Episode Transcript
[00:00:00] Speaker A: Scott, welcome aboard to the show. I'm so happy to talk to you today.
[00:00:04] Speaker B: Yeah. Delight to be with you here. All right.
[00:00:06] Speaker A: I don't know if, I don't know if you noticed, but I almost didn't let you respond because I'm so excited to ask the first question. I am. I definitely am. Your. The name of your book Hacked Again. I can almost hear the tone of it. Hacked Again. Like how I just love that name because it is such a reflection of reality. Yeah, talk to us about the book a little bit.
[00:00:27] Speaker B: Yeah, absolutely, absolutely. Well, a number of years ago, running a company here, delving into security, and I have to kind of almost back up just a little bit to kind of set the stage where we're a development company doing R and D, really wireless test tools. We started probably especially mid to late 80s, developing the first cellular based test tools so you could build out cell towers. So we learned a lot of the flaws and vulnerabilities in phones, which got us into the education process and teaching people so on and so forth, which put a target on my back. The more I talked, the more I educated people about just security in general, phone security, the bad guys started going after me. And, well, as the story goes, I got hacked. It started out simple. It was somebody, you know, took over our Twitter account, had a credit card compromise for the business, then the debit card, then myself personally credit and debit, and then repeated DDoS attacks. And it just got worse and worse. Finally, we had $65,000 stolen out of our checking account.
Became major federal investigation.
Embarrassing as anything because again, here we are building up a brand and reputation over decades that we're helping people with security and providing tools. And here we are, the victim of being hacked. And again, this was all before these headlines all read about hacking in the days of target and so on, so forth. Any event, I was doing an interview in New York City. I remember it fondly. It was a Bloomberg. I came off and sat down to just unwind and I got a phone call on my phone, my mobile phone. It's not a listed number. Not many people knew it. And it was the Associated Press. And they said they were doing a story on businesses that were getting attacked by cyber criminals and suffered. And I said, how did you hear about this? How'd you get my number? And they're like, well, don't worry about that. But, you know, is it true? And would you go on the record? And I was like, very hesitant. And I said, well, I guess I said, but I, you know, I Made some mistakes. I learned from those lessons. And if you let me tell the story and I could share some of my misfortunes and mistakes, so maybe it'll help other people. All right, I'll do it. And hence I did it. And then after the story kind of broke, got a lot of attention, a lot of people started saying, geez, you should write that down, man. Put it in a blog. Why don't you write a book? And I was like, well, yeah, I'm not a writer. I'm running technology geek. I'm not. I don't have the. The skill with words and things like that. It'd be a big project anyway. People push, push, push. I finally said, all right, forget it. Let me start writing and see how bad this really sounds. And yeah, it was pretty bad.
[00:03:10] Speaker A: And thank you for your humility there.
[00:03:13] Speaker B: I appreciate it. I'm not a writer.
And I. I learned something that admittedly, I'll share a short story. When I was in college, I. I remember this goes back a number of years. I majored in computer sc. Computer geek. I did decide to take a creative writing course because I was such a bad writer.
[00:03:29] Speaker A: Oh, wonderful.
[00:03:30] Speaker B: Bad speller. Everything else. I went there, I showed up in the class, and it was a sea of women. There must have been about 30 women in the class. An older professor.
[00:03:38] Speaker A: Did you rethink your choices of computer science?
[00:03:41] Speaker B: Yeah.
So I walk in and they just got brand new computers. And the professor was almost ready to retire. He was a great writer. And he came up to me and he says, do you know anything about computers? I said, yeah, I'm a computer science major. He goes, great. He goes, do you know how to write? I said, I don't know anything about writing. He goes, I tell you what, I'll make you a deal. If you help the girls along with the computers and help me, you're going to ace this course. I'll teach you how to write a little bit. Okay? And I said, fair deal. And sure enough. So that helped me a little bit, I guess, But I'm still not a great writer. I think I'm working on it.
[00:04:16] Speaker A: Unless it's code, that's a whole different topic.
[00:04:18] Speaker B: Exactly. Yeah. So any of it.
[00:04:19] Speaker A: Is that where you found your wife, by the way, or.
[00:04:21] Speaker B: No, no, no, I did not. Did not. A number of years later, after I graduated college, that then. Then I met her and.
