“Eric has come to my rescue both personally and professionally. In 2019, when the LA County VSAP election system was under development, we ran across an obscure network hardware issue under a tight certification deadline. Eric took my call at 10 pm and was onsite with an expert team before midnight. Later, in 2020, I found myself gathering community members to demonstrate in protest of police brutality. Eric showed up at my door equipped with RiftRecon zip tie cutters and handcuff keys cleverly disguised as jewelry. His awareness and experience were critical to navigating our safe passage through a violent scene, and he got some pretty great pictures too. Don’t be deceived by his whimsy - Eric Michaud is all business. At any given moment, he’s analyzing 15 different situations. He is action-biased and high-engagement. Do yourself a favor and be Very Prepared when you call him... if you don’t know what you want, he will tell you what you need. ”
San Francisco, California, United States
Contact Info
5K followers
500+ connections
Activity
-
After nearly 3 years as the Global Lead of Active Threat Assessments at IBM X-Force, I’ve decided to make a move. I'm happy to announce I’ve joined…
After nearly 3 years as the Global Lead of Active Threat Assessments at IBM X-Force, I’ve decided to make a move. I'm happy to announce I’ve joined…
Liked by Eric Michaud
-
My new book was reviewed by locksmith ledger, the primary journal for locksmiths and security. https://lnkd.in/eeesAT47
My new book was reviewed by locksmith ledger, the primary journal for locksmiths and security. https://lnkd.in/eeesAT47
Liked by Eric Michaud
-
I was today years old when I saw cherry blossoms in bloom for the first time. They are incredible. Doug 🦄was also impressed.
I was today years old when I saw cherry blossoms in bloom for the first time. They are incredible. Doug 🦄was also impressed.
Liked by Eric Michaud
Experience & Education
Publications
-
Responsible Rescue - Rethinking Responsible Disclosure for Cryptocurrency Security
Unciphered
At Unciphered we recover keys for people who’ve lost them. We are building toolkits for that on an industrial scale. We’ve also been in deep discussions since last year on how to handle Responsible Disclosure when we discover a new class of vulnerability that allows us to create Private Keys, Mnemonics, or Seed Phrases.
Other authors -
Mapping the invisible – A journey into discovering tor hidden services
Sec-T
This talk covered the research I performed to develop a .onion address mapping infrastructure.
-
A Burglar's Guide To The City
FSG Originals
Interviewed for the book and thanked in the acknowledgements. I'm not the author Geoff is. Made recommendations to others interviewed whom ended up in the book.
Other authors -
The Surprising Light Side of the Dark Web
MIT Technology Review
Indexing the dark Web offers a way to track crime—and shows that the hidden realm is a refuge for people who fear persecution.
Criminals selling Social Security numbers, the world’s largest social network, and transgender people seeking a safe place to talk are all part of the diverse world known as the dark Web—sites that can be accessed only using special software, usually intended to protect the identity and location of the websites and people using them.
The dark Web…Indexing the dark Web offers a way to track crime—and shows that the hidden realm is a refuge for people who fear persecution.
Criminals selling Social Security numbers, the world’s largest social network, and transgender people seeking a safe place to talk are all part of the diverse world known as the dark Web—sites that can be accessed only using special software, usually intended to protect the identity and location of the websites and people using them.
The dark Web pierces the public consciousness only through incidents like the 2013 capture of Ross Ulbricht, who operated the Silk Road marketplace that hosted sales of illegal drugs and other contraband. But security companies and researchers are starting to deploy software that crawls the dark Web, similar to the way a conventional search engine indexes regular Web pages. As well as ferreting out or even preventing crime, these tools are showing that the dark Web has a significant light side. -
Deep Light
Intelliagg/Dark Sum
The first complete automated census of the Tor hidden services network.
