Adopting Zero Trust
Adopting Zero Trust
Adopting Zero Trust: SIM Swapped
0:00
-59:44

Adopting Zero Trust: SIM Swapped

Season two, episode 10: Haseeb Awan discusses falling victim to SIM swap attacks four times.
Elliot Volkman
Jun 15, 2023
Share

Adopting Zero Trust: SIM Swapped

Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here.

Taking a break from our usual format, this week we chat with a victim-turned-CEO who was hit by SIM-swapping attacks. However, not all harsh starts have to end that way, and Haseeb Awan made the best of a bad situation. After being compromised not once… nor twice, but four times, Haseeb eventually took matters into his own hands and developed a new solution and company, Efani.

Haseeb was kind enough to share his personal experience of being SIM swapped where he describes the fear and anxiety felt as a result of the attacks and explained how easy it is to compromise a phone number.

The impact of SIM swapping on individuals and businesses can be devastating. Haseeb Awan explained how it affected his business goals and personal life. He also shared how he believes that the lack of a solution to this problem is due to companies being built for the mass market in cybersecurity. The financial impact of SIM swapping includes a 70 million-dollar financial loss, according to the FBI in 2020.

Neal also emphasizes the importance of understanding that financial security is often tied to a phone number, making SIM swapping a serious threat. SIM swapping can be carried out through social engineering tactics, making it difficult to prevent. It is crucial for individuals and businesses to understand this security threat and take measures to prevent it.

Key Takeaways

  • SIM swapping is a growing security threat that allows hackers to take over a phone number and gain access to sensitive information.

  • It is crucial for individuals and businesses to understand and take measures to prevent SIM swapping, such as using two-factor authentication and limiting personal information shared online.

  • The lack of a solution to the problem of SIM swapping is due to companies being built for the mass market in cybersecurity, leading to the oversight of cell phone security.

  • The impact of SIM swapping on mental health can be significant, leading to ongoing anxiety and fear.

  • SIM swapping can be carried out through social engineering tactics, making it difficult to prevent.

Editor’s Note

We’re still using the magic of AI to write our show notes but will be back to our regular coverage in July. Neal and Elliot will be in SF next week for Drataverse, so if you are in the area, let us know. We’d love to squeeze in a few episodes.

The Need for a Solution

The lack of a solution to the problem of SIM swapping is due to companies being built for the mass market in cybersecurity. Haseeb Awan believes that cell phone security has been overlooked in the cybersecurity industry, and there is a need for a better solution. His company is working to build a better cell phone service that prioritizes security.

Neal Dennis highlighted the need for a methodology for securing the most responsible device for all other technologies. It is crucial for individuals and businesses to take proactive measures to secure their phone numbers, such as using two-factor authentication and limiting the amount of personal information shared online.

The Impact on Mental Health

SIM swapping can have a significant impact on an individual's mental health. Haseeb Awan shared how he felt like he was constantly being watched, and nothing felt safe in his life. He thought that someone was going to kill him or come after his family. He felt like he had no privacy and that his every move was being monitored.

The impact of SIM swapping can be traumatic, and victims may experience ongoing anxiety and fear. It is essential for individuals and businesses to understand the seriousness of this threat and take proactive measures to prevent it.

SIM swapping is a serious threat that can have devastating consequences. It highlights the importance of companies like Haseeb Awan's, which prioritize security in cell phone services. It is crucial for individuals and businesses to understand this security threat and take measures to prevent it. This includes using two-factor authentication, limiting personal information shared online, and taking proactive steps to secure phone numbers.

Episode Transcript

This transcript was automatically created and is undoubtedly filled with typos. As usual, we blame the machines for any errors.

Elliot: Hello everyone, and welcome back to another episode of AZT. I am your producer Elliot, alongside your actual host, Neal Dennis. And today we we're not going to be covering Zero Trust in particular, we have a really compelling story that has led to a new solution. So I don't wanna ruin necessarily the punchline and what has the, you know, what the outcome was.

But Hesi you have a really interesting story to share with our listeners and I do want to at least give you a proper introduction before we kind of jump into that. So, I know you are an alumni of Y Combinator, you now are the CEO of your own company. What has actually led you to being in that seat before we get to the story at hand.

Haseeb Awan: I think they're sort of connected, so I just wanna keep a suspense there. But at the same time, it was pretty much a need, right? I was I couldn't find a solution for myself, to be honest. Like I tried to find out and, and I couldn't find anything until day. I cannot find any solution.

Obviously I'm biased, but basically I've figured out that every company is built for mass market in cyber securities. Basically like, you know, companies are looking for, hey, enterprise market, let's go for enterprise that sell six, like six figure seven figure contract, like, you know, and come with their term, which are very, very complicated.

Like, you know, you filtering, hijacking, all those things, zero trust, you know, these are very complicated terms and I just wanted a solution, a cell phone service that works for me. So I had a mission of that. What, like if I apply business class, I get like kind of a better service from my airline, right? I skip the line and all those things, but we come to cell phone, I don't get debt, and that was pretty much is there a need to build a better cell phone service?

That was pretty much the entire premise of that and are people willing to pay a premium for that? And that pretty much led to what we wanted to build. Just a better cell phone service, just a first class

Elliot: Excellent. Yeah, I can definitely see where that makes sense. I feel like usually the best technology solutions usually stem from when there is a problem that doesn't necessarily yet have a solution or you found a better, more unique way to resolve it. Maybe it's automation or it's, you know, faster or, you know, more easy to use or maybe a combination of those.

But with all that said let's just dig right into the subject matter. So when your colleague approached us I don't really know the most appropriate way to say my reaction, but I think the pitch was I have the perfect person to chat with for one of your episodes. He was in a sim swap attack.

Not once, not twice, but I think it was four different times. So, you know, that, that is definitely a unique story that we'll we'll be digging into here today. So I will say, if we're gonna throw some stats around, and I think Neil can throw me some actual numbers since he lives more closely to this world, is, you know, in like a ran warrior attack, you're more prone to whatever percentage get reattached again or be a victim again of certain different attacks.

And I think maybe because you were hit once, there's that viability where we're looking at that again. But, you know, correct me if I'm wrong, is there, there's some like sort of stat where like you're twice as likely or three times as likely to get hit again or something?

Neal: So with, with ransomware payments, yes. Yeah, that, that's a pretty standard stat pieces. The more you pay, the more you're probably gonna get shafted. I did look before this about sim swap stats and I, I know Steve's probably got some wonderful ones given the nature of the company, but I just quick, you can google this real quick.

You can find some stats around to bunch different things, but F b I alone said in the US that it was a 70 million financial plop last year, and that, that's not counting probably what has, seems probably gonna hopefully discuss around long-term impact as well as brand impact or, or other weird things that go along with anything getting compromised.

Right. So, you know, it, it's. It, it, it's kind of fun and air apparent I think, and, and good timing for a company like what we're about to go down the rabbit hole with. Cause we have mfa, we have secure other things that, that we do right to zero trust type mentality. But what we don't really have is a really good methodology for actually securing your number one most responsible device for all of these other technologies.