But I guess the process of learning a little bit about writing, I tried to apply. It took about two years to write. Hacked again. And I tried to just In a sense, do somewhat of a brain dump on what actually happened, the mistakes I made, so on and so forth. And the good news is my younger brother, three years younger, he's a partner in the business also, I could bounce chapters off him. And he's a good writer and he's gifted. And I learned a very powerful lesson. Sometimes if you can get your what's up here to paper, but then put it in front of somebody that's much more gifted than you, they can clean up your, you know, a wordsmith and fix the problems and the flow and things. Now, I'm not talking about artificial intelligence. A lot of people try to write books like that. I think that's a mistake because you really want to have the human aspect and the storytelling. Because if you can do that, then I think you can reach people's hearts, motivate them, or share or teach better than just a cold, hard approach to things. So I try to think that I'm sharing my experiences, good or bad, when I'm. When I'm writing a book and hence hacked again, did that. And to my surprise, I got a lot of people that said, I love this book. I enjoy this. I learned something. Hey, I'm going to go back to my computer and create a strong password or this multifactor authentication thing that I never heard about. I'm going to learn about it and start using it or whatever. Not going to reuse the same passwords over and over. So some of the things I think that I challenged myself, I share in the book that it's cool to see people adopting it, and then they almost make a connection with you as the author, and next thing you know, they're telling other people, you got to talk to this guy, go buy his book. Because I learned something. And I think the nice part about my father taught me this years ago.
Sometimes the best salesman is not a salesperson in your company or you. It's the customer. The person that buys your book, the person that buys your product, if they love it and you did your job right, let them now go out and sell it. And I said, that's kind of cool. And it works.
[00:06:31] Speaker A: Absolutely.
Okay, this is a little bit of a tangent.
You said, AI writing. I'm rephrasing is evil.
I will make a stronger argument. I would argue that there. That it's plagiarism. Right?
[00:06:49] Speaker B: Okay.
[00:06:49] Speaker A: Yeah, Right.
[00:06:50] Speaker B: I think that's a fair statement in certain contexts. Yeah.
[00:06:53] Speaker A: Okay, perfect. So let's dive into that now. I'm going to go here down a rabbit Hole Why certain contexts? When is AI writing okay? When is it not okay? Is there a way to use it properly with out being plagiarism, even though the laws don't define it of plagiarism? As always legislators, it takes them time to catch up.
What is your perspective here on AI and the creative?
[00:07:21] Speaker B: Yeah, I guess my perspective and maybe again it's a little askew, but I'll align it to what I use it for. And this is when I'm using it to sell something.
I think it has to be authentic from me, my words, if I'm using it as a support or educational purposes. For example, we have manuals and oftentimes I'll get a use case for one of our products and I'll say, you know what would be really nice is providing a customer with more in depth technology and understanding and applying it to this use case. And I'll go out onto AI and it will write this beautiful description of the use case and how the product can be used together. And I say, you know what? That's done better than I could. And I'm an expert with the product and I understand the customer, but it goes out on the Internet and all these other places and pulls in this information. And I'm not selling that. I'm really selling the knowledge base with, you know, supporting the product. I think, and I think that's okay.
[00:08:25] Speaker A: Here's the story. I take a whole bunch of water heater manuals, upload it to, to an AI and what happened is that I had four technicians come, nobody fixes the problem. I upload all the manuals, I describe all the symptoms of my water heater. The AI comes back and says, you have an issue with your gas pressure.
Not one of the technicians told me they even measured the gas pressure, right.
And when the guy from Accel Energy came, he measured the gas pressure outside and he said, no problem with the gas pressure.
No problem. I utilize my negotiation skills. I tell him the whole sub story and it's true. I was without hot water for a month and I say, look like this is a weird thing.
It turns off like after 5 to 45 minutes, just shuts down. I think there's an issue here that is intermittent. It's not gas pressure related. It just happens once in a blue moon. So if you would be so kind, replace everything.
I gave him coffee. I was super nice, I usually am.
He's like, you know what? I'll do it. Like there's nothing. I can't justify this, but I'm Going to do this. He goes away, nobody else comes. Everything's working.
So four technicians actually looking at the water heater, one Xcel Energy Gas, outside technician looking at it, saying, ari, everything's fine. And yet AI was right.
[00:09:57] Speaker B: Yeah.
[00:09:58] Speaker A: So I gotta say, look, these incredibly complex systems, you know, there's something about them that AI can kind of troubleshoot and figure out and read thousands of manuals. While for human beings, you're using your social psychology, you're biased on things that have happened to you, the thing that happened to you recently, all that, it's just absolutely crazy. So I really appreciate your point.
