Deviant Ollam was nominated and selected for the Locksport Person of the Month distinction for his outstanding contributions to the locksport community. Deviant is well-known as a founding member of the United States division of The Open Organisation Of Lockpickers (TOOOL) and as a security consultant and trainer with his company The CORE Group.  I contacted Deviant after the news of the release of his new book, Practical Lock Picking: A Physical Penetration Tester's Training Guide.

Q: First off, why do you call yourself Deviant?

A: Well… that’s a bit of a story, but I’ll give my best shot at an answer.  Before I do, I should point out one key fact about my involvement with The Open Organisation Of Lockpickers.  While I did have the pleasure of meeting Barry Wels (the original founder of TOOOL back in the Netherlands) on one of his earliest appearances at a United States hacker convention, I was not among the small initial group upon which he bestowed permission to form a division of TOOOL here in the USA.

Originally, at the end of a 2600 HOPE conference, he gathered four individuals who were sitting near him for the better part of the afternoon.  Babak Javadi, Schuyler Towne, Eric Schmiedl and Eric Michaud had just become, he announced out of the blue, his “new Board of Directors for TOOOL in the US.”

Babak went home and later formed a chapter in Iowa. Eric S and Schuyler have had a somewhat active meeting in Boston… and Eric Michaud (along with people like Mouse) started the Princeton University chapter of TOOOL (now simply referred to as the Mid-Atlantic chapter, with meetings localized around the Philadelphia / New Jersey region).

It was about six months later (standing in the hallway after my lockpicking presentation at the first ShmooCon) that Eric, Mouse, and others from Princeton approached me and asked me to join them at the New Jersey meeting.  I assumed a leadership role very quickly in that local chapter and began organizing some of the events at a national level, like the Lockpick Villages, etc.

It was only when Schuyler Towne stepped down to focus more on academic endeavors the following year that I was invited to join the Board of TOOOL, and I have proudly served there ever since.

As for the story of my nickname… while growing up I was surrounded mostly by conservative adults who had no shortage of criticism for what they saw as immorality and delinquency (things that I recognized simply as my generation's tolerance and appreciation for alternative lifestyles, non-traditional belief systems, or music and art that wasn't mainstream)... but these same people (my parents were occasionally among them) were so stuffy at times that they wouldn't even use profanity or overly-harsh language to condemn my generation's morals, culture, etc.

I can recall quite clearly that on more than one occasion my mom would use the word "deviant" as if it were some sort of epithet… "deviant sex" or "deviant clothing" etc. I was always silently amused by this.  When you consider the true definition of the word… to "deviate" is merely to differ, to turn out of an established or recognized course. When I was little, my parents made sure to teach me that there was nothing inherently bad about being different and that I should be tolerant of others.

However, it was interesting observing society's tendency to maintain the status-quo… particularly as people age. I didn’t want to slip into reactionary attitudes and conservative ways that I saw around me.  As a nod to the fact that I’ve always felt best when bucking the norm (and since I believe societies and civilizations are at their healthiest when they are packed to the gills with a broad diversity of opinions, beliefs, and lifestyles) I opted to take the nick of "Deviant" some time ago.

(I should note that this wasn't a jab at my parents at all… both of whom I love very much and with whom I have a healthy and happy relationship, even if I don't call as often as I should.)

Q: It has always been exciting for the locksport community when one of our own grabs a book deal.  How long have you been working on this book and what was your motivation?

A: The whole project has gone very, very quickly… although at times I feel as though I’ve aged years in the weeks that have recently passed.  The primary writing of the manuscript was completed in about a month’s time, actually.  I started writing the day after St. Patty’s day and had submitted the entire manuscript and all of the photographs, figures, and diagrams by mid-April.  By the end of that month, all additional matter like the Appendix, the Author’s notes, and other minutiae were also completed.

The rest of the process has been the very grueling and seemingly never-ending affair of shepherding the text through the ordeal of composition, page layout, etc.  The publisher (in this case Syngress, but it’s the same with all the major houses) farms out this part of the project to other institutions, mostly overseas.  The inevitable result is that pages come back to you looking nothing like you expected… often with lots of grammatical and syntactical errors (due to cultural and idiomatic misunderstandings) that must be addressed.

I have to say my publishers here in the States have been really understanding and backed me up at every turn when I would insist that changes be made or that sections be moved around (often, moved back to the way that I had positioned them originally) to flow better, be clearer, etc.