Other authorsSee publication -
Beyond the Lock: Attack Vector Evolution
You Shot The Sheriff
While pop culture still struggles with the concept of lockpicking as a sport, in the past decade -- since Eric Michaud picked his first lock -- lockpicking has gone from taboo to trend. Exploits have a newly rapt audience, excited by bypassing mul-t-locks, the Masterlock speed dial, various attacks on Medeco, and even pedestrian lock bumping. Things that now -- to Michaud, at least -- seem crude, stifling, and boring in contrast to what's in current use at the upper echelons of opening doors,…
While pop culture still struggles with the concept of lockpicking as a sport, in the past decade -- since Eric Michaud picked his first lock -- lockpicking has gone from taboo to trend. Exploits have a newly rapt audience, excited by bypassing mul-t-locks, the Masterlock speed dial, various attacks on Medeco, and even pedestrian lock bumping. Things that now -- to Michaud, at least -- seem crude, stifling, and boring in contrast to what's in current use at the upper echelons of opening doors, and shared among those who push the boundaries of bypass.
In constantly questing to move attacks past the horizon, the professional world of getting in and out is host to a world of custom, sophisticated tools that put most of the public work to shame in terms of elegance. According to Michaud's astonishing catalogs and expansive research arena, tools and attacks the professionals employ to get intel and surveil are far beyond what's passed around as public knowledge.
In this talk, Eric shows what the evolution of attack vectors of locks looks like, and how attacks, tool development and cunning techniques are surpassing the imagination -- and in some instances, surpassing instinct and ability. -
Oslo Freed Forum 14: A Conversation with Cyber and Physical Security Expert Eric Michaud
Oslo Freedom Forum
Interview with Eric Michaud and Brian O'Shea about their October 2014 Oslo Freedom Forum talk.
Other authorsSee publication -
Beyond the Lock: Attack Vector Evolution
Eric Michaud/Rift Recon
While pop culture still struggles with the concept of lockpicking as a sport, in the past decade -- since Eric Michaud picked his first lock -- lockpicking has gone from taboo to trend. Exploits have a newly rapt audience, excited by bypassing mul-t-locks, the Masterlock speed dial, various attacks on Medeco, and even pedestrian lock bumping. Things that now -- to Michaud, at least -- seem crude, stifling, and boring in contrast to what's in current use at the upper echelons of opening doors…
While pop culture still struggles with the concept of lockpicking as a sport, in the past decade -- since Eric Michaud picked his first lock -- lockpicking has gone from taboo to trend. Exploits have a newly rapt audience, excited by bypassing mul-t-locks, the Masterlock speed dial, various attacks on Medeco, and even pedestrian lock bumping. Things that now -- to Michaud, at least -- seem crude, stifling, and boring in contrast to what's in current use at the upper echelons of opening doors, and shared among those who push the boundaries of bypass.
In constantly questing to move attacks past the horizon, the professional world of getting in and out is host to a world of custom, sophisticated tools that put most of the public work to shame in terms of elegance. According to Michaud's astonishing catalogs and expansive research arena, tools and attacks the professionals employ to get intel and surveil are far beyond what's passed around as public knowledge.
In this talk, Eric shows what the evolution of attack vectors of locks looks like, and how attacks, tool development and cunning techniques are surpassing the imagination -- and in some instances, surpassing instinct and ability. -
Thwarting Evil Maid Attacks: Physically Unclonable Functions for Hardware Tamper Detection ** GE-117, 1500-1600, 19 June 2014 **
Naval Post Graduate Institute
Increasingly, users and their computing hardware are exposed a range of
software and hardware attacks, ranging from disk imaging to hardware keylogger
installation and beyond. Existing methods are inadequate to fully protect users,
particularly from covert physical hardware modifications in the “evil maid” scenario, and
yet are very inconvenient. Victims include governments and corporations traveling
internationally (e.g. China), anti-government activists in places like Syria…Increasingly, users and their computing hardware are exposed a range of
software and hardware attacks, ranging from disk imaging to hardware keylogger
installation and beyond. Existing methods are inadequate to fully protect users,
particularly from covert physical hardware modifications in the “evil maid” scenario, and
yet are very inconvenient. Victims include governments and corporations traveling
internationally (e.g. China), anti-government activists in places like Syria, and anyone
who is a target of a motivated attacker who can gain physical access. Physically
Unclonable Functions, combined with a trusted mobile device and a network service, can
be used to mitigate these risks. This talk will describe a novel open-source mobile client
and network service which can protect arbitrary hardware from many forms of covert
modification and attack, and which when integrated with software, firmware, and policy
defenses, can provide greater protection to users and limit potential attack surface. -
ACCESS PROHIBITED
Digita Pub
If Jason Bourne had an illustrated guide to spy tricks, it would be Access Prohibited: The Physical Security Tool Guide to Hacks, Cracks, and Recon. Author Eric Michaud teamed up with illustrator Martin Whitmore, photographer Alex Rodriguez and a team of physical security penetration testers to distill physical security hacking into this incredible guide.
