really repeatable in other situations, it doesn’t help. But if you give them something where they’re learning by doing it, then maybe that’s going to stick with them. And because people learn in different ways, I try to incorporate lecture and hands-on and really just be present in being there in person. I only do trainings in person because, for me, I love being there to answer questions. It’s way easier than typing stuff. It’s way better than a Zoom call.
And so the personal side is what I love doing. And when I’m there, I’m 100% there to help and even to learn things. I’ve been to organizations where I’m teaching about hardware hacking, but I’m learning about some other technique or some other way of thinking that I can work into stuff. And then when I’m hacking on things on my own outside of training, I get to roll those into things and teach people about that. So, it’s very just satisfying to spread this knowledge and hope that people pick up on it. And to be able to talk about things I love and share that knowledge and passion and hope somebody learns something from that and gets inspired, never in my wildest dreams had I expected that to happen.
Nathan Sportsman:
And yeah, and I hear you. It’s earning a living. Most of us have to do that, but I think one of the most noble professions is that of a teacher. And so it’s awesome that you do that.
You mentioned Dark Tangent, Jeff Moss, DEF CON. Was this also around the same time, I think it was DEF CON 16 you were starting to get involved with their badges?
Joe Grand:
Yeah, so that was DEF CON 14.
Nathan Sportsman:
14.
Joe Grand:
What ended up happening, that was also a Jeff idea, from doing the training class at Black Hat, I had designed a little custom circuit board that was in the shape of my logo, a little G-shaped thing that is essentially a CTF, but it was before, I think, even before CTF was a term. A little puzzle, so it was a little electronic system. And there’s a security mechanism in it. You basically, through the course, you analyze the components, you put together a schematic, you figure out how things communicate, you do some reverse engineering, and you do some kind of hacking, hardware hacking types of things to defeat the security to enable a game of Simon, like a memory game.
And I didn’t know at the time, I just thought it would be a fun challenge, but there is definitely this, you’re triggering something in people’s desire to solve a puzzle, even if they don’t know they want to solve it. When they defeat that security and they enable the game, it’s some dopamine thing or something. And I think that really sticks with them of, “I did that myself.” And to be able to see that happen, whether somebody’s had electronics experience or hacking experience or no experience, that’s something that clicks, and they’ll remember what they did because they did it themselves.
So, that badge, that’s like a custom shape and stuff like that, custom color. So, Jeff saw that, the Dark Tangent saw that and said, “Hey, we should do something like that for DEF CON.” Totally his idea. And he saw that hardware hacking was becoming part of hacking, where, for me, it had always been part of hacking, but for other people, network and all of that stuff is where most people knew hacking from. He’s like, “What if we do some sort of DEF CON electronic badge so we can show people electronics?” And I thought it was a great idea.
So, we sat down, came up with a simple idea, made 6,800 of them or however big DEF CON was at the time, and basically released everything. It was all open source, but released that at DEF CON. Everybody got a badge. It was a shape of the DEF CON logo with blinky eyes, two big blue LEDs that would blink, and you’d push a button and it would have different blinking patterns. There was a little debug port on there so you could connect some hardware and reprogram it. And I held a badge hacking contest. For people who wanted to, they could modify their badge in whatever way they wanted, and then come to me and I would write it down and judge it. And then at the end, somebody would win the contest, just as a way to get people more involved in hardware.
And that turned into DEF CON 14 and then 15, 16, 17, 18 of doing the electronic badge designs. And it was fun because it combined the electronics manufacturing side, which I still liked to do. I got to use the Dark Tangent’s money to do it, so I could try some techniques and some things that I might not do on my own. And then we got to think of ways of, how can we get the community to work together? So, a lot of it was trying to involve community interaction. So, we had one badge one year that was file transfer with infrared, and you had an SD card, so you could load a business card or text file or whatever and it would transfer. There was always some element of connection, which was really fun.
