ASCII Edge 2025: Jesse Tuttle AKA Hackah Jak (EP 788)

Hello friends, Uncle Marv here with another episode of the IT Business Podcast, and we're back with another video preview of the upcoming ASCII Edge tour. And this time we are getting ready for the March visit to Orlando, Florida, and that's going to be one that I'm going to be at. So if you haven't signed up yet, head over to events.ascii.com.
If you are in the central Florida area, or if you want to fly to Florida, if it's still cold up north, weather's fine down here. Come on and join us, and it'll be a fantastic time. For those of you that are watching who may not know what ASCII is, ASCII is one of the leading communities for independent managed resource and managed service providers in North America, and the ASCII Edge is the annual tour where they visit seven, eight, nine cities, and have a two-day conference to just hang out and hang with other professionals, meet some of the vendors in our space, and it is a great time. And the event spans two days, focuses on learning, networking, and collaboration. This year Microsoft is the diamond sponsor, and they will offer valuable insights, including a keynote on AI and Zero Trust.
And this year, it has been one of the big aims of ASCII to make sure we have some great speakers and great presenters. So this year, I think you are going to really love this. So coming up to the stage is somebody I just met recently.
He stopped by and said hello to me at IT Expo. Jesse Tuttle, who is also known as Hackah Jak, former hacker turned cybersecurity expert, and he is going to be the keynote speaker. The session is titled The Mind of a Hacker, or Inside the Mind of a Hacker, something to that effect, right, Jesse?
Something like that. So for those that don't know, Jesse is obviously a member of the MSP community here. You've got a company called AP2T Labs, which is basically a cyber threat research and training company.
Tell us a little bit about that, Jesse.
[Jesse Tuttle]
So AP2T Labs is, it was inspired by my background and the people that I grew up, and I still know today, and the actions that we took. And how can people properly build and gear towards a proper defense to protect them against threat actors? We are an awareness training provider that is bringing next level concepts and solutions to market, based on literally what I get to do all day of hanging in the underground, and places darker on the web than just Tor.
[Uncle Marv]
All right, and you guys are big in using AI and machine learning as part of analyzing user behavior, right?
[Jesse Tuttle]
Yeah, we actually have, we are now officially patent pending on some technologies that we're inventing, that literally date back to my days as a threat actor. And so concepts that I was working on then, that has been modernized with advanced machine learning and AI
capabilities, built totally in-house from the ground up, not taking an off the shelf product and just plugging into it.
[Uncle Marv]
All right, nice. So ASCII has you dubbed FBI's and Interpol's most wanted, and that you're going to share all. Now I can't imagine that you're going to share everything that happened, but the fact that you were on both the FBI and the Interpol list of most wanted, had to be an interesting story.
[Jesse Tuttle]
Yeah, I'm told it is. For me, it was just my everyday life. I mean, it's what I did every day.
It started when I was a 14-year-old kid in 1994. And in 2001, after initiating what New York Times called the first hacker world war that resulted in $2 billion plus a damage, I ended up being contracted by the FBI as an intelligence asset. I was paid to hack government and military servers, help secure them from the inside out, write reports, and lead that entire initiative.
Along the way, I was, you know, as a most wanted leading up to this, I did find out that I was on the FBI's most wanted Interpol, NASA, Office of Inspector General, Department of Defense, and more than a dozen other countries.
[Uncle Marv]
So here's a question I'm going to ask. I'm going to take you a little detour here. You were working for the FBI or the government, but you were on their most wanted list.
[Jesse Tuttle]
So I was there before I started working with them. I mean, you know, so as a kid, I was really interested in how things work. And I always love to get feedback when I'm doing a talk or I'm presenting with a group.
And I'm sure I will ask this. How many people at where I'm talking builds and works on databases? A number of hands tend to go up because I tend to talk to a lot of technical people or C-suite that they have teams that do that.
You know, how I learned to build databases, I hacked banks. So I figured there was no one better to know how to build and optimize a database. So I hacked banks to learn how to build databases.
Needed fast connections to distribute pirated war software. So military connections and NASA was great for that. They had fast distribution connections.
And so it was these actions that led me to these lists that I ended up being on. In 2001, when I received my first knock on the door, that's I was offered a basically a job. And that's when I found out that I was already on these lists.
They helped get my name cleared from a lot of lists. I became an instrumental part in 9-11. I helped take down a human trafficking network.
I was visited by the Department of Defense because they silo information about who works as intelligence assets. And so while working as an intelligence asset and hacking a lot of MilNet, I ended up gathering the attention of Department of Defense. All this went through end of 2001, 2002, and the beginning of 2003.
