Intro:
Invest in yourself today with our Insider Pro product, which gives you the career path to reach the next step in your cybersecurity journey. Join today on Cybrary.it using the discount code: podcast.
Mike Gruen:
You're listening to the 401 Access Denied podcast. I'm Mike Gruen, VP of Engineering and CISO at Cybrary. Please join me and my cohost Joseph Carson, Chief Security Scientist at Thycotic, as we discuss the latest news and attempt to make cybersecurity accessible, usable, and fun. Be sure to check back every two weeks for new episodes.
Joseph Carson:
Hello, everyone. Welcome to another 401 Access Denied podcast. It's a pleasure to be here. Really excited about today's topic, and also our special guest that we have on the show. Again, my name is Joseph Carson. I'm the co-host of the show itself. So background, long time in cybersecurity, and based in Tallinn, Estonia. My other cohost is with me today as well, Mike Gruen.
Mike Gruen:
Hi, Mike Gruen. VP of engineering at Cybrary. DC-based company, long career in IT and cybersecurity as well. And we have with us… Oh, sorry-
Joseph Carson: Go ahead.
Mike Gruen:
And we have with us a very special guest. David, I'll let you introduce yourself.
David Scott Lewis:
Well, thank you. I'm David Scott Lewis. Think of David Lightman from the character WarGames. You google my name, you'll get the whole story. You'll hear more about it over the next half hour. I'm a COVID-19 refugee in Hong Kong right now and might be in the UK pretty soon. One of the few people in the world who is currently traveling.
Joseph Carson:
That is actually a very unique situation right now. Here in Estonia, we can't go anywhere, so … opening up. I did see some people send me some pictures of the airport, asking me today, "Are you missing the airport? Here are some memories." And they were kind of teasing me with pictures of the lounges in the airport. But some time in the future, we'll all get to travel, but that's a very unique situation. And of course, David, you mentioned our fun topic today is... And it's really dear to my background and what got me into the industry, is that, basically, through everyone's careers, what really shaped me in being in the industry that I'm in was a lot of the iconic movies that we watched when we were younger that had a big impact I know right now, my kids are watching the likes of the Friends episodes again. So, they're really getting influenced by Friends, but what really influenced me was really iconic hacker movies that really got me thinking and really got me interested in gadgets.
And also influenced me being, from a very young age, getting into gaming, playing games, playing with friends, and really getting a competitive side. So, today's theme of the podcast is really going through a historical timeline of iconic hacker movies. This really shaped the industry and even when I go to events, we have hacker movie nights. Even in the current situation where people are distanced and communicating over things like Zoom, Teams, Skype, and so forth, is that we're even watching movies together. We're even doing it through discord channels and watching it online. Either using Netflix as the medium to watch it. So, for me, today's theme is really exciting and it's a pleasure to also have David give us some of his insights and background into some of the iconic movies. So, I think for me, I'll start off with one movie that really shaped kind of my kind of background.
I've got a couple that I watch over and over again. But one movie that really shaped kind of where I am in the industry today, of course, was WarGames. WarGames was one of the first movies that I got to watch. One weekend, my father got it on, I think it was in Betamax back then or VHS. Whatever medium we had available. And we sat and watched it. And for me it was, for me, watching the technology and watching the techniques. And even actually at that time when I was in high school – what we refer to as "secondary school" – it actually also got me very tech-savvy, that I actually used some of the techniques from the movie, which is interesting as well. Because a lot of the techniques we even continue to use today. So, I'm not sure, did you get to watch it, I guess, over the weekend or did you watch it recently or have you not watched it at all, yet?
Mike Gruen: What, WarGames? I've definitely seen it.
Joseph Carson: WarGames.
Mike Gruen:
And it was on actually TV a just couple of weeks ago, so the timing of this is pretty funny. I watched it with my kids. And yeah, it's one of those movies that I watched over and over again and for me, after I got into IT and software development and looking back at sort of how, at least the movie and we'll hear more about the real story from David obviously, but the sort of innocence of how it all happened and so paralleled so many other things in hacking. These unintended consequences. Things get out of control. You wrote a thing and next thing you know it turned into an internet worm, purely by accident, or I have a similar experience in my background where I accidentally took down Colby College with a denial service attack because I was just trying to find out if my girlfriend was online. Stuff like that. These sort of innocent, how it goes from you trying to just do something for yourself and blows out of proportion
I think, at the time that I first saw the movie, I didn't really have an appreciation for that. And then later in life, as I watched the movie over and over again, how sort of true to life that is, was really what sticks with me on that movie.
Joseph Carson:
Yeah, absolutely. I'm lucky enough and fortunate enough while I sometimes I prefer not to talk about some of the things I did, I can … But some of the techniques, I mean, I did use and this is probably the first time live I'm sharing these details. When I was at school, we used to have a number of Apple computers that we used in our computer class. One of the things I used to do is one, I used to play computer games and make money. It used to be very costly, so we used to have to look at ways to be able to get access to computer games. Back then, it was about … the tape to the set, so that you can find a way to record and play them back, so you were then able to copy them straight from the tapes. But at the school, one of the things that I find was interesting, which is what got me really tech-savvy, was I used one of the techniques that was actually in the movie.
Where, or was it David Lightman, basically, he's getting detention and they go see the headmaster and actually finds out where the passwords are actually stored. Basically, puts it in the desk. In my case, I just observed and watched the teacher doing some, what we refer to as social engineering, to find out where the passwords were stored. And finding that password, what I used to do at school was I would actually, during the computer class, I would install all the computer games onto the computer and I would actually charge people for reinstalling the games onto their computers as well so that they could play during the class. And then, what was great was that the administrator of the school, that evening, would be so angry and … "Who put all these computer games on these computers?" And they started deleting them all.