What ended up happening, DEF CON 18, five years of it, it was very hard to do and really stressful because you have this hard deadline of DEF CON, and everybody’s expecting something. “What’s the badge going to be?” Part of me was like, I didn’t want to compete with myself anymore of, “What can I do better?” And part of me was like, “Everybody’s expecting me to do it. I’m just going to not do it.” And most people would be like, “Are you crazy? Why would you stop doing something that is so fun? Everybody knows you from the badges,” and this and that. But for me, it stopped having that fun component to it, and having expectations from the outside put this pressure on me that I didn’t like. But it really was cool to see what came out of that, the badge life community and now electronic badges at other conferences. And I think it would’ve happened anyway because the resources became more available and making circuit boards and things. I think just became more available and making circuit boards and things. I think just the dark tangent was just a little earlier, so we were able to do it first, but it definitely would’ve happened just like at the L0pht and in any situation, if you find a vulnerability, chances are somebody else has already found it, you just might be disclosing it and somebody else isn’t. I think a lot of ideas come that way of other people might be thinking it.
Nathan Sportsman:
And ultimately carrying on. And similar to that Senate testimony, you speaking in that hearing had an impact. And so you can just draw a through line right through this. Introducing hardware hacking, the badges, those things are coveted. I mean, people hold onto those things for dear life. There’s now an IOT village or a hardware hacking village at DEF CON and now that’s just part of the culture. Another leave behind and pull through and going another route, Prototype This!, of getting folks familiar with hardware and lithium ion phosphate batteries and just all these cool videos. How did Discovery Channel come knocking? How did you get on TV?
Joe Grand:
That was amazing. That was like, “Wow, a TV show.” But I have to say, so that was happening during, I was starting to do some trainings and stuff and that came about because Make Magazine was an early maker hobbyist magazine about building things and electronics and I was on the technical advisory board for them when they first started just from being involved in the maker scene. And Discovery Channel was working on this show that was, they were kind of gearing it towards being the next MythBusters thinking, okay, MythBusters is going to run out of steam soon, we want to have this new show, but instead of testing myths, we want to have an engineering show. Build ridiculous prototypes on TV and test them.
So they had already found Zoz, who is a robotics kind of software guy, Terry, who is a special effects Hollywood machinist and then Mike North who is a material science like PhD. And they basically were asking those guys, “Who else do we need to complete this group?” And Zoz was like, “We need an electronics person so we could actually do electronics.” Then Discovery Channel reached out to Make Magazine and said, “Hey, do you know any electronics people?” Make magazine said, “You should talk to Joe along with a bunch of other people.” So they contacted me and said, “Hey, we want to interview you about, do you want to be on a TV show?”
Nathan Sportsman:
And what was your initial reaction to that? Was it like, “Heck yes.” Or “I’m not…”
Joe Grand:
No, my first reaction was like, “I don’t know about this.” And I remember telling my wife, I’m like, “Yeah, these guys want to talk to me about a TV show.” She’s like, “What? You have to do this. It would be your show. You’re one of the hosts, you got to talk to them.” But there was still this kind of post-traumatic stress of at stake and I was still trying to figure out what I wanted to do and how I was going to live a life that I was comfortable with. And I knew by that point I had a hard time taking direction. And I mean, that was obvious back in school also, but I was like, “Do I want somebody telling me what to do?” And then my wife was like, “Yeah, but you get to show what you want to show.” So I agreed and met with the production team and did a little dog and pony show with some projects I’d worked on over the years and didn’t think anything of it.
They were very much, “Hurry up, we want to film this pilot. Can you be in San Francisco on this day?” And then it just happened very quickly and it was just another thing of like, “Yeah, why not? Let’s try it.” And we definitely, the four of us as hosts, talking about finding people to work together, the casting team did a really good job of finding people that could work together. We all definitely butted heads and we were all very type A personality and we had our quirks, but it really actually worked and everybody was so skilled at what they did. There wasn’t any sort of overlap of ego, fighting for who’s going to be on camera the most and whatever. It was very well-balanced.
