Jack Recider
Appearances
Darknet Diaries
139: D3f4ult
There's something empowering about pulling off something like this. You feel like the world bends to you and your whims. There's a shift in control, and that control can become intoxicating.
Darknet Diaries
139: D3f4ult
I went to spycloud.com to check into my darknet exposure, and I won't tell you what it is, but spoiler alert, I found some things that are pretty eye-opening.
Darknet Diaries
139: D3f4ult
Hmm. Pedophiles have been sort of hated universally within anonymous. In these chat rooms where anything was allowed and free speech rules, pedophilia was not allowed, which I've always been fascinated by that. That's the common denominator that everyone agreed on. It didn't matter what group you were in or political affiliation or cause that was important to you. Pedophilia was wrong to everyone.
Darknet Diaries
139: D3f4ult
Which you might think, yeah, duh, of course that's wrong. Draw that line. But why there? Why not ban pictures of murdered people? Or pictures of people having sex with animals? Or pictures of torture? All that was approved. Hell, there was a video of two girls eating poo, which was a real big hit in these channels.
Darknet Diaries
139: D3f4ult
Like nothing you could possibly present to this crowd shocked them or made them care. Except pedophilia. That was going too far. So imagine, if you will, being a teenager, having these hacking skills, looking around for something to use it on, and seeing that everyone hated pedophiles. All the hackers on all the channels, the cops even, the normies.
Darknet Diaries
139: D3f4ult
There was even a TV show called Catch a Predator where they'd set up sting operations for pedophiles. It felt like if this is who you wanted to try to hack into or mess with, the universe was on your side. It felt like what you were doing was right in every way. It was helping the world, and nobody would say you're wrong. Yet at the same time, hacking feels so counterculture and rebellious.
Darknet Diaries
139: D3f4ult
Getting pedophiles arrested meant getting respect among the hacker groups, which meant getting more members. Things were progressing for them, and their hacks got bigger.
Darknet Diaries
139: D3f4ult
With SpyCloud, you have a trusted partner to fight the good fight with. Their automated solutions, which is built on over 350 billion recaptured assets from the criminal underground, ensure you're not in the dark when it comes to your company's exposure to cybercrime. To get your full Darknet exposure report, visit spycloud.com slash darknetdiaries. That's spycloud.com slash darknetdiaries.
Darknet Diaries
139: D3f4ult
Jeez, mate, you got me fact-checking the weirdest stuff in this episode. Okay, so he's right. In 2014, it was legal in Denmark to have sex with animals, and there was some weird-ass animal sex tourism going on over there. Because like a year earlier, Sweden and Germany banned sex with animals. So it was like a weird moment where some places it was illegal and some it wasn't.
Darknet Diaries
139: D3f4ult
And yeah, shortly after this hack, Denmark changed the law. They made sex with animals illegal. And I can't tell if this hack had anything to do with the laws changing, but the timing is very coincidental. Now, stuff like this, hacking into places, making the news and getting people arrested and stuff, it's like a drug.
Darknet Diaries
139: D3f4ult
Let's take a quick ad break, but stay with us because when we come back, we're going off the trail. This episode is sponsored by Arctic Wolf. Arctic Wolf, an industry leader in managed security operations, surveyed a thousand security and IT professionals across the globe to better understand them. What are their top priorities, current challenges and future concerns?
Darknet Diaries
139: D3f4ult
This survey revealed some startling findings, and you can discover them all in the State of Cybersecurity 2024 Trends Report. Learn why the number of insider threats spikes severely, what lessons can be learned from the year over year change, and how many organizations disclose a breach. and what cyber attacks struck 70% of organizations.
Darknet Diaries
139: D3f4ult
Download the State of Cybersecurity 2024 Trends Report today at arcticwolf.com forward slash darknet. That's arcticwolf.com forward slash darknet. Okay, so Default was on a path. He didn't know where the path was taking him, but he already made his way through Anonymous and into different hacker groups. AnonSec was the group where this first exciting stuff was happening.
Darknet Diaries
139: D3f4ult
He kind of took over that group. But do you realize there's a whole infrastructure to these hacker groups? There's data stores to keep records of the stuff you collected or the passwords you've cracked. There's a tool shop to quickly grab hacking tools and how to use them. But to build on that infrastructure, they decided they needed to build a botnet.
Darknet Diaries
139: D3f4ult
A botnet is just having control of a bunch of computers. You typically try to infect a huge swath of IPs and hope that a bunch of computers get infected and become under your control. But the reason why they wanted a botnet was to route their attacks through it.
Darknet Diaries
139: D3f4ult
Instead of malicious traffic or connections coming from the non-sec members themselves, they set up this botnet to pipe their traffic through someone else's computer to get to their targets. But when you infect a bunch of computers with a botnet, start to get curious. what are these computers that are in our control now?
Darknet Diaries
139: D3f4ult
One of these servers belonged to the Windsor University. This is a medical school.
Darknet Diaries
139: D3f4ult
This episode is sponsored by Delete Me. In episode 133, I spoke to Connor Tumbleson about some people from who knows where who were stealing his identity. Luckily, they weren't out to destroy his reputation or extort him, but think of the damage that could be done. We all have data out there, which data brokers use to make profit.
Darknet Diaries
139: D3f4ult
I saw a screenshot of this. He was in the admin panel of the university. And there, in front of him, was a list of all the students who owed money to the school. And it all added up to $9 million. And he started to think... Could I? Should I mess with this?
Darknet Diaries
139: D3f4ult
There were 391 students listed here. He scrolled to the bottom of the page. And there was a button. Delete all? Why was there a delete all button? I have no idea. But there it was.
Darknet Diaries
139: D3f4ult
Default kept going further down this path, getting into place after place. And the places he was hidden were starting to really add up.
Darknet Diaries
139: D3f4ult
Anyone on the web can buy your private details to do anything they want. This can lead to identity theft, phishing attempts, harassment, and unwanted spam calls. But there's a solution called Delete Me. I tried it and they immediately got busy scouring the internet for my name and gave me reports on what they found. And they got busy deleting these things.
Darknet Diaries
139: D3f4ult
Now, each of these have their own story and I've listened to him tell me some of these himself and they're insane. And I'm sorry I can't include them all here. But I do want to stop at the Facebook login exploit he had.
Darknet Diaries
139: D3f4ult
What they did was get a Facebook username and then try to log in as them, but then say, oh, I forgot my password. And at the time, Facebook would then send you a four-digit code to your email that you had to type into the site to prove it was really you. Because after all, if you had control of the email that was registered to this user, it must really be you, right?
Darknet Diaries
139: D3f4ult
Well, it was a four-digit code, which means there's about 10,000 possibilities of what it could be. And these guys learned that they could just keep submitting codes to Facebook over and over and over, cycling through all the possible four-digit codes until they found the one that worked.
Darknet Diaries
139: D3f4ult
And they could do this pretty quickly, too, and just reset anyone's password that way and then log into Facebook as them.
Darknet Diaries
139: D3f4ult
So while all this started out as fun and a challenge, over time it morphed. I mean, how can one feel this kind of power and then watch the news and see everything wrong in the world and decide not to use this power to make change? I mean, it really is like a superpower to just topple over a computer or get inside a system that isn't yours. With great power comes great responsibility, right?
Darknet Diaries
139: D3f4ult
It was great to have someone on my team when it comes to privacy. Take control of your data and keep your private life private by signing up for Delete Me. Now at a special discount for my listeners, you can get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code DD20 at checkout.
Darknet Diaries
139: D3f4ult
What? What the hell? They made a list of people to hack into that were high-profile members of the intelligence community? This just went up to 11. I... Okay, at this point... I mean, I'm fascinated by this because I'm always surprised how high-profile people in government pretty much dox themselves, right?
Darknet Diaries
139: D3f4ult
They give their real name and talk on TV, and they have a phone number to their office, email address, physical address. All this stuff is public information. We know who their boss is. Chances are there's a Wikipedia article on them listing all this, or there might even be a whole biography written about them.
Darknet Diaries
139: D3f4ult
And yeah, I always wondered, doesn't that make them extremely vulnerable targets for attacks? Oh, I am so glued to the story right now.
Darknet Diaries
139: D3f4ult
Let's back up a second. At this point, Default has left AnonSec, which didn't affiliate itself with Anonymous at all. In fact, they were anti-Anonymous, but Anonymous seemed to get credit for everything they did since it was called AnonSec. He was sick of that and left. But he knew people in this little pocket of the internet. And a group that he thought was doing some cool shit was CWA.
Darknet Diaries
139: D3f4ult
And this stood for Crackas with Attitude. And the head of CWA was a guy named Cracka.
Darknet Diaries
139: D3f4ult
The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code DD20 at checkout. That's joindeleteme.com slash darknetdiaries code DD20. Explicit content warning. This episode has some language in it that might not be suitable for all audiences. Okay. Hi. Welcome to the show. I want you to meet a fellow named just, well, let's just call him Default.
Darknet Diaries
139: D3f4ult
So he starts hanging out with these folks from CWA and joins in on their hacktivism.
Darknet Diaries
139: D3f4ult
's intelligence agency like this and expect everything to be okay. I mean, I don't care how good your OPSEC is. Hide behind five VPNs. Use your neighbor's Wi-Fi. Use Tor. Move to an underground bunker. It doesn't matter. If you make it personal, they'll make it personal. They will find you. But at the same time, defaults with seeing stupid stuff on the news. Listen, this is James Clapper.
Darknet Diaries
139: D3f4ult
The Snowden leaks. clearly proved otherwise. The NSA was grabbing metadata off of millions of Americans' phone calls. This is spying on regular, good-standing Americans. And to hear James Clapper say otherwise meant that some were accusing him of criminal perjury, lying under oath, This enraged default and cracker. Our leaders were caught in a lie. What more can we find on them?
Darknet Diaries
139: D3f4ult
But Krakow was the one who acted on this. I believe he acted alone, actually. Krakow got into the online account for James Clapper's internet and phone service. Somehow, from there, he was able to get Clapper's wife's social security number and posted that publicly. Then he routed all the calls coming into James' phone to a free Palestine hotline. Krakow posted proof of all this to Twitter.
Darknet Diaries
139: D3f4ult
James Clapper was actually not the first person from the intelligence community that CWA hacked into. Their first was Homeland Security Secretary Jay Johnson. Krakow got into his Comcast account somehow. And Default was seeing all this and chatting more with Krakow.
Darknet Diaries
139: D3f4ult
Together, they teamed up. And, well, you know what? I'll just let Lester Holt from CBS News take it from here.
Darknet Diaries
139: D3f4ult
I'll help you out. I mean, the year was 2015. Who remembers little details like this from eight years ago? My research shows that they first found John Brennan's mobile phone number. And they did a mobile number lookup and discovered he was a Verizon user. So time to put on the ruse.
Darknet Diaries
139: D3f4ult
They were going to call up Verizon, pose as a technician on site trying to help out a customer, John Brennan, but for some reason were having trouble. So they called Verizon asking for help on his account. Verizon is like, what's your employee code? They made one up and it worked. The support technician at Verizon asked, well, why can't you just get into the account yourself?
Darknet Diaries
139: D3f4ult
And they said, the tools are down and we need to get this going quick because the customer is waiting. So the support technician was like, okay, sure, I'll help. What do you need to know?
Darknet Diaries
139: D3f4ult
And this is how they got John Brennan's Verizon account number, his four-digit PIN, a backup mobile number to his account, the email associated to his account, which was an AOL email, and the last four digits of his bank card. Now that they had this extra information on him, How can they leverage that to take this a step further?
Darknet Diaries
139: D3f4ult
Well, they know his AOL email address, which when you log into AOL, the username is the email. So they had John Brennan's email username, but not the password. Hmm. Well, time to call AOL. So they called AOL, this time acting like John Brennan. Hi, I've been locked out of my email account. Can you help me get back in? Sure, Mr. Brennan, but I'll need to verify it's you. Okay.
Darknet Diaries
139: D3f4ult
Can you tell me the last four digits of your credit card number? Why, yes. Yes, I can. Because they had this information from the data they got from Verizon. Clever, clever. And so when they gave this information to AOL, this let them reset his password and get into John Brennan's AOL email. On October 12, 2015, they gained access to the inbox of the director of the CIA.
Darknet Diaries
139: D3f4ult
They started looking through his emails, reading one after another, looking at attachments sent. One attachment had a list of U.S. intelligence officials, which included their social security numbers. Why in the world was John Brennan using his AOL account to send emails that included social security numbers of U.S. intelligence officials? This is such bad OPSEC. Why, director of the CIA? Why?
Darknet Diaries
139: D3f4ult
You know better. I think it just goes to show that no matter how much you know about privacy and security, we're still human and screw up this whole security thing.
Darknet Diaries
139: D3f4ult
Ooh, this is no good. The SF-86 form is the form that you fill out to apply for secret clearance, which means it has your entire background listed clearly in the form. Social security number, email address, telephone number, place of birth, aliases, passports use, prior addresses, names of your neighbors, what school you went to, your military history, past employers. It's everything on a person.
Darknet Diaries
139: D3f4ult
Unreal. And Krakka's just posting this stuff straight up to Twitter as Krakka. And it wasn't just these two guys in CWA. There were some other members there for the ride, but Default was suspicious about one of the members in CWA.
Darknet Diaries
139: D3f4ult
At some point, they got into Amy Hess's account. She was the FBI Executive Assistant Director for Science and Technology.
Darknet Diaries
139: D3f4ult
So we played that movie. I think what they did here is they called up Comcast pretending to be her and get her password reset. And yeah, it worked. And once they got in her Comcast portal, they were able to control her TV at home. And they just started playing the movie Hackers on it. This is a problem with connected and smart devices. You're not the only one who can control them.
Darknet Diaries
139: D3f4ult
Amy claimed she suffered from psychological damage from this. And once they got into someone's account and messed around there, they just went down the list to the next person.
Darknet Diaries
139: D3f4ult
These guys were just ripping through all these high-level people's accounts. It was insane, the people that they were able to breach. But at some point, the two started talking and realized, wait a minute, we have all this information on U.S. intelligence members. What databases do they have access to?
Darknet Diaries
139: D3f4ult
So somewhere in all this, they hacked into Mark Giuliano's accounts. He was the deputy director of the FBI. And using his information, they were able to leverage that to get into Leap, which I think is really taking this to another level, to basically pose as the deputy director of the FBI to access a database that only officials should have access to. I don't know.
Darknet Diaries
139: D3f4ult
This just seems crazy to me that this can even happen. Because why is this Leap database even accessible from the internet at all?
Darknet Diaries
139: D3f4ult
Mm-hmm. That sentiment right there is what I think fueled Default to go further. This idea that the U.S. government thinks that there's some elite hacking force able to break into anything and steal anything, yet has a database of FBI agents' personal details on a public website, which is vulnerable to a teenage social engineer to be able to get into it.
Darknet Diaries
139: D3f4ult
So as a teen, he was playing RuneScape. And one day he got in an argument with someone in the game who threatened to hack him. And suddenly, his computer went to a blue screen. And when it booed up after that, that's what got him interested in hacking.
Darknet Diaries
139: D3f4ult
They wanted to put their thumb right in the eye of the government and make it hurt. How can we trust you with our private data if you can't even protect your federal agent's data? Why is the Department of Defense hacking into things instead of defending their own network? On top of that, why is the world even like this at all?
Darknet Diaries
139: D3f4ult
Why is security so bad everywhere that the intelligence community can't even secure their own stuff? So Default and Cracker got into the Leap database and downloaded all the information they could on as many FBI agents as they could. Okay. But what are you going to do with this?
Darknet Diaries
139: D3f4ult
I don't think WikiLeaks posted any of the stuff from the Leap database, but they sure did post John Brennan's information. They got into other databases too.
Darknet Diaries
139: D3f4ult
Yeah, okay, so any person who's put in prison is in this system. And they found access to this very useful. They were doing things like looking up other hackers that were caught and keeping an eye on them, like trying to figure out, did they become informants? But also they were suspicious of some of the other people in CWA, and there might be an informant within them.
Darknet Diaries
139: D3f4ult
So access to this system was kind of like a way to run a criminal report. on anyone you wanted very quickly. So they were just downloading stuff from these databases and looking through it. And that's when they found in these databases, there was a bunch of information about the Miami-Dade Police Department. Let's talk about Miami Police.
Darknet Diaries
139: D3f4ult
dropped their docs, pretty much. This time it wasn't WikiLeaks, though. I'm looking at a tweet here, which has a link to Pastebin, and in there is a list of 80 Miami police officers. Their name, title, phone number, and email address.
Darknet Diaries
139: D3f4ult
At the time, Krakow was just a teenage high schooler, but Default was in his 20s.
Darknet Diaries
139: D3f4ult
This led him to understand that you can get computers to do things that you shouldn't be allowed to do. He got curious and wanted to learn more about how they work. Then one day his mom grounded him. Banned from the internet for a week. Well, curious little default, tried to crack his neighbor's Wi-Fi and sure enough was able to do it. And he got back online.
Darknet Diaries
139: D3f4ult
Yeah, so when they gave John Brennan's SF-86 form to Julian Assange at WikiLeaks, this really angered the Department of Defense. And Julian somehow got word that the NSA was aiding in the investigation. So Julian told Default to be careful. Then one day, Default's computer started acting up. Something wasn't right. It was crashing and glitchy.
Darknet Diaries
139: D3f4ult
And he looked at the network traffic and saw some connections to Langley, Virginia, where the CIA is based out of.
Darknet Diaries
139: D3f4ult
He had his computer set up in such a way that if he disconnected the power to it, it would re-encrypt his hard drive. He just needed to grab the cord and pull it. But when you're sitting there at your computer with assault rifles pointed at you, don't think you're going to reach for that power cord. So at gunpoint, he had no choice but to let them seize the computer.
Darknet Diaries
139: D3f4ult
An AltaVista search about hacking might have led you to a message board. And the message board would have introduced you to hacker tools. And those tools might be made by a certain group of people. And those groups would be present on IRC, a chat room. Getting in the chat room might not be so easy, though. It might be invite-only.
Darknet Diaries
139: D3f4ult
Around the same time, Krakow was also raided by the police, but it turned out he was living in the UK and he was a high schooler. So they took default straight to jail. Police just weren't sure how dangerous he was and they didn't want to take chances.
Darknet Diaries
139: D3f4ult
I think due to the nature of this, they likely did time it so that when his computer was online, that's when they would raid him and capture as much evidence as they could. How they knew his computer was online is a mystery to me still. Were they looking through the window? Did they hack into his computer and wait for it to signal out or something? His theory is that they did hack him.
Darknet Diaries
139: D3f4ult
His computer was now in the hands of federal authorities, completely unlocked and decrypted. And, well, the stuff they found on there was clearly enough to convict him of many crimes.
Darknet Diaries
139: D3f4ult
There was one device in particular that he watched them take, and he knew what was on it, something that was very important to him, so important that I just imagine, as he watches them walk off with it, that his world just goes quiet and almost becomes slow motion. But he couldn't say anything and just watched them take it, because this was a secret.
Darknet Diaries
139: D3f4ult
They had all the evidence they needed to convict him. He knew it. There was no way to get out of this. So he pleaded guilty. And the judge sentenced him to five years in prison.
Darknet Diaries
139: D3f4ult
So you got to message the channel operators to ask permission to join. But they'll deny you because they don't know you. But you notice the person who denied you to get in is also in another chat room. So you join that one to see what's going on there. And you eventually find your way into some hacker chat rooms. Now, the year was 2008.
Darknet Diaries
139: D3f4ult
He read a lot of books in prison, learned about the importance of morals from an Italian gang, and picked up stock market trading skills from a stockbroker. And when he got out, he was banned from the internet entirely. It was part of his probation for a while. Same with Cracker. Cracker was banned from the internet for a while too.
Darknet Diaries
139: D3f4ult
And he ended up with a two-year prison sentence, even though he was only 16. But all that time has passed now, and both of them are out and back online. Default struggled to get back on his feet. He couldn't find a job, especially being banned from the internet, especially having a felony record. So he eventually got into trading stocks and cryptocurrencies.
Darknet Diaries
139: D3f4ult
He's still doing this now, and he feels like he's good enough to make a living from it.
Darknet Diaries
139: D3f4ult
You know, something I keep thinking about while listening to this story is digital privacy. And I'm not going to go on another rant like I did in the last episode. But in this case, government officials were doxxed. These guys stole their information. They used it against them and then published it to WikiLeaks.
Darknet Diaries
139: D3f4ult
How does someone come back from getting their private information published to WikiLeaks? I mean, I'm looking at John Brennan's SF-86 form right now. It's still there on WikiLeaks, and it's the very first hit on Google when you search for it. Everyone knows everything about him. It seems like anyone should just be able to do a password reset on him, you know?
Darknet Diaries
139: D3f4ult
I mean, you could impersonate him over the phone because you have all his information. You can essentially be him, the director of the CIA, because we all have all his information. It's possible for someone to get a new social security number. It's not easy. You really have to prove to the social security office that you're in danger.
Darknet Diaries
139: D3f4ult
I bet government officials at this level might be able to skate through that whole process easier. And I think it's easy enough to get a new phone number and email address. It's not so easy to just up and move to a new house, though. But that's doable. It's possible to change your name, too, but what's the point of that when you're a public figure?
Darknet Diaries
139: D3f4ult
And that doesn't fix any of the problems of knowing all your previous addresses and who your neighbors were, your past employers, your friends, date of birth, hometown, height, eye color. See, I think with all the doxing going on in the world, I wish there was a simple way to just burn your identity and start fresh.
Darknet Diaries
139: D3f4ult
Hell, I'd even be interested in doing it yearly myself, just to always keep distance from whoever might be trying to track me out there. And everyone is trying to track us. I wish I knew what John Brennan did to recover from this. I didn't reach out to him because I assumed he wouldn't want to talk about it because it would just be giving away more of his private information.
Darknet Diaries
139: D3f4ult
And being on IRC and in hacker chat rooms in 2008 was a very, very special time and place to be. Those who were there will never forget those years. In fact, the whole world will never forget what happened then. This was the heyday of Anonymous. And Default found his way right into the heart of it.
Darknet Diaries
139: D3f4ult
but I feel like we need a better system to help us, the regular people out there. When we get in this situation, private information is not a thing of the past. We still need our privacy, but I think what might help is just better tools to stay private in general. You want my address?
Darknet Diaries
139: D3f4ult
Oh, sorry, I only give out my proxy address, a post box that receives mail for me, opens the letters, and then sends me pictures of those letters. You want my phone number? Oh, sorry, I only give out burner phone numbers. You want my social security number? Um, no. I don't give that out to anyone. Oh, what? It's for my security clearance? Sorry, that's not even a safe place to give it.
Darknet Diaries
139: D3f4ult
Didn't you hear about what happened to John Brennan? These pieces of information on us are important that they remain out of the public view. Yet time and time again, they get into the public view. And it's not just from doxing. Data breaches, companies sharing your data, or you just giving your information to the wrong people.
Darknet Diaries
139: D3f4ult
I mean, for instance, I had to give my social security number to buy Bitcoin. And now the CEO of that company that I gave my social to is in prison. So who knows where my data went? So I think we're way overdue for a better system to protect our most important data. I think we need to stop giving it out to just anyone who asks for it.
Darknet Diaries
139: D3f4ult
I mean, I was at the store buying bananas the other day and they were asking for my phone number and my zip code and all this stuff. I think there needs to be fewer situations where we need to provide it. I think we need to be less reliant on our private information as a way to authenticate it's really us. And I think we need a way to recover from situations where it's been completely exposed.
Darknet Diaries
139: D3f4ult
Which I think with the Equifax breach, most of us Americans have had our private data completely exposed anyway. I think this is a problem that needs to be solved. And while I think some solutions are out there, it's piecemeal and complicated. I don't see anyone doing it holistically right now.
Darknet Diaries
139: D3f4ult
Something that still rattles around in my head from this story, that hard drive that the Feds took, it still has his Bitcoin wallet on it. The Feds never got access to that Bitcoin. It's still sitting there untouched. And they still have that hard drive and won't give it back. And the reason they kept it is because it has evidence on it, data that he stole from various places.
Darknet Diaries
139: D3f4ult
He asked them, just take what you want off it and give me back the drive. But they refused. 1,000 Bitcoin still sits on that hard drive. 1,000 Bitcoin today is worth $25 million. Just imagine $25 million sitting in some storage locker in a federal building and the feds have no idea it's there. So it sits for years and will probably one day be destroyed by some lowly computer technician.
Darknet Diaries
139: D3f4ult
A big thank you to Default for coming on the show and sharing this insane story with us. Like this one, I was like, wait, what? Like so many times. It's just unreal. If you like this episode, you should probably check out episode 109 called Team Poison. It's another story that was sort of running alongside this one in parallel and sort of same time and place of the internet.
Darknet Diaries
139: D3f4ult
Okay, what housekeeping is... Oh yeah, a lot of you are telling me you're finally caught up and have listened to all the episodes. If that's you, I want you to know there are 10 bonus episodes on Patreon. You can support the show and hear more stuff if you want. Go to patreon.com slash darknetdiaries. My favorite online hangout these days is the Darknet Diaries Discord.
Darknet Diaries
139: D3f4ult
We have 17,000 members, but I can squeeze you in. So come on. Just go to discord.gg slash darknetdiaries and come say hi. This episode was created by me, the slow Loris Jack Reciter. It was assembled by the corpulent porpoise, Tristan Ledger. Mixing done by Proximity Sound. And our theme music is by the mysterious Breakmaster Cylinder.
Darknet Diaries
139: D3f4ult
I tried teaching my mom how to build a PC, but all we did was make my mother bored. This is Darknet Diaries.
Darknet Diaries
139: D3f4ult
The anonymous chat room was a hot mess. The biggest disaster of a chat room you've ever seen. Whatever you can imagine is the most awful picture ever. Double that. And then spam it to the chat room. That's what was going on there. Gore, brutality, pornography, vile and disgusting imagery.
Darknet Diaries
139: D3f4ult
It was kind of a hazing experience that you had to get through in order to find your way deeper into anonymous. Sometimes new people would be asked to eat a stick of butter or a tube of toothpaste on camera to prove yourself. Because here's the thing. Cops, feds, journalists, security researchers, and normies would show up in these chat rooms.
Darknet Diaries
139: D3f4ult
And if they pop in to see what's going on, and it's just full of gory imagery, a lot of them can't handle it. They might vomit even and then just nope, right out of there. Spamming the most graphic and awful pictures was like a firewall of some kind.
Darknet Diaries
139: D3f4ult
But if you could tolerate it, building calluses on your eyes and start talking with people through the noise, you might be welcomed deeper into the pockets of anonymous.
Darknet Diaries
139: D3f4ult
This made the edges of anonymous even more fuzzy. New groups were forming out of it, and they had their own ideas and agendas. And they'd look back at the anonymous chat rooms and think, those cats are cringe. We don't want to be affiliated with that stupid stuff. We're our own group. And IRC hacking groups would come out of anonymous. Some were loosely affiliated.
Darknet Diaries
139: D3f4ult
Some were even anti-anonymous themselves. There was infighting too, doxing people from other anonymous groups and other hacking groups. It was a real mess. Some other groups that were springing up in that time coming out of Anonymous were like LulzSec, Team Poison, UGG Nazi, HTTP. And some people in these groups were getting arrested and then working with the feds to catch other hackers.
Darknet Diaries
139: D3f4ult
Things weren't safe. You always had to be looking over your shoulders in these chat rooms. You just didn't know who to trust in there.
Darknet Diaries
139: D3f4ult
These are true stories from the dark side of the internet. I'm Jack Recider. This is Darknet Diaries. This episode is brought to you by SpyCloud. For some people, ignorance is bliss. But for you, as a security practitioner, that's not the case.
Darknet Diaries
139: D3f4ult
Yeah, in fact, I do know who Trick was very well. I did a whole episode about him called Team Poison. That's episode 109. But the scene was so hard to navigate to know who to trust. It almost became a thing that if you were hacking into stuff, breaking laws, then you were trusted. You must not be a fed if you're able to break the law. Everyone else keeps them at arm's length.
Darknet Diaries
139: D3f4ult
Now the thing is, at this little time and place in the world, hacks were happening everywhere you looked. Some from anonymous, some from anonymous adjacent, some from crews that were anti-anonymous. But what was their motivation? Some were politically motivated. Some wanted to get revenge. Some wanted to amplify a cause or an idea.
Darknet Diaries
139: D3f4ult
And if you deface a big website and write with big letters on the front page something about your cause, it brings more awareness to it. Default was hacking into stuff too. But what was his motivation?
Darknet Diaries
139: D3f4ult
Okay, I see. He's interested in learning, and his crime is curiosity. It reminds me of that scene from the movie Hackers, which came out in 1995. Listen. This is our world now.
Darknet Diaries
139: D3f4ult
You may stop me, but you can't stop us all. Now, even though that's a scene from the 90s movie Hackers, that manifesto was actually written in 1986, a full 20 years before Anonymous would start making a name for itself. Yet it feels like that's absolutely something Anonymous would say.
Darknet Diaries
139: D3f4ult
Okay, so this was a big deal. Default and the crew he was in wanted to take out Detroit's water payment system. Someone in the channel suggested they hit the site with Loic, the low orbit ion cannon. And this is a basic tool, you just point and shoot it, but it floods the target IP with loads of traffic, overwhelming it, so it can't handle legitimate customers.
Darknet Diaries
139: D3f4ult
Sometimes it'll even drop dead from the flood of connections. But then someone else is like, nah, screw Loic. That's lame. And it isn't safe. Let's use Tor's hammer. And so someone started passing Tor's hammer around the chat. And this also floods the target with a whole bunch of traffic. But it uses Tor to route all the traffic through it, hiding where the attack is coming from.
Darknet Diaries
139: D3f4ult
So the members all fired this up and together launched an attack on Detroit's water payment system. And immediately it went offline. No one could pay their water bill.
Darknet Diaries
145: Shannen
These are true stories from the dark side of the internet. I'm Jack Recider. This is Darknet Diaries.
Darknet Diaries
134: Deviant
Antwerp is a town in Belgium. What comes to mind when I say Antwerp? To me, at least, it's diamonds. It's the hub of the world's diamond trade. Well, I imagine if the town is bustling with diamonds, then it's probably also attracting some criminals wanting to steal those diamonds, right? In 2019, a robbery occurred that really took things to the next level.
Darknet Diaries
134: Deviant
Huh, that's really interesting to me. If you want someone to break into a place for you, call a locksmith. If you want someone to break into the place and then show you how they did it, call a physical penetration tester. And while that skill set of both roles overlaps in many areas, it's just two different mindsets, really.
Darknet Diaries
134: Deviant
What is your percentage on, like when you're going on physical assessments, percentage of getting into a building?
Darknet Diaries
134: Deviant
I want to hear these stories about guards catching him. From scouring his videos, I found three stories he has that I think are great. So let's get into them. So this first story starts out where Deviant was hired to break into a building to test its security.
Darknet Diaries
134: Deviant
But it wasn't the company itself that hired Deviant. It was another penetration testing company that got this job. But what they were good at was hands-on keyboard type of activities. And what Deviant is good at is physically getting into buildings.
Darknet Diaries
134: Deviant
So this other pen test company hired Deviant to essentially team up with their computer guy to get him into the building to plant computers in the network and gain remote access to this building.
Darknet Diaries
134: Deviant
So he didn't have physical access experience. That was your job to get him in, and then once you get him in, You're going to keep watch, distract people, stall, whatever you need to do to let him do his job.
Darknet Diaries
134: Deviant
Deviant checked out the building just to get a good understanding of what's there. Just driving around into the parking lot and sitting with his car and watching what the building is doing. Like, okay, there are security guards there, but they never go outside to patrol anything. They just sit at the front desk all day. On top of that, the building was very quiet.
Darknet Diaries
134: Deviant
Not many people at all are coming and going. And this made him think that they probably put all their security at one single point of entry. And they may not have secured the back doors very well. So after monitoring the place for a while, it was go time. Deviant and the other computer guy go up to the building in the middle of the day. They wanted to find a way in.
Darknet Diaries
134: Deviant
The two of them started looking around the building for a way in. They found some side doors, but they were locked tight. No clear vulnerability either. Deviant might have been able to bypass those doors, but he wanted to find an easier way in. You know, that demonstrates a simpler technique that lets just anyone walk right in with, like, maybe no tools at all.
Darknet Diaries
134: Deviant
So he kept looking around the building, but was having a tough time finding an easy way in. All the doors were locked tight. No windows were open. No poorly installed door or anything. So he goes back to that side door he saw earlier, and he wanted to take another look at it. Maybe there's something there. Now this side door was a double door.
Darknet Diaries
134: Deviant
Like you first enter one door and then there's a little room, a vestibule, and then there's a second door that you need to get through to get into the building. And when he looks for a way to get in through a locked door, he has a little checklist in his head that he runs through. It's not like he has some magic tool that he just puts in the lock and the door immediately opens like on TV.
Darknet Diaries
134: Deviant
It reminds me of that Bob Dylan song. You know the one. Lily, Rosemary, and the Jack of Hearts. It's a nine-minute long song, and it's an epic narrative ballad. The story summed up is that Jack had his gang try to drill through the wall into a neighboring bank, while Lily and Rosemary distracted the bank owner, Big Jim. And the whole thing takes place in this cabaret?
Darknet Diaries
134: Deviant
He first analyzes the door and looks it over. He'll first just tug on the handle and see if it's unlocked. Then he'll look at the hinges. Maybe it was installed backwards. Then he could just unscrew the door. Then he'll look at the gap between the latch and the strike plate.
Darknet Diaries
134: Deviant
If this is too wide or missing parts or installed wrong, he can use tools to get in there and open the latch from between the door and the door frame. In fact, any gaps at all between the door and the frame can be exploited. But this door had no clear vulnerabilities like that.
Darknet Diaries
134: Deviant
so then he starts looking at the whole thing backwards instead of getting into this door how do people get out is there a crash bar that you just push from the inside which unlocks the door and opens it well he looked through the window but he didn't see that he didn't see a handle on this door that you could turn or unlock either which made him realize what kind of lock he's dealing with it wasn't a mechanically released door it was electronically locked
Darknet Diaries
134: Deviant
Okay. Okay, so there's a motion sensor. If Deviant can trigger that, it'll unlock the door. But it's a good 10 feet inside the door. So how? How?
Darknet Diaries
134: Deviant
Lily and Rosemary got the judge and the bank owner drunk while the boys made their way through the wall. And they cleaned out the safe and took off with the Jack of Hearts.
Darknet Diaries
134: Deviant
Okay, so they successfully made it into the building. Now they need to find an open network jack for the other guy to plug his computer into to try to hack into the network.
Darknet Diaries
134: Deviant
A Dropbox in this case is a little computer that you can just plug in and leave behind and then try to access it from somewhere far away, like back at the hotel. But this guy forgot it. I guess he was configuring it the night before and just forgot to repack it. And it's back at the hotel. He said, well, go back.
