166: Maxie

Introduction to Cardiff Giants

0:00The Cardiff giants is an interesting story. In the Bible, Genesis 6:4, it says, "There were giants on the earth in those days, and they mated with people and created mighty men of renown." This guy named George Hall was like, "Wow, there were giants on earth." But the reverend argued with him and said, "No, no, no. There were never giants here." But George was like, "No, no, the Bible says so. There's got to be a way to prove it." But George could not prove it, of course. So, he decided to fake it. He went to a quarry and dug up a huge block of gypsum. Then hired some

0:31stone cutters to make the block into the shape of a giant man. They created a rough statue of a man that was 10 ft 4 in tall. Then George stained it with acid to make it look old and put it on a train and took it to his cousin's farm in Cardiff, New York. And late at night, he buried it on his cousin's farm. A year later, his cousin went to dig a well and hired a crew to come out and dig the hole. and they ran into this giant in their dig. And one of the workers immediately shouted, "This must

1:02be an ancient burial site." And so they dug up the giant. And the word spread that they found a buried giant. People from all over flocked to the farm to take a look. It was quite surprising to see a petrified giant of a man. A lot of people believed it was a petrified human. The Bible says so. See? But some thought it was just a statue. [music] But pretty quickly, George's cousin realized how valuable this thing was. So, he put a tent over it and started charging people 50 cents to come in and see it. 500 people came a day [music] to

1:35see this amazing giant. The whole town started to profit from it. Restaurants were filling up. Hotels [music] were booked. And that's when PT Barnum came. And he was like, "Sir, I will give you $50,000 for that giant. What do you say?" The fireman was like, "No way." So PT Barnum hired someone to make a waxed copy of it. And Barnum displayed this unauthorized copy at his circus and claimed it was the actual giant [music] and charged people to come see his fake replica. A year later, George Hall came

2:06out and said this whole thing was a hoax, that he's the one who buried it there. But while it didn't prove that giants roam the earth, it did make his cousin pretty wealthy. And that's how scammers would get you in the 1860s.

Darknet Diaries Introduction

2:24These are true stories from the dark side of the internet. [music] I'm Jack Reider. This is Darknet Diaries. [music] [music] I want you to meet Maxi. Uh, >> my name is Maxi Reynolds.

2:54>> She grew up in Scotland and had an itch for adventure when she was young. She knew she wasn't fit for a sort of sit down, do a lot of paperwork, office type job. No, her head was always up in class, looking out the window, dreaming of far away lands that she could visit. >> I left home at a really early age, about 15, and I had no idea what I was going to do, what I wanted to do. And so I tried everything and I was ending up, you know, working in bars and as a cleaner and all these sorts of things and I just thought, no, this isn't for me and I want a job where I can travel

3:24and see the, you know, outside of Scotland. So I went to a university in England, which is somewhat retro being a Scottish person, and I got a degree in underwater robotics. >> She was hoping this degree was her ticket to travel. maybe if you're going to be operating underwater vehicles, you'll get to go to some pretty far away places. So, she started applying to every company she knew that used these remote operating vehicles. >> And I couldn't get a job. And it was

3:54because I was female. >> The reason why this was a problem is because sometimes she'd have to go out to sea in small vessels or be stationed on some kind of platform at sea, which also had small living quarters. And the problem was that these companies required men and women to have separate cabins and they simply couldn't accommodate her because a lot of these cabins had four beds in them and they didn't have any single bed cabins that she could be in. And there just wasn't enough women to fill up a sleeping cabin. So she just didn't get the job. I was told this same story over and over. But that didn't stop her. She kept

4:26applying at places and eventually a Norwegian company finally said yes to her. finally got a Norwegian company to accept me and they said, "If you get your private pilot's license, we will take you on." So, I went to a bank in Scotland and asked for a career development loan and I got my private pilot's license. >> Well, now this pilot is different than ROV pilot. This is air. >> Yes. This is a small. Yes. So, I can fly a Cessna although I haven't in America. I can do that. And so, they it was supposed to be quite similar. And then I

