Samy Kamkar On Hacking, Viruses & The Secret Service Raid

Rory: You built the world's fastest spreading computer virus.

Samy: When I started learning how to code and building cheat software and then releasing it open source on my

Rory: You've been arrested by the Secret

Samy: Two more guys walk up behind me and they say "Sammy, we have a search warrant for So we go up into my apartment. They just like came in with They took everything that had data, CDs,

Rory: Jeffrey Epstein's team once reached out to you asking if they could personally hire you as a hacker. I had no idea who the guy was. He gave me his name, Jeffrey Epstein, and I looked him up. At that point, I think once I learned who this guy was and I was like, "Yeah, this is not not something I'm interested in." You founded multiple companies including selling one of them to Motorola for around 400 million US dollars. Sammy, so good to see you. Good to see you. You may be the most interesting person I've ever met in my entire life. We were out at a dinner recently and some of my friends are sitting around and we said, "Who do you think is the most interesting human you've ever met?" And in unison, we all said, "Sammy Kamkar."

Samy: So we're very excited to have you on today. Thanks. Uh your list of accolades is actually astonishing. So you built the world's fastest spreading computer virus, a record that you still hold to this day. Yeah. You're you've been arrested by the Secret Service, which

Rory: Jeffrey Epstein's team once reached out to you asking if they could personally hire you as a hacker of sorts. Yeah.

Samy: And on top of that, you've founded multiple companies including selling one of them to Motorola for around 400 million US dollars. Yeah. Yeah. Do you deny the accusations that you are the most interesting human? Uh uh I mean, I've had an interesting life and I've had like uh I don't know. I I guess I'm just really curious and I'm really interested in things and how things work. And uh I don't know, just growing up you you get some motivations and you get some curiosities that need to be picked. Um and also I think just having other interesting people around me, um I get to meet really cool people like yourself and and others that uh that then make me want to work harder and like learn more and try new things and also fail more, which is uh you know, internal struggle. Like, I'm too afraid, you know, afraid to fail, so then I'm afraid to even try certain Uh and I know I'm I do that a lot, unfortunately, and I want to be more comfortable with failure. Um I think failure is a good thing, but uh I would love to drill into that. I want to actually go back to the very

Rory: Okay. The real start.

Samy: Sure. So, you're 10 years old. Uh-huh. And you're using IRC, which in many ways sort of a precursor to what Discord has become for the listeners that are not familiar. Uh and someone remotely triggers a blue screen of death on your computer and it sends your life down a very interesting path. Walk us through that day and and what happened. Yeah, so my mom uh she raised me uh and we're living in Pittsburgh at the time and she was able to get a computer. So, she was both working a couple of jobs and going to university. Um she would drop me off at the university library whenever she couldn't get a sitter. So, well, she couldn't afford a sitter, so she would drop me off at the library. Her friend worked there and they she would just put me on a computer and I'd play on the computer. One day, she was able to bring a computer home. I dialed up to the internet, which was to the university, and I downloaded IRC to just get into to chat with people. And I went in chat room and I said, "Who wants to chat about The X-Files? That's That's the best show ever."

Rory: Uh and someone says,

Samy: year was this? This was uh 1995.

Rory: Probably was the best show.

Samy: Truth is out there. Uh so, I go in the chat room and someone says, "Get out." And I'm like, it was so weird. I didn't understand why they said it. And for, I think the first time ever, I felt a little um I don't want to say power, but I I felt I wasn't scared or timid in the moment because I'm behind this computer screen. You don't know who I am or where I live. So, I said, "No." And this person says, "You have 10 seconds to get out." And I say, "No." And 10 seconds later, the brand new computer that my mom spent everything she had on crashes. It gets this blue screen and I freak out. I'm like, what do I do? I pull all the wires out of the computer and I wait. I'm like, the longer I wait, the more the computer will heal. It's like half an hour later I tell the world. Yeah, exactly. I plug the wires back in. I push the on button. I wait, you know, the 2 minutes for Windows 95 to boot up and everything's fine. And like, I'm still I'm super scared, right? Adrenaline is rushing through my veins. But I thought, wow, that's the coolest thing ever. How do I do that? Like, there was just some sense of uh I don't know, power or capability that came with that. And I think it was just at the time in my life that I was looking at my mom who struggled with uh like what she thought I mean, she she just had struggles. And I was like, I don't want to live like her. I want to see what what I don't want to feel powerless. Um so, there was something really intoxicating about that that just led me down like, okay, how do I do that? And once I learned, I downloaded some software called WinNuke 95 and that's what was the denial of service attack. If you know someone's IP address, you put it in if they're running Windows 95. And all of a sudden, I had this magic power. But like, I'm not malicious. I don't actually want to crash people's computers. Like, there's actually nothing interesting about that other than maybe like having the confidence that you can do it in the first place. but uh then Windows 95 Service Pack 2 came out and resolved this problem. And now, my magic power was gone. So, I just thought you could go into the X-Files IRC chat. They were powerless to remove me. They were powerless to remove me. Um and I was like, well, this is kind of cool. Okay. So, I made a website. I learned how to make a website and I put the patch that people could use and I also put the tool cuz like, this is really cool tool. I love that I was able to find it, so I want to share it with other people. So, I I put both WinNuke 95 and the Service Pack 2, the the the hack and the patch. And I was like, well, the person who made WinNuke 95, the author is like Bernt Bogus of the Den. So, Mr. Bernt Bogus made this, how can I make, you know, the next version? And that's where I started going on to hacker forums, reading 2600, reading Phrack, which was an online magazine for hacking and freaking. And that's when I really got deep. That's when I started learning how to code and how to reverse engineer and do memory manipulation and installed I went to a local Perl conference in Pittsburgh and got a free BSD CD. So, I was very into Unix. I installed it on my mom's computer. I couldn't get the graphical user interface to work, so it was just a console. It was just like text. And my mom was pissed. So, she was like like her web browser was gone. There was no more Internet Explorer. And I was like, "Mom, it's okay. Everything's text. I'm like, it's okay, Mom. Here, there's this browser. It's called Lynx, l l y n x.

Rory: And it's fully text-based. So, there's no images. I'm like, Mom, all the content's still there. Like, you can still read all the text."

Samy: Yeah, yeah. It's just no images. I mean, you know, we give small things.

Rory: That's hilarious. Did you ever go back into that forum and return to IRC gloriously? Uh, you know, yeah. I mean, I think I was just hooked on IRC. So, I started joining a bunch of channels. I tried to find people who were hackers. And, yeah, they all told me they all said like, yeah, you have to learn how to use Unix and you have to code. We didn't even call it coding back then. It was like programming. So, I started doing that and then I just found more tools and then I was just reading about, I don't know, buffer overflows, like a way that you could take over a computer just by filling its memory. This blew my mind cuz I was like, I thought I knew about computers because I knew how to plug them in and I knew how to turn them on and I knew how to make a website. So, it was like, I got it. I got it all. Um, but when I learned that you could write the simplest program in the world that says, "Hello, like, what is your name?" You type Rory and it says, "Hello, Rory." And like, you someone could write that program. And if they don't check how long the name is, like, how long Rory is, you can then overflow memory and you can just type a really really really long name. It goes it goes so long that it starts overflowing other memory in the CPU. It overflows this thing called an instruction pointer which is an address. You can point that back to your the beginning of your name which can actually be code and now the computer will execute code. And that means that simple program could lead could allow me to take over that computer. If that program is on the internet, I could take over that computer over the internet. And this just blew my mind. It taught me really young when I was 10 or 11 that things don't work the way we think they do. Um and if I if I can understand a system well enough, I can then maneuver it in ways that other people can't. And that became really an addiction of like how do how do things really work? And also exploring boundaries. Um what are how can I like poke at this thing in different ways to see how it behaves in in ways that we don't expect. Um And the first boundaries that you pushed was in the gaming world I believe which I think a lot of a lot of young hackers seem to start in this world cuz it's it's I mean it's popular at that age especially. Yeah. Yeah, I was playing um so I was probably 14 years old and I was playing a lot of Counter-Strike. Probably the best game ever. Oh, so fun. Very biased

Samy: but so great. And unfortunately I just wasn't very good. I played a lot but I wasn't great. It's hard. It is hard. Yeah, and you know people would just snipe me out of nowhere. I'm like I don't I don't even know how to protect myself. If you're just running and someone can snipe you like I I don't know what to

Rory: The skill cap in that game is unbelievable man. My brother and I used to play D Dust and like there were guys it's like all they did and knew every corner like Oh, man. I I saw a video of a a recreation of D Dust like in person. Like it's like a full like

Samy: scale D Dust where you could basically key balling.

Rory: Sorry, continue.

Samy: No, great map. But I was like I I remember I was uh Oh yeah, yeah I think I wanted to change the music. So, back then we didn't have the media keys on the keyboard. And I was like, well, I would love to change the song because I'm playing Winamp um and I don't like the song that's playing. I'd have to alt-tab and get out of Counter-Strike, change the song, go back. By the time I got back in, someone had had killed me. So, maybe I can make a program that lets me have a hotkey. And once I did that, uh it wasn't as trivial because you needed to like Counter-Strike takes over your keyboard. Um so, I needed to sort of inject code into Counter-Strike in order to uh capture the keys. Once I was injecting code into it, I was like, oh, I could probably do other things like maybe I can see where the sounds are coming from, like footsteps. So, you can actually intercept a function and say whenever the footsteps is going to play a sound, it will it will play on your left speaker or right speaker, right? Cuz you can hear where the footsteps are coming from. So, that means there's positional information about the person, the attacker, who's about to come to you. And that means even if they're behind you and you can't see them, you can hear their footsteps. And I know if we close our eyes and we hear audio, we can tell where it's coming from. Um so, why can't I write a program that does the same thing and then shows me where everyone is? Uh then I realized though I can do all sorts of things. When you're you're zoomed in into a weapon, yeah, I can remove all the black. So, normally you're you know, you just have the circle. Now, I'll just remove everything. And I'll be like, why don't I just add zoom to every weapon? You might as well There's nothing preventing us from going further and seeing further in. So, I started release uh like building cheat software and then releasing it open source on my website. And that really got uh then something called PunkBuster came out. This was a company building software to stop cheaters like me and and really cheat software developers like me. And this was where I learned a ton because now there are actual people who paid every day to stop my software from working and other other cheat software. And they would release a new version. And at this point like I kind of killed the game. The The game for me, it wasn't fun anymore because there was no challenge. Like I actually ruined it for myself because now I can see through walls and shoot through walls. Like it's there's just not fun anymore. Um you know, we need some challenge. at this point, they started releasing these new versions and that prevented my software from working. I'm like, "Oh, this is cool. This is fun again." So now the game to me was getting my software working. What are they doing? How are they identifying that my thing is Um oh, they're looking at them the process name. Let me like change where the process is running. Let me like actually live manipulate things. Um and that became really exciting and at this point I wasn't very good at high school. I think I was in 10th 10th grade. And I decided uh you know, my mom was always working. She was never home. Um she didn't really know if I was going to school or not. So some some days I'd just stay home and work on this version. You know, they'd release a new version of PunkBuster. I'd work on this for a few days, get a new version out.

Rory: monetizing this at the time? I'm sorry?

Samy: Were you monetizing this at the time?