Nathan Sportsman:
And did they let the poor hosts, did they give you the creative license of, “We want to show this or we want to show that.” And that was up to y’all to-
Joe Grand:
Yeah, so the goal ended up really being like, we want to show engineering to the masses, just like the L0pht was showing hacking to the masses. So this was showing the engineering process from concept to prototype and testing and everything.
Nathan Sportsman:
So 13 episodes total, which one was your favorite and why?
Joe Grand:
All of them. All of them were. I mean, every single one was a challenge engineering wise, logistically, filming wise. And I feel like I just found the thing that I’m most comfortable doing, which is being on stage or in front of a camera as opposed to having to communicate with people outside of that environment. I didn’t know why that was the case, but I just found my niche and that’s sort of the teaching, public speaking TV videos, that became everything. I really miss doing that show. It was very special.
Nathan Sportsman:
And through all of this, and I know some of this overlaps, some of it’s sequential, some of it’s parallelized, but the training, the DEF CON badges, you’re doing a show, I think in 2009, it was a smart meter hacking kind of in the background. Even when you’re doing engineering stuff to teach people the engineering process, you’re also making sure that you’re not letting go of the hacker mindset and also doing stuff on the side with these other… Is that true? And then how do you find the time to do all of that?
Joe Grand:
Everything was dictated on how I feel and that is dictated on what happened in my past. When Prototype This! was happening, I was doing DEF CON Talks, doing Black Hat trainings. I wasn’t doing private on-site trainings yet, so it would be like once or twice a year I would take a break to do a training. Zoz and I gave some talks at DEF CON. We built some projects. I wasn’t doing, engineering any sort of product development outside of that at the time. But yeah, I, was like, I was working a lot. I didn’t have kids.
I’m amazed that my wife even remembers who I am and stayed with me because the way that I am, I get very involved in things and it was, I had a lot of energy to spend on things. And Prototype This!, we’d film all day. Sometimes we’d sleep at the warehouse and film more. I’d come home, I’d work in a project. It probably wasn’t healthy, but it kept me going. And it was all these different things where now I look back at that and I’m like, I needed some more balance there. But at the time it was just all things that I love to do and I had nothing better to do anyway. It’s just what I did.
Nathan Sportsman:
And I know we’re slightly skipping ahead because there’s books you’ve written and just your life experience is quite big, but the Trezor One hardware wallet, did that just start as an outlet and I’m doing this stuff and hey, I’ll just take a camera to it, and-
Joe Grand:
So basically what had happened in between Prototype This!, when that show ended and some of these newer videos I came out with, I was doing trainings, DEF CON talks, building projects, making some videos. I got an email from Wired Magazine who was like, “Hey, we’re doing a series of kind of maker, engineering videos.” And I was like, “Ooh, this is kind of Prototype This!. I can make a video.” But I don’t want to film my own videos. A lot of the stuff I’d been doing up to that point, I had my own phone. I would just film it in my office, bad audio, bad video. The point was to get the information out there and show a project and stuff. But with Wired, I thought maybe this could be cool, get a professional crew in and do some things. What basically happened is they came in for one day to do some intro filming and then left me with some setups of cameras and I got to design a project in a couple of weeks and then they came for the finale at the end.
So it was a little bit of getting that feeling of Prototype This! again. And this was an engineering project that was called the Pizza Compass we called it. And it basically was a device with a set of a circle of RGB LEDs and you’d push the button anywhere you are in the world and it would tell you where the nearest pizza place was and you’d follow it on the compass. So like a silly project, it was engineering focused. And then I got another email a couple months after that, “Hey, I’m locked out of my Trezor One hardware wallet. Can you help me? It has $2 million on it.”
Nathan Sportsman:
Someone just emailed that to you?
