#255 Ryan Montgomery – Roblox & Minecraft: Hacker Exposes the Largest Online Video Games

Summary of #255 Ryan Montgomery – Roblox & Minecraft: Hacker Exposes the Largest Online Video Games

by Shawn Ryan

5h 22mNovember 20, 2025
Listen to Episode

Overview of #255 Ryan Montgomery — Roblox & Minecraft: Hacker Exposes the Largest Online Video Games

This episode (host: Shawn Ryan) features Ryan Montgomery — ethical hacker, founder of Pentester, and CTO of the Sentinel Foundation — discussing his work exposing online predators, cyber demonstrations (live phishing/captive-portal attack), tools he uses, and an urgent deep-dive into an extremely violent online subculture (referred to as “764” and related offshoots) that grooms, extorts and forces children into self-harm, animal abuse and worse. The conversation mixes practical cybersecurity demos and consumer protection advice with disturbing real-world examples of exploitation and the failures/limitations of platforms and some law‑enforcement responses.

Content warning: the episode discusses graphic child abuse, suicide, animal cruelty, and sexual exploitation. Some descriptions and screenshots mentioned are explicit.

Key takeaways

  • Online predators and violent cult-style groups are actively recruiting and extorting minors on mainstream children’s platforms (Roblox, Minecraft) and on social apps (Discord, Snapchat, TikTok).
  • Large corporate platforms sometimes respond poorly to third-party vigilantism and can be slow or inadequate in moderation; profitable in‑game economies (Robux, etc.) create incentives and complexities.
  • The most effective immediate defense is parental education and preventative measures (supervision, parental controls, device monitoring), not just reactive law enforcement.
  • Ryan demonstrated live hacks to show how trivial it can be for attackers to capture credentials or create fake Wi‑Fi (captive‑portal) login pages.
  • Pentester (Ryan’s company) provides consumer tools for breach discovery, data‑broker removal, reverse face search and a low‑friction SMS product to help people discover exposed data.
  • Sentinel Foundation (nonprofit) is collaborating with law enforcement to investigate and rescue victims; they have found far more problematic activity in a short time than the host expected.

Major topics covered

  • Ryan’s background: ethical hacking, Pentester, Sentinel Foundation, and his personal history (early life, addiction and recovery).
  • Cybersecurity demos: captive‑portal phishing (fake Google login via a public Wi‑Fi), Flipper + dual ESP extensions (Wi‑Fi/Bluetooth attacks), BLE Shark Nano (create fake Wi‑Fi captive portals), jamming/deauth attacks, “Sour Apple” Bluetooth attacks against modern iPhones, “screen crab” HDMI screen spy, “land turtle” USB backdoor, Mesh‑tastic radio mesh comms, Faraday bags, Rayhunter‑flashed Verizon hotspot (stingray detector).
  • Data breaches & identity risk: national public data (NPD) breach (2.8 billion records referenced), AT&T breach; Pentester tools and “Pentester SMS” for non‑technical users.
  • Practical consumer advice: freeze credit, password managers, avoid public Wi‑Fi/captive portals, VPN guidance and caveats (some VPNs have logged/users in the past; consider reputable no‑logs providers).
  • The 764 group and related networks: how they groom/monetize/force victims, terminology, examples, and the scale and severity of abuse.
  • Law enforcement, media, Project Veritas, and the challenges getting agencies/media to act on evidence.
  • Mental health impact on responders and the need for self-care/therapy.

Notable quotes / insights

  • “When you hand your kid a phone you’re not giving your kid access to the world — you’re giving the world access to your kid.” — paraphrase Ryan/Sean on risk of unsupervised devices.
  • “Public Wi‑Fi: don’t trust it.” — demonstrated with captive‑portal phishing that can steal credentials and payment details.
  • “The platform (Roblox) issued a ‘vigilante’ cease-and-desist — while there are predatory communities on their platform.” — host reaction to platform priorities.
  • “If you can attack it you can defend it.” — Ryan on offense being the best path to defense for cybersecurity knowledge.

The 764 group — what you need to know

What is it?