Darknet Diaries
134: Deviant
These are true stories from the dark side of the internet. I'm Jack Recider. This is Darknet Diaries.
Darknet Diaries
134: Deviant
Two hours go by. Deviant keeps messaging the guy, what's going on? He says he had to finish setting up the Dropbox, but he couldn't get the keyboard to work to configure it. So he was trying to use the on-screen keyboard and use a mouse to type out every command, and it was just taking a super long time. So Deviant continues to just sit and wait.
Darknet Diaries
134: Deviant
This episode is brought to you by SpyCloud. For some people, ignorance is bliss. But for you, as a security practitioner, that's not the case. I went to spycloud.com to check into my darknet exposure, and I won't tell you what it is, but spoiler alert, I found some things that are pretty eye-opening.
Darknet Diaries
134: Deviant
From breach exposures to info stealing malware infections, knowing what criminals know about you and your business is the first step to setting things right. Resetting stolen passwords and addressing the enterprise access points that have been stolen by malware helps you protect your business from ransomware, account takeovers, and online fraud.
Darknet Diaries
134: Deviant
There are three things to test when testing a company's security. You can test the physical building itself, you can test the people in the building, and you can test the electronics. This one tested all three. But there's kind of a moral code that Deviant has when testing people, or otherwise known as social engineering.
Darknet Diaries
134: Deviant
I mean, here he tricked a guard into making him think he worked for the elevator company, but he also gave the guard many opportunities to check his credentials or verify who he is. Gosh, even if just the guard decided to give him a visitor's pass and took their names down, that would be better than nothing, right? So there were lots of training opportunities for this guard.
Darknet Diaries
134: Deviant
But bad guys don't really have these moral codes. They might wrestle the guard to the ground, tie him up in the elevator, or break some windows to get in. I mean, it's possible to figure out where the owner of the company lives and kidnap their kids, holding them for ransom for some company data.
Darknet Diaries
134: Deviant
But as a social engineer, you really want people that you trick to feel better for having met you instead of feeling awful because you screwed them over so bad. But where exactly that line is, it's hard to say, though. We're going to take a quick break here, but don't go away. We have two more stories from Deviant when we come back.
Darknet Diaries
134: Deviant
Support for this show comes from Black Hills Information Security. This is a company that does penetration testing, incident response, and active monitoring to help keep businesses secure. I know a few people who work over there and I can vouch they do very good work. If you want to improve the security of your organization, give them a call. I'm sure they can help.
Darknet Diaries
134: Deviant
But the founder of the company, John Strand, is a teacher, and he's made it a mission to make Black Hills Information Security world-class in security training. You can learn things like penetration testing, securing the cloud, breaching the cloud, digital forensics, and so much more. But get this, the whole thing is pay what you can.
Darknet Diaries
134: Deviant
With SpyCloud, you have a trusted partner to fight the good fight with. Their automated solutions, which is built on over 350 billion recaptured assets from the criminal underground, ensure you're not in the dark when it comes to your company's exposure to cybercrime. To get your full Darknet exposure report, visit spycloud.com slash darknetdiaries. That's spycloud.com slash darknetdiaries.
Darknet Diaries
134: Deviant
It was actually a bank, and it was situated in the Diamond Trading District in Antwerp. Monday morning, bank employees came to work and checked out the vault, but something was wrong with the vault, and they called the police, who had to force their way into the vault, only to find that the place had been robbed. How, though? The bank had all the right security measures.
Darknet Diaries
134: Deviant
Black Hills believes that great intro security classes do not need to be expensive, and they are trying to break down barriers to get more people into the security field. And if you decide to pay over $195, you get six months access to the MetaCTF Cyber Range, which is great for practicing your skills and showing them off to potential employers.
Darknet Diaries
134: Deviant
Head on over to blackhillsinfosec.com to learn more about what services they offer and find links to their webcasts to get some world-class training. That's BlackHillsInfosec.com. BlackHillsInfosec.com. Deviants Olive breaks into buildings for a living. He's well known for it. So a company in Kansas heard about him and hired him to come out to test the security of their building.
Darknet Diaries
134: Deviant
We'll see how this goes, boys. Being so far away, he had to fly out and rent a car and then drive to this town. And he didn't go alone, of course. He had two others with him who also worked at his penetration testing company. And one of his teammates brought his dog with him. She's a search and rescue dog.
Darknet Diaries
134: Deviant
Oh man, I never thought of packing a dog in a physical penetration testing kit, but they're going to need it because this place looked really hard to get into.
Darknet Diaries
134: Deviant
Good. You caught all that, right? There are RFID key cards that employees use to unlock doors to get into the building. Deviant installed a card sniffer behind the real card reader, and someone badged in during the night, and his sniffer caught that. And now he has that data and can write that onto a blank key card, which would give him access into this building.
Darknet Diaries
134: Deviant
Now, while he was doing that, another one of his teammates was hiding out, watching the building from a distance, taking pictures of people coming and going. And this guy had a camera with a long-range zoom lens. So he was out there taking photos of what badges looked like for people who worked there.
Darknet Diaries
134: Deviant
This episode is sponsored by Delete Me. In episode 133, I spoke to Connor Tumbleson about some people from who knows where who were stealing his identity. Luckily, they weren't out to destroy his reputation or extort him, but think of the damage that could be done. We all have data out there, which data brokers use to make profit.
Darknet Diaries
134: Deviant
He couldn't get high-quality close-up photos of the badges being that far away, but it was enough to allow them to replicate it in Photoshop so that if someone is walking by or from a distance, they wouldn't know the difference. So the team all met up at a coffee shop to put the right logo on the badge and to write the data onto the key card.
Darknet Diaries
134: Deviant
Anyone on the web can buy your private details to do anything they want. This can lead to identity theft, phishing attempts, harassment, and unwanted spam calls. But there's a solution called Delete Me. Take control of your data and keep your private life private by signing up for Delete Me.
Darknet Diaries
134: Deviant
Well, this was mostly a success. They needed to demonstrate access to sensitive equipment in areas that they were able to get into the building and take pictures of them touching this equipment and stuff they just shouldn't be able to get to. But since this guy really wasn't buying their story, they decided to leave.
Darknet Diaries
134: Deviant
Because as a penetration tester, when you get caught, you want to see if you can get out of that situation. Try to leave and get out of there. See what happens. Is this guy going to stop them from leaving? So they walked out and got to the parking lot. And they could get in their cars and go, but there was another building in this parking lot that they also needed to test.
Darknet Diaries
134: Deviant
So might as well walk over to that and see what happens. They thought this guy might be watching them though. So they walked across the parking lot to the other building and made it very clear in case he was watching them that they had badges that they were using to get in the building.
Darknet Diaries
134: Deviant
These were working badges, and if the guy was watching them, he could see they had valid key cards to get in the building. Don't forget, on top of that, they have a jacket and a hat with the company logo on it.
Darknet Diaries
134: Deviant
Deviant and his crew were caught. All the windows of opportunity to lie their way out of it were closed. The game was over. So time to come clean and show the get out of jail free card. See, here's the thing. When you're paid by a company to break into their building, it's possible it could all go wrong.
Darknet Diaries
134: Deviant
So you need a letter of authorization from the company, preferably someone real high up that can vouch for you, that when you call them, they will say, yes, we did hire them to do a security test on the building. And you print this agreement out and put it on a piece of paper and carry it with you at all times when you're doing a physical penetration test like this.
Darknet Diaries
134: Deviant
And this is what's known as the get out of jail free card. Now, what some penetration testers do is they print off a fake one. It's got the right name of the head of security, but with a phone number to someone waiting in the parking lot who would act like that person if they got called.
Darknet Diaries
134: Deviant
Deviant saw that this guy had everyone's number in his phone already and thought the fake get out of jail free card isn't going to work here. So he gave him his real one. And this was the first and only time Deviant has ever been caught to the point that he had to show this paper and come clean like this.
Darknet Diaries
134: Deviant
Brilliant. He did not trust the number on the paper that Deviant handed him. Instead, he looked up the name's number himself. And this was the right thing to do. And sure enough, the head of security vouched for them and said, good job catching them. And yes, we did hire them, and they are supposed to be there.
Darknet Diaries
134: Deviant
So now that he knows the real reason Deviant and his crew were there, Deviant had to ask, how did you catch us?
Darknet Diaries
134: Deviant
Now at a special discount for my listeners, you can get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code DD20 at checkout. The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code DD20 at checkout. That's joindeleteme.com slash darknetdiaries code DD20.
Darknet Diaries
134: Deviant
Okay, so they were caught. That's that, right? No, they said, hey, good job. You caught us, but don't tell anyone else because we're going to go and come back again later and try to see if anyone else will catch us. We left for a few hours.
Darknet Diaries
134: Deviant
Okay, let's hear one more story of Deviant breaking into buildings. And this one's my favorite. This one is against a critical infrastructure type company. Think utility company. If someone were to get in and cause harm, it could be ruinous for like the whole town.
Darknet Diaries
134: Deviant
Okay, wow. This is a big job. And if you remember from other stories, Deviant likes to be prepared and bring a big kit of things. Anywhere from having lockpicks and keys to the Otis elevator repair shirt and having long-range cameras and full badge printing machines. But this one, he needed even more.
Darknet Diaries
134: Deviant
Okay, so when you have a job this big, it'll help if you have a few extra people. Of course, Deviant drove out for this, but a half dozen other people came out too. Bobbik was also there.
Darknet Diaries
134: Deviant
Gosh, they rounded up the whole Ocean's Eleven crew for this job. And so they all met at the safe house and started on phase one, surveillance.
Darknet Diaries
134: Deviant
See, I don't quite get this, right? Some engagements, you're just like, let's see if we can walk in through front door. Let's go. And then some engagements, you're like, okay, you feel like getting muddy.
Darknet Diaries
134: Deviant
Okay, so Deviant is a very well-known physical penetration tester. And we're going to hear three stories about how he's broken into buildings in this episode. And the third one is my favorite, so stick around for that. But I want to first quickly catch up about how he even got to this point.
Darknet Diaries
134: Deviant
You feel like getting, you know, the special equipment out. Like, I mean, there's work to that. Like, dude, really? You really want me to crawl through the mud so I can get a good photo? Yeah. Yeah. Go under the fence there. Do it at night.
Darknet Diaries
134: Deviant
Okay. I just don't know. I guess I don't understand the level of like, okay, let's really start light and see how much we can get without even getting a foot on campus.
Darknet Diaries
134: Deviant
Okay, so another thing to think about here is this company invested a lot into security. Cameras all over the buildings, inside and out, trip sensors, security teams. They really, really wanted to detect and stop any sabotage or intrusion or disruption against this facility. And they did everything they could to stop this.
Darknet Diaries
134: Deviant
In fact, this company had its own red team, who just attacks their own company looking for weak points and vulnerabilities, or whatever they could find that an adversary might exploit. They're on the offense, which makes them a red team. The defense team is known as the blue team. But it was the head of the red team that hired Deviant and his crew.
Darknet Diaries
134: Deviant
So he could communicate and confirm certain things with the customer, the head of the red team. Like, for instance, as they were doing their recon, they noticed something that looked like a radar system to detect intruders. So he messaged the client and asked things like, Keith, are they using spotter RF?
Darknet Diaries
134: Deviant
Those are the big camouflage suits that you see like military use, where they have like tree branches and leaves sewn into the suit so that you look just like a bush when you're holding still. Crazy. Now, of course, they aren't just casing the place physically. Sophie is also trying to infiltrate the people inside. She's trying to get pieces of information that could help her know more.
Darknet Diaries
134: Deviant
She created a fake social media profile and started trying to connect with people who work there.
Darknet Diaries
134: Deviant
Okay, so after almost a week of watching this high security building from the outside, they determined this place is completely secure. They found one little area that they could access, but it was kind of an insignificant finding.
Darknet Diaries
134: Deviant
So the only way to get into this place was going to be where everyone gets in, through the vehicle checkpoint. This place had high fences, barbed wire, cameras, shake sensors, radar. It wasn't kidding around, and that's just to get on the property.
Darknet Diaries
134: Deviant
There was some construction going on and Deviant was able to drive into the construction area just to do some surveillance on the front gate. He got some good video footage of exactly how the vehicle checkpoints work.
Darknet Diaries
134: Deviant
They just didn't have one. So they called up Deviant to come help recover the network. And he went down there, but the network room was locked and nobody could find the key to get in. So they called a locksmith to come try to get the doors open. Now, because Deviant had a little practice picking locks by that time, he took a look at the door.
Darknet Diaries
134: Deviant
Okay, this is a lot of work just to get into the parking lot. Sophie's going to try to drive in. And it was important that she'd be the only one in the car. That way the guard doesn't start asking like for passengers to present their badge and get curious and interested in what's going on. But through their surveillance, they noticed the guards never check the trunks of the cars.
Darknet Diaries
134: Deviant
So they load up their gear, jam themselves in the trunk, and off they go, driving towards the facility.
Darknet Diaries
134: Deviant
Sophie pulls down the back seat so the guys can climb through the car, which will take a while. It's a tight space. And this is where they split up, though. Sophie goes right to the front door of the building to try to use her social engineering skills to get into the building.
Darknet Diaries
134: Deviant
Cameras watching the bank doors, motion sensors in the bank, and sensors in the vault doors themselves. And everything was secured tight. So how did they get into the vault?
Darknet Diaries
134: Deviant
Okay, so while she's making her way into different rooms and getting a solid lay of the land, Deviant and Rob climb out of the trunk of the car and come out of the car. Climbing out of the trunk directly would be weird, so they had to sneak through into the car and then exit through the regular doors to look normal.
Darknet Diaries
134: Deviant
He did. And Drew was able to tailgate into the building too. This is where he just waited near a door until someone was going in or out. And then he just went in after them without having to use a badge. Day one was a success. All three teams got into sensitive areas and showed their contact how they got in. They took photos and were able to leave without being detected or caught.
Darknet Diaries
134: Deviant
So they decided to do it all again the next day, but this time be a little more sloppy. you know, like standing near a locked door a little more obviously and actually looking like you're waiting for someone to come open it for you. And sure enough, somebody did come open it and didn't challenge them and held the door open for them.
Darknet Diaries
134: Deviant
Or they might have shouted at someone, hey, can you hold that door open for me? Thanks. It was...
Darknet Diaries
134: Deviant
Their outer perimeter was very secure, but it seemed like that was the main layer of defense. To properly secure a building, you want to do defense in depth. And not just one gate at the front, but many gates the deeper you're going. And they didn't encounter that.
Darknet Diaries
134: Deviant
So now that they've accomplished all their objectives by getting into all the sensitive areas that they were tasked to get into, it was time to step it up a bit or step it down, depending on how you look at it.
Darknet Diaries
134: Deviant
One of the other teams just got in their car and left, and then security caught the third one and just asked them, are you supposed to be here? And they said, no, thanks for asking. I've been here all week, and nobody's asked me that. With that, their engagement with this client was over.
Darknet Diaries
134: Deviant
The client loved hearing all the different ways that they were able to defeat security that week, and they worked with security to fix all the things that they noticed in their assessment. It was a great training exercise for everyone involved at the facility. Wow. So thank you so much for sharing with us the way you see the world.
Darknet Diaries
134: Deviant
A big thank you to Deviant Aleph for coming on the show and sharing these stories with us. You should be able to easily find him online by just searching his name pretty much anywhere. Deviant Aleph, which is spelled O-L-L-A-M. He's on YouTube, Instagram, Mastodon, Blue Sky, and Twitter. Or you could just look on his own website, which is deviating.net. I'll have all these links in the show notes.
Darknet Diaries
134: Deviant
Just check the description of this episode. The show is made by me, The Tarnished, Jack Reciter. Editing and assembly by The Omen Killer, Tristan Ledger. Mixing by Proximity Sound. And our theme music is by the dreamlike Breakmaster Cylinder. And even though the only dates I get are updates, this is Darknet Diaries.
Darknet Diaries
134: Deviant
This resulted in them calling him back to the office to do a full penetration test. This law firm did not like that those office doors could be opened with just a basic folder. by just shimming it in between the latch and the door. And they wanted to know what else in this building was not secure. And this got Deviant even more into bypassing doors and picking locks and breaking into rooms.
Darknet Diaries
134: Deviant
Deviant was good friends with Dark Tangent, who's the organizer of the hacker conferences Defcon and Black Hat. And Dark Tangent told him, this lockpicking thing is really catching fire.
Darknet Diaries
134: Deviant
The first DEFCON I ever went to was DEFCON 17 in 2009 at the Riviera. And that's where I went up into the lockpick village and saw Deviant demonstrate how the inner mechanics of a lock worked. And he put a ray contention bar in my hand and had me practice how to get a lock open. I was fascinated by what he taught me that day. And that's where I bought my first lockpick set.
Darknet Diaries
134: Deviant
And the lockpick village has grown since then. I also remember a contest that year, which had people try to escape from jail. The premise is that you woke up in a jail, but you had your lockpicks with you. So you have to first undo your handcuffs and then pick open the cell door and then pickpocket the guard and then get the lock open to the jailhouse. It was hilarious.
Darknet Diaries
134: Deviant
And there are a million ways to get a locked door open. You don't always need to pick it. In that law firm, it seemed that the latches in the door were installed incorrectly. And by putting a piece of plastic between the door and the frame, you could shim it open. I've also seen whole doors installed backwards where the hinges are on the outside.
Darknet Diaries
134: Deviant
So you could come in with a hammer and nail and just pop the hinges off and take the whole door off without having to touch the lock at all. And so throughout the years, Deviant has been getting better and better at understanding locks and doors and physical security measures, and I consider him one of the masters in this space.
Darknet Diaries
134: Deviant
In fact, I'm willing to bet that Deviant has actually given more talks at security conferences than anyone else.
Darknet Diaries
134: Deviant
300 or 400 talks about physical penetration testing. Yowzers. How in the world am I going to fit all that information into a one-hour episode? Hmm. All right, I got a plan. I think I'm going to take a break, play Elden Ring for like 200 hours, and then listen to like as many of his videos and then come back later. Okay, that was fun. And through the magic of editing, I'm back.
Darknet Diaries
134: Deviant
And there's some good stuff that he talks about there. My favorite talk of his is this one.
Darknet Diaries
134: Deviant
Because here's the thing. This is a full one-hour talk of him and his friend Howard Payne going over so many ways that you can take over an elevator, hack an elevator, and make it do stuff that you shouldn't be able to do. But since this was a talk in Las Vegas where there are a lot of elevators, DEF CON was a bit worried about what people would do with this information.
Darknet Diaries
134: Deviant
So they pushed the talk back to be on the last day and the last talk of the last day when people were flying home. So it was kind of a hidden talk where most attendees had already gone. But it's the most watched video of all of DEF CON's videos on YouTube. And so it's no secret anymore. And I think you should watch this video too on elevator hacking.
Darknet Diaries
134: Deviant
It'll make you think differently about elevators after you see it. Like, for instance, you may have been in an elevator where you couldn't get to certain floors unless you scan a key card. Deviant can bypass that. He can get on an elevator and then get it to go to whatever floor he wants. He shows you that there are some common keys that a lot of elevators use, and they aren't hard to get.
Darknet Diaries
134: Deviant
Drilling through a six-foot concrete wall. That must have taken a very long time. In fact, the criminals spent all weekend down there while the bank was closed so they can make a lot of noise without getting caught.
Darknet Diaries
134: Deviant
So elevators aren't as secure as you think. You should probably consider them to be like doors, where you really should test the security of them, and not like an elevator, which is just some mysterious box that goes up and down that only the elevator technician knows how to control.
Darknet Diaries
134: Deviant
It's one of those things that I just never thought about, that's something you need to secure in your building or office. And that's what's fun about Deviant, is how he has all this knowledge of bypassing physical security measures, and then he loves teaching that to others. I just imagine you at this point having...
Darknet Diaries
134: Deviant
I don't know, some sort of matrix style view into locks and security mechanisms that you see. Like when you pop into an elevator, you just immediately start looking at what kind of key is in this elevator. How can I turn it on off? Any door that you look at. Is that true? Are you just kind of like zoomed in on any lock you ever see?
Darknet Diaries
134: Deviant
There was a strange paradigm shift when it was you who taught me how to pick a lock for the first time, right? And I brought it home and I showed my friend and it just so happened that my friend's mother was a locksmith. And she's like, you are not allowed to know this. Like, I asked her in the past, like, hey, can you teach me how to pick a lock? She's like, nope, I'm not allowed.
Darknet Diaries
134: Deviant
I got, like, a locksmith code I can't show you. Like, it's just, sorry. And so when I came home and I said, here, let me try opening your front door. I want to see if I can do it. And she saw the tools that I had. She was just flabbergasted by it. And it gives me this kind of weird thing of, like, this is kind of sacred knowledge. Why don't locksmiths, why aren't they physical penetration testers?
Darknet Diaries
134: Deviant
Like, how come that wasn't just an easy, hey, like you said, on that job you had, we need a locksmith here. They didn't think, well, let's get a physical penetration tester here. And a locksmith doesn't consider themselves a physical penetration tester. So why is there a gap there? Why isn't it all blend together? Do you have any thoughts on that?
Darknet Diaries
142: Axact
Okay, we're recording. So I'm going to call my dad because he's going on about something in emails and I just have to clarify what in the world is happening.
Darknet Diaries
142: Axact
We trust that they're hashing it or encrypting it so they can't see it even if they wanted. But here's a clear example of what could go wrong if we trust a website too much. Exact employees could see the user's passwords and try using those passwords on their social media accounts to see if they reuse the password there.
Darknet Diaries
142: Axact
And they would sometimes be able to log in to Facebook or LinkedIn or even their email inboxes.
Darknet Diaries
142: Axact
Okay, but why are exact employees even logging into people's Facebook accounts at all?
Darknet Diaries
142: Axact
Dang, dude, this is the bunk. That's what this is. Fake university, hacking into students' accounts and fake degrees. It's a scam. It's a big, big scam.
Darknet Diaries
142: Axact
Wait, hold on a second. It was just like a light with a plastic piece in front of it?
Darknet Diaries
142: Axact
Man, you know what? I've made accounts on these career websites before, and yet it seems like the moment you apply for a job or post your resume, you instantly get flooded with emails about jobs you're seeking, and it's extremely hard to unstick yourself from this relentless barrage of job opportunities.
Darknet Diaries
142: Axact
It's almost like these sites have an active data breach or are selling your data as soon as you give it to them. Once, I applied for a job in 2008. On one of these job recruitment sites. And I'm still getting emails from people today saying they found the perfect job for me. Alright, we at step one yet?
Darknet Diaries
142: Axact
Didn't any of this feel wrong? Like, were you maybe thinking twice about giving someone a fake degree?
Darknet Diaries
142: Axact
Yeah, I did. I did go to a Google office once. And I remember they had free food for the employees. There were free rides to work. There was a place you can get your hair cut in the parking lot. They were given car washes in the parking lot.
Darknet Diaries
142: Axact
I mean, at this point, they had to know that this is not a real school or a real degree, right?
Darknet Diaries
142: Axact
Now, while Fazal told me they never sold fake medical degrees, I did find some evidence that nurses and psychiatrists were buying degrees from this company. I mean, listen to this. This is the CBC News out there in Canada.
Darknet Diaries
142: Axact
We're going to take an ad break here, but stay with us. There's more steps that Fazal is going to tell us about. And I'm really curious to see who's behind this whole thing. This episode is sponsored by Arctic Wolf. Arctic Wolf, an industry leader in managed security operations, surveyed a thousand security and IT professionals across the globe to better understand them.
Darknet Diaries
142: Axact
What are their top priorities, current challenges, and future concerns? This survey revealed some startling findings, and you can discover them all in the State of Cybersecurity 2024 Trends Report. Learn why the number of insider threats spikes severely, what lessons can be learned from the year-over-year change, and how many organizations disclose a breach
Darknet Diaries
142: Axact
and what cyber attacks struck 70% of organizations. Download the State of Cybersecurity 2024 Trends Report today at arcticwolf.com forward slash darknet.
Darknet Diaries
142: Axact
There was one university that was created out of thin air called Newford University, and they had a whole promotional video. Here, this is the head of the university talking.
Darknet Diaries
142: Axact
Here's another one from Droumont University, a fake university created by Agsact.
Darknet Diaries
142: Axact
Okay, I think it's pretty shady to not only lie to your customers, to make them think that this school is real, but to also pose as a teacher and act like an expert in your field and give students a bad education. It's one thing just to sell them a fake degree, but it's a whole nother thing to like give them a false sense of knowledge of anything. I just think that's a pretty dirty trick.
Darknet Diaries
142: Axact
The marketing team was pretty good at drumming up new victims for this scam. They would spend a lot of money on Google ads, hyper-targeting certain degrees and regions, scraping resumes off job sites, targeting people on social media, and running SEO campaigns to get their school ranked higher in the search results. How much do you think this company was making from all this?
Darknet Diaries
142: Axact
Alright, so you told me step one and step two. Are there more steps to this? Like, I just imagine you could just keep rinsing and repeating. Start over, take that victim, sell him another degree.
Darknet Diaries
142: Axact
This episode is brought to you by SpyCloud. For some people, ignorance is bliss. But for you, as a security practitioner, that's not the case. I went to spycloud.com to check into my darknet exposure, and I won't tell you what it is, but spoiler alert, I found some things that are pretty eye-opening.
Darknet Diaries
142: Axact
Wow, this is just getting nuttier and nuttier. And you know, it's the classic con game that once you get someone on the hook for a little bit of money, you can just keep upping it and upping it. And it works because that person has already gave you some money. We humans have this flaw in our operating system regarding sunk costs.
Darknet Diaries
142: Axact
It's hard for us to break off of something that we've already poured a lot of money and time into. So at this point, these people have already spent thousands of dollars on their fake degree. And it's just from that alone that this whole thing becomes important to them, that they don't want to lose it. And since it's already cost them thousands, they're like, okay, I'll pay a couple thousand more.
Darknet Diaries
142: Axact
And this is called the sunk cost fallacy. And it's crazy how effective it is against us.
Darknet Diaries
142: Axact
So not only are people getting extorted by X-Act, but these degrees were catching up with people. There was one guy who bought a fake degree, and then he got a job as a criminal forensic psychologist. And he used his degree to get the job. And then he worked on 700 cases, giving his expert advice on them before they found out he had a fake degree. They arrested him and threw him in jail for that.
Darknet Diaries
142: Axact
And I think they had to reopen all those cases that he was an expert forensic psychologist on. And there was this Olympic diving coach who got in trouble for using his fake degree to get a job as a diving coach at Indiana University.
Darknet Diaries
142: Axact
From breach exposures to info stealing malware infections, knowing what criminals know about you and your business is the first step to setting things right.
Darknet Diaries
142: Axact
Oh my God, now they're converting the victims into money mules? Okay, so a money mule is someone who accepts like stolen money from someone else and then sends that to scammers. And this makes it harder for banks and law enforcement to detect where stolen money is going. And the money mule typically doesn't know that what they're doing is illegal.
Darknet Diaries
142: Axact
And the deal is that they can keep like a percent of the money coming through their bank account. And they do very little to earn this. Just let the money come in and then write the check to send to someone else. And so Exact had this whole system of moving money around to avoid detection and shut down.
Darknet Diaries
142: Axact
It's easy for big banks to recognize which bank accounts that might be connected to exact and just stop those transactions. But if they're constantly shifting the money and it's flowing all around, the big banks just can't detect this very easily to stop it.
Darknet Diaries
142: Axact
Dang. You know, honestly, I got to hand it to this exact company. It is really an impressive operation that they had set up. I mean, thousands of employees and a lot of them being highly skilled IT workers, building websites and doing all kinds of pretty advanced marketing. But also they got this business model just divine. dialed in.
Darknet Diaries
142: Axact
resetting stolen passwords and addressing the enterprise access points that have been stolen by malware helps you protect your business from ransomware account takeovers and online fraud with spy cloud you have a trusted partner to fight the good fight with their automated solutions which is built on over 350 billion recaptured assets from the criminal underground ensure you're not in the dark when it comes to your company's exposure to cybercrime
Darknet Diaries
142: Axact
They figured out the perfect template to start a fake university, get victims to come onto the sites, and then scam them out of a ton of money, and then get that money funneled through different mules and offshore accounts, and then to do it all at scale, just hiring more and more and more and doing this every day, making their workers work 29 days a month.
Darknet Diaries
142: Axact
I mean, Exact was growing leaps and bounds and they were setting up hundreds of sites. Here, let me just list a whole bunch of these sites for you real quick. There was the Al Arab University, Alford High School, Alameda University. Okay, this one's got a Wikipedia entry. Let me see what's going on here. Oh man.
Darknet Diaries
142: Axact
So apparently they were selling like some law enforcement training and apparently a bunch of cops had gotten some fake degrees or training from this website and then got jobs based off their fake training. and got in trouble for this. Gosh, it always wrecks me to see people in authority breaking the rules. It just shatters my trust in like the system every time.
Darknet Diaries
142: Axact
Listen, I was trying to get... I couldn't quite make it out, understand what it is you're talking about in these emails. So I wanted to call you to get clarification. My emails. Yeah. So you bought a TV in Mexico. Explain this story to me. Wow.
Darknet Diaries
142: Axact
Okay, so there's like so many of these sites. Barclay University, Bayview University, Bay City University, Baytown University, Chapel University, Columbiana University, Fort Jones University, McGraw University, James Harding University, Pine Hill University, Western Advanced Central University. There's just so many, just so, so many of these.
Darknet Diaries
142: Axact
It's like once they figured out the game, they just kept copying and pasting and expanding and maximizing profits. So who's masterminding this whole thing? Who figured all this out? Well, exact was found by a guy named Shoaib Ahmed Sheikh.
Darknet Diaries
142: Axact
this is interesting, right? A guy who's running a fake degree scam is also controlling the press. He's got a lot of money and it's pretty influential.
Darknet Diaries
142: Axact
The exact website says Shoaib has set up schools, food and shelter systems, and healthcare systems all through his charitable giving. And he himself graduated from one of Pakistan's most prestigious business universities. So he clearly has great business skills. But he's not the only one running this company.
Darknet Diaries
142: Axact
But I'm having a hard time finding a clear corporate structure showing exactly who's there. And I just don't know how many executives were involved. And it's possible that one of the other executives made up this scheme and got this whole thing going. And maybe Schwabe just doesn't know that there's like a big scam going on. I can't.
Darknet Diaries
142: Axact
I just I don't personally believe that theory that he wouldn't know that what's going on in his own company. And one reason is because of what happened in 2009. All right. So in 2009, a woman from Michigan got her online high school diploma from an exact school called Belford High School. And I guess she felt like they lied to her. She must have paid for classes and enrolled in the school.
Darknet Diaries
142: Axact
But then when she got her diploma and realized it was fake, she sued exact. And that case got turned into a class action lawsuit. There were 30,000 people who were also listed in this lawsuit suing exact. The lawyer representing the victim said he heard hundreds of people give stories about how they felt like they were tricked by this scheme. So imagine being exact in this moment, okay?
Darknet Diaries
142: Axact
To get your full Darknet exposure report, visit spycloud.com slash darknetdiaries. That's spycloud.com slash darknetdiaries. This episode is sponsored by Delete Me. In episode 133, I spoke to Connor Tumbleson about some people from who knows where who were stealing his identity. Luckily, they weren't out to destroy his reputation or extort him, but think of the damage that could be done.
Darknet Diaries
142: Axact
30,000 people are suing you and you need to represent yourself in court in the U.S., So do you go? Do you go to court? No, no, God, no. X-Acto does not want to show up in court because it would absolutely taint their record no matter what the outcome would be, right? But a defendant did show up to court. Some Pakistani guy, and his name was Salem Qureshi, and nobody had ever heard of him before.
Darknet Diaries
142: Axact
He doesn't seem to be involved with X-Acto at all. Like, he's not someone from their legal team or executive team. So what's he doing here in court? And what's he got to say? Salem spoke up in court and he's like, okay, listen, it was me who made the Belford High School website. I just made the whole thing up inside my apartment. And yeah, I can understand why people feel tricked. I'm sorry.
Darknet Diaries
142: Axact
I'm not affiliated with Xact, but I was the one who made the thing. In fact, this guy, Salem, didn't even go to court. He just phoned it in. He only did like a short video call from some dimly lit apartment. And he said he was in Karachi, Pakistan at the time. The prosecuting lawyer is like, no, no, no, hold on. The mailbox for Belford High School is the same mailbox for Exact.
Darknet Diaries
142: Axact
And Salem is like, oh yeah, that must have been a mistake. I'm not connected to Exact at all. And yep, that's my mailbox. And the judge was like, the judge is like, okay, Salem, you said you did it. So you're guilty. And Salem took the fall. So in 2012, the court ordered him to pay $22.7 million to the plaintiffs. But Salem just LOL'd right out and disappeared.
Darknet Diaries
142: Axact
He hasn't paid a cent of that since 2012. And investigators tried to find him, but nobody can. He's hiding out somewhere in Pakistan. I got to say, that is a brilliant legal move. If that was the work of Xact's legal team, right? To just grab some guy to like block your whole incoming lawsuit and then just make the whole thing disappear. I mean, really, honestly, hats off for that.
Darknet Diaries
142: Axact
That is such a ridiculous move. And it worked so effectively. Why doesn't everyone do that? I mean, if I ever get sued, I'm just going to grab someone and be like, hey, can you say you're Jack and just like take the blame? It's just so comical that this simple, stupid trick worked. Like, why didn't the court see through this and be like, no, no, no, no, hold on a second.
Darknet Diaries
142: Axact
Oh, this is just, I can't get over this. Okay. Serious face. So at this point of the story, a new protagonist shows up. His name is Declan Walsh. Now, I reached out to Declan, like, at least three times. I emailed him. I tweeted at him. I even went through some of his friends, but no response. The dude is mad busy, and I don't blame him for not responding. But at least I tried, right?
Darknet Diaries
142: Axact
Anyway, it doesn't matter because he left a mark on this story and documented everything along the way. Declan Walsh is a reporter for The New York Times, and he was doing a bunch of stories in Pakistan and saw this and was like... wait a minute, there's something not right about this company, Exact, and investigated. In fact, he spent two years investigating this story.
Darknet Diaries
142: Axact
He spoke with a bunch of people who worked at Exact, and he talked to people who bought fake degrees from there. He even spoke with Fazal, the same guy you heard earlier. I mean, it was really phenomenal reporting what he did. And he published a really good article in the All the shenanigans that Xact was getting up to.
Darknet Diaries
142: Axact
And he found that Xact had set up over 300 websites of fake schools and like 18 of them were accrediting bodies, fake accrediting bodies, you know, like places that confirm a school is legitimate. Dang, that's just like a lot of schools that he's made up. So much work went into building this company. Yeah, well, when Declan's New York Times article was published, it rippled through Pakistan.