It's, it's standard network procedures, it's standard fun stuff. And then we end up with something as simple as a sim swap, which oddly enough is not a very difficult thing to do under a normal network. So all that to say hasi, you know, happy to listen to some stats on your behalf from what y'all see as a company perspective and, and increase decrease in general around all the impact too.

So,

Haseeb Awan: So obviously the challenge starts the start. It's very hard to compile them because a lot of time people get victim, they do not come after embarrassment or like, you know, you know, they are being costly, blackmail, that if you say this, you'll basically come after you. Right? And so a lot of people don't know where to go.

And F b I, as far as I know, they don't take. below 50 $500,000. So if you walk in with, Hey, I have a 10,000 loss, they say, you know, this is not our problem. Just go to like local police. And local police will say, you know, that's the counter. Or they'll just note down your complaint and we'll get back to you, which never happens, obviously.

Like personally, I when I got hacked, my story was like, first of all, it took me like almost a day to tell them what is a sim. I spent a day educating my telecom provider. What is a simat? They said that cannot happen. And when they figure out what happened, said, okay, we understand that first of all, we are sorry.

And I said, okay, sorry, would not do anything, so why don't you help me out? They said, we cannot help you out because the number doesn't belong with us anymore. It's on a different carrier, so now we don't own the number anymore. So I said, what should I do? He said, contact the carrier. I went to a different carrier and they say, You're not our customer because this is not your number.

Said, okay, previous carrier says, I, I'm their customer, but that number doesn't belong. New carrier says that I'm not their customer. So who's the customer? And they say, we can't tell you. And I said, okay, man. So anyway, I spent almost two days on figuring out and despite that, I believe that I was expert on this topic at that time.

Cause I was running a Bitcoin atm. So the story start with, I started one of the best world largest Bitcoin at networks. Last year we got acquired and we had like, almost 10,000 locations. Half my client and processing were a billion dollar in cash. So think about processing, not like, you know, it's a billion dollar in cash.

Right. You come across all kind of interesting people in that industry that are like basically into crypto. You add crypto, you had cash and everything, and things get interesting, you know? So we come across like a lot of criminals and we do. So like how happens? But long story short is that I realize that how easy it attack is, and if you look at every kind of ransomware attack or regular attack, it's basically a very small thing that happened.

Okay. What was the issue? Someone said the password to password and admin to admin. You know, someone did not set up their two fa someone took their laptop and went drunk. Right? A lot of those issues, like, you know, an entire posture, entire like castle that you're built around, security's o obviously grown because ultimately it comes down to me, Nelo Elliot, who can make a mistake cuz.

Companies depend on us, right? They depend on us. We'll act in the bed fit and know we screw up sometime. Cause we want convenience. So I realized that I can have MD and I can have like two fa, but my telephone, my entity. And when I, we were building bit Bitcoin atm, we had to do K Y C and am L. So for people who don't know, know your customer and any money laundering, so you have to identify a customer.

So if Neil walks up in atm, you know, and Ilio is the one who's running the atm. Now he has two options. Either ask for his id, And like go through computer scans and basically do computer checkup, which may take him half an hour and cost him for dollar $5, or he can just take his telephone number and against telephone number.

He can run a database and get all the information. Will cost $1. So it was purely a cost and we were processing like a cards per year. It becomes a cost. So we figure out the cheapest way to find someone is telephone number. It's like more social security number. You can find someone even, how many credit cards does a person have and what's the limit on that?

Just by your telephone number. You gimme a telephone number, you can find out. I have Chase bank card with like 10,000 limits. Just to give you example. You have, you know, this card and now you know what's the credit score of a person, how much network worth they have and how can you clean it. So I figured out that telephone number is something that's more critical than social security number. You know, like you can, we have all products and we have company like Live Log or, and we have like a lot nice companies around it who are built around cyber. Identity theft, but from mobile security, we don't have anything. We basically do not think about anything. And sim is such an easy attack to carry on even today, is that there's no. Around it. So I, after we started Bitcoin Atium, I said, I wanna buy a bank. I know this looks pretty stupid, but I said I wanna buy a bank because there were no crypto bank at that time. And that was my goal. And my phone got hacked, not one time, four times. And what it did to me was it basically screwed up my entire carrier around it basically made me that around buying a bank.

Because I got into so much fear and I was constantly living in a, in a fair life. Like I couldn't go for camping. Cause I thought that anytime I lose my signal, I thought I was him slapped. You know? So I couldn't go for, like, people say, I, I don't wanna disconnect. I'll wake up like two o'clock at night and figure out, oh my God, my phone is working or not working.

So I'll go to restroom and I am a person who do not like to keep his phone on the side. So I have other person who leave his phone in the living room and just go for sleep. Right. And But I changed me. I couldn't go into basement, right? I moved out of my, kind of my apartment because I couldn't take the basement anymore.

I had like some kind of, I don't know what we call like mobile phobia, I don't know, whatever. But phobia was basically, I constantly had to look at my phone and make sure my phone is ready, you know, therefore the challenge. And what it did to me was that I couldn't function. I believe that someone would come after me.

And take over everything I have. So people say, but then I'll store you money. I said, yes. But think about it, Neil. Or earlier you are in your studio and you go outside for drinks and you come back and there's a note on your studio, on your desk. I was here,

Elliot: Right. No,

Haseeb Awan: And you cannot sleep in that house anymore, right? Because you know that my door was locked, right? Nothing had changed. And, and camera showed nothing. And there's like a bullet on my desk and I was here. And that, that's all I felt. I said, okay, man, I cannot function this more. So I said, I'm a tele, so I, I'm a telecom engineer. I meant to degree and I took a telecom degree.

I'm a, I'm a certified engineer. And I said, okay, man, what is difficult in doing all of this? So I started assisting. I said, how easy do you hack someone? So FCC made it super simple to sim have someone. Because of competitive, like, you know, back in the day there was no, like, if you're an at and t customer, you cannot move T-Mobile.

So this was like I said, let's move it simple and let's, you can be able to move yourself for company. And, and the challenge with that was that they made super simple. That carrier says, okay, you know, screw that. We'll have one, one single point of thing, account number, telephone number, and zip code.

These are three things that are required to slap anyone. You have this training of anyone. You can sim apps anyone. So I can literally go online and I can find your number, which is not difficult to find for anyone. Even for me. You can find with zip code I have and just the only thing left is your account number and you can do a bit of social engineering and find an account number.

And these three things are the only thing that needed to sim are one. Then people start going into stores. Like they will go into stores and they will basically just work there at $10 an hour so they can simps up someone for $5 per hour. So they will take, okay, I'll take like 50 people and I'll sims up them and they get fired.

They move on different stores and they realize those are not employed by at and t. So at and t does not even have record of who got employed in their store cause they were like a third party. Right, so you can like, you know, be like in Charlotte and basically work and basically hack five stores. You get fired and now you move to like Miami and on.

Then you go to Minnesota like you know, you go to, you keep on hopping, you can go to day Ohio and you can start a new life. So you can do it for the year. And I let, there's people involved, it's a big cartel like cuz we start observing a lot of things. The money you are, the day you had money saying in your account crypto account.