So, the next day when we went back into the computer class, they were all gone again. So, I get to be charging again, knowing where the password was stored to actually put all the games back on the computers. And this became this repetitive thing and it also fed my personal gaming console, was it, era. But back to one thing that we see in movies is that translates into real-world scenarios. I think the things that kind of keep to the sand of time is the social engineering aspect because a lot of movies then did use social engineering as a primary technique. So, David, welcome to the show and again, having a very close kind of tie to WarGames, can you give a bit of a background in reality into what techniques were real and what techniques would have you used prior to the movies coming up?
David Scott Lewis:
So, it's important to separate the screenplay, which was very accurate, from what we saw in the movie, which of course, had to be made into a movie. So, the screenplay was a little bit different It did, pretty much, talk about what's really done. The movie, it does mirror many of the techniques that were really used back then. So, we're talking about... Let me actually put something in there in the actual timeframe. My real WarGames took place between '74 and '75 and then the movie came out in '83. So, there's that time lag there, but you can see with the … and the Altair, I think they show the … in the movie. They show an M-Sci computer. So, it's tied into all of that, that happened back then and it was a very different environment. I'm a little bit older than you guys.
So, I'm a few years younger than Gates and Jobs, unfortunately, because if you noticed, Scott McNealy, all of them, pretty much, were about three years older than me. Three to four years older. So, unfortunately, I missed that. So, there were certain things happening back then and it was kind of like hackers slash hobbyists. So, I would say, people back then, we could build computers. We had to. We had no other option. You would get something from Altair or M-Sci and the parts would be missing. Parts would be missing So, you're building your own computer and parts are missing. So, you actually had to understand a thing. Then there were Adam Osborne's books where you actually learn. You could do coding. You could do machine and assembly coding. So, it was just a very different world back then.
But also then trying to understand... I used to use patents to try and get a better idea of how systems are working even though, of course, you're not going to get too much information, but you get a better understanding. And that's something that didn't get shown in WarGames, but in WarGames they showed the research part. In reality, that's at UCLA and then in the movie, they show Seattle at the Pacific Northwest Lab … PNNL. But in reality, that's the RAND Corporation and that's UCLA's main research library. So, all of those things are accurate. We're getting the information. There's also the AI component that was also very important to me from the beginning. One thing that a lot of people overlook about WarGames is that, "Okay, hacker movie." But they forget that WarGames was the first movie to show AI in its current timeframe. Unlike 2001, showing Hal in 2001, WarGames is actually showing AI techniques at that time and it was the first movie to do that. And that was very important to me. I had been involved with AI since then.
So, anyway, I'm happy to answer any questions about WarGames and I'll tell you what influenced me to get into all this.
Joseph Carson:
So, I mean, that's really interesting. Absolutely, with basically, AI, computers playing computers and I think how do you get the computer to play itself and using things like Tic-tac-toe as those examples is really kind of great. And of course, everything you had, absolutely. I've got a retro … and I even go back and play a lot of the games from that era just to bring back the memories. Things like going back and playing Monkey Island and R-Type. It was a lot of games from the 80s era that I played, but also going back into the old Pac-Man, Tic-tac-toe games that really kind of influenced a lot of even that type of culture as well. So, from that, how did you get connected with WarGames and Lasker, and where was that connection or meeting or how did it evolve from that?
David Scott Lewis:
Okay, so a friend of mine was working as an admin to Caan. That's James Caan's brother and he was an agent at William Morris. So, Larry Walter, Larry Lester Walter Parkes, who wrote the screenplay, they had, I guess they were working with Marti, I guess he was their agent. So, they arranged for a meeting. It was kind of a fluke situation. The girl that had worked, the admin... Originally the plot was supposed to be about some kid who won a science fair and it was going to be the Stephen Hawking prototype or protégé. A protégé. And because at the time I was studying astrophysics, Caltech was involved, all sorts of other things. And then they find out, "Oh, okay." And then we kind of get pulled in a completely different direction. That wasn't the original focus of the movie at all, but when we were working on the screenplay, I actually pulled it in a different direction, which Walter talks about in the 25th anniversary, they have a session at Google and he talks about... I actually forgot about it. It's what I wanted to see in the movie.
Because this is during the Strategic Defense Initiative. So, I wanted it to be involved about space-based warfare, charged-particle beam weapons, all sorts of other things, and then they brought it basically, back to me, which when Walter already wrote the screenplay, surprised me because that came out of nowhere. Yeah, it was interesting to see how that whole thing evolved. And it took several years. Originally the screenplay was owned by Universal, that's who I got paid by. So, Universal, I believe Disney owned it or Paramount owned it at one point and then MGM got it. So, there was a little bit of a lag. It wasn't a smooth process getting it made and then the directors changed as well. There were two directors. At least two directors that I remember on WarGames. So, it took a while. I wasn't that involved with the movie, but the screenplay, yeah. The screenplay was almost verbatim. And then being the character.
Even people I deal with today will say, and I'm over 60 years old now, will say that they can see my personality in the David Lightman character. And I would say, yeah, that's accurately captured as well. So, anyway, it's the timeframe of 1975.
Joseph Carson:
Yeah, because the screenplay itself was around 1975, '76 timeframe and the movie didn't come out until the early 80s, '83.
David Scott Lewis: '83.
Joseph Carson:
It was a large gap between, one, is the screenplay being created, and also the movie being released itself. Did you ever get to meet Matthew Broderick at all or … was that something that?