And in 2003, I got my third knock on the door and that was the local police and a huge jurisdictional dispute that was going on and I was caught in the middle. And that led to my identity being exposed and my entire world came crashing down on me. But it opened up the opportunity for me to raise my daughter, share with her my experience, my life, let her understand my thought process.
And she actually is the CEO and co-founder of AP2T Labs and she works daily as a threat researcher.
[Uncle Marv]
Yep. I met Jess. I actually met Jess before, I mean, I'm sorry, I met Reese.
[Jesse Tuttle]
Yep.
[Uncle Marv]
And I actually met her before I met you. And just so you know, she's a lot harder to get on the show than you are.
[Jesse Tuttle]
She is. Most people don't realize that she started college at 13. She finished her Bachelor of Comm Sci at 17, finished like, I don't know, four more college degrees, got some professional certifications, started her master’s degree, then graduated high school.
So I think she's just crazy, man. I don't know. She's a blast to be around.
[Uncle Marv]
She's your product, so you've got a little hand in that. Let me ask you this, Jess. So as far as I know, you are from Cincinnati, Ohio.
Were you born and raised there?
[Jesse Tuttle]
Yes. Yeah. It's funny because I actually found out that when I was on the most wanted list, they had a, I mean, everyone knew in the hacker community, I was from Ohio, from Cincinnati.
I didn't necessarily keep that a secret. No one knew my identity. And apparently a lot of law enforcement and government agencies knew that like within like a 10 mile radius of where I most likely lived and just could never narrow it down.
[Uncle Marv]
All right. So the question I wanted to ask about that, so my wife is from a small town in Ohio, not close to Cincinnati, but she's up south of Cleveland. And Ohio was never really known as a hotbed for hackers.
So how did that become a thing for you that you were able to do so much from a place like Ohio?
[Jesse Tuttle]
So we are not what most people would think of as a hotbed for hackers. We are a hotbed for tech and I didn't realize it at the time, but the number of fortune level companies that are from Cincinnati, I mean, we have GE, Kroger, Procter and Gamble. I mean, some of these companies, they are big into tech.
Some of them actually help build out parts of the internet like GE. The entire three dot block of the IPV4 address is owned by GE. They still own their entire IP address block of that.
And a lot of that was built here out of Cincinnati. When Ma Bell was broken up into various bell companies, you know, there's Bell South, all these different bells. Well, there was Cincinnati Bell, because the research and development going on in Cincinnati was so huge that, and how the market worked, Cincinnati got their own bell company when Ma Bell was broken up.
These are things I've just learned after the fact. I didn't realize that the tech community here, my introduction was through my grandfather. He worked for GE and he was an engineer there.
And so my first computer was a gift from him. It was a hand-me-down. It was like 10 years old.
It was an Apple II. And it just opened the door for me. So, yeah.
[Uncle Marv]
So I don't want to get too deep into your history because you're going to be sharing that at the Ask the Edge events. I want to be able to save some juicy nuggets for them. Of course, a lot of your information is out on the internet.
You have a very healthy Wikipedia page.
[Jesse Tuttle]
I still, you know what, I'm going to be honest. I still have a hard time just wrapping my head around that I have a Wikipedia. It's maintained by a professor and her semester classes at the Asian School of Cyber Law.
I was in one of their textbooks, or I am in one of their textbooks. They have some lessons that I'm included in. I'm in a number of actual college textbooks as case studies.
So, yeah, it just mind blows me still.
[Uncle Marv]
Yeah. Now I know that Wikipedia is kind of like a self-patrolling thing. It's almost anybody can go in and do a Wikipedia thing.
Now, do they confirm stuff with you or do you sometimes see stuff up there? It's like, I didn't do that.
[Jesse Tuttle]
So any Wikipedia article that is flagged as a biography, which mine is, is heavily scrutinized. There is an entire, I learned all this just because she told me as they went through the process. There is an entire peer review process of Wikipedia’s and experts that has to go through and review it.
And it gets very heavily scrutinized. Most biographies that do get published or take taken down in like the first 30 days, mine's been up for more than a year. It was inspired because of a keynote talk I did in February of 2024.
And the professor reached out and said, “Hey, would you be okay with us doing this? By the way, you're in one of our textbooks and told me about what they did. I said, “I really don't care.
Go ahead. But it's been quite an interesting journey, just having that.