So yeah, that’s been the main effort in this whole process… it’s rather like making a baby, I’d venture to guess.  The initial act is a lot of fun and over pretty quickly when compared with the pregnancy as a whole.  After some waiting, however, then comes the real rush and frenzy of actual birthing… and there are some major labor pains.  They say it gets easier after your first one.  I can imagine that being the case, and I hope to write additional titles if this one sells well.

As for what started it all?  Well, I could say that simply it was Rachel from Syngress approaching me at Black Hat one summer and asking if I’d like to write for them.  But my motivation was a little bit deeper and more meaningful than that.  This may sound silly, but in my life I’ve always tried to focus my livelihood around three supreme, over-arching goals:

1. To never officially be a “professional” anything
2. To get through life, birth to death, while wearing a tie as rarely as possible
3. To change the world for the better

… I’ve always faired pretty well with the first two rules in whatever jobs I’ve taken and whatever path I’ve made for myself.  But that last one can be a real kicker.  In some ways, perhaps I always envisioned it as being fulfilled by participation in some meaningful and egalitarian foundation, or a continuation in my career path of teaching perhaps.

Those are all goals I’m happy to pursue as time goes by… but actually putting pen to paper and creating something that will potentially live on after me, imparting knowledge that I find fascinating to a new generation of hackers and lock enthusiasts, etc… I think that’s not a bad first attempt at point number three on my grand personal plan.

If people get something out of this book and if I have managed to explain this information in a way that really resonates with some of the readers, I’ll be very very happy.

Q: What is great about this book is that it covers an aspect of security that is commonly overlooked in the industry. Who would you consider the ideal purchaser of this book and how do you anticipate them using it?

A: Well, as the text’s full title indicates… I wrote this mostly with professional penetration testers and security consultants in mind.  My thinking was as follows…

There are some people for whom locks are nothing but a small hobby or side interest… and they will often be content to view a few videos on the internet or read very brief “spy manuals” that appear for sale in Soldier-of-Fortune magazines and such.  Often these books are quite brief (less than 100 pages) and feature very bare-bones, line-art drawings that cover only the most basic facts.  And that’s fine; these books are simple and cheap and there’s a market for that.  The tinkerers and curious types who pick them up will maybe fiddle with a lock every so often, perhaps get it open one day, and be satisfied at the fun bit of knowledge they have earned themselves.

Alternately, there are some books out there which are outright tomes of knowledge, massive in size and very broad in scope.  These texts are essentially reference works for police, locksmiths, forensic technicians, etc.  They catalog scores of locks from all walks of life and often run to an excess of 1,000 pages.  (Two such notable titles are Marc Tobias’ Locks, Safes, and Security and Graham Pulford’s High-Security Mechanical Locks.) These books can be a wonderful read if you’re truly fanatical about locks, and naturally they are invaluable tools to some people in the trades mentioned above… but few people outside those fields can hope to dedicate themselves to really thorough study of such works, cover-to-cover.

My book attempts to bridge the gap between those two extremes.  In today’s world, there are lots of security consultants and penetration testers who would do well to have some understanding of and significant experience with lockpicking.  These are people who can devote time and effort to learning in an organized way… but are not dedicating their lives exclusively to lockpicking.  My book gives a basic overview of how picking and bypassing works and lays out a series of easy-to-follow lessons that can build basic skill quickly, without a lot of frustration and stumbling blocks along the way.  Thus, it is my hope that pen testers who want to augment their skill set to include lockpicking ability can use my book in order to learn how to pick most locks that they will encounter most of the time.

Q: While you were writing the book, did you develop or discover any new techniques or vulnerabilities?  Is any of this content included in the book?

A: Much of the book is devoted to teaching basics and fundamentals, so there aren’t too many “new” techniques in there, at least as far as my own knowledge is concerned… future works that are being planned will cover more intriguing and challenging matters like that, however.  ;-)

I did, however, have the pleasure of exploring some of these “conventional” techniques in greater detail than ever before.  I think I spent more time picking cruciform locks (cross locks) than I had in the past simply when writing the sixth chapter and working on the associated images.

So yeah… on this specific book I didn’t have the thrill of developing especially new techniques, but I did experience the pleasure of discovering and refining my techniques with old ones.

Q:  Enough about the book; you regularly give teach presentations and organize events at various hacker cons throughout the world.  Can you give us a little history of how you got to the well-respected position you are in today?