4:57called the company back and said, "Hey, like I've got this." and it took it takes months. So, and I was getting further and further into debt. So, I um called them back and said, "Hey, I've got this." And there had been this change of management and they were like, "It's not actually we don't know why they said that. It's not a private pilot's license you need for a plane. It's we're we're more like as an ROV pilot. It's closer to a helicopter." So, I changed my name. I went back to the bank in Scotland, got another career development loan and went back and got

5:28my PPL for helicopters. Then I went back to them and said, "Okay, I've got this, but listen, like no more surprises and can I have a job now?" And they took me on and it was it was sort of life-changing [music] for me. This job required her to travel a lot. North America, South America, Europe, Asia. She got to travel the whole world [music] while working as an underwater ROV pilot and sometimes flying helicopters. >> So [music] I lived in Venezuela for a while. I lived in Trinidad. I have been

5:58to sort of everywhere [music] from Nigeria to Australia. A lot of coastlines. So I've seen a seen a lot of water. While she was doing this work, she started getting more [music] fascinated with it. Computers became her passion. She was enrolled in remote learning courses and was able to get a degree in computer science. Then she took a month off work and landed in Los Angeles, California, just to take a break for a while. But she fell in love with LA. And while there, she started going to a gym to exercise and work out. >> One of the people that I was training with in the gym was a stunt man. And I

6:29was I sort of begged him to please like, let me hang out with you, let me be cool, too. So, um, eventually he sort of he got me some training in stunts and he actually got me one of my first jobs. She was in a few independent films, did a few stunts for them. She got an opportunity to be in House of Cards, and she did a stunt for them, but they decided not to use it for some reason. While that was cool, it was also short-lived because while it's exciting, she didn't see it as a long-term career. >> I studied quantum computing, and it was

7:03really difficult. It was it was it was extremely difficult for my feeble mind, but it was really enjoyable, and I I loved it. This turned her attention to new technologies and companies. At some point, she got a job for a company in Australia and moved there.

Maxi's Career Change

7:19>> My first entry point into both social engineering really and pentesting was in Australia and I worked for a big company down there. They gave me a shot on their graduation team for for cyber security. >> This company had penetration testers, people who try to break into a building or a network to test the security of it. She got to watch one of these pen testers work by monitoring their activity through cameras. >> And I was witnessing a a pen test but with this social engineering component.

7:50And it was a guy. He was a he was a really good hacker. And he had gone into the network of one of our targets and he was opening all of the security doors and automated doors for one of the team, the cyber security team. And they were just walking through and they were filming the whole thing. and you know it was being broadcast live back to us and it was amazing and I was thinking okay this is a good job this is the kind of job that I would like to do >> being a physical penetration tester seemed like just the thing for Maxi

8:21breaking into a building acting like a spy that seemed really fun she asked if she could do that and >> they were like well your luck is in because we have to test them without these technical capabilities so we're just doing a physical pen >> [music] >> would you like to be involved? And I jumped at the chance. >> So they gave her an assignment which was to try to get into a company and film what they were working on inside it. And to start figuring out how to get in, penetration testers often use OSENT,

8:51which is just gathering data on a target through open public searches online. So she does a little OSENT and starts learning about the company more. >> They had some very interesting IP. They were a transport company and they were building some unique uh buses and large transport vehicles within this um whole complex. So my job was to get into there past reception, past all security, get in and look at all of the assets and the

9:24IP. And I didn't need to, you know, hack any computers or even plug into any computers. It was it was simply to get in and to essentially have a look around. >> How fun, right? Can you get into this factory, take a few photos of what they're building, and get out without them knowing you're a spy? As she starts learning more about this company, she found out that they had some big connections with Sweden, as in some of their offices were located in Sweden. >> If you squint your eyes and you were

9:55very far away from me, I could probably pass as Swedish. So, I had decided and no one stopped me. I'd like to point out I decided that I was g I was going to um pretext or or present myself as like a Swedish ambassador for this for this company and I had the CEO's name and some other top execs names and things like that. >> She does have blonde hair, but even though she may be able to pass as Swedish looking, there's no way she's

10:26going to sound Swedish. Not with that Scottish accent. So her plan was just to put yah on the end of everything and hope they didn't notice. >> No. And it gets worse because so even I cuz they're they're Australian, right? They're not idiots. So I was thinking that will never work. >> But that was her plan and she decided to go forward with it. She liked the idea of acting like someone else. So she was set on being the Swedish ambassador for this company. Walk in, tell them she's from the Swedish branch and she's just flown in to inspect the building. But in order to do that, she's got to look the