Within two days you got hacked. So there was some kind of, so I believe there was some people inside the exchanges or someone in the bank who was tipping it. So they kind of built a car around it where they had a tip and then they had a people, like, you know, one guy will be working in a store. One guy would be sim sopping, someone, one guy would be doing thing and they had, they made killing out of it.

And recently, I'm happy to talk about how they're targeting now. And they've moved beyond crypto. They've started stealing credit cards. Where they will just basically start cheating credit card activate, like, you know, they will go into people mailboxes in rich neighborhoods and they will pick up all the mail and see if there's any credit card.

They'll, through the credit cards, then on credit card, they find out telephone number. They will send, obviously everyone have a good credit limit on Yes. They will basically review their stuff and boom, they, they made like 40 K, 50 k and

Neal: So let, let's. Real quick before we get further down into current stuff, I kind of wanna unpack some of the old stuff real fast. So I, first off, I think this is awesome. I think the fact that, I mean, it's not awesome that you lost sleep over it to be in all fairness, but I think it's, it's kind of to Elliot's starter point, it's kind of a neat it's an origin story, right?

Everybody, I think everybody that owns a company or goes into a company management at, at a C-suite level probably has an origin story somewhere of how and why they got to whatever, those companies. Some people were just simply because their friend told 'em to get on a podcast and they started working one And they just liked it.

Others is because, you know, they have, they have a legit origin story. So yours, you know, you've experienced this life of, you know, people coming after you for various reasons. The cryptocurrency connection and all that fun stuff that goes with trying to start that endeavor and people looking at you as a point of interest to get into that type of financial gain, right?

So we see people go after cryptocurrency exchanges. We see people go after wallets. We see something. I've personally seen, not my own phone, but another friend's phone where they did send, swap his phone for the sake of trying to get access to his wallets. And you know, it just so happened that they were very successful at that.

And to the point of what you're making, most of the time our financial security is tied up to that phone number. And if you can call that phone number, you can reset almost everything cuz they assume that that person behind the number is who it claims to be. No matter what, they may ask you for a phone password, right?

Hey, what's your account password? Well, it's blah, blah, blah, right? But then they're, oh, no, that's not right. Can you just gimme your, your zip code to what you mentioned, right? Or, or the last four of your account number great MFA there. And we go down that whole rabbit hole of that financial remuneration and just how easy it is once you're there to take advantage of everything that is connected to that phone number.

Now, I think for the listeners that, that, that is exceedingly important to understand that after everything we've talked about on Zero Trust, you can still have a single point of failure that is exceedingly mundane and easy to social engineer your way back into to get those accesses completely breached.

Whether it's App Mo, you know, whether it's copying someone's apps over from a phone as part of a port, whether it's understanding what's already there, and just resetting accounts through the phone number and O T P and all the other fun stuff that goes there. It, it's, it's not a great thing. Right. And so I just wanted to step back on that a little bit around your origin story because I, I want people to understand just how important it is to understand this security threat.

And then the last piece of this is I've purposely done sim swapping exploits myself to try it out. I've also personally locked my sim through a particular large carrier that will remain nameless, but it's a big carrier and they have a sim lock thing, right? That it's supposed to keep it locked for x amount of weekdays.

It didn't do what it was supposed to. I, I bought a cheap phone from Walmart on a different carrier sim swapped after I locked my phone after a couple of days went through it and they just let it go through. There was no checks on my current phone to say, Hey, we're looking at this. There was no authentication.

Got on the phone. The guy said, oh, sorry, I, I get it. You forgot your. Your sim lock password, quote unquote, whatever it was. And he's like, yeah, let me just take care of that for you. And then I was on a different network with a new phone. These are the things I do for fun, Elliot and why I like this story.

Haseeb Awan: cuz we sometimes say people, oh, I have a port lock on. Some people say there's sim lock on the phone and it prevent, I said, SIM lock is totally different. Report out. Right. And, and anyway, so, Up and again, frankly I thought my business would be dead in one year.

Cause this is such a stupid problem to solve. Like if you look at it, you know, like it's like why you have one job? Just make sure no one goes into my account. That's a simple job. And they still fail at it. And I talk to like a lot of seasons and they say frankly, because it doesn't make us the money, like every time we have to like authenticate so much, it costs money to us. So like if a company is like doing, like T-Mobile is porting like hundred cus a hundred thousand customers per day. It costs them like $5 per authentication. Now that's half a million down the drain every year. That's one 50 million per year.

Neal: Yep. Yeah, it is expensive, right? Security is expensive up upfront. Long-term costs are obviously less when it starts to become more political. And I think to the point of where you're working, we can start to talk about this a little bit around what y'all's offering as I think, and how you're addressing these problems more and, and some more current trends.

Cause I love hearing where you see the trends going. What I'm used to is crypto jacking and doing stuff like that. And you know, now knowing from a financial services, you know, the, the crypto exchanges are getting technically more safe, but your financial bank stuff, your apps and the ability to reset, that's not.

But on the flip side, thinking about the the tech stack a little bit and, and. The cost upfront versus what's gonna happen when we know a breach happens. Right. So it only takes one time for somebody to get a security budget, but the problem is, is that one time still probably costs more than the original security budget a lot of times.

Haseeb Awan: it's like anything prevention is better than a cure, but obviously you wanna get like a, like I was surprised that like in crypto, not that we do, people will have a hundred thousand portfolio and they will not even buy like a. Like a hardware wallet cause like hundred dollars. Right. And I said like, dude, what are you up to?

Right? And and they get hack and they come to us and say, willing, I'm willing, give percent of what we lost. I said, dude, like it doesn't work this way, you know, it's gone. It's

Neal: So maybe hase on this to kind of get into the construct of why this is important, aside from, I mean, I know, I know we can both go back and forth about the exploits and the costs. Definitely. And I, I would actually like to But maybe if we can, if you've got some constructs around some of the more on the trend side that you were kind of getting into a little bit and you know, I know that once again, just a quick search, you can see that this is a trend that's going up, right?

This is not going away. This is, I think in my, my looks, it seems like, well, it's not a new concept to do. I think it's a new flavor for a large scale approach for the fraudsters out there to start doing. And we're gonna go from tens of millions of dollars, you know, under a hundred million in the US alone in this year, next year, whatever it may be, to hundreds of millions to potentially billions within a handful of years.

And I think kind of, if you've got some aspects on the trends and what you've seen from a scalability of that growth and what you see the threat actors doing, that'd be awesome.

Haseeb Awan: Sure, sure. So first of all, like I look at cybersecurity, like we all have to understand that there'll be more breaches next year than this year. There'll be more losses next year than this year. There'll be more lives impacted and destroyed because of cybersecurity, and it's not limited to individuals who limited to like state level attacks.

You know, why do I have to bomb a country? A country has to bomb an anti-war or antiwar, but I'm just saying if there's an evil country and they wanna bomb another country more damage, why do they have to spend all the arsenals, right? They can just cybersecurity, do a cybersecurity attack and can potentially make more damages.

