Actor / EntertainerI’m Nicholas Hoult, my new movie COLLIDE his theaters next Friday, February 24th. Ask Me Anything!
Feb 17th 2017 by Nicholas_Hoult • 36 Questions • 4456 Points
In the mid nineties, I was the world's most wanted hacker for hacking into 40 major corporations just for the challenge. I'm now an author and security consultant to Fortune 500 and governments worldwide, performing penetration testing services for the world’s largest companies. I am also the Chief Hacking Officer for KnowBe4, a company that develops software to train employees to make smarter security decisions. Ask me anything.
Ok, it's time for me go. Thank you very much for participating in my first AMA. A final answer is to what I've been up to recently besides hacking and speaking. My 4th book, The Art of Invisibility, was released 2 days ago. This book is targeted to the everyday person that wants to protect their privacy or even get off the grid entirely. It's too bad the "fugitives" on Hunted didn't get a chance to read this first. In addition I've very excited to be involved with growing KnowBe4 to over 200 employees in the past 4.5 years. It's our job is to stop the former Kevin Mitnicks of the world. It's too bad John Podesta didn't take the training as he might not have clicked on that email.
My speaking schedule is posted on my website, stop by and I'll get you one of my famous business card for free.
Hello Nicholas. Did you really spray silver paint over your teeth in Mad Max?
Kevin! Just completed some of your training from KnowBe4 for work. I have my completion certificate hanging on my wall. But could we maybe get it in a font that's not comic sans?
Yes. And it was whatever silver they put on those cake decorations.
Ha! I'll tell you what, get your certificate over to KnowBe4 with a copy of this thread and I'll make sure that I sign it personally.
Hey! Huge fan from Singapore, loved you in X-men, skins, and warm bodies!
Who is someone you most enjoyed working with, and why?
What was the most sensitive/surprising information you found out?
I've learnt a lot from everyone, it's great to watch ho people approach work differently. Especially insightful on this movie was watching how much Ben and Anthony love their jobs and commit to their roles.
That a federal judge in northern California had an intercept on his line. I would check to see if any of my friends had a tap on their lines and stumbled upon the fact that a judge had one on his line.
When acting in Skins, was there a particular favourite moment of yours?
Did you ever figure out why that judge had the tap?
I mean the favourite moment was spending time with all that gang and now they're like some of my best friends. Certainly driving a Mini when we had stolen Chris' coffin.
No, I wasn't interested. My goal was to determine that my communications were secure for self preservation.
If you could be any of the characters you played for one day who would you choose and why? :)
I just want to thank you for your business card. Sadly I locked myself out of my house one day and had to take it apart in order to use the picks to break in.
In short you helped me break into a house and got me laid.
Where can I get more of your cards?
I would choose to be Beast because then I could do cool superhero things!
Wow! I better raise the price of my cards!
What's the favorite scene you've ever worked on? And why was it the scene where you killed a duck with a stale loaf of bread in about a boy?
If you had never been exposed to computers when you were younger, what direction do you think your life would have taken? What would be your job today?
That is one of my favourite scenes. And I actually like going back to that part of Regents Park. It's a beautiful park.
Watching Sir Anthony Hopkins in Collide. Because he's such a hero of mine.
I would probably be competing against David Copperfield as a magician because I love magic.
How hard do you laugh during movies when two hackers are locked digital combat, typing at 1,000mph?
Sampha, Chance The Rapper, some Davie Bowie, Glenn Gould.
I pretty much just role my eyes and chalk it up to non-technically astute writes. However Mr. Robot has changed that and are getting things spot on.
BTW, I do type at 1,000mph, 1,024 to be exact.
How did you get into acting? if you mind me asking! also i enjoy your films! keep up all the hard work you do!
Keep working at it and you may eventually get up to 2600.
I did a play when I was 3 because a director needed a toddler for their next play and saw me in the audience with my mum and thought I could concentrate well for a 3 year old.
Do you ever plan on branching out into other areas of film making, such as directing?
What would you say to teens that are into hacking? Are the consequences now worse than when you were phreaking? What projects should they channel their energy to?
At the moment no, but if I found a story that I had an individual take on or I felt like I had to tell then yes!
Don't follow in my footsteps. Become good at offense using virtual machines and the various toolsets that are available. Learn about development and network administration to get your fundamentals before going directly into security.
The consequences are certainly more severe, and likely will only get worse. This is because of rise in publicity of hacking with public events such as the Russian hacking during the recently election and news around Edward Snowden. What your seeing in the making is a "War on Hacking" to replace the "War on Drugs".