David Scott Lewis:
I did. I did. Yeah, I did at MGM. Where you see the main stage at … that's where I met Matthew Broderick. By the time I got to the movie, I wasn't very involved with the movie directly at all. Again, with the screenplay, yeah, a lot. I would say the two most influential people on the screenplay were myself and Willis Ware at the RAND Corporations, now passed away. I would say we were the two key people that were involved with the screenplay
Joseph Carson:
It's interesting, one of the things you mentioned was that you were studying astrophysics, which is interesting because I think that's where, when I read a lot of the old books from that era because I still like to read and also research, I found that most people who are involved in computing are in computer science or information technology were actually into astrophysics and space and flight. Was that a common thing, then, to study? That kind of moved people in that direction? The people that were involved, were they coming from the same background?
David Scott Lewis:
That's a great question. I've done many interviews and that's the first time someone's asked that question. So, remember back then, because I'm older than you guys, back in the mid-70s, there was no computer science.
Mike Gruen: Right.
David Scott Lewis:
You were studying math or you studied electrical engineering, okay. So, the ACM, the Association for Computing Machinery, they were the math geeks. And IEEE, EE geeks, right. So, things were different back then. So, people had different backgrounds. It really was more hobbyist. People willing to get their hands dirty actually could build stuff. Popular Electronics, I would say that's the one thing that we all... That was our Bible. Every month we were looking forward to the new issue of Popular Electronics and we would buy stuff. Remember, things came in kits. You got them in the mail, you put them together. You got out your soldering gun. You actually did this stuff. I had a ham radio … I had a novice …. So, that was pretty typical too. You had a lot of people into ham radio back then. And then I also built a telescope in the sixth grade. A Newtonian telescope. So, there were some people that were doing that. I would say that ham radio and certainly Popular Electronics is where everybody coalesced around Popular Electronics.
Mike Gruen:
Yeah, I think there's a really good movie or documentary that was on PBS called Triumph of the Nerds that I think does a very good job of capturing, sort of, those 70s as the early days. It's the Apple, Microsoft story of back in the garage, and I that it does a great job of sort of showing all the different avenues that people got into computing back then. Because, right, as you said, there was no Com Sci. It was math or it was EE or you were doing some sort of hobby like ham radio and I know a lot of my friends who are actually in software or in IT, their dads were actually doing ham radio and that's what influenced them. So, … definitely. And then even by the time I went to college, University of Maryland, College Park, original, the Comp Sci department was still part of the Math department. It then spun out into its own department, but it was, at one point, still part of the Math department and so, there were still a lot of people that were in Comp Sci were in math or EE majors as well. Double majoring. So, I think that continued all the way through the 90s.
David Scott Lewis:
I know that you guys had one of the earliest, fairly large AI departments. You don't get credit for it. … Everybody thinks MIT and Stanford.
Mike Gruen: Right.
David Scott Lewis:
But they forget that you guys had one of the larger AI departments. One of the earlier ones too.
Mike Gruen:
Yep. College park gets because I think it's a public school, they don't get some of the recognition, but yeah. I actually wet there for mechanical engineering and ended up in Com Sci. Yeah, it's one of the top 10. It was at least for a long time one of the top 10 Com Sci departments in the country. I think it still probably is, but yeah, there's a lot of groundbreaking work that was done there.
Joseph Carson:
I think it's great to … all day. One of the things I'm seeing in the industry as well is people going back to basics. People going back to really tying it back. Even ham radio today is actually is becoming more and more popular. People are starting to get more into it. Because often at the end of the day, everything we do is based on radio waves. It's based on communication or radio waves and a ham radio is probably the basics of showing how that primarily functions. So, I see a lot of people in the industry and my peers and even when my kids are asking me what things should they get into or what should look at. And one of the first time I'm looking it was ham radios. They should understand how ham radios work because, ultimately, that's the basis of communication, the radio spectrum itself. And also, it's really great to see something like Raspberry Pis coming out and the Intel ones and other types of micro computers that force people to build. That force people to understand how it's put together.
Because, originally being from Belfast in Northern Ireland, we were always a little bit behind the times and we always had to kind of push ourselves to try get the information because the magazines, 2600, would come in months later. We wouldn't have the first editions. We wouldn't have those early editions. And even some of the games, you had to write in basic, get to compile, run it and hopefully that they actually typed it out right. Or the print was right otherwise you would find a month later that actually, they had an error in a certain line. So, I think I'm happy to see people going back to those times and those elements where people understand the basics and how things function. I think that's really critical because I think, for me over the years, that's been lost. Today, when I did software programming or computer science, you really had to understand. We were sitting with oscilloscopes and watching the waves going through and trying to understand about the bits and minors and machine code and algorithms, understand how it works.
And one of my worries was that when I started seeing people in the later years of my studies and sometimes going back to do additional courses, it was copy-paste. It was repurposing or reusing existing things and not knowing how the fundamentals work. And that scared me a bit, but it's great to see hopefully, it will be a trend that people will get back to those basics and really get back to, I think, that really hardcore education where people were doing it because they wanted to and the wanted to learn. Rather than it being for the sake of just being like everybody else.
David Scott Lewis:
Yeah, I would wonder how that's going to change. So, back then, of course, besides Popular Electronics then additionally you had BYTE magazine and David Ahl's magazine, Creative Computing SO, Creative Computing was a software magazine, BYTE was the hardware magazine and it was a lot of fun. It really was a lot of fun and I don't see that now. Let's face it, the CS major, they could even be from CMU or some great school like that, You would rip open the computer and they have no idea what's underneath the hood.
