SIM Swap Attacks: EVERYONE is a Target - Mark Kreitzman (Bitcoin Talk on THE Bitcoin Podcast) - THE Bitcoin Podcast

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
The sim swappers don't care.

(00:01):
If they can spend 20 minutes and take $3,000 from you,
that's pretty good payoff.
But at this point with all these data breaches,
it's made it so easy that everybody's become a target.
["The Bitcoin Podcast"]
Greetings and salutations, my fellow pubs.

(00:24):
My name is Walker and this is The Bitcoin Podcast.
The Bitcoin time chain is 852632
and the value of one Bitcoin is still one Bitcoin.
Two days episode is Bitcoin Talk
where I talk with my guest about Bitcoin
and whatever else comes up.
Today, that guest is Mark Kreitzman.

(00:44):
Mark has over 20 years of experience
in enterprise cybersecurity
and is currently the general manager
at Afani Secure Mobile.
Afani is a cybersecurity focused mobile service provider
that offers secure plans on Verizon and AT&T networks.
But unlike Verizon and AT&T,
Afani protects you from sim swap attacks.

(01:06):
You may have heard of some high profile Bitcoiners
like Mark Moss, Preston Pish, and Jeff Booth.
All get sim swapped fairly recently.
So I thought it would be a great idea
to do an episode devoted just to this.
If you do not know what a sim swap attack is, that's okay.
Don't worry, you're about to find out how it works,

(01:26):
why you should care, and how you can protect yourself.
Mark also gives some great general tips
on how to lock down your digital life,
which I think you're gonna find really useful.
I've also partnered with Afani.
So if you wanna get $99 off your plan,
go to afani.com slash walker
and the promotion code will automatically be applied.

(01:47):
That's E-F-A-N-I dot com slash walker
or just go to the show notes.
Speaking of show notes, if you'd rather watch this show
than listen, head down to those show notes
for links to watch on YouTube, Rumble,
and now on Noster via highlighter.
But if you're like me and you prefer
to just listen to your podcasts,
I highly recommend you check out fountain.fm.

(02:09):
Not only can you send Bitcoins your favorite podcasters
to give value for value, but you can earn Bitcoin
just for listening to this and other podcasts.
And if you're already ahead of the curve
listening to the Bitcoin podcast on fountain,
consider giving the show a boost
or creating a clip of something you found interesting.
Finally, if you are a Bitcoin only company,
interested in sponsoring another fucking Bitcoin podcast,

(02:31):
hit me up on social media
or through the website, bitcoinpodcast.net.
Without further ado, let's get into this Bitcoin talk
with Mark Kreitzman.
Mark, thanks so much for joining.
I'm excited to pick your brain a little bit today.

(02:53):
I think there's a lot to dig into here.
Absolutely, looking forward to it.
You know, so I was pretty eager to take this call with you
because I think that the topic of simswap attacks
is one I've been personally aware of
for a decent amount of time,
but then it feels like in the past six months or so,

(03:15):
I personally know multiple people,
some of whom are higher profile folks
who have run into some really significant issues with this.
And I think it's one of those topics
that people maybe don't educate themselves too much on
until it's too late.
So I've got a lot of kind of questions
about getting into the nitty gritty of that,

(03:35):
how you guys do things at Afani.
But I wanna maybe just start out
so people kind of know you, know your background,
know what you're bringing to the table here
and why this is so important to you.
Can you just start us off by just telling us,
who are you, how did you get here today
to be doing what you're doing?
Yeah, absolutely.
So I was born a tucky and I got into the startup game

(03:57):
in the cybersecurity business before it was called
cybersecurity.
I think I joined 2001, company called Big Fish thinking,
what did I do?
Because I worked for AT&T at the time
and changed the name to Frontbridge.
And I worked for a couple of different founders.
So Frontbridge was an email security company
and that got purchased by Microsoft.

(04:19):
So I had the taste for startups.
So I went to a cloud based web security company
called ScanSafe that was acquired by Cisco Systems.
And so again, the thought of going back to a big company
just wasn't something I wanted to do.
So I went to another startup out of Southern California

(04:39):
that was in mobile security.
And so I worked for them for a couple of years,
for about six or seven years.
And then I was kind of in between projects.
And then I ended up getting SimSwap myself.
And so I was kind of playing around with my own startup
in crypto.
Around 2016, I started getting into Bitcoin.

(05:02):
And then in 2017, 18, I wanted to have my own startup.
Then I got SimSwap and then that became my career.
And it was a painful experience.
But I searched out the only person who
would claim that they had solved it.
He happened to be part of a startup that
was building a big Bitcoin ATM network.

(05:23):
So he hit it off.
And he had solved it for himself.
So the first thing that was done was established
the name of Afani.
And it's been now almost five years under the Afani brand.
We're coming up on five years, somewhere
around November of this year.
And so I've been involved with this

(05:43):
will be probably my 10th or 11th year involved
security in around.
You've got the pedigree for it.
And unfortunately, the personal negative experience with it
to kind of move you in this direction.
And it's funny to me because we still call these phones.

(06:04):
But it's our lives in our pockets, basically.
And I think that's what people we kind of intuitively know it.
But we still call them phones.
And that's maybe it's a computer that
holds basically all the secrets of your life,
all your access to everything.
And you carry it around with you everywhere you go.
And then you trust some big companies

(06:25):
that you assume are pretty secure to take care
of the back end of that.
And obviously, problems happen.
I'm wondering if you don't mind discussing a little bit
of the specifics of what happened.
So you were sim swapped.
You were in fact a victim of what now your company Afani
is working to prevent.

(06:45):
Can you talk about that experience a little bit
for anybody who hasn't gone through that?
Hopefully you never will.
But you might.
So can you kind of just walk through like what happened?
How did you figure out it was happening?
What did you do?
Yeah, absolutely.
So at the time, I had 19 years experience
of building cybersecurity companies.
So I thought I had it totally covered with my carrier.

(07:07):
And I had actually changed the rules and my profile
that to make any changes on my account,
I had to be there in person with both the driver's license
and a passport.
And you know, the pen and everything.
So I thought it was the last thing on my mind.
So I was driving to visit my parents.
And I happened to be in the middle of the Arizona
desert between Phoenix and Tucson.

(07:31):
And so I was talking to my dad.
And I was like, oh, I'm going to be there in about 50 minutes.
And then the call gets cut off.
And so I thought, well, I'm out in the middle of nowhere.
So the carrier must have just lost coverage.
And then an air came up, said no network detected.
And so I started to think, oh, no,

(07:52):
did my mobile account get stolen away?
And I started to kind of get panicked.
And I'm looking around.
I don't always see the desert.
So there's no Walmart.
There's no pay phones at gas stations anymore.
And so I either had to go to the nearest Walmart.
It was like 30 minutes away and beg

(08:13):
somebody to use their phone.
Or just 45 minutes and go to my parents' house.
So I chose to go directly to my parents' house.
When I got to the garage, the Wi-Fi kicked in.
Six passport resets went up right at my phone.
And that's when I knew, OK, I suspected that's what happened.

(08:33):
Now I know that's what happened.
My mobile account is stolen away.
So I run in the door.
And my dad wanted to hug me.
And like, oh, because he hadn't seen me in a while.
I'm going into your office.
I got an emergency.
And I called the carrier.
So they thought I was the hacker.
And that's what they were saying.
Like, how do we know you're not the hacker?
So the verification took longer.

(08:56):
And then I'm like, you know, I panicked.
And I called you on my phone.
I dialed the 6-on-1 and get to him.
And I'm like, how am I even talking to you?
Is there some feature on the phone
that allows me to call you even though my son is in it?
And he's like, no.
That's a good question.
So he looks.
And he says, oh, what they did was they moved your account back.

(09:18):
So they stole my mobile account for 61 minutes.
And then they moved it back to my phone to hide it.
And at the time, I was like, OK, great.
Well, I have my account back.
But then as every hour on 5, I have to sleep at some point.
So for the next 90 days, I wasn't sleeping.