[00:10:22] Speaker B: Yeah. And I think also, and I'm not saying this is the case, but it could be. When you have a technician come in, what's their motive?
[00:10:31] Speaker A: Yes.
[00:10:32] Speaker B: Is it to repair your water heater? Is it to sell you a new water heater? Is it just to build charges? Is it to get away from another job? We don't know. But sometimes I found that. And I've seen similar things, even with my broadband connection. And I'll take the tools out and I'll make the measurements and this and that, and I'll explain it to them. And they're like, oh, sir, you don't understand this. Let me explain. They go on and on. I let them go on their tangent and I said, well, no, I'm actually. I'm in the industry. I understand what the throughput is, but actually this is the actual throughput. And this is actually the. And you explain. And they're like, oh, I'm not sure what you're talking about, sir, because their script is now at the end. So artificial intelligence is extremely powerful. The other thing I wonder if, and I don't know enough about it, does it also use videos that are out there? I was always curious. When I have something, I go to YouTube and I sort through, you know, the 10 or 20 videos and find the one guy or girl that actually knows what they're talking about. So I can now open up my. Whatever, you know, my wolf oven and fix the little part on it because bad that the guy says, oh, I could fix it at $600.
And I said, that's ridiculous. It's probably something. I watched the video and it was like a $20 part and I fixed it.
[00:11:45] Speaker A: Not yet. So. So I. I so happened to be, you know, in the space a few years ago, I was the product leader, the technology, and I was looking for this. I was like, I need this because I want to integrate this into my product. That's not Available yet?
[00:11:58] Speaker B: Not yet.
[00:11:59] Speaker A: Okay. It's, it's a computing, it's a computing issue. It's not that it's impossible. What the only thing they're doing today is they're taking, they're transcribing the text of the video and then they're turning that into text and then the text they're running through AI. Totally possible. That's done today.
But actually using the video, the images in the video, the intonation of the person speaking, it's not to that level yet, but it's going to get there for sure.
[00:12:22] Speaker B: Yeah.
[00:12:23] Speaker A: I think there's a huge thing in the future of kind of analyzing videos at a real human level. That's going to be a game changer.
[00:12:30] Speaker B: Oh, it's got to be. That takes things to another level, I think, and I always ask myself, perhaps we're seeing just the emergence of AI and some of the applications. I think people think it's here and that everything's here already. I'm like, no, no, no. This is the start.
I bring in now, you know, quantum computing and other things and you parallel those things for good or for bad. It depends on which side you are. Some amazing things can really start to happen.
[00:12:57] Speaker A: Amazing or terrifying?
[00:12:59] Speaker B: Amazingly terrifying.
[00:13:02] Speaker A: I know quantum computing scares the shit out of me because a lot of our, a lot of our basics of society are based on, and I'm going to kick out here, so I apologize. They're based on mathematical equations, so to speak, which are unsolvable. But when we say unsolvable, really we mean it takes X amount of time to solve them.
The second you bring in quantum computing, that's no longer true. So you're undoing some fundamental math truths using quantum computing. What that means is things start to break down. This is way worse than what we thought about, you know, the Bug 2000. Right. It's a way worse scenario.
You know, I'm sure government has this and they're using it and that's how they're looking at some of our messages. But from a perspective of, you know, your general hacker organized crime, I don't know how many of them have quantum computers.
[00:13:51] Speaker B: I don't think any of them right now. Although some of the larger criminal organizations are starting to amass some, some deep war chests where they could start investing in technology and developing some pretty good tools for hacking. It's getting impressive, but I don't think they're fully implementing it. I mean, I've played around with AI and said, hey, write a phishing email or write this Script or little things toying around to see how that world does it. And it does help. There are some really good things that are out there to again, if you wanted to be a hacker or bad guy, AI can help you get there.
[00:14:31] Speaker A: Have you heard about the dark AIs, basically the hacking versions of them?
[00:14:35] Speaker B: Yeah. That's kind of. It's scary, but cool. I think from the techie perspective. It's a scary world out there though.
[00:14:43] Speaker A: It's absolutely horrifying. I mean the phishing, I haven't yet seen the hyper personalized AI based phishing. Right. The ones that are looking at your LinkedIn, your social media and is crafting a highly unique phishing attack just for you. I haven't seen that yet.
[00:14:58] Speaker B: I've been getting some of them recently.
[00:15:00] Speaker A: Really?