Mike Gruen:
Right, yeah. And I mean, id go even further with CS majors because we've built on top so many things that I can talk to a CS major and they don't necessarily understand common algorithms and sort of the stuff that really is required for a backend developer to understand in terms of these concepts. I come from sort of maybe different mindset, which is I think it's great. I think it's great that you can get someone who is, essentially, an artist to come in and start learning how to do software programming and build amazing websites on top of all the things. It's just layers upon layers upon layers and yes, I think there are still... If you're interested in the real hardcore electronic part of the computer science then you're probably going for more a EE major still or some sort of dual degree as opposed to Com Sci. Which Com Sci now, is a huge... When I was at Maryland, Com Sci was a degree. They didn't have any specializations. Now there's software engineering is a specialized thing. Information technology. They have the, you know, but it doesn't matter. There's just a bunch of them.
I think it's interesting on the one hand because I think in a lot of ways, the degree is more of a vocation than an... It's now teaching you how to work, which has its advantages, but I do think there's sort of this layering. And the fact that things like Stack Overflow, speaking of copy and paste, that's how software engineers solve problems these days. They google it. They find the solution. Hopefully they copy and paste the answer and not the question and then they move on. There's some good things to that. That's why we're able to have what we have because we've just kept on building up. We don't actually have to understand all the way down, but it's still important that there's people coming in - What was that?
Joseph Carson:
Hopefully, they fix the errors that they are copy-pasting as well.
Mike Gruen:
Yeah, exactly. Right. And I think it's sort of right. It's great. I think it's important that we continue to have people coming in at every layer of the stack from artist making amazing website, to hardcore, EE, sort of understanding the electronics and the underlying computer architecture. But yeah, it's amazing how you can come out of a degreed program and not necessarily understand lots of different parts of it. I had to write a compiler. I got to imagine a lot of CS majors coming out these days don't write compilers.
Joseph Carson:
No. What influenced you in your career? You were doing astrophysics. Did you have anything in your background? Was it books or was it society or was there movies that influenced you prior to WarGames that got you really interested in the industry and electronics and maths and computers?
David Scott Lewis:
Sure, there was one segment on 60 Minutes that was it. So, Jo, you're not from America. Do you know 60 Minutes the TV show?
Joseph Carson: Yeah, I do know 60 Minutes. Yes, I do.
David Scott Lewis: Okay.
Joseph Carson: We get it a year later.
David Scott Lewis:
Okay. You get it a year later, okay. So, 60 Minutes had a segment called Dial E for Embezzlement. That was the name of the segment and when I saw it, I thought, and I believe I was in the ninth grade when I saw it. I'm not sure about the dates here, but I think I was in the ninth grade, but I was doing a maths summer during the summer. Again, I'm not 100% sure of the dates. But I was doing that and when I watched it I thought, "I'm actually using some of this equipment already. So, let's see what I could possible do with this." So, I got the whole idea from seeing that segment on 60 Minutes. I would say that's what really influenced me. In my background, because of my age, we're talking Apollo, right. I'm that generation growing up watching that happen. Believe it or not, Star Trek did not influence me, although, I'm a loyal fan now. It was on, I believe, on Friday nights at 21:00 o'clock or something, but my parents would not let me stay up that late when Star Trek was on.
But I did watch 2001 was an influence, obviously. So was the Andromeda Strain. I would say those two movies... Yeah, the original Andromeda Strain, not the goofy remake. So, that was ridiculous. And people are surprised by the Andromeda Strain, but if you look at it, you see everything that's involved, that's kind of like hacking as well, but from a life sciences perspective.
Mike Gruen: Right.
David Scott Lewis:
With a lot of equipment. So, yeah. That's really what got me influenced, but that segment on 60 Minutes was the trigger.
Joseph Carson:
That's interesting. It's impressive how people get different influences that can sometimes shape their career and direction. Even for me, I'm continuously shaping. I'm always learning, watching other people, getting mentors, communicating, but it's always interesting to see how other people's backgrounds, from different locations even because I'm from Belfast. Belfast, when I was growing up was in violence, it was in wartime. So, there's a lot of things you kind of had to ignore in order to get your own focus. So, sometimes it was always challenging in those regards, but definitely movies and getting into gadgets were really that influence. The second movie that I have that really also influenced me, which is really when I started more into the education, more getting into hands-on and it was a bit later... WarGames got me into the techy side of things and really got me learning about things like phone phreaking, looking at how to get access to games, looking at the social engineering aspect of things. That really got me interested in that direction.
But one kind of next one that shaped was, of course, Sneakers, which of course was this goofy comedy type of scenario where you've got the Robert Redford playing … was it doing, basically, the sneakers are hacking into banks. I think that was really kind of the first movie where I got to understand what pen-testing was. Really looking at the access and inside of things. So, that was another one, but for me, a lot of the gain was the social engineering aspect of it. A lot of what they did in the movie itself somewhat was more for the visual aspect of things where it wasn't really kind of... I wouldn't see it as being real-world scenarios, but definitely the social aspects and the social engineering. A lot of what they were doing with the recording and getting access to the banks. I found that really interesting as well. So, David, did Sneakers have any influence or, because of course, it was much later? It was around the early 90s. I think it was '93 timeframe when it came out. So, it was almost 10 years later.
And I think that was probably one of the first movies, really, that reintroduced hacking back in since WarGames. So, is that something that influenced you at all or was it something that just kind of passed by?
David Scott Lewis:
So … Lasker also wrote sneakers. So, they were also the screenwriters of sneakers. So, I worked a little bit on that, but not much. The concept was different for Sneakers. They actually developed that while they were at 20th Century Fox. We were at a private studio, well, I don't know about private studio … Productions was on Sweetzer and Sunset in West Hollywood for WarGames, but they were then celebrities at that point. So, they were actually at 20th Century Fox doing Sneakers. And there was also a difference. You can kind of sense it watching the movie. WarGames was a labor of love. Sneakers, to them, was a job. That's the difference. And the people approached it very differently. The people who actually worked on the movie, not just the screenwriters, approached it very differently. For Robert Redford, it was just a job. That's my understanding, the way they approached it.