Rory: not monetizing this now. Now And I also think monetization was more difficult back then, but also I At the time, I wasn't interested in monetization. I think I was just interested in like like gaining understanding of things and gaining the ability to create things that to do things I'm not supposed to do they're not supposed to be able to do. Uh so I just stopped going to school because they kept coming out with new version. Like I just need to like I need to get out of this Counter-Strike

Samy: I think it was maybe a a few weeks in of not going to school, maybe like a month or two, and my mom come she lost her job, one of her jobs. She comes home in the middle of the day. She's like, "What are you doing here?" It's like, "Well, I'm playing Counter-Strike. Like we're we're going to a new version of this thing." She's like, "You have to get a job and help pay rent." I'm like, "Oh, okay." So now I need to monetize. So I filled out an application at Starbucks. I went to Ralphs. And I got an email out of the blue from somebody in San Diego. He says, "Hey, I saw your cheat software, saw your code. Do you want to come work for us like and like consult with us and write some code." I was like, "Wait, you can make money writing code?" I had no idea. It just like blew my mind. I was about to take a job at Starbucks except they didn't even offer it to me cuz I was so antisocial.

Rory: I would be a terrible barista. I was like, "Cool." So, I started working for them, started writing code remotely. And after a few months, they're like, "Hey, do you want to move to San Diego and work full-time?" And I was like, "Absolutely." Um they didn't know I was 15 at the time. So, and in order to actually get a job, you need a work permit. Uh so, I looked online and to get a work permit you have to be in high school, but I wasn't in high school. I dropped out. So, I found something that looked like a work permit. I printed it out. I faked some signature and I handed it to them. I'm like, "What's probably Yeah, I'm like, "What's really going to happen? Like, worst case scenario, they just say no. Um I probably don't lose anything that I didn't already have." And they're like, "Okay." And I just took a train down down there and uh then I'm like I tried to get an apartment and no one would give me an apartment cuz I was you know I was 16 at this point. And uh I learned that you can get emancipated. So, I learned about the court process to get emancipated and it would take at least weeks. So, I just forged an emancipation document, gave it to the apartment complex, a big corporate apartment complex, and they're like, "Uh I've never seen this before." I was like, "Yeah, well, it's legit." And they're like, "Okay."

Samy: And they gave me an apartment and then I was able to get like cable, internet, and uh yeah, I started a life down in San Diego, started working for a company. and uh yeah, that was a a lot of fun. So, I was programming down at this company in San Diego. So, a few years later, a website appears out of nowhere, a website called MySpace. Yeah.

Rory: Um I had a MySpace account. I think a lot of people from our generation do. Uh it became overwhelmingly the most popular social media platform of its of its time. I would love you to tell the story for the listeners of what happens next. Yeah, so it's it's 2005 back in LA in the Marina del Rey. I had started a company with some maybe two years prior. And MySpace at the time is the number one site on the internet. Google was number two at the time. It's unbelievable to think. Yeah, and I had no idea. I had no idea how big MySpace was. I just had some friends on MySpace and I thought all right, like I'll I'll cave in and I'll make an account. And it was kind of neat. Like you could upload some photos and I found there were some limitations. Like you could only upload 12 photos. I was like, oh, is there a way I can upload a 13th? And is this like a server-side restriction or not? And I found I could upload a 13th photo. And then you can play with the HTML and the CSS. You can kind of change the colors and the fonts on your on your page. And I wanted to have something unique. I was like, all right, I'm somewhat technical. Can I figure out something that would be cool? And there's a relationship drop-down. Choose single, married, divorced, etc. In a relationship and I wanted mine to say in a hot relationship cuz you can't do that. Like it's not in the drop-down. There's only in a relationship. So I started playing around for probably a week. I was messing around to try to figure out a way just to say in a hot relationship instead of in a relationship. And finally I found a way I could execute JavaScript which they MySpace doesn't doesn't allow. There's also some functionality in the browsers that prevented it. And I found sort of kind of a vulnerability in the browsers at the time as well as in MySpace that would allow me to execute code. So I could then upload something to my profile. You could visit my profile and now it would change the page live from in a relationship to in a hot relationship. At this point, I'm like, oh, that's kind of cool. What else can I do with this now that I'm executing code on your browser? And I thought, well, if you visit my profile, I can make you click buttons. So I can make you add me as a friend. Like click add friend if we're not friends already. So that's kind of funny. Then, I think the next day I added another feature. I was like, "Well, there's your favorite movies and music and TV and heroes, and I'll just append Sammy is my hero to the end." So, you might say Yeah, yeah, you might say, you know, my mom, you know, heroes, my mom, my dad my dad and my dead grandmother, and then it would just append, but most of all, Sammy is my hero.

Samy: And then that's just kind of funny, and I could show off to some of my nerd friends. So, I was like really excited, and a few days later I went back to check MySpace to see how many people got, you know, had this thing, and it was one person. And I was like, "Well, I'm trying to show off to my friends to my tech friends of the thing I made, but only one person has hit it. How do I make it spread a little faster?" So, I thought if you visit my profile and I can make you my friend and hero, I can just copy the code to your profile. So, if someone visits your profile, they'll add visit a friend, add visit a hero, and then uh there'll be another person, and the code will copy to their profile. And in a month, I'll probably have like 100 new

Rory: go wrong? Maybe someone will complain, right? And that's no no no big deal. They remove it from the 100 people, and like everything everything's fine. So, I get get it I write this code. Hopefully it works. Usually code doesn't work the first time you write it, and I go to sleep, and I wake up to see do I have have any new friends? And I wake up to 10,000 new friends from my 26 that I had prior, [clears throat] and I said, "Oh no."

Samy: Was it a moment of of joy and triumph, or was it a moment of panic?

Rory: It was a moment of absolute fear and panic. I I think I turned I know I turned white um later that day I drove to my office, and people are like, "Are you okay?" And I I just couldn't I think one of the challenge or one of the scary parts was I was 19. I was um supporting my mom uh and um living separately. But uh I also was like MySpace had just been bought by Fox for half a billion So, I'm like, I don't want Fox to be mad at me as a 19-year-old kid. And I don't really have any support system. Like, I'm kind of on my own. I got to like be able to handle my my own challenges. Um so, I didn't know what to do, but I thought, "Okay, well, I might as well let them know, and I'll send them an anonymous email basically." And I'll say, "Hey, I pretend to be somebody else." I'm like, "Hey, there's this weird thing on this profile. Uh somehow some dude named Sammy added himself as a friend and he wrote to my profile, and there's really like weird obfuscated code." There was a character limit of how much stuff you could upload. So, I had to like obfuscate, make it really really small. Um so, it was so also hard to understand if you're just looking at this. So, I was like, "Yeah, there's this weird obfuscated code on my profile. I'm not sure how it works, but I think it works like this." Detailed explanation. Exactly how it works,

Samy: Every little character, this is what's happening. And I think you can fix it with Detailed explanation of exactly how to resolve this as quickly as possible. Yeah, yeah, yeah.

Rory: Uh signed, you know, Ryan. Uh so, I hope that they got that, and I I also felt bad um cuz it's just like I created a virus, and I didn't think it was a virus, but I didn't think it would actually spread that fast. I had no concept of how big MySpace was. Really just like a teenager messing around. And at that point, I can't stop it, right? It's like any other virus, right? If you sneeze on somebody and you pass on your cold, you can't and you're better, it doesn't matter. It's still going to spread. So, I drive to the office, and I'm just like, I can't think, but I'm trying to work, and throughout the day I see it goes from 10,000 to 50,000 to 100,000. Later that day I get home, it hits a million. And now I'm just refreshing just to see how how fast it's going. It's going 3,000 people per second are getting added. I'm like, "Oh my gosh." Uh the friend request rate limit is well exceeded. Yeah, you know, rate limiting that wasn't a thing back then. Like, it really wasn't. and at that point, I'm just like, "Oh my gosh." And I'm refreshing and finally I see they take my profile down. Like, "Okay, great." So, it's probably 20 hours and maybe 1.1 million people. And at that point I go to see check someone else's profile. Like, "I wonder do they remove uh the text from their profile?" And their profile was down. So, then I go to myspace.com and it says, "The site is down. Everyone here is working on it." And I felt absolutely awful cuz I had a tech company. I know what it's like to have systems that are down. And to me that I was the person to cause them to go down like made me feel terrible. I don't want to do that. I just want to say Sammy is my hero on profile. But that that I'm kind of okay

Samy: Yeah, it's a prank. Uh so, I felt really bad. And I'm living in LA and I know MySpace is in LA. So, I thought maybe I should just drive over with some coffee and donuts and apologize and be like, "Hey, can I help? I don't know, write some SQL queries. What can I do?" But I thought it's probably bad idea for the culprit to like show up at their office. Like, that might not be a good idea.

Rory: Especially when they're owned by a Fortune 500.

Samy: Yeah. Yeah. So, I just kind of waited. A few hours later the the site came back up and uh it still said Sammy is my hero everywhere, but uh my profile was down was gone. And the worm was gone. So, they'd fixed it. So, they're like, "Okay, that's good." Um so, then I just I didn't really know what to do. I just kind of waited for like the internet police to show up. You know, a day goes by, a week goes by, 3 months go by. Fortunately, I'm like, "Okay." Fortunately, nothing happened. 6 months go by. So, we're working at my company. It's growing. um I don't know, like almost 30 employees or something. Uh and I finally have a a salary and like I can afford some a car. So, I get like a a nice new car and I walk down to it and there's two guys sitting on the hood of my car. And I'm like, "Oh man, I'm getting carjacked." And as I walk up two more guys walk up behind me and they say, "Sammy?" And so, they knew my name. And I'm like, "Oh, car jackers don't know your name." So, they I'm like, "Yeah?" And they say, "Sammy, we're uh we have a search warrant for you." And I was like, so, on TV they always say, "Show me the search warrant." So, I'm like, I don't know if that's real, but I said, "Show me the search warrant." They just hand me a stack of pa- pages. So, I start reading it. And they all show me their badges. So, it's like LADA, uh Secret Service, Electronic Crimes Task Force, and CHP. And I'm reading this, I'm reading this, and finally I see something on MySpace. And I'm kind of relieved it says MySpace because as a teenage hacker, you kind of hack into whatever you can.

Rory: There is this you uh I think when you're young and in that community, like often a lot of people want to hack into government systems. Not to do anything bad, but really just to go on IRC to chat and show that you have a dot dragon. Yeah, bragging rights, right? Like vanity vanity host

Samy: the the teenager hacking NASA always seems to come up in the news.

Rory: Yeah, yeah, exactly. Um so, I was like, "Okay, I've you know, never done anything bad, but uh there's definitely like, how do you how do you at that point, yeah, it said MySpace on this thing, and I realized, "Oh, it also So, I'm like, guys, are you going to do the search or what?" And they're like, "Oh, we're already doing the search." So, we go up into my apartment, and there's a dozen agents going through everything. So, my girlfriend at the time is like crying and wearing a sheet because I left to go to work, and she was still in bed. And then my roommate, um he was in a bathtub cuz he was taking a shower, getting ready for work. Uh and he Yeah, so they just like came in with guns.

Samy: Wow. They took everything that had data, CDs, DVDs, Xbox.