10:56part. So, she takes a trip down to the local clothing store, buys a new outfit, something that would make her look like an executive. >> I bought a clipboard and I looked professional and I had like a little briefcase and I was really trying to look professional. >> She's all set, ready to go in. Outfit on, camera rolling. Deep breath. Let's go. >> [music] >> So, I go in to reception and I approach the receptionist with like a warm smile and I'm, you know, being as as nice as I can be. And I said, I'm here for this.

11:30I'm here for this appointment and this is what I want to do and this is where I'm from. And [music] she said, okay. And I was like, what? It was that easy. This doesn't make sense. But, you know, I'm not going to get in my own way. So I followed her and she took me to this little room just sort of directly behind reception and I was greeted by this adorable little old lady and there was one other person in the room but we didn't really talk. So I had to present ID which is another stumbling

12:01block and I got to talking to them. So they asked me why I was there again and all those things and they said they weren't expecting me but it wasn't a problem and I thought well this is really easy this is great and I gave them my ID and I had an Australian ID at the time and they said you're from Sweden and you've got an Australian ID and I said yeah and I've got a dodgy accent. I I went to school in the UK so I tried to get around it like that and it works beautifully and I don't know how. So I got in. Okay, at this point

12:32she's doing pretty good passing as this Swedish person from another office. She got into the building. Check. Past reception. Check. And past the two people that she was handed off to. Check. Check. Check. Now she's in and she's trying to film things, take pictures of what's going on. There's an engine room. That looks interesting. Film that. So, she goes in closer to take a look. And I was walking towards one of these large engines and this man was walking towards me with I think it was like two other men and he

13:03stood out. He had this beautiful blonde hair and these big blue eyes like completely [music] stereotypical um like Nordic look and he came up to me and he said something in a language I don't understand but immediately guessed correctly this is Swedish. I'm supposed to be Swedish. I don't know any Swedish. So I'm racking my brain for the limited amount of Norwegian that I know. And um he whatever he said I kind of just

13:35looked and I felt my body get tense and I felt like the my brain says open up like let me cannonball into hell this is torture please no and so I said to him yeah and he looked at me like okay baby that that doesn't make sense but okay and then he repeated it and so I tried the one word I could remember in Norwegian which is nigh for no cuz if yes didn't work then maybe no would

14:06maybe one of my dumbest moments but um so then he quickly just understood like this isn't right and then security was called they they had a very prompt security team they came I was detained >> oh no she was caught this is every pentester's fear but just because she's caught doesn't mean it's over maybe she can somehow Oh, get out of trouble. Convince security that everything's fine. Or at least just try to leave the building without being caught more. She tried to change the story. No, no, I'm

14:38I'm not from Sweden. I'm just working with the Swedish team. I'm based in England. So, they asked to see her ID again, and it just wasn't checking out. They were very confused by the whole thing. At that point, she just couldn't see any way out of it. So, she pulled out her get out of jail free letter. This is a letter that all penetration testers have that gives them authorization to do what they're doing. Has a phone number on it, which is typically the head of security and says who actually authorized her to sneak in. So, they call the number on it and the

15:08head of security says, "Yep, this is all a planned test. Uh, good job for catching her." >> We had like this sort of laugh after it and even the security guy was like, "Why would you pretend to be Swedish?" I was like, "I don't know. I'm Scottish." He's like, "I can tell and you don't look Swedish." I was like, "I know." That was Max's first pen test where she tried to break into buildings. But she loved it. This was adventurous, adrenalinefueled. You need to keep your wits, be quick on your toes, and know all about computers all at once. She felt like this is where she was meant to be. This was cool. And

15:40decided to pursue a career in pentesting. She did a number of penetration testing engagements while in Australia, learning new techniques and getting official training on how to get better, reading a bunch of books on how to improve. And one of the things that intrigued her was thinking like an attacker. That attacker mindset was something she spent a lot of time thinking about. How do people with bad intentions act? Soon it was time for another penetration test. Still, while she was working for a company in

