1993
IamA Bryan Seely. I broke Google Maps. I wiretapped the FBI and Secret Service aka @maptivists AMA!
I am Bryan Seely, 31 year old father, Senior MSFT Lync Engineer, Network Engineer, Security Consultant.
I broke Google Maps. http://www.komonews.com/news/local/Man-used-Google-flaw-to-eavesdrop-on-calls-to-Secret-Service-FBI-247962881.html
http://valleywag.gawker.com/how-a-hacker-intercepted-fbi-and-secret-service-calls-w-1531334747
http://pic.twitter.com/70gAimirXQ
EDIT - WOW I woke up after a 4-5 break for some sleep and im on the front page. Holy cow. Thanks so much for reading and watching. Holy shit there are 100 Orangereds....
Kubah229 karma
How scared were you when you walked into the FBI office? Were you prepared to be detained?
bmseely601 karma
It was the secret service, and yes. Yes i was. I have some close friends from the Marines that i know, all of whom i called prior. They all called and vouched for me, which probably helped a lot.
Let me be clear, the secret service handled it perfectly, and with grace and efficiency. They are solid investigators, and one in particular, very good looking. She would not answer if she was single though. lol
Walks500Miles272 karma
...And you asked her if she was single. The balls on this guy....
bmseely254 karma
She said "I probably won't answer that question" what kind of answer is that?
Dicky_McCockpants49 karma
It means her answer would be honest and encourage your pursuit. So she wanted you, but you have to mind fuck her first, you started by flipping the interrogation on her. Then dropped the ball when you should have pushed harder - that's how you get an answer.
bmseely119 karma
Hey, i might have recorded the secret service and then told them and then nearly arrested but do not call me a dumbass. That would be a step up.
expendablethoughts24 karma
"If, after the naked search, I find it relevant to inform you, I will."
bmseely260 karma
Not even a little bit. IT was just funny to be hitting on a secret service agent in an interogation room while they are all being serious. lulz. All about the lulz. It took me 4 hours to show and tell them how this was all done.
Not saying they are dumb, they just ask a lot of follow up questions, and i had to do everything while tethered to my iphone with 1 bar of reception. They would NOT let me get on their wifi. Frankly i dont blame them.
THe komo initial story aired on a tuesday showing the pranks about snowden at the white house lawn. They had the story printed out prior to my arrival as i think most of seattle had seen it. When i walked in and told them what i did, they did not believe me. I showed them the recordings, and walked an agent through the entire thing, and then they finally did.
I try, to do stand up comedy a couple times a month as a hobby. I enjoy that a lot, and so i carry over humor to every situation no matter how appropriate or inappropriate it might be.
Fatalstryke30 karma
I want to use the phrase "internetz" when describing you in a way similar to the way that rappers would call themselves "straight up gangsta, bitch."
bipbopcosby14 karma
Are you still in Seattle area? Where do you do stand up? I'd come watch you. I've thought about doing stand up before. The anxiety I feel from thinking about the anxiety I would feel cripples me already but fuck it, I may give it a shot sometime.
bmseely20 karma
Stand up now is easily less anxiety than this fame nonsense. I will hopefully be at Seattle comedy underground Monday nights from now on
bmseely317 karma
Yes. Absolutely. Change can come from within.
But my ideals fall second to keeping my two daughters fed and clothed and safe.
Chipzzz4 karma
Change can come from within.
Sometimes you have to move house (and learn a new language) abruptly after making those changes, though ;).
bmseely3 karma
hehe, i speak Japanese already. Too bad i would probably have to go somewhere else...
pyronautical122 karma
Not trying to diminish what you achieved but... I don't see how this can be classified as hacking or really even wiretapping as we think of it to a certain extent.
Removing the fact that what people read on Google Maps may be taken as fact, it seems no different to creating say a Facebook page for the secret service and throwing up your own phone number. Or even putting up a website that claims to be the FBI etc. Heck, if you posted a craigslist ad as "I am the FBI, Call this number", and people did call it, that wouldn't be hacking craigslist right?