(09:40):
Because every time I went to bed, I was like, man,
are they going to take my mobile account away and push it back?
And so if I woke up at 3 in the morning, 5, 7 in the morning,
every time I look at my phone, do I have LTE?
And so I didn't use Wi-Fi for a couple months
because I thought that would mask the issue.
I'd wake up and I'd have my Twitter updates, emails,

(10:01):
and I think nothing was wrong.
And so it was through that pain that I thought somebody had
to solve it.
And there's reactive solutions.
There's mobile apps that'll claim that they'll let you know
that you've been since swapped.
But after you've been since swapped,
and it's kind of irrelevant.

(10:21):
And so made the right connection,
had the right level of pain that I was willing to do
this whole new start-up and drop what I was doing.
That's how painful it was.
And so now, 4 and 1 half years later, here we are.
And we've grown a big amount this year.

(10:42):
These data breaches that keep happening are pretty scary.
So every time one of these happens,
I'm just very thankful that I'm working for a FONI,
but that a FONI exists.
I can imagine that 90 days was not very pleasant whatsoever.
Worried and sleep deprived.
I lost cloud information.

(11:03):
I lost some crypto.
They got into a bank app, but they chose.
I had a few bank apps on my phone,
but they chose the bank app to get into that.
I barely had any funds in it anyways.
And so, yeah, it's kind of scary when they get it,
when they get that kind of access to think,

(11:25):
like, who could that be sold to?
Am I going to get attacked a year from now,
or a year from now?
It definitely plays on your mind.
No, I believe it.
And I mean, it's one of those things too,
where it was probably almost a little bit more disconcerting
that they were the ones who gave you the access back.
Like, they flip-flopped it back.

(11:46):
So it's like, okay, they were only in here for 61 minutes.
They clearly got something that they wanted,
and then got back out.
If you would have just been in the middle of the desert,
and maybe you didn't have the service
from the carrier in general,
maybe you just wouldn't even have noticed
if you hadn't been on the phone with your dad.
So I guess that's a fortunate thing.
And I'm wondering, because I want to get into,

(12:09):
as well, exactly how a FONI works,
and kind of what your mission is there,
and how you're taking care of people.
But I think first, just for anyone,
they've heard this personal experience of yours,
but they still may be wondering, like, okay, wait,
what do you mean, sim swap attacked?
Like, how does that actually work?
So can you kind of walk through a little bit

(12:31):
of the mechanics of the typical sim swap?
Are we talking just general social engineering?
Are we talking some sort of a technical hack?
Are we talking inside jobs?
How does this actually work for most sim swap victims?
Yeah, so it's always good to define what a sim swap is.

(12:51):
So there's a legal sim swap that sometimes people call it port.
And so let's say you have an iPhone 11 today,
and you go by the iPhone 15.
So when you go to the store,
obviously the store, when you get the new phone,
and you say, okay, I want to move my phone number
over to this new phone.

(13:12):
So that's a legal sim swap.
They're changing your mobile account
to point from your 11 over to your 15.
And each of those phones has a sim or e-syn
that your mobile account points to.
So what a sim swap attack is,
is where a nefarious person gets your carrier

(13:34):
to point from your iPhone 11 over to their phone.
And they could be your next door neighbor,
they could be 4,000 miles away.
And now your phone goes dead,
but your mobile service is now pointing to their phone.
And now they have access to your voice, your data, your SMS.
When they call somebody, it's coming up your phone number

(13:56):
when they text somebody so they can impersonate you.
But what the main thing they're trying to do
is to figure out then what applications you use,
and then just say forgot password,
forgot password, forgot password,
all the way down the line,
and also then it was like an authenticator app.
And so if they say, hey, I forgot my password,

(14:19):
and it says enter your six-digit authenticator code
as an example.
So now they know that, okay,
this person was using authenticator code
so they can try and get into your emails
and daisy-changing that,
and then try and reset your authenticator app.
And so if they're a professional
and you give them enough time,

(14:41):
then they're gonna break into everything
that they possibly can.
And it's not always about money,
it's not always about crypto,
it can be just about pictures and data and tax information,
something to harass you,
something to blackmail you with, dating apps,
anything that they can,
to either gather your information for a later attack

(15:03):
or to sell it, including trying to rip you off
at that moment.
And in terms of how they're doing it,
so social engineering is the easiest one,
where they would call up and pretend to be me.
And there's really no penalty for this, right?
So if I went into a phone store
and I pretended to be Mark
and pretending to be somebody,

(15:26):
and they can't verify me,
then there's no penalty,
I just leave, I go to another store,
try it over and over and over.
And each time they may learn,
like what information do I need?
And, but they'll go in there with fake IDs
or they have a buddy that works at the store,
like a third party store,
who will do a fake, the verification

(15:46):
and just pretend like it's the right person and verify it.
But there's also insiders, there's also bribes,
that you can find this online,
cops have arrested a number of people that have taken bribes
and that we've seen it range from anywhere
from $300 to $3,000 just repetitively like since a lot of people.

(16:10):
And I'm sure like these insiders,
where they work at a carrier,
they're probably got to cut and target people
and go for a big amount.
Because people are losing, especially in the crypto space,
Bart Stevens, the founder of blockchain ventures,
he lost $6,000 a bitcoin on a SIM swap.

(16:33):
And what somebody did with him was they impersonated him,
they went into a store and then he bought a phone
and a line off of his account.
And so a lot of people don't think,
they kind of forget,
they've given the carrier their social security numbers.
So in a sense they signed up for traffic.
So somebody went in buys a phone and a line as account,
then they go home and call the 800 number and say,

(16:54):
and they're calling from a line on your account now.
And they've got a phone, they didn't,
the device ID and the NZ number is gonna match the record
with the carrier, it's as much easier to impersonate.
So they call the carrier and say,
oh, I wanna move my old line to my new phone.
And so that's what they did to Bart Stevens,
that's one of the faster growing methods.

(17:16):
And I thought about doing a video on it,
but I don't wanna create like 10,000 more SIM swappers
by telling them how easy it is to do that.
But the one thing that's really,
there's two things that are feeling this though,
is one is AI tool.
And so, a lot of people kind of forget

(17:36):
that their entire life is a profile
and related to their mobile number.
Like I don't need to know somebody's name, their history,
if you just give me their mobile number,
then it's very easy to use these tools
to go three layers deep,
but every job you've had,
every address you've had,

(17:57):
every landline, every email associated with you.
And so people can now like test ahead of time,
they can figure out what are all your emails
associated with you, then go into Coinbase
and just say forgot password and test each one.
And you know, see what they kinda, you know, they get.
The other big thing that's feeling
are these data breaching.

(18:19):
And so I don't know if you've read about this data breach
that happened, but they just announced last Friday.
But it was a company called Snowflake.
And there was 160 companies
that had loaded customer data up into Snowflake.
It's Snowflake's one of these big data companies
that allows analysis of this data.

(18:40):
And AT&T was one of those.
So AT&T loaded up 110 million records into Snowflake.
And they also used call records and SMS records as well.
And Snowflake only used the login and password.
They didn't use an authenticator app.
They didn't use even SMS verification,

(19:01):
no UBIKI, nothing.
And so these hackers find out about their lack of security
and they start sending out malware to people's devices
to gather login information.
And so AT&T's 110 million customers.
And it was dated in 2022.
So it wasn't recent data, but it was the second half of 2022.

(19:23):
And hackers took 110 million records from that.
Of just AT&T, but they got Ticketmaster,
all their customer data, advanced auto parts
had 2.3 million people.
And that includes social security,
all this PII information about the people.
And so the total amount of millions,

(19:45):
it must be like 150 million plus, I'm guessing,
but AT&T took the brunt of the news.
And this actually happened, they discovered it in April.
But our federal government said,
well, for public security, we have to hold this announcement.
And so they finally announced it last Friday.
So I don't know how that is helpful

(20:07):
to not let everybody know,
but it uses these companies,
it's like a lot of big name companies.
And it's crazy that they would load up
all of their customers' data in a third party tool
without asking them like how secure is that.
So that's information where these AI tools,
you run it on that.

(20:28):
And social engineer now, these carriers.
So imagine the information to do like tax fraudsters
where they file early, your taxes early
and have the refund sent to certain address
or identity fraud, taking out loans, people's names.
These companies, there's gonna be a massive loss.