Penetration Testing Experience

16:06Australia,

Penetration Testing Experience

16:06>> the company I worked for was working with the local government in in the city that we were in. And I won't say the name because I don't want any further embarrassment. >> Now, penetration tests are not always physical. In fact, I'd say most of them are just done over a computer. Like the penetration tester might be outside the company and just trying to hack their way into the company through the internet or sometimes companies will just invite the penetration tester right into the building and give them a desk and a network jack and say go for it from the inside because even if you get

16:36into the network, there should be layers of security which should still keep you from getting into important things. That's called defense in depth. So, this was a pen test on a local government office. And with this one, they invited her to come into the building and plug into a port and see what vulnerabilities she could find from within the company. She wasn't alone on this one, though. There were two other people with her. And the two other people were very experienced network penetration testers, and she was still learning how to do this. So, she was shadowing them and watching what they were doing.

17:10So I wasn't a noob, but I was [music] this was my first job in cyber security. I have a very technical background. Building ROVs, [music] flying them or um steering them, I suppose that's all technical. Even stunts [music] are technical to a certain degree. This was a step further because I [music] there no physical components to it. That's why it was so difficult for me. I [music] it's all on screen and like Linux is its own beautiful scary world [music] for

17:42me. So I was still getting to grips with this whole world and all of the [music] commands and what these things meant and how to undo things. >> And they all sat down, pulled out their laptops and plugged into the network. She [music] starts by firing up a network vulnerability scanner. I got to run the Nessa scan which was not the most technical job in the world but it felt good at the time and I got to [music] look at what vulnerabilities were there and I got to go and see [music]

18:12exploits for those and I got to like run end [music] map. >> These are fine basic tools to start with. It'll scan the network for known vulnerabilities. They're easy to use and typically benign as in they're not going to cause any trouble on the network just by running them. And when you run these tools, it's [music] not hacking. It's just to try to find what's hackable. And she wasn't exactly sure how to hack into this company. [music] When you're rammed experienced pentesters who love their job and these two loved everything [music] that every like line they wrote

18:43was um sort of like a piece of art for them. They loved it and they they really like got this high [music] out of it. And that's contagious. So I started to think like this is amazing. This is so cool. [music] look how far we'd ran. And one guy um one of the guys that I was there with got a call from [music] one of our points of contact and he was saying I can see you in the network and it was this big game and it was [music] fun and it was interesting and I got caught up in that. >> So after seeing all the cool things that those other penetration testers were

19:14doing, Maxi wanted to have some fun too. How far could she get into this network? She saw there were vulnerabilities on certain systems on her scan and she tried to exploit those vulnerabilities and get into those systems [music] because there's a sort of high you get from getting into a computer when you shouldn't be able to. And she was making [music] progress. She got into a few systems and she was looking around making notes on how she got in. She would look over her shoulder and always see those other [music] penetration testers many steps ahead of her. So she kept looking around to see what else she

19:44could get into. [music] I found my way to some internal environment and I hit the kill switch on a city's worship play. >> She accidentally typed the wrong command into the wrong computer which controlled the flow of water to the whole city. >> The person I was with immediately saw within the network that wait, that wasn't right. I will assume that he was sort of with me like following me

20:16throughout the network and could see a lot of what I was doing. And then I was thinking, yeah, this isn't I don't think that was maybe good, right? And so I looked at him and I could sort of see on his face and he comes over to me and he says like, "What did you do?" And I, you know, you can look at your history quite quickly and I still had quite a lot on screen. And I showed him and he put his head in his hands and I was like, "What? Is it really bad?" >> It was really bad. Shutting off the water to the whole city. Showers,

20:49faucets, sinks, even toilets were not functioning citywide. Her two other penetration testers immediately tried to figure out ways to fix the issue. One was looking at how the system operated and if it was possible to just turn it back on, but you don't want to just do that if it's going to cause a problem. The other pentester immediately phones the point of contact letting them know this is a major problem. Maxi was sort of in shock and incredibly embarrassed. She took her hands off the keyboard and just waited. >> I was detained by security guards and they they were not very pleased.