A: More than anything, I feel this was a product of my nature when speaking and the very good fortune I have had with respect to flexibility of scheduling.  For whatever reasons, people genuinely seem to enjoy listening to my talks.  The topic of lockpicking is a captivating one, and my lectures go over well enough with audiences that I get invites to new and interesting places all the time.  I’m lucky enough to be able to accept most of these invites.

The more I speak, the more I become noticed in new, different circles.  It still astounds me when I attend an event where I have never been before and I am recognized by people whom I’ve yet to meet.  The world is just genuinely full of interesting and cool people who want to understand new things… and I’m very happy to teach anyone that is willing to listen and learn.  It’s an absolute blast.

Heh, and the frequent flyer status that it has earned me on Star Alliance is goddamn awesome.  Without it (and all of the added privileges I have with respect to checked baggage) I don’t know how I’d go about trying to fly everywhere with all of this heavy equipment. =D

Q: What are the plans for the future? 

A:  First and foremost, I hope to see the locksport community continue to grow and develop.  TOOOL gets requests all the time (approximately a dozen or more every month) from people in far-flung areas who hope to start a new chapter in their neck of the woods.  While often the best we can do is recommend that people check out their local DEFCON Group or 2600 Meeting, we keep track of all such interested parties and when a group of significant size appears, we put them all in touch with one another.  Other locksport groups operate in much the same way… hosting regular gatherings, meeting new people, expanding, etc.  In addition to the original branches of TOOOL that formed in the United States (mentioned above) we now have healthy, popular chapters that meet regularly in Ohio, North Carolina, California, and even other international spots such as Canada and Austria.

I want to keep bringing hands-on workshops and lockpicking games to any public events that think we’d be a good fit with their attendees.  This past spring TOOOL had an awesome presence at the Maker Faire in San Francisco and it was a really big hit.  We are invited to participate at future MAKE events, and the response from attendees who saw lockpicking (some of whom were experiencing it for the first time) is really terrific.

On the business side of things, Babak Javadi and I have our own company, The CORE Group, offering physical security consultation, assessment, trainings, and more.  With ties to many people in the law enforcement and intrusion response industries we are always growing our tool set and knowledge base.  There will be some very interesting developments there in the future, too, I am sure.

More than anything, I want to help lockpicking continue to be understood as an innocuous and harmless hobby.  The more the public can be educated about locks, the greater chance we have of diminishing people’s fears about lockpickers.

- 06/29/2010 - Doug

Datagram was nominated and selected for the Locksport Person of the Month distinction for his outstanding contributions to the locksport community. Datagram is well known for his work on two separate endeavors: lock forensic analysis (www.lockpickingforensics.com), and Lockwiki (www.LockWiki.com), a repository of lock related information.  I sat down with Datagram in his Los Angeles villa over a New York Strip to discuss his passage into the locksport community.

Q: First off, why do you call yourself Datagram?

A: I've been part of the computer security/hacker community for longer than I've been working with locks, and many of the lock-related events I do are at computer/security events. Using a handle is pretty traditional for US security groups and events so it has become what people know me as. There's a running joke between friends that no one would know who I was if I started putting my real name on my presentations and research papers. I don't remember why I chose 'datagram' in particular, though.  

Q: So I understand that you your work in forensics was your debut into the locksport community.  Is it okay if I go ahead and describe you as an amateur lock forensics guy gone pro? Can you explain how this progression occurred? 

A: That's not true, exactly. I've been working with locks for about a decade but it wasn't until a few years ago that I became interested in the forensics aspect. Before doing forensics I did training and presentations on locksport at various security conferences and events. Eventually I started looking for resources on forensic locksmithing but had a hard time finding much. I decided to do my own research and make the website. Since then I've gotten an increasing amount of work teaching and performing forensic locksmithing both at home and overseas. In the sense that I am an amateur turned pro, you're correct.  

Q: Have you developed any proprietary methods of forensics analysis or published any discoveries? 

A: I don't believe in having secrets in forensic locksmithing. A big part of the job is knowing what to expect and what is possible. Free exchange of information between forensic locksmiths helps to promote awareness of different attacks and the evidence they leave behind. To that end, I have a few articles and sections on the site that detail uncommon attacks or rare types of evidence. The next few articles for the website will also have similar information that has, to my knowledge, never been published before.  

Q: What is the coolest for-hire forensics job have you done? 

A: Well, forensic locksmithing is not like the CSI show on TV, but there have been many interesting cases. The most fun, for me, comes from the investigations where I have to try a variety of attacks against a duplicate lock to see if they produce the same tool marks/signature as what was found on the lock in evidence. The best example of this was testing different chemical (acid) attacks against brass-based padlock bodies. Teaching has also been rather cool, especially when you get to teach government/law enforcement. The best part is getting to see what equipment they use and hearing what they think of locks and physical security in general.   