  • Described in the episode as a nihilist/satanic online subculture that evolved from “the comm” (an internet community). It reportedly began with a teenager and grew into multiple offshoots.
  • Members groom minors, extort them (nudes), and coerce extreme self‑harm, animal abuse, violent crimes and in some cases murder — often recording and sharing for “cred” within the group.

Tactics & jargon (terms used in episode)

  • Grooming: befriending children (sometimes on mental-health forums) to gain trust, then escalate to sexual content and coercion.
  • Cut signs / cut sluts: carving usernames or symbols into victims’ bodies; deep cutting (permanent scars).
  • Blood signs: smearing victims’ blood on walls with symbols/usernames.
  • Lure books / lorebooks: collections of exploited victims’ images and identifying data used to extort.
  • Bricking: vandalizing target properties (throwing bricks, breaking windows) often recorded and shared.
  • Swatting: false reports to cause emergency tactical response.
  • Tradecraft: instructions for evading detection, vetting/initiations into closed groups (often require proof of violent acts).
  • Monetization: some members sell “services” (bricking, doxing) or trafficking content; in some reported cases sites or in‑game sales are used in the ecosystem.

Platforms & vectors

  • Children’s games (Roblox, Minecraft) — social features, user-created worlds and in‑game economies are exploited.
  • Discord groups and private servers are used to coordinate and host explicit content.
  • Some grooming begins on mental‑health support spaces with false invitations.
  • Brand Army / other “creator” sites and questionable monetization models (discussion of underage monetized content as an issue).
  • OnlyFans / BrandArmy allegations: transacting or sexualized content pathways that can be abused by adults or parents (discussed as a disturbing trend in the episode).

Scale & enforcement

  • Episode cites: Roblox ~75 million daily users (context: huge exposure window).
  • Ryan says Sentinel’s short investigations found many troubling accounts quickly; he references law enforcement interest (FBI probes cited in the episode as 250 probes) but also notes slow or inconsistent action by media/agencies.
  • Arrests & sentences: episode mentions several violent and criminal cases connected to these networks; reporting on convictions/sentences varied — verify details if needed (transcript may be imprecise).

Practical, actionable steps (for parents & guardians)

Immediate actions

  • Remove or heavily restrict Roblox/Minecraft/unsupervised apps for young children. If used, enforce strict supervision and only allow curated experiences.
  • Talk to your children (age‑appropriate): no nude photos, no private chats with strangers, tell you if anyone asks them to self‑harm, send photos, or do anything sexual.
  • Use device controls & parental software: consider Bark (mentioned as effective) or similar parental‑monitoring solutions; set screen time, content filters, and disable anonymous chat.
  • Remove in‑game purchase capabilities (don’t keep gift card balances where kids can spend unsupervised).
  • Educate parents of children your kids play with; don’t assume other parents are informed.

Identity & data protection

  • Freeze credit (Equifax, TransUnion, Experian) if sensitive data exposed (NPD/AT&T breaches discussed).
  • Use strong unique passwords + password manager; enable two‑factor authentication for accounts.
  • Don’t use public Wi‑Fi for sensitive logins; never submit credentials to captive portals. If you must, use a secure personal hotspot or your own VPN (be careful which VPN you choose — prefer reputable, audited no‑log providers).
  • Consider privacy/data removal services; Pentester was described as one such product (also Pentester SMS for less technical users).

Device & field safety

  • Use Faraday bags to preserve seized phones for law enforcement and to block remote wipes.
  • Consider hardened communication devices or secure hotspots for privacy‑critical operations (Glacier device described).
  • Regularly check children’s accounts/emails, and monitor for unknown profiles using their name or photos.

If your child is targeted

  • Don’t engage or pay extortion demands.
  • Preserve evidence (screenshots, messages).
  • Report to local law enforcement and NCMEC (National Center for Missing & Exploited Children) in the U.S.
  • Seek immediate professional help (therapy, crisis resources). For suicide/self‑harm instructions on video, call emergency services immediately.