Like, you know, we have. So one thing is cybersecurity is going to a bigger, bigger or bigger, bigger, and the next an attack will become more sophisticated. So that's like one trend. If you look at Sims, op f b I said that there were four x more attacks than the air before. You know, and how many people will think about contacting F B I, like, you know, you go to like your local you know, law enforcement agency and they'll say, oh, contact this, but, so this is one trend.

Number two is my telephone number is my identity. Now, like if you look at this phone, I spend probably like maybe 50% of my time is spent on this phone for my work, my personal life, you know, and this is unsecure. Like, there's no brand around which makes it security. Like, you know, people have been you can call any Arian they say, oh, oh, I lost my entire bank.

Oh, I'm so sorry for that. I'll give you one month free, dude, I lost my house. You know, I'll give you a free Apple watch, dude. Like, you know, like, this is absurd. So I think, and telephone numbers are something that I wanna keep with myself. Like I have I, I used to in Canada before, I still keep my Canadian number cause I don't want anyone to get access to my Canadian number because that's linked to my.

So that's like, you know, your social security number or social insurance number in Canada or whatever country you go to. So people want to keep their telephone number cuz they don't want to get expired. And the older it is, the, the like, you know, the more things that linked to, you know, we will get friends where we will have like UBI key and hardware like, you know, hardware keys and like, you know, Google Authenticators and our best OTPs.

The only challenges that. Telephone numbers are not going away for the next maybe 10 years, 15 years, I don't know, whatever time is. And then a cellular communication, like we have, we will have cars running on 5g. Like someone can srop into those conversations. Can someone you know, inject mar into that where I'm driving a car, can I envision, I'll be sleeping in an RV and the car will be driving by myself?

By myself. That's my vision, right? In the 20th. And what if someone can take over the internet connection? You know, we have image catchers. I don't know, you know, we can go into those things, but we have things which can actually manipulate all the conversation. You can have you know, single jammers where you can be isolate someone.

So there are a lot of hacks that have a solid communication. So my entire be is that can we make communication secure? That's the entire bit, but in any shape or form through mobile specifically, like, you know, any, can we secure all the wireless communication? And cellular because I believe the world will go away from wifi.

There'll be no wifi in 10 years. That's my belief. Again so if everything goes on to 5g, then that communication need to be secure and telephone number is my identity. Can we make the store insecure? And I don't know what future will look like, or maybe today's sim happen. Maybe tomorrow's the catch will become bigger issue.

Maybe, you know, like single jammer become big issue. You know, can we secure those things? And yeah, this is, this is pretty much my vision is, and I hope that you know, we get somewhere there and with the big carrier, I spoke to a lot of, we still talk to them a lot and our basic thing is they say, we are built, we are Walmart.

We, if a customer is high profile, he pays the same amount of money as an ordinary customer is paying. So it's not like if you are Bill Gates, you're paying still a hundred dollars cause they don't have a plan. Some something for $10,000. While the risk for dealing with Bill Gates is much higher, you know, while dealing with the customers.

Today, we prefer not to do with customers because they cause most pain and they get in lawsuit. There're be nu like maybe dozen lawsuits every month on carriers. So our thing is can we become like a Louis Vuitton or for cell phone services?

Neal: so I, I think this is some fun points where, like you mentioned the Walmart basically, right? So I'm, I'm assuming Bill Gates is probably in a big three cell phone user group from the produ provider's perspective. But regardless, I mean, that, that's a valid statement. You know, a hundred dollars plans, a hundred dollars plan, no matter who you are in general, whether it's a business plan or wherever the paycheck comes from.

They, they treat 'em all ultimately at the same, from a network perspective. And I think there's a lot of tech out there that goes into making a secure phone physical device, like the actual device themselves. I, I've got, I've got rooted versions of various OSS from back in the day. I've got custom version of Android installed on my phone.

That that's, that allows the device physically to be secure better than a standard Android device. Right? But my phone number is still a weak point. And to the importance of what you're getting at, you know, You don't have echelons of approach that you can pay for under standard service operating to make your security better.

Like you could with, like with aws, you go into AWS and you get an e c two instance. You know, you can either just have a completely open box and you personally do what you wanna do to secure it. You can pay a couple extra bucks and get into a tiered service where they monitor basics for you, or you can get into whatever the gold status is, tier, right?

And that's, you know, one or 2% of their CS or their base. So you, you know, every other service that we have out there connected our digital life, chances are, has some kind of additional security parameters that you as a corporation can pay for to get more secure. Your phone number and your phone service, to your point, not the case.

So, on that, I'm kind of curious to see what y'all have kind of done to help ensure that that process is as difficult as possible and as secure as it can be. And, and maybe, you know, kind of highlight some of the process steps and flows that y'all put into play as a service provider.

Haseeb Awan: So we do like if we come to cyber security, frankly number unfair is always like, you know, never get hacked, right? Like, we are as good as today, tomorrow, someone can attack us. Right now someone's trying to attack us. Like, you know, that's a cost and battle with all the cell phone companies. And so I say this very what I said, man, there's nothing in the world practically at hundred percent act proof.

You look at all the top algorithm, technically there's a way to crack them. You know, the challenge is we make it so difficult that it's not worth it anymore. You know, so if you look at Bitcoin, you can actually take it over by having a 51% attack, but not worth it. If you have that, you can dedos any network, you can do everything.

But again, we make it so difficult that you, you go from like 80% Simsa attack like, I don't know if you know that, but 80% of Simsa attack is successful. This is a report by Princeton. They said anytime they tried to attack someone 80% time, they were all successful. Right. So my point is that my point is that this is you know, this is, so this was a challenge, right?

So our thinking was that can we make it super difficult? Which means that we are so much authentication. That a customer cannot pass through it. So in order to go through it, you need to know to your social security, like not social security, like, you know, location, your ip, which computer use what's your icc?

Obviously I don't want explain everything on the phone because there's like secrets too. But we go through a set of like 15, 16 processes that we authenticated user and chances are we can get it wrong. Like, you know, there'll be one day, we'll, may, may make a mistake. So for that, what we have done is we have made an insurance policy.

We say, Hey man, we'll not send you, Hey Neil, you lost everything. I'm so sorry. You know, I'm so sorry for an inconvenience and you, I'm sitting on the homeless cause you lost everything. We say, no, we have 500 insurance policy. Something goes wrong, we'll cover your losses. So first of all, we'll try to protect everything we can and then we cover your losses and that's the best we can do.

Again, hopefully carriers get stuff together and we don't need to exist anymore. Like, frankly, that's what I'm, I'm hoping is because running a cybersecurity company is very stressful, you know, and they get it because a lot of massive liability because even our upside is limited cuz we charge specific money, but our downside is massive. Know. So to summarize that you know, we made it super difficult by having authentication. And one of the things we did was we actually offer only one plan, which is like a hundred dollars per month plan. And we say we don't allow any making any changes, so there's no way you can make any changes to the account because every time you have to make a change, it costs us so much money that we will never offer more plan.