This fully illustrated 35-page color guide explains the tools, techniques and methods used in the field every day by physical security…If Jason Bourne had an illustrated guide to spy tricks, it would be Access Prohibited: The Physical Security Tool Guide to Hacks, Cracks, and Recon. Author Eric Michaud teamed up with illustrator Martin Whitmore, photographer Alex Rodriguez and a team of physical security penetration testers to distill physical security hacking into this incredible guide.
This fully illustrated 35-page color guide explains the tools, techniques and methods used in the field every day by physical security professionals worldwide to gain unauthorized access to buildings, rooms and facilities. The specialized tools and everyday items, from the exotic to the ordinary, are described in clear step-by-step instructions accompanied by color photos and bold illustrations. -
Lessons Learned from Physical Tamper-Response Applied to Client Devices
RSA Conference USA 2014
Physical tamper-evidence and tamper-response can be applied to client devices (cellphones, tablets, laptops), particularly to protect travelers in hostile regions. We describe the technologies, deployment and lessons learned across several technologies and market segments, and how these technologies can best be used by IT and security administrators to protect their users.
Other authorsSee publication -
Don’t Want Your Laptop Tampered With? Just Add Glitter Nail Polish
Wired.com
IF you’re traveling overseas, across borders or anywhere you’re afraid your laptop or other equipment might be tampered with or examined, you’ve got a new secret weapon to improve security. Glitter nail polish.
Don’t laugh. It works.... -
Thwarting Evil Maid Attacks: Physically Unclonable Functions for Hardware Tamper Detection
30th Annual Chaos Computer Club Congress, Hamburg, Germany
Increasingly, users and their computing hardware are exposed a range of software and hardware attacks, ranging from disk imaging to hardware keylogger installation and beyond. Existing methods are inadequate to fully protect users, particularly from covert physical hardware modifications in the "evil maid" scenario, and yet are very inconvenient. Victims include governments and corporations traveling internationally (e.g. China), anti-government activists in places like Syria, and anyone who is…
Increasingly, users and their computing hardware are exposed a range of software and hardware attacks, ranging from disk imaging to hardware keylogger installation and beyond. Existing methods are inadequate to fully protect users, particularly from covert physical hardware modifications in the "evil maid" scenario, and yet are very inconvenient. Victims include governments and corporations traveling internationally (e.g. China), anti-government activists in places like Syria, and anyone who is a target of a motivated attacker who can gain physical access.
Physically Unclonable Functions, combined with a trusted mobile device and a network service, can be used to mitigate these risks. We present a novel open-source mobile client and network service which can protect arbitrary hardware from many forms of covert modification and attack, and which when integrated with software, firmware, and policy defenses, can provide greater protection to users and limit potential attack surface. We'll also be showing video of an unreleased tool to the public utilized by surveillance teams.Other authorsSee publication -
Thwarting Evil Maid Attacks: Physically Unclonable Functions for Hardware Tamper Detection
BayThreat 2013
Increasingly, users and their computing hardware are exposed a range of software and hardware attacks, ranging from disk imaging to hardware keylogger installation and beyond. Existing methods are inadequate to fully protect users, particularly from covert physical hardware modifications in the “evil maid” scenario, and yet are very inconvenient. Victims include governments and corporations traveling internationally (e.g. China), anti-government activists in places like Syria, and anyone who is…
Increasingly, users and their computing hardware are exposed a range of software and hardware attacks, ranging from disk imaging to hardware keylogger installation and beyond. Existing methods are inadequate to fully protect users, particularly from covert physical hardware modifications in the “evil maid” scenario, and yet are very inconvenient. Victims include governments and corporations traveling internationally (e.g. China), anti-government activists in places like Syria, and anyone who is a target of a motivated attacker who can gain physical access.