(20:52):
It's gonna be a massive loss.
It's insane to me that this snowflake didn't,
that their own internal security
to protect 150 million records was so lax.
I mean, that's just insane.
No, I've been in a startups where I know,

(21:12):
you can just know there's probably one guy
that multiple people went to and said,
like, don't you think we should have security?
And there's probably one guy who's like,
yeah, we don't need it or we'll do that.
And it's like, yeah, it's very unfortunate.
People just don't really know about it.
I mean, it's hit the news, but not like,

(21:36):
it's not like a national.
And that I've seen anyway, but like security publications
is pretty big.
I mean, and again, it's because we are
in a digitally connected world, I think,
we as humans maybe still haven't caught up to the fact

(21:56):
that perhaps some of the younger folks have,
like they've just grown up as digital natives.
They may be intuitively know a little bit more,
hey, it's out there.
But for folks that are on the older end
or middle age into the spectrum,
like this is still all kind of a new frontier
where literally there are fingerprints and footprints

(22:17):
to everything you have done, like you said,
to all of your past addresses,
to anything you were connected to,
and it's just out there.
And odds are you've probably been involved in one or two
or more data breaches that you're not even aware of.
Like, unless you're, and even if you are monitoring these things,
you know, you're checking to see, OK,

(22:37):
is my information appearing on various dark websites.
Even then, there's not so much recourse for you.
It's like, it's out there.
You know, the genie doesn't go back in the bottle.
You're kind of screwed.
And so I think the more information
that's out there about people,
it's like, well, that becomes a lot easier
to construct target maps of, OK, what kind of,

(22:59):
if you are, if we're talking about a sophisticated group
of people who are doing this as a, you know,
a business, an illegitimate business,
but a business operation where they're saying, OK,
let's find the best possible targets to then take
and go simswap these people and strip their lives
from their mobile devices.
Like, it's kind of a terrifying thing.
And I feel like most folks would rather just not think

(23:21):
about it, like, OK, it's not going to happen to me.
It's, but, I mean, but this isn't just big name
celebrities that we're talking about.
This isn't just, you know,
Bitcoin millionaires that we're talking about.
Like this happens to normal people.
I don't know if there's just any kind of stories
that you have to bring that home a little bit.
So people understand, like, just because you're not a big name

(23:43):
or some public, you know, some public figure,
like you're not immune to this.
In fact, they may look for that
because it's some lower hanging fruit.
You probably have lower security.
Maybe you're not as attuned to these threats
that are coming your way.
Yeah, so it certainly if you go back like four or five years,
it was it was mainly like VIP sort of really like celebrities.

(24:03):
And then it became the targets
and influencers are trying to take their YouTube account away.
People spent eight years building up and then rancid in the back.
When crypto came along, then that took, you know,
that was basically like 99% of the target for a while.
And so definitely if you're into crypto in any way,

(24:24):
then you are a target and it doesn't like if you,
you know, own your own jet or you only have like $2,000
with crypto, the sim swappers don't care.
If they can if they can spend 20 minutes
and take $3,000 from you, you know, that's pretty good payoff.
But at this point with all these data breaches,
it's made it so easy that ever that everybody's become a target.

(24:48):
We've all been, you know, in data breaches.
I mean, we we're actually releasing a tool
and we're hoping to do it by the end of July,
but we call it phone number scan,
we put in your mobile number and it's going to show you
how easy it is just to get some basic information on you.
And we actually released this body of data breaches

(25:10):
this about 18 months ago is kind of like a pilot.
And at that at that point, it searched these databases for like,
is your information part of any data breach?
And so, you know, I did it on my number and I was part of one
of the biggest data breaches there is.
And and so I would be surprised at this point

(25:31):
if somebody could be alive today and have a mobile phone
for four or five years and not have been part of some kind of
debris, whether it's like a travel bureau or the government
or, you know, hospital system at this point.
And so it's just it's kind of a matter of just kind of when
you're going to be the target.

(25:51):
And there's only so many, you know, hackers out there.
I guess that's the good thing is so much data has been released
and it's made so many targets.
So that may be the only defense that somebody has is that
so many people not going to be targets
and there's only so many hackers.
But, you know, the more that these hackers have tools to break in,

(26:14):
you know, certainly AI, I mean, I had a long conversation
with this guy from AI and I just ended up, you know,
scaring me more about what, you know, where he said AI was going
and, you know, his prediction is that it won't be very long
where a hacker could actually ask AI, you know,
how would I have mark, how would I hack this person after us?
And that it would look at their profile

(26:34):
and what applications they use or mobile service they use
and look at all these elements and actually come up with a plan
of like, here's the weakest link
and here's where they may be the most horrible
and here's where you may be to get, you know, the most money.
And it's really just a matter of time
like all our information gets uploaded into, you know,
these AI tools.

(26:55):
And I don't know how you prevent it.
I think that's kind of what Elon Musk is warning about.
It's like, you know, right now, like if our information gets
loaded into like one of these data brokers,
like your criminal record, you know, you can pay services
to go and have it removed, right?
And then 30 days later, it'll be loaded back in
because they have web crawlers.

(27:16):
So you can pay people that continually,
that they're going to look for that and delete it.
But once information gets loaded into AI, you know,
who are you going to go to at that point and say,
hey, you got to remove that?
And right now I'm out of order of that, you know, existing.
And so I'm sure somebody's going to turn AI into,
it's kind of in a very small bit.

(27:36):
But, you know, right now that, you know,
the AI is not really needed.
I mean, it's just going to make it easier.
There's just too much information on all of us out there
to, for these bad people to, so easy for them.
It's like, why not do it?
Like the risk of them getting caught.
Like I said, like you could call on me,
you know, somebody can call and say they're me to every carrier

(27:57):
to try it 20 times and there's no penalty.
Well, I mean, that's the thing is that, you know,
we're using terms like hacker and things like that.
And for when we're talking about these large data breaches,
like, yes, that's people who have some,
usually significant proficiency are doing,
are executing those breaches, are, you know, putting that,

(28:18):
you know, sending out that malware
and are extracting data afterwards.
But it seems like when it comes to, to sim swap attacks,
it's really actually not like,
it is more of a social engineering game.
So if, yeah, if, you know, anyone without any,
you know, you don't have to be a,
a genius computer programmer to go and buy some information
off of the dark web to then put together a list of people

(28:41):
you want to try to hit and to make a bunch of phone calls.
Like that's a, that's a pretty low, low skill,
maybe high effort for now, but pretty low skill endeavor.
So I think that's the, that's kind of the scary part to me
is like these aren't necessarily geniuses executing this.
They've just figured out how is this system working?
What do I need to say?
What are the right things I need to,

(29:02):
to tell the customer service agent or you're working with,
or even better, you've got a man on the inside, perfect,
that that's going to save you a few steps.
But it's, it's worrisome.
And I think that it's something that people do need
to be thinking about.
And especially, you know, as, as bitcoins price continues
to rise, which we all know that it will over a long enough

(29:24):
time price.
And it's like, you're what you may think of as, you know,
yourself as an insignificant little, little fish swimming
amongst these whales.
Well, you start to become an even more attractive target
to people.
And again, that's, that's a little disconcerting, you know,
a little bit of Bitcoin now is going to be worth a lot
of fiat a few years down the road.
So it's like, these are things you want to be thinking

(29:46):
about now kind of putting best practices in place.
And, and with that, I'd love if you could just talk a little
bit about, okay, because we've now terrified everybody a
little bit with the problem.
Uh, you know, hopefully not too much, but can you talk a
little bit about how does Afani work?
What exactly makes this different than a traditional

(30:08):
plan that you have directly with a carrier?
Why is this something that people should be looking at?
And, and what sort of, you know, assurances do they have
that the same sort of thing isn't just going to, to happen,
you know, with, with Afani that does with AT&T or T-Mobile,
Verizon, whatever carrier they may have.
Yeah, absolutely.
And then just to address a really good point you made

(30:29):
is, because I've often said like hackers is actually
complimenting these people too much, just making it seem
like they're smart.
Cause, cause, uh, there's a 15 year old kid that stole
around 26 million.
And, and, and there's been a bunch of teenagers that have,
that have been busted, you know, they, they made mistakes.
They went out and spent too much money and, and then ended

(30:50):
up getting caught cause they just sounded very smart.
But, uh, but that was a very, very good point.
It's not about coding.
It's about, uh, really social engineering and, uh, and,
and if anything 15 or 16 year old kid may be better at
AI tools than a, I don't know, a 50 year old.
Um, but in terms of what Afani does, it's very simple.
So we're set up as a reseller of AT&T and Verizon.