We just offer one plan. We don't give hardware. We don't give you Netflix. We don't give you anything else. We just say this one thing and that's it. You want it, you take it, you don't want it. You basically, on our side, what helps is that we don't have to focus on building, optimizing or pricing, optimizing for different packages, because every time you have to make a change, you have to authenticate.

And if imagine you have to, you need a phone, and we say, okay, let's spend two days on authenticating you. It's a, it's a myth of pain. We just go iPhone and fix it. Those are not critical thing. You want Netflix, you go to Netflix directly. Don't come to us like, why do we need to provide you a Netflix? We are a cell phone company and we just say we are a cybersecurity company that happened to secure communication.

We are not telecom company who is providing you all the perks.

Neal: looking at some of the stuff, so I, I'm, I'm scrolling through y'alls website again. I looked at it earlier this morning, but I like some of the things that y'all are out there doing and, you know, towards the middle bottom of the page, somewhere in here, you know, y'all say quote, black Seal Protection zero Trust sim solution.

Right. So I, I think for, for people listening in and, and getting the flavor of the day with zero trust mentality you know, if you can kind of, maybe if you can hit on some of the highlights around what that, that application means and what that kind of includes from a security, and then I'll ask a follow up question around after that.

But I'm just kind of curious by definition what y'all's approach is from that zero trust policy procedure.

Haseeb Awan: Sure, sure, sure. So one thing is, this is my dream is that basically in one day there will be no telephone numbers, right? Again, this is a dream, and we may have public keys or like ssh, kind of like a PGP kind of keys. And so if I reach Neil, I will have like Neil at. need.com and you know it'll reach him and you don't have need to have telephone number anymore cause it goes through your public key, like similar to your cryptography.

That's the one thing. And one thing which is always a risk in our system is that can a human make a change? Like ultimately someone is manually doing authentication and someone is doing all the thing, but what if that person get compromised? Like we can, we can reduce the risk factor by having multiple people, but ultimately a customer has to add the only challenge with.

That is that we have to be regulated by fcc. And FCC requires some personal record because there's a chance that Neil or may lose their sim card one day and they come to me and they say, you know what? Record my number. And I cannot say that, Hey, this is it. We want. So what we did though, we said, why don't we give you a SIM card, EIM card which is data only, and you can authenticate, you can install it, but if you lose, we don't have any control over it.

So that is something that we wanna try it out. We are trying it for the past one year to launch it, and we have been running a better trust on this. But effectively what happened is that we absolutely have zero control over what goes on the sim card, how data you use, but we provide you like more like a sandbox or like a instance of eim card where you can pick up your own packages, you can make up your own ip, you can connect your own V P N, and you can have a block.

So you don't need to install any. We appear on the phone, but more than that, one interesting part is you don't need to you, if you're using like a, a filtering solution or like, you know, filter, you can say, I only want these five websites to be open, other than any traffic need to be blocked. You can do that in the sim card.

And so that's our vision where we make a app plus sim app plus thinker. Only struggle with us right now is that it doesn't work on, on telephone number. Like we have the ability to block all the sim sim numbers. So we can block all the spam calls. We can block all the spam text messages, but carriers do not allow you to do so.

Apple is very stringent on that. Every big carrier is in stringent on that too. So we are having a bit of struggle on that when it come to telephone number. So we are having work around where it's like data claim card. So to summarize your question, it works very well on zero trust. But sorry, on data, same card, but does not work well on when you have telephone number is involved because there's some rules around it.

Like on you can lose the same card, doesn't matter.

Neal: I, I'm a personal fan of virtualized SIM or virtualized, I mean, you know, phone number ID constructs. And yeah, I think for, for, the grand scheme of things, telecom's perspective, I, I wholeheartedly agree that digitalization of that id to make it more comparable with pick a type of blockchain encryption scheme or whatever it may be, security wise, I think that that is hopefully will be the long term goal.

I like virtualized sims. I like the idea that You know, app driven and whatever the background is on that phone, you know, you secure the device. Once again, we secure the device and we move beyond using my, my hard coded number on the device and we start moving towards data channels like normal internet, traditional and data channels standard, right?

And, and have that security pipeline. I think from an authentication perspective though, on y'all's piece for the current physical piece of hardware, and, you know, normally we don't wanna sales pitch things on our show, but I, I do honestly like this tech that y'all have a lot. And I, I see it as an exceedingly unique opportunity at the moment.

So I, I am, I am intrinsically curious about, you know, how y'all, y'all mentioned on the website, you know, there's, This proprietary verification process. And then we're not gonna go down that rabbit hole. But when we start thinking about what Zero trust as a construct really means, it means, you know, it's not a trust but verify.

It's a verify and assume they're bad. Right? That that's the grand scheme of things. And that there needs to be established pathways for everything that have been validated and secured between different encryption, ches and everything else. But there needs to be multiple layers beyond just a phone number and an otp or an MFA app.

Right. And I think, you know, for what you're able to talk to around that construct and why that's so important to y'all to have so many levels of security around this based off of your experiences and exposure, you know, that'd be kind of fun to highlight a little bit around that security implementation.

Haseeb Awan: So our goal with specifically around zero trust and like, you know, building your own system is like, can we give you like a AWS kind of instant where you basically can your own pick up SIM card, you can change your IMB range whenever you want. So you can have like a list of five md. You can just click and you have a new MD anytime, right?

And you can have, because you don't have an entity anymore, but you don't need to have a telephone number. You can flip it as you want. You can destroy the same card, you can add same card. That's pretty much what your article is. And because we don't know to recover it, you can work around with that.

And also, the only challenge that is like, I, I, I'll give you struggles too, right? First of all, they do not work with local SIM cards, so you need to have an international id. So with Zero Trust, our zip card, they're all international it, they're data only. Same card. Right now they work okay with the cell phone, but they're not primarily supposed to be used in a cell phone, you know, so we are working around those.

That's why we don't sell, like, you know, there's no option to buy a SIM card. We are testing card right now. Happy to send you one and you can test it out and love to see what there is. But our thinking is that we need to reduce. Attack vectors and like, you know, chance can fail. So with data, same card, we can do it.

And, and, and the reason I'm saying with data, same card, we can do it because if you lose data, same card, it doesn't matter. It's just data. We can issue, you can issue yourself a new data, same card, you can play around, you can destroy because a lot of data, EIM cards, I don't know if you know that, is they're only one time use. So if you use the sim card, it does not work anymore, not in your phone. You have to have a new sim card for every phone. We have some customers who format their phone and that e EIM card is gone. And that's a struggle because physical sim card, you can take it back and it, it's still there. But with eim card, what's gone is gone. So every time issue, it cost us money. So again, this is kind of a more like a concept point we looking at, but ultimately our thing is what if we give you like a list of like hundred mgs you know, hundred same card. You play around with it, you can fit up your own dinner filtering with that. You can set up, I like these files, I need this, like, you know, I need this v VPN protocol, and you just set it up, run by itself.