I used to create fake Google Places listings a while ago for SEO purposes. I would create a fake business listing called say "Concert Tickets Seattle", and then use a burner phone to create the listing. And within a couple of days you would be the top result for Concert Tickets Seattle, but there isn't much Google can do about this.
bmseely135 karma
I agree on the point that yes, this is nothing if one did it on facebook or yahoo.
but on google? the way the phone app i designed, it doesnt even show you the phone number until the number is dialing.
ALSO, the fact that the people who did call, NEVER even thought to double check it. And wouldnt have ever noticed.
Google has WAY more coverage and searches.
If you were the presidents aid, in a convoy, would you already have the number saved? no, you would probably just google it. I know, i was in the Marines, in Intelligence field, and i saw people doing shit like that all the time. We should have had the base operator in contacts, but just google it. Why the hell not. Its way easier than being organized.
One caller had already called the day prior. He didnt even notice. How would he have?
Downplay it all you want, 15 calls to 2 minor locations is no laughing matter. I could have setup 100 that day all over the country. Sure, i didnt get outbound calls.
Im not wanting the fame to feel smart. I dont need millions of people worshiping at my feet. I leave my fly open on my pants on a DAILY basis, but the GOAL of this was get Google's attention. I used the Secret Service and FBI to generate some actual pressure. They saw it as a problem.
So tell me how its not an issue ? Its not a "hack" or "exploit". Google called it spam. Call it My little pony for all i care.
Zedred130 karma
It is not a minor issue. Fake listings for major banks and dogecoin/stock brokers could have caused dire havoc and major theft. The people who don't understand the magnitude of what you discovered have no background in theft prevention.
FenPhen20 karma
but on google? the way the phone app i designed, it doesnt even show you the phone number until the number is dialing.
This isn't completely accurate, at least on Android. When you click the Call button in Maps, it sends the number to the dialer where you can see the number and then you have to confirm the call by pressing the dial button.
If the number matches a previously saved contact, your contact name and number descriptor (e.g. "Home," "Work," etc.) shows up while ringing.
bmseely28 karma
ah. iphone it just dials and you can see the number, but as its dialing. Noted.
Still. people dont even notice.
odd666112 karma
It says they ended up calling you a "hero" for discovering this vulnerability. Did you have some feeling you might be getting into real big trouble for this, or you knew they would end up thanking you?
bmseely247 karma
I honestly thought it might get me in trouble. But there was no way else to go. I had to let them know, otherwise hiding from it would have meant certain conviction and years in a federal "pound me in the ass" prison.
zeugma2576 karma
why was there no way else to go? did you first tell google about it and get ignored?
edit: i see you said elsewhere
I wanted Google to fix the problem. So I sent them everything 1 month before the story aired. They did nothing.
bmseely110 karma
I sent them numerous detailed emails and even made them screen shots and camtasia videos.
They don't care what other people know. They feel they have it all under control. They very much do not.
zeugma2549 karma
google is one of the few brands i trust. was this a case of wilful ignoring or getting lost in a sea of information do you think? i.e. cock-up or conspiracy?
bmseely110 karma
5+ years of willfully ignoring. They have known about this for many years. No one on earth thought that I could do what I did. But then again. No one on earth has spent more time fucking with google maps. Every google employee included. Don't get me wrong, to work at google you are brilliant. But. They aren't trying to game the system. They aren't trying to solve a puzzle that unlocks MONEY. They didn't look at the human consequences either. So put me up against anyone. And I'll gladly show you that "my Kung fu is best" - Kevin Mitnick -Michael Scott
bmseely11 karma
Happy Cake day SuspiciousWaffle.
study, boredom, lots of time on computers.
gwawayaway20 karma
What on Earth made you think tapping into the FBI of all people was smart? If you could have "had the entire country under surveilance before anyone said anything" you could have picked any target that wasn't . . . well, wasn't the FBI. I appreciate the sentiment of trying to prove a point, but I can think of a dozen different targets that serve the same purpose and don't upset the one group of people who can make your life the most miserable.
oneAngrySonOfaBitch18 karma
you could have recorded another company and presented your findings to the FBI.