Joe Grand:
Emailed out of the blue. And it turns out that he had found me just by doing some Google searching of hacking, hardware hacking or something, and my name came up. I wasn’t paying attention to cryptocurrency, it wasn’t on my radar. So I started looking into it and realized, “Oh, some friends of mine had actually hacked the Trezor One, or at least proven that it could be hacked.” Not necessarily in a reliable, repeatable way, but they showed it could be done. So I was like, “Oh, how hard could it be to just replicate their work and then help this guy?”
And that started down this path of three months of research and experimentation. And for me, the motivation was not the money that he was going to get, it was, now I have an excuse to learn a new technique, which was called fault injection, which I had known about and had even spoken about a little bit, but never fully experienced on my own. And my wife helped me a lot because I’d be struggling with something and she’d help me even though she’s not technical. And then it was her idea of, “You should be filming this.”
Nathan Sportsman:
I guess they shipped the wallet to you and have to insure it. And then like-
Joe Grand:
He wanted to come in person and basically the stipulation was I had to prove that I could do it with four different devices before he would fly from New Jersey to Portland and come to my house. And that was okay. Having a guy, we’d checked him out, we’d talked, we had a good rapport, he was totally legitimate. And I eventually figured it out good enough that I was confident it was going to work, somewhat confident because when you’re hacking, you never really know, especially with hardware and especially with fault injection where you’re basically Intentionally causing problems to happen on a device. At the time I thought it was good to go. He flies in with the device and we had a little film crew there. One of my friends directed the production remotely.
Nathan Sportsman:
And just for the framing, so if anyone not technical watches this, but he has the wallet and what, he’s lost, his pin or password?
Joe Grand:
Yes. So this particular device has a pin that you can set. It’s like four digits, at that point it was four digits to nine digits, but there was a limit of how many times you could guess the pin. So he needed help to defeat that. So he came, we filmed it and it did end up being successful and we did it live, filmed it live. It was thinking back on it, a super risky thing to do. So I was really lucky that it actually worked. But we filmed it, made a video, it was amazing and did not expect the response of what happened. Because of the skill of the producers and the camera people and everything, they told a story that really resonated with people above and beyond the technical part. But so many people reached out that we ended up starting kind of I guess a side business.
Nathan Sportsman:
offspec, right?
Joe Grand:
offspec.io that does sort of wallet hacking and recovery because it turns out there are hundreds and hundreds and hundreds of people that need help in some way with cryptocurrency. But what came out of the technical side of hacking the Trezor is I wasn’t really happy with the approach and I felt like there was something else that could be done better. So that hacker mind set of mind couldn’t let it go. And I’m like, I’m going to keep poking at it, sort of like this adversary. I know I can get more out of it. And that ended up being now a three-year effort in trying to refine and revise and make an attack better than it was previously.
Nathan Sportsman:
But I know some people will trade ETFs, some people will buy on exchanges. There’s been all kinds of stuff. And so some of the more hardcore people will keep this on these hardware modules with them. We don’t have to get into vendors and names, but is any of it secure?
Joe Grand:
Is anything secure?
Nathan Sportsman:
Okay.
Joe Grand:
Yeah. I mean, really it all comes down to physical security of protecting your private key of the cryptography of the cryptocurrency regardless of the technology that you use. So yeah, definitely I remain vendor neutral just like I did at the L0pht. I play no favorites and I won’t recommend anything. Some things maybe currently are more secure than others, but that could change in the blink of an eye. Somebody finds a vulnerability, all of a sudden things are vulnerable.
Nathan Sportsman:
So now you’re in movies. We were driving by last night and you mentioned that, I know we need to make sure that when this airs, it’s after that movie comes out. You’re under wraps right now and you’re actually in the movie. Is that right? Can you tell us a little bit about that?
