We had the chance to talk to John McAfee, computer security legend, about the issue surrounding the FBI and Apple. In case you weren't aware, the FBI and the DOJ have now demanded that Apple create a version of iOS that contains a backdoor, so that the iPhone belonging to the San Bernardino shooters can be hacked. Apple has publicly stated (opens in new tab) that this undermines the very technologies that protect people and the country as a whole. John McAfee is also running for president, as a Libertarian.
McAfee founded several companies, including McAfee Antivirus—the first antivirus—which is now part of Intel Security. Recently, McAfee made a public statement that he would hack the iPhone for free and give the FBI the data they're demanding, so that Apple doesn't have to create a backdoor.
We talk to John about the issues more deeply. The full conversation via phone call is transcribed below:
Tuan: Why is the FBI not hacking the iPhone itself? Why does it need Apple to do it?
McAfee: I don't believe the FBI has the capacity to do so. I think our government is illiterate in cybersecurity for the following reasons:
Number one, it's become a massive bureaucracy, where no one is ever fired—you're just promoted. And the technology departments are out of date; they do not keep up with changing technology. And they have a life time job so, why should they care? Number two, they will not hire the only people who can help them; that is the hackers of the world.
And why? Have you ever been to Defcon or Hack Miami or any hacking group? Well you see what people look like. Mohawks a half mile high, pierced ears, face tattoos. And every one of them is going to demand that they smoke weed on the job. Now, the government isn't going to hire those people. But I promise you, if you went to China, or Russia, and knocked on the doors of the Kremlin or the equivalent in China, and said, "I'm the world's greatest hacker, will you hire me," they'll say absolutely! And you say "Well wait a minute, I need to smoke weed," they'll say "Perfect, we'll put you in the basement and you can smoke as much as you want." Why? Because they're smart! We're stupid.
We want everybody to look like the bureaucracy. To wear a three-piece suit, polish your shoes, blue tie, and look and act like everyone else. Well that's not hacking. And that is not creative. And it does not create a society that can keep up. We're twenty years behind the Russians and Chinese.
Tuan: In terms of salary, is a $500K a year salary that Russia and China might be spending on a hacker or something that can be accepted as fact?
McAfee: You can definitely set that as fact. Most of the hackers who attend Defcon, the white hat hackers, make their living from hiring themselves out to corporations who don't care what they look like, as long as they can tell [the companies] what the problems in their systems are [laughs].
So, yeah that's a hard number. Yeah, you can bet that the Russians and the Chinese are paying that. You pay the going rate for the commodity that you're buying. If you want oil, you've got to pay the going rate. If you want a true hacker that is a talented natural born hacker, someone who has innate perceptions, someone who can look at a screen full of ones and zeros and say, "oh, that's such and such and such," well, one person in a million can do that. So, yeah, they get what they want.
Tuan: So do you think the Russians and Chinese already have the tools to decrypt the iPhone?
McAfee: That's common knowledge in the hacking community—absolutely. And not just decrypt the phone! The Chinese and Russians have the ability to bring our society to its knees. With the push of a button, the Chinese can terminate our electrical production and put us permanently without power. This is a known fact in the hacking community. We are so far behind that it's incomprehensible that we still call ourselves a world power.
Tuan: I read your piece on the OPM mission, and it said that the other countries easily penetrated our security systems. Out of all the possibilities, how high of a priority would it be to get access to our phones?
McAfee: I would say that it's extremely high. And in fact, I guarantee you, that the Chinese and Russians are praying on their knees now, that Apple gives in. In fact, they probably would pay a hundred billion dollars to Tim Cook to cave in. Why? Because it would get them total access, total control, to everything in America.
Now the FBI thinks that they have it. But the FBI and the NSA don't even have the data reduction capacity. Sure they can tap everybody's phone, but there's so much data they can't refine and use it. Trust me. The Chinese can. They're that far ahead. So, they would love for Apple to cave in. They would love for a federal judge to say, "Yes, [Apple], do this," because that means they just won the cyberwar. Why? Because every man and woman in America, carries [a smartphone].
Tuan: So the smartphone seems like the ultimate dormant weapon to America and its citizens. What about PCs?
McAfee: Well you know, they're kind of going away aren't they? I haven't seen a personal computer in years [laughs]. Seriously, I do all my writing on my smartphone, I do everything on my smartphone. It's got more memory than my personal computer, it runs faster, and I can put it in my pocket. [PCs] are going away.
Tuan: A recent 2000-page omnibus budget bill was announced at the end of 2015, but it contained the text of the Cybersecurity Information Act of 2015, about 1729 pages in. Why is there so much focus on internal spying and not security improvements?