Physically Unclonable Functions, combined with a trusted mobile device and a network service, can be used to mitigate these risks. We present a novel open-source mobile client and network service which can protect arbitrary hardware from many forms of covert modification and attack, and which when integrated with software, firmware, and policy defenses, can provide greater protection to users and limit potential attack surface.Other authorsSee publication -
Thwarting Evil Maid Attacks: Physically Unclonable Functions for Hardware Tamper Detection
HITB Kuala Lumpur 2013
ncreasingly, users and their computing hardware are exposed a range of software and hardware attacks, ranging from disk imaging to hardware keylogger installation and beyond. Existing methods are inadequate to fully protect users, particularly from covert physical hardware modifications in the “evil maid” scenario, and yet are very inconvenient. Victims include governments and corporations traveling internationally (e.g. China), anti-government activists in places like Syria, and anyone who is…
ncreasingly, users and their computing hardware are exposed a range of software and hardware attacks, ranging from disk imaging to hardware keylogger installation and beyond. Existing methods are inadequate to fully protect users, particularly from covert physical hardware modifications in the “evil maid” scenario, and yet are very inconvenient. Victims include governments and corporations traveling internationally (e.g. China), anti-government activists in places like Syria, and anyone who is a target of a motivated attacker who can gain physical access.
Physically Unclonable Functions, combined with a trusted mobile device and a network service, can be used to mitigate these risks. We present a novel open-source mobile client and network service which can protect arbitrary hardware from many forms of covert modification and attack, and which when integrated with software, firmware, and policy defenses, can provide greater protection to users and limit potential attack surface.Other authorsSee publication -
Locksport: A Fight Club For Lockpicking
Tested.com
-
How to Steal Nuclear Warheads Without Voiding Your Xbox Warranty
Black Hat DC
We will present the common elements and basic mechanisms of modern tamper-evident seals, tags, and labels, with emphasis on attack and circumvention. Adhesive seals, crimp seals, wire wraps, fiber optic seals, electronic, chemical, biological, and make-shift seals will be dissected, examined, and explained, with emphasis on their shortcomings and circumvention techniques. We will also present an overview of typical applications for tags, seals, and labels, including covert traps and uses…
We will present the common elements and basic mechanisms of modern tamper-evident seals, tags, and labels, with emphasis on attack and circumvention. Adhesive seals, crimp seals, wire wraps, fiber optic seals, electronic, chemical, biological, and make-shift seals will be dissected, examined, and explained, with emphasis on their shortcomings and circumvention techniques. We will also present an overview of typical applications for tags, seals, and labels, including covert traps and uses ranging from consumer goods to loss reduction to government secrets.
-
Museum Security and the Thomas Crown Affair
Argonne National Laboratory: Journal of Physical Security
This paper covers my research into the realities and statistics of art theft in museums.
-
Our Darknet and its Bright Spots Building Connections for Spaces and People
CCC - 26C3
Abstract:
Building a private network to connect your neighbourhood. Why we feel common solutions are terrible on resources and what we think is better.
Get on board.
This talk will give you the opportunity to take a look at the shades of grey of interconnecting hackerspaces and people's networks. Mc.Fly presents ChaosVPN, reborn in its darknet-ish approach and gaining momentum from established hackerspaces in the US and Europe with spaces like NYC Resistor, Pumping…Abstract:
Building a private network to connect your neighbourhood. Why we feel common solutions are terrible on resources and what we think is better.