Beer_Is_Food90 karma
Firstly, thank you for your work in improving our technological infrastructure. I aspire to do something similar the same with email verification tech.
1) How do you feel about the general white/grey hat work? It seems that it sucks you're basically giving free tech support to companies and you're lucky to avoid a lawsuit.
2) As a layman, what's the best way to support these types of folks. What do we do? Send angry mail to google? Write a mean letter to the FBI?
3) I would imagine a big hurdle is the lack of understanding of the infrastructure of the internet, from the general public to (more importantly) those who represent us. I'm with you, but to play devils advocate, how does breaking the box help fix the machine?
bmseely127 karma
- Google Maps needed to be taken down a peg. Not a single person on earth thought i could do what i did. I could have had the entire country under surveilance before anyone said anything. I have more to teach and show, and hopefully the other tech giants will actually welcome some information and collaboration time.
- Call your news station and tell them about this story. Follow me on twitter. Stop using Google for everything until they show real change.
- To be honest, there is a lot more to do to get real change to happen. As it stands right now, i will be releasing more funny exploits in the next 24 hours. If more people pay attention to my twitter and exploits, the less Google will be able to deny. They have known about this for 5 years+ and there is blame on them. They just pretend there isnt.
Zerrikanterment74 karma
...and hopefully the other tech giants will actually welcome some information and collaboration time.
While you're at it, tell them to stop being dicks with my bandwidth.
bmseely90 karma
I always heard "hes smart but doesnt live up to potential".
Now i understand. lulz
iruleatants5 karma
1) Your exaggerating massively are you not? How does your flaw work against already verified listings by an owner?
Your flaw only works for people who rely on Google Maps to give them phone numbers, over anyone who directly visits the site/already has the number/using another number listing service. Saying you could have had the entire country under surveillance is a joke. Especially for then millions of companies who actually pay attention to google maps and would notice the change. Attacking one the most technology retarded divisions isn't as impressive.
2)And use what instead? How about we just verify phone numbers before we call? The world could do with more verifying facts more.
bmseely3 karma
No, i just ranked higher than verified businesses. Im told im pretty good at that.
thats a good idea. people are lazy though.
CatsSmellFunny72 karma
What is one common mishap that the average person tends to make on the Internet, from a security standpoint?
bmseely112 karma
Not editing their public visibility on facebook or linkedin etc.
Also, use popup blockers and adblock.
I use chrome for starters. Yes, as a company, Google is amazing. They have a good ethos, great ideas, and do great things for the world. But at least for maps, they are closed off to all public suggestion or comment. This is not ideal for consumers.
friskypussy23 karma
I use Chrome too with an adblock plug in. However when I use incognito mode, it doesn't seem to work. Why is that? And what can I do about it?
friskypussy25 karma
Cool! Thanks! Lol Good thing FBI didn't arrest you or search your house.
jelvinjs74 karma
Also, use popup blockers and adblock.
Wait, do you mean using them is a 'mishap', or not using them is a one?
odd66642 karma
So what is the solution? Some kind of verification process of all listing on google maps?
bmseely77 karma
There is already a phone / post card verification process. They are both logically flawed. I have demonstrated both flaws with repeated success. Its because they built their products badly, and they should feel bad.
Walks500Miles22 karma
Do you think that the FBI is now wiretapping you and/or monitoring your web presence, specifically this AMA?
bmseely92 karma
I'm not that important. But yes, I have a feeling that. To some degree there are tabs on me. But what I did first was notify them so I'm not going to be raided in middle of night. I hope. My 5 year old is asleep so if they are listening or reading, please email or call when you guys are at the door, or just come in quietly. The door is unlocked.