[00:15:01] Speaker B: And I'm reading it and a couple of them I had to like back up from and I'm like, dear Scott and. But you start reading it and it talks all about the company, the history, the products, the successes we have. And honestly, it does this out on the world of the Internet. Probably from stories and interviews from great, you know, podcasts like this. It pulls little bits and pieces and sound bites, but it puts it together where it flows like a person wrote it. And I said, that actually sounds convincing. Wow. Or I'm very naive, I don't know which.
[00:15:35] Speaker A: Look, we're both self proclaimed king of the lemurs, right? Quote Madagascar on security.
But if that same experience happened to me and if we are like, hold on, is this real? And it takes us a minute, security experts needing a minute to figure out if something is phishing, man, that bodes very, you know, you know, badly for the rest of the world.
[00:15:58] Speaker B: Yeah. I sometimes think of it as.
And people always ask me, well, how secure is this house? And I always say nothing is 100% secure. It doesn't matter how much money you have or knowledge to get it right and protect things every single time, it's just not going to happen. To find one little vulnerability and exploit it.
It's kind of easy for the hackers. They've got a lot of advantages and I think the reason they have such success now is they've got a whole ecosystem that allows you, allows them to protect their anonymity.
[00:16:35] Speaker A: Yes.
[00:16:35] Speaker B: And I always relate that to like when you go, if I was a bank robber, I go into the bank, I got maybe a mask or you know, a gun, there's fingerprints, there's voice, there's cameras, the bag blows up in your face. The getaway car Outside, there's all these things to capture and catch you. Now, if I'm sitting in my pajamas anywhere in the world on a computer and I'm using a good VPN and the tour on the Dark Web and I'm using some crypto and I move it around, I can buy half the stuff and the other half of the stuff I could fake. Probably not going to easily catch me. It's really hard and it's going to cost a lot of money.
[00:17:16] Speaker A: And hold on, that's such. This is a point that I think people don't talk about enough. It's not about if you can be caught. It's about what's the cost to catch.
[00:17:26] Speaker B: Exactly.
[00:17:27] Speaker A: And it's about what's the cost to hack you. And at the end of the day, it's a supply and demand equation. It's really about profitability. What is the profitability to hack person X?
[00:17:39] Speaker B: Yeah.
[00:17:39] Speaker A: And if it's cheap, guess what? It's going to happen. And if it's more expensive than it's worth, maybe you're going to be one of the last people to get hacked. Even though you can be hacked, you won't. This is such an important point. You're just saying it as if it's trivial. But I just wanted to stop and showcase what you're saying. Here it is about the cost.
[00:17:59] Speaker B: Yeah, Yeah. I think it does connect. Interesting. And what I think helped me understand and formulate that a little bit a number of years ago. I speak almost every year. Espionage Research International. It's a group that comes together in D.C. and shares tips and things in the world of espionage from around the world. A great group there. But any event, one of the speakers was a senior guy and it was the Cyber Crime Task force with the FBI. And he shared the top 10 cybercriminals and how they caught them. And he took it through. And you got to visualize and see it in the process and the cost. And your head's like spinning. And it was interesting out of all 10 of them, at the end of the day. And this was kind of how he closed it out. He goes, what we've learned is the best way to catch cyber criminals is to go on social media, because they all got these big egos and we're spending bazillions of dollars with all this technology trying to capture them and decrypt this and everything under the sun. Because sometimes just create a Persona on social media, follow them, collect information, and once they start bragging about how much they got or who they fooled, we move in and nail them. And all 10 of them, it was the ego that got them busted. So they had, they say there's, I forget how many agents actively each day have social media accounts, but it was hundreds that are sitting there, you know, pretending to be somebody else, luring in these, these criminals. And it really does work. And I wonder why. Are criminals that dumb? Or is the ego that much more important than successful criminal empire?
[00:19:42] Speaker A: The human condition, Crazy world. Look, there's a.
So, so I went to University of Chicago, the business school, and I had a very simple question to kind of make judgment about a person. And the question was, how much money is enough money?
[00:19:59] Speaker B: Yeah.
[00:20:01] Speaker A: And overwhelmingly, you know, more than, you know, 90 something percent said there is no limit. Like there is no number that is enough money for me.
The few that said that gave me a number. I was like, okay, let's be friends. But my point is there is no number that is enough when it comes to money.
But the rest of it is really about, you know, inflating yourself.
And you know, it's no surprise. I think that's really what you're describing is the human condition. And it's most basic, most basic form.