Get on board.
This talk will give you the opportunity to take a look at the shades of grey of interconnecting hackerspaces and people's networks. Mc.Fly presents ChaosVPN, reborn in its darknet-ish approach and gaining momentum from established hackerspaces in the US and Europe with spaces like NYC Resistor, Pumping Station: One, Noisebridge and c-base. The Agora Network will be presented by Aestetix and Eric in covering the community and technical aspects and what to expect. Equinox will show you the white-ish side called dn42 - the old but nice lady that connects mostly german people and younger spaces like sublab and entropia. -
The (In)Security of Drug Testing
Florida State University: Journal of Drug Issues
Urine is frequently tested to detect illicit drug use for such things as accident investigations; forensics and law enforcement; screening of employees and potential employees; fitness of duty checks for critical personnel such as those involved in the transportation or nuclear industries; tests of national, international, and scholastic athletes for cheating; and evaluations of whether an individual should receive (or continue to hold) a security clearance. Because the results of drug tests…
Urine is frequently tested to detect illicit drug use for such things as accident investigations; forensics and law enforcement; screening of employees and potential employees; fitness of duty checks for critical personnel such as those involved in the transportation or nuclear industries; tests of national, international, and scholastic athletes for cheating; and evaluations of whether an individual should receive (or continue to hold) a security clearance. Because the results of drug tests strongly impact person’s career, livelihood, and reputation, and because the results of drug testing have serious implications for government, corporations, and society, good security to prevent tampering would seem to be essential.
Other authors -
No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing
Syngress
Contributor
Book Description:
As the cliché goes, information is power. In this age of technology, an increasing majority of the world's information is stored electronically. It makes sense then that we rely on high-tech electronic protection systems to guard that information. As professional hackers, Johnny Long and Kevin Mitnick get paid to uncover weaknesses in those systems and exploit them. Whether breaking into buildings or slipping past industrial-grade firewalls, their…Contributor
Book Description:
As the cliché goes, information is power. In this age of technology, an increasing majority of the world's information is stored electronically. It makes sense then that we rely on high-tech electronic protection systems to guard that information. As professional hackers, Johnny Long and Kevin Mitnick get paid to uncover weaknesses in those systems and exploit them. Whether breaking into buildings or slipping past industrial-grade firewalls, their goal has always been the same: extract the information using any means necessary. After hundreds of jobs, they have discovered the secrets to bypassing every conceivable high-tech security system. This book reveals those secrets; as the title suggests, it has nothing to do with high technology.Other authorsSee publication -
Security: Past, Present, and Future
Hack In The Box - Kuala Lumpur
True security is often difficult to achieve in our modern age. Most individuals totally overlook this aspect of our daily lives, and those who attempt to take active steps to achieve security often invest in falsehoods and empty promises as opposed to reliable technologies.
Every day, countless people come into direct contact with frighteningly insecure systems and fail to take notice. Such problems will typically remain unaddressed until a catastrophic event captures everyone’s…True security is often difficult to achieve in our modern age. Most individuals totally overlook this aspect of our daily lives, and those who attempt to take active steps to achieve security often invest in falsehoods and empty promises as opposed to reliable technologies.
Every day, countless people come into direct contact with frighteningly insecure systems and fail to take notice. Such problems will typically remain unaddressed until a catastrophic event captures everyone’s attention. Why is there so much ignorance in this field? Why aren’t manufacturers implementing stronger products? The answer to this conundrum is simple: It is a matter of awareness. While some may lay blame upon the manufacturers, whose profit motive typically dictates production with the least amount of overhead at the cost of security, the chief reason for weak products is the level of awareness the customer-base holds. Without a properly informed public, consumers can never properly make their priorities known in the marketplace.