Darknet Diaries
142: Axact
People were mad. What's up with this? It looked really bad for a Pakistani company to be so scammy, you know? So the FIA, which is like Pakistan's FBI, was like, OK, OK, we'll check into it. We'll see if there's any fraud here. Meanwhile, Xact's lawyers are sending letters to the New York Times like, Hey, you're writing lies about us. We don't like it. It's baseless and defamatory.
Darknet Diaries
142: Axact
We're going to pursue strict legal action against you. But the FIA was investigating Xact. And yeah, they found enough evidence to open a case. What's more is they really didn't like the kind of bullying behavior that they were trying to scam customers out of more money by threatening them and deceiving them. So the FIA took action. They raided the offices of EXACT.
Darknet Diaries
142: Axact
We all have data out there, which data brokers use to make profit. Anyone on the web can buy your private details to do anything they want. This can lead to identity theft, phishing attempts, harassment, and unwanted spam calls. But there's a solution called Delete Me. Take control of your data and keep your private life private by signing up for Delete Me.
Darknet Diaries
142: Axact
And they just started grabbing everything once they got in there. Computers, documents, people. But absolutely none of the executives were around during the raid, which is kind of suspicious. Like, how did those executives know not to come in the office that day? But the people they did grab, they questioned them and just let them go.
Darknet Diaries
142: Axact
They found in the building next to Exact is where they were printing all the fake degrees. They had printers there and fancy paper, everything. And they just took it all. And at this point... The timeline becomes very dizzying to me. I tried my best to like get it all sorted out, but it's just, it's fuzzy. There's some gaps, I'm sure. But I'll do what I can to explain what I think happened.
Darknet Diaries
142: Axact
But I'll just let you know this story from here on out is kind of difficult to know exactly what happened. So the FIA raids the exact offices, right? But they didn't arrest anyone. Well, with the information they gathered from the raid, they found enough evidence to put out arrest warrants for 23 people, including the CEO, Shuaib Shaikh.
Darknet Diaries
142: Axact
I can't tell if any of them were actually caught or arrested or if they turned themselves in or did any jail time at all. And I can't even tell you who the 23 people are that had arrest warrants out for them. I'm assuming they were executives or people involved.
Darknet Diaries
142: Axact
Actually, I did see an article that said Schwab's wife was one of the people with arrest warrants, but hers was dismissed because they didn't have enough evidence on her. But I did read that all 23 people who did get arrest warrants were just like quickly released on bail. So I don't know if they did any jail time or just maybe a day or two before leaving.
Darknet Diaries
142: Axact
And during that FIA investigation, they found that guy Salem, the guy who took the fall for the class action lawsuit a few years back. He admitted that Xact had paid him to take the fall. In fact, when he was appearing on video in court, he only acted like he was moving his lips. And then some Xact official was like off camera saying the things for him.
Darknet Diaries
142: Axact
And then they paid him $250 to go into hiding and disappear. Well, the FIA was like, okay, we did our job. We gathered the evidence. We raided the office. We arrested some folks. Court, it's now on you to finish up and sentence them. There's documents that suggest that Exact made hundreds of millions of dollars from their scams. They took money from over 200,000 people around the world.
Darknet Diaries
142: Axact
And this means it was one of the biggest scams of all time. Stephen Colbert even joked about this. Here, listen to this.
Darknet Diaries
142: Axact
Fake college should be free. I agree, Stephen. Fake college should always be free. Now, before the sentence could be carried out, this guy, Judge Memon, suddenly and out of the blue acquitted all of the people who were accused. Like somehow the number was now at 27 people being accused. So Schwabe and 26 others just all had their charges dropped just by the judge.
Darknet Diaries
142: Axact
It was just unreal. But the Pakistani court's like, whoa, whoa, whoa, hold on, wait, what just happened? And they looked into this guy, Judge Memon, further, and they found that he accepted a bribe from Shoaib for about $18,000 to just acquit everyone. And once the court found out about this bribe, they fired the judge and unacquitted all 27 people involved and reopened all the cases.
Darknet Diaries
142: Axact
One guy was pretty unlucky in all this, Umair Hameed. He was the vice president of EXACT. And guess what? He was living in the U.S. So the authorities were able to nab him and he pled guilty. He had no escape from the U.S. justice system. There was no one to like put in front of him and say, oh, it's this other guy. So he went to prison for like a year and a half.
Darknet Diaries
142: Axact
In 2018, the Pakistani Sessions Court found 23 exact employees and executives guilty of impersonation, cheating and dishonesty, forgery and aiding and abetting. And the judge is like, okay, I'm going to give you all your sentence now. But there's this moment in court where the judge is like, Where is everyone? None of the 23 defendants showed up to their sentencing hearing. None.
Darknet Diaries
142: Axact
So the judge is like, well, that's rude. I'm removing all your bail and I'm calling for your rearrest with no bail option this time. And then the court issued prison sentences for all 23 people. I think the highest that someone got was seven years in prison, but collectively it all added up to 20 years prison time. On top of that, they're all fined like a significant amount of rupees too.
Darknet Diaries
142: Axact
And also, somewhere in here, Shoaib lost control over Bowl, that TV studio he started. It looks like the Pakistan Electronic Media Regulatory Authority revoked the broadcasting license that Bowl had, I guess until Shoaib stepped down or something. But then in 2023, a different company came in and bought Bowl. So it's definitely out of his hands now. Okay, so that's that, right?
Darknet Diaries
142: Axact
Now at a special discount for my listeners, you can get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code DD20 at checkout. The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code DD20 at checkout. That's joindeleteme.com slash darknetdiaries code DD20. Hey, how's it going?
Darknet Diaries
142: Axact
23 people sentenced to prison for this whole exact degree email scam. You'd think exact would just like shutter its business and the CEO would just face his punishment. Well, no, not from what I could tell. Even though he was sentenced in 2018, it wasn't until 2023 that he was arrested. And don't ask me how he managed to stay free all that time.
Darknet Diaries
142: Axact
Like I said, the details here are just baffling to say the least, and I have a lot of questions, but apparently business went on as normal and exact. And there's a video of the FIA arresting the CEO of Schwab at the Islamabad airport. I'll try to describe the scene to you.
Darknet Diaries
142: Axact
Schwab's wearing like a black polo shirt, and he's looking very calm and a little confused, but not struggling or yelling or anything. And they put him in a car and they drive him away. Kind of uneventful. And even after all that, there's still a lot of people on his side, like the Bull news station was saying things like, he's being abducted. We don't know where they took him.
Darknet Diaries
142: Axact
And they're only arresting him because he supports Imran Khan. And this whole arrest is a violation of freedom of speech. Well, you can guess his arrest didn't last long. I believe he only spent two days in jail and then was released. And all I can find is that he submitted documents to the FIA who then let him go based off those documents.
Darknet Diaries
142: Axact
Exact, it looks to me that they're still in operation and the CEO did not serve his prison sentence and I guess is doing just fine out in the world. I guess, what could he be doing? Appealing the case? That's possible. Maybe he just has some deals with people to like, don't like arrest him anymore or just like drop the case. I don't know.
Darknet Diaries
142: Axact
It's just too hard for me to cut through the noise to find answers of what's going on over there. My guess is that with his wealth and power, he just has a lot of pull in that country. Politicians and government officials have been very vocal that they're on his side. And who knows what they're doing to help him get out of all this mess.
Darknet Diaries
142: Axact
I have a feeling that this is not the last time we'll hear about Exact. And I'm really curious what they get up to next. A big thank you to Fazal, which is not his real name, for sharing this story with us. And if it wasn't for him bringing me this story and telling me all about this, I wouldn't even know about this. Oh, and thanks to Srikanth Joshi for doing the voice acting on this one.
Darknet Diaries
142: Axact
If you're looking for a new shirt, I got your back. Go to shop.darknetdiaries.com and check it out. I think there are over 50 different shirt designs there, and I guarantee you're going to find one you love. So please check out the shop. This episode was created by me, the TikTok tiger, Jack Recyder. Sound design by the wily whiskered Andrew Merriweather.
Darknet Diaries
142: Axact
This episode was assembled by the strewn perfumed raccoon, Tristan Ledger. Mixing done by Proximity Sounder. Our theme music is by the mysterious Breakmaster Cylinder. What happens if you severely overclock a PC? It goes up in frames. This is Darknet Diaries.
Darknet Diaries
142: Axact
Yeah, sure, of course. I won't use your voice. Okay, listen. Come closer, come closer. This is a forbidden interview. The powers that be do not want this guy telling you his story. So I got to do my part and keep him a secret. But I want to tell you this story so bad. So what you heard there was a voice actor.
Darknet Diaries
142: Axact
And he's just going to be reading the transcript for you of the interview I did with him. But the other thing is, I've got to conceal this guy's name. So we're just going to make up a name and call him Fazal.
Darknet Diaries
142: Axact
Fazal would answer the phones all day in a call center. He'd sit at a computer, put his headset on, and wait for a call. And when one would come in, he'd see on the screen what company this person is calling about. And he would handle customer support for a handful of different companies. Customers would ask about their account or trouble with their service.
Darknet Diaries
142: Axact
And because he knew English and could speak clearly, he was pretty good at doing this call center work.
Darknet Diaries
142: Axact
Exact's website says they're a leader in IT globally. And it looks like it's a very impressive company. I mean, they've got a recruitment video. Here, let's take a listen to this.
Darknet Diaries
142: Axact
A whole group of them applied to work at EXACT and they all got the job. It was a much better place than where they were used to. They were in a six-story building and the pay was much better.
Darknet Diaries
142: Axact
He was answering calls, helping students out with the stuff they needed. But it was also commission-based. Basically, he'd be sitting around waiting for a phone to ring. And if somebody were to call and ask about, like, a program at the school, he was supposed to try to get them to sign up for classes. And if he could, he'd get some extra money from making the sale.
Darknet Diaries
142: Axact
Fazal talked to his boss and was like, how come these other teams are making so much more money than I am? Is there a way that I can get a better client or something? So his boss says,
Darknet Diaries
142: Axact
There is something here. We have a brand new client. It just came on board. And they're called Bayview. No, Bayville. Bay City University. Yeah, Bay City University. That sounds good. They're the same kind of thing that you've been doing. You've got to help students with their online classes.
Darknet Diaries
142: Axact
Afazal's like, alright, sure. So they brought him over to this account. Bay City University. No, Baytown University. Yeah, that sounds better.
Darknet Diaries
142: Axact
The webmasters got to work at creating the university's website, baytownuniversity.com. It said they've got scholarships, a robust alumni network, student aid, and the school was ranked number four in the country. Come take classes and get a great career at Baytown University.
Darknet Diaries
142: Axact
It took a couple of weeks to fully integrate this university and get everyone trained up on it. Then Fazal started getting emails and calls from students interested in signing up. Basically, people were asking about classes there, and Fazal had to try to get them to enroll. And if he could, he'd get a commission. Hi, can you tell me about your teaching degree? Oh, you called at the perfect time.
Darknet Diaries
142: Axact
Yes, of course I can. We have one of the best schools in the country. Our professors all come from the highest rated universities, and our students typically go on to make great money after getting their degree. We also have an accelerated program where you can earn your degree fairly quickly. Oh, and did I mention that because we're online, we're one of the cheapest schools around?
Darknet Diaries
142: Axact
The sooner we can get you enrolled, the sooner we can get your degree. Our next classes are starting up in two days. If we can get you signed up in the next 24 hours, we can get you enrolled in this semester's classes. Are you ready to get started? But Fazal was looking at this website and checked into it. And this school did not exist last month. This university is brand new.
Darknet Diaries
142: Axact
There are no reviews about it or people talking about it. And he looked at the address. It was a U.S. address. And he typed that into Google Maps. And there's no building there.
Darknet Diaries
142: Axact
Like, well, so it was, um, like you turn the screen, like you, like that's the channel it was on.
Darknet Diaries
142: Axact
Ooh, that's an interesting psychological trick, huh? To set up the classes in a way that you could easily skip through the material and just finish the whole course in a couple minutes. This made it seem like the students were the cheaters here, not the school. Which kind of brings them in on the scam even more, you know? To make it feel like they're the ones scamming the school, almost.
Darknet Diaries
142: Axact
The web team did great work at building this university's website. They listed a bunch of accrediting bodies. And if you go on the accrediting bodies websites, you see this school is approved. But the accrediting bodies were all made up too. They even went so far as to put on the website that the school is endorsed by Senator John Kerry, even though John Kerry never actually endorsed it.
Darknet Diaries
142: Axact
Now, this school website, besides it being a scam, had another dark side to it. Here, check this out. So if a potential student was interested in going to school here, they could ask for more information about classes on the website or whatever. But to do that, the website would make the potential student create an account on the school website.
Darknet Diaries
142: Axact
And they'd create an account on this site and it would ask you for things like your Facebook profile, your Twitter profile, your LinkedIn profile. And I mean, this isn't so much of a stretch to ask, right? I mean, I've probably been on dozens of sites that have asked me for my social media profiles too.
Darknet Diaries
142: Axact
Well, no. So the KFC has screens, has like TVs that are menus. The TV is a menu. So you sure it wasn't just on the. No. What was it?
Darknet Diaries
142: Axact
But then all this information is wrapped up and given to Fazal to try to follow up and make the sale.
Darknet Diaries
142: Axact
That's not creepy. That's awful. So when you put your password into the school's website, they would just hand that password right to Fazal so he could do whatever he wanted with it. And this is a really good reminder that when we log in somewhere, anywhere, we're giving our password to the app or the website. I mean, we trust that they aren't looking at our password or storing it in clear text.
Darknet Diaries
148: Dubsnatch
I was just reading up on these Beatles superfans called Apple Scruffs. They weren't the crazy fans you see screaming their heads off, trying to grab at the Beatles any chance they could. No, the Apple Scruffs thought that was lame. They liked the Beatles so much that they dedicated years of their life to trying to support the Beatles. They were like, look, the Beatles are important.
Darknet Diaries
148: Dubsnatch
With big wireless providers, what you see is what you get. Somewhere between the store and your first month's bill, the price you thought you were paying magically skyrockets. With Mint Mobile, you'll never have to worry about gotchas ever again. When Mint Mobile says $15 a month when you purchase a three month plan, they mean it.
Darknet Diaries
148: Dubsnatch
So while I'm researching this episode, dolphin after dolphin kept showing up as the lead singer in all these songs, and it's driving me crazy. Is this a thing? So I Googled it, and no, nobody knows about this. There's no results about this. So I started formulating my own theories, and I've been dying to ask you about this. Okay, so first of all, dolphins are one of my top five favorite animals.
Darknet Diaries
148: Dubsnatch
I love dolphins. They're so smart and amazing to watch. So for me to find a whole genre of music that has one of my favorite animals featured in it, song after song, it's gorgeous to me.
Darknet Diaries
148: Dubsnatch
So I wonder if just the dubstep community loves dolphins as much as I do.
Darknet Diaries
148: Dubsnatch
I also wonder if there are sounds in the dolphin language that speak to us in a really profound way. Like it might express an emotion that we just don't have words for in English. But dolphins do. And they can somehow teach us more about ourselves. And dubstep artists add these sounds in because they know the power of dolphins and want to help us ascend to new heights.
Darknet Diaries
148: Dubsnatch
And the other thing I wonder is, since this is such a popular part of dubstep, if the dolphin is like a secret mascot, like if you go to EDM parties, would I see people with dolphin stickers and patches and tattoos all representing some inner group where you're like not allowed in certain parties unless you have like a dolphin tattoo or something? It's a secret society. Okay, sorry.
Darknet Diaries
148: Dubsnatch
I refuse to believe that's a total accident. But when I Google this, nobody is talking about this, so I feel like it's some closely guarded secret. But whatever. We're moving on. So Professor Dubstep was loving all these early tracks, but only trading with a select few people.
Darknet Diaries
148: Dubsnatch
All plans come with high-speed data, unlimited talk and text, and you can use your own phone with any Mint Mobile plan and bring your phone number along with your existing contacts. To get this new customer offer with your new three-month premium wireless plan for just $15 a month, go to mintmobile.com. That's mintmobile.com slash darknet.
Darknet Diaries
148: Dubsnatch
Dino Driller somehow got the attention of Excision, who was a big-time dubstep artist. Excision had quite a few big hits and was pretty popular, and saw how Dino Driller was trying to come up in the scene.
Darknet Diaries
148: Dubsnatch
What do these chirps mean? Okay, so Excision and Dino Driller were working together at Excision's house, making some cool music, and he was really helping Dino Driller out a lot, actually. But since Dino was also into trading unreleased tracks... He couldn't help but wonder, what unreleased stuff does Excision have? And being right there in his house made him very curious.
Darknet Diaries
148: Dubsnatch
One day, Excision invited Dino Driller to come over and work on some music while he's at the gym. This meant Dino Driller was going to be there alone. So he gets on Skype to tell Professor Dubstep and Spintire the plan.
Darknet Diaries
148: Dubsnatch
Oh my gosh. So Excision wasn't around and trusted. This is betrayal at this point. He trusted Dino to come on in when I'm not around. It's cool. You're a musician. I like your stuff. We're hanging out. We're friends. Yeah. And now Dino's like, it's working as planned. I've got full access to your stuff.
Darknet Diaries
148: Dubsnatch
Cut your wireless bill to $15 a month at mintmobile.com slash darknet. $45 upfront payment required, equivalent to $15 a month. New customers on first three-month plan only. Speed slower above 40 gigabytes on unlimited plan. Additional taxes, fees, and restrictions apply. See Mint Mobile for details. Support for this episode comes from Delete Me. Feels like a war out there.
Darknet Diaries
148: Dubsnatch
Dino was pretty careful to just copy everything right there in the house and put it all back exactly where it was so Excision wouldn't know anything got taken. And then he passed it around.
Darknet Diaries
148: Dubsnatch
The traders like this idea of providing the public this stuff. It gives them a thrill. They're like, oh, look at that. I'm getting a lot of upvotes, getting a lot of downloads, making some waves, got an article written about it. This is going great. That's what they thrive on, right?
Darknet Diaries
148: Dubsnatch
We're going to take an ad break here, but stay with us because this story is going to go way off the rails. Support for this show comes from Black Hills Information Security. This is a company that does penetration testing, incident response, and active monitoring to help keep businesses secure. I know a few people who work over there, and I can vouch they do very good work.
Darknet Diaries
148: Dubsnatch
If you want to improve the security of your organization, give them a call. I'm sure they can help. But the founder of the company, John Strand, is a teacher, and he's made it a mission to make Black Hills Information Security world-class in security training. You can learn things like penetration testing, securing the cloud, breaching the cloud, digital forensics, and so much more.
Darknet Diaries
148: Dubsnatch
Companies all over trying to scrape and store all kinds of personal data about me. My phone number, address, family members, where I work, sexual orientation, club affiliations, income level, what kind of car I drive. It's just endless. And every now and then I Google myself and just get freaked out about the amount of data there is about me out there. This is why I use delete me.
Darknet Diaries
148: Dubsnatch
But get this, the whole thing is pay what you can. Black Hills believes that great intro security classes do not need to be expensive, and they are trying to break down barriers to get more people into the security field. And if you decide to pay over $195, you get six months access to the MetaCTF Cyber Range, which is great for practicing your skills and showing them off to potential employers.
Darknet Diaries
148: Dubsnatch
Head on over to blackhillsinfosec.com to learn more about what services they offer and find links to their webcasts to get some world-class training. That's BlackHillsInfosec.com. BlackHillsInfosec.com.
Darknet Diaries
148: Dubsnatch
That's some balls, you know? To go to a live show, see that performing artist you like, and then to steal their files right from under their nose.
Darknet Diaries
148: Dubsnatch
Holy moly, the lengths these people go to to get unreleased music is unreal. And I think it's a testament to just how dedicated and motivated the fans were to hear more, to get the latest stuff. Like you don't see consumers just like going to a sewing trade show and stealing the latest sewing machine from the demo booth, you know, because that passion doesn't exist there.
Darknet Diaries
148: Dubsnatch
Music has this way to give us a meaning to life. It can be our therapist, our best friend, our lover, and our dance partner. It moves us in a way that not much else can. So some people would risk getting arrested to steal a thumb drive with new music on it.
Darknet Diaries
148: Dubsnatch
I registered there and told them what to look for about me. They were able to discover what sites have data on me and took steps to get that information removed for me. That's my favorite part. It's like getting help in this war. Their scouts know exactly where to look and they'll tell me what they found about me.
Darknet Diaries
148: Dubsnatch
It's also interesting to just parse the idea that music is just files. It's data on a computer or a USB drive in this case. And I never thought about applying cybersecurity to music, you know? Like it's acoustic sound waves, not computer files, but no, it is computer files. And so it needs its own version of cybersecurity too. Okay, so let's talk about Reddit.
Darknet Diaries
148: Dubsnatch
The pop and subreddit for all this was Xtrail. which is a place to post links to unofficial dubstep music. You know, live recordings from concerts, radio mixes, stuff that wasn't on the artist's official Spotify or YouTube or SoundCloud, but it is from that artist. And these alternate versions are sometimes better than the original version.
Darknet Diaries
148: Dubsnatch
How do we make their lives better? So they spent tons of time figuring out the exact location of where the Beatles would be every day and then go there to try to help, often holding back Beatlemania crowds or offering flowers or food or to run errands. And over time, they would get to know the Beatles.
Darknet Diaries
148: Dubsnatch
That's the nuanced thing about it, though. While people went crazy over leaked tracks and would get a lot of people excited, the subreddit had to take action on this to avoid being labeled as a leak site and get shut down. So they'd remove the leaks and ban the leakers.
Darknet Diaries
148: Dubsnatch
The Xchill subreddit is layered like an onion though. Basic stuff was on skin level. Peel it back and you find some juicier content. Traitors with rare stuff. There were rules though. No piracy allowed. And no posting unreleased music. But the rules were often abused.
Darknet Diaries
148: Dubsnatch
It really takes a certain set of eyes to understand what's going on in X-Show. Because even when something is posted, are you familiar enough with that band and that track to know if this is legit or made up or a leak at all?
Darknet Diaries
148: Dubsnatch
And if they can't remove it themselves, they'll give me recommendations on how to get it removed or mitigate it. Take control of your data and keep your private life private by signing up for Delete Me. Now at a special discount for Darknet Diaries listeners. Today, get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code DD20 at checkout.
Darknet Diaries
148: Dubsnatch
Skrillex is the biggest name in dubstep. He's a Grammy award-winning artist loved by millions of people. He has millions of followers on Twitter, too. To get his password on Skype is a pretty big deal.
Darknet Diaries
148: Dubsnatch
God, this is about to get insane. Huge database breaches with millions of usernames and password hashes. Combine that with the ravenous fans willing to stop at nothing to break into dubstep artists' digital lives and steal whatever they can to post it to Xtrill. And Skrillex is one of the first to get a working password for the biggest dubstep artist in the world.
Darknet Diaries
148: Dubsnatch
And dang, that is a sweet combination of Last.fm, Dropbox, and Myspace. pretty much means every dubstep artist would be somewhere in those database breaches. It was just a matter of finding the right username or email to use because those three sites were used a lot by musicians. Dropbox is extremely popular for file sharing.
Darknet Diaries
148: Dubsnatch
And if a musician has a label or a manager or someone else that they're collaborating with, sharing their work in progress on Dropbox is very common in this circle. Last.fm and MySpace are places where you can go to post your music, which when you're an up-and-coming artist, you definitely want to be posting everywhere. And yes, MySpace is still around.
Darknet Diaries
148: Dubsnatch
So, yeah, I'm just imagining, like, wait, hold on a second. We've got Skrillex's password. It works on an old Skype account. This has got to be the pinnacle of the whole story.
Darknet Diaries
148: Dubsnatch
The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code DD20 at checkout. That's joindeleteme.com slash darknetdiaries, code DD20.
Darknet Diaries
148: Dubsnatch
Nice job, Skrillex. Either he wasn't reusing passwords or heard about this database breach and changed all his passwords. Either way, he was ahead of the hackers here. And my goodness, if they got into Skrillex's Dropbox, that would be the most epic thing, to hear his latest stuff before anyone else. That would be insane.
Darknet Diaries
148: Dubsnatch
Hot diggity. That's, I mean, I don't know if you're seeing it the way I'm seeing it, but that's got to be the biggest find ever so far, at least in this story.
Darknet Diaries
148: Dubsnatch
Whoa, what a weird moral compass that is. They knew breaking into someone else's account is wrong. But their attitude was, if it's not us who breaks in, it'll surely be someone else who breaks in and they could cause big problems. So it's better that we do it so we can fix it.
Darknet Diaries
148: Dubsnatch
And for the incentive of getting in and fixing it, we'll just take a listen to whatever we find along the way and just keep it for ourselves.
Darknet Diaries
148: Dubsnatch
Oh, wow. Dino was that guy who stole things from Excision and then leaked that stuff to other people, then tried to blame Professor Dubstep for the leak.
Darknet Diaries
148: Dubsnatch
Oh, interesting. It's almost like there are two teams on this now, Spintire and Professor Dubstep, and then Dino and Shane. Spying on the other team might be really useful here.
Darknet Diaries
148: Dubsnatch
Oh, so Dino's talking with Shane like, hey, you have Professor Dubsteps. Do you see them in this at all in the data? Yeah, I see them in the database. Oh, cool. Let's check their password. Try logging in. Like, this is the chats you saw. And then it's like, no, it didn't work. Oh, bummer.
Darknet Diaries
148: Dubsnatch
Well, I mean, so what is your reaction to that? Like, if somebody's trying to hack me, I'd be like, whoa, whoa, whoa, this is now... I've got to be very careful with this person. How did you react to this?
Darknet Diaries
148: Dubsnatch
It's like, yeah, you're scared. You feel like, okay, I could be screwed here. This person is clearly attacking us. But you're in their Skype looking at their messages. So you're also attacking them.
Darknet Diaries
148: Dubsnatch
All this reminds me of one of those old heist movies where the criminals steal the cash, but then when they get away and they're all just sitting around looking at the stolen money and each other... They all start wondering if they can trust each other. Clearly, these are criminals you're working with, willing to break the law for this money. Are they going to steal it from me?
Darknet Diaries
148: Dubsnatch
And then you realize, yeah, someone is going to steal my cut. So then you steal their cut first and get out of there. Well, here we have both sides completely not trusting each other and are actively trying to hack into each other's accounts to keep an eye on them. But it's interesting that Dino was working with Shane, who was the moderator and owner of the Xtril subreddit.
Darknet Diaries
148: Dubsnatch
Through these chats, they could clearly see how involved Shane was in the trading scene. He really liked collecting dub plates and getting his hands on unreleased stuff.
Darknet Diaries
148: Dubsnatch
Professor Dubstep was into this band, Knife Party, and wanted to hear their new album, and saw Knife Party was interviewed on a podcast, and wondered if there was any mention of the new album in the interview. And there was! Not only did they talk about it, but Knife Party actually played a snippet from the new album! Whoa! Cool! Professor Dubstep is actually into making Dubstep music themself.
Darknet Diaries
148: Dubsnatch
Unreleased tracks are worth more than demos. Demos are just early versions or remixes of songs people have already heard. But unreleased tracks, nobody's ever heard yet.
Darknet Diaries
148: Dubsnatch
I'm just trying to think of what that could... If that did get in the public, what kind of ruckus that would have caused.
Darknet Diaries
148: Dubsnatch
Oh, that's interesting. I want to make sure you understand this. They accessed Skrillex Manager's box.com account, okay? And they saw these folders there and made the parent one shareable. And what this means is that anyone with that link can now view the contents of that folder and all the subfolders without needing a username or password.
Darknet Diaries
148: Dubsnatch
So now they don't need to log back in to see what new files were uploaded. They can just use that share link to get in there and view it without logging in at all. On top of that, the manager had the ability to invite new collaborators. So they just made a new email account and invited themselves as collaborators and then told the manager, hey, look, your account is insecure.
Darknet Diaries
148: Dubsnatch
You should change the password, which fixed the manager's account so that no one else could use the same exploit to get in. No other hacker could get in the same way.
Darknet Diaries
148: Dubsnatch
Yeah. But it's a backdoor in a way that I never thought it would be a backdoor, right?
Darknet Diaries
148: Dubsnatch
So this wasn't so hard for them to just download the podcast and grab that song out of it and listen to it on its own.
Darknet Diaries
148: Dubsnatch
Nope, just a share link. Oh, yeah. It gives you a total different perspective of what a backdoor even is.
Darknet Diaries
148: Dubsnatch
I'm just sitting here thinking about this, letting it sink in. A backdoor is built into all the file sharing sites like Box.com, Google Drive, iCloud, Proton Drive, Dropbox, whatever. Because if there exists a shared folder link, anyone with that link can see into that folder. It's a feature of the site itself. You can't take that away or it ruins the point of the site.
Darknet Diaries
148: Dubsnatch
And what you think is yours and private really isn't if there are public links to it. When you make something shareable and you say, only people with this link can see this file, it feels like this is still private, but it's not. It's security through obscurity. Your link is hidden, but not secure. And if that link gets out, it's viewable by anyone without a username or password.
Darknet Diaries
148: Dubsnatch
And I've been doing cybersecurity for decades and nobody is talking about auditing Dropbox links to make sure only the stuff that should be public is public. Because every file and folder may have that option and going through them all is simply unreasonable to do by hand.
Darknet Diaries
148: Dubsnatch
And when you're moving at the speed of business, nobody's going back to clean up or check what folders have sharing links or what don't. I say it's best to treat everything on your cloud storage as if it is publicly accessible and only temporarily put things up there if you want to share it with someone privately and then remove it as soon as they get it.
Darknet Diaries
148: Dubsnatch
I also want to draw your attention to websites like urlscan.io. This is a site that is attempting to look at URLs to see if they're safe or malicious. But users can go there and search the site to see what URLs are in the database. And sometimes you can find URLs that probably shouldn't be in the public, but they are.
Darknet Diaries
148: Dubsnatch
Imagine if you take a photo of your kid and it's on Google Drive, but then you want to create a link to show it to grandma. And you specifically say, only people with this link can see this photo. And you email the link to grandma. Well, then grandma has some browser plugin that examines all the links to make sure they're safe to click.
Darknet Diaries
148: Dubsnatch
So when this link gets examined somewhere, bingo, bango, suddenly that link to your kid's birthday party is now floating around on the internet in all kinds of databases, being clicked on by who knows who. URL scan collects links like that. Hybrid analysis is another tool. Cloudflare Radar URL scanner is another. Not to mention, DNS providers all over the world are logging things too.
Darknet Diaries
148: Dubsnatch
It's not just Google Drive and Dropbox. There are tons of other online storage websites that you could look for. iCloud, Box.com, Sync, Ignite, IONOS, Hydrive, AWS S3 Buckets, Proton Drive, and so many more. The list goes on and on. So the data is available. It's just a matter of sifting through it to find something juicy.
Darknet Diaries
148: Dubsnatch
In this case, they were looking specifically for dubstep music and stepping over anything else that they came across. Okay. So it was just you and Spintire that got access to this? Yeah. And you just kept it between you. Nobody shared it beyond that, right?
Darknet Diaries
148: Dubsnatch
At this point, they've gained access to terabytes of data from these music managers, which was just too much to download at all. Their hard drives would fill up instantly, so they had to be selective of what they were grabbing. Like, I don't know what this is like to come across this, but I imagine you cancel your weekend plans.
Darknet Diaries
148: Dubsnatch
And you're like, I got a whole bunch of cool stuff that just arrived in the mail, and I can't wait to dig in there and listen to stuff. Because you can't speed through listening to these things. You've got to really be like, wow, I'm going to let this one play the whole thing. Nobody else is hearing this but maybe four people in the world. And Diplo made it. Like, wow. Wow.
Darknet Diaries
148: Dubsnatch
Here's a situation where the management label for musicians was being careless with the artist's private data. driver's license, social security numbers, and saved passwords were sitting there on these online drives.
Darknet Diaries
148: Dubsnatch
And while it wasn't meant for the public to see, there were gobs of people who did have access to this that worked for the management companies or even other musicians could see each other's files. It just goes to show if you're not protecting your own private data, nobody else will either.
Darknet Diaries
148: Dubsnatch
There are some stories of them even sneaking into places to act as staff in order to help them even more. George Harrison would later write a song called Apple Scruffs, where he said he loves them. I'm astonished to see what incredible lengths that some music fans go to.
Darknet Diaries
148: Dubsnatch
Because the more people you have involved, the more back doors might be created. Because just think, if a music production company is going to use Dropbox to store all their work in progress, it sounds to me like they don't have an internal file storage system. And maybe no internal network at all. They probably need things like email, chat system.
Darknet Diaries
148: Dubsnatch
They got to make social media graphics, a merch store, blog, social media accounts, newsletters, project management, and collaboration tools, and an internal knowledge base for Wiki. Chances are small businesses today are using public-facing websites for all these solutions and not self-hosting things on their own servers and their own data center.
Darknet Diaries
148: Dubsnatch
Which, it wasn't. Professor Dubstep didn't care to correct anyone, though. They just watched the madness unfold silently. But because people thought it was an early leak, they started sending them some private messages.
Darknet Diaries
148: Dubsnatch
So that means if 50 people work at this place, that's 50 accounts times however many services I just listed. What, 10? So we're talking 500 various logins to different websites now. Who's got permission to see what and where? Small businesses are not auditing these things, and it's an auditing nightmare even if they tried. No, this isn't an ad. I'm not going to try to give you a solution.
Darknet Diaries
148: Dubsnatch
I just want to tell you about the problems that arise when you start using Cloud-based solutions, and there are a whole bunch of kids who are desperately trying to exploit those. So these kids had valid usernames and passwords to get into people's accounts, right? Okay, well, that's a problem to begin with, but whatever.
Darknet Diaries
148: Dubsnatch
They were grabbing things, but they were also being smart at trying to establish persistence. If the owners of these accounts changed the passwords, they'd be locked out. So they created share links so that even if the account gets locked out, they could see what files are being uploaded later. Cool. but you can really take this to crazy levels. I'm talking about creating ghost logins.
Darknet Diaries
148: Dubsnatch
Let me geek out on this for a second because I want to try to break your brain. Okay. So let's consider Zapier and how it can be used maliciously. Zapier is a tool that lets you automate things. So like if I get a new invoice in my email, I can automatically upload that invoice to Dropbox so that the accounting team can see it. Okay. Zapier can do that for you.
Darknet Diaries
148: Dubsnatch
But in order for that to work, it's got to have the ability to see your inbox and have the ability to view and upload things to your Dropbox. So to set it up, you need to give it permissions to do that.
Darknet Diaries
148: Dubsnatch
Well, now, if a hacker gets into your Dropbox like these kids were doing, and they wanted to maintain their access like these kids wanted, and they could see that you hooked up Zapier to do automation, So now they can create their own fresh Zapier account that they control and connect it to your Dropbox. And this could give them visibility into your Dropbox from Zapier.