[00:20:34] Speaker B: It is true. And I say probably all of us, whether we admit it or not, are somewhat guilty. Everybody likes to be looked upon in a positive light, have a level of influence or believability or they're a good citizen, whatever it is, you know, you want good things to be associated to your name.
[00:20:54] Speaker A: Yes.
[00:20:55] Speaker B: And yet money is probably the least important thing yet. It's the most sought after. It's kind of a backwards thing going on in the world. It's rather funny. And you're right though. If somebody had to say, hey, what's enough money?
How much do you need to be happier, content? It is a tough question to answer for many people. If you got a roof over your head, your family's taken care of, you're happy, that should be enough. If you're helping other people, that should be enough, I'll tell you that.
[00:21:28] Speaker A: You know, your book is how you got scammed or hacked. I got, I. My scam cost me $200,000.
And it's an MBA government indoors supported scam is what I call it. And you know what's funny? The most valuable course in my MBA wasn't a business course, it was the social psychology course. That's the only one. And it's like it was a side thing, right? It was like two courses out of the whole thing. That's the only one I felt gave me value. So at the end of the day there was more value in reading the book. Thinking fast and slow. Daniel Kunaman, Amos Tversky, very, very important book about social psychology than the whole degree. And I could have done that on my own without paying turn thousand books dollars. So I'll say I got scammed too big time.
I'll tell you a short side story. I'm forcing my 10 year old daughter to read that book and I'm quizzing her every week. So just by that I think I'm giving her the MBA's value from that perspective.
[00:22:31] Speaker B: I do think the psychology aspect of things in certain niches, even in the world of cybersecurity, I've grown fascinated with. As I spoke to other well respected individual. I think of Kevin Mitnick. You may have heard of the world's most famous hacker or whatever. I had the privilege of speaking at a couple conferences and things. And I remember after one I was like, oh, it was great. We chatted, he spoke, I spoke. It'd be nice to talk with him. And we got invited to a little after dinner party and there was a bar and I walk over, sit down, have a beer and who sits down next to me? Kevin. So we got to chat for a couple hours and just to hear his antics and stories. I thought it was very fascinating because it's one thing when you read his books or see somebody speak. When you're actually hearing them one on one and hearing real life stories, you get to know the person. It's kind of exciting. It was a lot of fun. Social engineering, I think is a fascinating aspect of the world of cybersecurity and how people can really dupe people based upon just understanding other humans and their vulnerabilities and weaknesses.
[00:23:42] Speaker A: Yeah, that's such an important point. I mean, I think everybody needs to learn economics. Supply and demand, profits, I think interest rates. And then other thing everybody needs to learn is read that book thinking fast and slow. Which is basically the psychological biases that make us make bad decisions. And I'll say something which maybe is outrageous, but I think racism is hugely a byproduct of these social. These psychologies that Daniel Kueneman talks about.
And there's a few that I can point to. So I think it's such a fundamental thing that we don't understand yet. There's so much research about it. So I, I would totally get up on that soapbox and talk about it the whole day.
[00:24:29] Speaker B: Cool stuff, Scott.
[00:24:31] Speaker A: What an absolute man. We came here to talk about security. We talked about so much more. This has been such an absolute delight, I gotta tell you. We're gonna have you back for sure. This was wonderful.
[00:24:41] Speaker B: Yeah. You enjoyed the conversation.
[00:24:43] Speaker A: There's just one scripted question because everything else is just down the rabbit hole on this show that we have. And it's a hard question at that. Right. So brace yourself.
If you had to go back to 20 something year old Scott, what would your advice be to him?
[00:24:59] Speaker B: Wow. I would say what stands out in my mind is don't weigh in and listen too much to people that say it can't be done. Throughout my entire life, my entire career, I've come up with a lot of dumb ideas, I'll admit it, but so many ideas that when I believed in it and was passionate about it and pushed even against people, I call them 10 times smarter. These are PhDs.
They understand radio frequency, wireless security. And dumb little me says, well, why don't we do this? It's worth challenging everybody. And if you believe in something, innovation, a product, an idea, push it as long as you can to see it to fruition until I can prove it wrong. And hey, this will not be successful. And I've done that. I think it's worth it, it's worth the ride, because it's more of what you learn in the process than sometimes the end product. And I think that's really important, especially if you're in the tech space and innovation with so many things blossoming around us.
[00:26:05] Speaker A: Scott, 100%. What a delight. Thank you so much for coming in our show today.
[00:26:12] Speaker B: Thanks for having me on there, Ari. Stay safe, everyone.