For Matthew Broderick, he really kind of got into it in WarGames. People were more enthusiastic about it. So, Sneakers. So, yeah, that was much later and that really was supposed to be a movie about physical security. And then it kind of morphed. That's where the terms Sneakers comes from. And it comes from the physical security world and then it morphed into what you see in the movie as movies often do, right. They morph from the screenplay and they have to be visually exciting. So, that's how it evolved. So, at that point, I had kind of moved on. So, Sneakers wasn't, but I enjoyed the movie, but it wasn't a big part-
Mike Gruen:
And I think one of the big differences with Sneakers and WarGames, WarGames is more of a story of the characters I think than Sneakers is. And I think that's where you that kind of warmth that comes through in WarGames that probably made it even easier as an actor to get into the character, get into the roles, and not just treat it as a job. Because I think it's much more accessible and I think it's just more about the people in a lot of ways and the hacking is this thing that's sort of supports the movie. It's a key element, obviously, but it's not as... Where Sneakers, it's definitely, the hacking is more in it that the character development, I think.
David Scott Lewis:
Yeah, Mike, I would say, to extend on that, they actually met my Jenifer. Her name Ellen and I was actually with for 11 years. We were high school sweethearts-
Mike Gruen: Oh, nice.
David Scott Lewis: So, they actually knew her.
Mike Gruen: Right.
David Scott Lewis:
She didn't really like the way that she was portrayed in the movie … but she wound up getting promoted to first … management at Hughes Aircraft quicker than anybody in the history of Hughes Aircraft. She became a EE and she was working on … Star and other classified projects and she went that path. So, you wouldn't think that from the Jenifer in the movie.
Mike Gruen: Right, right.
David Scott Lewis:
That's she would wind up working at … Star. But there really was and again, they had met her. So, there was that element in WarGames that is based in reality and it does make it more human. And there's nothing like that in Sneakers.
Mike Gruen: So-
Joseph Carson: The characters really come through in WarGames much more.
David Scott Lewis: Right.
Joseph Carson:
You get to see the more personal side of it the more kind of community where there's certainly people curious as well and that definitely comes across in the characters for sure. And you can see that difference, absolutely David. You're mentioning, for some, explicitly, I think for a lot in WarGames, maybe Matthew Broderick's, his first roles and early roles that he was getting into were Sneakers. They were all very established kind of actors just playing a role and just doing a job.
Mike Gruen:
So, I'm curious. There's a different Robert Redford movie that comes up frequently when you look for hacker movies. I watched it last night, fell asleep. … Three Days of the Condor- Yeah, exactly because it's not a hacker movie. I mean, there's some computers, he's a CIA guy, whatever. I'm curious if either of you have seen that movie or thoughts on it.
David Scott Lewis:
I have seen it and I like it. I thought it was a great movie. I think it was originally based on the book Seven Days of the Condor so they compressed it for the movie-
Mike Gruen:
Yeah, actually, Six Days of the Condor... Six Days was the book … To be fair to the movie, I started super late. I had to put the kids down for bed. I didn't start it until 23:00 o'clock at night. So, the fact that I fell asleep is not anything to do with the movie-
Joseph Carson: It's actually the movie.
Mike Gruen:
It's just, not a reflection on the movie, just my inability to stay up past 23:00.
David Scott Lewis:
Yeah, so I thought the premise was interesting. I like the premise. Max Von Sydow's always a wonderful actor. So, I enjoyed that part. Yeah, I enjoyed it. I thought it was an entertaining movie. Can't speak to it much beyond that.
Mike Gruen: Yeah-
David Scott Lewis: But I did enjoy it.
Joseph Carson:
I think it's been a number of years since I've actually seen that movie. I think it's since... When was it produced or when was it?
Mike Gruen: It's 70-
Mike Gruen: Was that 60 something?
David Scott Lewis: No, that's … late 70s.
Mike Gruen:
It's late 70s based on the music and the … rest of it. It's definitely... I would say it's late 70s. I don't remember exactly.
David Scott Lewis: I think it's late 70s as well
Mike Gruen:
Right, but one of the movies, speaking of Matthew Broderick and WarGames, and whee hacking is sort of... One of the movies that I think of and you can convince me that it's not a hacking movie is Ferris Bueller's Day Off. Now, there's a lot in that movie, whether it's him changing his attendance record. His sister get her car, he gets a computer. That was one of the things. There's definitely the supporting role that hacking plays throughout the movie. It's not in any way a main character. It's just the sort of side note, changing his attendance record. The stuff that they do, the social engineering of how they get into the restaurant that's all booked up. It's a fancy restaurant. They don't have reservation, how are they going to get in and how they get through all of that. And then even the total failed car hacking of trying to roll-back the odometer.
So, in think that's one of those movies that definitely doesn't come up in your list of hacker movies, but one that I like to think of a lot. It definitely had a lot of influence on me. I think when I was in college, one of my college roommates used to referred to me when I talked about my high school antics. He's like, "You live Ferris Bueller's Day Off. You're Ferris Bueller." And for me, a lot of these movies, it's more about art imitating life. Ferris Bueller's Day Off is, I wouldn't say that it influenced me to get into computers or IT or any of the rest of it, but watching it, I think about those things and how it relates to my own life. So, there's that. I'm curious if anybody wants to argue with me about Ferris Bueller's Day Off.
David Scott Lewis: No.
Joseph Carson:
I agree. I mean, one of the things is that, a lot of people kind of refer to hacking as the technical side, the computer side of things. And that's one element of it. A lot of it when I was growing up and yourselves, is that a lot of it applies as social engineering side of things is to get things that you want.