Darknet Diaries
148: Dubsnatch
And you wouldn't even know they're there because to you, all you see is that Zapier has permission to view your files, but you set that up when you were setting up your invoice automation thing. And this is what I mean by a ghost login. Someone who's in your account who doesn't even need your username or password to stay in.
Darknet Diaries
148: Dubsnatch
Change the password all you want, they're still going to stay connected to your stuff. Another way to create a ghost login is to create a secondary login. Some sites allow you to log in through like Google or Microsoft or Facebook or even SSO. And suppose that's how you set up your account, by logging in using your Facebook account.
Darknet Diaries
148: Dubsnatch
Now, if a hacker has your password like these kids did and gets in through that, some sites might have the option to connect another login. Like if you used Facebook to log in, the site might let you also connect your Google account too. And so, yeah, a hacker could just create a brand new Google account and connect it to your account and start using that to get into your account from then on.
Darknet Diaries
148: Dubsnatch
So even if you change all your passwords, that access would persist. So if you really want to change your passwords, you really need to go through all of the websites that you have to see all of the connected services and alternate logins and everything. It's a mess. It's a mess.
Darknet Diaries
148: Dubsnatch
And of course, another way is if the site has a way to generate an API key, you can do that and then access stuff from there. There's so many options to create ghost logins to maintain access to an account, even if the user changes their password. So this is what I mean. If 50 people all have access to someone's driver's license in Dropbox, then perhaps nobody is looking closely at permissions.
Darknet Diaries
148: Dubsnatch
And if that's the case, there's a high potential of being able to create a ghost login that stays working for years. And I must say, this is a new territory for security teams to navigate.
Darknet Diaries
148: Dubsnatch
You hear about this in like general terms, like least user privilege and this sort of stuff, but you don't have people who are like experts in Zapier account security who will audit what apps you have given permission to regularly. This is a big challenge to keep up with. So with all this data, like terabytes and terabytes from some of the biggest stars in this dubstep world,
Darknet Diaries
148: Dubsnatch
Huh. This is a tricky situation to navigate for a teenager. Like, what do you do when your partner in crime starts doing things you don't approve of? Together, you made a map of all the buried treasures, all the shared links and logins and passwords and ghost logins, terabytes of downloaded data and a whole system of techniques and piles of data to sift through to find more.
Darknet Diaries
148: Dubsnatch
And suddenly, both of them are now highly suspicious of each other? Now that it was known that Spintire was selling this stuff, Spintire offered them a cut of the money to keep things quiet and stuff.
Darknet Diaries
148: Dubsnatch
Shane was the moderator and admin of the Extril subreddit. Professor Dubstep was like, listen, these leaks that have been happening lately, I know where they're coming from. Spintire is selling it and I don't want more to leak out. So here are the other things that might leak.
Darknet Diaries
148: Dubsnatch
Arnie was another guy very tuned in to the unreleased music scene, and he was a whiz with all these online services and how their security can be exploited, which could be really handy to break into more shared drives and stuff. And Shane had seen that Dyno wasn't trustworthy, so they stopped working together. So the new crew is Professor Dubstep, Shane, and Arnie. Spintire and Dyno were out.
Darknet Diaries
148: Dubsnatch
And not only that, but they all agreed that Spintire needs to be stopped. So they put filters in place on the subreddit to keep certain tracks from getting posted. But they also started going through the ghost logins and shared links that Spintire had to lock him out. They were changing passwords and disabling shared links.
Darknet Diaries
148: Dubsnatch
It's kind of funny that this teenage crew knew exactly the steps to take to keep hackers out, yet the music labels themselves either didn't know or didn't want to stop these kids.
Darknet Diaries
148: Dubsnatch
Like to be sitting in, what, history class? Just thinking in the back of the class what stuff Spintire might steal next. And then to rush home and change more passwords to try to lock them out. But then when you're in there cleaning things up, you're reminded, oh yeah, this is the account with all those banking details for this major musician who's a millionaire. Ah, that's funny.
Darknet Diaries
148: Dubsnatch
Once they were slowing down spin tire and locking them out the best they could, it was time to start looking for new treasure troves.
Darknet Diaries
148: Dubsnatch
Their standard system was to find a musician's email address, search for that email address in the breach databases, get the hash, crack the hash, then use that on a whole bunch of sites that musicians might use and hope they might be reusing passwords.
Darknet Diaries
148: Dubsnatch
Of course, you all should know by now the dangers of reusing the same password on multiple sites. Here's a clear reminder why you should never do that. But you should also watch out that you're not too lazy when making different passwords.
Darknet Diaries
148: Dubsnatch
Oh, yeah, that's interesting because I regularly check all my passwords to see if any of them have been exposed in a database breach, and I change any that do get seen. But if my password is guessable because it's just one letter off on every site, then those would never appear in any database breach to make me want to change it.
Darknet Diaries
148: Dubsnatch
Now, one of the songs they got a hold of early was Purple Lamborghini.
Darknet Diaries
148: Dubsnatch
By the way, if you're wondering if there's a dolphin in Purple Lamborghini, there sure is. It's right here. I swear, if I listen to this enough, I'm going to learn the language. Now, the thing is, this is a demo version, which I think is better than the official version. But this demo wasn't released when the official one came out. And I don't think I had any plans of ever getting out.
Darknet Diaries
148: Dubsnatch
So at this time, only Professor Dubstep and a handful of people in the world ever heard this.
Darknet Diaries
148: Dubsnatch
Ah, yeah, there's a ton of stuff on the internet that shouldn't be there. I'm very aware of the site Showdown, which scours the internet looking for private stuff accidentally exposed publicly, like being able to view surveillance cameras, license plate readers, servers with default passwords, and entire databases that are just open.
Darknet Diaries
148: Dubsnatch
But that site is mostly exposing cybersecurity flaws on websites. It's not really a place to go find unreleased music. We're trying to solve a different problem here. Maybe Google-dorking can help. I know I've found quite a bit of music this way.
Darknet Diaries
148: Dubsnatch
Yeah, if you go on Major Lazer's Spotify or YouTube channel, there is no such song as Terrorize. Kali Buds didn't release it either, even though he sings in it. The song never got released, despite there being quite a decent amount of people really looking forward to it. And I guess this is why it got canceled. The hackers ruined it.
Darknet Diaries
148: Dubsnatch
But if you're curious what the dolphin sounds like in it, here you go. This is actually a remix of it I found. The one that got leaked was a little different, but it's wild that this totally unreleased Major Lazer song is out there in the world for anyone to listen to, but because it wasn't an official release, it doesn't have many plays. And it's not an official song by Major Lazer.
Darknet Diaries
148: Dubsnatch
It could have been a hit. Major Lazer has three songs on Spotify with over a billion plays, and Collie Buds is pretty popular too. A reggae dubstep crossover song? That's a great idea. but it was never released. The project permanently halted. How odd, you know?
Darknet Diaries
148: Dubsnatch
Just to think an early version of a song that gets leaked too soon, it upsets the label so much that they just give up on the song entirely.
Darknet Diaries
148: Dubsnatch
You could search Google for any music files with the band name in the file name, and Google will happily show you tons of music that you can easily download. And sometimes you can find things that probably shouldn't be public. So they're going over these strategies in chat, different ways to find music online. But the conversation just kept going.
Darknet Diaries
148: Dubsnatch
The thing is, Professor Dubstep enjoyed listening to early Dubstep tracks, but that wasn't the driving motivation for all this.
Darknet Diaries
148: Dubsnatch
I feel like that's a stretch. You could go on YouTube and watch people making music and learn from them. You can hang out at groups and circles, other garage bands or whatever the case is, and be like, how are you doing?
Darknet Diaries
148: Dubsnatch
The entire project files were in these folders. All the effects, samples, everything that was used to make the song. See, most of this music is made in a DAW, a digital audio workstation. So that might be tools like Ableton Live, Adobe Audition or Pro Tools or something like that. These were the tools that you'd have to use to view how these songs were made.
Darknet Diaries
148: Dubsnatch
And Professor Dubstep had these tools to examine it all. Not only could they break apart the song, isolating tracks and sounds to see how it was composed, but there were different versions of the same song too. They could see how the song evolved over time. What an amazing thing to explore for someone who wants to make electronic music as their career.
Darknet Diaries
148: Dubsnatch
To be able to study how the pros do it in such detail, you never get to see these behind-the-scenes bits. I mean, even me as an up-and-coming podcaster, I would have loved to get my hands on the full project files for This American Life or some show that I was really inspired by.
Darknet Diaries
148: Dubsnatch
It would have been huge, and I bet it would have helped me understand the complexities and details of how all this gets put together. But not only that, but to see such a variety of songs and musicians' project files, it really puts them in a unique position to have such a close and upfront understanding of how all this music was made.
Darknet Diaries
148: Dubsnatch
Just imagine Professor Dubstep in some music class where the teacher's like, here's the proper way to use this effect. And they're just like, no, that's not how Skrillex does it, or Diplo, or Major Lazer, or Excision. Oh, yeah? Well, how do you know? Oh, never mind. Carry on. Anyway, it took them a lot of convincing, but they were finally able to get the legal team to fix all the problems.
Darknet Diaries
148: Dubsnatch
They're sharing more secret ways to discover things. One of them starts talking about the website Bitly, which is a URL shortener.
Darknet Diaries
148: Dubsnatch
I've been thinking for a good word to use here this whole episode myself. Thief and stealing isn't quite right because the original copies are still there. I feel like for it to be stealing, you need to rob the person so they don't have that thing anymore. And if you post something online and someone makes a copy of it, that's not stealing. That's just downloading a copy.
Darknet Diaries
148: Dubsnatch
And that's what they did, often just downloading copies of things that had public links to it. Was it supposed to be public? No. But was it? Yes. So the term I think that best describes this is exfiltration. They exfiltrated files that were not meant for public consumption, but weren't very well protected. To me, this has the right ring to it. Professor Dubstep, professional exfiltrator.
Darknet Diaries
148: Dubsnatch
So you're saying a lot of Skrillex's music today is made by someone else, and then Skrillex just puts their name on it?
Darknet Diaries
148: Dubsnatch
They'll cross continents just for a fleeting moment with their idols or endure relentless weather or camp out for days showing a level of devotion that defies logic. The risks and sacrifices that some fans make is truly remarkable. These are true stories from the dark side of the internet. I'm Jack Recider. This is Darknet Diaries. This episode is sponsored by Mint Mobile.
Darknet Diaries
148: Dubsnatch
Alright, I can't find any article saying that Skrillex doesn't make his own music. Musicians collaborate all the time with other musicians to make music. That is no surprise. But the allegation here is that these musicians aren't crediting the people who helped make the song. So while you think it was them who made it, it really wasn't.
Darknet Diaries
148: Dubsnatch
Skrillex is known for being very hands-on with his music, but there are some well-known cases where other big-time musicians have been accused of taking someone else's music and calling it their own without giving proper credit. So this is known to happen. And honestly, I don't know what to think of that.
Darknet Diaries
148: Dubsnatch
I mean, on one hand, if an EDM musician is just playing someone else's music, that's called being a DJ. And it's a bit of a stretch to say you made this music. But on the other hand, what do I care if you really wrote this song or had someone else write it for you and you just put your name on it? The music is what matters.
Darknet Diaries
148: Dubsnatch
It's fascinating to me, though, because I'm endlessly obsessed with the dark parts of the Internet. And this digital underground is bustling with activity, but with hushed tones, and it's all right under our noses. It's a world we rarely see, but sometimes hear. A big thank you to Professor Dubstep for sharing this story with us. This episode was made by me, the AI adventurer, Jack Recyder.
Darknet Diaries
148: Dubsnatch
Our editor is the code conjurer, Tristan Ledger. Mixing done by Proximity Sound, and our intro music is by the mysterious Breakmaster Cylinder.
Darknet Diaries
148: Dubsnatch
So one thing music production companies or dubstep managers do is promote the hell out of the musicians that are under them. So together, Professor Dubstep and Spintire go on Twitter and check out these management companies. And yeah, they see managers using bit.ly links to promote some bands. For instance, they might use it to link to some promotional flyers or tour dates or new releases.
Darknet Diaries
148: Dubsnatch
And they were using bit.ly to shorten URLs for promotions. So Professor Dubstep would use the Bitly bug to see what else this management company has used Bitly for, which gave them tons of links to go through and check out. A lot was for public consumption, but sometimes they'd find things which shouldn't be in the public. Yeah, exactly.
Darknet Diaries
148: Dubsnatch
Like you were creating your own music that sounded similar or editing it in a way that...
Darknet Diaries
148: Dubsnatch
Yeah, it does introduce quite an interesting situation of like, when you're dealing with official releases, it's coming from the official channel, right? But when you're trying to get your hands on these unofficial releases, there isn't any legitimacy to it. It could be from them, it might not be from them. And you were playing into that of like...
Darknet Diaries
148: Dubsnatch
This is getting wild. Not only was Professor Dubstep looking for unreleased tracks or dub plates, as they say, but they were taking popular songs and putting in changes to make it seem like a new mix by that musician. Pretty shady and deceptive. But as a teenager, it doesn't seem so bad to play around with someone else's creation and see if someone will believe you that it's original.
Darknet Diaries
148: Dubsnatch
Because they recognize that publishing unreleased tracks hurts the artists, Professor Dubstep stopped posting unreleased tracks publicly. And by the way, Professor Dubstep actually makes music himself, too.
Darknet Diaries
148: Dubsnatch
I'm afraid to ask this publicly, but what's the deal with all the dolphins in dubstep? The dolphins? What do you mean? You shared with me a playlist of dubstep music. Yeah. And in there is a track called Elephant by Barely Alive. Oh, right, yeah. Okay, so... This is the song, and they think this song's about elephants, but it's clearly not. So listen to this part.
Darknet Diaries
148: Dubsnatch
Oh, I think, yeah, I see what you mean. You hear the dolphin in there. and let me show you another yeah actually i never i never put two and two together that is a dolphin isn't it dolphin on wheels oh that's the dylan francis tune isn't it yeah there's a dolphin there clearly right that's the name of the song dolphin on wheels all right so another song you sent me was cash by barely alive
Darknet Diaries
148: Dubsnatch
Yeah, I remember that one. You hear that? Yeah. Another song you sent me. Borg by Funtcase. Bang. Bang by Wavedash. You might be onto something. You hear it there. Gem Shards by Must Die. That is a dolphin, isn't it? I have to concede on this. It is.
Darknet Diaries
137: Predator
You ever think about the proliferation of weapons? Well, shoot, let's get into it. I want you to think about this guy, Sam Cummings. Here, I found an old vintage documentary made by CNN.
Darknet Diaries
137: Predator
And this, I think, put pressure on the Cyprus government to change their position.
Darknet Diaries
137: Predator
Now, you might be wondering, is this spyware, malware, virus thing legal? It's just code. It's just an app. To answer that, let's go to Sudan. In 2003, the Sudanese government had an armed militia called the Janjaweed, and they started conducting genocide on the people of Sudan.
Darknet Diaries
137: Predator
It's believed that over a million children have been killed or tortured or raped or injured or just lost a parent in the last 20 years from this group. And they've been accused of committing crimes against humanity so many times. The killings settled down for a while. But recently there's been another flare-up. Civil war has broke out in Sudan. The Janjaweed are back.
Darknet Diaries
137: Predator
And yet, he sold battle rifles to all these places, including Fidel Castro, which I think was illegal because it was an embargo not to sell any weapons to Castro, yet it still happened. Fidel Castro bought rifles from him, and he did not seem to get in any trouble for that. I don't think he cared who he sold to. If you had money, he'd sell you weapons.
Darknet Diaries
137: Predator
But they changed their name now. And now they're called the Rapid Support Forces. And the boss of them is Hermedi. And Hermedi is one of the richest people in Sudan. And seems to be funding the war against the people of Sudan. Now, Crofton, the reporter we've been talking to in this episode, his specialty is tracking airplanes.
Darknet Diaries
137: Predator
And he was particularly zoomed in on the planes that Tal was getting on and was trying to figure out if his flights had some connections with the business and his customers.
Darknet Diaries
137: Predator
So if Tal is selling his spyware to people in Sudan who are using it to kill innocent civilians, then how much of that responsibility should fall back onto Tal? The kit he has for sale can be weaponized against innocent people. Militia groups who are actively killing their citizens, attempting genocide, and are accused of crimes against humanity now have this spyware in their hands and can use it?
Darknet Diaries
137: Predator
I think conducting weapons deals with Sudan's militia groups should be illegal. But is this spyware a weapon? So anyway, that was one of the trade deals that Crofton was tracking by watching Tal's flights in and out of Sudan.
Darknet Diaries
137: Predator
Why not just establish a base in Israel, his home country, where he's a military veteran there? He knows people there. He can just operate out of there. But I have a theory. I believe Tal really likes what the NSO group is doing, which is creating mobile spyware and selling it to governments around the world. But he also saw all the heat and scrutiny that NSO group was under.
Darknet Diaries
137: Predator
They have to work closely with the Israeli government to share with them who they're doing business with. And there may be some restrictions that have been put on the NSO group, like who they can and can't do business with. And if there weren't restrictions, there is a lot of public outcry and scrutiny of the NSO group of what they should be doing and not doing, which can spoil deals.
Darknet Diaries
137: Predator
I believe Tal saw this huge fire that the NSO group had started and decided to take the wheel and drive right into it. But he would sort of sidestep all the bureaucracy that NSO was tied up in. If the Israeli government required some kind of oversight into the affairs of NSO group, then forget that. Let's set up shop in a different country.
Darknet Diaries
137: Predator
And if NSO couldn't sell to certain regimes, Tal might have saw that as an opportunity to do business with forbidden customers. Cal knows that some people he sells his spyware to misuse it. But his response to this? Well, he told Forbes.
Darknet Diaries
137: Predator
Which makes me think he may be interested in doing business with anyone. And if that's the case, I'm not sure he only does business with governments. He might be selling his spyware to anyone who can afford it. In 2019, Tal started thinking bigger. That van kitted out with that wispier technology, he wanted to crank that thing up even higher.
Darknet Diaries
137: Predator
Now, he's not the kind of guy that's tapping away on the keyboard writing malware. No, what he's looking for are other companies that are already doing that because he'd want to purchase those companies. Two companies caught his eye, Citrox and Nexa. Citrox made this phone hacking software called Predator. And I believe it was Citizen Lab that first showed us a glimpse into what Predator is.
Darknet Diaries
137: Predator
A couple of people in Egypt felt like something weird was going on on their phone. One was a journalist, one was a politician, and they heard about Citizen Lab and they reached out asking them to examine their phones.
Darknet Diaries
137: Predator
Payload 2 didn't match any previously known malware that they had been tracking on phones. So of course, it was time to crack this open and look closer.
Darknet Diaries
137: Predator
This was a big finding, and they published this for everyone to see. The report was loaded with tons of information too. I mean, not only was it like, here's the malware we found, but it's like, here's what it does, here's how you can detect if it's on your phone, but it also showed the links to how they know that this is the predator spyware made by Cytrox. But it doesn't stop there.
Darknet Diaries
137: Predator
It goes on to say who Cytrax was, who Taldillion was, and all these other companies that may also be involved with this. And then it goes on to say who those companies may be selling this to, actually listing some of the governments that may have bought this.
Darknet Diaries
137: Predator
And I just want to stop and show respect for this skill for a moment. It's one thing to be able to analyze binary files for an iPhone, but it's a whole other skill set to try to determine the geopolitical ramifications for such an exploit being sold on the mercenary marketplace. You know? In fact, it wasn't just Citizen Lab who was investigating this.
Darknet Diaries
137: Predator
They shared their findings with the security team at Meta, Facebook, who was also investigating. And the combined forces of Citizen Lab and Meta meant that these reports they published were very impressive. Okay, so let's try to connect some of the dots ourselves of what happened here.
Darknet Diaries
137: Predator
An Egyptian politician who was living in exile and an Egyptian journalist were both found to have Predator on their phones. If two people from Egypt are infected with this... It may mean the Egyptian government is using this technology to spy on their civil society, which is spooky.
Darknet Diaries
137: Predator
You'd think they'd be using this to stop terrorists or catch criminals, but they're using it to see what stories a journalist is working on next? This is awful. But when we back up a second and say, okay, so who makes Predator? This company called Cytrox shows up. And we see that Cytrox was bought by Tal Dillion. But we also read about this other company called Nexa.
Darknet Diaries
137: Predator
Nexa was formerly known as Amasis. Amasis was indicted for illegally selling weapons to Libya. In fact, Amasis was charged with crimes against humanity for helping Libya conduct torture. But guess what? While the executives of that company were facing these indictments, Tal started making deals with them.
Darknet Diaries
137: Predator
I don't know exactly what, but at the very least, he was using their technology somehow, either through a partnership or a deal he made with them. And with that technology, he combined the names together, Citrox and Nexa, to form a new company called Intellexa. Combining this new technology with that spy van, Wii Spear stuff he already had,
Darknet Diaries
137: Predator
It meant that Intellexa had quite the arsenal of ways to gather data off a phone and track its location. And he doesn't seem to be bothered by making deals with a company that's been accused of conducting crimes against humanity. The report that Meta came up with showed that Predator may have been sold to the following governments.
Darknet Diaries
137: Predator
Egypt, Armenia, Saudi Arabia, Colombia, Vietnam, Philippines, Germany, and Greece. Of course, Greece, right? I mean, Tal was reestablishing his whole business in Greece at the same time. If he had some kind of partnership with high-ups in the Greek government... then that might be a good reason to move there.
Darknet Diaries
137: Predator
I mean, if he had some connections, then that might help him be able to conduct business without having that long arm of the law messing things up. Well, some Greek journalists saw this report by Meta and Citizen Lab, and they're like, what, spyware may have been sold to the Greek government? We better write a story on this.
Darknet Diaries
137: Predator
A news outlet called Inside Story wrote a piece basically saying, look out, Predator may be in the wild here in Greece.
Darknet Diaries
137: Predator
The Greek paper Inside Story exposed it. And once news broke out, it erupted in an explosion of articles. Then the Committee to Protect Journalists chimed in. Amnesty International echoed the story. The Council of Europe spoke up. It was news that could not be silenced.
Darknet Diaries
137: Predator
This guy became a billionaire, selling hundreds of thousands of weapons to anyone who would pay. And a lot of time, he would buy these weapons from Russia, which was in the middle of a cold war with the U.S.
Darknet Diaries
137: Predator
The Greek government spoke up and said, we've never heard of this predator spyware, so clearly it's not us, okay? But now that this story made such a stink, other people started wondering if their phones were being targeted too. And so some more Greek people who thought something weird was going on on their phone sent the data to Citizen Lab for analysis.
Darknet Diaries
137: Predator
And yeah, more instances of Predator were found. At this point, three people from Greece's civil society were confirmed to have Predator on their phone. One of these people was a journalist, and the other was the opposition leader, Nikos Andrioulakis, a politician. Now, by this time, Citizen Lab was getting pretty good at understanding how all this worked.
Darknet Diaries
137: Predator
First, the victim would receive a phishing text message, and these were crafty phishing messages.
Darknet Diaries
137: Predator
Once the user clicks the link, it triggers a series of exploits on the phone. It may seem like it's just one click, but there's a whole bunch of steps that have to happen for the phone to get infected. The website exploits something within the Safari browser, which then gets a foothold on the phone. And from there, it downloads additional malware to infect the phone.
Darknet Diaries
137: Predator
And after a few steps, it then has the spyware binary file on the phone, which is able to watch what's going on with the camera, listen on the microphone, scrape passwords, read texts, and of course, report where the person is located. Now, the tricky thing about this malware was as soon as it would infect the phone, it would erase the tracks of the whole infection process.
Darknet Diaries
137: Predator
I don't know. I feel like this guy's only ally in life is money. He doesn't mind selling weapons to places that are actively at war with his home country, you know? So clearly he doesn't have an allegiance to the U.S. And from watching this documentary, he seems to believe that all sides are evil and there's just no way to take the moral high ground on any of these trade deals.
Darknet Diaries
137: Predator
So while it may have taken a few exploits to get it to work, those exploits were not visible to Citizen Lab since traces of how it got in were wiped. And this stinks because it means they can't go to Apple and show them this vulnerability that needs to be patched. It's like they caught the spy in the building but have no idea how he got in. So you don't know which door or window to go check on.
Darknet Diaries
137: Predator
And you have to think, hold on. If the Greek government paid all this money for this software, surely they didn't get it just to infect these three people. So who else is being targeted with this? People demanded that the Greek government say something now that three people had their phones infected.
Darknet Diaries
137: Predator
And they said, oh, okay, yeah, well, we've heard of this predator spyware, but that's not something we have. Flat out denying it for a second time. But people didn't accept that as a good answer. In fact, they sort of narrowed down who would do such a thing. And they landed on, this must be the work of EYP, which is Greeks Intelligence Agency, pronounced ape. Because here's the thing.
Darknet Diaries
137: Predator
This technology is supposedly only sold to intelligence agencies. So either they did it, or they know who did it, or should be investigating to find out who did it. And if they don't know who did it, then they're bad at their jobs, you know? So Ape has to know something about this.
Darknet Diaries
137: Predator
And this circles back to the Greek prime minister, too, because as soon as he took office in 2019, he moved the Greek intelligence agency to be under the direct control of the prime minister's office. But not all news outlets were angry about this in Greece.
Darknet Diaries
137: Predator
In fact, a lot of mainstream media in Greece was on the government side trying to slander the journalists for bringing up these stories, even slandering the people who were infected by the spyware since they were critical of the government. It was a mess. Now, while all this was going on in Greece, a big conference was kicking off in Prague called ISS World.
Darknet Diaries
137: Predator
So when you list a bunch of companies like that, I just feel like, oh my gosh, there's got to be a huge story for every one of those companies. Who have they done business with? Who have they spied on? What shady deals are they dealing with? We keep picking on NSO, but I really feel like just walk into the ISS World Conference and every one of these companies are... Are any of them above board?
Darknet Diaries
137: Predator
Are any of them like, oh, no, we're very clean? Or are they all, oh, yeah, this is a cyber weapon that you can use to spy on your citizens with if you want. We don't care. We'll look the other way.
Darknet Diaries
137: Predator
He does seem to have some kind of allegiance to his family, though. He invited this CNN reporter on an eight-hour car ride where they were going on a family trip somewhere. And I think it's pretty weird to have a reporter in the car with the whole family for eight hours.
Darknet Diaries
137: Predator
Oh, yeah, that's a whole other degree of responsibility, right? Because how exactly do these targeting systems work? Like, we have this Predator and Intellecta thing, right? Like, does this whole kit and infrastructure and everything get sold to the customer? And then once it's delivered, Intellecta just kind of steps back and wipes their hands clean of the whole thing?
Darknet Diaries
137: Predator
Or is it some kind of hacking as a service type of thing? where the customer tells IntellXa, here's what we want you to target, and then IntellXa does all the infections and delivers the data that they got off the phone.
Darknet Diaries
137: Predator
Or maybe it's a mix of IntellXa doing the infection, and once the spyware is on the phone, then the customer can access that data whenever they want, like listen to the phone calls or see where that person is. We don't know exactly how involved anyone is in all this. You see how this changes where the responsibility lands. Isn't this an important thing to know?
Darknet Diaries
137: Predator
Is the government doing the hacking themselves or is this company doing it with authorization from a government? I mean, think about it like this. The phishing message that journalists got, it looked like a normal article from a financial news website, but the domain was changed from .gr to .online. And that is what hosted the malware.
Darknet Diaries
137: Predator
So someone had to register this domain, get it hosted somewhere, stage the malware on it, and then integrate it into the Predator package. And not to mention, craft a message that the target is likely to click on. And these domains get burned fairly often, so you need to create new ones all the time and integrate that into the package. Is the customer doing all that work?
Darknet Diaries
137: Predator
Or is Intellexa setting all this stuff up to make it easier for the customer to simply point and shoot? So at the conference, do we get kind of any information about Predator, how much it costs or anything?
Darknet Diaries
137: Predator
One-click infection. I imagine this means that someone has to click once for their phone to be infected, which is pretty sophisticated, I'll say. But the brass ring for spyware is zero-click.
Darknet Diaries
137: Predator
Or maybe you could do something like send a message to someone while they're sleeping, and when the phone tries to process it, like display the preview for what the website's gonna look like, then that preview somehow contains the malware that can infect the phone. Then when the phone gets infected, the text message can be deleted, and you have no idea that anything happened to your phone.
Darknet Diaries
137: Predator
Okay, so how did he become the biggest private military weapons dealer in the world? Well, the U.S. Department of Defense taught him. That's how. When he was 18, in 1945, he was recruited into the U.S. Army, which, at the time, they were just wrapping up World War II. There was a big ramp-up to provide all these weapons for armies around the world to use in wars.
Darknet Diaries
137: Predator
NSO has this capability, and it sounds like Intellecta wishes they did too. We're going to do a quick commercial break here, but come back because things are really heating up in Greece, and you're not going to want to miss this. This episode is sponsored by Arctic Wolf.
Darknet Diaries
137: Predator
Well, strangely enough, years later, one of those daughters, Susan, killed her boyfriend by shooting him four times and was convicted and had to serve prison time. These are true stories from the dark side of the internet. I'm Jack Recider. This is Darknet Diaries. This episode is brought to you by SpyCloud. For some people, ignorance is bliss.
Darknet Diaries
137: Predator
Arctic Wolf, an industry leader in managed security operations, surveyed a thousand security and IT professionals across the globe to better understand them. What are their top priorities, current challenges, and future concerns? This survey revealed some startling findings, and you can discover them all in the State of Cybersecurity 2024 Trends Report.
Darknet Diaries
137: Predator
Learn why the number of insider threats spikes severely, what lessons can be learned from the year over year change, and how many organizations disclose a breach. and what cyber attacks struck 70% of organizations. Download the State of Cybersecurity 2024 Trends Report today at arcticwolf.com forward slash darknet. That's arcticwolf.com forward slash darknet.
Darknet Diaries
137: Predator
Now, while all this is going on, Crofton Black, the journalist with Lighthouse Reports, was following where Tao's little Cessna airplane was flying off to, trying to make sense of why Tao would be visiting some of these locations.
Darknet Diaries
137: Predator
Yeah, but you just mentioned Saudi Arabia. And Saudi Arabia and Israel, they're not the best of friends. I'll at least say that, right? They've got some disagreements. And I just wonder how much Tal had to say, like, okay, is this million-dollar deal worth more than my... ally ship to my homeland.
Darknet Diaries
137: Predator
Like if people in my country are getting spied on because of this, or maybe he made a deal of like, you can only spy on your own people, Saudi Arabia. Don't spy on us. If I hear you spying on Israelis, I'm going to pull the plug on this software.
Darknet Diaries
137: Predator
Back in Greece, with this scandal erupting, a newspaper called Documento was saying that they found 35 more people who were infected with this and started publishing the names of these people. And then every Sunday after that, they kept publishing even more names of people infected with Predator. This list was growing big.
Darknet Diaries
137: Predator
There was a media tycoon on there, a cabinet minister, senior military officials, friends of the prime minister's wife. our respected newspaper editor, and even a popular comedian.
Darknet Diaries
137: Predator
Then the Greek government was asked again, and this time they said, Well, actually, it does sound like what happened was that some people got wiretapped, and we do wiretap sometimes, but it's for national security, and we don't use Predator to do it. But any wiretapping we do do, that's legal.
Darknet Diaries
137: Predator
Well, the pressure continued to mount, and it was focused on APE, the Intelligence Department of the Greek government.
Darknet Diaries
137: Predator
Now, even though people resigned, the government didn't admit to doing anything illegal. They said, what happened might have been legal, but it was also wrong.
Darknet Diaries
137: Predator
Now, once these people resigned, journalists and investigators were looking into who these people were. And it turned out that one of them was the nephew of the prime minister. And he actually had some kind of connection with the NSO group. I think they were trying to discuss the Pegasus software a while back.
Darknet Diaries
137: Predator
Of course, journalists and investigators continued asking the Greek government questions, which led us to learn something new.
Darknet Diaries
137: Predator
What? What? What is happening here? Someone at Intellexa applied for an export license to sell their spyware to a group in Sudan who is notorious for committing crimes against humanity. And the Greek government is like, yep, approved. Go for it. Doesn't this put some kind of responsibility now on the Greek government for assisting Sudan in the proliferation of digital weapons?
Darknet Diaries
137: Predator
I'm just so tired of things being blatantly wrong in the world and nothing being done about it. I need some help here. Hello, hello. Let me just turn all the vibrations off. All right.
Darknet Diaries
137: Predator
This is John Scott Railton. He's been on the show a few times, and I just like to call him JSR. He works with Bill at Citizen Lab, and he got his hands on this predator malware and analyzed it further. I told him how mad and upset and frustrated I was about all this, and JSR being JSR tried to help.
Darknet Diaries
137: Predator
Whoa, whoa, whoa. I'm not ready to get that deep about my feelings right now. Hold on. Let's reset. Why I called JSR was because I wanted to talk with him about the ethics of all this, not how I get depressed about it. Okay, so let's try to understand the implications of all this.
Darknet Diaries
137: Predator
Yeah, and looking at this, I stumbled upon this thing called the ISS World Conference, which seems to be just a venue of all these mercenary spyware groups.
Darknet Diaries
137: Predator
But for you, as a security practitioner, that's not the case. I went to spycloud.com to check into my darknet exposure, and I won't tell you what it is, but spoiler alert, I found some things that are pretty eye-opening. From breach exposures to info stealing malware infections, knowing what criminals know about you and your business is the first step to setting things right.
Darknet Diaries
137: Predator
Yeah, I spoke about this in episode 98, which is called Zero Day Brokers. There are people who came through the NSA and were developing exploits while working there, and they realized that they could start their own company developing exploits and then sell that to the NSA and make more money doing that than if they were to work at the NSA. And yeah, some of this tech looks hot.
Darknet Diaries
137: Predator
So I can imagine some other countries wanting this capability too. And while their internal forces may not be sophisticated enough to develop it, they may have the cash to buy it. And who knows where they're buying viruses and malware from, you know? So I'm trying to find that line in my head of when this goes wrong, where's that ethical line? And I've got spy tools myself, right?
Darknet Diaries
137: Predator
I can walk into the store and buy binoculars and a camera and an audio recording device. And I practice hacking things. So sometimes I've got little Little devices that can screw around. And some of that stuff's available commercially at DEF CON, and nobody really puts a big stink about that. Like, oh, this is awful. You're giving this to the criminals of the world. It just kind of is out there.
Darknet Diaries
137: Predator
But there's something about this that's different. And do you have a good sense of when that wind shifts to, ah, this is a stinky wind?
Darknet Diaries
137: Predator
Resetting stolen passwords and addressing the enterprise access points that have been stolen by malware helps you protect your business from ransomware, account takeovers, and online fraud. With SpyCloud, you have a trusted partner to fight the good fight with.
