The story of how Samy Kamkar made his reputation in information security is the stuff of legend. After getting his first computer as a ten year old, he started exploring the Internet through message boards, IRC, gaming and creating hacks and cheats for the games, before moving on to other forms of online activity.He spoke about this and what he has learned about cyber attacks at the 2017 AusCERT conference. One of the earliest lessons he learned was when he entered an online char and asked a question about The X Files. He was summarily told to \u201cshut up\u201d but another person who then sent a packet to his computer, causing it to suffer a Blue Screen of Death. \u201cThe blood was pumping through my veins. That was the coolest thing ever. How do I do that\u201d. After a period of panic, Kamkar turned his new computer off, waited a while and then turned it back on, breathing a sigh of relief when all was OK. He did some digging and discovered the person on chat used something called \u2018WinNuke 95\u2019. Kamkar\u2019s curiousity was piqued. \u201cThere was something really cool about having this capability,\u2019 he said. By the time he had reached his teens, Kamkar had stopped attending school, devoting all f his times to playing games and developing cheats for Counter Strike. Faced with the need to find a job, Kamkar was offered a job programming on the strength of his hacking skills with Counter Strike, which had gained a strong online following. \u201cYou can make money programming,\u201d he said, surprised at the revelation. Still aged just 15, he needed to find a place to live. However, he was too young to rent a property legally unless he was legally emancipated. Discovering the process was quite complex, he falsified the documents and signed a judge\u2019s name. He started using Myspace, which was the most frequented website in the world at the time and developed a piece of code that would automatically add someone as a friend if they visited his Myspace page. But, as that didn\u2019t add enough friends to his network, he found a way to insert that code onto other pages. Although Kamkar though what he was doing might be \u201ca little wrong\u2019, he didn\u2019t feel he was crossing any significant lines. At this stage, he was honing his Java and Ajax skills in, what he felt, was a fairly harmless way. Suddenly, he had thousands of friends as the code would propagate from each visitor to his page, onto those of his visitors and then who they visited and so on. The number was increasing by 3000 friends every hour. Soon, Kamkar was getting thousands of requests each minute as the worm spread. Panicked at what he unleashed and unsure what to do, he contacted Myspace\u2019s technical support and told them he found some code on his page that he didn\u2019t know anything about. He then described, in detail what the obfuscated code did. He decided to delete his profile but this had an unexpected effect. Not only was his profile down, but so were the profiles of people who had received the software that had propagated from his account. In a short time, Myspace was completely offline. Days, then weeks, then months passed. Kamkar was recognised but at no point did Myspace contact him. Eventually, six months later, the law caught up with him. He was confronted by four law enforcement officers from the Secret Service, LAPD, US Attorney and California Highway patrol with a search warrant. They took every storage device and media from his home. \u201cIt was illegal to write viruses \u2013 or have that many friends,\u201d Kamkar joked. Eventually, Kamkar was ordered to pay restitution, go on probation, carry out community service by collecting roadside trash and was banned from using computers \u2013 a challenge as by this time he was running a technology company. But he complied with all the conditions and eventually could legally resume using a computer. Following his court-enforced technology sabbatical \u2013 Kamkar boasted that he was his probation officer\u2019s \u201cbest\u201d client \u2013 he decided to look at using his skills in a new way. He is looking at how systems are unsecured and finding ways to protect users. For example, he developed a system for ensuring the EXIF data on photos didn\u2019t reveal locations when published online. He discovered how mobile phones are used to track location even when Location Services are disabled. He created a mapping app that sent false location information to Google so people couldn\u2019t be tracked but the app was eventually blocked from the Play Store. But it made the point that our privacy is being compromised. Kamkar demonstrated how new techniques can read keystrokes by using a sensitive laser to read the vibrations made when hitting different keys. Similarly, microphones can be used to achieve similar results. He also showed how magnetic strips on credit cards can be read, with the naked eye, using fine iron filings on credit cards. As a closing salvo, Kamkar sounded a warning. Many IoT devices are so low cost that they aren\u2019t being built with any real security. And this represents the next area we need to focus on to secure our businesses and private lives.