(31:14):
And, and I'll use the AT&T option as a, as an example.
So, uh, obviously you can go up by eight directly from AT&T.
And that means AT&T has all your information, your address,
your payment information, your social security number,
all the things that they would collect today and all the
carriers do, but you could also buy AT&T through Afani.

(31:34):
And what that means is that Afani owns that account.
They're not an AT&T customer.
There are customers.
And so one of the differences is that, um, when you,
when you put your number over to Afani, we then,
we lock it down and then everything we do after that is
manual. And the reason that's important is because this
industry is barely loose in a sense that like we have

(31:57):
portals that give us access into every mobile operator in the
U.S. So if somebody calls us and they're like on Mint Mobile
or, um, Google Fire, you know, T-Mobile, Verizon, they say,
like, okay, I want to move my account to Afani.
We don't need to talk to their carrier in neither today.
They give us a couple bits of information and we can pull

(32:19):
them over.
And so that's the reason why when we port somebody over,
we're separating basically the world from being able to do
that.
But all the carriers have done this because they have so
many people that leave and come, you know, to their service
every single day that they want to make it super cheap if
you want to leave.
They don't want to have to talk to you and just like, okay,

(32:41):
we're going to leave.
And so the other thing that we do, it's different, is that so
we don't give the carrier information.
But the carrier doesn't have your name.
We don't even take your social security, but they don't have
your name, your address, your payment information that they
normally would.
And so our customers are hidden behind Afani.

(33:01):
And then Afani, we also use a front for ourselves too.
So to the carrier, like AT&T, it just looks like you're an
autonomous executive that works for a company that they don't
know who they are.
And so we're trying to make it as anonymous as possible.
So we're also locking out all of AT&T and Verizon, all their

(33:25):
employees, their stores, their third party stores, independent
retailers, and independent stores, because those stores
don't vet people as much as a national owned store.
And what we're doing is we're eliminating all the middlemen
who can be tripped, bribed, part of the deal, they can be the
hacker themselves.

(33:46):
Or every time you call the 800 number, they can be
collecting your verification information.
And then get a list of that and then sell it to StemSwap
hackers or put it on the dark web and sell it.
And so we're eliminating all of those people in the middle
that have some control and influence over being able to

(34:07):
report somebody's number out.
So we provide the 24 by 7 support.
And that's by phone, chat, messaging.
And we also provide people any support email when they become
a customer.
And then we have just more stringent verification
process.

(34:28):
So we're doing things that they would not be able to afford
to do.
The carriers would become non-profit if they were
trying to do what we did.
And so we're providing the network.
So we're providing the voice data, SMS.
And we provide it globally for anyone that travels globally.

(34:48):
Wi-Fi calling, hot spot, and all of that.
But you give the privacy from the carrier and all their
marketing, and they sell data, third parties.
And then you also get a StemSwap security.
But we also provide a $5 million insurance policy.
And so the easiest way to sum up our business is we sell
mobile security.

(35:09):
And our job is to protect that insurance policy from
ever being used.
Because that's our business.
That's our reputation.
That's our business.
Whereas what the carriers have done is they've slipped in
arbitration clauses.
And so if you get StemSwap, like let's say Bart Stevens
wanted to sue his carrier, he's most likely going to find

(35:30):
that there's arbitration clauses.
He's going to have to get an arbitration attorney, sue
him.
And so I talk to a number of attorneys.
Because I've been asked to be an extra witness a number of
times.
And I've never accepted it.
But I have attorneys that contact me to represent their
victim.
But because I don't have time for it, and I'm not trying to

(35:51):
make money by the hour.
But what the attorneys are telling me, they're settling
for around 35% to 40%.
And then they take their fee out of that.
So if you lose 100 grand, you're probably going to be
lucky to get 40.
And you're going to have to pay your attorney a percentage
of that as well.

(36:12):
And then you get probably an apology letter from Gary.
And that's about it.
And it was interesting the last time I got asked to go.
The attorney had eight cases.
And the same judge in all the cases.
And so he said that the attorney had no idea where StemSwap
was, wasn't technical.

(36:33):
And the carriers defense was that every carrier is StemSwap.
And therefore, it's been normalized.
And because it's normalized, we should not be held
accountable for something that is just normal in the
industry.
Like tires go flat.
And things happen.
And I thought, that's kind of an interesting defense.

(36:55):
I've never really knew that normalizing something could
actually be used as part of the defense.
And he said, you guys had never been StemSwap, right?
Yeah, I said, that's why I want you guys extra wages.
And I also know one of the main guys that gets called into the
report to the carriers.

(37:16):
He's also one of our biggest fans, too.
And so it's interesting to see what's going on.
There's law firms out there that are now specializing in
StemSwap law.
And he's, and especially that data breaches that result in
StemSwap.
So it's bad enough for attorneys.
And of course, I get a lot of attorneys to call me up saying,

(37:39):
OK, I'd love to be your partner when you get to talk to a
victim and send me a victim.
And I'll help and recover their money.
So I get to see both sides of the victimhood, which happens
even by the attorneys, too.
It's interesting to hear that they would use that as

(38:00):
defense.
Well, it's like a company that sells poison food, being
like, well, all the companies sell poison food.
But I guess then again, if you've got, I mean, we're
talking about carriers make a massive amount of money.
They're incredibly interconnected into
everything that we do.
They're obviously working hand in hand with the federal

(38:22):
government.
And they also obviously have incredibly powerful lobbyists
that work for them.
So you know.
And they're the second largest advertiser behind Big
Pharma on national news.
And that's one of the reasons that's my theory as to why
you never see this on national news.
But if you search on YouTube for local news, StemSwap will

(38:43):
see the Dallas channel, Los Angeles, cities, all local
news all over, born like their elderly people,
like Grypto, and that kind of news is all over the place.
So on national news, the only person who's ever really
talked, made it that I've seen that made a negative statement
about the carriers was Lou Dobbs.

(39:06):
It's been on Fox Business News, where he did a news clip on
how federal government bought everybody's location data
without a warrant.
And then three days later, he was let go by Fox News.
Probably not related, but you probably don't want to say
anything negative about the pharma industry or the

(39:28):
telecom industry, because they're paying like 97% of your
advertising for the stations.
So that's kind of the environment that we're in.
They're great companies.
It's kind of amazing talk, right?
Right.
You have this cellular device anywhere in the world.
So I don't want to like, I mean, they're not bad.

(39:49):
They're not bad people.
A lot of great people have worked at them, but they're
huge and there's too many vendors.
Like I was going to do a video on all the different vendors
that make up just to make a text call, make a phone call.
And I sort of map all this out of a call, all the different
areas that companies, if they got hacked, you lose this.

(40:10):
And the video would have been a three hour.
And I thought nobody's going to want it too much.
And people think ATT owns their own cell towers.
And Verizon, they don't.
Like there's 108 different cell tower providers.
And these cellular companies, these space, all these towers.
And text messages are outsourced to different companies

(40:33):
that handle fax.
And so we're relying on so many companies that do one
transaction on the internet.
And all it takes is one rote person at one of those
companies.
And that's why we used to not sell on privacy.
We used to really just sell on sense swapping.
And the fact that Carrier didn't have your information

(40:55):
was really more of a quiet thing where it makes it
harder for somebody to ever sense swapping.
Because they can't walk into a store and pretend they're me.
Because the store can't eat can't access my mail.
But after T-Mobile got breached multiple times
and Verizon then breached, now AT&T

(41:17):
said two breaches in the last.
They've announced two breaches in the last 90 days.
So they announced just three months ago, two months ago.
I think it was in May.
They lost 74 million records.
And now 110.
So some people's information's out there twice.
And so now also the privacy, the fact

(41:40):
that Carrier doesn't have information,
he can steal what doesn't exist is now one of the reasons
people are switching to a phone.
The absolute best and only way to make sure your Bitcoin
are truly safe from hackers, sim swappers, and 15-year-old
kids with way too much time on their hands
is to head to bitbox.swiss.

