Ryan Montgomery, a former healthcare facility owner turned cybercrime investigator, uses open-source intelligence (OSINT) and hacking tools to identify online child predators and traffickers. He sat down with Tucker Carlson to demonstrate how exposed ordinary Americans are online, how organized satanic extortion groups operate, and how consumer technology introduces serious security vulnerabilities into everyday life.
How much strangers can learn about you online
Montgomery ran a “20-minute challenge” on Carlson, who does not own a computer and rarely uses email, and within minutes uncovered his Social Security number, driver’s license number, signature from a warranty deed, motorcycle transaction records, hunting and fishing licenses from multiple states, and every address he has ever lived at — including his childhood home.
Most of this came from the National Public Data breach, a leak of roughly 2.8 billion records about 18 months ago, caused by a Florida sheriff who reused credentials from a demo project on his production system. The database included Social Security numbers, addresses, and personal details for hundreds of millions of Americans.
Montgomery’s company, Pentester, built a free search tool (NPD.pentester.com) so people can check if they are in the breach and get instructions to freeze their credit at TransUnion, Equifax, and Experian. Freezing credit does not hurt your score and takes seconds to unfreeze when needed.
Carlson’s Social Security number is now on an unknown number of computers worldwide; it cannot be removed from the breach. The only mitigation is freezing credit and monitoring accounts.
Facial recognition and digital footprints
Montgomery demonstrated a reverse facial recognition tool his company built that takes 120 geometric measurements of a face (distance between nostrils and earlobes, etc.) and matches them against images across the internet. It works even with makeup, hair color changes, or only partial faces visible.
Using a photo of Carlson, the tool returned endless results across the web. For an average person, it can reveal photos they did not know existed — at weddings, children’s sports events, or on random websites — and show where those images are hosted so they can request removal.
The tool is available to consumers through Pentester for under $20/month. Montgomery argues people need to see their own digital footprint because others — including criminals — can already see it.
There is currently no reliable way to avoid facial recognition in public. Sunglasses do not work. Masks covering only the lower face do not work. Hoods and avoiding cameras are the only partial options, and even those are unreliable.
Organized satanic extortion groups targeting children
Montgomery described a network of online groups, originating with a collective called 764, that identify as satanic cults (using pentagrams as logos, referencing groups like the Order of Nine Angles and a newer group called NLM — No Lives Matter). Their ideology centers on “culling” — gaining spiritual power through harming others.
These groups operate through mental health support forums on platforms like Discord, Twitter/X, Reddit, and Instagram. Predators join legitimate support groups for children with depression, eating disorders, or suicidal ideation, identify the most vulnerable kids, befriend them, and lure them into private chat rooms.
They follow detailed written guides (some 220+ pages) that instruct members to: find victims on Roblox, social media, or mental health forums; spend weeks grooming them with affection and nicknames like “princess” and “darling”; ask them to be their girlfriend; request nude photos; then extort them.
The extortion demands escalate: victims are told to carve group names and usernames into their own bodies, harm or kill pets, harm strangers (including homeless people), livestream self-harm, and ultimately commit suicide. Refusal means the group threatens to send nude photos to the victim’s family, school, and friends, or to swat them (make a false emergency report to send armed police to their home).
Montgomery showed screenshots of chat logs where group members bragged about murders, including a video of a member beating and slashing the throat of an elderly woman on a staircase while another member watched and laughed on a phone call. He also described cases of people lighting homeless individuals on fire and a man torching himself in a hotel room to prove loyalty to a group.
Since the groups emerged roughly 3–4 years ago, only about 35 people total have been arrested. The FBI has around 450 active investigations, but Montgomery says that is nowhere near enough — one group alone contains more than 450 identifiable targets.
Montgomery argues that educating parents will do more than law enforcement alone, because arrests happen one at a time while the groups grow exponentially. He urges parents to talk to their children about grooming, monitor their devices, and understand that smartphones and iPads function as unsupervised connections to strangers.
Roblox and the platform’s response to predators
Roblox is the largest children’s gaming platform in the world, with roughly 150 million daily active users. Children chat by voice and text while playing games as Lego-like characters. Montgomery calls it a magnet for predators because of its child-heavy user base.
A vigilante known as Schlepp (who was himself groomed on Roblox as a child) posed as a minor on the platform, gathered evidence, and helped get six predators arrested. Roblox responded by banning him from the platform, sending a cease-and-desist letter, and issuing a press release claiming vigilantes create more danger.
Montgomery says Roblox also does not allow law enforcement to conduct investigations on its platform. He finds the company’s posture inexplicable and irresponsible for a multi-billion-dollar corporation.