So like if you go to Heroku, they have a very good option where you can pick up the choice of your V P N, you can pick up your own protocol, and so it become like a marketplace. So that's pretty much how the goal is. You can set up your own level of authentica and you can say, Hey man, I authorized earlier to make a change on my behalf. Right? Or I need like a multilayer of signature. But this is like, but ultimately can you provide you with a layer of, to build on top.

Neal: Yeah, so this would be a good way to, in, in theory, to be able to, if we think about that list of a hundred, I could set up protocols and procedures per each instance as an established process and have varying layers of trust per each structure that I step right through, right? So I could, I could have, you know, maybe option A is the, you know, I need five layers of authentication for X and Y and it needs to go through these different things.

And you know, next one down option B is, you know, whatever, it's Elliot. And that's what this line is being used to discuss with. So it's whatever happens, right? You know, we can build out your own implicit or implied trust methodologies or zero trust methodologies based off of a much more robust. Data access perspective and manage uniquely from I'm guessing probably from a single device at some point in time.

You know, multiple channels of multiple lines and multiple frameworks for what you wanna do.

Haseeb Awan: Yeah,

Neal: think from a,

Haseeb Awan: like I can give you an example of like, imagine Microsoft is the client and Microsoft said we have we only allow people to open Outlook on their phones. Now obviously phones can get compromised. They can, people can switch transfer data, so a lot of can happen, right? But what do we say that, okay, every day they install like a specific sim card on your phone, EIM card with a specific MD profile.

And they assign like a specific APN to so it's like microsoft.com, AP n, right? And they say Our website will only open if you go through this AP N and the AP N is only configured on this mz. And this MZ can only work on this phone, IM e I. So you can start locking on those things and it'll only work when the person is in San Francisco.

So as soon as the person leaves San Francisco, they go to San Jose. The work, because you can track a location. So you can have as many protection as you want on a level of failure. Like, you know, those things. So you can have like, you know, a tank going from like, you know, a bakerfield to Los Angeles, right?

And you say that, but the truck didn't end up making the truck went to Las Vegas. you can say why this is in Las Vegas, you, I need to notify. So right now, those things are only possible through. Having a software, like a hardware or app based on the phone. But what if we can make an app less? That's pretty much, and with the EIM card, you can push a sim card to a phone without their permission.

So if you have IME number, you can literally sim card, push a, I can push a sim card to your phone without you doing anything thing. So

Neal: No, I like this. So I think that that right there is, yeah, I think that's nail on the head right there, is the potential for what this is and, and being able to structure things. And that gets us back, you know, holistically right into the zero trust basic constructs. And people talk about geofencing, people talk about that structure around all that fun stuff.

And I think that's beautiful. I, I love it. I think it's part and parcel with what I think should be growth phases for our overarching security. And these things as a whole are. Inherently crap. And you know, we need better options.

Haseeb Awan: And everyone has their own choice, right? Like some people may say I'm okay with it. And and, and we talked about, about within our company said, we will never be a bigger company. We'll always remain a very small kind of a French coffee shop next to your street where you wanna go, you wanna fill up your belly, you go to McDonald, you want the best coffee, you come to us.

Neal: Yeah, you could be the Starbucks of cell phone service. I'll help you spin up your gift cards. Oh,

Haseeb Awan: And you become

Elliot: And soon they'll be asking for a $500

Neal: See it all comes back around, doesn't it now?

Haseeb Awan: Yeah, I know. frankly, we are just enjoying what we are building. We don't have a specific goal in mind of, okay, you know, let's get to this. Let's do ipo, let's get a acquire, let's do something. We are more like a profitable small business. They're just focused on our security.

Neal: No, but it's a fun startup. You know, I mean, I have, I get to put up with Ryan Reynolds Mint mobile car commercial. Well, I think they just sold, but you know, Ryan Reynolds Mint Mobile, that's the only thing I get as alternatives to pick a big three. So no, this is good. This is a good security option. I, I think it was really fun wrapping all this back in.

If we take the secured device practices that some of us like to take and we, we pay or develop or buy or make our own more secured Android, iPhone, windows, phone, whatever platform is we want to use And then we couple that with the digital security that's available through something like what y'all are providing, you know, it, it really is a more holistic picture.

Right? And the only thing I've ever experienced that's even remotely comparable is exclusively on a government network where, you know, you've got the president's phone or you've got pick a, pick a phone that's Reg, you know, got the, the Christian schema on and it's classified phones, cell phones, all this other stuff.

Cause they do exist. But even those, you know, there's a couple echelons to those where those are tied directly to a government provider at an MSS level or MSC level. And those obviously have their own rigorous controls. That is a very antiquated approach to what they're doing, in my opinion, what y'all are offering and the way to do that.

I think there's a lot of application, government and private sector around at least the concepts and the etiology of what y'all are doing. So, you know, it's fun. So I appreciate it. So I, I know we've only got about 10 minutes left, so I'm

gonna shut up and see if Elliot's got

anything else he wanted us to dive into.

Elliot: Yeah. So to, I guess, dial us back to the story that really was your origin story, so to speak, I was hoping maybe we could put you through some trauma and relive some of that experience. Obviously there was a significant amount of well understood paranoia that came out of it. But you know, I, I would love to just kind of walk back to when that first event occurred.

Like, you know, what was that setting? Were you like sitting in your living room? Were you at work? What did that look like when you realized, oh shit, my phone has been popped. What do I do next?

Haseeb Awan: Yeah, I think, yeah, it took 11 o'clock. I was actually in Canada at that time. I, as I remember, so I'm sitting in my apartment and I got an email that. So normally we don't use our cell phone. Like, I don't know how many make phone calls I make, like, really? I make a phone call so you can check email. Like, you know, you get WhatsApp sitting there and everything is working on your phone, so you believe it's fine.

So unless you're expecting to someone or make a regular phone call you don't notice. So I, I got an email that I think, sorry to let you go or something, like, sorry to see you go. And I said, okay, man. Like, you know,

you get through emails all the time, right? And I do un unsubscribe myself. So I say And realize, but then I said, this is email from myself and carrier.

So I'm not looking at it. And I think for a few minutes I didn't figure out like, what's going on? You like, like, like sim was the last thing that I thought, Hey, I think the payment issue. And I said, okay, I look, let me look into that. Wait a minute, what's going on? I tried to log into my account and I couldn't log in anymore.

So now I, what you do? You make a phone call. And my phone doesn't work. And I think within three or four minutes I said, okay man, I'm now here and what's the regular nearest cell phone service? Where the, where the store? And I said, how do you go there? So literally I got into my car, I think I tried to make a phone call to my wife number and obviously, you know, your call is important, but the 10 hour work time. Right. And I said, okay man. Like, you know, like obviously not 10 hours but like, you know, you throw this call where it says, we are the most important customer but they don't have time for us. So I sat in my car and I walked into store and the store guy is obviously their lineup. And I said, this is an emergency.

And they said, how can I help you out? And they say you know, I lost my SIM card. And they realized that they will spend an hour with me and it'll not make them money cuz they're based on commission. So, Why would they help me out? Right? So, so they said, okay, wait, are in the line until you get to, they were serving all the customer, I, think an hour or two pass by.