Joe Grand:
I do want to mention also, so with the work that we’re doing with the cryptocurrency wall, it’s like even if we don’t make a video, my goal is to release all of the information. But because of that work and that video going viral, this movie thing happened and not directly the directors of this movie, they were writing some other script that turned into this cryptocurrency heist thriller movie. And they had seen one of my wallet hacking videos, probably the Trezor video, and they wrote a part in the movie for me not thinking that I would actually agree to do it. So they wrote the part in and they’re like, Joe is not going to respond to this email, but I got this email that was like, “Hey, I’m working on this movie. We’d love to have you involved. Are you interested?” And that one didn’t require any thought. I was like, “Why not?” It’s another opportunity to do something fun in a slightly different world than television, but I understand how the sausage is made now, so I know what to expect. I know the process. I thought it was super fun.
But they sent me the script and I was like, “This is not going to work. You have to make sure that the technical aspects of the cryptocurrency that you’re dealing with, it has to be correct because if you’re targeting cryptocurrency enthusiasts, they’re going to rip you apart.” So I basically, even without them asking, just redlined everything and then ended up working with some of the actors to explain to them certain things and then had this role. Basically it’s a fictionalized version of me doing what I do just as somebody else with a different name. But I’m actually credited in the movie as Mike Million is my role. And it was super fun. It was a fun experience to meet with, to see actual professional actors and watch them do their trade and do their craft was just, even coming from someone, I know I make a lot of mistakes if I’m filming something and tons of editing and everything and I can’t memorize things or anything like that, I’ll just say stuff.
But to see professionals do their thing, it’s like watching a guitarist shred on something. You’re like, “How do they do that?” Or watching anybody that’s really good at what they do, seeing these actors do what they love to do was just so fun and very inspiring and also like, “Wow, that’s really hard.” And had a great time filming. And that movie actually screened at South by Southwest in 2024, so recently. And so we were driving by the cinema and I’m like, “That’s where the movie screened.” February 28th is the date. I just found out that it will be coming out in select theaters. I don’t know where those are going to be and streaming. So it’s going to be available to the world to see.
It’s an exciting movie. You’re not going to build new brain cells by watching it, but it’s exciting and fun and a lot of little elements of fun things that if you pay attention, you’ll catch a lot of hidden callbacks to the hacker scene and to the cryptocurrency world. And yeah, it’s very cool. I’m not going to give anything away, but very fun and just another one of these experiences of unexpected, but it just felt like a fun thing to try and scratched that itch of working, even as short as it was, of working with people doing something creative was really fun.
Nathan Sportsman:
It’s so cool. Katie and I will go see it. I’m sure we’ll all go see it. Cold Wallet is the name of the movie.
Joe Grand:
Yes.
Nathan Sportsman:
So kind similar to what we talked about at stake looking afar, it’s very different than being up close. And so from afar, anyone that looks at everything that you accomplish, it’s just accomplishment, accomplishment, accomplishment. But in some of your more recent interviews that I studied, you’ve been more open about your discovery that you’re on the spectrum, discovery with dealing with depression and mental health. Can we just talk about that a little bit and how that has shaped your narrative now looking back, but also dealing with those challenges and kind of the struggle that goes in all of that that you’ve done?
Joe Grand:
Yeah, for sure. I mean, that has been a recent discovery only the past couple months when I was diagnosed with autism spectrum disorder and with depression. And I’ve always known that I was different. And I think that’s obvious in my past of how I was causing trouble and looking for things and how I dealt with human interactions and with adult interactions in particular, and authority interactions. But I didn’t know why. And for a lot of time I was just angry at the world. I knew I didn’t fit, but I didn’t know why and I blamed myself for it. And even though I was still accomplishing things, I was still doing things, the outward appearance that people see is not the inward appearance that I feel.
And it was something that really my wife noticed. I think mental health and mental health struggles in particular in the hacker community, in the cybersecurity community is very high. And I’m sure in lots of other areas also, but especially in ours. And when you’re surrounded by your own types of people, neurodiverse people, that’s where I felt like I fit the most. Even though even at DEF CON, I didn’t always feel like I fit in. I was on stage designing the badge, I still didn’t always feel like I fit, but that was the closest place.