Mike Gruen: Right.
Joseph Carson:
Is to get my parents to buy me a computer game or even a computer. You have to use social engineering to, first of all, get them to give you the computer. So, absolutely when you're looking at Ferris Bueller's Day Off, that a lot of the techniques, while they're not very techy focused, they are related to the social engineering aspect of really what hacking was, is to really get what you wanted.
Mike Gruen:
Right… I mean, there's even the physical side, where what he does with the doorbell or his own bedroom door when they open it and it turns on the snoring. There's all those aspects as well where he's tying into sort of the physical world. I'm curious … David, what your thoughts are.
Joseph Carson: Also did the breeding-
Mike Gruen:
The breeding … and the mannequin… I mean there's a lot going on in there. Anyway, David?
David Scott Lewis:
So, I've seen it, I enjoyed it and I don't remember any of that. Zero recollection of any of those. So, sorry about that. I can't comment. I remember I watched the movie, I enjoyed it but I have no comment beyond that.
Mike Gruen:
Right, I mean, now we're seeing the difference in age, right. That was a movie that came out right in my... That's definitely, I want to say it's '84, '85. It's soon after WarGames and so sort of in the wheelhouse of movies that, if it's on TV I can't not watch it or at least tune in for some period of time.
Joseph Carson: Anything to get a day off school.
Mike Gruen:
Exactly. WarGames also falls in that category and another movie that falls into that category, for me, again it's another movie that definitely didn't influence me but so parallels things very well, which was Office Space. It's about how they introduce some code into the thing to do the Superman, whatever, rounding error to embezzle money. And of course, it goes wrong because software developers are not great at testing things. I'm one of them. I feel like as a software engineer, I can say that.
Joseph Carson: Wasn't testing someone else's job?
Mike Gruen: Exactly… It's someone else's job.
Joseph Carson: It's the person using it that's testing it.
Mike Gruen:
Right, so Office Space is another one of those movies that, for me, I look back on. When I saw it, I was already working when it came out and I actually didn't like it when I saw it in the theater as much because it was just too close to reality. It's a comedy, but it was a little too close to reality at the time in 90s before the .com bubble and stuff. But now watching it and looking back, it's another one of those movies that I love to watch. I think, and again, hacking plays sort of that supporting role. I had the opportunity in the 2000s, I was working on a project where I was responsible for doing a whole bunch of calculations with retiree health system where basically, it was reimbursing people and there as the same thing where the reimbursement was a calculation that involved a percent. And we sort of joked around about there's going to be rounding errors, where does that money go.
Not to say that we ever thought about doing the embezzlement, but more just the... It turns out that these things actually do happen. These situations happen in the real world where you have those opportunities and I think-
Joseph Carson:
That brings up a really good question that I've got. So, David, one of the things different between when you were getting involved in this and when I started and a lot of what can also, I led on the more cautionary side because when I was doing it, it was illegal. There was laws that was introduced in the early 90s that actually influenced, that actually made protection and computer crime laws and stuff. And when you started, back in the 70s and 80s, there was no laws that would've actually criminalized some of those activities. Do you think that, even WarGames itself, actually, maybe have influenced laws and regulations later? Afterwards?
David Scott Lewis: Yes, can you guys hear me? I'm getting a little bit of a pause there.
Joseph Carson: The movies actually have an influence on those?
David Scott Lewis:
So, if you read the book Dark Territory by Kaplan, he talks about that. He opens up with WarGames. The book opens with Reagan telling the meeting that, "Did you guys see this movie over the weekend? It's called WarGames." I thought that was a great way to open a book. Here's the President of the United Stated all enthusiastic about this and then it goes on and on and on. And that actually did lead to the CFAA. It is the CFAA I believe. And really that's still the main law in existence. Now, when I was doing things, I was a member of the AFCEA and the Old Crows, so the … association for the United States. The Old Crows is electronic warfare. They had a huge operation at the Old Green Monster, this old aircraft building where Jenifer wound up working. My Jenifer. Before MGM bought it and I don't know what they've done with it. And AFCEA was at the Air Force Space Division, which was in … well, they're both near there.
So, anyway. So, people knew what I was doing. So, certain people knew what I was doing. So, if things really got out of hand, there were people to say, "Okay, don't worry about it." Okay so, you're right. There were no laws, but I wasn't dumb enough to try certain things I did without at least somebody knowing what I was going to be doing.
Mike Gruen: Right.
David Scott Lewis:
And knowing that I wouldn't take anything too far. So, I did take that under consideration back then. So, again, people from the Old Crows, people from AFCEA, they were both involved. I should mention something also that was kind of critical for me. There was a group that I belonged to called PCC and it kind of meant Personal Computer Club, but they never wanted to really name the acronym. So, it's just PCC and they were a hobbyist group. And we used to do a lot of stuff. This will date me. HP 65s were the first real, kind of, handheld computers. And we were writing code and doing all sorts of things with it and that really was a group to support the HP 65. And that really helped develop my skills because this was all a bunch of hacker types. And that really did help. It was nice to have a supporting group while you're developing your skills and learning all of this. I think that was really kind of critical and I used to go there quite often.
It was Friday nights. We met on Friday nights and it was pretty far away from me. It was about an hour drive from where I was. Now in Los Angeles, it's probably a three-hour drive because of traffic, but anyway. So, that was also influential and I think... Lost my point. My point, having a support group, a hobbyist group, I think, helps. It really does help develop your skills and encourages you to pursue more things. You always want to one-up your buddy. And that drives people toward excellence. And the whole backdrop of the Apollo Program, the Space Race in general, I think was also critical. It was always in the back of our minds. And that's something I think you guys missed because of your age. That the space race was over. But for my age group, the space age was really a driving force behind everything. Behind really everything.