21:21>> Now, this is a completely different situation from the last time she was detained by security. The last time she had a get out of jail free card. This time they knew that she was supposed to be there. In fact, it was her point of contact that called security on her. She was authorized to be there and do this, but this was not supposed to be disruptive to the organization. Not only was it disruptive to the organization, but it was disruptive to the whole town. So, they wanted to at least get her recount of the matter recorded so they had it for later. >> I go down to a windowless room and I'm

21:52questioned. [music] And all of a sudden, one of the sort of accusations, if you want, was that I was a Russian spy. And I was thinking, how did we get there so quickly? like what happened? >> Apparently, [music] she spoofed her IP at one point to make herself look like she's coming from Russia to try to test to see if they could detect that. But that was just very brief. And she was definitely not a Russian spy. But this was becoming scary now because it wasn't just a confession of a mistake she made. It was like they were treating this more like an investigation.

22:22>> So I was held there for like a couple of hours and of course the police were called. The police had to be called. I didn't have any ID on me. I had my work card, but that doesn't really matter cuz it it's just a photo. [music] I could have printed it myself. And I kept saying to them, you know, if you let me go back to my apartment, I can get my passport for you. I'm British and I'm not a spy and you can contact my employer and I'm actually here with two people. And I kept [music] going and they didn't want to hear it. And that's okay. That's kind of their job to to do

22:53to [music] not believe me and to, you know, look for the worst because they've got to protect themselves against the worst. And eventually that at [music] some point I said to them like I need a can I have a glass of water? And the look is would would have been enough to like you know turn most people to stone. And I was thinking yeah that was not an ideal question. And then eventually my employers at the time called in and it did get sorted and I narrowly escaped um

23:27essentially what would I think you would call it prosecution. I I escaped any legal action because of that and I was on the graduation team. That lent me some credibility in the fact that okay, she doesn't know what she's doing and it's okay and my employer didn't fire me and I will be eternally grateful for that. [music] She doesn't know how long the water was out that day. It could have been hours,

23:58minutes, seconds. It doesn't matter. The fact that it could be shut off and it did get shut off is why the police had to respond. But she narrowly got out of serious trouble from that one. But this sort of [music] baptism by fire is how we learn the most important lessons in life. I mean, knowing firsthand what kind of true power a penetration tester has is profound. And this feeling sometimes flips back and forth, too. Sometimes you feel completely blocked with no access [music] to anything, and it makes you feel dumb. And other days, you feel like with a single keystroke,

24:28you can wreck this entire business. It almost reminds me of visiting a barber and getting an oldfashioned shave. the barber has this razor and they're shaving your neck with it. You feel very vulnerable in that situation. And I think many companies do feel vulnerable when they allow a penetration tester to come in. Who knows what they saw or took. In my last job, we had a penetration tester come in and see what they could do. And they were able to crack 25% of all our passwords companywide. That's like thousands of passwords. Of course, I read the report

25:00to see whose passwords got popped, but it only contains statistics, not passwords or usernames. And it made me think, you know, this pentester is walking out of our building with a bunch of our passwords. I've never felt more vulnerable at work before.

Break and Advertisement

25:16We're going to take a quick ad break here, but stay with us because Maxi is going to tell us about a penetration test story that changed her life. Making some big mistakes on past pentests did not make Maxi back down from pen testing. Instead, she doubled down. She was fascinated by the power of the pen tester, but more so the attacker mindset allured her, but she had to leave Australia. >> Well, yeah. So, I'd come back from Australia, my visa had run out, um, moved back to the States. My model in life is like, if I'm free to do it, and

25:47I want to do it, then I will do it. I kind of always want to be infatuated with what I'm doing and focused and I'm okay if whatever the thing is that I want to do changes and it has obviously but I want to love what I do because functionally right we'll I'll live for 70 years maybe I'll live to 90 but functionally I've got max 70 good years and I want to do well we might do two interesting things a year so I've got 140 interesting things that I'll do in

26:17my life that doesn't sound like a lot. So, I just always wanted to do the things that were most interesting, that would give me the most sort of interesting, exciting experiences. >> And for her, the thing that excited her the most was red teaming, penetration testing, social engineering, physically breaking into buildings was just a thrill to her. So, she looked for more jobs doing that. >> So, I was hired on a sanctioned red team contract to test this high security logistics company. And there were two testers that were booked. It was a large