Q: What are the plans for the future, etc, etc…? 

A: I'm working on a few new articles for the website. They detail attacks and forensic techniques for some popular and upcoming American brand locks. I expect the articles to be useful to forensic investigators because of the overwhelming popularity of these locks. As for the website, I'd like to expand into other lock types, particularly lever and disc-detainer locks. They are uncommon in the United States but are an interesting lock mechanism with unique forensic evidence, picking tools, and attack methods. Right now I just need to build up a budget to purchase some new lever locks and picking tools. They are not too expensive by themselves, but the shipping costs from the UK are killer!  

LockWiki: 

Q: For those that don't know, what is LockWiki? 

A: Lockwiki is a collaborative website, like Wikipedia, that focuses on locks, safes, locksport, and physical security. Anyone can contribute information and resources to the site, and the content is reviewed and edited by many people to make sure that all the information is accurate and non-biased. 

Q: I know I am not alone when I say that LockWiki is a fantastic source for lock and physical security related information.  How “complete” is the repository? 

A: As far as the end-goal, it is very incomplete. I'd say that what you see on Lockwiki today would be less than 1% of the information available a few years from now. In light of that, there are certain pages that are very thorough, containing information, images, media, and references for further information. Lately, I have been working on lock-specific pages because they are the easiest to do and provide a good amount of information. Once they are done, they require little upkeep - which is great cause I don’t have to worry about the older articles and focus on getting new/improved articles on other parts of the site.

Q: What are your long-term goals and strategies to increase content on the site? 

A: Right now I have been focusing on going through my lock collection and doing very detailed articles for each lock I own. Many that I've done have turned into really thorough pages that rank higher on Google than most of the official pages for those locks! In the long term I hope to get more editors contributing the site by editing articles, uploading images, or doing more administrative work like writing help pages and creating templates for other editors to use. I'm probably the worst salesman you could find, so I rarely try to sell people on the idea of editing or contributing. Those that have contributed have done much to improve the site and motivate me to keep going with my own updates.  

Q: I understand that you are responsible for 99% of all contributions to the site.  Why do you think people are so reluctant to contribute? 

A: That's actually true, but I would like to truly thank the 1% that have gone out of their way to contribute to the site. Finding people to continually contribute is difficult but understandable. Many people just don't have the time, which I think is the biggest factor. Some don't have the technical knowledge to write in-depth articles, and others don't have the writing skills. Many people get upset when they write a long article and someone else (usually me) goes in and edits it to be more readable or better organized. But that's the point of the site. That's why everyone can contribute and improve everything on the site. You have to develop a thick skin to have your writing publicly accessible by anyone in the world. People are going to pick on every possible thing about your writing, but in the end the site benefits from all those opinions.

- 05/05/2010 - Doug

TJ was nominated and selected to debut the Locksport Person of the Month distinction for his outstanding contributions to the locksport community. TJ, known on www.lockpicking101.com as tjweaver84, has been interested in lockpicking since high school. He is now 25 and nearing the end of a 6 year stint in the Navy operating nuclear reactors.  TJ is known in the community for his work at finding a vulnerability in the Abloy Protec, known by many as one of the most secure locks ever made.  I asked TJ to discourse the events that lead up to his discovery and this is what he wrote:

“….I got the Protec so I could learn how they work. Within minutes of getting the package at work, the Abloy was in about a million pieces. It took about 3 hours to reassemble it but I learned a ton about the lock. Then a couple nights later I was lying in bed when an idea struck me. The lock was already apart and on my desk so I started playing with the disc blocking system with the lock removed from the body and figured out a process that may someday be used to open the Protec consistently.”

TJ doesn’t claim to be able to pick the Protec consistently, but he has demonstrated his technique successfully at least once.  In the meantime, he is in contact with the manufacturer, Abloy, to implement a fix.

More information on TJ’s findings can be found here: http://www.tjweaver84.com/protecpicking.php

- 04/19/2010 - Doug

TJ Weaver lives in Greenville, North Carolina with his wife and child.  He is interested in computers, electronics, R/C stuff, locks, Amateur Radio, building stuff, outdoors stuff, and bonsai trees.  He would like to be contact by others in the area interested in sharing his interests with locksport. tjweaver84@tjweaver84.com