Darknet Diaries
137: Predator
It appears to me that sometimes when governments get this kind of capability, the temptation is just too high to use it on their wives' friends, their opposition leader. It's just stuff that shouldn't be targeted. Do you have any thoughts about, man, you've got to really get permission. If you buy this tool, you've got to really...
Darknet Diaries
137: Predator
Their automated solutions, which is built on over 350 billion recaptured assets from the criminal underground, ensure you're not in the dark when it comes to your company's exposure to cybercrime. To get your full Darknet exposure report, visit spycloud.com slash darknetdiaries. That's spycloud.com slash darknetdiaries. This episode is sponsored by Delete Me.
Darknet Diaries
137: Predator
I just realized something. And I don't have time to really research this further, so I'm just going to go off the cuff here. But like Google and Facebook, they know a ton about us, right? They have access to our emails, text messages, friend circles, contacts, even our location. And the police have sometimes asked Google or Facebook for the information on one of their users.
Darknet Diaries
137: Predator
And if given the right warrant or whatever Google needs, Google will turn over that data to the cops. And I don't know, that concept alone kind of prompts me to pull focus in on these big tech companies and how they can spy on us harder than Predator can. And it's built into their terms of service.
Darknet Diaries
137: Predator
But the thing that I just thought about is, what happens when some other country wants data on a Google user? Like the Sudanese government. They might be like, hey, this guy here, he's committed some crimes, right? Can you tell us everything you know about him, Google? does Google have to comply with local law enforcement?
Darknet Diaries
137: Predator
And be like, well, this request came from your military, so yeah, okay, approved, here you go. I guess I want to know, how does Google handle data requests from tyrannical or autocratic regimes?
Darknet Diaries
137: Predator
In episode 133, I spoke to Connor Tumbleson about some people from who knows where who were stealing his identity. Luckily, they weren't out to destroy his reputation or extort him, but think of the damage that could be done. We all have data out there, which data brokers use to make profit. Anyone on the web can buy your private details to do anything they want.
Darknet Diaries
137: Predator
But I think it comes down to why. Because if you're trying to say, like, we think he's a terrorist and we want to know what he's doing at 2 a.m., that's almost legitimate to open up my phone and see what I'm up to.
Darknet Diaries
137: Predator
This can lead to identity theft, phishing attempts, harassment, and unwanted spam calls. But there's a solution called Delete Me. I tried it and they immediately got busy scouring the internet for my name and gave me reports on what they found. And they got busy deleting these things. It was great to have someone on my team when it comes to privacy.
Darknet Diaries
137: Predator
Well, the U.S. is taking decisive action against Intelexa now. Reuters published a story a few weeks ago saying the U.S. Commerce Department has blacklisted both Intelexa and Citrax. They've been sanctioned. I think this essentially means it's prohibited in the U.S. to do business with these companies, and I don't really know how this impacts them. Perhaps U.S.
Darknet Diaries
137: Predator
banks can't do business with them now, or maybe it's harder for them to fly on U.S. airlines? I'm not exactly sure. But also if they have investors, this doesn't look good for business. You know, it could shake investors who want to expand to the U.S. someday. But yeah, that's not happening now. Intellectual is part of a dizzying web of companies that are operating in different countries.
Darknet Diaries
137: Predator
The parent company is called Thelestris, which is in Ireland for some reason, and their holding company has declared that they've made $35 million in sales from just doing business in the Middle East. But other sources have said that they've made close to $200 million in sales in the last three years. So it seems like life and business is great for Taldillion and Indalexa.
Darknet Diaries
137: Predator
This will definitely be a company that I'll be keeping an eye on in the future. But with the noise that they seem to be making, sounds like everyone is going to be watching them too. A big thank you to Croft and Black from Lighthouse Reports for coming on the show and sharing the story with us. Also, thanks to Bill Marzak and John Scott Railton from Citizen Lab for telling us what they know.
Darknet Diaries
137: Predator
If you liked this episode, you'll probably also like the episodes about NSO Group, which are episodes 99 and 100. But also, this isn't Greek's first big hacking scandal. If you want to hear another crazy story about Greece, check out episode 64 called Athens Shadow Games. If you like this show, if it brings value to you, consider donating to it through Patreon.
Darknet Diaries
137: Predator
Take control of your data and keep your private life private by signing up for Delete Me. Now at a special discount for my listeners, you can get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code DD20 at checkout. The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code DD20 at checkout.
Darknet Diaries
137: Predator
By directly supporting the show, it helps keep ads at a minimum and it tells me you want more of it. So please visit patreon.com slash darknetdiaries and consider supporting the show. You'll also get 10 bonus episodes there as well as an ad-free version of the show. So thank you. The show is made by me, the hesitant skeleton, Jack Recider. Our editor is the bear slayer, Tristan Ledger.
Darknet Diaries
137: Predator
Mixing done by Proximity Sound, who just released a book on how to use Pro Tools. It's called Pro Tools Post Audio Cookbook 2023, and he's done audio production on films, music, and spoken word, and jam packs the book with tons of great tips on how you can be a better audio producer. I'll have a link in the show notes on where to get the book.
Darknet Diaries
137: Predator
Our theme music is by the mysterious Breakmaster Cylinder. I don't like ultra wide screen monitors because the loading bar on them is just like so long. This is Dark Knight Diaries.
Darknet Diaries
137: Predator
That's joindeleteme.com slash darknetdiaries code DD20. All right, so let's start out with what's your name and what do you do?
Darknet Diaries
137: Predator
Lighthouse Reports is an investigative nonprofit working with some of the world's leading media companies on topics like migration and surveillance. And a lot of episodes you hear on my show are sometimes slapped together in a matter of weeks, and it's just me doing the research. But not this episode. Here, we have the luxury of talking with a real reporter who spent lots of time on this story.
Darknet Diaries
137: Predator
And then suddenly the war was over. So where's all the weapons going to go?
Darknet Diaries
137: Predator
The team at Lighthouse Reports spent over six months researching this story, and they worked together with other reporters and journalists and researchers, places like Inside Story in Greece and Haaretz in Israel. They published similar stories, too. And when I first read the story, I was like, whoa, what? So buckle up and let's go for a ride.
Darknet Diaries
137: Predator
So I want to jump in here and underline this for a second. Tal went through the Israeli military. Specifically, he was in Unit 81, which designs new tools for the Israeli military to use. I've heard that Unit 81 once designed a little microphone that is supposed to look like a rock.
Darknet Diaries
137: Predator
So you could just set it down in an area you want to record audio in, and it's hidden, so nobody knows they're being recorded. I imagine they make a lot of spy gear for the Israeli military. Yeah, so Tal came out of that division, and when he left the military, he created a company called Circles, which I believe was a surveillance company that used SS7 attacks to spy on mobile users.
Darknet Diaries
137: Predator
SS7 attacks are really fascinating. I'm not going to get bogged down into the details of how they work, but real quick, SS7 is a way to exploit mobile carriers into getting info on the users or even taking over their phone number. And I believe this company that Tal started, Circles, was using SS7 attacks to collect data from targets and intercept messages and phone calls.
Darknet Diaries
137: Predator
Well, this became quite the service. So much so that NSO Group was like, hey, that's cool. Can we buy it? Now, NSO Group is someone I've covered in detail before. That's episode 100. And it's actually the most listened to episode of this show. But to quickly recap who they are, NSO Group makes spyware called Pegasus and then sells it to governments around the world. who then, well, spy on people.
Darknet Diaries
137: Predator
Buying surplus weapons in the CIA gave him a crazy idea. How about buy a whole bunch of cheap weapons now that the war is over, and then slowly sell them over time? He had all the contacts. He needed to go buy them, and so he did. And he was selling them to the public, like to hunters or sportsmen, and was becoming known for having a big supply of weapons.
Darknet Diaries
137: Predator
It infects the phone and then gives the government full visibility into it. So when NSO saw how nifty this Circles company was, they purchased the company from Tal for $140 million. Now, what would you do if you just sold your company for $140 million? Well, I'd move to a nice warm island somewhere. And that's just what Tal did, too.
Darknet Diaries
137: Predator
He moved to Cyprus, which is an island nation just off the coast of Israel in the Mediterranean Sea. But while there, he started talking with another Israeli named Abraham Avni. Abraham was a businessman and started a company called Pegasus Flight Center in Cyprus. I think they did charter planes. And together, Tal and Abraham started a new project, a surveillance tool.
Darknet Diaries
137: Predator
It might also be a weird spelling for whisper. Anyway, Tal started advertising this mobile surveillance technology. And that's when Forbes is like, hey, that looks interesting. Do you mind showing us on camera what you're working on? And he's like, sure, come on out. So Forbes goes to Cyprus and interviews him.
Darknet Diaries
137: Predator
This video is wild. It's one of those that when you watch it, your jaw just drops and you're like, what the hell is this? Tal takes them to his van and then opens the back doors up and there's like two racks of computers, routers, switches, servers. Inside it looks like your classic FBI spy van. There's like a desk and monitors and chairs and electronics panels, antennas. It's nuts.
Darknet Diaries
137: Predator
And Tal is saying, yeah, so this is a $9 million spy van. And here, let me demonstrate.
Darknet Diaries
137: Predator
He proceeds to use WeSpear to lock on to these two people walking by, and somehow it grabs their data, and he's now in their phones spying on them. It's a crazy piece of technology. But it's even crazier that he was willing to show all this off on camera to be published in Forbes.
Darknet Diaries
137: Predator
Okay, so Forbes publishes this video in September 2019. It rippled through the world, of course, but it also landed on the screens of the people within the Cyprus government. And they watched it in disbelief. A combination of both the police and the intelligence agency of Cyprus was shocked by this. They were like, you're advertising more sophisticated spy tech than we have in our own government.
Darknet Diaries
137: Predator
But I think the main thing that the Cyprus government got mad about is the fact that he was advertising this business that was being conducted out of Cyprus. I mean, this whole business is questionable. Espionage is illegal, you know? And here he's selling tools to do it to who knows who. There are a lot of ethics at play here.
Darknet Diaries
137: Predator
But he wanted bigger deals, and so he started talking to governments around the world. He brought a bunch of AR-10 rifles down to Nicaragua and demonstrated that to them there. Well, the Nicaraguan military was like, ah, that's cool, send us some of those. and then the Dominican Republic wanted some, and then Cuba wanted some.
Darknet Diaries
137: Predator
So a few months after this video aired, the Cyprus police decided to just take it down, take it all down.
Darknet Diaries
137: Predator
It's not clear what crimes Tal Dillion committed, but the Cyprus government made it clear that they just don't want him running this business in their country. Tal got the message and agreed to pack it up. He had to move this whole operation somewhere new. and looked across the Mediterranean Sea and saw Greece.
Darknet Diaries
137: Predator
Tal began working on the paperwork to reestablish his company in Greece. And the whole time he seemed to be a bit sore at the Cyprus government for ruining his plans.
Darknet Diaries
143: Jim Hates Scams
This is a real voicemail or phone call that somebody got. And people are falling for this and calling up the number to you and me. That phone call sounds ridiculous, doesn't it? Like it's a crappy robo voice and it's not fooling us. But just think about the mechanics of this call. I mean, they're clearly using some text-to-speech software, right?
Darknet Diaries
143: Jim Hates Scams
And I don't know why, but they're using a terrible version and have terrible English. But technology is rapidly improving. There's way better software out there today. And I just wonder, you know, someday the scammers are going to upgrade and use the good stuff. Let me demonstrate. Here's what I'm going to do. I'm going to improve this whole scam attempt. Are you ready?
Darknet Diaries
143: Jim Hates Scams
First, I'm going to take the text that they said in that call and ask ChatGPT to rewrite this, but make it sound more like a natural English speaker would say. Cool. Now take that and make it sound even more casual, like something you just hear on a phone call or something. Okay, that looks good. Now I'll run this through a more modern text-to-speech software. Okay, it's done.
Darknet Diaries
143: Jim Hates Scams
You see how much better it is with modern tools? And seriously, that took me two minutes of just using automated tools to fix it up. The audio went from stupid to scary. I know. It's a bummer. And maybe you can still spot that that's AI-generated. But would your grandparents think that?
Darknet Diaries
143: Jim Hates Scams
I improved it because I want you to be aware of the tools that scammers have at their disposal today if they wanted to. And I want you to think about how much better their scams are going to be in the future. We see that they're using text-to-speech software today, and it's just a matter of time that that text-to-speech software sounds really convincing. And then what?
Darknet Diaries
143: Jim Hates Scams
What red flags would you notice in this audio to make you think it's a scam? Now you've really got to think, well, hold on. Do I actually have a support contract somewhere? Who are these people? Let me call them up and find out. And now you're on a phone call with a scammer, a position you really don't want to be in.
Darknet Diaries
143: Jim Hates Scams
And you can see how this whole thing is going to get trickier and trickier in the future.
Darknet Diaries
143: Jim Hates Scams
If I'm the victim, I'd be like, okay, I have no memory of this charge. Go ahead, refund me and see you later. But it's trickier than that. Here's one of the actual scam calls that Jim captured.
Darknet Diaries
143: Jim Hates Scams
Now, here's where the scam part comes in. The scammer will say that they want to make sure the money goes into the proper bank account and will ask to see the victim's screen by using some screen sharing application. And then they'll ask to take control of the victim's computer.
Darknet Diaries
143: Jim Hates Scams
Once they have control of the victim's computer and can see their online bank balances, then they'll say they're initiating the refund for whatever, say $300. And since the victim is logged into the bank's website, what the scammer will do is edit the web page in the browser to make it look like the money was just deposited into the account. But it's a fake deposit, though.
Darknet Diaries
143: Jim Hates Scams
It just looks like the money went in. But the scammer just faked the whole transaction by editing the HTML on the victim's screen. But here's the tricky part. The scammer will put in the wrong amount for the refund. If the victim was expecting a $300 refund, the scammer would instead put in a $5,000 deposit instead. Then act all surprised that they put in the wrong amount.
Darknet Diaries
143: Jim Hates Scams
I went to spycloud.com to check into my darknet exposure, and I won't tell you what it is, but spoiler alert, I found some things that are pretty eye-opening. From breach exposures to info stealing malware infections, knowing what criminals know about you and your business is the first step to setting things right.
Darknet Diaries
143: Jim Hates Scams
Jim says he's seen scammers also try to get people to send back the money using Zelle and bank wires too. And some people have lost quite a bit of money to these refund scams. It really does look convincing when you look at your bank balance and it shows $5,000 more than what you were expecting. And the victim could just refresh the page and the whole thing would reset.
Darknet Diaries
143: Jim Hates Scams
But the scammers are really good at preying on the victim's goodwill, you know. And the victims will give back the money, which is a pretty jerk thing to do, to exploit the goodness in people. You said that up until recently you had a real job. Is this now your full-time job as a content creator?
Darknet Diaries
143: Jim Hates Scams
this is something you're really passionate about, to leave your career behind, go right into chasing after scammers and exposing them. Is that true? This is your passion?
Darknet Diaries
143: Jim Hates Scams
The thing about you, Jim, though, when I'm watching you and I'm listening to you, your voice is just so calm and cool. And I never hear passion in there. And I never hear things like, I can't stand scammers. You don't even have inflection when you say that. You're just like, I can't stand scammers.
Darknet Diaries
143: Jim Hates Scams
Resetting stolen passwords and addressing the enterprise access points that have been stolen by malware helps you protect your business from ransomware, account takeovers, and online fraud. With SpyCloud, you have a trusted partner to fight the good fight with.
Darknet Diaries
143: Jim Hates Scams
Yeah. Yeah, you have a unique approach that... You're not sensationalizing it. This is what I loved about it, actually, honestly, is, you know, there's kind of been a trend of people doing things similar to you now. And they're making it into a big game and lots of excitement. They're trying to get the other person to just lose their mind, you know, and start screaming back or something.
Darknet Diaries
143: Jim Hates Scams
Huh, he's encouraging everyone to waste scammers' time. And that's an interesting idea, I think. Imagine if every time you got a call from one of these scammers, you instantly got excited and you're like, oh boy, this is going to be a fun call. And of course, you don't give them access to your computer or send them money, but what could you do to waste their time?
Darknet Diaries
143: Jim Hates Scams
I say someone should just create an app on my phone that's AI-driven that I could just pass the call over to it, and it acts like me, and it talks to the scammers for hours, keeping them going just a little longer, like maybe there's really long loading screens or web pages aren't loading right or something, and things just keep timing out, and they have to start all over again.
Darknet Diaries
143: Jim Hates Scams
And, you know, there are a few scambaiters out there, and one of them is called Kitboga, and I did see him dabbling with an AI bot tool to try to waste scammers' time. But as Jim spent more and more time with these scammers, something really fascinating happened to him one day. He somehow ended up controlling one of the scammers' PCs. And this sent Jim in a whole new direction.
Darknet Diaries
143: Jim Hates Scams
Their automated solutions, which is built on over 350 billion recaptured assets from the criminal underground, ensure you're not in the dark when it comes to your company's exposure to cybercrime. To get your full Darknet exposure report, visit spycloud.com slash darknetdiaries. That's spycloud.com slash darknetdiaries. This episode is sponsored by Delete Me.
Darknet Diaries
143: Jim Hates Scams
This is why I love watching Jim's YouTube videos. This isn't the only time he hacked into a scammer's computer. He does it practically every video now. He's figured out so many different ways to get in to the scammer's computers. You just heard one way he does it.
Darknet Diaries
143: Jim Hates Scams
And he won't tell me any of the other ways that he gets into these computers because he says if he tells us, then the scammers are going to hear this and fix it and he'll lose access. So he keeps his little hacking method secret. But my mind cannot help but start to brainstorm ideas on how you could hack into a scammer's computer. So let me just think out loud here for a minute.
Darknet Diaries
143: Jim Hates Scams
Okay, so when you connect, like when the scammer connects into Jim's computer to do that remote support, right, that scammer is going to be coming from a specific IP, and Jim could probably see that, right? If he does Wireshark or something, he can capture that IP, and then he's got their public IP. And from there...
Darknet Diaries
143: Jim Hates Scams
Could he then like port scan that IP and look for open ports and then try to find like some exploits or vulnerabilities to hit those ports? Maybe. Maybe that is possible. Another thing is if they're using like some remote desktop software, is there a bug in that software that Jim can exploit to reverse the connection? Yeah.
Darknet Diaries
143: Jim Hates Scams
I don't know how he does it, but even if I hit the nail on the head, Jim's not going to admit to how he hacks into their computers.
Darknet Diaries
143: Jim Hates Scams
We're going to take a quick commercial break. But when we come back, I'm going to play you some of my favorite clips from his channel. And you're not going to want to miss this. Support for this show comes from Black Hills Information Security. This is a company that does penetration testing, incident response, and active monitoring to help keep businesses secure.
Darknet Diaries
143: Jim Hates Scams
I know a few people who work over there and I can vouch they do very good work. If you want to improve the security of your organization, give them a call. I'm sure they can help. But the founder of the company, John Strand, is a teacher, and he's made it a mission to make Black Hills Information Security world-class in security training.
Darknet Diaries
143: Jim Hates Scams
You can learn things like penetration testing, securing the cloud, breaching the cloud, digital forensics, and so much more. But get this, the whole thing is pay what you can. Black Hills believes that great intro security classes do not need to be expensive, and they are trying to break down barriers to get more people into the security field.
Darknet Diaries
143: Jim Hates Scams
And if you decide to pay over $195, you get six months access to the MetaCTF Cyber Range, which is great for practicing your skills and showing them off to potential employers. Head on over to blackhillsinfosec.com to learn more about what services they offer and find links to their webcasts to get some world-class training. That's BlackHillsInfosec.com. BlackHillsInfosec.com.
Darknet Diaries
143: Jim Hates Scams
In episode 133, I spoke to Connor Tumbleson about some people from who knows where who were stealing his identity. Luckily, they weren't out to destroy his reputation or extort him, but think of the damage that could be done. We all have data out there, which data brokers use to make profit. Anyone on the web can buy your private details to do anything they want.
Darknet Diaries
143: Jim Hates Scams
Jim is known for hacking into scammers' computers and exposing them. It's really quite wild to watch. He has over 100 videos on YouTube now, and many of them are exactly this. It's amazing just to hear the scammers' reaction when he tells them some detail about them that he shouldn't know.
Darknet Diaries
143: Jim Hates Scams
For instance, there's one where he hacked into someone's computer in the call center and got a list of everyone's names and their fake names. And this is one of my favorite videos. Let me just play a clip for you from it. Hello?
Darknet Diaries
143: Jim Hates Scams
This can lead to identity theft, phishing attempts, harassment, and unwanted spam calls. But there's a solution called Delete Me. Bye. Bye. Bye. Now at a special discount for my listeners, you can get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code DD20 at checkout.
Darknet Diaries
143: Jim Hates Scams
The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code DD20 at checkout. That's joindeleteme.com slash darknetdiaries code DD20. Today, I have the absolute pleasure to speak with Jim Browning. Jim was the first person I ever saw do scam baiting, and I was blown away that someone even does this sort of thing. Scam baiting is just as it sounds.
Darknet Diaries
143: Jim Hates Scams
He told them their real names, their location, even the name of the company that employed them. And they passed this phone around to at least five different agents to talk to him. And of course, any information that Jim does get from hacking these scammers, he reports it.
Darknet Diaries
143: Jim Hates Scams
So like if he sees that they use a certain service, he'll report that to the service provider that scammers are using their product and this is their user ID. And he's gotten some of them actually banned from using certain software, but they can just like make a new company and then register the software again under a new company name.
Darknet Diaries
143: Jim Hates Scams
And sometimes when these scam centers make new company names, they even get their company listed by the Better Business Bureau and then even get some people to make fake reviews about their company. So if he can find this, he'll definitely report that to the Better Business Bureau and he'll do everything he can to slow down these scammers and waste their time.
Darknet Diaries
143: Jim Hates Scams
Once he got into a scammer's computer and grabbed all their files, and in there was a plane ticket for a recent trip. So Jim had this guy's real name, his travel details, and from there he could look the guy up on Facebook and find his friends and family.
Darknet Diaries
143: Jim Hates Scams
And yeah, when these scammers call him up and have no idea that Jim has all this information on them, it's quite a riot to watch the whole thing unfold. The question does come up, though, and I'm sure you've answered this a thousand times, which is like, hold on a second. Hacking is illegal. You can't just go hack people's stuff. And here you are hacking into someone else's machine.
Darknet Diaries
143: Jim Hates Scams
What's going on here? Where's your justification? Where's your moral compass or ethical framework in this way? Yeah.
Darknet Diaries
143: Jim Hates Scams
This is a really nice ethical line you've painted yourself. Like, okay, you know what? Unless you walk into my home and get onto my computer and attempt to steal money from me, I'm not going to do anything to you. And once they do that and you open your door to allow that to happen and you see that, okay.
Darknet Diaries
143: Jim Hates Scams
There's almost no recourse that they can have. I mean, I'm assuming you haven't had any legal complaints that you've had to seriously take care of.
Darknet Diaries
143: Jim Hates Scams
He tries to bait scammers to scam him, and he records it for YouTube, and it's really quite amazing to watch. So it still says connecting?
Darknet Diaries
143: Jim Hates Scams
Okay, so my absolute favorite video of Jim's is when he hacked into an entire call center and could watch everything that was going on there. Wait, first, before we get into this story, how do you typically find these scammers?
Darknet Diaries
143: Jim Hates Scams
Okay, but this story doesn't start with an inbound phone call. Instead, someone told Jim about a Malvert. This is an ad on a website which has malware on it. Basically, if you went to a website, you would hear this.
Darknet Diaries
143: Jim Hates Scams
Yeah, a little caffeine hit. Indeed. You know, there's only like a few places in the world that have caffeine. There's tea, coffee, cola, chocolate. And I think that's it. That's the natural sources.
Darknet Diaries
143: Jim Hates Scams
Now this was just an ad on a website, but it had some malicious JavaScript in it, which maximized the browser, showed this giant warning, played this audio on repeat, and then made the mouse disappear, which made it seem like the screen was frozen. It's not actually a virus, though. You can just tap on Control-Alt-Delete and close the browser, and all is fine.
Darknet Diaries
143: Jim Hates Scams
But to someone who doesn't know better, this could be scary, and they might call the number to get help. So Jim called the number and said that his computer's infected, and the scammers immediately tried gaining remote access to Jim's computer and tried to scam him for money. So that means, in Jim's mind, they crossed the line, and it was time for him to try to hack them back.
Darknet Diaries
143: Jim Hates Scams
Okay, so he got into a supervisor's PC in a scam call center. But then from there was able to get into the CCTV system. Now this scam call center had a lot of cameras. The supervisor could watch all the scammers do their calls and go on break and go outside. And there was even a camera in the boss's office. But that wasn't it. The supervisor also had the ability to listen in on the calls.
Darknet Diaries
143: Jim Hates Scams
In fact, all these calls were being recorded with some software.
Darknet Diaries
143: Jim Hates Scams
Holy moly, 70,000 calls. And this is a much bigger operation than I thought. But Jim started going through this and was able to match up some of the time codes of the CCTV footage and the recorded calls and could essentially watch the scammers as they called these victims and listen in on the calls.
Darknet Diaries
143: Jim Hates Scams
It's quite fascinating to watch because sometimes the scammers are like playing video games or looking bored. But this also means he's starting to identify what they look like. Where their desk is, where they sit in the room, and how this operation looks from the inside.
Darknet Diaries
143: Jim Hates Scams
On top of that, on the supervisor's PC, there was a list of victims, which included the amount that was stolen from everyone and their names. It was quite a find. And just imagine having this access, being in Jim's position... I mean, if I was in that position, I'd just, like, put the computer down and take a walk around the lake or something like that, right? Like, what do you do?
Darknet Diaries
143: Jim Hates Scams
What do you do with all this? Like, he would open up his computer in the morning and would have live cameras of this scam call center on one monitor watching everything that was going on. And then on the other monitor, he could tap into the phone calls and listen to them live as they were trying to scam victims.
Darknet Diaries
143: Jim Hates Scams
He pretty much had full supervisor access to this whole scam call center and could watch and listen to anything. But what do you do with that access? Like, it's really tempting to just call him up and be like, hey, hey, I can see you, scammer. I can see you wearing a hat and playing video games. I gotcha.
Darknet Diaries
143: Jim Hates Scams
OSC. How did all this get started for you? What's your origin story with this whole scam thing?
Darknet Diaries
143: Jim Hates Scams
Yeah, and I mean, 70,000 calls with a whole list of victims here. Yeah. this is too much for one person to process all. So what did you end up doing with this access?
Darknet Diaries
143: Jim Hates Scams
The BBC has more resources than Jim. They can parse through this massive trove of data quicker and started putting pieces together even more. And together they built quite a detailed understanding of this whole scam operation. They figured out the name of the company, its address, who owns it, the employees who work there, and the victims, and how much money this whole place was making.
Darknet Diaries
143: Jim Hates Scams
And again, it was all clearly documented with the video footage and the recorded calls and the files that they got from that supervisor's computer. They had a ton.
Darknet Diaries
143: Jim Hates Scams
Well, with all this proof, it was time to learn who is leading this operation.
Darknet Diaries
143: Jim Hates Scams
Okay, this is super interesting. There was a CCTV camera inside Amit's office, the head boss of this whole thing. And it's the only camera that actually had sound on. And so there's hundreds of hours of him talking on the phone and having meetings with people. And in those meetings, he's scheming up new ways to scam people and basically admitting to all this criminal activity on camera.
Darknet Diaries
143: Jim Hates Scams
It's extraordinary. Well, with all this evidence in hand, the BBC reporter went to India to try to meet with him.
Darknet Diaries
143: Jim Hates Scams
Well, it was true. There was no such criminal case against him. So the BBC reporter went to the police and asked, hey, why don't you crack down on these scam call centers more seriously?
Darknet Diaries
143: Jim Hates Scams
Well, in this particular case, they did have victims, and the BBC recorded the victims' testimony to hear how they got scammed. So when the BBC published this story, and when Jim published his YouTube videos, it couldn't be ignored by the police. They had victims, they had evidence, they had the address, they had the name of the boss. It was a very easy case to process.
Darknet Diaries
143: Jim Hates Scams
I'm sure you're familiar with the fake Microsoft support scam calls. It's typically where someone from India calls you up and says you have a problem with your computer and it sounds something like this. Hi, hello? And they'll try to convince you that your computer has a virus and they can help. And they'll ask for control of your computer to fix it.
Darknet Diaries
143: Jim Hates Scams
That's disappointing. Indian authorities. seem to not care about scam centers there. It's illegal, but they say they can't prosecute unless they have the victims, and since the victims are far away in another country, they just don't have enough evidence.
Darknet Diaries
143: Jim Hates Scams
But even when the police are given the evidence, wrapped up with a bow by Jim and the BBC, and are even introduced to the victims, they still don't take serious action on this. So despite Jim's huge efforts of dismantling this whole industry, it looks to me at least that it's only going to keep growing since these criminals can scam victims all day with impunity.
Darknet Diaries
143: Jim Hates Scams
Are there situations, I mean, you've been doing this for nine years now, and this probably was one of them where you had this huge database of victims and all this camera footage and stuff. Are there other situations where you have to just do a long stare out a window and take like a walk around the lake or something, whatever, and just think about what do I do with this situation I'm in? Yeah.
Darknet Diaries
143: Jim Hates Scams
What are some of the difficult questions that you're asking yourself?
Darknet Diaries
143: Jim Hates Scams
Can I just do one last quick question? Sure, yeah, absolutely, yeah. Have you ever visited India or do you ever plan to go?
Darknet Diaries
143: Jim Hates Scams
But the thing is, you don't actually have a virus at all. They just made up this problem. And they want to take your money. And Jim finds this whole thing really fascinating and just can't stop thinking about this.
Darknet Diaries
143: Jim Hates Scams
A big thank you to Jim Browning for coming on the show and telling us all about the scam baiting he's been doing. You can watch all his videos on YouTube by just searching for Jim Browning. This episode was created by me, the fickle finger, Jack Recider. And this episode was edited by the wisdom feather, Tristan Ledger.
Darknet Diaries
143: Jim Hates Scams
Mixing done by Proximity Sound and our theme music is by the mysterious Breakmaster Cylinder. Someone asked me the other day, what's an ethernet? And I said, oh, that's what you use to catch the ether bunny. This is Darknet Diaries.
Darknet Diaries
143: Jim Hates Scams
So Jim finds himself on these calls to hear how it works and watch their whole operation. And then he calls them out on it like this.
Darknet Diaries
143: Jim Hates Scams
Jim is pretty good at catching them in a lie. And then he tries to get them to explain themselves. And when they continue denying it, he reports them.
Darknet Diaries
143: Jim Hates Scams
You know what? The thing is that you are the most requested guest maybe I've ever had. Wow.
Darknet Diaries
143: Jim Hates Scams
A lot of times what these scammers will do is type commands on your computer to prove you have a virus, but all they're doing is just showing you really normal computer activity, and it doesn't prove anything. In fact, one time I saw a video of his where a scammer just typed on the screen that the firewall is damaged and is at 2%.
Darknet Diaries
143: Jim Hates Scams
So if you're available, I'm available. Let's go. I'm going to put the chocolate to the side and let's make a podcast.
Darknet Diaries
143: Jim Hates Scams
And this camera was trying to say, hackers are going to soon break through and get everything. But the thing is that firewalls don't have a percentage. And it's great that Jim knows a lot about IT and can easily spot every one of these bad attempts at showing him that there's a problem on his computer.
Darknet Diaries
143: Jim Hates Scams
Now, these scammers are not sophisticated at all. Their scam is really basic, but their method of collecting payment is crazy ridiculous. What they should do is just act like a normal company and set up a website where you enter in your credit card details and send them money.
Darknet Diaries
143: Jim Hates Scams
But they can't do that because payment processors will quickly spot and shut them down and freeze their money, maybe even charge them a fee. So Stripe and PayPal are just out of the question here, which means they've got to come up with some creative alternative ways to get money from you.
Darknet Diaries
143: Jim Hates Scams
Yeah, so I'm curious on that. How do they launder it? Because if you give someone an eBay card, they're not going to buy something on eBay. They're probably selling that for pennies on the dollar.
Darknet Diaries
143: Jim Hates Scams
This always seems surprising to me. To convince your victim to hang up the phone, go drive to the store, buy a gift card, then drive back home and call the scammer back up to give them the gift card details. I just think you're going to lose your victim every time in that process. And on top of that, they're only getting half the value that's on the card. But this seems to be pretty effective.
Darknet Diaries
143: Jim Hates Scams
So you're the guy that everyone knows. You're ready to go. Oh, I'm ready. Yeah, far away. These are true stories from the dark side of the internet. I'm Jack Recider. This is Darknet Diaries. This episode is brought to you by SpyCloud. For some people, ignorance is bliss. But for you, as a security practitioner, that's not the case.
Darknet Diaries
143: Jim Hates Scams
I mean, these scam centers are making quite a bit of money this way. And I guess this means that even though the scam is hilariously bad and the method of collecting money is ridiculously complex, the thing that makes this work is the numbers, the relentless attempts at scamming people. If they try over and over and over and over, they'll eventually get people to pay them.
Darknet Diaries
143: Jim Hates Scams
Now, of course, some victims don't want to send gift cards. So the scammers say, that's fine. There's another way. Send us cash.
Darknet Diaries
143: Jim Hates Scams
Like, I don't want to be victim-blaming here, but come on. How colorblind do you have to be to not see these giant red flags? One of the scams that Jim sees often is called a refund scam, and it might start out with a phone call that sounds like this.
Darknet Diaries
140: Revenge Bytes
Two years. Oh, my gosh. We haven't even got started yet. And already two years. This is so awful.
Darknet Diaries
140: Revenge Bytes
Two years of harassment. I thought this was like months into it. No.
Darknet Diaries
140: Revenge Bytes
Now being harassed so bad for so long wears a person out. It's heavy work to sort through 4chan or try to connect these dots. Not something you want to be doing while on vacation. You want to get away from that shit, not scoop it up and sniff it. So she sent this information to her sister and really tried not to let it bother her.
Darknet Diaries
140: Revenge Bytes
The idea that a hacker can break into your account and steal private photos off your phone is a big problem. I've read countless stories of guys planting cameras in places they shouldn't be, like women's bathrooms or changing rooms. And with cameras getting smaller and harder to notice, this problem persists. But actually, a lot of you just put surveillance cameras right up in your homes yourself.
Darknet Diaries
140: Revenge Bytes
But the harassing posts and text messages just kept coming in more and more. Whoever this was continued posting to all these websites the same nip-slip photos and her contact details. And people were calling her and messaging her and stuff.
Darknet Diaries
140: Revenge Bytes
This upset her, obviously, deeply. It's debilitating. How can you focus on work when texts are coming in all the time? How can you relax at home when your phone's ringing all the time? She was asking her boyfriend for help, and he was looking into it, and he was actually getting pretty deep into the investigation himself.