Rory: Including your girlfriend's and your roommate's? Um I think they took my girlfriend's, um and they didn't I don't think they took my roommate's. But I think they took my girlfriend's cuz it was in my room. And uh fortunately, she was able to get it back from them in like a a week later. Uh and then I had Yeah, they took even my iPod. Um, and I was like, well, am I being arrested? And they're like, no. And they took everything and then left. Uh, meanwhile, I went to the office and I didn't realize but the same time they were at the office. So, my company. And they go and they ask the CEO, they're like, hey, what does Sammy Kamkar have access to? Like, everything. So, Secret Service agent apparently says back to some other guys, all right, guys, take everything. And this is a voice over IP company. Everything is internal. So, they're about to basically take down our

Samy: Uh, fortunately, the CEO, I mean, the dude's brilliant. Uh, he somehow convinced them that I was just an intern and I was just like, uh, you know, I don't know, I make the coffee or something. So, they just took my computer, fortunately. Um, I went into the office, sort of explained why why all these agents were there and, uh, you know, he thought it was kind of funny. And at that point, I sort of searched for a lawyer, got a lawyer, and we fought. And it was actually MySpace that didn't come after me, it was the state of California and the DA. Oh, wow. Um, so, I got a lawyer and

Rory: was MySpace had contacted them or contacted the state of California and said, we think there's been a cyber crime and then they've pursued it. Uh, probably. Uh, I'm not exactly sure, but it was not it wasn't civil. So, it wasn't like MySpace coming after me. Um, which they could totally could have. Um, they could have said, you know, lost ad revenue or or anything else. Uh, yeah, it was just the state. Oh, so MySpace potentially contacted the California government and prosecuted you criminally via them. It wasn't a civil action. Correct. It wasn't civil, it was criminal. Uh, I got a lawyer, we talked to the DA and basically saying, hey, I'm 19. Um, I don't have a high school diploma. Like, technology is the only thing I can I can do and essentially they were trying to get me into never be able to use a computer or the internet ever again.

Samy: For the rest of your life?

Rory: For the rest of my life. Uh, and my lawyer was like, "Well,

Samy: That's little for a

Rory: MySpace CSS. Yeah, it was it was pretty crazy. And fortunately, we came to the agreement that, "Hey, okay, I actually won't be able to use computer, I won't be able to use the internet, and I won't be able to go to MySpace.com in case they somehow figure out a way to access it like whistling into a whole phone or

Samy: Um, but I could essentially agree after 4 years, I could go back to the court and say if I was on good behavior, uh, then I could get all of that removed. And I was like, "I can live with that." Like, we had the company, and I could probably still work there.

Rory: were 19 at the time.

Samy: Yeah. Um, so I agreed, got a plea agreement with that. Um, so no computers, no internet. Uh, I actually didn't touch one because to me it wasn't worth the risk. I think maybe I'd take the risk for myself, but also knowing that I supported supporting my mom, uh, that wasn't a risk I was willing to take. So, I literally didn't touch one. Um, I fortunately the company was doing well, and I like had a team, so engineering team, so I just worked with the engineering team, and just was in meetings all day. Um, and that sort of continued and and was doing well. So, you were able to continue your employment for throughout this.

Rory: Yeah. Yeah, so I was a co-founder of a a voice over IP company. Um, so we were trying to essentially we made the phone systems where you could dial the press one for this, press two for this, and we made we made it a little better. So, instead of you waiting on hold for an hour, uh, we'd be like, "Press one, and we'll call you back." So, you could go go about your business playing Counter-Strike. And this uh, so in order to continue your employment throughout this process, were you writing code by hands, or like how were you actually working? Yeah, fortunately, uh, I had a great team of people, so they were writing you know, I'd write written a lot of the original code, um, but then they were writing all the code, and I was sort of making architectural decisions and managing, and uh, Were you allowed to sort of peer over someone's shoulder at a computer? You were just not allowed to access the keyboard and the Yeah, basically it was like no internet and there was like [clears throat] a specific single computer at the office that's allowed that like I can touch. Like this one thing that can like talk to the internet and stuff.

Samy: 95 computer.

Rory: Exactly. Yeah. Um, do you think that like throughout this process were there things that you thought of building and you were like when I get back to a computer I'm so excited to build X Y and Z and have you gone on to build any of those or are there any that you still think about from that era? Uh, oh, that's a good question. There were a few things I had. There were like some concepts or ideas I had that I was curious whether they would Um, just some like networking stuff. ways to access computers or networks that you're not supposed to. Um, and but I got to say also just not having access to computers or the internet when I went from using the computer every day from morning till night and most of my social life was online through like chat rooms. Um, to not having any was probably like one of the best things possible for me. It forced me to go out, like go outside. Like what's that bright light out there? Uh, I started going to the gym. You know, first time I was actually going to the gym regularly. That was really good for me. Started just reading books, just doing things and then going out with Actually socializing. So, that was And then one I'd go to probation every month, visit my probation officer. Like four years later we went to court. Probation officer said I was her favorite client

Samy: and [snorts] the judge removed everything. I was sort of back to normal and it felt really weird. I went to the Apple Store. I got a I don't think it was called MacBook. I think they're called PowerBooks at the time. Bought a PowerBook and it just felt It also felt wrong. It felt wrong like typing on there and I went to a Starbucks to like play for a few minutes and like it felt weird and I like shut it and I went off to I don't know, hang out with friends. But uh then I slowly got back into it. was like, "Oh, yeah, there was some ideas I had of I don't know." Then the iPhone came out around uh actually during the time that I couldn't use a computer, the iPhone came out. So, I was really curious about that. Like, what interesting things could you do I remember remember a browser came out, I think it was Firefox, and it could you could go to Google Maps and click that button and it would show you exactly where you are. Uh that blue dot. I'm like, "How does that work? There's no GPS in your laptop. There are in our phones, but not the laptop. So, how does the laptop know?" And I realized, "Oh, wow, the phones all of our phones are war driving. They're looking because phones have GPS, they always know where they are. And then if they see any router wireless address, they send that address to Google or Apple along with your GPS coordinates." So, when you're on a computer and you hit that button, it sends your MAC address, your wireless MAC address to Google and Apple. And it can tell you exactly where you are. It's like, "Oh, that's really cool. I can make a website and grab their address and send it on their behalf without their permission. And now I know every person where they live um who visits my website, for example." And then I realized, "Oh, wow, we have this live traffic view of like how traffic is. So, if you're driving to LAX, how long that will take, what's the best route." Where's it getting all that traffic information? It used to be just on highways. Like, I remember there was one day I only saw a green and red traffic on highways from Department of Transportation sensors. And then the next day, I saw it everywhere. It's like every street. And it's because they're crowd sourcing how fast our phones are moving. It's like, "Oh, that's really cool." Like, our phones are giving the data of the traffic. And there was never like it never asked me this. It was just doing it. So, I started reverse engineering phones like Apple and Android and I found how that communication worked. And I realized I could just make my own app. So, I made a a iOS app and it was just like Google Maps. You'd say, "I'm here in West Hollywood. I'm driving to LAX. Give me the the route." But simultaneously, it would give you the route, but then send thousands and thousands of fake requests to Apple and Google as other cars driving, all going 0 mph on my route, which then diverts

Rory: Cuz it it makes it look like there's a traffic jam. It looks like a traffic jam. My route is a full traffic jam and you're entirely diverted. So, everyone No one else gets that route. So, that Everyone's going on other on other routes. This has since been patched. Yeah, this has been patched. So, you were straight back into your

Samy: Yeah, I was straight back into like, I don't know, like this just it just seemed, you know, it's I don't know, information. Like we're I wasn't hacking into anything. This was actually And I I was I think a lot more careful with what I'm doing. Like, okay, this is something I'm allowed to say. My devices are already doing it. I'm sort of just like peeking into how the technology that we have actually works um and playing with those properties. You have an incredible tenacity for technology. Uh we discussed your first company. Let's talk about the second one, OpenPath. When did you found this? What was the catalyst for this?

Rory: Sure, sure. So, uh after my first company, um I had made a little bit of money. It was like enough that it I mean, it was for me the most I've ever seen, you know, by multiple zeros. Um it would allow me to sort of live without a job for a few years. Uh and I spent those few years like sort of traveling um learning new things, releasing open source projects. And while I was traveling, you know, I hadn't seen my dad since I was 7 years old. I hadn't talked to him since I was 7. And I I think I think it was my mom probably prevented some of that. I never really understood. Uh I'm ashamed I still don't know everything about my like origin there. Um and I've been afraid to touch it too much. But, I was like, let me find my dad uh and go I'd like to meet him. So, I searched him. I found out uh oh wow, he's the CEO of venture capital firm in Dubai. I was like, okay, interesting. I always knew he liked business and there's probably some of me that like was sought business because of him. and I emailed him and he said, "Hey, yeah, come visit." So, uh I flew out to Dubai, uh saw my dad after 20 years of no talking um and not seeing him. Uh and I met my five half-sisters I didn't know I had. And that was a like a crazy and beautiful moment in my life. Uh I have no other sib- I have no siblings. And to have these five people that I just learned are related to me like activated some brain circuitry that was like this protect like I just needed to protect these girls. And it was so interesting to have that just instantly that like instant emotion or feeling um like take over. Uh and that was just I don't know. It was the best part of that trip. Um and I saw my dad and I kind of realized, "Wow, I think my entire life I've been really trying to like uh maybe seek his approval." Um and in a in a very insecure way like show him I don't need him. Um and I think that was part of that was a part of the drive in my life, but uh I think part of it's also curiosity. But I met him and I realized, you know, he's a normal person. Um he came from uh United Arab Emirates, very different, you know, they're Muslim had a Muslim life upbringing. So, I can understand his life is very different than the life I experienced. And I can understand why he made whatever decisions he did. I understand why my mom made the decisions she did. She grew up in Iran during the war. Her father was a colonel in the army on the losing side. Um they had to, you know, escape. They had an arranged marriage when they were like 19, 20. I mean, just crazy things I can't imagine ever going through. Um and I think at that moment while I like appreciated my father, I realized I didn't need that approval. And I think I came home and I no longer needed this approval and I kind of realized that just kind of broke me. I was like, I actually don't have anything else to live for. There's nothing else I was really trying to do or accomplish. And I didn't even realize that I think just coming back and I just got depressed. So I sat on my couch, I'd watch Friends reruns. You could see basically my butt imprint in the couch cuz I never moved. It was so bad. Like for years I was just doing nothing. So I ran out of money. I had like a few months left and I still had to support my mom, but uh Yeah, I wasn't paying taxes, just doing And one day I get a letter from in the mail and it's the IRS. And they say, "Hey, we own your condo now." So I had bought a condo and they put a lien on it because I hadn't been paying my taxes. And I was like, "I don't even have the money to pay my taxes." And for the first time ever, this condo that was the first place I had ever felt like this is my home. Like well, growing up we moved around a lot. We never had a single place. We never had a home, like a single home. So I was like, "This is my home." I'm not going to let somebody take that away from me. So I am just going to work like hell to get this back. I contacted I contacted someone. Sort of talked to the IRS. They said, "Okay, I can like pay in installments." And I'm like, "Okay, well I don't have a job and it's actually and no one's hiring me. I need to like do some stuff." So I I just thought like, "Well, what what got me excited before?" And it was really playing with project, playing with how things work. Um you know, picking at curiosities. So I'm like, "All right, I'm just going to keep doing that. I'm going to do that." And I started just working on projects. I started drones started becoming ubiquitous and like um uh affordable. So I got some drones and I started looking at how they worked. I'm like, "Oh, it'd be cool if I could control it. It'd be cool if I could control someone else's drone, not only my own." I started looking at how they Uh I released this project that was an open source drone that you could fly around and it would take over any other drone within wireless distance by exploiting properties of the RF communication channels. I threw that on GitHub. I made a video and people like, "Oh, this is really cool." I was like, "Yeah, this is fun. This is a fun." So, I started working on more of more of these projects, started releasing videos teaching people how to make these kinds of things. And um This is SkyJack.