JrAtlas21 karma
What was your motive? Why did you want to eavesdrop on the Secret Service? What did you discover?
bmseely44 karma
The articles in the info section do a pretty good job. BUT.
The point was that there is so much spam on Google Maps, that real American business owners are being put out of business, and they get 0 help from Google.
I wanted Google to fix the problem. So I sent them everything 1 month before the story aired. They did nothing. So i started spamming Google Maps with funny links. Funny locations etc. here is one post. http://blumenthals.com/blog/2014/02/20/google-maps-mapmaker-exploits-just-for-the-fun-of-it/
Now that i got it in the news, and the secret service and FBI are aware, Google will be forced to fix some of them.
bmseely33 karma
I just thought, well, if people like the pranks, and the funny stuff, then maybe i can take this the other direction and make my point even more clear.
Plus, i was bored. My daughter was in the play area at MCD and I had nothing better to do.
bmseely38 karma
I will not comment on any recordings that may or may not have happened other than the ones in the gawker article. There are two posted there.
Rob_G16 karma
When I was a little kid, I saw an uncle that I'd never met before while at my great-grandmother's funeral. He was kind of weird, not really talking to any of the adults, but he knew a ton about computers and so we were chatting for a while. I don't know how it came up, but he told me that if I ever needed to erase a computer, all I had to do was to type del space star dot star into DOS and that would be it. I remember exactly how he said it, slowly and deliberately, like the serpent telling Eve that she'd better not eat the fruit from the tree of knowledge.
I sat on that command for about a week, but eventually my curiosity got the best of me. I waited until nobody was around, and I typed it in. And then it went all DOS-prompty, the way PCs did after you hit the return button back in the early 1990s. All of the sudden I realized for real what I was doing, that I was destroying the family computer, that my parents were going to kill me. I unplugged the machine, hoping that it wasn't too late.
But it was too late. I plugged it back in and nothing booted when I turned the power on. Later in the day, my mom asked me if I knew what happened to the computer. I told her I had no idea, but that I saw my two-year-old brother Joseph messing around with it earlier in the day. The machine sat idle for a few weeks before someone tossed it in the trash, and a few weeks after that, my parents bought another PC, this one with Windows 95. Now I had my own Windows 95 CD, just like everyone else at school, and now I could watch that Buddy Holly Weezer video whenever I wanted to.
bmseely18 karma
My dad had this happen a couple of times. I blew the logic board on a performa 9600 that was a 1600$ repair. Something around there at least. I broke a lot before I got good at fixing and then preventing.
Training people who know nothing takes the most practice. Never speak down or consider yourself better because you have a particular set of skills. A set of skills u acquired over a long career. Just because you understand a computer doesn't mean you know shit about anything else. That 50 year old secretary who still calls it foxfire has a lot of things to teach you about other things.
Rob_G13 karma
I know right? I wait tables for a living, and one time I was training this new guy, I kept trying to tell him that when you pour a Diet Coke, you're supposed to only fill the glass halfway, and then place the bottle on the righthand side of the glass with the Diet Coke label facing toward the guest. But this guy, he didn't know anything, and this was my first time training someone, so I wanted to come across as big and powerful. I kept saying stuff like, "How many times do I have to tell you? What's wrong with you? Are you dumb or something?" And this totally backfired, because after I finished apologizing to a guest for the incompetence of my trainee, that guest then went behind my back to complain about my harsh training tactics to the manager on duty. I was immediately stripped of all training privileges, and that guy that I was training, he actually turned out to be a really nice guy. Everybody loves him, especially the managers, and he became the new trainer after like a month. Every once in a while though, for old time's sake, I'll walk up beside him while he's training someone on how to pour a Diet Coke, I'll say something like, "Don't take him too seriously. When I trained him, it took like a whole day to get the pour just right!" I'm trying to be funny, but it always comes out wrong, like I'm trying way too hard, like I can't help not sound like a huge dick.
bmseely16 karma
Everyone has something to offer. We are all just stupid meat sacks trying to go through life not looking stupid.
bmseely45 karma
Sure, ill send you a file to block my ability to do that. when you download, just click run, and then yes to run as admin. should be called, notaspyingapplication.exe
bmseely41 karma
Shoot me your credit card info or scan it front and back and ill make sure it never gets stolen.
bcgoss11 karma
Did you know if you type your reddit password in here it just shows up as stars?