(42:02):
Slash Walker and use the promo code Walker for 5%
off the fully open source Bitcoin only Bitbox O2 hardware
wallet.
Then get your Bitcoin off the exchange
and into your own self-custody.
Again, if your Bitcoin is in cold storage,
even sim swappers can't touch it.
The Bitbox O2 is easy as hell to use,

(42:24):
whether you're brand new to Bitcoin
and it's your very first hardware wallet
or you're a seasoned psychopath.
And you've got more wallets than you'd like to admit.
It is Bitcoin only.
And yet again, it is fully open source.
You can head to their GitHub and verify that for yourself.
There's no need to trust me or Bitbox.
When you go to bitbox.swiss.walker

(42:45):
and use the promo code Walker,
not only do you get 5% off,
but you also help support this fucking podcast.
So thank you.
Now, a lot of you listening to this show
may already be deep down the Bitcoin rabbit hole,
but if you're listening to this podcast
and feeling a bit overwhelmed by all of this,
don't sweat it.
Bitcoinconsulting.us has you covered.

(43:07):
Some people go down the Bitcoin rabbit hole
completely solo,
but others want someone to guide them on their journey.
If you are one of the latter,
go to bitcoinconsulting.us.
Whether you're an individual
and you want someone to help you
with your personal Bitcoin strategy,
getting everything set up and figured out,
or you're a company

(43:27):
and you want help integrating Bitcoin payments,
implementing private projects,
or just need some general contractors services,
Bitcoin Consulting can take care of you.
So go to bitcoinconsulting.us
and book a consultation today.
Again, that's bitcoinconsulting.us.
Well, I think, you know, for,

(43:48):
especially just knowing the folks I know
across the Bitcoin space,
there's obviously a lot of desire to remain pseudonymous
or anonymous or to at least, you know,
it's a spectrum, right?
Cause if you're interacting with any sort of digital services,
like as we said, at some point along the way,
you've been fingerprinted,
you've left a footprint somewhere,
even, you know, perhaps the best example

(44:13):
of somebody being really, really good at this
was Satoshi Nakamoto, right?
Who managed to somehow still, like,
but that is the exception, obviously not the rule.
And I mean, this seems like something
that if you are wanting to at least maintain
some shred of privacy in one of the most important areas
in your life, which is again, your mobile life,

(44:33):
your mobile digital life,
this is something you need to seriously look at.
Because if not, it just seems like a massive security hole
with so many different points of failure.
Like there, there's just so many places
along that spectrum.
And I, you know, until kind of looking
in this a little bit prior to the interview,
I wasn't even just aware of like the,
how easy it is for numbers to be ported over.

(44:55):
Like you get a couple of, of malicious actors
who have been bribed at some local reseller
and that, that's all you need.
I mean, they, like you said, you know,
you guys have the ability to go in there
as long as you've got the permission
and to pull this stuff out.
And luckily, you know, you guys are good actors
in this space, but obviously there's a lot of bad ones too.

(45:19):
And so if you're complete, like digital life is reliant on,
boy, I hope one of these hundreds of thousands of people
across this potential chain of attack vectors
doesn't screw me over.
It's like, that's kind of,
boy, you gotta be pretty lucky
not to get screwed over at some point, it seems.
So it's, yeah.

(45:40):
Yeah. And then people, you know, make do simple,
people don't really think about it,
but they make simple mistakes.
Like one of the things I tell people, you know,
don't do this, which is like, they'll,
they'll set up their, their phone with an email account,
like an iCloud or like a Gmail on the Android account.
And they, they use an email,
which is the email they set up their Coinbase account,

(46:02):
their Exodus account.
They send emails to friends, they sign up on websites.
They, they use that for their bank account.
And, and so, you know, people really need to spread that out.
So, you know, I always tell people,
set up your phone with an iCloud account,
but only use it for that.
Don't use it for anything else.
You know, we're a Gmail account under the Android device,

(46:24):
only use it for that.
And you can, you can use other emails on it,
but in terms of the account,
just don't use that account.
And, because if you think about when you email somebody,
you're sending them your login.
And, and so a lot of people don't really think about the fact
that, you know, they're using emails and, and it's become,

(46:44):
and it's the login information from,
for so many of their accounts.
And they also, people tend to use the same, you know,
pin codes for different accounts.
And there's companies out there right now.
So one of the things that's happening is that,
you know, the hackers are trying to, you know,

(47:05):
they'll call you up and say, like, they're AmEx,
or they're your, your cable company.
But they've actually gone a step further than that.
What they started to do is actually pay for advertising.
So let's say you're, you have a problem with Cox Cable,
and you want to call them, so you search Cox Cable support,
and there, and there, a number comes up.
So you call it thinking you're calling Cox Cable.

(47:26):
And of course, when they answer,
they got a warehouse somewhere, you know, cheap labor,
and it's Cox Cable, I'm gonna help you.
And I'm not picking on, I'm not saying this happened to Cox.
And so it's like, okay, what's your username?
Okay, that matches our records.
What's your, what's your pin code?
Oh, that matches our records.
What's your local number?
Like, and then they gather the information.

(47:47):
So okay, you're verified.
And then, and now, meanwhile, some, you know,
they're shipping that off to somebody else,
who's then gonna try and hack, you know,
with that information.
And so they're actually trying to get people
to just proactively call them.
And these are the kind of things that are happening.
And, you know, you can imagine, like,
if you're 70 years old,

(48:07):
you don't really think about this thing.
You just, you know, assuming that, well,
the internet told me that this was the number for,
you know, Warner, Warner Cable, or whatever it is.
And then people call it volunteer their information.
I mean, and that's the thing, like,
this is a problem even for, quote, tech savvy people.

(48:31):
This is a huge problem for folks
who are not at all tech savvy,
who don't really barely understand how to use their phone
and don't understand how much things have progressed,
how much they are potentially at risk.
And like that, that kind of just like makes me sick
to my stomach to think about all the people
that are just incredibly vulnerable out there,

(48:53):
who are, you know, probably a lot of them
on the older end of the spectrum.
And we're talking about, you know, having your identity stolen,
having your life completely turned upside down,
just because, you know, you weren't aware
that this was even a threat factor for you.
And it's-
And people in Bitcoin are some of the most technical people,
you know, on average, I would say,
they're much easier to talk to

(49:14):
because they tend to be on the more technical side.
And yet, you know, they're probably most victims
of this like right now.
And so, you know, even if you are technical,
it's like, you know, the best story is cold story.
And you can't hack that, but if you got, you know,

(49:37):
crypto on an exchange or on a online wallet,
then, yeah, it's vulnerable.
Yeah, that is a great reminder for folks.
It's like, if you had, you know, to get your Bitcoin
off the exchanges, take it into your own self-custody
in cold storage, use a Bitbox 02,

(49:57):
Bitcoin only hardware wallet.
If you want to support the sponsors of this show,
just throw that little plug in there.
But really like that's the only way,
so you get SIM swapped,
if you're Bitcoin sitting in cold storage, okay, fine.
The rest of your life may still get turned upside down,
but at least you've got, yeah,
and you're going to be dealing with that for a while,
but at least you've got that.
So, I mean, at least that is the nice thing about Bitcoin.

(50:19):
There are ways that you can take that offline
so that that hardware signing device is the only way
that you have to move that around,
and at least you're protected there.
But if you've got Bitcoin that's on an exchange,
and especially if people are targeting you for this,
that's the first thing that they're going to do.
And to strip that off, oh, you need to authenticate

(50:40):
before you can transfer the funds out
because we don't recognize this device or whatever.
And then they've got all the means to authenticate
that they are in fact you, and then you're screwed.
Because once that's sent out,
it's like, it's kind of the whole point.
You're, you know, it's not going back.
Every day as it rises, you have to sit there
and you do the math in your head and you're like,

(51:00):
you know, when I got ripped off,
it wasn't that big of a deal, but you know what?
I sure would be nice to have that, you know, six figures now.
You know, for what, for a second.
So that's the painful part for people that have been victims
is, you know, at one point, you know, and Bitcoin was,
you know, even when it was just, you know, $3,000

(51:23):
of somebody owned, you know, 10 Bitcoin that's gone,
they have to do that math today.
Be like, yeah, it would have been 600,000.
And that's the hard part about being a victim.
Yeah.
And you know, I do want to ask you,
because you know, you walked through a bit
just how you had a funny, separate your customers

(51:45):
from the rest of the vulnerabilities, right?
But obviously then, okay, you've removed
a bunch of points of failure,
but one could make the argument that now perhaps
aren't you creating a single point of failure?
What happens if somebody,
because obviously there are still just humans
that work at Afani, good humans I would imagine,
but you never know with people.

