GO TO SPOTIFY

QUOTES:

Manipulating something to do what it wasn't intended to do is basically the definition of hacking.

I was blessed to have a group of people willing to mentor me and teach me things that were so interesting.

We would combine hacking methodology and affiliate marketing, and that was kind of the short version of what Digital Gangster was.

Digital Gangster—you didn’t have to be hired. It was a forum that anyone could join. You could use an alias or your real name, whatever you wanted. I joined under an alias and earned my way up the ranks without anyone actually knowing who I was.

Somebody gave me ecstasy. I loved it; I thought it was the greatest thing ever created. I would take ecstasy as often as I could, whether multiple times a week or however many raves there were in Philly. The most I took in one night? I'm not sure because ecstasy is so variable in dosages. Definitely multiple pills, but once you reach a certain point with ecstasy—not that I’m advising anyone to try it—you don’t feel it anymore. It doesn’t do anything. Your brain just runs out of your natural happy chemicals.

I kept taking ecstasy and trying to find any opiate I could, not heroin at this point, but any opiate to come down from the ecstasy. Then I found I was starting to like the opiates more than the ecstasy. That’s when it became a problem because I was taking the opiates before even getting to the rave parties.

When I lived in Pennsylvania, I never actually talked to the patients myself. I made sure they went through an online quiz. I wanted to make sure they met the criteria. I didn’t want to send some innocent girl with an eating disorder who drinks on weekends to a facility where she doesn’t qualify, just because I’d get paid more money. So I structured it where, after answering a bunch of questions, they'd be given a number to call, which would then go to one of the facilities I had a contract with and trusted to help the person to the best of my knowledge at that time.

Zen Charts is a medical record platform, like when you go to your doctor, and they type in notes during your visit. It’s exactly that but for mental health and substance use facilities. I happened to use Zen Charts at a Recovery Center at the time. The owner is actually sitting in your green room. At that time, the owner came to train my clinicians on how to use Zen Charts. I was sitting in the room with them, and they thought I was an employee of the facility because I was like 22 or 23 at the most. Once they found out I was the owner, we talked and got along well, though I didn’t really know them that well. The guy in your green room paid $40,000 for a penetration test, which is just paying a group to try to hack your company and give you a report on vulnerabilities. He had done that just before the training for my rehab. I asked, "Do you mind if I take a look around?" I didn’t want to get in trouble or break the law. He said “yes” in a cocky way, like, "What can you do about it?" Before he even got back to the Zen Charts office, my face was on support.zencharts. com screens.

We do have control over some data brokers because they are required to remove your data. What we do is take your first name, last name, date of birth, and as many identifiers as you're willing to give, and then we send a query on your behalf to all the major data brokers. If you don’t know, a data broker is someone like White Pages that stores your personal information, including your family’s information, phone numbers, everything. Just Google a name and state, and you’ll find yourself. We remove that data for you. All you have to do is sit back, refresh the page every couple of days to see how many removals are in progress, and how many have been removed. As you're doing that, you can scroll down the page and see all the social profiles associated with your email, phone number, and name. Underneath that, you’ll find your passwords and everything else that’s out there, so you get a really good idea of your digital footprint.

I think the internet’s an honor system. I think security is an illusion.

There is so much you can do with Wi-Fi. Do you want to know about password cracking or...? Give me any of it, from the lowest to the highest. Okay, so I would say the lowest would be using a weak password or your phone number as your Wi-Fi password. You may think using your phone number is uncommon, but I see it all the time. In short, to hack a Wi-Fi network, at least for WPA2, you need what's called a four-way handshake. What I do is send a deauthentication packet, which tells your device to disconnect from Wi-Fi. Your device, whether it's a tablet or something else, will say, "Okay, fine, I'll disconnect," and then I'm listening for it to reconnect. In that process, I capture the handshake. I take that handshake, which is just a file, and bring it home with me. For example, I could take it from your studio and then go home to try to crack it later. By "crack," I mean I put that handshake file into the computer, and I have a huge list of words and passwords—frequently used things—called a word list. One of them is phone numbers. Let's say you're in Florida, so it would be 954, 516, 305. I have word lists that include every phone number in Florida, and when you crack a Wi-Fi password offline, it's extremely fast. I could run through every phone number in the state of Florida in maybe 10–15 seconds. So, if you use a phone number as your password, it's as simple as me taking 10 or 15 seconds to crack it. The one caveat is I have to be physically within range of your Wi-Fi to capture that four-way handshake.

What caused you to want to go after child pedophilia or pedophiles? Okay, so the reason I got this passion... where it even came from—I don't have a kid, but I love kids. I have a ton of cousins and a lot of half-brothers and sisters. But I didn’t have this passion until I got a text from my friend’s wife. She sent me some screenshots from this horrible website. If you want me to name it, I will. In one of those screenshots, there was a father who posted a picture of his kid in the bathtub. You could see their back, so you could tell they were nude. The title said, "They have no idea what's going to happen to them tonight." Underneath that, you could see people commenting on what they were going to do to this child. I was out when I got the message. Obviously, it’s aggravating for anyone to hear that one post—people commenting on what they’re going to do to the kid. They weren’t directly involved, I assume, because they were just members of the website. But the father who posted it? Who knows what he had done or was going to do. After seeing that, I left where I was and decided I was going to do whatever it took to bring this website down.