Technical demonstrations & tools Ryan showed

  • Flipper (hardware pentesting tool) + Dual ESP add-on: Wi‑Fi/Bluetooth attacks, beacon/spoofing, evil portals, deauth, targeted disconnect attacks.
  • BLE Shark Nano: creates fake Wi‑Fi network/captive‑portal that can harvest credentials — live demo of a captive portal pretending to be Google.
  • “Sour Apple” Bluetooth attack: spoofing AirTag notifications, causing iPhone notifications or making devices unusable unless Bluetooth fully disabled.
  • ScreenCrab (HDMI spy): covertly capture a monitor feed and stream/store it remotely.
  • Land Turtle (USB device): USB drop used to create persistent outbound access to a remote server.
  • Nyan Box / Nefarious Wi‑Fi/Bluetooth tools: jamming, protocol kill (note: jamming is illegal in many places).
  • Rayhunter-modified Verizon hotspot: detects nearby stingray/cellular interceptors; sells devices flashed with detection software.
  • Mesh‑Tastic radios: low‑power mesh communications for off‑grid messaging (useful in emergencies).
  • Glacier secure cellular device & app: hardened device/service for secure encrypted connectivity (commercial product discussed).
  • Pentester (service): breach discovery, data broker removal, reverse facial recognition; Pentester SMS (text-based access) for non‑technical users — episode shows demo workflow and recommended actions for NPD/AT&T breaches.

Note: Many of the demonstration tools are dual‑use — while used for legitimate pentesting and rescue operations, some attacks (jamming, unauthorized access) are illegal if used without permission.

Law enforcement, media & systemic issues (summary)

  • Ryan recounts repeated reports to media and law enforcement about a major pedophile site years earlier; media legal teams and law enforcement were initially unresponsive, leading to a public viral story later.
  • Project Veritas initially collaborated on one large case but internal changes caused the effort to be curtailed (per Ryan).
  • Sentinel Foundation claims close collaboration with certain law‑enforcement groups (task forces, marshals); operations abroad (Thailand, Haiti, Peru, Uganda, Jamaica) and domestic rescues were described.
  • Ryan and Shawn express frustration about inconsistent enforcement, perceived prioritization failures at large platforms, and slow government response to large‑scale problems.

Recommendations — short checklist for listeners

  • If you’re a parent:
    • Remove unsupervised access to Roblox/Minecraft/chat apps for young kids.
    • Install and configure parental controls and a monitoring solution (Bark, others).
    • Remove in‑game currency & purchasing options from children.
    • Talk openly with your kids (age‑appropriate) about not sending photos and coming to you if pressured.
  • If you’re a general user:
    • Freeze credit if you suspect exposure; use strong unique passwords and a password manager.
    • Never enter credentials into public captive portals; avoid public Wi‑Fi for sensitive actions.
    • Consider Pentester-style monitoring (or similar services) and data-broker removals if you’re concerned about your digital footprint.
  • If you work in tech/platform moderation:
    • Prioritize child safety engineering, proactive moderation, and collaborate with subject-matter experts.
  • If you are a responder/volunteer:
    • Take care of mental health — repeated exposure to extreme content requires support and therapy.

Resources referenced in the episode (as discussed)

  • Pentester (breach search, data broker removal, reverse face search) — consumer and business tiers; Pentester SMS (text‑based assistance).
  • NCMEC (National Center for Missing & Exploited Children) — report exploitation.
  • Bark (parental monitoring) — recommended as a monitoring option by Ryan in the episode.
  • Mesh‑Tastic radios, Glacier secure device, Faraday bags (practical privacy/hardening items).
  • VPN recommendations/notes: caution about VPN companies that have logged or been acquired; Ryan mentioned IVPN and Mullvad positively and referenced past IPvanish log incidents.

(If you need official links or contact info, consult official websites for Pentester, NCMEC and monitoring tools — verify before subscribing.)

Final thoughts from the episode

This is a high‑urgency episode aimed at educating parents and concerned adults. Ryan mixes technical demos (to show how easy some attacks are) with a blunt description of an evolving, highly malicious underground culture that preys on minors. The two most practical outcomes for listeners are (1) immediate parental action and supervision, and (2) personal data hygiene (freeze credit, change passwords, monitor breaches). The episode also highlights systemic gaps — platform policies, enforcement limits, and the need for better coordinated responses.

If you’re a parent or guardian: start with a short conversation, check what apps your child uses, remove unsupervised access to platforms that allow chat with strangers, and implement parental controls today.