(52:07):
So, you know, without, I guess,
giving away the goods entirely,
because I'm sure some of this stuff you guys keep under wraps,
but can you tell us just at a higher level
or a surface level, kind of what's the methodology
for you guys to making sure that, okay,
we're now entrusted with these people's information,
how do we make sure we don't fall victim

(52:28):
to the same social engineering, the same bribery,
the same points of failure that exist
in that wider industry?
Yeah, great question.
And so some people will say like,
oh, you guys have great technology.
And you know, and I kind of explain it the opposite way,
which is what we've done is we've stripped out the tab.
Like there's no free Hulu, there's no free Disney,

(52:49):
there's no free Netflix.
You know, that's data stealing,
you know, allows third parties to profile you
and get information from you.
And so we don't sell data as well, though.
And then also we don't collect data.
So we're not collecting call records,
we're not collecting SMS records.
And the only thing that we do collect

(53:11):
is payment information.
And then separately is we collect
the verification information.
And then also internally, even for our own employees.
So even in my position, if you be,
let's say you were a customer
and three months from now you called me up and said,
hey Mark, can you tell me how much data I've used this month?

(53:34):
I can't access that.
And so it's a need to know basis.
And so even our customer support, tier one, tier two,
so it's tier one, tier three,
our tier one support doesn't have access
into a customer data.
And so they can only do a certain level of verification
and limited to granting you things
and not being able to do any kind of risky transaction.

(53:57):
And the riskiest transaction is the port out.
And so that's in a sense where like all our focus is
is when somebody says like, I got our new phone
or I want to port out.
That's where we're laser focused on that
and making sure that that can't be done
without multiple humans involved.

(54:20):
And so for the risky transactions,
it takes two different humans.
And I don't want to say who they are,
but it's limited to that.
So I couldn't even, you could beg me,
you could bribe me, you could pay me a million dollars
to port here, trying to port your number out.
And I have zero access to look at your account.

(54:42):
And in our tier ones also don't have any access
to look at people's account either.
But the fact that we don't collect data
and that we're separating out information from people
into two different encrypted, siloed databases as well.
So you can never say never, like, is it possible
that somebody just flips out for some reason,

(55:09):
but the way that we built it and designed it,
like it would be even difficult,
even if a few handful of people,
if one of them decided that they were going to try and do something,
I just, the way we got it designed, I can't see it happening.
I appreciate the acknowledgement
that it's like never say never,
because obviously, you know, nothing is going to be,

(55:30):
it's an inherently, I guess, vulnerable system.
And you guys have done what you can
to make it less vulnerable than certainly the run-of-the-mill
carrier does, which is great.
I am curious about one thing you said,
because you said you guys aren't,
you're not like storing extra data, you're not storing,
I think you mentioned even like message traffic

(55:50):
and things like that.
Does that mean, because, okay,
if I'm thinking of like three letter agencies,
the various intelligence agencies,
we all know, perhaps not the details,
but we know that to an extent,
they have various backdoors,
either at hardware, OS level,
or certainly more like walking in the front door

(56:13):
with most carriers.
So how does that work with you guys?
I mean, is it like if they come to you with a FISA warrant,
you know, or a warrant that basically you are required
legally to comply, then you have to,
but otherwise they, do they have less visibility actually
into at least the personal details of your users

(56:35):
than somebody, if I'm just using a traditional carrier?
Yeah, it's a great question.
I get asked that all the time by certain people.
So there's this law called the Khali'a law,
and it requires all the telecom operators
to collect information.
So all the carriers are collecting call records
and SMS directors, not the content of it.

(56:58):
At least they're not legally allowed to collect it,
but they're required to collect call records.
So, but we're not.
So in the example that you're talking about,
like if somebody came to us with a FISA warrant and said,
like, okay, tell me everything on this mobile number,
it happens to be mine.

(57:19):
And they'd got a warrant for it and be like, okay, great.
Well, here's my payment information,
here's my verification.
And there would be no other information.
But in theory, they would just go to the carrier.
And the carrier would deliver them information
and just wouldn't have your name attached,

(57:40):
your information attached to it.
But then they could, in theory, just say, like, okay,
well, this is what it is.
And so, best case, there'd be plausible deniability.
But yeah, Fani's not meant to try and get around
the law or the skirt like the intelligence agencies.
It's like the most regulated industry.

(58:02):
At least one of them.
And so, it would make it more difficult for them.
They would have to take extra steps to get information.
But we would have to comply.
We haven't had a job.
We haven't had anybody come.
Yeah, not trying to put you in a weird position in there,
just was honestly curious because of the structure.
I get asked that all the time.

(58:24):
Yeah, and for any three letter agencies listening,
I'm in no way trying to skirt any of your surveillance.
I'm a very compliant person
and do everything that Gleason told.
I'd be more worried if I said, like, oh yeah,
we wouldn't comply.
Right.
Because there's companies out there where they're anonymous.

(58:48):
You can buy like data sends, for example,
to travel all over the world, like via crypto.
And they don't take any of your information.
Or you can buy a phone line from them.
Problem is, is that if you use that phone line
for verification of like your crypto
or anything proprietary, and they're not following
or they're going to ignore federal laws,

(59:10):
then they could actually be shut down, like out of the blue.
And so, you wouldn't want to be in that situation either,
where all of a sudden, like, your mobile account doesn't work
because they weren't following the laws.
And is then who you call.
Right.
Quite literally who do you call.

(59:31):
So, yeah.
A lot of these crypto companies,
especially like they don't have customer support.
And that's one of these, like when I talk to victims,
they tell me how they got ripped off.
And it's like, oh, I got this message
and it was from Coinbase.
So I called Coinbase and they answered the phone.
I know immediately.

(59:52):
You weren't talking to Coinbase.
No.
Good luck getting somebody on the phone there.
Like that should be your first red flag.
It's like saying, yeah, you got somebody on the phone
at Google, like it's not happening.
Yeah, I talked to one person.
This is just a couple months back.
Somebody, what they did was they initiated a wire transfer
into the bank account of what the owner grant.

(01:00:14):
And then they notify him and pretended to be Coinbase.
And they said, hey, it looks like $100,000 of crypto
is being removed from your Coinbase account
and sent to your bank account.
So please check on that.
So the guy calls his bank account
and shows a pending inbound wire transfer.

(01:00:37):
And I'm sure they then canceled the inbound wire transfer.
So he calls back and they answer.
And that's when I knew, like, okay, you're in trouble.
And he's like, what can I do?
They're like, oh, we've got this other Coinbase wallet.
So set it up on the Coinbase wallet
and transfer your crypto over there.
It'll be protected.

(01:00:58):
And so he sends me the URL and it's set up.
It looks just like, it just looks like it's Coinbase.
So of course, but of course it's like Coinbase.
Something.com.
And so the guy voluntarily transferred $100,000
of crypto into the wallet that was probably, you know,

(01:01:19):
out of South Africa or somewhere that wasn't KF, KYC.
And they got to voluntarily do it.
It doesn't have to be, you know, really even a half.
They can social engineer you as the end user
and trick you out of your account.
So yeah, people need to be aware of all these different

(01:01:40):
different tricks.
And it's painful to hear these kind of stories.
I'm sure you hear them literally all the time,
but it's like every time you hear it, there's just that,
like there's a certain point in the story
where you just go, oh, I know which way this,
I know which way it's going.
I was talking to another cybersecurity company
earlier today and they were talking about how

(01:02:02):
these people call in and they're live.
Nothing to do with money.
It's just start getting digitally hacked.
And I told them, like, yeah, I have like probably
one person crying on the phone to me each month.
It has nothing to do with crypto or money.
It's literally somebody's hacking into their phone
or mobile account or wifi.
And it can be just really, I don't know if people are bored

(01:02:26):
or, you know, there's a lot of tools out there
to easily hack into like your wifi account.
And it just, people are making software,
they're making hardware tools and it's like,
you live in an apartment.
That's why my first question is when somebody says,

(01:02:48):
like, oh, I'm getting hacked like seven different ways.
Like, oh, do you live in an apartment building
or condo building?
You know, because it could be somebody
that is above you, below you, next to you,
you know, that are using these tools
to be able to hack into your wifi or your mobile.
Yeah.
No, I'm curious, and maybe I want to be conscious

(01:03:08):
of your time here, but one thing that I think
would be helpful for folks is I appreciate the breakdown
on SIM swaps and I hope people really do pay attention
to this and to check out Afani as well.
I'm happy to be partnered with you guys,
because again, I think this is something that's
really necessary for people to at least be aware of.