Darknet Diaries
140: Revenge Bytes
ADT, for example, is a security company that allows you to put cameras inside your home to keep watch over your safety. But guess what? There was an ADT employee who was caught abusing his access and was spying on women and people having sex in their homes, taking screenshots of them and stuff. Oh, and let's not forget about love int.
Darknet Diaries
140: Revenge Bytes
What the hell? So her boyfriend found the guy doing this and gave him more photos? What?
Darknet Diaries
140: Revenge Bytes
This was the stuff that was now getting posted over and over again, nonstop. And she knew her boyfriend, well, now ex-boyfriend, must have been the one that was leaking this since he was the only one with these images and videos. And things were rocky between them. They were actually bad. So it's a possibility that he did this maybe to hurt her or something.
Darknet Diaries
140: Revenge Bytes
But wait, her sister's nude photos were in there too. What is going on there? How did he get that? Christine, what photo did he post of you?
Darknet Diaries
140: Revenge Bytes
Okay, so there was a couple of nude photos of Christine in this, and these photos are going to take a moment to explain, but I think it's worth it, so stay with me. So implied boudoir photos have no nudity. Everything is covered up. That's the implied part. It's teasing, it's evocative, but there are no private parts exposed.
Darknet Diaries
140: Revenge Bytes
And Christine has the photos from that shoot and there simply weren't any nude photos in there. On top of that, she never shared any of the photos from this boudoir photo shoot publicly. Never posted any of it to social media. But there were nude photos of her from that exact photo shoot up on the internet. How did that happen? By this time, Christine had married Dana.
Darknet Diaries
140: Revenge Bytes
Okay, a new ally joins the fight. Dana, the pilot. First, he's like, wait a minute, where do these photos come from? How could he have gotten them?
Darknet Diaries
140: Revenge Bytes
This is a term used for when intelligence officials use their spying power to spy on love interests. There's been some reported cases that people in the NSA have used their access to the national surveillance infrastructure to check if a spouse is cheating or to keep a closer eye on someone they're interested in.
Darknet Diaries
140: Revenge Bytes
Man, that's a lot of work to go through hundreds of photos to find the one or two with a nip slip. But still, these photos, they were on a CD, in a box, in her parents' house, mixed in with some other photos of Madison. Christine didn't even know these nip slips were in there. So how'd he get those photos? Well, as you may know, photos on a CD are kind of clunky to deal with.
Darknet Diaries
140: Revenge Bytes
Our laptops and phones don't have a place to insert the CD. So a while back, Madison just went through that box and grabbed a bunch of CDs and copied them onto Dropbox to make it easier to access. Well, Madison's boyfriend somehow gained access to her Dropbox, and he looked through these photos of her sister, Christine, which is where he found these nip slips.
Darknet Diaries
140: Revenge Bytes
and then sent them to this guy, their harasser. Ugh, what a big problem that they have to deal with now. And I want you to understand, Christine's nude photos being on the internet like this is the least likely thing to ever happen. She doesn't have nude photos.
Darknet Diaries
140: Revenge Bytes
The fact that a couple were accidentally taken, that she had no idea even existed, and were in a box in her parents' house, offline even, somehow made their way onto a revenge porn site, it's so unfair. Some people like to victim shame in this situation. Ah, you dirty girl. That's what you get for taking nude photos. Fuck right off with that attitude. Christine is a good lady.
Darknet Diaries
140: Revenge Bytes
And if this kind of stuff can happen to people who have done everything right, then clearly this is not the victim's fault. We should be helping her and other people in this situation, not blaming them. I'll even take this a step further. At least once a month, some dude emails me telling me that they're in a similar situation where they met some lady online. Things got hot and heavy.
Darknet Diaries
140: Revenge Bytes
He sent a dick pic, but she turned out to be a guy and just wanted something to use to extort him. And now he's asking me, what do I do when they want me to pay $500 or they'll send my nude photo to my boss? And you know what? I sympathize with him too because the person holding his dick pic for ransom is breaking the law. They are scamming him, extorting him, harassing him. And I don't like that.
Darknet Diaries
140: Revenge Bytes
I don't like harassers getting away with their bullshit no matter who the victim is. The victim is irrelevant. It's the criminal who should be blamed and punished for this. Sorry, I kind of lost the plot there. This topic of online harassment is a sensitive one for me.
Darknet Diaries
140: Revenge Bytes
I feel like it's gotten way out of hand and every day I go online and I just see this kind of stuff and it's like a kick to my heart every time. Stop harassing people, okay? We've got better things to do with our time. If you're a harasser, just stop. I don't care why you think your actions are justified. Just stop. Find a way to make a positive impact on someone's life, not a negative one.
Darknet Diaries
140: Revenge Bytes
Let it go. Let's work on making the world a better place, not a worse place.
Darknet Diaries
140: Revenge Bytes
So this is case after case of how your nude photos could be leaked without you doing anything wrong. Just think about all this next time you see a camera, which you probably see a camera like a million times a day. With all our connected and smart devices, we're not the only ones who can control them. And the people who do have access to your camera can and will abuse that access.
Darknet Diaries
140: Revenge Bytes
Man, how awful that must have been to be a parent and see someone send you a nude photo of your daughter, but then for Madison to find out later that her parents already saw it but were too embarrassed to say anything about it. It's such a messy situation to figure out for everyone. Okay, so Madison and Christine have this steaming pile of bullshit they're dealing with now.
Darknet Diaries
140: Revenge Bytes
What's the language you use to tell them, hey, I want this removed?
Darknet Diaries
140: Revenge Bytes
Ah, it's interesting, right? Most nudes that get linked like this are selfies. And the thing is, is if you took the photo, you automatically have the copyright to that photo. You don't have to go register it with the copyright office or anything. It's automatically your copyrighted work. So if someone uses a photo you took without your permission, that's a copyright violation.
Darknet Diaries
140: Revenge Bytes
So tap on the sign, point to the law and say, hey, it's illegal to post this without my permission. Take it down. And a lot of sites do. Of course, it really helped that Christine was studying law and knew this stuff. And she wanted to be extra careful here and make sure both her feet were firmly planted in the law and it was on her side.
Darknet Diaries
140: Revenge Bytes
So she asked the photographer who took her photos, can we transfer the copyright to me? And she did. She went through the U.S. Copyright Office to get the copyright of her nip slips transferred to her so she could have more power at getting this removed.
Darknet Diaries
140: Revenge Bytes
um and kind of be like do you know what's on the internet of her and like just like the typical harassment um but doing it to my bosses at the time that i don't know it's just it's just awful in like every corner because there's like no there's no escaping it right no matter where you end up going you go on vacation you're harassed on vacation you go to work you're harassed at work at home you're harassed at home
Darknet Diaries
140: Revenge Bytes
Or maybe the camera is just insecure and someone else who shouldn't have access to it will get in. Cameras are now ubiquitous in our lives. And I just want you to be aware that you shouldn't trust it to keep your private life private. I mean, just think about all the places you're naked in front of a camera. Everyone takes their phone to the bathroom now, don't they?
Darknet Diaries
140: Revenge Bytes
What triggered the breakdown? Just because it was nonstop, right?
Darknet Diaries
140: Revenge Bytes
And when you went to tell your parents, did it feel like you were telling them, like you didn't know they knew?
Darknet Diaries
140: Revenge Bytes
Okay, right off the bat, I want to give a content warning. We're going to get into some sexually explicit stuff in this episode. We're going to talk about nudity, and there's going to be some swearing. So this episode is for mature listeners. You've been warned. Oh, and by the way, I give these warnings because a lot of you tell me you listen with your little kids, which I think is amazing.
Darknet Diaries
140: Revenge Bytes
Hi, kids. But sorry, kids. Okay, so have you ever had your nude photos leaked online? Yeah, you probably have. You just might not know it because some insane stuff is going on out there. Let me explain. First, law enforcement has access to some pretty crazy tools, databases that scrape the Internet and then store a whole bunch of information on a person.
Darknet Diaries
140: Revenge Bytes
Yeah, because I mean, I just imagine the, oh my gosh, this is what's been going on.
Darknet Diaries
140: Revenge Bytes
Because you're already at a breakdown and then you're like, what? You've seen it too. They know you're... It's worse. It's not better.
Darknet Diaries
140: Revenge Bytes
Now because Christine is a lawyer, of course she wanted to use the legal system to sort this out.
Darknet Diaries
140: Revenge Bytes
Frustrating. I mean, when she said Madison was turned away, the police didn't even take her name or any information about the crimes she was reporting. It sounded like they absolutely did not care for her at all. But these sisters were tough and smart and weren't going to accept no for an answer.
Darknet Diaries
140: Revenge Bytes
We're going to take a quick break here, but stay with us because when we come back, they start taking matters into their own hands. Support for this show comes from Black Hills Information Security. This is a company that does penetration testing, incident response, and active monitoring to help keep businesses secure. I know a few people who work over there and I can vouch they do very good work.
Darknet Diaries
140: Revenge Bytes
If you want to improve the security of your organization, give them a call. I'm sure they can help. But the founder of the company, John Strand, is a teacher, and he's made it a mission to make Black Hills Information Security world-class in security training. You can learn things like penetration testing, securing the cloud, breaching the cloud, digital forensics, and so much more.
Darknet Diaries
140: Revenge Bytes
But get this, the whole thing is pay what you can. Black Hills believes that great intro security classes do not need to be expensive, and they are trying to break down barriers to get more people into the security field. And if you decide to pay over $195, you get six months access to the MetaCTF Cyber Range, which is great for practicing your skills and showing them off to potential employers.
Darknet Diaries
140: Revenge Bytes
Head on over to BlackHillsInfosec.com to learn more about what services they offer and find links to their webcasts to get some world-class training. That's BlackHillsInfosec.com. BlackHillsInfosec.com.
Darknet Diaries
140: Revenge Bytes
The two sisters, Madison and Christine, had been getting harassed by someone or a group of people for years, and it just kept getting worse and escalating to the point that they were experiencing mental breakdowns and were having a really hard time functioning. This harassment was seeping into every aspect of their lives, and it was nonstop.
Darknet Diaries
140: Revenge Bytes
They were capturing everything they could and documenting it all, looking for clues as to who would be doing this. but they weren't making any progress to solving this. But they were very tuned into this activity, watching it closely.
Darknet Diaries
140: Revenge Bytes
Okay, so Kik. I do want to add a few things about this. I did a whole episode about Kik. That's episode 93. And what I learned from doing that episode is Kik is a magnet for awful behavior. It's just a chat app like Discord or Slack. But what I've seen is that there's just no content moderation. So chat rooms can become full of illegal activity, open to the public for anyone to find and join in.
Darknet Diaries
140: Revenge Bytes
Why this app isn't banned from the Google or Apple store still is a mystery to me. But it's very clear that Kik has a lot of problems and is basically a scourge of humanity. So when this person was posting nude photos of Christine and Madison to 4chan, he was sometimes including his Kik username. You know, in case someone wanted to friend him.
Darknet Diaries
140: Revenge Bytes
Well, this is a nice little path to investigate, right? You've got a Kik username now. Well, going on Kik, you can't really see what he's up to there. But they were pretty familiar with searching 4chan. So they looked through 4chan for that Kik username. And this opened them up to a huge trove of posts that he had been making to 4chan.
Darknet Diaries
140: Revenge Bytes
Of course, they had to drive through this filth to make sense of it. But what they discovered was that he wasn't harassing just the twins. He was posting nudes of other women, too.
Darknet Diaries
140: Revenge Bytes
Mmm, interesting. He seemed to be obsessively posting nudes of the same five women. He didn't have a wide array of nudes that he was posting. He was focused about it, zoomed in to only five women, harassing each of them almost in a cycle, going through each of them and then back around to the first, making each of their lives hell. This is interesting because what's the correlation here, right?
Darknet Diaries
140: Revenge Bytes
Are these five women connected in any way? To start with, the sisters didn't know any of these other victims. But this started a whole new investigation into each of these women. It actually helped that he was posting their phone numbers and socials. Some were in Florida, near Christine and Madison, actually. But some were in New York.
Darknet Diaries
140: Revenge Bytes
They had some ideas who might know all these people, but they weren't sure. I mean, it seemed like someone they should know personally, but all the people who they suspected, there's just no way it could be them. But still, the data they got from this Kik user was massive to their investigation.
Darknet Diaries
140: Revenge Bytes
I went to spycloud.com to check into my darknet exposure, and I won't tell you what it is, but spoiler alert, I found some things that are pretty eye-opening. From breach exposures to info stealing malware infections, knowing what criminals know about you and your business is the first step to setting things right.
Darknet Diaries
140: Revenge Bytes
Christopher. They figured it out. They unmasked their attacker. It had to be Christopher. All the signs pointed to him now. And the creepy part was, they all knew Christopher. I mean, she had been friends with him on Snapchat for years, which is why he could see the photos there. And where do you know Christopher from?
Darknet Diaries
140: Revenge Bytes
Wait, Dana, this is one of your friends? Yeah, that's correct. What was your relationship to him back in the fraternity?
Darknet Diaries
140: Revenge Bytes
So having that history with him and then saying, wait, is it him? What is your gut feeling out of that?
Darknet Diaries
140: Revenge Bytes
Resetting stolen passwords and addressing the enterprise access points that have been stolen by malware helps you protect your business from ransomware, account takeovers, and online fraud. With SpyCloud, you have a trusted partner to fight the good fight with.
Darknet Diaries
140: Revenge Bytes
Yeah, and I remember Madison telling me things like, just walking around the streets, like, why is that guy looking at me that way? Is he the guy?
Darknet Diaries
140: Revenge Bytes
Their automated solutions, which is built on over 350 billion recaptured assets from the criminal underground, ensure you're not in the dark when it comes to your company's exposure to cybercrime.
Darknet Diaries
140: Revenge Bytes
They figured out who the asshole was and they were all kind of shell-shocked by it. This guy who was at their wedding did this? What a monster. You think you know someone, but then this happens. But Christine, being a lawyer, she wanted more evidence and kept going through the kick posts.
Darknet Diaries
140: Revenge Bytes
Okay, all right, they've really got this guy nailed now. All of the harassment, all of the nudes, all of the nightmare was stemming from this one person. And yeah, he was able to get others to join in on the harassment, but if it wasn't for him, nobody else would be harassing these women. And just knowing this is such a relief in a way.
Darknet Diaries
140: Revenge Bytes
You're dealing with the darkness and anonymity of the internet, and you have no idea how many people are behind your harassment. But now it's clear, it's one guy, Christopher. And they know everything about him. But he didn't know they were onto him. And so he kept up his harassment campaign, calling bosses, sending nudes to their friends, and asking others to join in.
Darknet Diaries
140: Revenge Bytes
This episode is sponsored by Delete Me. In episode 133, I spoke to Connor Tumbleson about some people from who knows where who were stealing his identity. Luckily, they weren't out to destroy his reputation or extort him, but think of the damage that could be done. We all have data out there, which data brokers use to make profit.
Darknet Diaries
140: Revenge Bytes
So I feel like there's a meeting now, right? You, Madison, and Christine are like, okay, we know what's going on. We know who it is. What's the plan going forward?
Darknet Diaries
140: Revenge Bytes
Anyone on the web can buy your private details to do anything they want. This can lead to identity theft, phishing attempts, harassment, and unwanted spam calls. But there's a solution called Delete Me. Take control of your data and keep your private life private by signing up for Delete.me.
Darknet Diaries
140: Revenge Bytes
So they got all the victims together on the same page, six total. And they were all really sick and tired from being harassed by this guy. And they were shocked to find out Christopher was the one behind it because they all knew him.
Darknet Diaries
140: Revenge Bytes
So Christine created quite a compelling folder of evidence for each of the women to take into their own police departments and hand it to the police.
Darknet Diaries
140: Revenge Bytes
Yeah, let's back up. I want to pause there for a second because that's fascinating to me because that's your wheelhouse. I bet you spent a lot of time doing that. Can you just talk about what you think he was doing that was against the law?
Darknet Diaries
140: Revenge Bytes
Okay, so this Florida statute enacted in 2015, section 748-049, states that the crime of sexual cyber harassment is committed when a person publishes a sexually explicit image of another person along with personal identifying information of the depicted person to a website without the depicted person's consent for no legitimate purpose and with intent of causing the depicted person substantial emotional distress.
Darknet Diaries
140: Revenge Bytes
Now at a special discount for my listeners, you can get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code DD20 at checkout. The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code DD20 at checkout. That's joindeleteme.com slash darknetdiaries code DD20. Okay, so let's just get to know you to get started with.
Darknet Diaries
140: Revenge Bytes
Boom. Perfect. He definitely violated that one. But she did her research. She didn't want to rely on just one statute. Since he was posting nudes of underage girls, he was also violating child pornography statutes. Since he was calling people's bosses and parents and stuff, why not throw in stalking too? Hell, there's even an aggravated stalking statute, which is a felony charge.
Darknet Diaries
140: Revenge Bytes
And if he was stalking a minor, that would constitute as aggravated stalking. But Christopher was living in New York State. So maybe all these Florida laws don't even matter. So Christine studied the laws in New York to figure out which ones he violated there.
Darknet Diaries
140: Revenge Bytes
She found statutes like sexual performance by a child, extortion, unlawful surveillance, dissemination of unlawful surveillance imagery, and stalking. Okay, so those are the state laws that she thinks he violated. But are there any federal laws that she can point to?
Darknet Diaries
140: Revenge Bytes
Great. Yeah, just keep going. So you bring this whole body of knowledge to them. You slap it down and say, here's the circumstantial evidence that we have on him. Here are the laws that we think he's breaking.
Darknet Diaries
140: Revenge Bytes
So I imagine that they just say, oh, here's a form, fill it out and then goodbye. And they're not going to do anything, but they wouldn't even let you fill the form out.
Darknet Diaries
140: Revenge Bytes
What? What? Oh, this is so frustrating. Police. Hello, police. What are you doing? How are you turning away these women who have brought you every shred of evidence to make an arrest and pointed to the guy and said, there he is, officer. This is an open and shut case and you're doing nothing. Come on. I'm so mad right now.
Darknet Diaries
140: Revenge Bytes
I look, I gotta, I need like a minute, like just putting my headphones down. I'm walking away for a minute.
Darknet Diaries
140: Revenge Bytes
Yes. So the FBI are like, wow, this is a lot of work is done here, but this is circumstantial evidence. We're going to get direct evidence. So they start subpoenaing some of the emails and stuff, right?
Darknet Diaries
140: Revenge Bytes
What's your name and what was your life like before all this started?
Darknet Diaries
140: Revenge Bytes
So let's back up a second. They finally get the police to open this police report. But this whole time they were trying to collect as much evidence as they could on this guy. Now, one thing the police can do is send a subpoena to 4chan or Kik or any of these websites and say, hey, we want the information on this user. And those sites have to comply with U.S. law if they're based in the U.S.
Darknet Diaries
140: Revenge Bytes
And so they would give the police this user's data without a fuss. But if Christine wants information on a user, these sites are not going to give it to her. She doesn't have the subpoena power that the police have. However, she's got a trick up her sleeve to get that power.
Darknet Diaries
140: Revenge Bytes
This was a civil lawsuit, which they actually opened up before they even knew it was Christopher. They were so frustrated that the police weren't helping them. And they were like, fine, we'll get the subpoena power ourselves. It's going to take some extra money and time. But they had to do something about this guy. Now, here's the problem.
Darknet Diaries
140: Revenge Bytes
They didn't know his name when filing the civil suit, so they just filed it against John Doe. Basically, they were going to use the courts to be able to issue subpoenas to identify their harasser. But there's another problem. Soon as the subpoena comes through, the site will likely inform Christopher that there's a case against him, and he'll get to see who's filing it.
Darknet Diaries
140: Revenge Bytes
So the sisters didn't want to put their names as the victims of the case and instead wanted to file it anonymously, which I think should also be fine since they're the victims. Courts should protect victims in cases like this, right?
Darknet Diaries
140: Revenge Bytes
No problem, Madison. I'm here to help. So Madison grew up in Florida and after high school went to attend a college in Florida.
Darknet Diaries
140: Revenge Bytes
That's another whole level of frustration is that they denied you to be anonymous or just the initials of the lawsuit. Because, yeah, that opens you up to all kinds of other problems.
Darknet Diaries
140: Revenge Bytes
By this point, Christopher was well aware of what was going on. He knew. They all knew. It was him. And they were talking about it, too. Like, I think his dad was telling everyone, okay, let's all calm down. I'll talk to Christopher and get him to stop. I'm sorry. But promise after promise was broken. He wasn't stopping. He kept at it.
Darknet Diaries
140: Revenge Bytes
He even apologized and admitted to it a few times, but then kept doing it. He somehow was addicted to harassing these women. Even with lawsuits, even with criminal cases open, he just wouldn't stop. Luckily, they were able to get the FBI's attention on this.
Darknet Diaries
140: Revenge Bytes
I guess it's used to help conduct investigations so they can quickly and easily get a whole bunch of information on a person. They can get your marital status, your address, your job, salary, kind of car, flight records, social media accounts, and of course, photos of you. Well, some cops have been caught abusing this tool. One cop was caught looking for dates on Tinder, which is fine.
Darknet Diaries
140: Revenge Bytes
Yikes. What a mess at every turn. So thank goodness the FBI was looking into this. We've got a monster on the loose. Go get them.
Darknet Diaries
140: Revenge Bytes
Christine was working on becoming a lawyer. And while there at school, Christine met a guy.
Darknet Diaries
140: Revenge Bytes
Arrested? Oh, thank goodness. I don't think I can handle any more problems. And actually, the arrest wasn't even that big of an event. His lawyer convinced him to go down and turn himself in because this will look better to the judge. So he did. He went down to the police station himself, turned himself in, and then they just processed him and let him go back home.
Darknet Diaries
140: Revenge Bytes
But at least the perp is recognized, identified, and court dates were set. And listening to them talk, I don't think there was a way for him to stop on his own. He was just too far gone into all this. But what's amazing are these two sisters. They were relentless about fighting back because Christine was a lawyer. So she knew what avenues to go down and what laws to wield in order to fight this.
Darknet Diaries
140: Revenge Bytes
Like, the average person isn't even going to know that you can open a civil lawsuit to get the courts to issue subpoenas, you know? And then to use that information to open a criminal case at the same time, and the fact that they didn't want to just have one case open, but they had six different women all trying to get cases open on this guy, it's just brilliant work by them.
Darknet Diaries
140: Revenge Bytes
Who in the world has the energy and drive to continue harassing the same women for 10 solid years? Apparently this guy, Christopher did. So what happens to him? Well, he was arrested, right? Clearly, there was a ton of evidence of his crimes, including him admitting to his victims and promising to stop.
Darknet Diaries
140: Revenge Bytes
So when he goes to court, there's no other option for him to plead guilty, which means no trial was needed. Skip all that, since he's admitting to it. but there's still the court proceeding to figure out his punishment, a sentencing hearing. Clearly, this man has caused great harm to these women, but can the women influence what the judge decides the sentence should be? Hell yeah, they can.
Darknet Diaries
140: Revenge Bytes
Christine wanted all the victims to march into the courtroom during the sentencing hearing and voice themselves to let the judge know how much he hurt them. Because it's going to be up to the judge to decide the sentence, and this is their only chance to make their voices heard. Before the court case, when was the last time you saw him?
Darknet Diaries
140: Revenge Bytes
And so then when you see him in the court, because you walk in there, you see his face. Do you have like a feeling?
Darknet Diaries
140: Revenge Bytes
Was there any stupid questions the judge asked that you remember?
Darknet Diaries
140: Revenge Bytes
Dana was pretty active in his fraternity at the time, hanging out with the boys, bonding with them, developing lifelong relationships with some of them. But he fancied Christine the most. So Dana and Christine started dating in college. She'd even come by and hang out with the fraternity boys sometimes, too. She got to know some of them fairly well.
Darknet Diaries
140: Revenge Bytes
Victims gave their impact statement. It was fucking good. Christopher was realizing shit's not going well for him at all.
Darknet Diaries
140: Revenge Bytes
The judge said the range for sentencing is three to six years for cases like this. The defense attorney was arguing to give him the lower end of that. The prosecuting attorney was arguing to give him the higher end.
Darknet Diaries
140: Revenge Bytes
Because the victim impact statements took so long, they had to come back a second day just to hear the sentence. So the next day, they all come back into the courtroom. They sit down. They ask Christopher to stand up while the judge reads the sentence to him. And the judge sentenced him to 15 years in prison.
Darknet Diaries
140: Revenge Bytes
And of course, Dana would get to know Christine's twin sister, Madison, over time, too.
Darknet Diaries
140: Revenge Bytes
Now, even though the sentencing range was three to six years, it's at the discretion of the judge to assign the sentence. And he apparently was so moved by the victims that he basically tripled the high end of the range and gave him 15 years. Incredible. 15 years in prison for cyber harassment. That's quite a bit, actually, isn't that? Is that too much? Well, hold on.
Darknet Diaries
140: Revenge Bytes
He spent 10 years harassing Madison, making her life hell. That's a long time for someone to suffer. And that's just one person. Well, what an ending, huh? The victims won one, finally. But sorry, that's not the end. The defense attorney found a problem in the ruling, some procedural error in the case. I think it had something to do with the sentencing range.
Darknet Diaries
140: Revenge Bytes
They were saying the initial range was calculated incorrectly, which may have influenced the judge's decision on what to sentence him. This meant the case was reopened, and it meant a new judge had to come in and take a look at this case and issue a new sentence.
Darknet Diaries
140: Revenge Bytes
So just when they thought that they had this wrapped up and the healing process could begin, the sisters and other victims were sucked back into the case. Scabs were ripped off again. The pain and fear was felt all over again.
Darknet Diaries
140: Revenge Bytes
All the victims had to travel all the way back to court and relive their traumas by reading their victim impact statements again. More crying, more emotions. Hell, I'd even say this retrial is re-victimizing the victims.
Darknet Diaries
140: Revenge Bytes
Of course they were on edge waiting for a decision like this to be announced in the courtroom. So when it's spoken, it results in another emotional moment for the victims. More crying. Okay, so they won the criminal case against him again. But there was that civil lawsuit they had against him too, remember?
Darknet Diaries
140: Revenge Bytes
Well, when Christopher saw that he was likely going to lose that civil lawsuit, he filed for bankruptcy to avoid having to pay any fines or restitution that would be part of that suit. The sisters won that case, but since he had filed for bankruptcy, they didn't get any money, which really wasn't the point.
Darknet Diaries
140: Revenge Bytes
The point of that case was just to give them the ability to gather evidence and to figure out who was behind this. But still, all this actually came to a big financial cost to the sisters. There were expensive lawyer fees. They had to travel to court to give victim impact statements. There were costs associated to getting subpoenas and opening a civil suit. And that's just a legal cost.
Darknet Diaries
140: Revenge Bytes
How much time did they spend investigating this? Doesn't that add up to something? And, of course, how much pain and suffering was caused. This was traumatic. So they mentioned all this in the criminal case and told the judge during the sentencing, like, hey man, this has been draining to us emotionally, but also our money.
Darknet Diaries
140: Revenge Bytes
So when the judge sentenced him to 15 years, he also took all these costs into consideration.
Darknet Diaries
140: Revenge Bytes
Sexually explicit pictures of Madison were posted on the internet publicly for anyone to see.
Darknet Diaries
140: Revenge Bytes
A big thank you to Madison, Christine, and Dana for coming on the show and sharing this emotional rollercoaster of a story that's so inspirational. When nobody would help them, they became their own advocate and fought back. I love that. And they fought cleanly, too. That's the thing that gets me about this story. They didn't harass him back or do any of the things that he did to them.
Darknet Diaries
140: Revenge Bytes
Instead, they trudged through the legal system to get justice. Amazing. I mentioned earlier I did an episode about Kik. That's episode 93 if you want to listen to it. If you thought this episode was awful, that one is worse. Actually, just skip that episode altogether. This episode was created by me, the Faded Raider, Jack Re-Cider. Sound design by the resurrected suspect, Andrew Merriweather.
Darknet Diaries
140: Revenge Bytes
And this episode was assembled by this slinky drink, Tristan Ledger, mixing by Proximity Sound. And our theme music is by the mysterious Breakmaster Cylinder. My New Year's resolution is 4K.
Darknet Diaries
140: Revenge Bytes
So these photos were part of a photo shoot she did with a photographer in Florida. They weren't supposed to show any nudity. But as she was moving around the photo shoot, yeah, her nipple became partially visible for a few photos. But these photos should have only been seen between her and her photographer. Nobody should have seen this nip slip. How did this happen?
Darknet Diaries
140: Revenge Bytes
Okay, not only were her photos put up there, but the person who posted it was saying things like, help me find more nude photos of her and posted her name and information along with the photos.
Darknet Diaries
140: Revenge Bytes
Can you imagine waking up to a whole bunch of posts on different websites with your partially nude photos up there? With someone calling for people to target you and hurt you and get more nude photos of you? Sounds awful.
Darknet Diaries
140: Revenge Bytes
Cops can look for dates on Tinder. But the thing that he was doing was he was looking up his matches in this police database. Another cop was using the database to stalk some woman he was into. And another cop, Brian, he tried to see if he could use the tool to find nude photos of women on it. He used his access to gain a bunch of information on women.
Darknet Diaries
140: Revenge Bytes
And the way 4chan works is everyone on there is anonymous. So there's not many notes that you can take to try to figure out who this might be. It's an anonymous user. And now since the post had her social media profile listed, she was getting some weird messages and texts.
Darknet Diaries
140: Revenge Bytes
She was saving all the messages, though, and phone numbers and usernames that were messaging her in case any of this made sense later. And it wasn't just one time. Whoever had posted this was posting it relentlessly over and over and over again, week after week, continuing this campaign against her. She didn't like this. She didn't like having her nudes posted. She didn't like the harassment.
Darknet Diaries
140: Revenge Bytes
She wanted these messages to stop. But how do you get it to stop? I mean, I think because it's such an embarrassing situation, it's hard to ask for help from anyone. I mean, what are you going to do? Ask your dad to help you track down who stole photos of your partially exposed nipples? No, God. She had a boyfriend, though, and asked him for help. So he started looking into it.
Darknet Diaries
140: Revenge Bytes
And because she was so close to her twin sister, Christine, she eventually went to Christine in a panic.
Darknet Diaries
140: Revenge Bytes
They had to sit down and learn how these websites operate. And it's such a mess for these sisters to even be on 4chan studying this because that place is absolutely awful. The amount of gore and pornography that they must have seen probably scarred their eyes for life. It's an ugly place. It's the underbelly of the internet.
Darknet Diaries
140: Revenge Bytes
And they were there trying to find the moderators, wondering why posts disappear after a while. Like, where do they go? Can you message other users here? Can you ask the site to take down posts? What is this weird language people are using? Sauce? Wins? Sage? What other sites are scraping this site? Listening. Watching. Archiving. And how do you get those sites to take down photos?
Darknet Diaries
140: Revenge Bytes
And then he worked with a hacker to break into the women's accounts and find nude photos of them. Yeah, a cop was abusing his power to steal nude photos of women and then was trying to extort them with the images he found. He went to prison for that. But that story doesn't even matter if a cop did it.
Darknet Diaries
140: Revenge Bytes
And are there any legal implications to any of this? So while Christine was studying that, Madison and her boyfriend took a trip down south to the Florida Keys. Now, one thing the Florida Keys are known for are beautiful sunsets. And Madison was on the beach there watching a beautiful sunset. And she took her phone out and snapped a photo of it.
Darknet Diaries
140: Revenge Bytes
She posted it on Snapchat and almost immediately got a text message to her phone from a stranger.
Darknet Diaries
140: Revenge Bytes
Leave her alone. Don't bother people like this. Let people just enjoy their vacation without creeping all over them. This freaked out Madison. She was rattled by this. Who's watching her Snapchat that carefully? Wait a second. That's a great question. Who's watching her Snapchat?
Darknet Diaries
140: Revenge Bytes
Okay, good clue to grab because this really narrows down. This harassment was going on so long that she had locked down her socials to be private. Only the people she knew were allowed to see the photos that she was posting. So her harasser might be someone she knew?
Darknet Diaries
146: ANOM
So I was looking through WikiLeaks the other day, as one does, right? And I came across something that I found rather fascinating. There's a thing that the CIA developed called Weeping Angel. So if you have a Samsung smart TV, there's a really odd feature in it. It's called fake off. And when the TV is on, you can push mute 182, then power, and the TV appears to turn off, but it doesn't.
Darknet Diaries
146: ANOM
Okay, so... That's quite a leap. It takes me and Beat to just kind of be like, okay, that's how the new thing is going, right? It's a jump.
Darknet Diaries
146: ANOM
So a deal was made. The FBI and AFP, Australian Federal Police, got access to all the encrypted messages going across Anam. And this is where I start to have a million questions. Who the hell is this AFKU person? An undercover cop acting like a fellow criminal, but really working with the feds? What kind of criminal makes deals with the feds like this?
Darknet Diaries
146: ANOM
If this gets discovered, his whole business is ruined. Or is Afgu a brilliant business person, cashing in on both sides of the fence, making money off criminals and federal police at the same time? Maybe he's playing some 4D chess, trying to be a few moves ahead of everyone. There's a lot of unanswered questions here. But the AFP were the first to get access to this.
Darknet Diaries
146: ANOM
And they were looking through the logs and were like, there's nothing here. Because Anom was just a startup company and didn't have any users yet. With the product already and the infrastructure in place, it was time to start marketing the thing. The next plan was figure out how to get these Anom phones in the hands of criminals, specifically criminals.
Darknet Diaries
146: ANOM
And I guess now I'm starting to see why this phone was purpose-made for criminals. So the FBI and AFP could see what everyone was doing.
Darknet Diaries
146: ANOM
Early users were liking these phones. Word was getting out about them, and more orders were being made. Chat messages started to show up, and the AFP could see what was happening.
Darknet Diaries
146: ANOM
My phone number, address, family members, where I work, sexual orientation, club affiliations, income level, what kind of car I drive. It's just endless. And every now and then I Google myself and just get freaked out about the amount of data there is about me out there. This is why I use delete me. I registered there and told them what to look for about me.
Darknet Diaries
146: ANOM
Was AFP like actually arresting people or were they just watching, trying to figure out what to do at this point?
Darknet Diaries
146: ANOM
Yeah. Yeah, I found this tension while reading the book quite interesting of, oh my gosh, there's some crime going on here. We can see it happening. What do we do? Do we bust in? Because you have to have some sort of good reason how you knew that was happening. And if it was, well, we've got an access to your chats and your phone, then that's going to just ruin the whole company.
Darknet Diaries
146: ANOM
So they really have to be very careful. And I'm surprised there wasn't just some AFP officer like, oh, I'm not going to be careful. I'm going to go stop this drug deal and just not understand the intricacies of it.