McAfee: That's because our government has become paranoid and sick and twisted. We have become the enemy. We are the enemy to the government. If you don't believe me, why don't you take a trip from wherever you are, to, some distant city, through the TSA, and while you're standing there with your belt in your hands and your shoes off, and your belongings are being closely scrutinized, and you have your hands in the air waiting to be frisked, you ask yourself—do you feel you're being protected? Or do you feel like, you're the enemy? Oh my god! I feel like the enemy. Therefore, we must be the enemy.
Tuan: iPhone versus a major bank. Which is harder to hack?
McAfee: A major bank?
McAfee: A bank is probably easier because you've got more people to deal with in terms of social engineering. If you've got a hundred people, well, you can hack a bank in half an hour, if you've got a good social engineering team. The one iPhone belonging to a dead person, well, that takes a little bit longer.
Tuan: Is the iPhone more secure than an Android phone?
McAfee: Absolutely not. It's a closed architecture, how can it possibly be secure? History has proven over and over that closed architectures are ultimately the most insecure. You don't have enough people watching, that's the problem.
Tuan: What about online services like Netflix, Amazon, and Steam?
McAfee: Uh... I don't subscribe to those services for the very reason, that, I do value my privacy, and I do not want someone watching me.
Tuan: Can I send you my iPhone for your team to decrypt?
McAfee: No sir. We are so busy, we're running a campaign. I'd be happy to do it for half a million dollars, but no.
Tuan: [Laughs] So you've said that Apple shouldn't put backdoors into the operating system. On the other hand, if your team is able to extract the data from the phone, couldn't the FBI simply ask your team to hand over the software you created?
McAfee: We don't create any software [to hack the iPhone]. We use tools, standard tools to analyze and take phones apart. We don't write new software for that; we don't have the ability. We don't have Apple's source code. We don't have um, we would need Apple's programmers and engineers in order to write a backdoor. So, we're using standard tools.
Here, let's say you have a Chevy and it breaks down. You take a mechanic, he throws some spare parts in it, and it's fixed. That's not like asking Chevy to redesign [the car] to do 300 miles an hour.
Tuan: In your original post, you talked about social engineering your way into the iPhone. Would that mean you might try to breach Apple corporate itself, or would you go after—
McAfee: Oh lord no. We would talk to his friends, contacts, acquaintances and so on—we would talk to those people. We would talk to them, because a person doesn't have to be alive to be socially engineered. He still has friends, contacts, relatives, that together, provide a great deal of information.
Frequently we get a password from someone in a dinner conversation, and it's trivial. Social engineering is easy, and it's a first step. It also helps out the software engineers, and knowing which direction to go.
Tuan: You mentioned that the FBI and the government are unwilling to be open minded and hire hackers, paying their asking salaries. What about Stuxnet, wasn't that US-developed?
McAfee: It was. But we have a different thing. Stuxnet is old technology, and it was a single network. We're talking about a device, a cellphone, which everybody—we all carry the computers with us, we all carry a "Stuxnets" in our pockets. And that includes government agents, the defense department, spies, everybody. We have them. And to mess with backdoors on something which every human has, is beyond belief. And Stuxnet was written by contractors, not by the US government.
Tuan: Today's programmers seem to be chasing the next big app, the next Instagram, Snapchat, Tinder... Do you think this is happening because developing a unicorn app has the promise of huge monetary rewards and therefore there are fewer programmers working on security?
McAfee: Well I mean you can create an app that is a security app. I write security apps and they're reasonable popular. There's nothing wrong with kids going after money. Nothing. But you need to understand something. The money today, is in security products, you have to believe me. I mean, it's a supply and demand thing. You know, you have a few security products, and a great need, and smart app developers can develop security products.
Tuan: There seems like there's a big gap in terms of America's cyber-warfare capabilities. You're running for president, but it seems like cybersecurity is a non-partisan issue. What sort of advice would you give to the Democrat and Republican nominees?
McAfee: I would give them minus numbers! Here's an example. I explained the Apple situation, that backdoors are the worst things we could ever do. We stopped using backdoors in the nineties—for anything, any purpose whatsoever. Because hackers immediately got access to them, and caused havoc. He wants to boycott Apple, to force Apple to put backdoors in their software. And he's running for president! It shows, an unbelievable lack of understanding, of the technology of cybersecurity. In a world where if you do not understand that, and we are approaching a cyberwar, why are you running for president?
Tuan: When you say he, you mean Donald Trump?
McAfee: Yes, I said Trump. Did I not? Yeah. Trump.