Samy: This is SkyJack. Yeah, yeah. Straight

Rory: Yeah, that happens. Uh and I'm like, "Oh, wow. So, I can I I can probably Then I started doing sort of speaking engagements um and making a little bit of money like here and there. I I got a job programming for some company. Uh I tried going in and then they had me like pixel They're like, "Wait, you can do CSS and this other stuff?" And I'm like, "Yeah, I don't really want to." Started doing it for them, the pixel pushing every day. I hated my life. Uh and I just left. I was like, "I'd rather just lose my condo than have to go and do this thing."

Samy: Um but I'm like, "No, I need to make something." And around the same time um these guys uh James and Alex reached out to me. And these are guys that uh So, my first company Final Eden started that when I was 17 with my co-founder. And my co-founder found me. And he had worked with James before. And James and Alex lent us their conference room in their company um in like when I was 19. So, we started our first company out of their conference room. Then we started growing and we got our own office. Those guys, James and Alex, they sold their company, Knowledge Base, and then they wanted to start a new company. By this time, my first company had grown and we had a conference room. So, they started their next company in our office, in our conference room. So, I got to like hang out with these guys sort of years apart. Like super friendly. Um always really liked them. Really smart guys. Uh very business-savvy and and And uh I was like, I always wished to work with them at some point. Anyways, they started their company. Uh they called it Edgecast. It became a big content delivery network. They ended up selling that for like 300 million to Verizon uh media some years later. And then for the first time we're all available, basically free. They call me up like, "Hey, do you want to work on something?" And I'm like, "That would be awesome. Yeah, I would love to like ride these guys' coattails and learn from Um so, a couple of us got together, we just hang out every day, work on ideas. Um and we started a company called Openpath, Openpath uh security. And uh we tried creating this router in the cloud, a firewall in the cloud. We spent a year. Um you know, at this point I was super stressed because I actually had no money. I wasn't making any money from it. Um I was able to invest money in the company as a co-founder. And I was working on the weekends like basically consulting to make cash to pay for my IRS and like mortgage and stuff like that. Uh so, very stressful, but I was also super motivated. I'm like, I think it was I needed that IRS lien in order to really motivate me and get me out of that funk. I'm so glad that happened because it got me out of the funk. And now I was just like just viciously working and it was good. Like I enjoyed it. I I enjoyed like working towards something, especially when I was with other people and we're working towards a shared goal. Really realized that that is something that I really enjoy in life. Um having a shared goal with others. So, we spent a year working on this product and then we went to uh Def Con and Black Hat in Vegas. What year was this? Uh this was probably 2016, 2017. We started in 2016. Um so, I think it's probably 2017 we went uh maybe early 2018, we went to Black Hat and Def Con. And we saw, "Oh, wow, there's some really, really big companies building competing products and they're just going to crush us." So, it's they have so much money. Um like just in marketing alone they'll destroy us. So, at that point we'll we'll I'm a little scared. I'm like, we got to figure something else out. And uh we decide we're like, you know what? There's what are issues that we've run into? And one issue we've all had is with RFID cards. Like, they're always a pain. We lost one at some point. We were we were in someone else's conference room and we had lost one. That became a big issue. Also, maybe like 50 like 10 years prior, I had released software on a project called Proxmark. Um so, I'm a developer of this penetration testing toolkit that allows you to exploit uh RFID cards. And I found that even the RFID cards today are clonable. Like, I could copy just by being near you. Without even touching you, I can copy the card the card that you have and then replay it and let's say get into your building. Flipper Zero. Flipper Zero just like the Flipper Zero. Exactly. Um so, a lot of the stuff the some of the like exploit techniques are built into the the that I had created are now in the Flipper Zero. Um and this was like kind of mind-boggling to me because we actually had good security in other realms. Like, on your phone, your smartphone. That uses very strong encryption when you go to your bank or your email. Uh that exists. Like, we have the technology and it's open. It's like open source. Uh many of these cryptographic protocols are fully open. Anyone can inspect them. They can try to break them. And many people like, we want people to try to break these things. That's why they're open. So, we're like, what if we made just a a better RFID access control system for buildings, for companies? And make it an app that can communicate with the reader. It's actually kind of a it was I didn't like it at first because I was like, well, it's so much work to pull out my phone, unlock this thing. I might as well just tape the card to my phone and then badge my my phone in that way. So, then we're like, well, let's make the reader itself. So, then we'll do the hardware and manufacturing for a physical reader. And that can talk wirelessly to the phone and over a very strong cryptographic channel. And just your phone in your pocket being close enough to the reader can unlock the door. And we'll make it really easy for companies, so if you're a company and you have 30, 40 employees, you click a button in your HR software, it links it, and everyone gets an email, everyone gets access, and you can still use RFID cards. So, we started building this, um we pivoted to that, and this started doing well, um started growing, and customers started getting customers, started getting bigger and bigger customers, uh started getting Fortune 500 um

Rory: In this mode, cuz you're starting to work with some of the world's largest uh did anyone ever stop and say, "Hold on, this guy has a federal charge." How did this come up at all in the process, or was it sort of almost a positive, where they're like, "This guy has a federal charge for hacking, he probably really knows his stuff." Like, do you think it How did it play into like your your your origin story? How did that play into your growth? I think uh there might have been some trepidation with some companies, um although I think generally we would advertise sort of the security stuff I did. Because really after the MySpace thing, A, I think anyone who looks at that understands it was not a malicious thing. A teenage prank. And anyone who knows you. Uh yeah, yeah. Um but then I released a lot of stuff after that. So, a lot of uh open source software and hardware, and they weren't meant to break things. I mean, one thing I've noticed is like anything I release is only going to work for a very short period of time. Um typically the projects I release are something that will change the way our systems work. Um one project was called Evercookie. I remember people were were freaking out about Flash cookies, which is another way to track you in the browser. I was like, "Well, there's not only cookies and Flash cookies, but there's really like a dozen other ways you can track someone. You can put stuff in their history, in their cache, you can use Java, you can use Silverlight." All these other mechanisms in the browser to store data about somebody somebody, so when they come back, even if they try uh literally you even if they tried, they couldn't make themselves anonymous. Um so, I released a and just writing about it doesn't do anything. Like these were all many of these are publicly known techniques. So I just created an API that put everything I could think of and then had other people in the open source community add more to that. And it became this crazy tracking platform that you could put on your website and you can track someone even if they delete every cookie, if they erase everything, you would still track them. Ed would Snowden, I believe, discussed the ever cookie during the NSA leaks era.

Samy: yeah. Yeah, so he released a you know, Edward Snowden released all these government docs from the NSA and apparently the NSA was using the ever cookie when it came out. Um, so they were using it to actually track people because it worked so effectively. But the goal is not actually to track people, it's to show, "Hey, this is possible. This is essentially the ever cookie is a litmus test for the browsers." And what the browsers did, very quickly, is they then moved all of privacy settings in one location. So now when you go in your browser and you click like, "Let me clear my browsing data." It shows you everything. Like you can delete all that stuff in one place. Um, and now it's very easy for us to control our privacy. And now ever cookie does not work. So most of my projects don't work after a week or a month. Um, and that's kind of the intention. who published something that gets patched immediately. Yeah, and that's a good thing. All right, I think that's a it it's simply, you know, internally within a company and I completely understand, within an organization, you have priorities. Uh, public companies it's going to be like the shareholders that are you know, in a private company it's the often your investors that are helping sort of direct what are the priorities that you have. And I just found that if I believe that something is better for humans and other end users, like you have an you have a way that you can try to add priority to companies that have other internal priorities. Like they're always be different they're always be competing priorities. It's just a way that I think, you know, I'm a user of many tools and I believe in some I believe in pri- privacy, I believe in transparency, um, and I also love the products that companies make. Um, so I think it's just a uh non-harmful, it's just a a way to uh push good things for I think the users and the companies ultimately. Um, so I think because I've had I've released many different things like that that have improved security in the technology that we use in our phones and in browsers, in cars, people will get that this is really a good thing and and you probably want to have someone on the team who's creating who's working on a security company to build something secure. Like it should be very difficult to break into. So we really tried to architect it as a secure system, but we also know people don't care about security. They just want it to work and want to work well. I feel like there is also a trope in your industry of someone hacked something and instead of getting prosecuted they become they get hired by the company they hacked. I know when I was working at Apple there was all sorts of things of people running these open communities where they would try and hack into the iPhone and Apple every year was just plucking three or four of them and saying, "Well, come and work for us." Oh, that's awesome. I think it's a great idea. Yeah, yeah. And I actually honestly, you know, most most legitimate companies now have these bug bounty programs which I think encourages that community and says not everything needs to be black hat. If you find vulnerabilities, please work with us which I think uh you're probably following the the rollout of the Anthropic models. Oh my gosh. It's

Rory: first few weeks were all just like, "Hey, we're going to give all the companies time to catch up on all the vulnerabilities that we found." No, it's it's a new world and I mean it's also it's funny because yeah, all these companies have had bug bounty programs and now so many of them are shutting them down because there's so many things and it's uh it's terrifying and honestly also exciting. Uh so like a lot of our guests on season one of the show, you've had a big exit and I your second company sold for around 400 million US dollars to Motorola. Yeah.

Samy: How did that deal come about? How did that come about? Um, I'd say we were the the product was growing. Um, we had you know, we grew an awesome like an amazing team. I lucky to have like amazing co-founders that I trusted and like just know how to build companies. They've done it many times. I had the luck that I get to work on one company and already. So I'd like learned a lot in that area and I think just having this shared goal of like trying to build something that us like we would want to use ourselves. I know I get frustrated a lot of technology and I'm always yelling at apps and computers and I remember I was I was using Google Maps this for you some years ago and I was driving somewhere and it gave me the wrong direction and like it told me the wrong the actual wrong turn like left versus right. And I was like yelling at my phone like what's wrong with you Google Maps? I'm in the wrong totally wrong place now. And it said, "Do you have a suggestion?" I was like, "What?

Rory: How do you How do you know I'm mad?" And I started yelling at my phone again to see if it would happen again and it didn't. I was like, "Okay." And maybe a month or two months later same thing happened. It did something wrong and I got upset. I started yelling and shaking my phone like, "What's wrong with you?" And it said, "Do you have a suggestion?" I said, "Wait, what what's going on? How does it know this?" And I realized shaking my phone makes Google Maps pop up this alert. So someone I think has a great idea. Someone like really smart inside of Google Google's full of smart people obviously. But someone you know, came up with this idea that when I'm angry I shake my device.