"********"
see?
bgrafnation15 karma
What is your next project? Any chance we can talk you into "breaking" Apple?
bmseely32 karma
Showing the vulnerabilities in Apple Maps, Bing and Yahoo, and even facebook is something I am already working on.
Soggy0atmeal14 karma
This is completely unrelated to most anything else in this thread:
I envy you so much, Mr. Seely. My last name is Seeley. And people always spell it your way. I envy you. That is all
AtlasNoseItch12 karma
What is your honest opinion on things like the NSA "breaching" our online privacy?
Do you think it is necessary to keep people safe, or is it a clearly a wrong thing to do?
bmseely29 karma
I think that so many gates have to fall in the world political processor before anything changes in that regard. The people who have the money or power have so much of it, even good candidates and moral people can't touch them. I try to be kind in my dealings, generous to others, charitable to the less fortunate and the less time I spend on things I can't change the better. Now. This is something I has the power to change. So I took it. There are thousands of Americans who will now have more business and less competition in the form of fake lead gen companies. I was a contributor to that problem until I learned some things in life and realized I couldn't do that stuff any more. I couldn't live my life that way.
I live my life now knowing they watch, and I don't have any secrets. I might not want some of it aired, but my parents and loved ones won't abandon me and nothing out there can stop me from doing what is right. Period.
AtlasNoseItch10 karma
I think that's a pretty good assessment. Thanks for answering my question, and for doing this AMA, and most of all, thanks for trying to make things better. I wish you the best of luck.
bmseely13 karma
Thanks so much for participating. And asking good questions. God I love reddit. I have a 5 year badge and finally able to give back.
PrimalTugBoat9 karma
Awesome stuff. I've got 2 main questions:
Have any of the larger tech companies offered you a position as a result of your actions?
How do you feel about the actions/reach of the NSA?
Do you worry that you are now permanently flagged in an NSA database now and will no longer have any online privacy?
bmseely31 karma
- No. I would LOVE a job offer. Remote work, Lync, Voip, Security. I am MCITP, MCTS, basically 6 certifications in lync. Tons of load balancer (f5 experience, firewall and networking / cisco) and lots of client interaction experience. Very much a jack of all trades.
http://i.imgur.com/pBesYGR.jpg Just kidding. There are a lot of grey areas and obviously big problems. I honestly think that there are lots of problems with designed systems being TOO good at certain things and people dont always understand the scope of what they are working with. Snowden, wow, that guy. Much Balls, So leaky - Doge.
Yes, they probably are aware of my existence. I like to think of their monitoring as like a reddit page. I just jumped up to the front. BUT. I was a marine. With a security clearance. I love my country, and proved that by pointing the flaw out. But a key point to note is: I TRIED DESPERATELY to tell Google. Emails to security at goog just resulted in nothing. Then whitespark.ca did a story on 1 map listing i made. http://www.whitespark.ca/blog/post/26-google-maps-too-easy-spam Then Blumenthals (top blogger about google maps). Once they all realized i was in this to STOP spam, there was more dialogue. Then google took things down pretty quickly, and was made aware of my presence and twitter feed. But they did not treat it seriously.
Thats when they asked Komo to not run the initial story. Here. http://www.komonews.com/news/local/Google-Map-Jack-246585191.html Then the night it aired, which was last Tuesday, i discovered what i could do with the call recordings and spoofing. Google's statement is that my listings were not "prominently" displayed. MY ASS. I could have deleted the originals and got EVERY maps call. Then bing, then facebook, then apple. I could have done it to every major directory and collected calls to every congressman's office, government office, even Google themselves. Dont forget every foreign embassy or literally ANYbody. Thats what scared me. Thats when i knew what I had to do.