And and I said, okay man, what should we do here? He says, okay. And he didn't know what Sims app is, so I spent me like maybe half an hour telling them what to do, and then he is calling manager. You know, like basically I'm, I'm telling my story again and again to multiple well, and they think I'm like a fool, or I'm like, I have some mental

Elliot: those bunkers.

Haseeb Awan: Who's just wasting their time and just trying to tell them what happened, and this is, it's not possible. I said, man, it happened to me. What do you mean it's not possible? So graciously he looked into his, his computer and said that okay, let me look. He said, yes, you are a customer, but you switch your line to different carrier today.

Said, which carrier? He says, I can't tell you. I said, dude, I'm, this is my id. Tell me where to go. I says, it's against, I said, okay man, what should I do? Finally I was able to figure out, I said, call the carrier. I call them up and they say, go to police. So now I'm going to RCMP in Canada, which is an Royal Canadian multi police.

And they said so I'm basically, so same episode. And then they send me to different police station and now same story. And you know, like, I think it's been like, I think seven o'clock. And I'm out of my, and I'm trying to sweat, right? I will literally like, you know, cause I don't know what's going on.

Like, I thought someone was, come in, somebody's going to my house. I had no connection to my wife. You know, I could not figure out anything going on. And literally I had no, and I knew that officers were closed in like one hour, two hour. I don't have time, right? So ultimately I got to someone in my cell phone carrier talking to each other, you know?

And after a while you start getting like, you know, like you think, you think that you're a stupid person, right? And everyone is a perfect person cuz everyone's telling you they're stupid, so you believe they're you stupid. And and I, I had no idea what to do, right? Frankly, I, I hadn't, I, I couldn't, like, it's something where I, was like very hope, hopeless, like I was, I said, I have no idea what to do, frankly, you know, like there were no resources at hey man, this happened.

And so finally I found a fraud department and I told them this is a matter of life in death. You know, if you don't click on my phone, I'll have a panic attack or something. And you'll be responsible for that. Right? and that's where they start taking seriously, right as I'm recording it. But you'll be responsible if you don't take it So then they called up like the company and the company got involved, the fire department got involved and they say, I'm so sorry that it happened to you. Let me look into, I said, okay, man, I'm having a panic attack

right now. So you basically get to figure it out pretty soon, right? And I was actually, I was, I was panicking, right?

Like I thought my emails are compromised, everyone has stole my money. Cause I've heard the, heard the horror stories and uh uh, and I'm like literally going from demonstration to another station, waiting in line, explaining cuz you know, one person will change the shift. You go back to the same situation, the person's gone, and you've explained everything again.

So luckily, I think it took me 24 to 40 hours to record the number. They did another credit check on me, stupid part. They gave me a new account number and they said everything is fine and we are sorry for the inconvenience. That's

Elliot: Oh my gosh.

Haseeb Awan: And you know, we'll give you two days off, off, two days of cell phone bill. So two days

Elliot: Big baller.

Neal: I, I think that part's the best part of all, cuz I, I love how vivid your story actually is and how impactful it is because

I read, you know, you've got that quoted on your website and I, I think that is very, very important for people to also understand. Like you mentioned earlier, they're a Walmart, you know, if they

lose one account, they honestly don't care that much.

They only care when they're losing thousands or tens of thousands of accounts that lead to millions of dollars or more. And yeah, so, sorry, here we go. Here's a discount, but good luck, you know.

Elliot: Two days off.

Haseeb Awan: Like two days. Like, I like, like, like are you guys, like you said, it's, it's a good thing I said, man, like, like, are you,

I would be frank. Like it said,

Like you know, they basically I

felt really, you said it's good. I said

No,

it's

terrible man. Like, you know.

and either end. I'm so

sorry. For them.

Convenience. Like, like are you like serious? Like, like are you

basically even, sorry, Like I, I I, I, had no

idea what to do. Like frankly, man, now you are getting

an idea of me. Right? Like basically because I'm imagining me from going from one

shop to another store, one from another store, and Cause

no one had any clue, the store did not

wanted

me. They said, this guy is not making to

buy. He's only, he's only trouble in our store, so why don't

we just making, so they were doing

everything to move you from, they said, go outside And call. I said, how do I call? I don't have a

number, right? so, they were not trying to send me an new line, said, dude, like, are you like, you know, are

you

crazy?

Right. You know what's, I don't say Right. now, but I was actually

Neal: So I'm really curious if after they created you a new account, if whoever did that still got a commission.

Elliot: Probably

Neal: Here we go.

Haseeb Awan: I have no idea, but well, they, they compensated me for two days of travel, so

that was the thing. And then they they build me and then they did something else. So they, on the past account,

They sent me like some card for like $14 or some $15 like,

you know, in collection that had to get removed.

Cause I had a new collection. It was such a stability. But anyway, I had to get it removed and, cause I'm very particular about my credit

score and everything. Like, you know, I treated like, okay, you know, this is like crazy thing. But that's one thing. So after a while, so I said, okay, that's

good. Well guess what happened

after a few months? Same, we decided to let you go. Same company. And I said like, how, like, how can you do that? Like, man, please, like, how can you

do this? Right? And, and I, and I, I hadn't like, I was literally like, you know,

think of taking a baseball bat and basically like, you know, I had no, I, like, first of all, I didn't know what to do.

Like I, and, and the okay, this time I actually knew what to do. But I was like, it's like one of those things like, you know, it's like they say if you eat a frog, eat it in the morning. Right? So I, I said, okay, man. Like I was thinking about. I was thinking about step, like, should I go.

to step number one?

Should I do step number two, step, step, step number three? Like what should I fall? Right? And I went there and the same story. And and this time I kind of, made it pretty fast. I said, this is a matter of national security as then like, you know, I might com I counter get compromised. If you don't get fixed it, like, you know, this will be a

big trouble.

So I, I made it pretty se seriously, like, you know, I said, man, this is like serious for me, right? And you are responsible. And I started taking the names and I said, if you are in the store, I'm telling you this is serious and if you don't fix this within one hour, I will hold you personally, I believe for that. So I started recording it and I was very, very serious. I was, I was, I was not taking it right. I said, then this cannot happen. Same story. They were sorry for that, and, but this time they didn't even need me. Two days of

credit and I. I literally said, man, this is over. So I moved to a different company. I moved to a different country.

I moved to a different country,

Neal: That's how fed up he was.

Haseeb Awan: company. I literally left Canada. I left Canada. I said, man, I cannot even, like, you know, it was, I know this is, this looks like pretty people may think this is like, I was all erecting and I felt that.

and, and and I'll tell you something, which is very personal and I always used to think about that.

Why do victims speak out for 10, 15 years? You know, you say

about, Hey, the victims were, cause they were living with a trauma all the time. And with me, I had my family and my kids and everything. So that supported me. But the challenge is

that, you know, there's something in life that attract, like, you know, that now they impact you so much that it's basically some, somewhere in mind.