But I would look around and see other people and be like, “Why don’t I feel that way?” But in our world, because we’re all surrounded by each other, I didn’t really think about why I had acted a certain way, why I feel a certain way. And it wasn’t until I met my now wife, she could see, she’s not technical, so she could see me and my friends associate and she’d come to conferences and hang out. And she’s the one that noticed you guys are all very different because she comes from a very, I wouldn’t say normal environment, but not as neurodiverse a different set of circumstances. She’s like, “You guys are all super brilliant, really driven, but there’s something different from your group.” I’m like, “Really?” So that kind of started this thought process. When I started meditating during COVID, I knew that I needed to do something. I knew there was something, I’ll say something wrong with me, and I felt like there was something wrong with me always, but I didn’t know what to do.
And I thought meditation, I’d always been toying with the idea just to kind of calm my brain down. But that didn’t always help. But it made a difference of getting a routine. And my wife wrote a book, which really is what kicked off everything. And this book was called Troublemakers and Superpowers, and it was written for our first kid who is now 16, and she started writing it when he was maybe eight or something. It was a biography book, talking about different types of people that had different struggles, whether it was mental health related or abuse, trauma related, and how they were able to overcome those. Once they recognize them, how they could overcome those, or at least use them in some way or acknowledge them in some way. Because some issues you can’t overcome, but you can acknowledge them and you can use that hopefully to your advantage, not always. But just as a way to try to get kids to be able to relate to somebody in case they’re feeling a certain way, because one of my kids has OCD.
And for him it was helpful to see other people also are like that. I was in that book, every other chapter in her book had a resolution of, this person was diagnosed with this, or they had some trauma that they uncovered and this and that. And mine just sort of ended with some of the story that we talked about, but it was like, “What? What’s next? What happened? What’s going on?” And when she wrote that, we realized, “Wait, we should figure out what the hell is wrong with me.” And I sort of took it as this hacker curiosity of I want to explore, not a product, but myself. I want to know why do I feel this way? Why all of these things that nobody knows about from an outside view. So I did the whole analysis process, which I thought was fascinating because you’re taking tests and doing puzzles and this and that to figure out what was going on. And my wife had thought that I was autistic, but didn’t really say it and unknowingly, I think had made accommodations over the years to deal with that.
But I went through this process and loved it. Pretty much immediately, the people doing the testing, they could tell that I was on the spectrum without even really just seeing some of my behaviors and things, but it was fascinating. And I got these results back and it had said autism spectrum disorder and depression. And it was things that the autism, I definitely didn’t know. The depression I knew because I think the anger and the roller coaster that I was having, and a lot of my pushing back on things was related to that. But it was like, to have a name for what I was feeling and to then look back at my past and start to realize, not that everything is based on this diagnosis, but a lot of things make a lot of sense. And it’s like, “Oh, I’m not just an asshole, there’s a reason I think this way. There’s a reason I don’t have empathy. There’s a reason I don’t fit in. There’s a reason that I gravitated towards punk rock where all the outcasts go.”
But even within that area, I was like, “I don’t have tattoos. I don’t have a mohawk. I don’t dress the same way.” I still didn’t feel like I fit in, but I knew that that was the right place to be because that’s where all the weirdos went. I just didn’t know why. And once I realized this diagnosis, it really helped me. And I mean, it’s so recent that I’m still figuring it all out, but it is really making a lot of sense. And with everything, there’s a positive and a negative. And a lot of times with neurodiverse people, you have significant strengths and significant weaknesses. I think the strengths of mine are the overt strengths that people see. So I just happened to like being in front of the camera and teaching and doing things that actually make a lot of sense. As for me as an autistic person, because I’m in control, I get to say things and I get to share things, and it just works.