Samy: So let's actually learn from that and I love when people learn from their users. I think that's that's a beautiful thing. So you know, we try to learn from our users. We try to like make the app something we would want to use because I also love reciprocity and the golden rule like you know, treat people the way you want to be treated. So I think the same thing goes into the technology and products and services that we make if we want to create we started integrating with video security. So because we're access control, it's like for your building, you want to know when people enter certain doors or if something if there's a break-in, like was someone's card used? Was someone's phone used? Um we need to see those logs. So, it's helpful if you have video feeds as well. So, uh we started talking to Motorola Solutions because they have a bunch of video, you know, no one Motorola Solutions is a Fortune 500 that generally no one hears about. Um but uh half the body cams of police uh police are Motorola Solutions. Virtually every radio you see like uh on on police or government or Motorola radios. And they used to also make many chips like computer chips that that are are used especially in the radio space. Um and they have a bunch of companies that they've acquired and also built uh that go by total various different Um but they're kind of everywhere. And they were integrating their video solution. We want They have a really good video solution. So, we want to integrate with them and we started growing a bit, so they wanted to integrate with us, fortunately. And I think they saw what we had created and they're like, "Oh, wow, this is really cool. This is sort of the next generation of access control." And they have their own internal access control product. Um and I think they were sort of excited by what we had built um and were really excited about potentially doing a really deep integration. You know, you have this sort of new technology in this legacy world of old hardware, old access control like methodology. And our stuff just worked different. Like we started we started from the ground up and I got to say, I like what had a lot of nervous I was very nervous building this um because some of the things we're doing were very different. And we're And I was gung-ho about let's make it the way that we we think it should be. And we had the people who would take our product and install it as this installer network. So, it was new to them. So, there was resistance a lot of resistance because we're doing things differently. The wiring is different. Like, they're they literally will use different types of wires. Um it's unfamiliar. So, it's new hardware. Uh so, there was a lot of pushback, but I think over time, you know, as we stuck with those we made some mistakes. Um I've definitely made some mistakes, but uh over time, like a lot of that paid paid off. Um people realized, "Oh, wow, this is easier." Like, it actually is an easier installation. I don't actually care about the old way I was doing things because this takes less effort for me as an installer or a user or an admin. And I think Motorola they were Motorola Solutions they were just sort of excited by that and wanted to also do some deeper integrations. And we think as a a team, like, we could do bigger stuff Um another thing is that it's like we had dinner with, you know, many of the executives and we'd like them. Like, they're just good people. And at this point we were maybe 90 some employees, almost 100 employees. And we like love our employees at every single employee, every single full-time employee had equity, had stock. Whether they wanted or not, we'd give them stock. and we need to make sure that they would all be good. Like, this can't be an exit where we're selling, taking some money, and like no one gets anything, and they don't keep their jobs. Like, A, everyone has to keep be able to keep their job, like, move to the new company. Um so, you know, it was it took some time, and uh we weren't really interested in selling at the time, but I think uh we were growing, and we thought we could do really cool things together. So, they acquired us. Uh every full-time employee got cash, right? Just like cash in their bank Yeah, it was great. I mean, it's great for everyone. I was super fortunate. Uh I was able to pay the IRS, get my condo

Rory: It's like, "Ooh, phew." Um and uh yeah, I've been a a happy taxpayer ever since. Uh

Samy: goodbye to frozen. Um and yeah, you know, we to work on a bunch of fun projects there as they sort of integrated within their And got to work with amazing people. And actually, it's just a great company. Like, I really like the company. You know, virtually everyone's still there building even cooler stuff now. A few months ago, you and I went out for dinner in West Hollywood. And you jokingly sat down and said, "Guys, I want to pitch you my new startup." We said, "Okay, Samy." And you said, "Well, you it's an iOS app. You link your contacts, scans through your contacts, and it tells you which one of your friends were in the Epstein list."

Rory: Yeah. And we all laughed, and then you revealed, "I'm in the Epstein list." Uh, but you know, for the listeners listening, we were not laughing. Uh, that is Samy's in there for a very innocent reason. So, their team hit you up quite a few years ago asking if you would, in in a way, be their personal Um, how did this come about, and and how did those conversations play out? Yeah, sure. So, you know, actually, I I also pitched this that app idea to a buddy of mine, Kyle McDonald. And he's like, "Oh, that's super cool." So, he went and he built it.

Samy: Uh, I think the the Apple App Store rejected it because for whatever reasons. But then he made it a I think a website and a test flight app that anyone can actually go and use.

Rory: Can't see that one getting through the app review

Samy: process. The draconian app review process, yeah. But uh, that was fun. But yeah, so somebody came up to me. I was at a con- I was helping with a conference in LA. What year was Geez, this had to be Let's see. I don't know, maybe 2010-ish or something something like that. Somewhere around there. Um, and someone comes up to me at this conference. They say, "Hey, like you're doing some cool stuff. Uh, I don't know, I've seen your projects. Love to like get lunch with you. Um, and you know, talk about maybe some like fun projects that that we could work on. Got a real fun one. So, I get his email and he's like, "Yeah, like let's grab lunch." And we get some lunch and he he's like he he's all shooting some emails to me back and And he's like, "Yeah, so you know, I work for this guy and we're kind of like there's some like bad stuff on the internet about him and you know, probably untrue. Like probably want to get this stuff removed." Had no idea who the guy was. He gave me his name, Jeffrey Epstein, and I looked him up. Um, and I was like, "Oh, this Yeah, this I'm not interested in." And

Rory: at that point, I think once I learned who this guy was and I was like, "Yeah, this is not not something I'm interested in." And so, but yeah, that thread was forwarded to Jeffrey Epstein. So, I guess they had an email thread about potentially me helping them, which I never agreed to. Uh, I looked up the guy recently because of the Epstein files. And he had some mysterious death. And he had his

Samy: The the man who approached Man who approached me. Yeah. Wow. Some years ago. So, who knows? Yeah, yeah, weird. I've been in some like

Rory: Who knows what would have happened if you said yes? Yeah, oh yeah, yeah. Never would have said yes, but been in some like some weird uncomfortable situations. Sometimes when I've been traveling and speaking engagements, I was in I don't know. I was in Central America. New York speaking engagement and some guys came up to me and like asking for help for their like I don't know, their like group that is trying to like overthrow the government. And I'm like, "Oh my gosh, this I'm so scared." Just like terrified. I was like, "Yeah, yeah, shoot me an email." Has there ever been Obviously, you're in the the Epstein files in the most innocent of men, but has there been any impacts on your life of being in Gmail? Oh, I don't think so. I mean, anyone can read the thread. It's like uh the most It's innocuous. It's just so innocuous. Yeah, it's like this guy is trying to get lunch and he's like asking for help and uh it never continues. So, you briefly touched on it a moment ago, but with your skill set, I imagine nation states are pretty interested in hiring you. And it sounds like some people have reached out. Has any nation state ever reached out and said, "Can you help us with X, Y, and Z?" And how how has that interaction played out? Um yeah, sometimes uh like often it'll be companies that are working for an for, you know, um that will reach out and I've done some stuff in the US sort of for companies that work for various other countries I'm not as comfortable doing that. Uh I was born in the US. Uh you know, I appreciate a lot of things like just the opportunity that we have is pretty incredible. Have the three-letter agencies in the US ever hit you up and would you be able to tell me? What's that? Have the three-letter agencies in the US messaged you and would you be able to tell me if they have?

Samy: Well, you know, it's funny. They had these uh you know, during the time of Edward Snowden uh they released information about uh these secret subpoenas. So, it's kind of funny where you wouldn't There were subpoenas that the government, at least at the time, were able to give companies to say, "Hey, you are we're subpoenaing you for information. Give us information about, let's say, some customers of yours and you're not allowed to tell them. You're not allowed to even publish that we asked you for a subpoena." So, there was a time where people were trying to come up with uh a way of being transparent. So, there's the idea of the this canary. So, you put something on your website that says, "We have not been subpoenaed by the US government, right?" Or by our And the the idea is

Rory: if you ever are secretly subpoenaed, you don't ever say you are. You just remove the page.

Samy: Oh, that's brilliant. I don't know if that that would hold up or how that would work in court, uh but I would just always thought that was funny. And um I really love the the oh, you know, ways of that communicating information which is without maybe necessarily breaking things. Um there's a a tool I use called And it's for encryp- encrypting information. Encrypting like uh you can have a encrypted hard drive or even just an encrypted disk that sits on your hard um like a folder. And the problem is often when you go to borders, you lose all control, all like rights. You have no rights at any Um so, someone can force you to enter your password. VeraCrypt has this really cool feature where you can say, "Hey, um I have a password and let's say the the file is one It creates a 1 GB file. So, you can have up to a a gigabyte of data in that file. And if you type in the password, it decrypts it and you have a gigabyte of data and maybe you only have like a megabyte of data right now that you just like put stuff in that folder and then you re- re-encrypt it. you can enter a second password. It doesn't mean that there's a second password, but you can enter a second password. And the way the second password works is it tries to decrypt the the drive, that 1 GB file from the beginning. If that fails, it tries to reverse the file and decrypt it from the back, so from the reverse side, and then decrypt the other way. And if that works, you've now de- crypted other data. So, different data can sit down here. So, if you're ever forced at a border to give up a password, you can give up a password that has these some personal data over here, but as long as you Let's say you spend uh 200 MB of that data, well, you have 800 MB on the other side. It doesn't mean any of it's used. There's no way to prove that it isn't used or not. Now, they could be say, "Well, we know that there's it's possible there's a second password, but there's no way to prove it. There's absolutely no way." So, even whenever I encrypt something that I don't care if it gets decrypted by the government or anybody else, I still use VeraCrypt, and I just have one password for it. Like, there's only a single password. I I have nothing on that other side. So, on that note, because people approach you all the time, what are some of the more interesting things that you've been asked to build, or at least attempt to build? Huh. I'm sure there's the constant, "Can you hack an iPhone?" That is very boring. I get a lot of interesting people. Actually, uh I got a a really well, a few years ago, I did a talk at Def Con for a new project. I'm trying to get into physics, and I'm really interested in light. And I built this project that allows you to use uh infrared laser and bounce it off a window. So, you can be outside and bounce it off a window across the street, and that infrared then reflects, and you pick it up with a photodiode that just like looks at light, and you can essentially hear what's happening inside because sound is vibration of air. That air vibrates the window, and now that reflection, that laser is now vibrating. Uh this is a standard laser microphone. This existed for many, many years. And I just thought that was always cool. It's just like some James Bond stuff. Um so, I tried to creating one, and this is the sound quality was really atrocious. Like, it only got I could only hear up to maybe uh 300 Hz of sound. Just very low. Um you know, not not great fidelity. And I was playing playing with it what for a while, and I thought, "Well, how do we deal with like radio? When you have a FM radio station, like an FM tuner, AM tuner, you're like turning this dial, and you can hear other radio stations." And all these different frequencies of radio, they're all just light. They're colors of light that we can't see. So, I was like, "Well, what if I do that do something like that with um with this laser, I could put a filter that just looks for that light. But the problem is the filter will remove the very little laser I'm getting back. And so much is lost because it gets scattered and some goes through the Well, what if I modulate, if I turn that laser on and off? If I do it a million times per second, when it comes back, I can filter I can do a band pass filter for just that 1 MHz, that million times per second. And all the other light, which is just in the environment, goes away. And that's almost all the majority of the noise that I'm experiencing. When I did that, I went from 300 Hz to being able to hear up to 3 kHz, an order of magnitude better. That audio quality was incredible for a laser microphone. At that point I could really hear well inside of a place, and I found that I could hear keystrokes, someone typing on their keyboard. Like, oh, this is super cool. And there's been existing attacks where if you just hear someone typing on a keyboard, when when you press any key, it makes a sound. If you press it harder, it it makes the same exact sound, just louder. If you press a different key, it will make a different sound. It's just like hitting a drum. If you hit the drum in the center, it's going to sound different than to the side. So, the keyboard is essentially an instrument that produces different frequencies of sound based off where you hit it. And you don't know what they're typing, but if you collect enough information, enough keystrokes, and you know the language they're typing, let's say English, well, the keystroke that's going to be the most ubiquitous is the space bar. So, it's your word separator. And then you can just write a program that that goes through English words and says, "Okay, if this letter, you know, I don't know what this these two letters are, but I know they're the same And a program in about a minute can figure out what you're typing. So, I was able to do this through the window. I made a little laser device for this and And this was just a fun project because I wanted to play more with lenses and lasers and lights. And I released this at Def Con. And uh We went to this Def Con together in Yeah, you presented this to one of the main stages if not the main stage of completely packed. We could barely get a seat.