I was a US Marine. Sworn under oath to defend this country. Honor, Courage, Commitment. I dont forget those things.
I have made mistakes in my life, but i could have found a LOT of information this way, and if the spammers have EVER done this, then it needed to be pointed out.
bmseely28 karma
Do u mean can it be gamed or hacked? Easily. But with large time consequences and the reside admins do a pretty good job of spotting and banning and flagging vote rigging. I like reddit because there is constant human oversight. Constant human monitoring and a collective mind that wants truth and wants justice and wants a new paradigm. Or pair of nickels. Depending on how much u can afford.
Shoulon8 karma
What about youtube? Can we still trust youtube? Is it true chrome keeps track and sends it to google? Especially Flagged keywords? If so I hope that's saved lives both mentally and physically. Nothing more
bmseely10 karma
You can assume that everything that you do online is watched.
Everything. They used to listen to keywords 50 years ago on the phones. The SR-71 was built in the 60's if i remember correctly. So.
its 2014. Assume as much. Use encryption if you have to send something sketchy. Or dont do anything sketchy.
bmseely29 karma
Build a virtual machine. Use Tor on the normal windows image that you currently use. Then use the VM inside of the windows install that is currently using TOR or whatever VPN or proxy service.
Within the VM you can use another proxy if you like. Clear cookies. Never save offline content. Trucrypt hard drive, or bitlocker if you trust it with TPM enabled. or http://i.imgur.com/uWL9EgM.jpg
OhIamNotADoctor7 karma
Despite what people are saying about you, I think you're alright. It takes a certain way of thinking and intelligence to see these blatant exploits. Reminds me of the movie Catch me if you can.
bmseely12 karma
I plan on getting ahold of Bing this week, as well as yahoo.
Currently, im trying to get this issue to go as big as possible to make consumers aware and to convince the BIG media outlets to pick this story up. Google wants this to die quietly. So, its just me vs the Goog.
Problem is, i LOVE Google. As a company, their CEO's, these guys are visonaries. And it sucks that i will never work there because of this. Oh well, still the right thing to do. Google can handle a little bad press. The business owners cant handle any more spam.
bmseely2 karma
I never played those. Dragon quest 5 and 6 in Japanese is what I grew up playing. I lived in Tokyo for 14 years
pugetF3 karma
I have nothing to add other than you do great work and you're reppin' the 425.
Memph1s3 karma
After seeing this and reading Ghost In The Wires I'm convinced that we need a Mitnick AMA.
Lithiumthium3 karma
If I want to learn what you learned, where should I start ? From my point of view you are already the next Zero Cool or something
OmegaCow3 karma
So you're the reason we drove to BFE looking for a Dennie's and found a corn field.
bmseely3 karma
No, there is no point in doing that, for me at least. Sorry bout your bad luck :(
element72442 karma
Hello, first off id like to wish you the best of luck with all of this. I'm quite amazed of what capabilities one has with a computer.
•In an earlier comment you said you could hack into someone's computer. Are you at all able to get into any type of phone/smartphone as well?
•How long would it normally take to do so?
•What's you're computer setup like?
bmseely2 karma
Probably could if i needed to or wanted to. Depends a lot on make, model, what you want, and their geographic location.
I have a Dual 3.0ghz quad core HP workstation with two SSD in RAID 0, 4TB in spinning disks, 48GB RAM , with a couple good graphics cards running for a lync / networking / lab environment. and a dell laptop, i7, 16gb ram, 128SSD and 750Gb data drive.
i used a Logitech G13 for macro's and shortcuts. And a razer gaming mouse for additional macros.
I dont game. havent played anything really since warcraft 2 and diablo 2. Kids and career.
bmseely1 karma
So far, Google wont comment on shit. They are hiding behind an air of Elitism and never admiting wrong doing.
Superbeast1120317 karma
How long did it take to wiretap the FBI?
View HistoryShare Link