Tuan: He's been very vocal about forcing Apple to create a backdoor.
McAfee: That just shows you he doesn't understand. He's very short sighted. Maybe that will help the FBI catch more terrorists. But it will bring America to its knees in the face of its enemies.
Tuan: There aren't really good formal ways of learning about security. For example, even the virtuosos of music were able to take piano lessons or violin lessons.
McAfee: Oh, absolutely yes! You know, I was self taught. I mean, I have a degree. I have an honorary doctorate even in mathematics. But when I went to school, they didn't have computer science courses. They didn't exist. The computers didn't exist. I was self taught. And, I believe that this is the way to go. Because good heavens, we have the Internet. If you want to specialize in something, a school isn't going to provide that for you, in the field of computer science and cyber security.
Go after your love. Read. Practice. Talk to people. I've mentored hundreds, literally hundreds of people, who came to me and said, "I'm getting a computer science degree from Stanford. I still feel like I don't know anything, can you advise me?" I say absolutely, sure.
You know, computer science is still an art. It really is not a science, I wish it was. But it's an art. A very complex art form. And you need to know how to use a wide variety of brushes and palettes. And schools don't teach that. You've got just a smattering of everything and an understanding of nothing.
Tuan: So what sort of advice would you give a school kid out there who's interested in learning about cyber security?
McAfee: Study psychology first. Learn neurolinguistic programming. It has nothing to do with computers, but it really does—it has everything to do with hacking and security in the modern world, because ninety-nine percent of hacks are human-engineering hacks. I know great hackers who can't code. Literally.
McAfee: Because they're strictly human-engineering. It's the easiest thing in the world. I mean, some of the ideas they come up with are brilliant. The most brilliant is one they call the audit authorization letter. Now think of this:
So, you have a team, and you put together a letter. Let's say you're going to audit the FBI. Let's do that for example. It's on the FBI letterhead, from Washington, from the assistant of someone, which you know, that these people in Georgia or Idaho, don't know. You put a phone number on it that looks like a legitimate FBI phone number. On the letter you say, this is an audit authorization letter. The bearers of this letter have authorization to audit all aspects of your procedures and operations, and please call this number to verify.
You call that number, they've got a bank of operators standing by—phony. They say oh yes, are they there yet? You tell them, that Mr. Smith wants that information by tomorrow morning, or they're all fired. Okay?
So now, that works in one hundred percent of the cases. Think about it. Just think about it. So then, the FBI who has called the secretary for so and so, who has verified them, and they have on government stationary, and it's an audit authorization letter, so the people who get it are afraid. They say good god man, the auditors are on the way, get out of our way because we're on the way, we've got to get this done. [laughs] Well, you can walk off with, if you want, the Apple backdoor if they made one. You can walk off with everything. That's human-engineering, do you understand?
Tuan: Totally. Do you have any advice for our readers and the public in general. How should we secure our phones and laptops and desktops?
McAfee: Don't worry about your laptops and desktops. There are very few people who hack these anymore. On your smartphones, every time you download an app, look at the permissions that it asks for, and read them. And if it's a Bible reading app, and late at night you're too tired to read, and you turn the lights off and you ask it to read Genesis to you... all it needs is access to the microphone. Let's face it. And if that app, and all of them do, ask permission to [access] the camera, to read your emails, to read your text messages, to make phone calls on your behalf, to read your contacts, then don't use that app. I don't care how good the app is. That's my advice. That's how we screw ourselves, every time.
Tuan: To finish up with a bigger picture. Taking a look back at your career, what accomplishments are you most proud of?
McAfee: You know, that's a difficult question. I don't look back. I really don't. Most proud of... I don't know. I think Tribal Voice, where we invented instant messaging, and some of the most dynamic software in the world, which was ten years ahead its time. We sold it to CMGI for seventeen million dollars. They canned it after a year because, basically, the basic infrastructure was not there. We were also the first to invent internet voice communications. At that time, a T1 line was about the largest any company could get, and it did not have the capacity to support it. So... Tribal Voice was my finest hour, even though we were ahead of our time and foolish to build software that had [laughs] no hardware support [laughs].
Tuan: That's all the questions I have. Do you have anything else you want to say?
McAfee: Yes! Visit mcafee2016.com (opens in new tab), and donate. We have an uphill battle against the two major parties that are machines that destroy the soul, of not just the candidates but of all America. And they are powerful beyond belief. We need help.
McAfee: mcafee2016.com. Thank you sir.
Tuan: John, thank you. It was a pleasure. Ciao.
[Alan B.C. Dang contributed to this report.]