Rory: Were you nervous presenting this? So, I think anytime I present something, I'm always nervous. I think it in the beginning, and I know that about myself, and I also know that if I can get people to laugh, that nervousness disappears. So, I always try to get a joke in in the beginning. Sometimes it's not funny, but you know, I'll try. that was that was really fun, but someone contacted me after that, and they said, "Hey, I might I heard about your project." And he is a Oh, gosh. Like a biologist or like molecular biologist, and he's studying Maybe I got the type the wrong type of science, but he's studying Alzheimer's and trying to prevent it or, you know, cure it. And he was really interested in, "Can we hear cells and the things that they're doing? Like if they're or if they're dying? Like They're They're biological processes that are occurring. Can we actually try to listen to the audio? Can you use a laser? If you're picking up such sensitive information, can we try to explore that?" So, I was working with him. I believe he's in Australia and he's in New Zealand. Really really interesting guy. We just do Zoom chats along with his colleague. So, I was just trying to work with him. You know, it never got anywhere. We were trying to I was looking at leaves, seeing if I could like pick up things happening in leaves, uh biological processes there. Nothing came of it, but just I thought that was super cool and I thought really creative of him to even explore that area and just go reach out. I love people like that who are just willing to go somewhere that you wouldn't normally go, and, you know, explore a path less taken. That's actually [snorts]

Samy: Yeah, yeah.

Rory: We had a Harry Gesner on season one of the show. Nice. Um, it's a great interview that's coming up. I he is the founder of Orion Sleep, a mattress

Samy: During our discussion, he asked me who else is coming on season one, and I mentioned your name, and he said, "Well, we're freaking out right now because Sami Kamkar just contacted our team wanting to purchase an Orion Sleep, and our head of engineering said, 'This is terrifying. He's going to hack our mattress.'" So, do you have any public message to the Orion Sleep

Rory: Oh, yeah. Okay, so yeah, yeah. So, I I didn't contact them. I, you know, our our mutual friend Kyle has just been saying great things about these uh mattresses. Um, so I'm like, "You know what? Uh, my sleep is terrible. It's been terrible most of my life. Um, I wake up in the middle of the night uh, and I just feel useless. Sometimes I'll wake up and I'll go work on a project. I'll have an idea, and that's, you know, kind of fun. That's okay. I'll suffer the next day. Other times I just like I just can't sleep. My mind's, I don't know, working weird, and I'm watching TV, and my day is just messed up the next day. And like, anything for like, I would love better sleep. So, I hear about these things, so I just I just bought one. I was like, "This Orion Sleep looks really cool." Like, I I read Reddit reviews, and uh over, you know, pretty much they're all great reviews. I was like, "All right, uh let me invest in this." And I got this sort of cooling heating mattress that they that they created. Um, I just bought it. I never reached out to anybody, and I think like a a few days later, I think it the mattress arrives, and then I get an email, and it's from the CTO. And super friendly super friendly guy super friendly guy, and he's just like, "Hey, Sami, you know, we're all fans of your research really cool stuff you do. Um, if there's ever anything you see, you know, if you inspect what our how our stuff works, we'd really appreciate a responsible disclosure. We'll like, you know, we'll do what you know, we'll give you like a bug bounty program. We can like thank you, like cool. what can we do? Uh it like it was I was really like it was a really kind email. Like I responded I was like, "Hey man, like I think you're all I've seen are good things. I just want better sleep." Like

Samy: And even even if I were like investigating, like I don't know how these things work or something. Generally, A, I'm not going after companies. I don't want to do something bad to a company. That's why a lot of my call it the last 10 15 years, most of my stuff is just generally how do things work overall, right? Something that it might be like how a router any router works, right? It's just the the protocols that we've created. How do those work? Like physics now is really interesting because none of us created that. That's just something that exists in our environment. Um so, I'm more how do I look at systems as a whole and not just a specific company making a specific thing. And even in the past if I've released something that would target a specific manufacturer because I that's because they were doing something that was not nice. Actually, it's like manipulative or deceptive to users like you and me. Um and I don't think people should deceive us and I don't think we should deceive people either, right? It goes both ways. So, I think those it's okay for a checks and balances, but generally I just want to have good products in my in my life and happy to support support that, yeah.

Rory: It's it's wonderful when a man of your talents is for the people. Yeah, you know, I I'm in a I've been in a I've had fortunate positions and been able to like go from very little to like making sure my mom is always okay and I'm always okay at this point. And a lot of that was because of what people did what I learned like early on is people releasing information, people publishing, people doing open source So, I think all of those gave me opportunities. So, uh, I've always been trying to like release my own open source stuff and open hardware and share knowledge so that others can make even cooler stuff that I can take advantage of and use in the future. You've had a truly interesting life We're sitting here today in your beautiful West Hollywood mansion.

Samy: Things have worked out pretty well. If you could send a message back to your 19-year-old self in the moment the Secret Service arrested you, what do you tell yourself? Oof, wow. Oh, wow. You know, I would say it was just a lot of I had a lot of fear and I had, you know, no support system. I think I've always also just, uh, learned early on not to trust any support system. So, uh, something I'm trying to change now. I want to be able to just like people can can lean on me. I want to be able to feel comfortable leaning on on others but, um, I was scared and I think the scariest thing the scariest part of this, uh, of the Secret Service coming and going to court was not knowing what was going to happen. And there was a there was a scientific study that was done many years ago where I believe it was rats that were in a cage and the floor would electrocute them. And some rats were in a cage where there would be a light that would go off and a few seconds later it would electrocute it would do a minor shock. The shock isn't going to kill them. It's just a minor shock. The same thing happened to a bunch of rats where they had would also get shocked. There was also a light. The light would just randomly go off. There was no correlation between the light and the shock. But in the first cage they know that when they see the light in 5 seconds the shock is going to happen. Like they learned that. The rats in the cage where they never know when the shock's going to happen, even though they get shocked the same number of times and the amount, they're all dying much sooner. It's the like essentially not knowing when this bad thing is going to happen or what that bad thing is. And I have to say, not knowing what was going to happen was the scariest thing. I wish yeah, I wish I they'd just said, "Hey, like you're going to go to prison." I would have been fine because I could just accept it and be like, "All right, it's like never drop the soap." I don't know. Like learn how to Never drop the soap. Yeah, whatever it is I have to do like I can start preparing and mentally preparing. So I think just the inability to mentally prepare for a wildcard scenario was really scary. Um what would I what I would tell myself I think it would maybe just be, "Hey, you know, you've gone through a lot um and like everything else you'll get through this. Uh you know, you Yeah, you know, anytime we're in that scenario of like fear going through something, you know, we've we've all gone through challenges. So I think reminding ourselves we have gone through challenges before and we made it out. And yeah, that'd be nice.

Rory: I imagine you've got a lot of cease and desist notices.

Samy: Some of the years. What's the angriest lawyer call that you've ever taken? Angriest lawyer call?

Rory: Uh you know, I don't think I've ever spoke I don't usually talk to them on the phone. I remember what I released this project um I think it was Max Bufu. It's a little device and it allows you basically clone a credit card um or use your own credit cards. You can basically like use it to install all of your credit cards. Uh and this is before Apple Pay and um sort of Google Wallet. So you could put all your credit cards on this thing and you can go up to any credit card reader, a standard one where back when we would swipe and you could replay any of your cards. Uh it also allowed me to do pen testing of how card numbers worked and I could like turn off uh certain functions or like enable enable ATM on a on a card that didn't have ATM access, things like that. Um but it was more just like how do mag stripes work? I was really I was curious how how that worked. And I released this as an open source project. Um it was just for my own research of like looking at how this stuff worked. And I got a cease and desist from someone. And uh I was really fortunate that the Electronic Frontier Foundation, the EFF, they're nonprofit of attorneys and we I think see eye to eye in many ways. And I reached out to them like, "Hey, I got a cease and desist." And they've helped me in so many ways. Um they're they're basically say, "Yeah,

Samy: Wonderful organization.

Rory: Yeah, there's they wrote about digital rights and sort of consumer privacy and um company transparency. Uh and they said, "Yo, like we'll contact them on your behalf." So basically a bunch of nonprofit attorneys, you know, responded like, "No, like

Samy: like no, nothing's changing. We're not removing anything." Um and uh I think uh this guy who sent the cease and desist, it was just really funny because I think he tried to use a little bit of force and he got all of this pushback, like massive pushback that he wasn't prepared for. But then he's like, "Oh, cool, like well, this is really cool project. Can we can we work with you? Can we hire you? Like you're doing cool stuff." It was just nice to see uh someone I don't know change their you know, I'm really against just cease and desist for uh you know, when people are just sharing knowledge and not taking advantage of anything they've done and not taking any money from them. Um so uh that was just a a fun experience. We're heading into a future uh where so much of software is vibe coded, isn't that the term that you use right now?

Rory: Yeah. And um it feels like human levels of software engineering uh going down in many ways. And but machines are getting incredible. And the release of Mythos uh with all of these vulnerabilities being found is kind of like a it's a cannon moment for for I would say LLM coding. Do you think that the internet is a more secure place in the future or a less secure place. I think we do all go through a moment of much more insecurity um followed by uh a swing up in security. So, I think right now what we have available to us are these incredible LLMs that are able to code and um have knowledge. And I one of the things I mean Mythos is incredible, but kind of one of the things that struck me and and just made me realize wow, I'm kind of really excited about where we are right now is that anyone, any of us with a computer can download an LLM on our computer. I'm not suggesting we use this on a daily basis, but we should just all download one. Um you can use Ollama, which is free, and then choose what works on your And if anything ever happens, a natural uh you know, loss of government, like any crazy thing, as long as you can turn on that computer, which might be a challenge, but if you can turn that on, if you have electricity or battery, you now have all of human knowledge on your computer and you can ask any question even without the internet. So, I think that is like absolutely mind-blowing that we have that capability today. And it's not like you're looking through an encyclopedia, you're asking questions like a human um and getting amazing answers like uh my arm, you know, got caught chopped off, what do I do? Right? And you can get the answer. Uh that's

Samy: Hopefully you're not asking that. Yeah, hopefully yeah, hopefully you don't need Um but I think security is just going to I think because now everyone is able to make stuff, make software, make applications and services, I think that's great. Uh that means more and more people will have more opportunity um with less effort. I think that's a good thing. It also means there's going to be lots and lots of security vulnerabilities in all of these applications and things that are coming up today. And now Mythos is showing, okay, we can find those, which is kind of necessary in order to then to then patch them, too. So, that's a good thing, but just releasing Mythos would make it very scary because now you can find all these vulnerabilities in all these applications. So, I think we need to still figure out how do we essentially apply Mythos while writing software so that the software doesn't get pushed out until Mythos can't find

Rory: Like a CI/CD step.