Darknet Diaries
146: ANOM
I think everyone's aghast at the whole story. Yes, okay. Yeah, because here's a situation where the federal police are lying on the record about where they're getting their intelligence from. Are the citizens of that country okay with that? Here in the US, during court, you're asked to swear that you're telling the truth. The cops weren't telling the truth here.
Darknet Diaries
146: ANOM
Or I guess not yet telling the truth. We learn later how they did get this information, but the evidence in these earlier cases did not mention Anam. But additionally, they were working with this criminal, Afgu, to get these messages. And I call him a criminal because if someone makes an app exclusively for criminals to conduct crimes with, then historically that's criminal behavior.
Darknet Diaries
146: ANOM
They were able to discover what sites have data on me and took steps to get that information removed for me. That's my favorite part. It's like getting help in this war. Their scouts know exactly where to look and they'll tell me what they found about me. And if they can't remove it themselves, they'll give me recommendations on how to get it removed or mitigate it.
Darknet Diaries
146: ANOM
So who's AFKU? And when did the police start making business deals with criminals? Is there proper oversight here? Is this within best practices for the feds? Point to the policy that allows this. This just isn't sitting right with me. And you might say to me, Jack, the ends justify the means.
Darknet Diaries
146: ANOM
If all this results in a takedown of a lot of criminals, then it's okay for them to lie and do back alley deals with criminals. Really? What about Fast and the Furious? This was a real operation done by the ATF, Alcohol, Tobacco, and Firearms, where they set up weapons deals with criminals so they could track where these weapons are going and ultimately try to arrest a bunch of weapons sellers.
Darknet Diaries
146: ANOM
Yeah, well, it all went wrong. The ATF made weapons deals, but lost track of the guns that were sold. They didn't make significant arrests and basically armed the very criminals they were trying to find and arrest. This ultimately resulted in a Border Patrol agent getting killed and at the scene of the crime was one of the guns the ATF sold to criminals. The ends did not justify the means here.
Darknet Diaries
146: ANOM
The Fast and the Furious operation was a big mishap, and it showed how the ATF was operating without proper strategy or oversight or following policies put in place. What is the deal? Did the FBI take ownership of it? How did they? Was there a licensing?
Darknet Diaries
146: ANOM
Yeah, and it's fascinating, too, that AFGU was somehow able to control the company in a way that all the developers and suppliers and shippers and even the distributors had no idea that the FBI or AFP was involved, right? Or even that there was a man in the middle. I mean, what was the kind of the thoughts going on in the developers' head?
Darknet Diaries
146: ANOM
Did they know that they were building a man in the middle and encryption? Or what did they think?
Darknet Diaries
146: ANOM
Take control of your data and keep your private life private by signing up for Delete Me. Now at a special discount for Darknet Diaries listeners. Today, get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code DD20 at checkout. The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code DD20 at checkout.
Darknet Diaries
146: ANOM
Yeah, I found that part to be interesting. I didn't realize how common that was. So the other day I was looking to see if Google has any sort of end-to-end encryption in their chats. And I didn't think they did, but they're like, yeah, we do. I was like, well, shoot, sign me up. And it's like, well, what we have is for businesses, for enterprise.
Darknet Diaries
146: ANOM
And the way we have it set up is that the admin of the account can see all the messages that your users are sending encrypted. And I was like, what? Hold on a second. Why would you have a man in the middle of an encrypted thing? And then I read your book and I was like, oh, this is more common than I realized. For instance, I think you mentioned federal agencies.
Darknet Diaries
146: ANOM
have to be able to pull up any communications, emails, chats, messages, and stuff in case there's indictments or subpoenas, what was talked about federally or even state agencies, at least in the U.S. here. This stuff has to be archived. And if it's encrypted, you can't archive it in a proper way. So there is a reason to get in and take a look. I don't know. This kind of just surprised me.
Darknet Diaries
146: ANOM
Too many secrets. See tech astronomy. I mean, think about it. The criminals think they're the ones being the most secretive here. They've got these super private Anom phones, which you need a pin to unlock and then go through a dummy calculator app to punch in a secret code to get into the chat apps that are end-to-end encrypted, right?
Darknet Diaries
146: ANOM
Then they're doing things like disguising their voice and having disappearing messages and being super secretive about their crimes, trusting Anom with all their secrets. Then there's AFKU, who is secretly scooping up all these messages and lying to his developers of who these customers are.
Darknet Diaries
146: ANOM
And then there's the FBI and AFP who are secretly reading them all and secretly making business deals with AFKU.
Darknet Diaries
146: ANOM
I mean, did you know that the FBI was operating a tech startup, which was a phone purposely built for criminals to use to message each other? Secrets were kept from you in this story, too.
Darknet Diaries
146: ANOM
Well, criminals had no idea they were being played. So Anam phones just kept spreading. They ended up making their way to some criminals in Europe and things really started to heat up there.
Darknet Diaries
146: ANOM
That's joindeleteme.com slash darknetdiaries, code DD20. This episode is sponsored by Mint Mobile. With big wireless providers, what you see is what you get. Somewhere between the store and your first month's bill, the price you thought you were paying magically skyrockets. With Mint Mobile, you'll never have to worry about gotchas ever again.
Darknet Diaries
146: ANOM
Some crazy things started happening with Anam at this point. It takes more and more 90-degree turns. I'm not even going to get into what happened in Europe or South America or Turkey. I'll simply say that there were a few criminals that loved this Anam phone so much that they tried to purchase ownership of that company.
Darknet Diaries
146: ANOM
and eventually just started calling themselves the CEO of Anam, which when a major underground criminal is saying he's the CEO of Anam, it really legitimizes the phone for other criminals to want to buy it. So the Anam phones were starting to grow wings and take on a life of their own in Europe.
Darknet Diaries
146: ANOM
So I want to shift gears here to the FBI. So I've got a lot of questions about what the FBI is doing here. First of all, FBI handles internal threats to the United States. They're not the CIA, which is doing international investigations. So I don't even understand why the FBI would be looking at foreign messages in the first place.
Darknet Diaries
146: ANOM
There's just so many questions I have. At this point, not many phones were in the U.S., so the FBI couldn't really look at U.S. citizens' chats, even if they wanted. But the FBI was heavily involved with Anam. creating this startup, basically, funding it, creating the infrastructure, actively monitoring the messages. And it just makes me wonder, have they solved all the cases in the U.S. already?
Darknet Diaries
146: ANOM
When Mint Mobile says $15 a month when you purchase a three-month plan, they mean it. All plans come with high-speed data, unlimited talk and text, and you can use your own phone with any Mint Mobile plan and bring your phone number along with your existing contacts. To get this new customer offer with your new three-month premium wireless plan for just $15 a month, go to mintmobile.com.
Darknet Diaries
146: ANOM
Because to start a tech company and collecting and analyzing and reporting intelligence so that you could give it to other countries...
Darknet Diaries
146: ANOM
So whose idea was it to divert FBI resources to focus on stopping crimes in Sweden and Australia?
Darknet Diaries
146: ANOM
The FBI's fundamental mandate is to protect and defend the nation from threats. Defend. However, in this story they've gone on the offense in the name of defense. And this difference is worth noticing. I mean, imagine you're defending yourself in some legal battle and you're worried you might lose because of some surprise thing the opposition might bring up.
Darknet Diaries
146: ANOM
So to defend yourself better, you decide to break into the other lawyer's office and steal all their notes that they have on the case or hack into their phones and see their chat messages. All so you can better defend yourself? Well, this tactic would be unequivocally unethical. Yet the FBI's strategy here is to penetrate private chats in pursuit of criminal activity.
Darknet Diaries
146: ANOM
It's crossing that boundary from passive monitoring to active intrusion. And I think it's important to be aware when that boundary gets crossed because we never see them cross it since it's always done in the shadows.
Darknet Diaries
146: ANOM
If the FBI were to cross that boundary in the physical world, it would be akin to them secretly breaking into thousands of homes, rummaging through personal belongings because they're trying to detect crime. This wouldn't be acceptable. So why, then, should our digital lives be subject to a lower standard of privacy?
Darknet Diaries
146: ANOM
I guess the FBI uses all kinds of spy gear, though, to cross that threshold all the time, like wiretapping and planting bugs. They're always covertly reaching into someone's communication and taking it. But I think what's different about this story is the mass surveillance aspect to it. All messages for all users were being collected and stored.
Darknet Diaries
146: ANOM
That's mintmobile.com. Cut your wireless bill to $15 a month at mintmobile.com. $45 upfront payment required, equivalent to $15 a month. New customers on first three-month plan only. Speed slower above 40 gigabytes on unlimited plan. Additional taxes, fees, and restrictions apply. See Mint Mobile for details. Why don't you start by telling us your name and what do you do?
Darknet Diaries
146: ANOM
And maybe it wasn't stored in the FBI's database exactly, but the FBI was funding this company who was collecting it all. I remember when the Snowden revelations came out. The NSA and GCHQ were trying to collect massive amounts of data flowing over the internets, not targeting a specific person, just grabbing everything, which means a lot of non-criminals were getting their data analyzed.
Darknet Diaries
146: ANOM
And I wonder... Is that offensive as well? It's mass spying at least. And I, for one, don't approve of governments doing mass spying on their citizens. But this is a crazy ethical dilemma because what if the mass spying is just on the criminals?
Darknet Diaries
146: ANOM
People sometimes say to me when we're talking about government surveillance that they've got nothing to hide and they aren't worried about it. Well, what those people are really saying is that they're always going to comply with the government no matter what. They're never going to have dissenting views or protest.
Darknet Diaries
146: ANOM
And honestly, I've never met anyone who 100% agrees with the government no matter the leadership. It's important that we preserve our freedom to have opposing views without the government watching us. Because the thing is, if we're being watched, it changes our actions. I mean, gosh, in this story, the FBI themselves has stuff to hide. And they can't spy on people in the U.S.
Darknet Diaries
146: ANOM
without proper warrants and stuff. But they were circumventing this rule by providing intelligence to other countries and then those countries providing intelligence back to the FBI.
Darknet Diaries
146: ANOM
We're going to take a quick ad break, but stay with us because, well, clearly you can see there's a ticking time bomb going on at this point. Support for this show comes from Black Hills Information Security. This is a company that does penetration testing, incident response, and active monitoring to help keep businesses secure.
Darknet Diaries
146: ANOM
I know a few people who work over there, and I can vouch they do very good work. If you want to improve the security of your organization, give them a call. I'm sure they can help. But the founder of the company, John Strand, is a teacher, and he's made it a mission to make Black Hills Information Security world-class in security training.
Darknet Diaries
146: ANOM
Now, these smart TVs often have a microphone built in so you can give them voice commands. And when the TV is off, the mic isn't listening. But when the TV is in fake off, the mic is still active. So what the CIA did was they developed some kind of spyware for the Samsung smart TV where it would record the audio from the mic and store it on the TV.
Darknet Diaries
146: ANOM
You can learn things like penetration testing, securing the cloud, breaching the cloud, digital forensics, and so much more. But get this, the whole thing is pay what you can. Black Hills believes that great intro security classes do not need to be expensive, and they are trying to break down barriers to get more people into the security field.
Darknet Diaries
146: ANOM
And if you decide to pay over $195, you get six months access to the MetaCTF Cyber Range, which is great for practicing your skills and showing them off to potential employers. Head on over to blackhillsinfosec.com to learn more about what services they offer and find links to their webcasts to get some world-class training. That's BlackHillsInfosec.com. BlackHillsInfosec.com.
Darknet Diaries
146: ANOM
The Anarm phones were getting picked up by some criminals in Europe who were taking them to Dubai to try to sell them there.
Darknet Diaries
146: ANOM
See, it's not completely out of the question for your government to ban encryption, to force the people of the country to use certain apps so they can see into it. This, I think, is a huge violation of our privacy. Luckily, in the United States, we have the Fourth Amendment of the Constitution, which states—I'll read the whole thing for you—
Darknet Diaries
146: ANOM
The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures shall not be violated, and no warrants shall issue but upon probable cause supported by oath or affirmation, and particularly describing the place to be searched and the person or things to be seized.
Darknet Diaries
146: ANOM
The Fourth Amendment is needed to maintain a balance between national security interests and individual rights." It's a tool to make sure that the government actions are subject to oversight and grounded in legitimate need. If we eliminate that protection, it creates a really dangerous power dynamic and a slippery slope towards a government that could abuse its power with no accountability.
Darknet Diaries
146: ANOM
If the U.S. government did some kind of mass surveillance and was searching through all that data without a warrant, it seems to me it would be in direct violation of the U.S. Constitution. And yet here's a situation where the FBI was running a tech startup with the entire goal to be snooping on other users' chats, watching every message to see if there was criminal activity.
Darknet Diaries
146: ANOM
There's no targeted search here. No individual warrants were being made at this point. They were analyzing all the chat messages going through Anam. Is this in violation of the Fourth Amendment? I can make a case that it was. And the FBI had that in their head too. So they were trying hard not to peek into any Americans' messages.
Darknet Diaries
146: ANOM
The data was available in Anom's database, but they had to program their system to only show them foreign chats.
Darknet Diaries
146: ANOM
This tool that they were using, was it developed by Anom or developed by FBI?
Darknet Diaries
146: ANOM
It sounds pretty advanced to be able to have this graphical view of who's connected to who and then also use AI to search for... I mean, because a lot of the criminals are using code words for different drug names and all this kind of stuff, thinking they're outsparting the police. But they're able to find all that.
Darknet Diaries
146: ANOM
So you said, you know, we're looking for that threat to life. Or what was really what they were like, let's not let this slip through and really trying to focus on...
Darknet Diaries
146: ANOM
It's got to be really complex because when you just see two criminals talk to each other over messaging, they're going to easily say, I'm going to kill you, man. That doesn't necessarily mean he's going to kill them. But it's just one of these – this is the way our lingo is. And then the opposite is when you're saying, okay, listen, we really need to, you know, off this one person.
Darknet Diaries
146: ANOM
There's also like all kinds of, you know – coded messages in there. Just be like, all right, minus one, this guy. And they're like, minus one? What does minus one mean? Oh, it means kill him, right? So you have to decode this. That must be incredibly difficult.
Darknet Diaries
146: ANOM
Yeah. And it's also wild because typically what we're talking when we're looking at the or when I was reading the book, it seemed like this is criminal on criminal gang on gang activity. Right. And so trying to save the life of a criminal is sometimes a strange, you know, moral situation you're dealing with here.
Darknet Diaries
146: ANOM
Well, you've created quite a name for yourself over the years. I always see your name popping up in other books, like an article by Joseph Cox said this, or another story here is quoting you and different things. So just really well done on your journalism. What this latest project you're working on, Dark Wire. So I started reading this Dark Wire and I was just like, oh my God, this is amazing.
Darknet Diaries
146: ANOM
There's so many ethical and moral dilemmas here. I mean, just imagine the AI tool that's out there scouring messages, looking for threats to life. But the tool has to be trained to ignore it if it's an American.
Darknet Diaries
146: ANOM
What do these chats look like? Does the FBI go to Congress or what and say, like, hey, we've got this... Okay, sit down, because I've got some crazy story to tell you. We've got this mass surveillance tool that we somehow bought from some guy... We now have like view into like the whole criminal world here in the U.S. and or, you know, a large portion of it.
Darknet Diaries
146: ANOM
We would like to do a mass arrest because we can see this. And but we don't have the warrant. We need your help. Like, what is that? Do you have any understanding of what those conversations were like?
Darknet Diaries
146: ANOM
On top of that, they were like, well, don't even look at the US chats, right? Just look the other way because we don't have approval to even look at it.
Darknet Diaries
146: ANOM
Yeah, but like we've been talking, you know, it introduces so many ethical dilemmas within law enforcement of, well, do we need a wiretap for this and all this kind of stuff? What's allowed and what's not allowed? And they're just like, screw it. We're going to just get all the data and we'll figure out what's allowed later. It seems weird to go that direction.
Darknet Diaries
146: ANOM
Yeah, and I also just realized how if the FBI is running a tech company that is a communication platform, which is facilitating the murder and drug deal... Are they responsible for, well, we're the ones who made this communication possible. We're the ones who put the phone in your hand to make this even happen. Is there some responsibility there?
Darknet Diaries
146: ANOM
Gosh, and I think about AFKU again. He was making a phone for criminals, right? Like he was working with criminals, listening to their requests and adding in features like a remote wipe ability.
Darknet Diaries
146: ANOM
So because AFKU was making this for criminals, it meant he was a criminal. Clearly, right?
Darknet Diaries
146: ANOM
Yet it was the FBI who was the true owners of this company. So what does that make the FBI if they were making something purposely for criminals to use? The implications of this story just keep going and going. I'm telling you, I have like a million questions. I just love this book.
Darknet Diaries
146: ANOM
Okay, so this is an incredibly nuanced story, which is going to fill your head with a lot of questions. I know it did that to me. But let's first start with some context. I am not a criminal, but I make a lot of effort to be private and secure. And the first time I made an effort to have a privacy phone was after I read an article by Joseph
Darknet Diaries
146: ANOM
Shattered any confidence that criminals may have in the use of encrypted devices? I'm not sure this is a good take. Because what about me? Who just wants a hardened encrypted device for, you know, privacy and security?
Darknet Diaries
146: ANOM
He was using an iPod Touch and did all his phone calls over Wi-Fi. The main advantage here is that there's no SIM card in an iPod Touch. It basically has all the features of an iPhone, just no SIM card. So that means nobody can SIM swap you. But also SIM cards are notorious for beaconing out to cell towers and giving fairly accurate location data to cell phone providers.
Darknet Diaries
146: ANOM
This is why I love Joseph so much. He's sneaking into law enforcement conferences to get the story. We've skipped over so much of the book.
Darknet Diaries
146: ANOM
I purposely left out some of my favorite parts of the book just so you can enjoy it still. This story goes deeper and deeper and deeper. And so you should do yourself a favor and go read Dark Wire by Joseph Cox. A big thank you to Joseph Cox for sharing this story with us. You can find a link to his book, Dark Wire, in the show notes. Again, it's highly recommended.
Darknet Diaries
146: ANOM
This episode is created by me, the Bit Bumbler, Jack Recyder. Our editor is the Silicon Sorcerer, Tristan Ledger. Mixing is done by Proximity Sound, and our intro music is done by the mysterious Breakmaster Cylinder. One time, I went into a client's data center to do some work on their servers, and I found a computer that was so old, its IP address was one. It's just the number one.
Darknet Diaries
146: ANOM
And that's even if your phone is always using a VPN, because SIM cards communicate with cell towers using baseband technology, which operates completely outside of VPNs. So this iPod Touch was the main phone that Joseph was using to keep private.
Darknet Diaries
146: ANOM
When Apple stopped supporting the iPod Touch, I switched over to Graphene OS, which is a fork of Android. It's an open source project, but with a lot more privacy features added in. And unlike Android, they don't send everything I do back to Google.
Darknet Diaries
146: ANOM
My messaging app of choice is Signal, which I can also make phone calls with because Signal is end-to-end encrypted, which means the people at Signal can't see my messages. Only the receiver of who I'm chatting with can. And I do so much more to remain private online. So you can see, Joseph and I, we take our mobile privacy very seriously, and we want the best there is.
Darknet Diaries
146: ANOM
So I imagine a scenario is that a CIA agent would want to plant a listening device in someone's bedroom and goes in, but then sees, oh, they've got a Samsung smart TV, which is already a listening device. No need to leave behind a bug that might get discovered. Let's just live off the land, as they say.
Darknet Diaries
146: ANOM
And then one day, Joseph heard about this new privacy phone called Anom. Anom.
Darknet Diaries
146: ANOM
I think the features of Anom are amazing. I mean, it took Graphene OS, the phone operating system I already use, which is considered great already for privacy, and it made it even more locked down? What? ! And the features just kept going. Like, for instance, Anom had its own little end-to-end encryption chat app built in, but it was in a secret spot.
Darknet Diaries
146: ANOM
The thing is, there were all these dummy apps on the phone. Like, if you look at the phone, it has Tinder on there and Candy Crush. They look like normal apps, but they're just decoys. They didn't really work. And another app you'd see on the home screen was a calculator app, which worked just fine like a regular calculator, except...
Darknet Diaries
146: ANOM
If you were to open the calculator app and punch in a certain code, that's when it would open up the secret Anam chat messaging app. It was hidden beneath a few layers of obfuscation.
Darknet Diaries
146: ANOM
So the CIA agent uploads the spyware onto the TV and then puts the TV in fake off mode and leaves. And the TV sits there recording all the audio in the room, but appears to be off. And then the CIA agent can remotely connect back to the TV and get the audio files or come back into the room later and retrieve them off the TV.
Darknet Diaries
146: ANOM
For the criminal underground. Wait a minute. What? Like, all the features of this phone, they're all fine. None of them are illegal. But if you're specifically making a phone for criminals, knowingly and purposely helping criminals conduct their crimes... Now, suddenly, what AFGA was doing was illegal.
Darknet Diaries
146: ANOM
So I learned from the book that this is quite a lucrative underground criminal industry. Anam was not the only one here. And you got to read the book about what happened to all the other encrypted phone companies. Like each of the competitors have just as wild and crazy of a story of what was going on with Anam.
Darknet Diaries
146: ANOM
And Joseph does a great job of giving you a tour of this whole criminal encrypted phone industry. But it bugs me because, like I said, I'm not a criminal, but I love having a highly secure phone with the best privacy you can get. So it's a weird line for me that this is even a criminal industry.
Darknet Diaries
146: ANOM
It's kind of like if someone started a hammer company selling hammers, but it was just selling hammers to criminals to kill people with. And it had like features on it, like non-slip handle for when blood gets on it or blunt side for smashing skulls and fork side for stabbing through stomachs. And really, it's just a hammer that's no different than any other hammer.
Darknet Diaries
146: ANOM
But it has the sole intention of being for criminals to cause pain and injury. And the company works exclusively with criminals to find ways to improve it. Like, why? Why not just make a great hammer that the whole world can use? Why make these secure phones for criminals? Privacy and security is important to the whole world, not just criminals.
Darknet Diaries
146: ANOM
Anyway, so Anom was this really sleek, super private phone that you could buy and have ultra-secure chats with others. And it was purpose-made for criminals.
Darknet Diaries
146: ANOM
It's wild what spy gear is developed by the federal authorities, isn't it? These are true stories from the dark side of the Internet. I'm Jack Recider. This is Darknet Diaries. Support for this episode comes from Delete Me. Feels like a war out there. Companies all over trying to scrape and store all kinds of personal data about me.
Darknet Diaries
146: ANOM
So while it's true it was end-to-end encrypted, it was also end-to-end encrypted directly to Anom's servers, right?
Darknet Diaries
146: ANOM
So this story just took a 90-degree turn. The phone was not actually as private as it was advertising itself to be. But hold on tight, because we're taking another 90-degree turn right now. You've got to ask yourself, why was Anam wanting copies of every message? No, I don't think Anam or Afgu cared about looking at people's chats.
Darknet Diaries
146: ANOM
However, Afgu knew the value of these messages and decided to make a very odd deal to let someone see those chats. And I'm not sure how all the logic went down here. We really don't know how this deal was made.
Darknet Diaries
146: ANOM
But my best guess is, since Afgu wasn't a stranger to being a criminal himself, and he may have thought this whole encrypted phone business is actually illegal and could go very wrong for him at some point, and he needed a plan, I really don't know.
Darknet Diaries
146: ANOM
I mean, I want to think he was a brilliant business person that just played everyone perfectly, but AFKU's lawyer advised him to make a deal with the FBI and let them see the encrypted chats. This way, the FBI would appreciate Afgu and not try to arrest him.
Darknet Diaries
132: Sam the Vendor
Hey, hi, I'm Jack, and I'm back. I took a three-month break. I really needed it, but it's springtime now. So yeah, it's time to come out of hibernation and get back to work. So let's do this. Oh, and from now on, you can expect new episodes of the show to come out on the first Tuesday of every month. In this episode, we get into a story about darknet marketplaces.
Darknet Diaries
132: Sam the Vendor
Their automated solutions, which is built on over 350 billion recaptured assets from the criminal underground, ensure you're not in the dark when it comes to your company's exposure to cybercrime. To get your full Darknet exposure report, visit spycloud.com slash darknetdiaries. That's spycloud.com slash darknetdiaries. This episode is sponsored by Delete Me.
Darknet Diaries
132: Sam the Vendor
Yeah. How'd it go on Hansa? How was your first dip into the vendor pool?
Darknet Diaries
132: Sam the Vendor
His big idea was that he really wanted to be the manufacturer and seller. His theory was that this is how you can maximize your profits.
Darknet Diaries
132: Sam the Vendor
Now, Sam was trying to be business savvy too, trying to find ways to cut costs, like shipping supplies can easily start adding up.
Darknet Diaries
132: Sam the Vendor
He also made a lot of very careful steps just to get onto the handset darknet market. Like when you get on social media, chances are you just turn on your phone or your computer and you're already logged into the site just like where you were before. But you don't want to do that with darknet marketplaces.
Darknet Diaries
132: Sam the Vendor
Because suppose you get caught by the cops, and they take your computer and open it, and they can just see that you're logged in as a vendor on the site. And that's some smoking evidence that they'd have on you. So Sam would try to hide his tracks so that it looked like he was never even on a darknet marketplace to begin with.
Darknet Diaries
132: Sam the Vendor
For one, he would never use his home internet connection to do illegal things online. He lived up on a hill, and so he pointed his antenna down the hill towards the neighbor's house and was able to figure out a way to get onto their network.
Darknet Diaries
132: Sam the Vendor
And he used the Tails Linux operating system, which has some extra security features, but the thing about the Tails operating system is that it gets completely wiped every time you reboot or shut down, and has no memory of what you've done before.
Darknet Diaries
132: Sam the Vendor
Which means every morning when Sam needed to log in and check his orders, he would have to reload Tails and re-enter his PGP key and his Bitcoin key and do all that in order to authenticate and do business on the site. But here's another problem. Having possession of those two private keys would prove to the feds that he's the vendor on the site. So he needed to protect those keys very well.
Darknet Diaries
132: Sam the Vendor
Also, because he lived up on a hill, he could watch and see if anyone was coming for quite a ways away.
Darknet Diaries
132: Sam the Vendor
In episode 133, I spoke to Connor Tumbleson about some people from who knows where who were stealing his identity. Luckily, they weren't out to destroy his reputation or extort him, but think of the damage that could be done. We all have data out there, which data brokers use to make profit. Anyone on the web can buy your private details to do anything they want.
Darknet Diaries
132: Sam the Vendor
Dang, things get really intense when you're a darknet market vendor. Friends aren't allowed to bring cell phones to your house. And you have to always have a plan in the back of your mind on how to burn the USB stick that you're always carrying with you all the time.
Darknet Diaries
132: Sam the Vendor
We're going to take a quick commercial break, but stay with us because despite all this planning and safety precautions, something goes seriously wrong. This episode is sponsored by Mint Mobile. With big wireless providers, what you see is never what you get. Somewhere between the store and your first month's bill, the price you thought you were paying magically skyrockets.
Darknet Diaries
132: Sam the Vendor
With Mint Mobile, you'll never have to worry about gotchas ever again. When Mint Mobile says it's $15 a month when you purchase a three-month plan, they mean it. I've been using Mint Mobile for a year now and it's been great. I get great coverage and the pricing is nice and simple. A few times I've needed customer support and I was very pleased how easy it was to work with them.
Darknet Diaries
132: Sam the Vendor
They were nice and fixed my problems without any issues. Are you interested? Making the switch couldn't be easier. Use your own phone with any MetMobile plan and bring your own phone number along with your contacts. To get this new customer offer and your new three-month premium wireless plan for just $15 a month, go to mintmobile.com. That's mintmobile.com.
Darknet Diaries
132: Sam the Vendor
Cut your wireless bill to $15 a month at mintmobile.com. $45 upfront payment required, equivalent to $15 a month. New customers on first three-month plan only. Speed slower above 40 gigabytes on unlimited plan. Additional taxes, fees, and restrictions apply. See Mint Mobile for details. What about which carrier to use?
Darknet Diaries
132: Sam the Vendor
Okay, so for the government to open your package, they need reasonable suspicion and probable cause. Hmm, so what's that? What does the government think a suspicious package looks like? Well, this is obviously something Sam wanted to know.
Darknet Diaries
132: Sam the Vendor
This can lead to identity theft, phishing attempts, harassment, and unwanted spam calls. But there's a solution called Delete Me. I tried it and they immediately got busy scouring the internet for my name and gave me reports on what they found. And they got busy deleting these things. It was great to have someone on my team when it comes to privacy.
Darknet Diaries
132: Sam the Vendor
Now, when you have all these packages that you need to ship out, it becomes a big task. You can't just hand them all to the mail carrier who's coming to your house. You need to somehow anonymously send them without a way for them to be traced back to you. So like a public mailbox on the street corner might be good.
Darknet Diaries
132: Sam the Vendor
You could just put the stamps on it and put it in there, but that's kind of hard to do when you've got a bottle of moonshine that you're trying to ship. But the thing is, you just don't want to put all your letters in one mailbox either, or make one mailbox the one that you always use.
Darknet Diaries
132: Sam the Vendor
And Sam was already really busy making moonshine, growing cannabis, and packaging everything up and dealing with the orders.
Darknet Diaries
132: Sam the Vendor
Okay, so I want to pause here and just do a little fact check. It's true that printers typically put some dots on every page they print. These are almost invisible, and these dots mainly go unnoticed by most people. And this is presumably to track the paper back to which printer printed it. But it's not exactly certain what information is encoded in those little dots.
Darknet Diaries
132: Sam the Vendor
I don't think your IP address shows up in it, but it's more like a little signature of which printer it came from. And I think this is to help law enforcement trace counterfeit money to see if it came from the same origin. So while it's probably smart to not use a printer that does this, I'm not sure how effective this step was to actually hide his tracks.
Darknet Diaries
132: Sam the Vendor
Take control of your data and keep your private life private by signing up for Delete Me. Now at a special discount for my listeners, you can get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code DD20 at checkout. The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code DD20 at checkout.
Darknet Diaries
132: Sam the Vendor
That's joindeleteme.com slash darknetdiaries code DD20. So let's start out with your name. So what do you want to be known as on here as well? Because you may want a moniker or something.
Darknet Diaries
132: Sam the Vendor
Now, this is when he'd hand over the packages to his cousin, and he told her to ship these out. But there were certain rules that he told her to follow.
Darknet Diaries
132: Sam the Vendor
That means listener discretion is advised. We're certainly going to get into drugs this episode, and who knows what else. So let's just say this one is rated R, and this is your warning. These are true stories from the dark side of the internet. I'm Jack Recider. This is Darknet Diaries. Darknet Diaries This episode is brought to you by SpyCloud. For some people, ignorance is bliss.
Darknet Diaries
132: Sam the Vendor
It's always fascinating to me to see what moral lines people draw in the sand and don't cross. You'd think being a criminal just means fuck the rules, be all punk about it. But you just heard Sam talk about a lot of the rules that he follows to stay safe and secure. But adding rules just for moral reasons is interesting to me.
Darknet Diaries
132: Sam the Vendor
One was that Sam would only use registered level three sex offenders as his return addresses because he thought it would be wrong to put a good citizen down as a return address. Another was that while Sam sold a lot of different drugs, there were some that he wouldn't sell, the ones that took your soul away from you. And he also didn't want to sell to kids, but he had no way of checking that.
Darknet Diaries
132: Sam the Vendor
And that's the thing. Doing this as your job, you really do need a moral code because the stuff you see on these sites gets dark fast. And some things that are for sale will really make you question where you stand on a lot of stuff. Like, should there even be a market where you can buy and sell anything? Stolen items, counterfeits, forbidden items, poisons, weapons, and of course drugs?
Darknet Diaries
132: Sam the Vendor
Okay. Well, maybe that gave the story away a little bit. Whatever. Now you know. Sam spent some time in federal prison. And honestly, sometimes when I talk with criminals on this show, I get a little nervous and have to lay down some boundaries.
Darknet Diaries
132: Sam the Vendor
This is a libertarian way of looking at the world. Libertarians want to maximize autonomy and minimize the government's involvement in your life. Ross Ulbricht, the creator of the first big darknet marketplace, Silk Road, was a libertarian too. He had to be in order to run a marketplace like Silk Road.
Darknet Diaries
132: Sam the Vendor
He thought people should be allowed to make their own choices of what drugs they can buy, even if they're illegal drugs. But then weapons started showing up on Silk Road. And it really made Ross take a long, hard look into his soul to figure out what rules should be around weapons. And he ultimately decided that it's going to be prohibited to sell anything whose purpose was to harm or defraud.
Darknet Diaries
132: Sam the Vendor
So Silk Road didn't allow weapons or child sexual abuse material or even stolen credit cards on the site. And again, I find it very fascinating what criminals won't touch due to ethical reasons. I could never run or operate or even admin a darknet marketplace. I'd get stressed out, turn old and die in like one week.
Darknet Diaries
132: Sam the Vendor
Just this week in my town, there was a warning poster I saw stuck in a bathroom of a coffee shop downtown. And it said, look out, there's a bad batch going around. Make sure to carry Narcan and test your drugs. It's talking about fentanyl. And just this week, I saw in my town, there were two fentanyl-related deaths. One guy found dead in a bathroom and the other overdosed in a jail cell.
Darknet Diaries
132: Sam the Vendor
See, fentanyl is an opioid, a painkiller, but it's 50 times more potent than morphine. And it's just incredibly powerful. But because it's so potent, people can easily take too much and die, which is a problem on its own. But what's scary to me is people don't always know they're taking it. One darknet market vendor was simply selling Xanax and oxycodone.
Darknet Diaries
132: Sam the Vendor
Now people buying this stuff think that's what they're getting, but no, this seller was lacing the Xanax and oxycodone with fentanyl.
Darknet Diaries
132: Sam the Vendor
So if some dad who just had tennis elbow or something needed some heavy duty painkillers, he could wait a month for a doctor visit and then get a prescription and then go to the pharmacy and get it, or he could just order it on a darknet marketplace and have it in four days. But that's dangerous because he could get one laced with fentanyl and run a huge risk of overdosing on it.
Darknet Diaries
132: Sam the Vendor
I'm assuming your criminal spree is over, but I do not want to know about any future things you may be cooking up that may be illegal because it puts me in an awkward spot. Definitely not.
Darknet Diaries
132: Sam the Vendor
And we hear stories of people dying from fentanyl all the time. And this is why it's important to test the drugs you get. There are fentanyl strips that you can get where you can test to see if the drug you bought has fentanyl in it. And this is why I could never be a Darknet market admin.
Darknet Diaries
132: Sam the Vendor
If I knew there were people lacing deadly things into drugs that shouldn't be there and killing people, I'd feel obligated to figure out who the hell that person was that sold it. And that guy who was selling that laced oxycodone got arrested and was put in prison for 20 years. And he is very likely responsible for a few deaths.
