PODCAST

151: Chris Rock

2024-11-05 · 08:00 UTC ·51 min read

Brief

Chris Rock (not the comedian) framed himself to Darknet Diaries host Jack Rhysider as a long‑time Australian hacker turned entrepreneur: a 51‑year‑old who spent a decade in banking, a decade running pen tests, and who now runs SIEMonster while also taking mercenary engagements. Jack repeatedly pushed on ethics; Chris repeatedly emphasized pragmatism and repeat business — he views these assignments as exercises or services rather than moral questions. The episode’s central story followed a nine‑month engagement commissioned by a wealthy Middle Eastern client (through a Western agent in Istanbul) to determine whether a subsidiary’s funds and IP had been misappropriated and to recover the money if possible.

Chris described a methodical, multi‑vector campaign: start by mapping eight named suspects and compromising their peripheral contacts (Level 3/2) to learn language patterns and trust relationships before hitting the principal (Level 1). Initial phishing used malicious PDFs and custom listeners (Metasploit‑style) but failed to reach shells from inside office networks. The team then physically planted a tiny Linux box with an antenna behind a microwave in the coworking space, used Aircrack‑ng to exploit WEP, and enumerated file and email servers. That access produced voluminous evidence (mail, file servers, IP folders) which they fed to the client and local lawyers; when the client wanted funds returned faster than local police/litigation would allow, Chris escalated to bank compromise. He described phishing a bank employee, replacing online banking front pages to log credentials and 2FA attempts, and when an extra transfer 2FA blocked a direct pull, impersonating teller/employee accounts (leveraging his banking experience and directory access) to transfer ~$2.5M back. The story ends with the ringleader escaping custody (Chris tracked IP headers showing movement) and the engagement wrapping with the funds returned. Interwoven were Chris’s Defcon anecdotes about exploiting online birth/death registration systems (EDRS) to fabricate or remove legal identities — a privacy and policy threat he says governments have not remedied. Jack expressed shock and ethical concern several times; Chris remained candid and unapologetic, framing his work as a repeatable service for powerful clients.

Cleaned source text

title: "151: Chris Rock"

author: "Darknet Diaries"

source_type: podcast

content_hash: 42648258bd23134dc22d430a9e87bbeea9df0d2d870cde73400098f9b9e30aff

JACK: [Music] Just a content

warning from the top here;

there’s quite a few swear words in this one. I

don’t know, do these content warnings even help

anyone? Let me know if you like knowing

if there’s swear words coming up or not.

Someone who’s been on my radar for the last decade

is a guy named Chris Rock. Not that Chris Rock; a

different Chris Rock, a white guy, an Australian.

I know him as a security researcher, but as soon

as I got on the call with him, I started learning

that he’s way more than just a researcher.

CHRIS: Yeah, so, I’m a public guy for my research,

but not public for that side of the business.

So, for me it’s — for me it’s just a gig,

and whether it’s white or black, it makes no

difference to me. So, I think that sort of…

JACK: Wait; so, have you

done black-hat gigs before?

CHRIS: Oh, shit, yeah. I’ve been doing them since

I was eleven years old. This is the norm. I know

a lot of people — and the white hats say, oh, I

used to be a black hat and now I’m not. For me

it’s like, I didn’t give a shit whether it’s

white or black, are you a hacker, yes, no…

JACK: But hold on a sec. But the black

hat indicates that you’re doing criminal

activities. So, you don’t give a shit

if you’re doing criminal activity.

CHRIS: No, not at all, not at all. It’s funny;

I meet with a lot of people who do the whole

‘hacking is not a crime’ and all that sort

of stuff. It’s all full of shit. That’s their

public persona to keep their job safe. But at

the end of the day, when you have a beer with

them and you talk shit, it’s all bullshit. So,

I’m essentially transparent about what I do.

JACK: So, what black hat stuff

have you done? Not when you were

eleven. I’m sure you stole your

mom’s credit card or something,

but that’s small potatoes compared

to when you’re an adult, I suppose.

CHRIS: We’ve done everything. We’ve done banks,

we’ve done government, we’ve done telcos,

we’ve done big oil companies just

out of exploratory processes. Like,

yeah, normal stuff. When I say ‘normal

stuff’, normal for black hat people.

you robbed a bank and then just took the money?

CHRIS: Yeah.

JACK: [Laughs] Chris, what are you doing?

CHRIS: [Laughs] For me, it’s an exercise. It’s

just, can you do it? Yes, no, transfer. There’s

a lot of people around the world that will pay

you to get into these banks and transfer money.

JACK: Yes — [laughing] you’ve broke my brain here.

CHRIS: Sorry, buddy.

JACK: I don’t even know where to go.

CHRIS: You got multi-angles and — look, you may

not — we may not be able to cover it all in this

call. It’s just an exploratory call.

JACK: [Laughs] It’s like, ten calls.

CHRIS: I mean, the hard thing with you,

Jack, is you’ve got a thirty-something

career that you’ve gotta stick into an

hour block. It’s not gonna fit. So, it’s a…

JACK: Okay, have you ever been arrested?

CHRIS: No.

JACK: How are you this good that you’re

able to rob banks and not get arrested?

CHRIS: It’s not that I’m that good. It’s

just, you have to be stupid to get caught.

You know what I mean? The world’s your oyster.

I mean, we get raised in this world — I mean,

I train forensics, anti-forensics, and it’s just