Mike Gruen:
And it's funny that you mention things that we, because of my age, our age, we grew up internet... World wide web, all that was when I was in college. It's different and I think back to, you mention being in clubs and how important being in clubs was, nowadays, with the internet and the accessibility to all this information, I think that also breeds this... There no such thing as a script kiddie back in the early days because you had to understand. You had to work with people. You couldn't just copy and paste a hack or not understand what was going on. And I think that's another thing that is missing is the sort of human element. I think it's really easy to get access to so much information without actually that human portion of it where if you're in a club, not only are you getting that support, but you're also getting that sort of ethical, moral... Here's a human who's going to potentially help me to remind me to be a human. And morals and ethics and things like that, that I think might be lacking a little bit now with the online aspect of it.
Joseph Carson:
Yeah, I think having things only online and people doing clubs online and memberships and subscriptions and communicating only online, I think it does lose that society, moral, ethical compass. Because, even when I was growing up, that's what a lot of influence prevented me from getting into the criminal. I think we all started off, in some regards, as script kiddie. That's where I would want to get hands-on and copying things from magazines and book and learning things from movies and … And then perfecting them and getting better. But it was the clubs that kept that moral compass. When we're talking about other people and mentors and societies. I think that's what's critical and even in the early days of the Loft and Cult of the Dead Cow, they kept each other, their moral compass in the right direction. The ethical reasons and having those types of clubs where people who may have, by themselves, without that club or community, may have went off into kind of criminal directions.
It was that kind of mentorship and moral that kept everyone going down the right path. And I think today we are missing a lot of that and I think that's why we probably we do see a lot of youth going into criminal activities and we get into this rehabilitation and reeducation and reintroduction to … programs that hopefully will, I think we need to catch it earlier.
David Scott Lewis:
I think one key thing, the hobbyist element in many ways is just gone. So, if you remember that scene in Apollo 13 where they throw all material on the table and they're trying to figure out how to... That's what we would do at PCC. We'd do that stuff. We'd get the latest issue of Popular Electronics, we'd throw all that stuff on the table, we'd a bunch of new stuff to it, "Let's go at it, guys." And that's just totally missing and that you need to do in a group, hands-on. You can't do it online. You can't deal with hardware online.
Joseph Carson: Right, yeah.
David Scott Lewis: You got to…
Mike Gruen:
I don't know, we do infrastructure, Infrastructure is code now, man. That's the thing, right. I'm a huge proponent of dev sec ops. Now, all my infrastructure, it's in this file. That's my hardware. It's awesome. It gives me a lot of control-
Joseph Carson:
When your internet connection goes down? That's when the problem happens.
Mike Gruen: Exactly.
Joseph Carson:
So, David, one of the next questions that kind of pulls you back to the end is that, from a direction-side, is there anything after those times, since then, what would've influenced you the most? There's been so much iconic... I think in the mid-90s there's was a phase of trial movies coming out that had some components to it and I think in the late, now, 2010s and since then, of course, there been a resurgence. And I think one that I remember that probably had a visionary aspect, which people don't really talk about and somewhat lost in history as well was Johnny Mnemonic. Where basically, Keanu Reeves is having a chip in his head where it contains data and there's artificial intelligence or those elements of it. And I think, for me, something's just lost and for me, that was a visionary side that showed me kind of a glimpse of the future. But since then, has there been anything that's influential that would've been iconic that, since that era, that has probably given you some kind of direction yourself or for the future even artificial intelligence, perse?
David Scott Lewis:
I think that we should all admit that Jesus Christ was a hacker, right. Neo was a hacker. So, I think that's the best embodiment of what a hacker is. So, I think right now if I was younger looking at what the motivation would be, I would say it's the world situation. I think it's just responding to global threats, knowing what they are, I can't even talk about them because of where I am. So … dudes and there also opportunities, right. For career paths for opportunities for people to … So, the world stage in that sense with the state actors, not just non-state actors, not just the lone wolf hacker. It's changed. The world has changed and who would've thought this would become a profession? Not I.
Mike Gruen:
What I think is interesting is the ethical hacker is a profession now with bug bounty programs and all these different ways of... Back in the day if you were to hack into a system, there were two possibilities. One was you'd end up in jail the other was you'd end up working for the company that you just hacked into, right. Their security team … Nowadays-
Joseph Carson:
Now it's in reverse. You do your time and then you get hired…
Mike Gruen:
Or both, right. Or both. Now, you can actually have a whole career based on the ethical hacking side of helping companies to secure their systems, cybersecurity, that whole thing. It covers everybody now. There's no company that doesn't have some sort of online presence or some need for security. Even if for your mom-and-pop shop, chances are you have a point-of-sale system that is somehow connecting to the internet in order to do things. And so, I think that notion that you can actually have a legitimate career as a hacker, I think is awesome and I think it really does speak volumes for where we've come in society from a backroom sort of in the dark type world to really in the forefront.
Joseph Carson:
Yeah, let's go back to David's part. When I started my career, it was 1991 when I started university. That's where, basically, I got into choosing. I had a crossroads in my youth. One was becoming an artist and the second one was going into computer science and I chose wisely… But I kept the artist part of me going, but one of the things was security wasn't a job, it wasn't a role, it wasn't a career. It was something that I did as part of my job. I was an assistant administrator. I was a network infrastructure. I was computer science. Security was a component. It was one of the things that I had to do as part of the overall job of keeping the business running. And even to the point that a lot of the things I was doing were run automation. I was putting defibrillators in ambulances and EPG readings and connecting them through old NOKIA 3200 phones back into emergency rooms and then sending patient data before the ambulance arrived at the emergency room so that doctors can pre-diagnose victims as they were arriving.
