Wiretapping the Secret Service can be easy and fun | Bryan Seely | TEDxKirkland


Translator: Araminta Dutta
Reviewer: Queenie Lee Last year, a hacker recorded over 40 calls to the Secret Service
and the FBI in one day, without anyone finding out. I think most people in here would agree
that that was a bad idea. People on Twitter
and the news talked about it, and some people even accused him
of being a fraud of a government agent. Some people called him a moron. My friends call me Bryan. (Laughter) The point is not
that sensational headline, albeit it is kind of sensational. It’s why I did what I did
and for why I’m here. Wiretapping the Secret Service
can be easy and fun. If you haven’t figured out
that that is satire, then we need to have
a whole other discussion. This was the front-page
article on Valleywag. It made it to KOMO
and a variety of different places. The reason all of this came up was because of this. What you see on the right is a common map search
for a local business – an auto-glass repair category. On the left – same search,
same city in Orange County – auto-glass repair. There are fake businesses
in these listings, and they look just like the real ones. There isn’t a person in this room who’d probably be able
to make an educated guess as to which one is which. On the left, there are six fake businesses
in the Google listings, and on Whitepages, anyone care …? Ten out of ten – they’re all fake. They’re all controlled by one person. This one person found a way to manipulate
the variety of local business systems, like Yelp, and Angie’s List, and Bing,
and especially Google Maps, which is the target. They have the most traffic,
they generate the most business – if you’re on Google, you’re set. So what happens? They bumped off
the original ten placeholders, and they no longer get the phone calls
they rightly deserve. This is a scam. This has been going on
since directories even started. Before the internet, there were
actually people in Yellow Pages doing the same thing
with alphabetical listings. They would all name their businesses
“AAA,” “AA,” “AAAA,” to get at the front of the category. People have always found
a way to game the system. Problem is now,
no one knows it’s happening, and it’s happening in every city,
in every country, every category that services
businesses and consumers, and there are over 50 major categories
that this is just epidemically bad. Another problem that’s actually
come to light recently is – What you might be familiar with
in a typical Google search is at the top, there’s a Google AdWords. These are the advertising results
that people in businesses have paid for. And what you see here,
and it’s a little blurry, my apologies, it says, “$15 locksmith service.
24 hours a day, 20 minute response time.” I don’t know a single locksmith in this country that will drive to you
and service you for $15 for any type of – They wouldn’t even give you
a handshake for $15. It’s not worth the gas,
it’s not worth the labor. This is bait and switch. It’s a very common thing
in fraud textbooks. It’s a price they have
absolutely no intention of fulfilling, and they will charge you through the nose
because you can’t afford not to pay them, or they’ve already done the service,
and then they use intimidation. You’re locked out of your car. It’s 11 o’clock at night. You’re in a bad neighborhood. They show up because you clicked
on an ad that said “$15 service,” and now it’s 350, and they make you go to the ATM
and pull money out. What if it’s your grandmother? Your wife? Your sister? This happens and it’s been in the media, but no one picks it up because this problem is so complex,
and big, and multijurisdictional, the FBI and the Secret Service
don’t want to touch it, the attorneys general; there are so many different pieces, and we have to start
at the original root of the problem. This man ran a business
called the Serbian Crown; this is in Wired magazine. Hackers who didn’t like him turned his business hours
for the weekend to nothing. They just deleted
his availability on the weekends, and it single-handedly killed his business
in less than a month. He had to shut his doors. He was open for two decades or more –
I think even longer. So I approached Google. I told them all of the different methods
that these guys are using – the exploits, the ways
that they beat the ranking systems – and I was pleasantly surprised
by them doing absolutely nothing. So I started creating some funny listings
to maybe get some social following, and this one was my personal favorite: the Snowden Super Secret Hiding Place
on the White House lawn. (Laughter) You can see why they chose that
for the main website image. So I walked into
the Secret Service office after recording phone calls. I didn’t have a lawyer with me. I had no idea what was going to happen