I was going to take this into my own hands. I saw YouTube groups confronting these people. They weren’t hitting them, but they were decoying, pretending to be children—grown women, grown men—and then confronting them in real life. But what I noticed was that these people didn’t know the predator's name, where they lived, or where they worked. They’d just show up and say, "Hey, were you here to do this?" Either the person would sit and talk, or they’d walk away, but there’d usually be no arrest, no repercussions unless someone happened to run into that video. So I thought, okay, I have some abilities with open-source intelligence (OSINT). Let me offer my services. I didn’t want notoriety for it, so I asked them not to include my name. I told them to send me their chat logs, phone numbers, profile photos—everything they had on each person. I reached out to a bunch of YouTubers back then and provided them full case files. So, when they showed up to meet these predators, they’d know, "Hey, John Smith, I know you work at abc.com, and your wife is this person." It gave them a little more leverage to say, "You’d better sit and talk to me." The predator catchers would say, "Either talk to me, or we’ll get the police involved, call your wife," or give them some other ultimatum. Even though it was going to happen anyway, it gave them more leverage. I did that for quite a few years by myself.

If you have the ability to do something about pedophilia, you should be doing it. But people don't. I know a lot of people in the hacking world, which is a small community, and not enough people are doing it. Law enforcement can't handle it. A lot of their internet crimes against children's technology is very antiquated. I talked to someone not too long ago—I won't name them because I don't want to embarrass them—but they wanted my training and help with their investigations. I'd be happy to do that, but that shouldn’t be the case. They shouldn't need my help.

Kids really depend on their phones, iPads, and other devices nowadays. So, when your kid is scared to tell you that a high school teacher or a grown man is talking to them because they fear they'll get their device taken away, they're just not going to tell you. Then, a catastrophe might happen, and they’ll be dealing with trauma or worse for the rest of their life. My advice to parents is to make sure your kids know they can be open and honest with you without the repercussion of losing their device.

I would monitor my kids’ devices, let them know they can be open with me, and try not to be overbearing. But I would ask a lot of questions.

In the hacking world, they call it recon, reconnaissance, or enumeration. What I’d be doing is trying to see what type of equipment you have, what computers you're running, what operating system you're using. I’d go on my phone and try to figure out what type of Wi-Fi you’re running—whether it’s WPA, WPA3, etc. Why does that matter? Different types of Wi-Fi allow for different types of attacks, depending on the scenario. If people have their phones out, I’d look at whether they’re mostly Android or iPhones. It’s called a threat landscape. I’d take the attack surface or threat landscape and then try my best to take over as many devices as possible and manipulate as many people as I could to get what I want—if we were on an engagement doing a penetration test.

I had a recruiter come in when I was speaking at Hack Miami. The recruiter told me there were less than a thousand people in the entire Army fighting for our country in cyber warfare.

I don’t think it’s that hard to find out what Epstein did. I don’t think it’s that hard to find out what Diddy had on his files for him to get raided in Miami and LA. You guys look at it and say, "How do you not know?" I think guys like you look at it and say, "How the hell do you not go get it?" If I had the same authority as someone who could seize his files or get access to where he was, it’d be game over for him.

My mission is to, number one, educate parents and protect children—that’s my main life goal at the moment. But secondly, I realize a lot of my content is very hard, tough to swallow type data. So, I thought, what else can I do to help people? My idea was to help people get into cybersecurity.

Project Veritas reached out and said, “We’ll come to Florida within 24 hours. We want that data; we want to investigate it.” I was like, "Okay, great." Project Veritas jumps on a plane, comes to Florida, and takes the data from me. They actually committed to their word. What happened was, they had a lot of people on their team—at least six working at all times—going through each user individually, identifying who they were, and confronting these people in real life. They showed up where they were, with cameras, confronting them about being on the website. That was going incredibly well. I was like, "Okay, I finally have a group of people that are taking this seriously. These people are going to get exposed; they’re going to prison. This is awesome." A couple of weeks later, I went on the Shawn Ryan Show, which was great. The plan was for Project Veritas to release their investigation, which caught one of the predators from that database. They did release their first video, but it didn’t go great because they were getting a lot of hate at the time for James O’Keefe. Shawn Ryan then released his episode early because he made an agreement with Project Veritas that they would have their second release after I went on the Shawn Ryan Show. But they had an interim CEO named Hannah come in. She got on the phone with me and said she was looking for more of a “tsunami” and that this wasn't something they wanted to continue with. After identifying over 500 pedophiles from a huge database, there was much more work to do, many more people to confront. But the interim CEO shut it down. I ended the Shawn Ryan Show by saying we would release more information, but it never happened because she shut it down. All the investigatory work done by the people at Project Veritas was for almost nothing, which was sad because those people really tried hard. How much time did they put into it with you? A lot of time. There were 500 cases, and they didn’t want to do anything with them. They confronted a few of them in real life, but it was shut down by the interim CEO.

Computers, hacking, and protecting kids are my main priorities. But when I’m not doing that, I love fast cars and dirt bikes.

My name is Ryan Montgomery, also known as Zero Day. I’m proud to be part of this. If you have any questions regarding child safety, cybersecurity, or even any of the gadgets you see me use online, feel free to reach out. I’d be happy to help with any questions or concerns you may have.

Zrzeczenie się Praw Własności i Klauzula Użycia Edukacyjnego

Prezentowane na tej platformie treści, w tym m.in. transkrybowane cytaty, nie są naszą własnością. Wszelkie prawa i własność do opublikowanych treści należą do oficjalnych autorów i twórców odpowiednich kanałów YouTube i Spotify, z których pochodzą te treści. Materiał ten jest udostępniany wyłącznie w celach edukacyjnych. Nie rościmy sobie żadnych praw własności ani autorstwa tych treści i uznajemy, że pozostają one własnością intelektualną ich odpowiednich właścicieli.