As opposed to if I’m at a cocktail party or whatever, I’d never go to a cocktail party. But something like that of having to socialize. But it’s been very eye-opening and it’s something where, so the positives are things that people can see. And as a high functioning person, not diagnosed as a kid, it’s much different. And adults that are diagnosed later, we have our survival mechanisms or we’ve been able to mirror things to get by. But it has been a struggle. And the negative sides are things that people don’t see, but they, I wouldn’t say are completely debilitating, but they’re, they’re not healthy as far as some people might say, “Oh, you’re so focused on projects, that’s great.” And it’s like, “yeah, but I am so fixated on that, I’m not seeing my family. I’m not getting out of my chair. I’m not exercising. I’m not helping my mental health, I’m not helping my body.” There is this constant struggle. And being aware of that now has just completely changed my perspective of everything.
Nathan Sportsman:
And like you said, when you learn something about yourself and like you said, putting a name to it or finally having an explanation in and of itself on that, there’s relief. You also mentioned splinter skills, sort of strengths and stretches. And clearly one of your strengths is this sort of hacker’s mindset. Now that you’ve become aware, and we do it previously, but we don’t know what we’re doing until, a technique is masking and you don’t understand what you’re doing, but now that you understand the condition, you understand that technique. Have you gotten to a point now that you’re a few months in where you’re basically getting to brain hacking and starting to think about, here are various things where, “Oh, okay, I can see that’s depression coming on.” Or, “I can see this.” And new ways to cope with it, because now you know what you’re dealing with.
Joe Grand:
Yeah, I’m not quite there. I’m able to better recognize what’s happening. But even thinking about the mirroring, I smile a lot and people are like, “Oh, Joe’s so happy.” But that is not normal it turns out. And that is mirroring. And I think a lot of what I learned at the L0pht of how to carry myself and how to share information, that was also mirroring. So I haven’t really come to the, we’re still digging and understanding and finding things that I’m lacking to work on and understanding. It’s a hacking project. It’s just another thing that I’m curious about now, which is in my brain. It’s something that I feel like more and more people are talking about and it’s important.
Nathan Sportsman:
And folks need to see an analog. They need to see a story. And coming back to your wife’s book, Cameron, she was diagnosed at a very early age, and so we’re not sure how things are going to turn out, but we were trying to figure out how to tell her. And ultimately, we used a Sesame Street episode where there was a person that had autism and kind of talked about it, and she got it, this person’s different. So coming back to your wife’s book where you’re helping people understand through storytelling, is your wife’s book, is it available? Can-
Joe Grand:
Yes. Yeah, it’s available on Amazon. It’s actual published book through a publisher and everything.
Nathan Sportsman:
And can you say the name?
Joe Grand:
Yeah, it’s Troublemakers and Superpowers.
Nathan Sportsman:
Troublemakers and Superpowers.
Joe Grand:
Yeah. It’s definitely been interesting and it is going to be, it’s a lifelong journey to study and understand and cope with and deal with. And some days are better than other days. But I mean, it’s the reality of things and it’s understanding, how can I accommodate myself and still support my family and have good mental health, like hygiene? And just understand more about that just like you would understand a piece of code or understand a piece of hardware. There’s nothing wrong with understanding yourself.
Nathan Sportsman:
And so for your story, you mentioned that it sort of stopped and now you’ve had kind of this revelation and you mentioned people looking up to you and the hardware hackers from yesterday, and they were all super excited to talk to you. So for you, now that you’ve started to come to understand autism, looking back, whether you’re 15, 16, 18, but if there’s someone that would be watching and listening to you, what advice would you give them through giving advice to your younger self?
Joe Grand:
It’s going to be okay.
Nathan Sportsman:
Joe Grand, thank you so much for coming, man.
Joe Grand:
Thank you. Thanks for having me.
Enter your email address to be notified whenever there’s a new episode.
Privacy Policy | Terms of Use | Copyright © 2025. All Rights Reserved.