other than I kind of needed to be there because if I got caught, I think it arguably would have been
a first-class vacation to Guantanamo Bay, and although I was in the Marines, I don’t want to be reunited
with them there. (Laughter) And orange isn’t exactly my color. (Laughter) What I did was very simple. I created a very identical
Secret Service listing with a different phone number, and as you can see, this one at the top
has three reviews, 202 area code, this one has a 425 area code, same address, more pictures. I deleted their reviews
in less than five minutes, and I added reviews of my own
that were fake. Took less than 20 minutes,
beginning to end. The positions switched because mine suddenly
had more “hidden points,” which then meant anybody
who looked for the Secret Service, anywhere in the country
for this specific one, got mine, and that phone number forwarded to them, and I could record both sides
of the conversation without ever touching their systems. It’s not even technically hacking. It’s just stupid, really. (Laughter) You seem to think it’s a bad idea. Where were you? This was me waiting. (Laughter) Might never use a phone again,
so might as well take a selfie. (Laughter) While I was sitting
in the Secret Service office, waiting for the guys to show up, they walked out,
they all rolled their eyes. They all thought I was crazy because I’d just literally
called them and said, “Hi, I might have just recorded
a bunch of calls to you guys trying to prove something. Can I come in and show you?” “Oh yeah. Yeah, sure. Yeah, come on in.” It sounded crazy. So I’m standing there with the agents
in the Secret Service office right after I took those initial photos, and the agent goes, “Look, I don’t believe you. This isn’t really happening.” I said, “Okay. Do me a favor,
and I’ll prove this right now. Call the Secret Service office
in Washington, D.C., and I’ll prove it.” Pulls his phone out, says his name – He knew the guy on the other end. Maybe they were roommates at the academy,
if they even go to an academy. I don’t really know. (Laughter) Who does know, I mean, really? (Laughter) They hang up after about five minutes,
and I open my laptop. I push play, and it played back
the conversation I’d just heard, because he was standing next to me, and the full audio
of the guy we didn’t hear. And their eyes suddenly stopped rolling. And it got very quiet. And they handed me a statement saying,
“These are your Miranda rights. You are not under arrest
but we need to search you, and we would like you to accompany us
to the guest suite – (Laughter) this luxurious, closet-sized suite
with no windows, in which you’ll be staying
an undetermined amount of time. You’re not under arrest,
but we really don’t want you to leave.” (Laughter) Obviously, I was there of my own accord. Obviously, I was there
because this was the right thing to do, because there was
something bigger at stake, because there are people being affected, and so I took a risk. I took a risk of never
seeing my kids again. I took a risk of a misunderstanding. There have been people jailed
for far less, who are completely innocent. I didn’t have any criminal intent. I walked in immediately and went like,
“Ha ha ha, I’m sorry. I’m an idiot. And here you go. This is a problem, fix it.” They couldn’t ever
bring a case against me saying, “He was going to sell this.” The first people I called was them! While in the room,
they called Google and said, “Okay, he’s been telling you,” and they go, “Oh,
but we didn’t believe him,” and then … I don’t know whatever they were saying,
I wasn’t monitoring that call. (Laughter) What ended up happening was they said, “Delete the listings.
He needs to delete the listings,” and then the Secret Service said, “Google, shut it off
until you guys fix the problem,” and they said, “Okay, got it.” So they hung up,
and he walks in and goes, “You’re a hero for bringing
this to our attention not knowing what the results
would be against you. This is a national security problem. There were phone calls that had sensitive or potentially investigation-compromising
information on them.” I stopped listening –
I didn’t want to hear anymore. I didn’t want to be like, “Oh man,
like, President Nixon,” and, “He totally did something stupid.” (Laughter) “I’m going to end up in a bag in a river!
Why did I do this?” (Laughter) So they said fix it. Six weeks, Google shut off
phone verifications for new businesses. They shut off a lot of the little methods that I required to be able
to do this kind of thing. I thought it was fixed. Six weeks later, they turned it back on
with not a single change made. They had just paused. The news had died down. The Secret Service