26:48company, but they wanted the two of them to try to get into one of their satellite warehouses. They told her, "Look, there's a locked fence around this whole property. Security alarms are on the doors. There's security cameras watching the whole property. There's active security patrols at night." And they just wanted to prove that she could get to them. They didn't want her to do anything to those machines. And they gave her a little USB device and said, "Hey, if you can actually get to it, plug it in and take a picture that you got there, and this will prove that you made it." because uh presumably if somebody wanted to get a customer list or shipment list or whatever, it would

27:19be just as easy for them to plug in a USB device, grab the stuff and unplug it. So, they asked her to see if she could do that. So, her and her coworker take a drive out to this facility during the day and just drive by just to look at the place. And uh well, driving by is too quick. You can't see anything. So, they decided to get out and just walk down the sidewalk and go around the whole property just to see what they can notice. Any points of entry? Are there any areas where the cameras aren't pointed? >> When we had kind of gone around the very

27:52edge of the perimeter was like metal fence like chain link fencing. So the chain link fencing had just it wasn't it was years old, probably decades old and so it was a bit rickety so you could just kick the edge up. So we knew that. They took some other notes and got an idea of what the place was like. There's a twostory warehouse building with loading docks and sort of two parking lots. One normal one with big transport trucks and cargo trucks and a second one that had a chainlink fence around it

28:23with many more of those big cargo trucks. We're talking eight wheelers here, the big trucks. This warehouse would load stuff onto them and then they deliver it. So, they leave and decide to come back at 900 p.m. But Max's coworker called her up. >> He's like, "I'm sick." And I was like, I hate you. You're not I know you're not sick. You're hung over. But anyway, last minute he gets sick. So the scope allowed for a solo run. So I was like, I'm going to do it. >> She waits until night and then drives back to the facility at 9:00 p.m. By

28:53that time, the place was all closed and there should be no workers there and just those security patrols that she was told about. >> I then parked behind a tree line outside of the logistics [music] park. I was keeping away from, you know, the the lights. I [music] was staying where the the shadows fell in. >> Okay, it's go time. I like the quiet approach of being on foot myself, too. You can hide easier, change directions more quickly, be more stealthy. So, come up um through a tree line off

29:26to the side of the whole complex. [music] Moving pretty slow. I'm far enough from the walls to see the whole facade. I'm close enough to spot like opportunities and I do the usual first pass. I don't force anything. I don't touch anything. She passes by the building. The classic first pass gives you plausible deniability, right? If you don't touch anything or don't go on the property, [music] you can just say you're passing by if anyone asks, but it's quiet. There seems to be no signs of life inside. No [music] noise, no doors open, no lights

29:58on. And there were a lot of trucks in the parking lot, but all of them were dark and quiet. No regular cars there. [music] But surprisingly, she didn't see any security patrols. So, [music] since she's around the back of the building, she starts jiggling door knobs and windows to see if any of them will open. [music] And everything obvious that you would look at to gain entry was a no. So, doors, no. Hatches, couldn't see them. Gramm windows, they didn't open. and they were just double pane windows. Um,

30:30so yeah, so you know, good security is frustrating in some sense. Um, but it was this like corrugated all of the warehouses in the area were these corrugated sort of um steel structures or metal structures. And this the warehouse that I had, there was sort of this grass alley in the back at the back of it. and um its neighboring warehouse also had stacks of pallets. So there was

31:01just these stacks of pallets all the way like through this almost alley and there was this high stack of pallets that kind of touched it was within four 3 4t of a second floor window that was just this little it was like a little rectangular window but it was open and I was like oh that sounds like a great way to get in there. So, kind of moved a couple of palettes start to climb up these other [music] like this other high

31:32stack of palettes. Um, and most of them have kind of been um like secured to one another. So, it's they're still a little rickety. It wasn't like I I wasn't feeling very confident that they wouldn't crash to the ground, but they didn't. I'm, you know, pretty light on my feet. I'm built I am built for speed and not power. Um, so I do end up getting to the top, poke my head through. >> While the building looks two stories tall, it's really just a single story,