Kevin, for people thinking of getting into the security industry, what particular skills do you see being the most valuable now, and the most valuable in 10 years? In other words, of which types of current emerging tracks or concepts will tomorrow's infosec managers be skilled practitioners?
Well the moustache is for an upcoming role I have, The Current War. I'm playing Nikala Tesla.
Right now: It depends on what area of security, for me I'm always looking to hire expert pen testers. I look for people with skill sets in physical/technical/wireless areas.
What's hard to find today are those that have the skills to find find bugs in web apps.
10 years? I need my crystal ball because I have no fucking idea. I would say that one needs to constantly and vigilantly keep up to date with what is going on on both sides of the fence. It's a matter of keeping aware of the landscape as it evolves. 10 years in this industry is 100 years in any other industry. What did we have to watch for 10 years ago?
How much fun was it to drive all the cars and did it help in anyway when driving Mabel?
How accurate was the book/movie takedown ?
I guess any motor experience can be useful but Mabel was more like the controls for a motorcycle. And she was way more underpowered than all these cars. I miss her.
I would say the book was 90% false and defamatory, the movie was 99%. The good news is that Jeff Estin, creator of White Collar, is doing the script for Ghost in the Wires. I hope that the script is picked up and it turns into something picked up by a production company.
Hi Kevin, do you think overall computer security is getting better as we devise way's to make things more secure, or is the growing number of tech illiterate people, or even techie people who just can't be bothered to keep to good security practices off setting the gains we are making?
It's really hard to find skilled security people, we really need to help develop people's skills in security testing. Testing security is an important step that needs to be taken.
With all the news we've seen lately about security, what do you feel is under reported or over exaggerated?
Danny's is first of all a brilliant writer, and is very concise with his screen plays. And then he's great at guiding you through a performance and bringing things to life.
I think sophistication that was behind the John Podesta phishing was highly exaggerated. This was a case of standard phishing, basic security awareness training would have prevented this. It wasn't a huge technological achievement, it was simple spear phishing.
Back in the day, when you were wanted, the tech was different, you did't have tools like Metasploit, Armitage, etc. Was it easier or harder to break into stuff? And also how long did it take you to adapt to the "new ways of hacking" after getting out and serving probation? Or did you need time to adapt? And, also, it this day and age it's unimaginable to be AFK for even a day let alone for the time you were, so how was it? Big fan! Keep whistling those launch codes!
I would say it's the same. Systems were less secure but to compromise them you had to write your own exploits. An effective method was social engineering the operators of the systems, a tactic that is still very successful today. That part works the same today as it did yesterday.
While I was in custody I continued to read and follow what was happening in the wild. I couldn't use a computer for 3 years so there was some catch up to do but I wasn't completely in the dark about what had been going on. People sent me books on HTML and whatnot while I had no access to computers.
Do you have kids? If so, do they realize they will never be able to pull anything secretive past their father?
I don't have kids yet but I believe they'll be the best social engineers in the world. They'll get good practice on their parents.
What are your thoughts on Fortran program language, is it good? Is it dead? My university is insisting that I have to learn how to program in Fortran, so here am i asking this.
Funny thing you would ask, the very first program I wrote was in Fortran. It simulated the login process of my teachers computer and I used that to phish his login credentials. I never did "hello world", I got my teacher's password as my first project.
C and Python make more sense but if the university says you need it, well, you probably should learn it. But certainly don't stop there.
What does your playlist consist of and what is your fuel when locked in a long work session?
I don't play music while I'm working because it's distracting. When I am listening it's Def Leppard, Lynyrd Skynyrd, Eagles, AC/DC and other classic rock. And throw in some Eminem and Black Eyed Peas.
I saw Takedown 15-ish years ago, so obviously I already know the whole story, right? :P
Yeah, not so much. Check out Ghost in the Wires for the full story.
Do you feel that because there was slim to none as far as security we know today back in the 90s that anyone could have done that or there was actual skill involved? Is it not just another Howard Stern case of nothing special just the first hence the success..
It really depended upon the target. Some sites really did have a lot of security even back in the day. The biggest difference is the availability of toolkits, it was much harder to get/use/QA those types of things.
There was less security awareness back in the day, now there is a lot more awareness. However, that's been somewhat negated by the huge availability of tools that an 11 year old could pickup and try to use against targets.
I could tell you but then I would have to kill you. Are you trying to do reconnaissance on me?
I will say I like OSX and I like the aesthetics of the Apple hardware. I'll use VM for my Windows systems. I do use Linux and I typically go with Debian or Ubuntu.