Samy: Exactly, yeah. So, I think we're going to because people are rapidly developing stuff and security is an afterthought and I don't blame anyone for that. It's just natural. Like it's just it's too hard. You're not going to solve for every possible challenge you can until you experience it. It's just like a Yeah. the the human way. You know, people will tell you when you're a child like don't touch that. That's hot. Don't touch that. That's hot. You don't understand what that means hot is until you touch it and you burn yourself and you're like, oh, there is now an emotional connection Yeah. to what heat is and now I know not to touch the stove. So, like you That's how you learn through emotion not through someone telling you something, at least for me. Yeah. Um so, I think we're going to go through a phase of lots of exploitation of all of these tools um of all these things that we're creating, but I think that there will be a swing into security. Um Love

Rory: But it will be a cat and mouse game like always. What is the coolest thing outside of what you've built, the coolest thing you think anyone has ever built or is currently building? Uh the coolest thing ever built? I mean, I think uh LLMs are definitely pretty incredible um both the ability to code and to just have knowledge. Uh I mean, it they're What's exciting for me is when they're able to access information across different domains in a when I can ask a single question about how to build something um across multiple domains of complexity. That is pretty incredible. other things that I think are incredible. I mean, I have to say Yeah, it's a uh it's these uh these crystals. And these crystals um I think some of these are natural uh and called uh they do something called spontaneous parametric down conversion. And we saw some we saw one earlier called BBO beta barium borate. And they're able to take light and split it into entangled pairs. And I think we're going to have new types of technology based off that.

Samy: Wow. Based off the ability to take particles of light or other atoms um and produce entanglement and superposition. I think there are properties there that we are not exploiting today that we will be able to exploit. And that can mean better medical capabilities, better medical sensors, cameras, um lower harm uh diagnostics, uh as well as I mean, there's the defense. I mean, we always call it defense, but it's also offense of uh uh new types of let's say night vision camera, you know, a night vision camera that doesn't produce any light at all. Um at least any detectable light uh except for the camera itself. Um lidar and radars that are not undetectable. Uh I think there is yeah, this new era in how we can take advantage of quantum properties of systems of particles. And it's really just beginning right now. And I think AI will help help accelerate that, but I think aside from AI, um that area of physics is extremely interesting to me. And I think that is uh like a mind-blowing technologies these crystals and the fact that someone even discovered how these crystals work. And there are other ways to produce single particles and take advantage of these properties, but it is something that is so accessible that you can order it. I think I did have to fill out some like Department of Homeland Security paperwork in order to get it, but anyone can do it. I think. We're going to have to tie one of these cameras down in a minute and do a house tour. So, you were 15 years old when you released what I would call like your first public exploit, which is 19 with the world's fastest growing computer virus, so pretty pretty quick trajectory there. If you were speaking to someone who was well of any age really, but curious about the world and wanted to follow in your footsteps and kind of create the dynasty that you have created, what advice would you give them? What what do they do day one, Monday 9:00 a.m.? Yeah, well, unfortunately we have so much more technology and knowledge out there today. But I can at least share the way I learned stuff was I would take something, you know, I was trying to write software and I thought there was like a cool tool. There was a tool called Nmap that still exists today. The port scanner. Exactly. Exactly. It's super powerful, and I think when I was 14, I was like this is a cool tool, but it didn't have color. Like it was all text output, but there's no color. And I thought it would be nice if it had color. And I thought, okay, well, let me rewrite it. And I didn't write the rewrite the full thing. I just rewrote basic port scanner, which is very And I added color to it, but I wrote it in a in a different language. And I found that writing it in a different language was very beneficial for me. It it taught me like just I had to actually learn. It's kind of like if you're using an LLM today, you're using an LLM, you're not really learning to code. Although I think there is a ton of value in just using an LLM because you can accelerate the development of stuff. but I'd say to follow in my footsteps, I now it's how do things work? That is what I'm curious. Like how does something actually work? And I can only really know if I test, if I actually do the things in ways that it's not meant to be. You know, how does how does the stove work? I think, you know, you have to actually like how does an oven I think when you if you want to know how a stove works at the end of the day you'll still have to test you have to touch the stove and feel the heat. So, I think there is also some like pain and just trying things that don't work and things that will cost you effort and resources and time. But that get you to a place that other people have not not gone. You know, a lot of people aren't going to like touch that fire. But you discover new things by doing that. Have that curiosity. Yeah. And be able to like go through some pain for that. Because most people aren't willing to. If you're willing to do something that others aren't, you're more likely to find something. You repeat that. You maybe not the first time, the second time, the third time, but if you repeat that process, you will find something. You still hold the world record for fastest spreading computer virus. Has anyone come close? Oh, I'm not sure. I'm not sure. I know there was some like malicious viruses out there that came pretty close. I think there was a Windows virus some years ago that traversed the internet. No one's taking down my boy. You got to hold that record forever. Yeah, you know, hey, you know, with there was this vulnerability in this compression tool called XZ and this is maybe a year or two ago. And someone had XZ is like an open source project on GitHub, but it's also built into into Linux. So, when you install Linux, it's there. It's as part of the installation package. And someone had been basically helping support this XZ project. Anyone can contribute code and it gets accepted by the creator or maintainer of the project. They can reject it, too. They can simply reject your pull requests. But someone had started writing patches and test cases and really improving the project like over many months. And ultimately someone found uh someone else, like some Linux nerd was running like the latest version of Linux, uh some dev branch, and they found that something was a little slow on their computer. And they being a nerd, that you know, they're like, "Let's inspect this." Just like me. I want to inspect that. And they found that XZ was doing some weird thing. It was like processing, and there was a bug in it. And this bug was really uh an exploit that someone else had written into it. So, in some of the test cases that were meant to improve the program, it was actually a backdoor. And it was a sophisticated backdoor. It's months and months of someone contributing, basically getting gaining trust of the of the maintainer of XZ. And then they created fake profiles on GitHub to complain that, "Hey, we need this pull we need this pull request merged. We need this new code added because it would help me. It will fix this thing." So, now people are complaining to the maintainer to help push him to accept these changes. He accepted the changes, that puts the backdoor in Linux. Fortunately, that didn't get distributed because uh there was a bug, and that caused CPU, and someone, you know, very observant very observant noticed this, dug into it. It's extremely convoluted. This backdoor is very sophisticated like extremely sophisticated. Like likely a nation state. Mhm. It was incredible that somebody found this. Um it was incredible that the backdoor was done as well, but what picked my interest is how many things like this have already been done. Slipped through the cracks.

Rory: Maybe there is a virus that has spread faster than the one I created, and we just don't know. Mhm. Um So, that's something to think about.

Samy: Yeah, maybe. If you could send any two guests onto this show, who would you send? You are one of the most interesting people I've ever met, so I need to I think you can I think you have to be in there. Let's rephrase that. I'm already on the show.

Rory: I mean, yeah, yeah. Just like looking you up online and seeing your your trajectory of life and the different areas. I think that's incredible. So um Uh other

Samy: Okay. Two other people. Pablo Holman is a really interesting dude. Um he's like a I met him at Def Con when I was like 14 years old in Vegas. Um and so he's a hacker and he thinks in really interesting ways. Uh he's always working on a really creative and interesting projects. You know I recently swam onto a boat uh onto actually a floating sauna and it was of this guy I met recently. Um his name is Moxie Marlinspike. He's the guy who created Signal uh the the encrypted messaging platform. I met him at a party like one or two months ago. Uh had a five-minute conversation. Uh super interesting dude. Uh clearly passionate about the things he does and I got you know we never talked again. I got a party full invite. Says hey come to this floating sauna uh like in Malibu in Malibu. And I'm like what's a floating sauna? So I go and I swim basically an hour to this sauna. I I realize I realize now you're supposed to actually like have a have a raft or something and I was the only person who swam out. but you go onto this thing and he built it by hand. It's like beautiful wooden glass floating sauna and uh I mean he's just like a he does a lot of stuff on the ocean and um just a really interesting person to speak with and I think just his what he creates is really cool. I know he's working on a new project that is very privacy preserving um related to LLMs and uh I really admire what he does and how he pushes for what he believes in. Love that. We'll try and get them on. Yeah. Great. Um finally we're here. Beautiful home. It's kind of like a Tony Stark set up in many ways. Would you mind giving me a small tour? Yeah, let's do it. Amazing.

Rory: All right, we're here. We're in Sammy's house in West LA. It is a proper Sammy, do you want to walk us through some of the stuff going on here?

Samy: Yeah, sure. So, this main workspace uh different We got like a Raman spectrometer I'm working on right now. So, this can tell you it can do material identification just by sending a light. Uh it's kind of crazy this thing called Raman scattering. You can send green light at an object and 99.99999% of the light that comes back is green, but some of it will be blue or red. And based off that, just because the molecules are vibrating, some of that energy gets onto the light and comes back. You can measure that.

Rory: Wow. Um I don't know. Just just the normal tools I use, like power supply, oscilloscopes, some microscopes. Um What's What's going on with this Is this a surgery light?

Samy: Yeah, so we got like a surgical light. So, this is great. What's great about this is let's say I'm out here if I'm working on something and I'm soldering, well, then my head is going to be in the way of some light. So, because there's so much around, uh it's basically they're called shadowless uh because there's so much light coming from different angles. So, you still get a good view. Um but yeah, it's it's meant for like the dental office.

Rory: Um then we have I don't know different I

Samy: Just before we skip Yeah. This sort of Again, it's a surgery looking item. Yeah, yeah. Uh so, this Lynx Evo is a microscope. Um it's pretty cool. It's eyepiece-less, and what that means is that instead of being in two um two like eyepieces lenses, you can just look you have this like wide area that you can look around. Uh but it's still stereoscopic. You still get like multiple things that you You still get depth. And when you're doing something like soldering, it's really helpful to have depth. Uh although I am working on a new microscope myself, and that's what I got this for. This is a a Samsung uh Odyssey monitor. It's a 4K monitor, except it has a lenticular on top. And what that means is, if you know those baseball cards where you where it where it's like the guy swinging the baseball, depending on the angle, it's the same thing. So, we can actually control what each eye sees. So, it has infrared [clears throat] eye tracking, so it knows where your eyes are when you're looking at it. So, that means you can feed Normally, it's a 4K It's a standard 4K monitor. You just see your desktop or whatever, but you can then separate what each eye sees. So, I've been building a camera with uh essentially a microscope with two optical cameras with very good very good zoom. And I'm feeding that into this. And then I can feed a different image into each eye. So, that way wherever I am, I am looking at a very uh at a that full depth. So, I can solder under it. I can look at circuit boards. Um It just gives me way more freedom of range, I guess. It's actually Yeah, it's pretty Yeah, pretty neat. And And the fact that you can just like buy one of these off the shelf is really cool, really exciting, because other people can make so many new neat things with that. That's amazing. Yeah. Um [snorts] All right, what else? We got One This is a fun project, recreating the the ETH Zurich is a school that created uh this thing called the Cubli, and it's a cube that will spin up these reaction wheels, and then it will it will spin it up so fast and then break in order to get it up on its side. And then it'll spin it up more and get it up on a corner, and then it can basically spin. So, I'm trying to reproduce what uh what the people at ETH Zurich made many years ago. This is probably a 10 or 15-year-old project.