Like some people have a fear of going in darkness cuz they had something that they found where they were kids, right? Some people may have like, you know, some kind of trauma of like flying cuz they did something

here about it and they don't know it's unconscious, right? So, I still have some bit of scars from the incident and then same thing, it happened in the US twice and where I said, man, this is like g getting crazy.

Like either I have to stop using a cell phone. And doing that. And now I know that a lot of people don't use cellphone. It's a small market where people come to us and they say, thanks for building, now I can use my cell phone and thanks for building it because I never had a cellphone in two years.

Because they have fears. Fears of someone getting into your account. They like param and people cry on the phone with us. And I've dealt with a lot of like personal victim and I said that it's getting to a point where it's impacting my mental health where I couldn't function anymore. Cause I always thought that someone is going to.

You know, kill me. Like someone come after my room and nothing felt safe in my life. Like I, I thought I was.

always being washed. You know, you can't get on a plane cuz you are out of the cell phone coverage for like 12 hours. It's a long flight or three or four hours. And it makes it look stupid, man.

Like, you know, you, you start feeling very less about yourself.

Elliot: Hmm.

Haseeb Awan: Like you, motivation goes down. You basically will always be, you lose your confidence in

Elliot: I mean, it's a huge invasion of privacy.

Haseeb Awan: you know, your camera is always like, yeah, yeah. It's like, it's like a camera watching you all the time. And people talk about privacy and they say

that privacy, if I'm not doing anything wrong, why should I care about privacy?

I said, no, man. Like, think

about if someone is watching you all the time, it's not fun, like, you know, you cannot perform well. And the fact that someone can go into your,

your life whenever they want. And I give you the example of a bullet. A person may not kill you, but he left a note on your desk that I can do whatever I want to do,

and now you're destroyed for your rest of life. Like, you know, some people may take it some people may have taken like, you know, seriously, I have personally survived a bomb

blast. And that incident has not impacted me, which this incident happened to me. Right. And and because it's like, I don't know, like it's very hard to, a lot of people who listening to that, they'll say, man, this guy is just like, you know, he and everything.

But frankly, sometime it does give me, you said you want to take out those things. So, it does impact me some time. Like, you know, I basically, I talked to a lot of victims too, whose carrier guard destroyed. They couldn't function anymore. And now I have more empathy for the victims that I didn't have before.

And I thought that people are just making up to make money that they will sue someone for a hundred million dollars after like 20 years. I said, this is a small thing. No, this is a massive thing. And trauma's real and and the worst part is a lot of victims, they know who hacked them. And those guys are posting on Instagram, flying on my Charlotte flight.

You know, like wearing those branded clothes and, and these victims are, have lost everything. So someone who has lost, stole everything from you, he's flexing that, he's basically you know, flying in a first class business class and like, you know, a charter and you are now unable to make your constitution or your mortgage.

You know, like it's, it's, it's not easy to

Elliot: Absolutely. So I, I know we're definitely towards the end of our our chat, but I, I do want to just add in additional context. So our listeners are obviously primarily, primarily in like the cybersecurity world or they're interested in it, so they're pretty astute, but you clearly have a technical background and being able to navigate that, you're probably at a better position to be able to navigate it.

But hearing your story and how complex it is, how impactful that is, you know, a regular person they even know to, you know, go to, you know, your carrier. Would they be able to, you know, contact the right officials or are they just gonna be like, ah, screw, I'll just get a new account and hope for the best.

but you know,

your, your SIM is tied to being able to access not

just your financial institutions, but like, you know, if you use WhatsApp and Signal and some of those other

things. You get right in there because that's how most people use their

sms for a two

factor. But like, yeah, I mean, it's an absolute huge invasion

in privacy.

Even if people like, you know, purport to live like an open

book, you know, your whole

life is not always on display. So yeah, I, I totally get where you're

coming from. There's easily trauma

involved into that process. And not, not,

always to like poke fun and laugh at like the scenario, but you know, obviously

we can laugh at, you know,

it in hindsight it's great that you're able to kind of bring a new solution to the table

based on some of those solutions.

And that's just one of those beautiful motivating factors that kind of, again, lead to new solutions that are space really needs.

Haseeb Awan: Yeah, that's pretty much about right. Frankly, like I, I still say the

same thing. I said, man, I don't know. This is such a stupid

problem. It's like, while we were

building Bitcoin atium, we said, this is the

most stupid business in the crypto industry. You have cash and you are taking bitcoins. Like there could no business be there stupid than this, right?

This is so simple, like, why don't

people do that with, with our system? Why don't K do that?

Like one thing, just tool one thing. Make sure that you, no one

gets into my account. That's pretty simple. Allow me to have a UBI key or a hardware key, just install it in my computer and I can do make changes like, you know, have some kind

of a different authentication method.

But the same thing they said, it cost them money and it's not revenue generating for

Elliot: That is that's pretty embarrassing on

their end, but that definitely takes us to the end of today's story. Thank you so much,

Steve, for sharing. Unfortunately, your bit traumatic

experience sharing a little bit of laughs with us and, you know, giving us some insight

into what you've built as a solution for that.

Neal: Yeah. Thank you once again

for the chats.

I appreciate it. And you know, I,

I'm gonna dive more into deal's company a little bit

more, but you know, I, I think it's a good offer and I

think it's a good last mile piece of some of the

puzzles that a lot of people are looking to solve and what they need to consider right for moving forward.

Not just in zero trust, but just in general, period. So, once again, appreciate your time, sir.

Haseeb Awan: Yeah, a lot of things. Cyber security are super simple. You know, we don't have to complex our life.

Like I say, use the password manager use like, you know, a hardware key, use authentic user.

And obviously if fine, if you can afford it, but like do the three, four things and you are better than

99.9% of the world.

Elliot: All right. That is your episode.

Thank y'all so much. We will be back in two weeks

0 Comments
Adopting Zero Trust
Adopting Zero Trust
Today, Zero Trust is a fuzzy term with more than a dozen different definitions. Any initial search for Zero Trust leads people to stumble upon technology associated with the concept, but this gives people the wrong impression and sets them off on the wrong foot in their adoption journey. Zero Trust is a concept and framework, not technology.
We are on a mission to give a stronger voice to practitioners and others who have been in these shoes, have begun adopting or implementing a Zero Trust strategy, and to share their experience and insight with peers while not influenced by vendor hype.
Listen on
Substack App
RSS Feed
Appears in episode
Elliot Volkman
Recent Episodes
Ransomware: To Pay or Not to Pay?
  Elliot Volkman and Neal
Cyber Insurance: Sexy? No. Important? Critically yes.
  Elliot Volkman and Neal
The Current and Future State of Zero Trust With Forrester’s David Holmes
  Elliot Volkman
Canva's Kane Narraway on Building a Zero Trust MVP
  Elliot Volkman
AZT: Quit Bugging the CISO + CIO
  Elliot Volkman
AZT: Hacker Valley Dishes on Breaking Into Cybersecurity
  Elliot Volkman
AZT: From Hacktivist to White Hat Hacker. A Chat with LulzSec's Sabu.
  Elliot Volkman
AZT: The Market For Enterprise (Secure) Browsers
  Elliot Volkman