[Uncle Marv]
Again, you're going to be at all of the remaining ASCII events all the way up through the ASCII Cup in Philadelphia. I'll see you next week in Orlando. If there was a tease or a takeaway that you want people to get by attending these events and listening to you on stage, what do you think that would be?
[Jesse Tuttle]
So as I will share my background, the other thing that I hope people do definitely realize is not all threat actors are the same. There are tons of different motivations. Unlike a scammer who's typically their motivation is purely financial.
Mine was that of curiosity. You know, like I said, I learned to make databases by hacking banks. Most scammers, they just, it's business to them.
And I didn't necessarily realize this when I was younger. You know, I learned of some of the evils that existed in the world during my work as an intelligent asset. I didn't actually understand that the multiple cyber wars that I caused that has given rise to modern day data compliance has been cited in like the European Council on Information Warfare.
You know, I mentioned in these things and in hearings about why data compliance and backup and regulations needed, I never really thought about it. But I also never thought about human trafficking. Never thought about human sacrifice.
I never thought about these aspects are part of the scamming community. And what I really love is today I get to work as a threat engineer to build next generation awareness training based on how threat actors truly work, not just some, you know, 2012 template that's being passed around or, you know, some template that looks good and sounds good on paper and makes sense. But it's, I get to actually experience how to bring the thought process of an attacker to an end user and give them a reality eye opening opportunity.
So I don't know how much I'll get to go into that on stage, but I think there will be a presence of that. And I think though, hearing my background, it will give people the opportunity to go, hey, you know, not every threat actor is the same, because everyone's used to the scammer or the hacker that's demanding ransom and hacker, that is not a hacker. That's a script kiddie, someone that's downloading a tool that is best classified as a scammer.
If there is money involved, you are dealing with a scammer. And that's one of the worst to deal with, because morals typically go out the window. People don't understand that.
[Uncle Marv]
Let me ask one more question you brought to mind. Do you watch the show Criminal Minds?
[Jesse Tuttle]
No, I know it. My parents actually watched every episode.
[Uncle Marv]
Okay. So there's a character on there named Penelope Garcia, and she is their cyber guru that they brought into the behavioral analysis unit. And she was brought in primarily because she was a hacker.
So between her character and some of the others that you see on TV, we're watching the show Tracker right now. And there's a couple of guys that, you know, are hacking their way around the world as they help this, you know, Coulter Shaw find people and stuff. Again, I didn't prep you for this, but is there any real correlation between those characters that we see on TV and what's really out there?
[Jesse Tuttle]
Um, there is. So I'm not, to be transparent, a little personal about me. I don't watch a lot of TV or movies.
Ever since I was introduced to computers, I mean, No need for a computer. And exploring and learning. I mean, I will go into what my motivation was.
And when I typically share that people are surprised, but I will name drop a couple TV shows that and movies that I think are, they give some relevance. So my favorite movie, 1995 movie hackers, Angelina Jolie co-stars in that it's one of her early films. Um, that is great in just learning the, uh, the cultural feel of the hacker community.
If you get contacted by a threat actor that is demanding money and ransoms, they are not a hacker. They are. I mean, it is so far outside the hacker culture.
Hackers want to preserve data. We want to explore. We want to, uh, um, I mean, our problem is, is that we are just maliciously curious.
[Uncle Marv]
Yeah. Curious. You want to poke around and see what you can say.
[Jesse Tuttle]
Yes. So, um, there's another show that I watched part of, um, and Mr. Robot.
[Uncle Marv]
Mr. Robot.
[Jesse Tuttle]
Okay.
[Uncle Marv]
I was wondering if that was it.
[Jesse Tuttle]
So Mr. Robot, um, I don't care for the amount of drug usage in the show. Um, as I was that stereotypical hacker sitting in his parents' basement as a teenager in early twenties, um, I've never got into drugs. Um, I've always been too weary of that to damage my brain.
Um, so I don't, I'm actually put off by the drug usage in the show and some of the, like, some of the, um, mental problems, uh, that he goes through, which I don't quite understand or follow why that's in there other than storyline. But it's interesting. The show creators would go to Defcon and other, uh, events and conferences and interview to verify that what they want to do in their show is actually plausible and possible.
So everything that is done in the show has a proof of concept behind it that works. Um, when it comes to, um, super hackers that, you know, the Felicity Smoak of Arrow or, you know, some of these other people, um, no, I mean, no, but, uh, I say that with a caveat because the movie Swordfish, I believe, um, guys in a locked up criminal hacker, they come to get him out. Someone, I don't remember how it unfolds, but, um, he's given five minutes to hack into a system at gunpoint or something like that.