That's what we were using technology for. It was to make the world a better, connected, safer, and looking at, really, the world being people. And it was in 2002 when I was responsible in a network operations center and it was when I became a secondary victim of a major DDoS attack. I don't know, David, if you're familiar with Steve Gibson? He runs a security podcast. Is an amazing guy and at the time, that single event, his GRC Gibson research company, that was a victim of the same DDoS attack that we were a secondary victim of. That was my transition. That one point in time that DDoS attacked the GRC.com would turn into an amazing whitepaper. I love reading Steve Gibson's report that he wrote on it about this 13-year-old, script kiddie hacker who just, one day, decided to turn his bot … against this company and reading even the communication that they had.
It was that one point in time. That's where my career changed, that's where my direction was about network … before that, it was network connection, and then all of a sudden, that DDoS attack changed me into being focused purely on that point in time, forwards, in cyber security. Yeah, who would've thought, even today, that this would've become actually a job? Breaking into internet banks, not physical banks, and would've actually turn … full-blown career. Even now at university, I was actually a mentor and do people's thesis under cyber security masters course, here in Estonia. Giving direction in their thesis as well and even found out last week that one of the videos I had done in the industry is now being used to educate people at Liverpool University. So, it's amazing how far we've come that you can actually have now a completely dedicated career in this area. It's amazing.
David Scott Lewis:
It is. It really is. Looking back from those days, yeah, it was not obvious this would happen.
Joseph Carson: Right.
David Scott Lewis:
Maybe a warpath into the NSA or in some sort of signal intelligence … perhaps. Because we're no … ham radio operators, right. So, that just kind of makes sense, but the way it evolved, no, I don't think anybody... Nobody back then saw really saw that.
Joseph Carson:
Absolutely. Mike, any other thoughts or comments that you want to cover?
Mike Gruen:
No, I think we've covered the full gambit. Everything from movies to books and some real-life stuff. So, I think things are in great shape.
Joseph Carson:
I wanted to make comment to you. One that has also made an influence, probably not a major, is, of course, the movie Tron. That's one that definitely kind of, we saw some time as well, but it was one that influenced more of the kind of visual and the gaming aspect of things, for me. Because that's always something I continue to do. When you want to basically get back and keep your thumbs really tired, nothing like getting into a good game console. So, it's a pleasure. Thank you, David, for coming on the show. It's amazing and great to have you here. Hopefully, it's been an interesting conversation, kind of going down memory lane because I think it's really important for the audience that listens to this show, kind of where it all comes from. It's important to connect people with the past and things that really shaped and influenced where we are today. And we've been in the industry a long time and David a little bit longer.
Through our passion and hopefully, sharing and educating and showing people it's important that you know the basics. You know basically getting into work and even sometimes getting a little bit hands-on with hardware. I've got a couple of ham radios behind me, which I always venture back into. And it's really important for the next talent and the next future that comes in this industry that we keep providing the resources and things that do stand in time that provide additional education. Make sure, again as Mike mentioned, it's important that we keep their moral compass. We keep it down the path of ethical. And I think hopefully, David, I know the world is a bit of chaos right now, political directions are going different ways, but what I do find in these times of pandemics and situations, political or … and other things, is that technology does bring us together.
It's one thing that connects us and one thing that is the common language in many cases across different cultures and hopefully that will provide an influence to reverse some of the things that are currently happening. And hopefully technology will be used to bring us much more closer together and provide a much more safer society looking forward. So, it's an absolute pleasure having you on the show. Is there anything you wanted to share with the audience or any thoughts or last-minute comments?
David Scott Lewis:
Well, I think your technical-optimism is a great way to end this. I want to thank you guys for having me on. Mike, we've never met before, so it's nice chatting with you. And Joe, you're always a delight on our time together. So, thank you for letting me share some of the memories. … And now we need to look forward to a really good AI-based, cyber-grand-challenge-based movie. That's where I see the direction going. That's where it's going to go next. Quantum computing. More quantum than AI, but also quantum, but also AI.
Joseph Carson:
Yeah, absolutely. Mike, any last-minute comments for the audience.
Mike Gruen:
No, I love the idea of the quantum because that will break all of our modern encryption I have the screenplay in my head already.
David Scott Lewis: Let's do it.
Mike Gruen: Let's do it.
Joseph Carson:
We can do it. Anyone who listens to the podcast, is in movie-making, that really wants to take this to the next level, in reality, we're all here to be advisors and consultants and share our thought and ideas-
David Scott Lewis: Absolutely
Joseph Carson:
Because, absolutely, on the show, we have the right people. And again, at that point, it's a pleasure, David, having you on. I look forward to seeing you in the future. You're going to be closer to me in the near future so, at some point, I'll make a hop over and we'll grab a drink or some dinner together. Mike, next time I'm in DC, I have no idea when that's going to be-
Mike Gruen: But I'm sure we'll see each other.
Joseph Carson:
... Opening up, but I'm definitely sure we'll catch up. So, for the audience, again, many thanks for being on the show and listening to us going on about things that really shape where we are today. And again, for this podcast, it's every two weeks. Subscribe wherever the subscription is. Follow us. Listen to us. Share us with your friends and look forward to every two weeks, come catch up with us and very exciting new topics. Thank you very much. It's been a pleasure. Have a safe day and goodbye.
Outro:
Learn how your team can get a free trial of Cybrary for business by going to www.cybrary.it/business. This podcast is also brought to you by Thycotic. The leader in privileged access management. To learn more, visit www.thycotic.com.