Roblox recently implemented facial age verification using a third-party company to group users into age-appropriate lobbies. Montgomery argues this is unreliable (the technology frequently misidentifies ages), creates new risks (biometric data of children is being collected by an unknown third party), and is easily bypassed (verified accounts for specific age ranges are sold on eBay for around $15).
After public criticism, Roblox’s stock price roughly halved over six months, with the top news article about the company focusing on its grooming problem.
Montgomery’s origin story
Montgomery had no background in child crimes. He owned medical facilities for substance use and mental health treatment. He received a text from a friend’s wife containing screenshots of a clear-web forum where a child was pictured in a bathtub with a caption saying “they have no idea what’s going to happen to them tonight,” and users were discussing what they would do to the child.
He hacked the forum’s server (it was running a “nulled” — pirated — theme that gave him access), extracted the database of 7,000 users excluding images/videos to avoid possessing CSAM, and tried to hand it to law enforcement and media. No one acted for six months.
During that time, the site’s administrator — Nathan Larson, a Libertarian politician running for Congress in Virginia — was arrested in Denver for kidnapping and raping a 13-year-old girl. Montgomery believes the arrest could have been prevented if law enforcement had acted on his database.
Frustrated, Montgomery began anonymously helping YouTube vigilante predator-hunting channels by identifying the real names, workplaces, and addresses of suspects from chat logs and photos. This eventually led to his own public work, a viral podcast appearance on Sean Ryan’s show (which became Ryan’s most-viewed episode with hundreds of millions of views), and eventually to working with federal law enforcement and founding Sentinel Foundation.
He is now the godfather of Sean Ryan’s firstborn child.
Consumer technology vulnerabilities
Smart light bulbs: Montgomery showed a commercially available smart bulb that had been flashed with custom firmware. Once installed in someone’s home, it can monitor Wi-Fi traffic, capture network handshakes, crack Wi-Fi passwords, pivot to other devices on the network, and reroute traffic to phishing pages. The attacker can communicate with it remotely within Wi-Fi range.
Smart plugs: A similar attack vector. A modified smart plug can monitor network traffic and serve as a persistent implant in someone’s home while functioning normally.
Signal jammers: Montgomery showed a device (found on the side of the road, likely from China) that can disable all cell phones, GPS, Wi-Fi, and Bluetooth within 70 meters. This means no 911 calls, no alarm system notifications, no wireless camera footage (cloud-based cameras lose all footage if they can’t connect). Jammers are illegal to buy and use in the US but available from Chinese sellers. Montgomery has been swatted three times by members of the satanic extortion groups for his public work.
Key fob replay attacks: Using a device with custom Russian firmware (costing ~$2,900 on the dark web), Montgomery demonstrated capturing and duplicating a Kia/Hyundai key fob signal. A criminal could sit in a Walmart parking lot, capture signals from people locking their cars, and then duplicate the fob to unlock and enter any of those cars later. The device stays in sync with the fob’s rolling code.
Garage door vulnerabilities: The same replay attack works on most garage doors. Montgomery’s advice: if your garage connects to your house, deadbolt that interior door like it’s your front door.
Radio signal interception: A device called a Hack RF (with custom “Mayhem” firmware) can receive and transmit across 1 MHz to 6 GHz, allowing someone to access airplane and boat transponders, pharmacy and fast-food drive-through intercoms, TouchTunes jukeboxes in bars, and more.
Drone spoofing: A 3D-printed device from the Defcon hacking conference can detect drones, spoof fake drone swarms to overwhelm military counter-drone systems, and read the Remote ID broadcast that consumer drones have been required to transmit since March 2024 (which includes the operator’s location, the drone’s position, speed, altitude, and the owner’s name from registration).
Montgomery’s recommendations
Check your digital footprint: Use tools like Pentester to see what accounts, images, and personal data are linked to your name, email, and phone number. Remove what you can.
Freeze your credit: It’s free, takes minutes, and prevents identity thieves from opening accounts in your name even if they have your Social Security number.
Secure your home network: Put IoT devices (smart bulbs, plugs, robot vacuums) on a separate guest network or VLAN so they cannot access your computers or sensitive data even if compromised.
Use wired cameras: Cloud-based wireless cameras are useless if someone jams your signal or you lose internet. Wired cameras with local storage continue recording.
Hard-code your garage door: Use a fixed-code garage door opener or add a manual lock, since rolling-code replay attacks can capture and duplicate your signal.
Talk to your children: Explain what grooming is, that adults who ask for photos or want to keep conversations secret are dangerous, and that they can come to you even if they are embarrassed. Montgomery says this conversation could save a child’s life.
Stay informed: Technology vulnerabilities are increasing as younger, more tech-savvy generations become criminals. Complacency is the biggest risk.