Um, we used to literally sit around on IRC and make jokes about how, uh, what took him five minutes we did in 30 seconds. So, um, I mean, yes, system penetration at mass can be extremely quick. I wrote; I was an exploit developer.
I wrote exploits for zero days that I found, um, in FTP and web server and Microsoft products. So from Windows to Office, um, uh, Outlook, that's what I specialized in. And then, um, I would, uh, build fully weaponized, uh, code to distribute to trade.
Um, I also built a bot. This is something I've never shared. I think I will probably dive into it more at ASCII, uh, because there's a lot of automation here, but I built a, an IRC bot that, um, worked as a command and control center, um, for, uh, fully automated hacking.
So everything, any exploits that I developed, zero day exploits, any exploits I could get my hands on, if someone wanted access to my command and control bot for use, they would have to provide me zero days that I would bake into it. Um, there is some examples online still of still today of where that bot took actions that are documented, uh, in record, but, uh, I mean, uh, hacking a lot of schools, uh, universities, government, military, fortune level companies, um, going in through the FTP server or web server, uh, was a matter of seconds. Just slice right through, um, to deliver, uh, an internal payload.
Um, it's how I took, uh, control of several military bases and parts of Mil Mats. Um, it was all through, uh, a fish that I delivered that contained a payload for a zero day. Um, I mean, fishing as I was a zero day developer, I mean, fishing works, man.
It still works. I remember in the mid-nineties being on AOL and talking about distributing, uh, pirated software, uh, wars at the time. That's where, I mean, fishing existed before that, but that's the term fishing, everything that all originated in mid-nineties, AOL wars communities.
And I was there for it. And as I've always seen it as, uh, an easy low level attack that I'm like, eh, I mean, there's no skill to it. I always enjoyed the more technical stuff.
It works. It works enough that at DEF CON in 2024, just this past year, there was an entire booth, um, hosted by Intuit called Fisherman's Wharf, where you could go up, um, and get a hands-on training lesson, how to build fully automated, uh, fishing, how to spoof sites and fish people's credentials to show how simple and easy it is. Um, most of our team sat down to do it just to validate and see what it was like, but we kind of kept an eye and the number of teenagers that went and did that, that training was phenomenal.
Um, but then you take that training and you pair it with the AI and machine learning labs that they had there. And then the, the OSINT labs and the recon labs and the, um, the, uh, social engineering labs. I mean, people could learn so much and they are.
The number of teenagers and young adults, kids, when I say kids, I mean, um, my niece is going into seventh grade and they have introduced Python programming required for all seventh graders. Most of hacking tools are Python based. People, I mean, technology is getting for younger and younger and the, I mean, the prefrontal cortex is not developed enough to necessarily know right from wrong.
I know I was a young kid that started multiple cyber wars and people just need to be aware of this. It's all about awareness and understanding and the little precautions and steps that people can take is absolutely huge. There's not enough training that can be done.
Um, regular daily, you know, 32nd, you know, training session. So yeah, I know I went off on a tangent there. It's just something I'm super passionate about.
And it's the only thing that I truly think is going to change things.
[Uncle Marv]
Well, that's quite all right. And as you were talking, I was thinking, Ooh, should I reign it in? I'm like, no, I'm going to let this go because it's, uh, it's pertinent.
It's, it's gripping. And if this is just a preview of what you're going to be doing on the ASCII tour, well, I'm glad that I'm going next week and I can see it firsthand. And we're going to have to, uh, hopefully if you'll allow plan for another longer podcast down the road.
[Jesse Tuttle]
Yep. And as much as ASCII will let me, uh, through this series of seven, uh, events, I will unleash as much as they let me.
[Uncle Marv]
All right. All right. Thank you very much.
So, uh, Jesse Tuttle folks will be at the, his first ASCII edge, uh, next week in Orlando, Florida, that is February 26th and 27th. Again, head over to events.ascii.com, uh, and get yourself a free ticket. If you want to come and see his keynote, the mindset of a hacker, FBI's and Interpol's most wanted shares all.
[Jesse Tuttle]
Clarification. It's my second ASCII. I actually, I knew I was going to be a speaker.
So I social engineered my way into one last year to check it out. So, yeah.
[Uncle Marv]
All right. So, uh, Jesse, thank you very much for, uh, coming on, uh, tell Reese to say hello to me when she sees me. So that's going to do it folks.
We will, uh, see you out there on the road, either in an ASCII event or at a future podcast here on the it business podcast. We'll see you next time. Holla.