(01:03:29):
But outside of kind of, okay, so let's say somebody
does make the switch over to Afani,
outside of just SIM swap protection,
I mean, you've got a lot of experience in this field.
In general, you've seen a lot of these scams go down
or these hacks go down.
Do you have just some more, like kind of general advice
for people in terms of, similar to what you mentioned

(01:03:50):
earlier about, you know, don't use your go-to
daily driver email for your iCloud
or for, you know, your Google account.
Like, are there any other tips like that
that you can share just that you think are kind of, like,
bedrock best security practices to at least try
and reduce that potential attack surface?
Yeah, so I use several emails, for example.

(01:04:13):
And so, you know, one for bank, one for, you know,
proprietary stuff, and then I use one throw away
that if I'm gonna register on a website,
I don't do anything other than, you know, register,
so you separate that out.
You know, I use a VPN 100% of the time.
And a lot of YouTubers will say that,
oh, you don't need a VPN anymore,

(01:04:33):
or, you know, they're all just traffic-saccripted,
but the problem is, is that, like,
your DNS queries aren't encrypted.
So, like, when you wanna go to bankofamerica.com,
what's happening is your phone or your browser
is sending a request to the DNS server to say,
like, I wanna go to bankofamerica.com,
and that DNS cloud server then sends back an IP address.

(01:04:57):
And that's how your browser knows where to go.
And that's what exploded the internet,
because you don't have to remember with 197.42,
that it's like, okay, it's just, you know, Bank of America,
but what they can do is hijack that,
and return an IP address that takes you to Bank of America,
and then you put your login information,

(01:05:19):
and you're like, how come it's not logging in?
And now, and then they're over, like, logging in your bank.
And so, when you have a good VPN,
it'll have its own private DNS,
and the encryption is protecting those DNS, sorry.
And then, of course, just, like, be wary of what people,
what you're clicking on, because there's websites

(01:05:41):
that are hosted outside the US, for example,
where, let's say I look up your address,
and I see a restaurant three miles from you,
and I get the website linked to that.
I take that website URL, and I put it in one of these databases,
and say, give me a tracking link, and it gives me a link.
So now I send that to you, and say,

(01:06:02):
hey, you should check out this restaurant.
So you click on it, and it goes to the restaurant.
And you're like, oh, thanks for the advice,
I'll check it out.
Not realizing that that link now just set you up for tracking,
and from now on, wherever you drive,
I can watch you on my phone.
And they can hide these tracking pixels in an image, too.

(01:06:25):
So if somebody sends you some random image,
you don't know who they are,
don't even open up the image,
because it can have a tracking pixel in there.
These SMS messages you get, they're like,
UPS package waiting for you.
Click here, or we're gonna send it back.
Those can execute code,

(01:06:45):
but do things like grab off your phone, what's your device ID,
MC number, what carrier do you use, and what phone model.
And so now when somebody calls in your name,
and says, my name is Mark, and I lost an iPhone 12 Pro,
and this is the device ID and the MC number,
and I'm calling the right carrier,

(01:07:06):
they're gonna already be convinced it's me.
And then they'll say, like, oh, what's your pin?
Like, oh, my phone got stolen, it's on the phone.
So they're like, oh, no problem, Mark,
we'll verify you another way.
Well, I've already done the research
and had your address, if others made a name,
and all of that.
And so a lot of it comes down to just being really careful

(01:07:28):
about what you click on and what you don't,
and who you give your information of.
And so I'm a victim, so I live on the paranoid side,
and I wouldn't expect very many people to follow what I do.
So I've actually gotten multiple phones, and I use one
for social media that I don't even have
connected to a cellular network.

(01:07:51):
I have one for a FONI that lives,
it's in its own little bubble, its own VPN,
I don't share it with anything else.
At a FONI, we have our own security protocols
for all the devices.
And then I have one that I use for banking and crypto,
and I separate it out.
But I don't think people have to go that far,

(01:08:11):
they just really have to invest in AV, VPN,
separate things out as much as they can.
Just so if you do get hacked,
you're only gonna get part of it.
Yeah, I think I appreciate all the advice there,
because again, I think sometimes you throw some of these

(01:08:33):
horror stories at people, and then it's like,
you go into a little bit of a panic, like, oh, shit, I'm
probably vulnerable, what do I do?
And so I think there's some really, really good tips
in there, and I had done some reading about the embedded
tracking pixels within photos too, and when I read that,
I was just like, it was a decent amount of time ago,
I think now that, I mean, in the tech world,

(01:08:55):
but that kind of became public.
When I read that, it was just made me second guess
absolutely anything I was getting that had any sort
of image, because it's like, oh, that's not even gonna
come close to getting opened, like, that's going.
I did a video on our on our fun YouTube channel talking about
the dangers of people sending you these links and
digital tracking and how to prevent it, and actually

(01:09:19):
Google gave me a strike port to that video down.
And it's like, all these videos about how to do it,
how to track somebody, and I couldn't understand that.
And so I did a video on my KB Wear this,
and these are the kind of tools being used to track you
and here's how to prevent it.
And I got a strike on it and they took it and they took it
down.

(01:09:39):
Seriously?
So yeah, I know I appealed and they rejected it.
And that's kind of odd, like, I mean, there's so many videos
about how to hack somebody, how to track them,
how to find your location, how, you know, do this or that.
But yeah, they show us made it.
They take that video down.
I mean, that is very strange to me.

(01:10:00):
And I mean, perhaps it was more so they were worried that
if people got too much information about how to not be
digitally tracked that a lot of their advertising might be
a little bit moot.
Yeah, I don't know.
That's weird.
I mean, Google is tracking everybody.
I mean, if you Google a restaurant and you see the little
make the little bar chart there that shows,

(01:10:22):
you don't have to guess anymore.
Like what's the best night you go to a bar?
You can Google the bar and a lot of times you'll see the,
you can search out by day, when's the busiest hour?
10 p.m., 11 p.m., 11 p.m.
Well, and what they're doing is they garden wall off that
digitally and they're collecting data from people's homes.

(01:10:44):
And that's how they get that data to show.
That's how they know how many people were at this restaurant
last Thursday, you know, because they're tracking
that information.
And so it's kind of crazy to think.
I mean, it's helpful.
I mean, I don't really go up to bars anymore,
but 10 years ago that would have been a really helpful tool
for me to, to know like one day,

(01:11:05):
what time every time was to go to go somewhere.
One other related question for you just because that's kind
of made me think of this, because there are so many ways
that people can snoop information when you are physically
close to them.
I like you can, you can download any number of programs

(01:11:26):
and be able to go and extract MAC addresses
from anybody nearby you like pretty, pretty easily.
Do you have any tips for in-person security?
We've got the Bitcoin conference coming up in Nashville.
You know, it's about as big of a honeypot as you could have.
Any tips for folks just to be on the lookout for
or to extra precautions they can take?

(01:11:49):
Yeah, I guess.
So that's a really, it's a really good question.
I guess we could probably have an hour-long call.
Yeah.
To give you an example, like if I was a nefarious person
and I wanted to go to a Bitcoin conference
like the one in Miami, you know, I would probably,
the easiest way to gather information from somebody

(01:12:09):
would be to take a cell tower suit,
like an NZ catcher with, and just carry it to backpack
because they're about the size of a iPad mini
with a couple antennas on it.
And then you just walk around the conference with that
and it can collect NZ numbers of all the different from.

(01:12:30):
And what that NZ number will tell you
is what country their mobile service is from,
what carrier they're using in that country.
So you'd be able to see if somebody's was,
had a mobile phone that was, they're from Australia,
they're using Telstra, and then there's the rest
of it identifies them specifically.
And so imagine you walk around

(01:12:52):
and you get a list of a thousand of those people
and then they got a buddy at a carrier.
So if I had a buddy at different carriers,
like I just, let's say I wanted to pick on everybody
at T-Mobile and I had a buddy that worked there
and then I could, but I wouldn't need to know
your mobile number, I wouldn't need to know anything about you.
If I just got that NZ number information
and I could go back for a reverse engineer that.