32:03but just with really tall walls. So when she looks down, it's straight down all the way to the warehouse floor. That's not good. That's too high to jump down. So she looks around and notices that the walls are made of like a lockboard. It is essentially is pegboard. [music] So pegboard is basically, if you aren't familiar, it's steel or aluminum sheet in and it's got this regularly spaced like square or round holes that you you basically put on walls in warehouses

32:33usually and then you hang like heavy tooling on it. So I'm [music] looking at this lockboard peg board and I'm like, "All right, well climbing down [music] it, you know, grav gravity is your friend." So, it's like fingers in and got my little sneakers on and I I actually get down. It's It wasn't as difficult as you think. >> Okay, she did it. She got into the building. Nice. Now, her objective is to simply see if she could get into those computers in the building. So, she looks around for them. They were easy to find since the monitors were on and they were

33:04glowing in the dark. >> Get to the terminals and they're all they're all open. It was It was beautiful. you know when in movies the they're like ah the [laughter] like the heavens light I was like this is great so they were yeah they were all unlocked and so I connected this approved device I snapped the required photos um you know proof I could touch one attack I would want to touch and then I felt about the exit and I was like I looked at the pegboard and I was thinking well cuz climbing up is a

33:37little bit different than climbing down. Okay, so climbing out the way she came was not going to work. She looked around for another way out. There are a lot of doors. She She's inside. She could just open one up and walk out. No, wait. Hold on. That's not going to work because they're security alarms. And she looked around the doors and yes, they were armed. Okay, [snorts] scratch that. You can't open those doors. It would trigger noises. And since she hasn't had any security on her yet, she doesn't want to get their attention now. So, she looks around for other points of exit. >> It was a loaden door that wasn't in the best shape. So a loading door like a

34:08like a dock where the truck backs in so it can get whatever the load is it can it can get into the warehouse and you don't always need a forklift and so on so forth. So it was um it was it was essentially that. So it was on a pulley system and it wasn't attached to an alarm which was mental for what they you know for how secure they wanted to be. Um, so yeah. So I I kind of it was a little bit buckled at the side and maybe that's why it wasn't on the alarm. I'm

34:39not sure, but little pulley system pull the chain up just enough to sneak out and I get back to my car through a forest, which is by far, by the way, the worst part of the story for me because I do not like insects. But um, so yeah. So then I I back to my car or I think I'm roughly back to my car and I phoned my point of contact and our report was a success, right? Like I got in, I've managed it. I've got the photos. I'll write you a report. And he listened and

35:11he was like, I want to [sighs and gasps] issue a scope change. >> A scope change? This means the client wants to change what he wants her to do. I guess he was impressed that she was able to do everything he tked her with and wants her to try more. So he says to her, "You know all those moving trucks in our parking lots? See if you can steal those trucks." And she's like, "I don't know how to hotwire a truck." And he's like, "No, no, no. See if you can find the keys to any of them. And if so, take them." >> And I was like, "All right, let's do it." Cuz 140 interesting things in my

35:44life, this might be one of them. >> She walks back through the woods, cursing at all the spiderw webs that she comes across and then looks at the facility. There are a lot of trucks here. And they're the big trucks, like the long trucks, you know, they've got 20 to 40 foot containers on the back. And I've never driven one of them. Some are parked inside the fenced area, and some aren't. She starts with the trucks that aren't in the fenced area. Step one, see if the door is unlocked. The first one she tries, the door is unlocked. Wo. So, she opens it, gets in the driver's seat.

36:16She looks at the ignition. The keys were not there. But to her surprise, the key was sitting right there in the cup holder in the center console. >> A little bit humorous. I'm like, eight billion people on the planet. I'm the best driver. So, what I'm going to do is I'm going to move all these trucks. I'm not going to worry about it. Reversing that truck. I was like, I'm going to have to leave this here cuz I'm I'm not going to be able to do this. So, yeah. So, I took them up just other end of the culdeac almost. It was like a little sort of um quiet area, a little

36:46logistical parking spot, I guess. So, I just parked them all up there. [music] >> She parked it about a/4 mile away and then ran back to get another truck. >> The keys were not consistently controlled and the fleet wasn't consistently parked on the inside of the secure [music] perimeter. So, basically, it just became this live demonstration of risk. >> One after another, she was able to find keys for these trucks. So when a driver