had closed the investigation because when the Secret Service
tells you to do something, I think they’re pretty
used to people doing it. I mean, it’s not like, “Please put your hands up,
if you don’t mind,” and, “Would you mind not shooting
at the president, today?” Like, they don’t make requests,
they make demands because it’s a very clear,
black-and-white thing for them. The reason I know it’s still broken is because I built this
with no one’s permission on Northwest University’s
campus last week. The cell phone for that number – it’s in my dressing room. Postcard verification is required
to establish new business addresses. I obviously don’t get mail
at the university. I didn’t go. This was built yesterday. It’s a snowboarding shop
in the Oval Office called Edwards Snow Den. (Laughter) (Laughter) (Applause) Yeah, they didn’t fix the thing. Google lied to the Secret Service. They said they would fix it,
then turn it back on. They just waited
for the media to die down. What we can do now. I’m the authority on this subject. The largest tech publisher in the country let me write a book
that’s coming out in August. That book is designed
to raise awareness for all of the businesses
and all of the consumers – all of the victims of this horrible scam that people don’t even know is happening. All you know is your American dream
of owning your own home is slowly being taken from you, but you don’t even see the guy
who’s taking your money. You just got less calls last month. You can’t pay for your kid’s braces. Suddenly, you can’t make your mortgage. I’ve talked to well over
20 different people whose families all live
with their in-laws. They lost their business;
they lost their bond; they lost their insurance;
they lost their work truck. Whether it’s a locksmith
or a carpet cleaner, these are hardworking Americans. These are small business owners. They’re complaining to Google,
and Google’s going, “Nah, it’s not us.” They don’t have a chat support line. Their forums are just empty of admins. There’s nothing really going on
on Google’s end, and the worst thing is – Remember those advertisements
I was showing you? The scammers pay Google
for those ads by a click – every time they click. So when you click for that $15 service,
the scammer pays Google 25 bucks. Doesn’t make sense. If they were originally
going to charge 15, how can they spend more on the ad
than what they were going to bring in? Because they were never intending on that. Google knows they’re doing this because they just fought a lawsuit and got it dismissed under a law
that’s not designed for doing this. They’re hiding behind
their army of lawyers and their motto of “Don’t be evil,” and they’re cashing the check of the guys who are robbing
from the consumers and their clients. I don’t know a clearer way to say it. They’re happy to cash the check. They don’t want to fix the problem
because they’re making a lot of money. There are hundreds of thousands of these
fake businesses across the country. For example, you can fit, in one category, three to five auto-glass shops
in a city of 100,000 people or more. There are over 299 cities of over 100,000
population in the United States as of the 2013 census. How I know that is because I used to be working
with these kinds of scammers. I have detailed files from all of the different things
that they’ve done. They pay for bulk reviews written by professional
authors and writers – 20,000 bought at a time. They are so good at gaming the system that you are so ill-equipped
to even notice because you’re in a hurry. You’re not looking for a plumber because you might have
something wrong next week. Your basement’s full of water
and everyone’s going to drown. Call the plumber now; you don’t need to price check,
and they’re counting on it. Stop using Google for this product. Now, don’t get me wrong;
I love Google. I use their Gmail service, I love the way they invest –
clean energy, SpaceX, self-driving cars – they are a great company. This one piece is a cancer. It’s a blight, it’s a shame, and the way this stops is them going,
“Okay, we’re going to fix it. Let’s see what we can do
and make this right. Somebody’s making money
and somebody’s covering something up.” And until that day comes to light, I’m pretty good at being loud,
and I’m pretty good at being obnoxious, and I’m pretty good at getting away
with some really, really obnoxious stuff. If you want to go
and look those businesses up, they’re live on Google Maps, prominently displayed
for the whole world to see. So if you’re in the Oval Office
and you need a snowboarding shop, I might know a guy. (Laughter) Thank you. (Applause)

, , , , , , , , , , , , , , ,

Post navigation

Leave a Reply

Your email address will not be published. Required fields are marked *