June 2010 Locksport Person of the Month: Deviant Ollam
Deviant Ollam was nominated and selected for the Locksport Person of the Month distinction for his outstanding contributions to the locksport community. Deviant is well-known as a founding member of the United States division of The Open Organisation Of Lockpickers (TOOOL) and as a security consultant and trainer with his company The CORE Group. I contacted Deviant after the news of the release of his new book, Practical Lock Picking: A Physical Penetration Tester's Training Guide.
Q: First off, why do you call yourself Deviant?
A: Well… that’s a bit of a story, but I’ll give my best shot at an answer. Before I do, I should point out one key fact about my involvement with The Open Organisation Of Lockpickers. While I did have the pleasure of meeting Barry Wels (the original founder of TOOOL back in the Netherlands) on one of his earliest appearances at a United States hacker convention, I was not among the small initial group upon which he bestowed permission to form a division of TOOOL here in the USA.
Originally, at the end of a 2600 HOPE conference, he gathered four individuals who were sitting near him for the better part of the afternoon. Babak Javadi, Schuyler Towne, Eric Schmiedl and Eric Michaud had just become, he announced out of the blue, his “new Board of Directors for TOOOL in the US.”
Babak went home and later formed a chapter in Iowa. Eric S and Schuyler have had a somewhat active meeting in Boston… and Eric Michaud (along with people like Mouse) started the Princeton University chapter of TOOOL (now simply referred to as the Mid-Atlantic chapter, with meetings localized around the Philadelphia / New Jersey region).
It was about six months later (standing in the hallway after my lockpicking presentation at the first ShmooCon) that Eric, Mouse, and others from Princeton approached me and asked me to join them at the New Jersey meeting. I assumed a leadership role very quickly in that local chapter and began organizing some of the events at a national level, like the Lockpick Villages, etc.
It was only when Schuyler Towne stepped down to focus more on academic endeavors the following year that I was invited to join the Board of TOOOL, and I have proudly served there ever since.
As for the story of my nickname… while growing up I was surrounded mostly by conservative adults who had no shortage of criticism for what they saw as immorality and delinquency (things that I recognized simply as my generation's tolerance and appreciation for alternative lifestyles, non-traditional belief systems, or music and art that wasn't mainstream)... but these same people (my parents were occasionally among them) were so stuffy at times that they wouldn't even use profanity or overly-harsh language to condemn my generation's morals, culture, etc.
I can recall quite clearly that on more than one occasion my mom would use the word "deviant" as if it were some sort of epithet… "deviant sex" or "deviant clothing" etc. I was always silently amused by this. When you consider the true definition of the word… to "deviate" is merely to differ, to turn out of an established or recognized course. When I was little, my parents made sure to teach me that there was nothing inherently bad about being different and that I should be tolerant of others.
However, it was interesting observing society's tendency to maintain the status-quo… particularly as people age. I didn’t want to slip into reactionary attitudes and conservative ways that I saw around me. As a nod to the fact that I’ve always felt best when bucking the norm (and since I believe societies and civilizations are at their healthiest when they are packed to the gills with a broad diversity of opinions, beliefs, and lifestyles) I opted to take the nick of "Deviant" some time ago.
(I should note that this wasn't a jab at my parents at all… both of whom I love very much and with whom I have a healthy and happy relationship, even if I don't call as often as I should.)
Q: It has always been exciting for the locksport community when one of our own grabs a book deal. How long have you been working on this book and what was your motivation?
A: The whole project has gone very, very quickly… although at times I feel as though I’ve aged years in the weeks that have recently passed. The primary writing of the manuscript was completed in about a month’s time, actually. I started writing the day after St. Patty’s day and had submitted the entire manuscript and all of the photographs, figures, and diagrams by mid-April. By the end of that month, all additional matter like the Appendix, the Author’s notes, and other minutiae were also completed.
The rest of the process has been the very grueling and seemingly never-ending affair of shepherding the text through the ordeal of composition, page layout, etc. The publisher (in this case Syngress, but it’s the same with all the major houses) farms out this part of the project to other institutions, mostly overseas. The inevitable result is that pages come back to you looking nothing like you expected… often with lots of grammatical and syntactical errors (due to cultural and idiomatic misunderstandings) that must be addressed.
I have to say my publishers here in the States have been really understanding and backed me up at every turn when I would insist that changes be made or that sections be moved around (often, moved back to the way that I had positioned them originally) to flow better, be clearer, etc.
So yeah, that’s been the main effort in this whole process… it’s rather like making a baby, I’d venture to guess. The initial act is a lot of fun and over pretty quickly when compared with the pregnancy as a whole. After some waiting, however, then comes the real rush and frenzy of actual birthing… and there are some major labor pains. They say it gets easier after your first one. I can imagine that being the case, and I hope to write additional titles if this one sells well.
As for what started it all? Well, I could say that simply it was Rachel from Syngress approaching me at Black Hat one summer and asking if I’d like to write for them. But my motivation was a little bit deeper and more meaningful than that. This may sound silly, but in my life I’ve always tried to focus my livelihood around three supreme, over-arching goals:
- To never officially be a “professional” anything
- To get through life, birth to death, while wearing a tie as rarely as possible
- To change the world for the better
… I’ve always faired pretty well with the first two rules in whatever jobs I’ve taken and whatever path I’ve made for myself. But that last one can be a real kicker. In some ways, perhaps I always envisioned it as being fulfilled by participation in some meaningful and egalitarian foundation, or a continuation in my career path of teaching perhaps.