(01:13:14):
And so I would know, okay, all these people
are crypto people or they're Bitcoin people.
And so that would be one way to try
and gather information on the pool.
So, just be aware that they could backtrack it.
Now, if you're using a Fani,
then they wouldn't be able to backtrack the NZ number,
do any of your information because it wouldn't be there.

(01:13:35):
Does even a VPN not protect that number?
Cause you're bouncing, cause it's a cell tower spoofer.
It would not protect that phone number.
So there's certain things about the protocols
used by your phone and the cell tower center,
the cell towers, which are not encrypted.

(01:13:57):
And so, you know, somebody who's really sophisticated,
like they would go in like the big conference,
like the ballroom at the Bitcoin conference
when there's like 3000 people sitting in there.
And you'd flip on a cell jammer,
which puts all the phones to sleep.
So all the cell phones, say battery, have this feature
or when there's no activity,

(01:14:19):
you'll just kind of put it to sleep.
And but you jam it, it's gonna cause this kind of effect.
Then you turn up your nefarious network and unjam it.
And then every cell phone wakes up and then says,
hello, I'm here.
Are there any cell towers?
And it's trying to find cell towers and it finds,
it picks the strongest signal,

(01:14:42):
which happens to be used in the middle of
with an NZ capture.
And the only way that it can make that connection
is to say like, here's the information about me,
my NZ number.
And that's how it knows to connect to like 18D
or the team all over the horizon.
And so these are kind of the nefarious ways.
And what NZ captures are,

(01:15:03):
they're do-it-yourself home aid stingrays.
So the US intelligence uses stingrays.
And every government around the world uses stingrays.
And so a lot of airports might have them.
You go to like UAE, for example, I'm sure.
Now that I've talked to intelligence,
so they've told me that for a lot of these countries,

(01:15:25):
as soon as you land, you're being monitored like that.
But these NZ captures,
somebody put directions online.
It's kind of like, this is an educational video.
And here's how to build a crock-pot phone,
but it's illegal to do it, sort of up to it.
So they've done that with NZ capture.
And so now you can,
it tells you where to order the parts and software.

(01:15:48):
And so I had an MSP that a man service provider
that we partnered with that said they had a couple of them
and they built their own,
and the last one they built cost $350.
And so I said, okay, but that would make a great story.
Can you give me an example?
And he's like, oh yeah, last week we got hired
by a hotel out of Atlanta, one of the big chains.

(01:16:10):
And they wanted to see how vulnerable
their network was.
So they went into the lobby and they did a Deniala service.
What they did is they used the NZ catcher
in Wi-Fi for this instance.
Because if you do it for cellular,
get caught, you can go to jail.
So they did it for Wi-Fi.
They did a DDoS attack on their guest Wi-Fi network.

(01:16:33):
But they had already set up a duplicate name.
So it was like hotel gas, Wi-Fi.
So they set up a Wi-Fi network, the exact same name.
So they took that on the guest Wi-Fi network of the hotel
and then everybody's device that was set on auto connect,
reconnected to their nefarious Wi-Fi network,

(01:16:56):
which was not connected to the internet.
And so they immediately shut it off
and then let the guest network come back up.
So they showed literally in 90 seconds
how they could take over the entire guest network.
And most people, that's another thing people should do
is go look at your phone, see how your phone's

(01:17:18):
Wi-Fi setting is, is set to auto join.
And you should really only auto join like your own home network.
But if it's like auto join,
like let's say you went into a coffee shop
and you logged in and you have auto join,
next time you go into that coffee shop,
it's gonna automatically join.
So you can set up Wi-Fi routers as in the guest.

(01:17:41):
And so you can flash them with software,
but then just don't put a password on it.
So anybody that walks by it,
their cell phone will auto join it
and all it takes is a second or two
and they can gather a couple bits of information about you
and then Ryan and use that to attack them later on.
It's another good piece of-
You can do air pods, you can be tracked by your air pod.

(01:18:05):
Right.
Right.
Yeah, there's a lot of different things you can be tracked by.
And short of, you know,
bringing a mobile small EMP with you
and detonating it in every room you walk into,
it may be difficult to avoid some of that, but it's so-
I mean, you can make a living at this point.
Like you can't make, you know, a W2 income without having a-

(01:18:30):
You know, I mean, certainly if you're already,
you know, super rich, you can golf grid it, but yeah, I mean,
it's hard to make any money anymore
without having a regular cell phone.
So you may as well protect yourself,
at least as much as you can.
Well, Mark, I really appreciate your time here.
This was quite enlightening
and for anybody who is interested in listening to this,

(01:18:52):
you can go to affani.com slash Walker
because I've just partnered with these guys
because I like what they're doing
and as terrifying as a lot of this stuff is,
it's good to know that there are companies out there
who are offering some protection,
but I really appreciate your time here.
Any last tips, tricks, words of advice

(01:19:16):
besides maybe just be vigilant out there?
Yeah, well, I would like to say that yeah,
please do use that URL you talked about,
the affani.com slash Walker.
So what we've done is we actually added a promo code there.
And so you want to, if you're interested in affani,
then go to that page because you're gonna get a good deal.
You're gonna get a discount off.

(01:19:38):
And we really appreciate people like you
who are trying to educate people,
not only on Bitcoin, because we're big crypto people,
but we're data privacy advocates.
Our CEO has spoken in front of Congress a couple times
and he's part of a group that tries to fight
for all of our rights.
And so we appreciate people like you
that are out there, they're trying to educate people

(01:19:58):
not only on how to make money,
but also how to secure themselves with cold storage wallets
and other methods.
And it's very key for all of us to make the crypto,
to make it successful, we all have to figure out a way
to also make it secure.

(01:20:19):
So if you're listening also, get your Bitcoin
off the exchange and into cold storage.
So you can at least have that little bit of peace of mind.
Once you're done with that, go check out Affani.
And see if you like what you see.
But Mark, thanks so much for your time.
This was quite illuminating.
And I'm not gonna have to go dig into that most recent
Snowflake AT&T hack, because I hadn't even heard,

(01:20:40):
I'd heard about the one a few months ago,
I hadn't heard about this new one.
So yeah, gonna have to see what the news is saying
about that.
Yeah, definitely.
You probably do 10 minute clip just on that.
Yeah, yeah, it's gonna be interesting.
It's a wild digital frontier that we live in,
but at least we've got some tools to keep ourselves safe.

(01:21:01):
So thanks so much for your time, Mark.
Really appreciate it.
Absolutely.
Thank you.
And that's a wrap on this Bitcoin Talk episode
of The Bitcoin Podcast.
If you are a Bitcoin only company interested in sponsoring
another fucking Bitcoin podcast,

(01:21:22):
head to bitcoinpodcast.net slash sponsor.
If you are enjoying The Bitcoin Podcast,
consider giving this show a five star review
wherever you listen or sharing the show with your network.
Cut.
If you're enjoying The Bitcoin Podcast,
consider giving the show a five star review
wherever you listen or sharing the show with your friends,

(01:21:42):
family and strangers on the internet.
Or don't, Bitcoin doesn't care,
but I always appreciate it.
You can find me on Noster by going to primal.net slash Walker.
If you wanna follow The Bitcoin Podcast on Twitter,
go to at Titcoin Podcast and at Walker America.
You can also find the video version of this podcast
at youtube.com slash at Walker America

(01:22:05):
and at Walker America on Rumble.
Or just go to bitcoinpodcast.net slash podcast
and find links everywhere.
Coin is scarce.
There will only ever be 21 million,
but Bitcoin podcasts are abundant.
So thank you for spending your scarce time
to listen to another fucking Bitcoin podcast.

(01:22:25):
Until next time, stay free.

All Episodes

SIM Swap Attacks: EVERYONE is a Target - Mark Kreitzman (Bitcoin Talk on THE Bitcoin Podcast)

Episode Transcript

Popular Podcasts

Stuff You Should Know

Dateline NBC

Las Culturistas with Matt Rogers and Bowen Yang

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}SIM Swap Attacks: EVERYONE is a Target - Mark Kreitzman (Bitcoin Talk on THE Bitcoin Podcast)