Rory: How close are you? Um I have it balancing on a side right now. So, I can get it to balance for like 10 seconds before it falls over. Um now I'm doing a an improved design, which I think will work a lot better. But uh yes, this one this one's still in progress. That's so cool. Uh see, what else? Go out here. Um I've been really interested in light lately. So, how light works and um I think really just going down the rabbit hole on Wikipedia of what is light. And I got interested in light because I was interested in radio and ways that I can mess with radio. Um I had a concept for taking over computer, being able to type on a computer when you aren't even physically touching it. Even if the computer isn't meant to be typed on. Like there's no software. There might not be Wi-Fi or Ethernet or Bluetooth. Um and the concept was, if you have a circuit board, that's a piece of FR4, which is fiberglass inside. The circuit board is fiberglass. And there's all these copper traces going to every single key that you press. So, when you press that key, it sends an electrical signal to the microcontroller, and that sends it to your computer. But every wire, any piece of metal is technically an antenna. If we treat it like an antenna, if you take the length, the actual length of that wire and divide by the speed of light, you know the resonant frequency. So, if you can build a radio, and you measure every length of each wire, you can create a radio that will hit all those different frequencies, and you can essentially send RF to those different frequencies to press keys. Like the keyboard will believe that. So, I started prototyping this. I was able to get some keys to get pressed. Some I couldn't. Uh so, many I couldn't. And um there's some So, I was like, "Okay, well, I need to understand radio more, which is really light." Like when we're outside and we're looking at the really the whole the rainbow is the whole sky. We just only see that sliver of light, that visible spectrum. But, below that, like let's say below red is infrared. We just can't see it. Below that are are like Wi-Fi, GPS, Bluetooth. Those are Those are colors of light we simply can't see. And if you go to the other side of the spectrum, blue, then you get to violet and then ultraviolet. We can't see you ultraviolet. Then you get to x-rays and gamma rays. Um so, anyway, I I started I want to learn more about that. Uh then I learned about light is made of photons and photons can sometimes act as waves and particles and sometimes they can be in two places at once and I'm like I I just don't believe it. Like, it doesn't make sense to me. So, can I reproduce the experiments to validate some of this stuff? And I started reproducing some experiments um taking advantage of quantum superposition and entanglement. So, you can generate single particles of Uh so, here we have like a a UV laser that goes through essentially this magical thing. This is called beta barium borate, BBO. And it's a crystal. I have no idea how people have figured this out, but most of the light goes straight through as if it's glass, as if it's transparent glass. But, every once in a while a particle of light will split in two and they'll be entangled and they'll go different directions and they'll come out at a specific angle. And you can then measure those with uh single photon uh spat single photon avalanche diodes. This These will detect single particles of light. Then you can take advantage you can you can say, "Oh, I see one. Well, because I saw one here, I know there's another one here and then I can run experiments on that one." And that you can start exploring like wave-particle duality or superposition, which means the light can be in two places at once, but we only ever will see it in one place. And that that opens this whole world called interaction-free measurement and I'm kind of obsessed with that because I think we can create new types of technology, new new types of cameras, medical x-rays that have lower dosage while still recovering 100% of the information. Um is this is this research private or is you are you doing this as part of like a corporate thing or is this just a a Sammy

Samy: This is just garage

Rory: No, just like yeah, just yeah, I just want to see what's possible. I want to see can I build I'm not an expert in any of this stuff, but other people have done so much and released so much openly. People have been generating single particles of light for 40 50 years. So I'm like wow, I can take advantage of all that research that's been published. Um let me at least get a prototype of something that I think might be interesting. Like a camera that can take a picture without a flash um even though it looks like there's a flash. So I'm trying to do some proof of concepts here. Um and just like get my hands dirty to just get a better idea of it. And fortunately like I go on Twitter and I like message professors and people invite me to to their labs. So I've been talking to a lot of brilliant people. Um and they've been also helping quite a bit. That's fantastic. Uh and and I mean in that pursuit I've been trying to also make some of make a lot of my own stuff. So we've the sort of a glass blowing station um back there some Uh and that I'm using I'm making ampules. Um so basically glass vials with different gases inside. Um this is a vacuum system that I built and this allows me to create beam splitters and mirrors. Um among other things. But a beam splitter is basically like your aviator sunglasses that are mirrored. You know, half the light comes through, half light reflects. In physics the interesting question is what happens when you take a single particle of light? Does it reflect or does it go through? That's where you explore Um but this basically can evaporate metals. So I can coat stuff. I can take a piece of gold or aluminum and place it on this piece of tungsten right here. And then I have some like welding wire that's connected to this whole base and then to the other side of this copper bolt. These are literally just bolts and um that I built onto this. This is a vacuum pump. It's called a turbo molecular pump, and then a scroll pump. And then we have a a transformer down here somewhere. And basically I'll take 250 volts, I'll go through a transformer which brings it down to like 2 volts, but lots and lots of current. And we put it through that piece of tungsten. So when you put all that electricity through here, it gets really really really hot. But I'll put this bell jar on top, pull all the air out, and now that there's virtually no air and you're heating that metal up, say it's gold, that gold essentially evaporates and sprays everywhere. If you have something on top, it the gold will attach, and now you've bonded that gold to a piece of plastic or a piece of glass. Um it doesn't have to be metallic, which is nice. You can bond to something non-metallic. So that allows me to then do thin coatings and thin films. Um And more more like physics stuff, yeah.

Samy: This is reminding me of um deep sea diving. Oh yeah?

Rory: It feels like a Jules Verne sort of a Yeah, so this is a bigger vacuum chamber that I'm starting to assemble so I can have more stuff. Like I'm I'm pretty limited with this bell jar, what I can fit inside of here. Um and I also want to start turning like actually rotating stuff inside, and then having a a camera so I can measure um how much metal I've deposited onto material. So this will be V Well, this is like V3, so this will be V before. What what do you think it out of all the things in this uh the I call it the lab

Samy: are you most excited about right now? I have a scanning electron microscope that uh allows me to look at um silicon. So in the garage here. Uh so

Rory: Uh this guy. Um so this is called a scanning electron microscope, and uh a lot of the research or like work I like to do is to see what is how do chips work? how do computer chips work and what are the secrets that they they have when we have a phone like all of our data is encrypted on all of our phones and I think that's a good thing what's interesting is that you and I don't have the keys to our own phones like we can't decrypt the data ourselves it's up to essentially a chip an encryption chip like the secure Enclave or TPM inside of our phones that says oh the passcode that you entered is correct that then that unwraps the secret key that then decrypts the hard drive inside of our phone or lets you perform other operations that's all really good security but it also means that if at any time someone wants they can shut that off like a firmware update can prevent us from accessing our own data on our own devices anyway this allows me to I can take computer chips use some nitric acid in the fume hood get rid of all the epoxy on the outside and get to the silicon the silicon is where the transistors are that's what actually performs all the logic and if you can look at the silicon then you can actually see how certain parts now this will be mostly in older chips newer chips are way too small for this machine to be able to inspect but I look at a lot of like there are chips that are 20 years old that we still use every day especially in a lot a lot around security so you can do some pretty cool investigation with this as well as other material research amazing this is how many of these are in the world do you think I'm not sure yeah I I have no idea but yeah usually it's relegated to you know scientific labs and silicon how many West LA garages do you at least one you know maybe give me some good some good stuff in there. Uh anything else we need to take a picture Stuff downstairs, nothing crazy. I don't know, some like uh there's some 3D printers. We got the periodic table of elements here. All of them? Um no, there's probably like 70 or 80 I've collected here. Um some of them I don't think you would want in your home. What's that? Yeah, some of them you don't want at home. You do have some You do have some lightly radioactive ones. That's where the extra yellow tape is. Make sure I don't actually Someone doesn't accidentally open it.

Samy: Someone drop it. Let's see. Uh how we doing? Doing great, actually. All ready. Almost ready? All right, thank you. Uh a couple of lasers in here. This is a chemical fume hood, so this is where I can turn this on to pull air out if I'm working with some different chemicals. Um sometimes sometimes if I'm trying to remove the epoxy from chips that is that uses nitric acid, sulfuric acid, things you don't ever want to breathe in. Um also sometimes if I can like try to synthesize something myself just from like reading stuff online, then I'll try to do that or talking to ChatGPT. Um what is this massive beast here?

Rory: Yeah, so we have a couple a couple of lasers here. So, we have a CO2 laser. So, this is like a laser cutter that you can cut acrylic, wood, things like that Um this is a UV laser. So, this will actually allow um cut uh lasering away of certain metals. So, I've been playing with like uh etching away copper to make This is actually a Tesla coil that I'm working on. So, it's hard to see, but there's actually a spiral cut through this. And that spiral uh makes this whole thing a coil or an Um so I've been sort of messing with uh flexible flexible circuit boards and uh Tesla coils um for other projects. What's the project for this one? Okay, so so okay, so all right, so I I lost it there.

Samy: I can show you that. The never seen anything else like this. I made a flexible Tesla coil thinner than a millimeter. And normally Tesla coils are round and cylindrical. And actually we can see one out there. And and they're big and round, but really it doesn't need to be cylindrical. They can actually be planar, meaning they can be on a single plane. And that spiral can go outwards rather than upwards. And you have another spiral on the outside of that. And because it's flexible, you can place it uh under your shirt and no one can see it. And then I've made a uh with glass blowing I've made an ampule with my breath inside. So it's a piece of glass. It's my breath inside. So it just look looks like empty like air. Um it's at low pressure, so much lower pressure than uh the our outside environment. And when I wear that piece of glass, there's no metal, at least no visible metal, and it will light up. So it's de-ionized. Yeah, we can see it.

Rory: Yeah, yeah. Um and then this is a fiber laser. So a a lot of this stuff is for like cutting different types of metals. Um and you etching etching away different things. Um you can also like cut into certain things. So with the UV laser, you can take a piece of glass and you can etch or cut inside of the glass, like somewhere else, not just the outside. With all of this equipment in your house, has anything ever gone Uh yeah. So

Samy: trails off Uh yeah, I was working on a uh like a prototype lighter, not a small lighter, it's kind of it's pretty big. Um but

Rory: lighter? Like a cigarette lighter, yeah, yeah. Creates a creates a flame, but the fuel is water. So, it does electrolysis, which means it splits water, which is H2O. So, it splits it into hydrogen and oxygen. Um so, all you need is electricity and a conductor like let's say baking soda and mixed with water. So, water is your fuel. And I just thought that's really cool. Like, you could have a lighter that has you just refill with water. Like, that's really neat. So, I prototyped that and I was using like a a candle to light the flame. So, it's a hydrogen oxygen flame. It's very hot, very small, um but extremely hot. And uh sometimes you can't even see it. And I was like, just trying to get it to work, trying to get it to work and it wasn't working. I just kept trying to light the tip with this with this candle. What I didn't realize was wax was building up on that. So, like when you see when you blow out a candle, a wax candle, and that smoke, that smoke is wax. It's literally just like melted wax. So, that smoke would hit it and uh clog up the torch end. So, I just kept doing kept doing kept doing it. What I didn't realize was hydrogen and oxygen was building up in my little vessel. Um and it finally lit and exploded. Um fortunately, I just like I had been using sodium hydroxide, which is lye, as a conductor in the water, but I just switched to baking soda because my friend she was like, yeah, you know, that's not a good idea. Like, if something happens and and she's always right. So, I switched from lye to baking soda. So, that was a baking soda water explosion just like everywhere um including all over me. I was wearing glasses, fortunately. Uh but uh fortunately, yeah, no one got hurt, but it was definitely a little scary.