Those are all goals I’m happy to pursue as time goes by… but actually putting pen to paper and creating something that will potentially live on after me, imparting knowledge that I find fascinating to a new generation of hackers and lock enthusiasts, etc… I think that’s not a bad first attempt at point number three on my grand personal plan.
If people get something out of this book and if I have managed to explain this information in a way that really resonates with some of the readers, I’ll be very very happy.
Q: What is great about this book is that it covers an aspect of security that is commonly overlooked in the industry. Who would you consider the ideal purchaser of this book and how do you anticipate them using it?
A: Well, as the text’s full title indicates… I wrote this mostly with professional penetration testers and security consultants in mind. My thinking was as follows…
There are some people for whom locks are nothing but a small hobby or side interest… and they will often be content to view a few videos on the internet or read very brief “spy manuals” that appear for sale in Soldier-of-Fortune magazines and such. Often these books are quite brief (less than 100 pages) and feature very bare-bones, line-art drawings that cover only the most basic facts. And that’s fine; these books are simple and cheap and there’s a market for that. The tinkerers and curious types who pick them up will maybe fiddle with a lock every so often, perhaps get it open one day, and be satisfied at the fun bit of knowledge they have earned themselves.
Alternately, there are some books out there which are outright tomes of knowledge, massive in size and very broad in scope. These texts are essentially reference works for police, locksmiths, forensic technicians, etc. They catalog scores of locks from all walks of life and often run to an excess of 1,000 pages. (Two such notable titles are Marc Tobias’ Locks, Safes, and Security and Graham Pulford’s High-Security Mechanical Locks.) These books can be a wonderful read if you’re truly fanatical about locks, and naturally they are invaluable tools to some people in the trades mentioned above… but few people outside those fields can hope to dedicate themselves to really thorough study of such works, cover-to-cover.
My book attempts to bridge the gap between those two extremes. In today’s world, there are lots of security consultants and penetration testers who would do well to have some understanding of and significant experience with lockpicking. These are people who can devote time and effort to learning in an organized way… but are not dedicating their lives exclusively to lockpicking. My book gives a basic overview of how picking and bypassing works and lays out a series of easy-to-follow lessons that can build basic skill quickly, without a lot of frustration and stumbling blocks along the way. Thus, it is my hope that pen testers who want to augment their skill set to include lockpicking ability can use my book in order to learn how to pick most locks that they will encounter most of the time.
Q: While you were writing the book, did you develop or discover any new techniques or vulnerabilities? Is any of this content included in the book?
A: Much of the book is devoted to teaching basics and fundamentals, so there aren’t too many “new” techniques in there, at least as far as my own knowledge is concerned… future works that are being planned will cover more intriguing and challenging matters like that, however. ;-)
I did, however, have the pleasure of exploring some of these “conventional” techniques in greater detail than ever before. I think I spent more time picking cruciform locks (cross locks) than I had in the past simply when writing the sixth chapter and working on the associated images.
So yeah… on this specific book I didn’t have the thrill of developing especially new techniques, but I did experience the pleasure of discovering and refining my techniques with old ones.
Q: Enough about the book; you regularly give teach presentations and organize events at various hacker cons throughout the world. Can you give us a little history of how you got to the well-respected position you are in today?
A: More than anything, I feel this was a product of my nature when speaking and the very good fortune I have had with respect to flexibility of scheduling. For whatever reasons, people genuinely seem to enjoy listening to my talks. The topic of lockpicking is a captivating one, and my lectures go over well enough with audiences that I get invites to new and interesting places all the time. I’m lucky enough to be able to accept most of these invites.
The more I speak, the more I become noticed in new, different circles. It still astounds me when I attend an event where I have never been before and I am recognized by people whom I’ve yet to meet. The world is just genuinely full of interesting and cool people who want to understand new things… and I’m very happy to teach anyone that is willing to listen and learn. It’s an absolute blast.
Heh, and the frequent flyer status that it has earned me on Star Alliance is goddamn awesome. Without it (and all of the added privileges I have with respect to checked baggage) I don’t know how I’d go about trying to fly everywhere with all of this heavy equipment. =D
Q: What are the plans for the future?
A: First and foremost, I hope to see the locksport community continue to grow and develop. TOOOL gets requests all the time (approximately a dozen or more every month) from people in far-flung areas who hope to start a new chapter in their neck of the woods. While often the best we can do is recommend that people check out their local DEFCON Group or 2600 Meeting, we keep track of all such interested parties and when a group of significant size appears, we put them all in touch with one another. Other locksport groups operate in much the same way… hosting regular gatherings, meeting new people, expanding, etc. In addition to the original branches of TOOOL that formed in the United States (mentioned above) we now have healthy, popular chapters that meet regularly in Ohio, North Carolina, California, and even other international spots such as Canada and Austria.
I want to keep bringing hands-on workshops and lockpicking games to any public events that think we’d be a good fit with their attendees. This past spring TOOOL had an awesome presence at the Maker Faire in San Francisco and it was a really big hit. We are invited to participate at future MAKE events, and the response from attendees who saw lockpicking (some of whom were experiencing it for the first time) is really terrific.
On the business side of things, Babak Javadi and I have our own company, The CORE Group, offering physical security consultation, assessment, trainings, and more. With ties to many people in the law enforcement and intrusion response industries we are always growing our tool set and knowledge base. There will be some very interesting developments there in the future, too, I am sure.
More than anything, I want to help lockpicking continue to be understood as an innocuous and harmless hobby. The more the public can be educated about locks, the greater chance we have of diminishing people’s fears about lockpickers.
- 06/29/2010 - Doug