The average individual is completely ignorant of how quickly their home or business locks and authentication systems can be bypassed. As long as this knowledge remains hidden in the depths of “professionally privileged information” and obscured by the manufacturers themselves, the worse security will be for all of us. We will explain and demonstrate security methods of the past, present, and future. Not only will both old and new technologies be explored they will also be compromised before your very eyes. Everyone will come to appreciate the strengths and weaknesses of various technologies… thus everyone may decide the value of such products for themselves.
If after the conclusion of our talks we have not overwhelmed your minds enough with extensive details, you are also all invited to come and see us at the “Lock pick Village“ an entire area where attendees may ask additional questions and try their hand at everything we have demonstrated and described.
Other authorsSee publication -
Medeco m3 Meets the Paper Clip - “Michaud M3 Degrade Attack”
Internet
-
Michaud Attack
Matt Blaze - Crypto.com - UPenn
Matt describes the attack I developed against vulnerable Mul-T-Lock cylinders produced up till my research in 2005.
Other authors -
Art Of Escape Class Will Help You Stay Alive After The Big One Hits
SFist.com
If the city you live in fell into dystopia and horror and you had to survive for 72 hours, could you? Many of you, let's face it, will die. Squashed under that Victorian you called home. Kidnapped from your SoMa loft by Occupy comrades. Murdered by an angry mob after you snatch more than your fair share of Charmin during a CVS loot. Or worse. But Rift Recon, a physical security agency made up of researchers, former military and private security detail contractors, and computer and hardware…
If the city you live in fell into dystopia and horror and you had to survive for 72 hours, could you? Many of you, let's face it, will die. Squashed under that Victorian you called home. Kidnapped from your SoMa loft by Occupy comrades. Murdered by an angry mob after you snatch more than your fair share of Charmin during a CVS loot. Or worse. But Rift Recon, a physical security agency made up of researchers, former military and private security detail contractors, and computer and hardware hackers, can and will help you survive.
Honors & Awards
-
SF Marathon 2015
-
Completed the San Francisco Marathon.
Languages
-
English
Native or bilingual proficiency
-
Python
Professional working proficiency
Recommendations received
-
LinkedIn User
6 people have recommended Eric
Join now to viewMore activity by Eric
-
So The World’s Most Dangerous Places as a podcast: What’s it about.? Who’s in it? How long is each episode? I travel so much and the world moves…
So The World’s Most Dangerous Places as a podcast: What’s it about.? Who’s in it? How long is each episode? I travel so much and the world moves…
Liked by Eric Michaud
-
In Spring of 1995, I was a Linux user. I had been since late 1993 running Slackware. This was being done on a 386SX processor with 2MB of RAM and…
In Spring of 1995, I was a Linux user. I had been since late 1993 running Slackware. This was being done on a 386SX processor with 2MB of RAM and…
Liked by Eric Michaud
-
Welcoming Emma Lovett, Executive Director at JPMorgan Chase & Co. as a featured speaker at the upcoming Digital Assets Forum by EBC. The Digital…
Welcoming Emma Lovett, Executive Director at JPMorgan Chase & Co. as a featured speaker at the upcoming Digital Assets Forum by EBC. The Digital…
Liked by Eric Michaud
Other similar profiles
-
Ed Zitron
Connect -
Brian O'Shea
Connect -
Ash Kalb
Connect -
John Ballentine
Connect -
Thomas Ryan
Connect -
🌎👩🏻💻 Carlota S.
Connect -
Michael Loftus III
Undergraduate at the University of Michigan
Connect -
Nick Fedoroff
Operations - Corporate Messaging Specialist - Entertainer - Event Producer
Connect -
Tiffany Faith Demers
Connect -
Alexander Schwarzkopf
Connect
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Eric Michaud in United States
-
Eric Michaud
Vice President: Marketing Technology Delivery, Cross Channel Campaign Management
-
Eric Michaud
Platform Architect at Northern Light Health
-
Eric Michaud
-
Eric Michaud
Video Coach / Director of Hockey Operations at Iowa Heartlanders ECHL
-
Eric Michaud
--
42 others named Eric Michaud in United States are on LinkedIn
See others named Eric Michaud