Darknet Diaries
132: Sam the Vendor
So some vendors on these Darknet marketplaces really don't give a fuck. Despite all the illegal stuff that Sam was doing, It's good to see that he wasn't misleading his customers or lacing them with deadly ingredients. And he had rules that he was following.
Darknet Diaries
132: Sam the Vendor
Okay, so one thing that you should be clear about from the beginning if you're going to be a darknet market vendor is you need a goal. Because things can get crazy deep down in the darknet. And if you're not clear of what you're doing down there, you could get swept up in the undertow.
Darknet Diaries
132: Sam the Vendor
I learned about Sam because he gave a talk at DEF CON last year. And in his talk, he had a clear warning for others. Don't drink and type.
Darknet Diaries
132: Sam the Vendor
Yeah, that was it. So washing money is what I want to know. What did you do to cash out?
Darknet Diaries
132: Sam the Vendor
His theory was that if this person got caught, they wouldn't snitch on him because he was giving them good deals. Besides using this method to turn his cryptocurrency into cash, he also would exchange his Bitcoin for Monero, which is more private than Bitcoin and harder to track, and then he'd cash out his Monero.
Darknet Diaries
132: Sam the Vendor
Okay, so at this point, he's posted a lot to forums and is a buyer and is a seller on some markets, and he's becoming well-known and even starts working for one of the darknet markets. Specifically, he was doing...
Darknet Diaries
132: Sam the Vendor
On top of doing that, because he was so involved with the community, one darknet marketplace asked if he wanted to do PR for them. And he took that job. It was a small job, didn't pay much, but since he was already very active in the forums and stuff, he could just keep an eye on any negative posts about his marketplace, and he would try to make that seem more positive.
Darknet Diaries
132: Sam the Vendor
Now, at this point, one of the more popular forums to talk about darknet markets was actually Reddit. The subreddit r slash darknet markets had 180,000 members. And this is where Sam would hang out and see what chatter was going on about darknet markets.
Darknet Diaries
132: Sam the Vendor
One day someone made a post about the market Sam was doing PR for, and the person posting it was going by the name Hugbunter, a play on the words bug hunter. Hugbunter found an exposed config file on the Darknet market site.
Darknet Diaries
132: Sam the Vendor
Okay, so when Sam was in his 20s, he was living in Vermont and was getting good at computers. And he had a job fixing computers for a while. And then he started a little business doing computer repair for other people. Now, as Sam got more into technology, of course, he noticed and heard things like Silk Road and Darknet Marketplaces and Tor and Bitcoin.
Darknet Diaries
132: Sam the Vendor
So that's how Sam got to know Hugbunter, by trying to gaslight him over chat messages. Well, over time, Sam got to know Hugbunter more. And yeah, the conversation continued into other things. One thing they talked a bunch about was Reddit. Yeah, just Reddit itself. Because some users were getting banned from Reddit, trying to sell things right on Reddit instead of a darknet marketplace.
Darknet Diaries
132: Sam the Vendor
And it became a big thing to talk about. Like, how much is Reddit going to allow on their site? I mean, we're talking about illegal buying and selling of stuff here.
Darknet Diaries
132: Sam the Vendor
So the idea was born. Take the dark net market subreddit and make it sort of a dedicated Reddit-like site on the dark net. Hugbunter got to work building it.
Darknet Diaries
132: Sam the Vendor
The site that Hugbunter created was called Dread. They didn't allow users to buy or sell anything, but just let's talk about darknet markets. And they advertised this new site on Reddit to let people know that, hey, there's a fallback place to go if Reddit goes down. And sure enough, that prediction came true.
Darknet Diaries
132: Sam the Vendor
In 2018, Reddit posted some new rules to their site saying that they're not going to allow users to exchange certain items. And the items forbidden to be exchanged on Reddit were firearms, drugs, sex, stolen goods, personal information, fake IDs, and counterfeit money.
Darknet Diaries
132: Sam the Vendor
Apparently, Reddit had noticed a lot of people were buying and selling these things on their site and took a big move to ban communities who were involved in this. And this resulted in Reddit shutting down the whole r slash darknet markets forum. And this suddenly made the Dread forum explode with new users and went on to be one of the biggest forums on the darknet.
Darknet Diaries
132: Sam the Vendor
And Sam had a front row seat to it all as the first admin to Dread.
Darknet Diaries
132: Sam the Vendor
Because when you're a tech enthusiast, you go and you check these things out.
Darknet Diaries
132: Sam the Vendor
The police were apparently unprepared to make any sort of arrests at that point. So they left, created an indictment, and then they set a date for his arraignment.
Darknet Diaries
132: Sam the Vendor
Like, you know, they obviously didn't like that. So Sam and his cousin were able to go back home while the case was being built. And they set a date for when he was supposed to show up in court. At this point, Sam had moved out and was living in a small apartment. Now, at some point during his time as a darknet market vendor, his cousin introduced him to a lady.
Darknet Diaries
132: Sam the Vendor
Silk Road was a website on the dark net that let you buy and sell drugs, among other things, illegal drugs. And the whole thing was anonymized, so it protects buyers and sellers. That way the police would have a hard time finding who the users were. An interesting use of technology. But Sam didn't really care about Silk Road at all.
Darknet Diaries
132: Sam the Vendor
Sam and her chatted a lot, online and over the phone, but never in person or even using video calls. They became really close and good friends, flirtatious at times even.
Darknet Diaries
132: Sam the Vendor
He was not interested in buying drugs from it or selling drugs on it. So Sam was in his 20s and had a girlfriend for 10 years that he was living with.
Darknet Diaries
132: Sam the Vendor
They moved in together and waited for his court date. Now, of course, Sam is super curious how they caught him. He took so many precautions. Where did he go wrong? So he looked through his discovery, which is the evidence that the feds had on him. And there were three words that he saw on there. Operation Dark Gold.
Darknet Diaries
132: Sam the Vendor
Nice, a new way to turn your Bitcoin into cash. Just give it to someone and they'll send you the cash in the mail. This bypasses the crypto exchanges who like to collect a lot of your personal information. This went on well for Sam and Gold for a while, but then something happened where Gold got arrested. And the feds asked him the same thing they asked Sam.
Darknet Diaries
132: Sam the Vendor
Hey, you know a lot about this community. Would you like to work for us or go to jail? Gold agreed to work with the feds, which became Operation Dark Gold. So that's when Sam sent him some Bitcoin and he sent Sam some cash. But this didn't make any sense to Sam. No, this wasn't right. What law did he break here? It's legal to send your buddy Bitcoin and they give you cash for it.
Darknet Diaries
132: Sam the Vendor
There is nothing wrong with that. So he told the feds, there's no crime to exchange Bitcoin for cash.
Darknet Diaries
132: Sam the Vendor
So this still wasn't adding up for Sam. Were the feds just making up crimes to get a search warrant? Because if they did get a search warrant under false reasons, then perhaps this case can be thrown out. So Sam kept seeking answers.
Darknet Diaries
132: Sam the Vendor
So to kind of prove that, Hansa went down. Your stuff is all over that database. That was taken over by the feds. They did a massive arrest through that. Hundreds of people in the U.S. Hansa was European. Operation Bayonet, yeah. They did hundreds of arrests in the U.S. for dealers. mostly vendors. Yep. You weren't one of them. So that kind of proves that you were, OPSEC was tight.
Darknet Diaries
132: Sam the Vendor
What I understand a proffer agreement to be is where you admit to what you've done to get a reduced sentence. With his cousin, the information she provided in the proffer was enough to make it so she didn't get any prison time at all. It was good for her, but bad for Sam. And Sam was upset because he told her to admit to nothing and he'd take full blame for it.
Darknet Diaries
132: Sam the Vendor
And I don't know what made her deviate from the plan. Perhaps she just wanted to get rid of a guilty conscience. Sam's big plan was if the cops raid the house and take everything, And even if he admitted to everything, he was going to prove to the judge that the cops broke the law to get evidence on him, which would make his case invalid.
Darknet Diaries
132: Sam the Vendor
And he thought this would work because Operation Dark Gold wasn't enough evidence and the post office opened a package without a warrant. And that was a big deal. If he could prove they broke the law, then he thought it would mean that they would have to throw out all this evidence on him and let him go. But this plan backfired. his cousin told all, giving the prosecutors more evidence.
Darknet Diaries
132: Sam the Vendor
So, he's faced with a new decision. Either get a franks hearing to prove that the police broke the law to bust him, which may or may not go his way, and even if it did go his way, he'd still have a conspiracy charge that could get him 20 to 30 years in prison. Or, simply admit to being guilty, take a plea deal, and get a maximum of nine years in prison. Suddenly,
Darknet Diaries
132: Sam the Vendor
The Franks' hearing seemed like more of a gamble, and the nine years seemed like the better option. So he took the plea deal and admitted he was guilty. Somewhere around this time, his girlfriend and him got married, and they were living together, waiting for the big sentencing hearing. The sentencing day came, and the judge sentenced him to 60 months in prison, which is five years.
Darknet Diaries
132: Sam the Vendor
And during his time in prison, his wife would visit him frequently, giving him hope and encouragement to stay positive. Sam was due to be released from prison in 2024, but he educated himself in the law library in prison and applied for compassionate release, which he was granted and let out after only serving 18 months in prison instead of the five years he was supposed to serve.
Darknet Diaries
132: Sam the Vendor
And when he got out, his wife was right there waiting for him, happy he was out of prison. And after he got out of prison, he wanted to help others fight the law and went back to school and graduated and became a paralegal, which is what he's doing now. He even wrote a book about how to write a compelling, compassionate release motion.
Darknet Diaries
132: Sam the Vendor
And he's also making YouTube videos and blog posts and giving talks about his story. A big thank you to Sam Bent, a.k.a. Doing Fed Time, a.k.a. Kill a Bee, a.k.a. Two Happy Times. You can learn more about him by visiting the website doingfedtime.com or search for Doing Fed Time on YouTube. I'm going to be releasing new episodes of the show every month from that one, so I'll see you next month.
Darknet Diaries
132: Sam the Vendor
This show is made by me, the cowboy coder, Jack Reisider. Editing helped this episode by Tristan Ledger. Mixing done by Proximity Sound. And our theme music is done by the rollerblading Breakmaster Cylinder. Why did the capacitor kiss the diode? He couldn't resist her. This is Darknet Diaries.
Darknet Diaries
132: Sam the Vendor
Okay, so we've all been in this situation, right? Where life throws us a curve ball and suddenly we need money, maybe not 200 grand, but still I can relate to being in a bad spot where money can fix a lot of my problems, but I have no idea how I'm gonna get it. Not only does he need money, but breakups are hard to go through, especially after being with someone for 10 years.
Darknet Diaries
132: Sam the Vendor
And sometimes when we break up with someone, we have a tendency to go back to our old ways. So what were Sam's old ways?
Darknet Diaries
132: Sam the Vendor
Jeez, dude, I don't know the full story of what happened here, partially because Sam never told the police everything either. Like, what I do know is that he was 17 at the time, and there were two other guys who were also part of this. Everyone ran, and Sam was the only one who got caught. Anyway, this landed Sam in jail for a while.
Darknet Diaries
132: Sam the Vendor
And while he was there, he was sent to the SHU a few times, solitary confinement, one for possessing a lighter because he's a smoker and one for making a knife to defend himself in case another inmate attacked him. In this period of his life, he was a drug user. And when he got out of jail, he even got charges for possessing marijuana.
Darknet Diaries
132: Sam the Vendor
And he got into some more serious drugs and moved out of Massachusetts to Rhode Island. I had been in Rhode Island for a while.
Darknet Diaries
132: Sam the Vendor
So Sam's old ways was a lot of drug-related stuff and even running from the law. Sam has learned a lot since then, specifically that there are now online drug marketplaces. Old Sam was about to catch up with new Sam. Silk Road, the leading darknet market, was raided and shut down by the feds in 2013. But this didn't make darknet marketplaces go away.
Darknet Diaries
132: Sam the Vendor
No, Silk Road was replaced with like four other markets, and people just flocked to those. And when Sam was going through this breakup in 2017, a popular market at the time was Hansa. And Sam was particularly fascinated by this site. So he spent long nights reading through many listings and posts on there, trying to learn as much as he could about darknet marketplaces.
Darknet Diaries
132: Sam the Vendor
But for you, as a security practitioner, that's not the case. I went to spycloud.com to check into my darknet exposure, and I won't tell you what it is, but spoiler alert, I found some things that are pretty eye-opening. From breach exposures to info stealing malware infections, knowing what criminals know about you and your business is the first step to setting things right.
Darknet Diaries
132: Sam the Vendor
Resetting stolen passwords and addressing the enterprise access points that have been stolen by malware helps you protect your business from ransomware, account takeovers, and online fraud. With SpyCloud, you have a trusted partner to fight the good fight with.
Darknet Diaries
132: Sam the Vendor
But I thought that was really cool. Hansa required something like $200 be paid if you wanted to create a vendor account. And now that he had this, Sam was all set to start a new chapter in his life as a darknet market vendor. He didn't jump right into it, though. He was very cautious about everything.
Darknet Diaries
132: Sam the Vendor
For one, he knew a lot about OPSEC, or how to remain private online, from his knowledge of cybersecurity and computers. But then, having spent months reading thousands of posts on Hansa, really helped him get embedded into the darknet market culture. And this is a tough culture to pierce. There's little trust in some areas, and a lot of trust in others.
Darknet Diaries
132: Sam the Vendor
which makes it feel like you're part of a criminal family at times. He had made friends and connections and started a reputation without even buying or selling a single item. And he made some observations during that time. Number one, nobody uses their real name on the dark net. In fact, everyone is trying hard to hide from their real identity.
Darknet Diaries
132: Sam the Vendor
Number two, you can assume everyone is a criminal or a federal agent. And three, the feds are actively looking to take down the criminals, and he would pay attention to all those methods on how the feds were catching people. So other people's missteps became his rules to live by. Do you remember what you sold at first?
Darknet Diaries
149: Mini-Stories: Vol 3
Some really incredible scam artists out there, and I mean top tier ones, and those ones really intrigue me. One of my favorites is a guy named Victor Lustig. Well, that's not his real name, but that's the name he was famous for. This guy was going around scamming people in the early 1900s.
Darknet Diaries
149: Mini-Stories: Vol 3
And one of these companies was eager to take the deal and ended up paying Victor a large sum of money. And yeah, as soon as Victor got the cash, he immediately fled the country and left France. He sold the Eiffel Tower. But he kept a close eye on the news back in France to see how much trouble he'd be in. But the news never reported this.
Darknet Diaries
149: Mini-Stories: Vol 3
Yeah. Let's highlight, there was a lot of deaths there. There was. Thankfully, because you were seeing that around, weren't you?
Darknet Diaries
149: Mini-Stories: Vol 3
Yeah, and now they're saying, oh, does that mean there's a confirmed casualty? And now you've got to answer these questions.
Darknet Diaries
149: Mini-Stories: Vol 3
IEDs are super scary. You're just driving along, listening to tunes, telling jokes to the other soldiers, and then out of nowhere, boom, your truck runs over a mine and blows up your vehicle. It often kills people, and it's certainly enough to freak anyone out. And while this IED didn't kill anyone, one guy was really messed up from this.
Darknet Diaries
149: Mini-Stories: Vol 3
I guess the guy he scammed was too embarrassed to report it to the police. So Victor thought, this was such a great scam, why not do it again? So he goes back to Paris to try it again. I mean, why let all that fancy stationery go to waste, you know? So he called five new companies in to pitch them, too. But one of them saw right through the scam and called the cops.
Darknet Diaries
149: Mini-Stories: Vol 3
Evil Mog starts talking with people, trying to figure out what more he can do. And that's when he found out this soldier was about to be a dad. His kid was due to be born any day back in Toronto. And this gave Evil Mog an idea.
Darknet Diaries
149: Mini-Stories: Vol 3
He learned that the wife was already checked into the hospital and was starting to give birth right now. So he's calling Toronto to try to figure out how to contact the wife at the hospital.
Darknet Diaries
149: Mini-Stories: Vol 3
So you're saying, all right, here's the equipment I have, here's what you have, let's make a final common denominator. I think we can connect these two things.
Darknet Diaries
149: Mini-Stories: Vol 3
So tell me about the tech side. So did he put like a computer on a cart and then wheel the cart into the room?
Darknet Diaries
149: Mini-Stories: Vol 3
Which is meant for like doctors and nurses. It's not meant for patients.
Darknet Diaries
149: Mini-Stories: Vol 3
Victor saw the cops were coming for him, and he narrowly escaped, this time fleeing all the way to the United States. amazingly, when he got to the United States, he scammed Al Capone and later tried to make counterfeit money, which is how he got arrested, by making fake money. But funnily enough, when he was arrested, he was put in the same prison as Al Capone. What a wild guy Victor Lustag was.
Darknet Diaries
149: Mini-Stories: Vol 3
Yeah, I mean, it's also very possible that you saved his life. I could have. Because coming out of PTSD or getting affected that badly by it, you can easily end your own life.
Darknet Diaries
149: Mini-Stories: Vol 3
To me, this right here is the quintessential Darknet Diaries story because of where I found it. I went to DEFCON, and I was invited to the Microsoft party, and I sat down at a table to chat with people, and that's where I met Evilmog. And he was there telling us the story, and I was so captivated by it that it made me cry.
Darknet Diaries
149: Mini-Stories: Vol 3
And my goodness, to be at some DEFCON party and to hear a story so moving that it makes me cry, that's one reason I started this show. I imagined in my head while I was listening to Eva Long tell me that story that I saw you across the room and I was like, psst, over here, you gotta hear this story.
Darknet Diaries
149: Mini-Stories: Vol 3
And I brought you in to eavesdrop on these inner circles to hear the untold stories that are only shared in intimate and private spaces that are all over the hacker culture but are hard to find. I love these chance encounters. It's like finding a hidden path in a familiar landscape. I hope stories like this fill you with the same great feeling I get when I hear them in person.
Darknet Diaries
149: Mini-Stories: Vol 3
I have such a fun job. I'm so grateful. Okay, we're going to take an ad break here, but stay with us because we have a new guest to tell us a new story after the break. This episode is sponsored by Exonius. Complexity is inevitable in IT and security, and it's increasing. Exonius is here to help you control it.
Darknet Diaries
149: Mini-Stories: Vol 3
As a system of record for all digital infrastructure, the Exonius platform correlates asset data from existing tools to provide an always up-to-date inventory, uncover security gaps, and automate response actions. Go to Exonius.com slash Darknet to learn more and get a demo. That's Exonius, spelled A-X-O-N-I-U-S. Exonius.com slash Darknet.
Darknet Diaries
149: Mini-Stories: Vol 3
All right, so let's start out with who are you and what do you do?
Darknet Diaries
149: Mini-Stories: Vol 3
So that's what I did there. Okay. Responder is a pretty clever hacking tool. It's free to get. It's just a Python program. And how you use it is you just start it and wait. Now, the thing about Windows computers is that they always want to try to join a domain and connect to shared drives on the network.
Darknet Diaries
149: Mini-Stories: Vol 3
And so if a Windows machine wants to connect to a shared drive, it will try to get to that host directly. And if it's there, it'll connect to it just fine or whatever. But what does the Windows computer do if it can't find the shared drive that it's trying to connect to? Well, it wants to connect to it very badly, and it will try another way.
Darknet Diaries
149: Mini-Stories: Vol 3
It might ask the DNS server, hey, do you know the IP address for the server I'm trying to get to? And the DNS server might be like, yeah, I got that. Here's the IP right here. And then the computer might be like, that's the same IP I have, and I already checked. That one's not online.
Darknet Diaries
149: Mini-Stories: Vol 3
So then if the Windows machine still can't find that shared drive that it really wants to connect to, it then sends a broadcast message to all the computers on the local subnet saying, hey, I'm looking for this shared drive. If any of you are it, please respond. And that's when Responder springs into action. It sneakily says, why, yes, I'm that shared drive you're looking for. That's me.
Darknet Diaries
149: Mini-Stories: Vol 3
These are true stories from the dark side of the Internet. I'm Jack Recider. This is Darknet Diaries. This episode is brought to you by Varonis. So many security incidents are caused by attackers finding and exploiting excessive permissions. All it takes is one exposed folder, bucket, or API to cause a data breach crisis.
Darknet Diaries
149: Mini-Stories: Vol 3
You found me. I'm here. And the Windows computer is like, oh, thank goodness. I've been looking for you everywhere. I'd like to connect to you. And Responder is like, sure, of course you can connect to me. But you need to authenticate first. Yeah. And the Windows computer is like, oh, yes, of course. Okay, here's my username and password. Now, Microsoft takes your security seriously.
Darknet Diaries
149: Mini-Stories: Vol 3
And there was one scam he did where he got $32,000 in Liberty Bonds together and went into a bank to trade them in. And the bank offered him $10,000 in cash and some farmland. And he took that deal and signed all the paperwork.
Darknet Diaries
149: Mini-Stories: Vol 3
So it doesn't actually send your password over the network. Instead, it sends a password hash. And since Responder is this dirty little liar on your network, it snatches that username and that password hash and gives it to the penetration tester or hacker who's running the tool. Saying something like, hey, someone just tried to connect to me using this username and this password hash. Here you go.
Darknet Diaries
149: Mini-Stories: Vol 3
Typically, Responder only works against computers in the same subnet as it. So if you're in the same subnet, then yeah, Responder is an amazing tool at finding usernames and password hashes. Now, a password hash is not the password. It's a gibberish set of characters that you get when your password goes through an algorithm.
Darknet Diaries
149: Mini-Stories: Vol 3
And the thing is, in some cases, you can crack this hash to get the password. And a common method for cracking passwords is brute force. Take the top one million most common passwords and hash them. And then see if any of those hashes match the password hash you just got. And if so, you found the password. Exactly. So we use something called Hashcat. We'll take that hash.
Darknet Diaries
149: Mini-Stories: Vol 3
We will plug it into hash. Tell me about this. So to crack that, that's not on the Raspberry Pi because the Raspberry Pi doesn't have... the CPU cycles to be able to throw a billion passwords at that thing and try to figure out which one it is. What's your method for cracking it?
Darknet Diaries
149: Mini-Stories: Vol 3
Okay. Now, what's your kind of success rate on getting one hash and being able to crack that single hash?
Darknet Diaries
149: Mini-Stories: Vol 3
A different question, which is kind of in the same realm, is suppose you have the entire AD database of hashes. What percentage of passwords do you think you're going to crack out of that?
Darknet Diaries
149: Mini-Stories: Vol 3
So he's basically trying billions of passwords to see if any of them match this hash. Of course, the longer that his hashcat tool runs, the more passwords are tried. And so they might start with the top 1 million most used passwords and then try making slight modifications to those, like putting a 1 at the end or capitalize the first letter.
Darknet Diaries
149: Mini-Stories: Vol 3
Maybe add in their own word list, such as the company name or mascot or city or address or person's name or kid's name. If no luck there, then... Try every word in the dictionary, but add numbers to the end of it and maybe mix it up a little bit and see if that works. And just try tons of combinations. And pretty much all the stuff I've listed so far probably only takes like a few hours or less.
Darknet Diaries
149: Mini-Stories: Vol 3
Now, after the tool has tried all this, it just then starts going through every single possible character combination in the world, such as AAA, AAB, AAC, AAD. So this combination of finding a username and password hash from Responder and then trying to crack it in Hashcat could take hours or even days, since it's about waiting and timing and maybe brute forcing the password.
Darknet Diaries
149: Mini-Stories: Vol 3
So in the meantime, he's looking around the network to see what else is there. A good place to start is Nmap. Nmap is a basic tool that you can use to quickly scan the network to see what's there. It'll basically ping every IP address in the network to see what responds. And if any do, then it'll try to see if that host has any open ports.
Darknet Diaries
149: Mini-Stories: Vol 3
Then Nmap will spit out a report saying, here are all the computers on the network that I found to be alive, and these are their open ports. Exactly, yeah.
Darknet Diaries
149: Mini-Stories: Vol 3
So there's a lot of stuff going on at once. He's got these background tasks running to try to get more usernames and hashes, and he's also trying to crack the hash he's got.
Darknet Diaries
149: Mini-Stories: Vol 3
Boom. He cracked the password. Yes. But who is this user? Are they just like a low-level user? Or are they a system admin? He has to find out. And to do that, he logs into a computer on the network to see what his access is. And it's a normal user with no special privileges.
Darknet Diaries
149: Mini-Stories: Vol 3
The average organization has tens of millions of unique permissions and sharing links. Even if you could visualize your cloud data exposure, it would take an army of admins years to right-size privileges. With how quickly data is created and shared, it's like painting the Golden Gate Bridge. That's why Varonis built Least Privilege Automation.
Darknet Diaries
149: Mini-Stories: Vol 3
Let's just say it was an inappropriate place to put a camera in an office if that lady wasn't aware of it. Joe knew that what he was looking at was potentially going to get someone fired. So he had to proceed with caution here.
Darknet Diaries
149: Mini-Stories: Vol 3
Varonis continuously eliminates data exposure while you sleep by making intelligent decisions about who needs access to data and who doesn't. Because Varonis knows who can and who does access data, their automation safely remediates risky permissions and links, making your data more secure by the minute.
Darknet Diaries
149: Mini-Stories: Vol 3
It's interesting to stumble upon this as a security consultant, since it's not really a network security issue. It's more of a see something, say something issue. Like, do you even put this in the final security report? Joe went on to complete the pen test, and he found some misconfigurations in Active Directory, which gave him administrator access, which pretty much gives him keys to the kingdom.
Darknet Diaries
149: Mini-Stories: Vol 3
The network admin can reset anyone's password, see all shared drives, probably even read everyone's email. So he put all this into a report and delivered his findings on the final call.
Darknet Diaries
149: Mini-Stories: Vol 3
Yeah, as far as like your success rate, I mean, you're always going to find something, even if it's like a CVV level three. But I mean, as far as just success rate of just like owning the whole network and gaining access to sensitive systems, getting half the user's passwords in the whole organization, that kind of thing, is that fairly high?
Darknet Diaries
149: Mini-Stories: Vol 3
Do you feel pretty confident like, yeah, I'll probably be able to own this network?
Darknet Diaries
149: Mini-Stories: Vol 3
And I think he can get to that point because of how many penetration tests he's done. He's gone into dozens of networks and exploited hundreds of devices. And after doing it over and over and over, you start to develop a pattern and know exactly where to look for weaknesses. And once you do develop a pattern, pen tests start to become automatic since they repeat the same steps almost every time.
Darknet Diaries
149: Mini-Stories: Vol 3
And so, once he was done with one pen test job, he'd move right on to the next. And this time, it was a bank.
Darknet Diaries
149: Mini-Stories: Vol 3
Even when you're not logged in, Varonis is classifying more data, revoking permissions, enforcing policies, and triggering alerts to their IR team to review on your behalf. To see how Varonis can reduce risk while removing work from your plate, head on over to Varonis.com slash Darknet and start your free trial today. That's Varonis spelled V-A-R-O-N-I-S dot com slash Darknet.
Darknet Diaries
149: Mini-Stories: Vol 3
So they arrive on site and they're greeted by the on-site team. They're shown where to sit and where to plug into the network. And this was a simulated breach. So if someone got into the network who shouldn't be on it, what could they see or do while there? So the two of them get all set up in this room and, well, you already know what tool they're going to start up first.
Darknet Diaries
149: Mini-Stories: Vol 3
Okay, so they've taught me that Responder is their go-to tool for starting a network assessment. But if that's not working for whatever reason, what do you do next? Hmm.
Darknet Diaries
149: Mini-Stories: Vol 3
Okay, so NMAP is a basic tool to scan the network. It's simple and efficient and usually safe. And when you're testing a live network, you want to be as light-footed as you can. And NMAP is a gentle tool to scan the network with. It just does like a simple knock on the door. Is anyone home?
Darknet Diaries
149: Mini-Stories: Vol 3
And it really just stops there, which is nice since you don't want to disrupt business or wreck any systems in your process. Since after all, this is a bank which needs to continue their service to customers. but mass scan is a bit beefier of a tool compared to Nmap. It can make a map of your network, but it's designed to scan huge amounts of systems at once.
Darknet Diaries
149: Mini-Stories: Vol 3
Like it shines really well when it's supposed to scan like millions of IPs at once, or even the whole internet. This network at most had like thousands of IPs. Mass scan is just too powerful of a tool for this scenario. But this junior pen tester was convinced that because it's a beefier tool, it's better for the job.
Darknet Diaries
149: Mini-Stories: Vol 3
Okay, so this junior pen tester was absolutely flooding the network with traffic. They weren't told what exactly they impacted, but I'm going to speculate on what happened here. He had a computer that was plugged in using an Ethernet cable. So his next hop from his laptop would have probably been a network switch or router.
Darknet Diaries
149: Mini-Stories: Vol 3
If he's sending massive amounts of traffic, it could easily overwhelm that next hop. Just too many packets at once going through that and opening too many sessions, it can fill up the session table. Memory or CPU on the device could just be maxed out and it just might not accept any more packets. Essentially doing a denial of service on that next hop if it was a switch or a router.
Darknet Diaries
149: Mini-Stories: Vol 3
And what that would do is it'd cause everyone who's also connected to that device to not be able to reach anything beyond it. Like the pipes are clogged kind of thing. And if there are servers also connected to that switch, then those servers would be unreachable by anyone too. The other option is if this mass scan tool was configured to scan IPs
Darknet Diaries
149: Mini-Stories: Vol 3
This episode is sponsored by ThreatLocker. Ransomware, supply chain attacks, and zero-day exploits can strike without warning, leaving your business's sensitive data and digital assets vulnerable. But imagine a world where your cybersecurity strategy could prevent these threats. That's the power of ThreatLocker Zero Trust Endpoint Protection Platform.
Darknet Diaries
149: Mini-Stories: Vol 3
outside the network, the traffic might have traversed the firewall. And this is a device that acts as a security checkpoint between the internal network and the outside internet, which does a little bit more inspection of packets. And if every IP that MassScan was trying to hit was getting inspected by the firewall, that might be too much for the firewall to handle.
Darknet Diaries
149: Mini-Stories: Vol 3
It just can't accept that much stuff. Not only that, but it might have taken up all the bandwidth that that site had for internet access as well, making the whole internet go down for the site. Either scenario, Joe realized it was them who took down the network. And now they had a really big problem on their hands to deal with.
Darknet Diaries
149: Mini-Stories: Vol 3
One thing that I thought isn't explicitly taught to pen testers, but I believe is possibly the most important skill for them to have is communication skills. It's not entirely unusual to be put in a hot situation where there's some very stressed out people on the phone or in the room or people that are just really difficult to work with.
Darknet Diaries
149: Mini-Stories: Vol 3
And the better you can speak their language, the more effective you're going to be at working with them. If you're a pen tester and you find some awful, glaring security issue in the network, how do you explain the problem to the business leaders in a way that they will prioritize it and fix it? They aren't ding-dongs.
Darknet Diaries
149: Mini-Stories: Vol 3
They have degrees and are highly accomplished people, but they don't understand the details of cybersecurity. So you need to have those communication skills to speak their language so they get it. And that, to me, is a mark of a great penetration tester. A big thank you to Evil Mog for telling us about this time in Afghanistan.
Darknet Diaries
149: Mini-Stories: Vol 3
And also thank you to Joe for telling us about his pen test story that went all wrong. They were able to keep working after that and provided value to the client despite the rough start. I've got a t-shirt shop that I really want you to check out. There are over 50 designs in there and I am positive you will find a shirt that you'll love in the store.
Darknet Diaries
149: Mini-Stories: Vol 3
Please visit shop.darknetdiaries.com and treat yourself to something nice. This episode was created by me, the One-Eyed Jack reciter. Our editor is the encrypted kid, Tristan Ledger. Mixing done by Proximity Sound, and our intro music is by the mysterious Breakmaster Cylinder. I took a trip down to the capital in Washington, D.C., and a little bee landed on a flower next to me.
Darknet Diaries
149: Mini-Stories: Vol 3
ThreatLocker implements a proactive, deny-by-default approach to cybersecurity, blocking every action, process, and user unless specifically authorized by your team. This least-privileged strategy mitigates the exploitation of trusted applications and ensures 24-7, 365 protection for your organization.
Darknet Diaries
149: Mini-Stories: Vol 3
And I nodded at it, and I said, that's a U.S. bee. This is Darknet Diaries.
Darknet Diaries
149: Mini-Stories: Vol 3
But just as he was about to leave, he did some sleight of hand and switched the envelopes and walked out with the cash and the farmland and the Liberty Bonds that he walked in with. The bank did not like this and called the cops on him, who caught him in Kansas City.
Darknet Diaries
149: Mini-Stories: Vol 3
The core of ThreatLocker is its Protect Suite, including application, allow listing, ring fencing, and network control. Additional tools like the ThreatLocker detect EDR, storage control, elevation control, and configuration manager enhance your cybersecurity posture and streamline internal IT and security operations.
Darknet Diaries
149: Mini-Stories: Vol 3
To learn more about how ThreatLocker can help mitigate unknown threats in your digital environment and align your organization with respected compliance frameworks, visit ThreatLocker.com. That's ThreatLocker.com. So what should we call you? Evil Mog is fine. Okay, we'll call you Evil Mog. How do you get that name? Where does that come from?
Darknet Diaries
149: Mini-Stories: Vol 3
IRC, I remember those days. We were young then. Did you do any stupid things when you were young and on IRC?
Darknet Diaries
149: Mini-Stories: Vol 3
A stern knock sounded urgent and menacing. He opened the door and saw the police were standing at his front door.
Darknet Diaries
149: Mini-Stories: Vol 3
But he convinced them that if they pressed charges, then the story would get out and it would be terrible for the reputation for the bank. Customers wouldn't want to use a bank that's this careless with the deals they make. He was so good at convincing them of this that the bank dropped the charges and gave him $1,000 to not tell anyone and keep the story quiet.
Darknet Diaries
149: Mini-Stories: Vol 3
Okay, so hold on a second. I've pirated. Mm-hmm. And I've done some freaking. The cops never came to my house. It sounds like you might have done more than that or went over the line.
Darknet Diaries
149: Mini-Stories: Vol 3
They were... Did they work at all? Because I can't even imagine this work.
Darknet Diaries
149: Mini-Stories: Vol 3
When I was a teenager, I didn't understand how credit cards worked at all. Like, in my head, it just seemed like 16 random numbers. And if you knew those 16 numbers, could you buy stuff? Yeah. So I thought, okay, let's test that theory. As a teen, I went to a website, put in 16 random numbers just to see what happened.
Darknet Diaries
149: Mini-Stories: Vol 3
I thought if it worked, I'd have no idea whose number I just used and I could just say I typed the wrong number if they asked me. But no matter how many 16-digit credit card numbers I put into a website, it never worked. Every one was an invalid number. Apparently, it's more complicated than just that.
Darknet Diaries
149: Mini-Stories: Vol 3
Eva Mogg loved flying planes when he was a kid and signed up for junior glider classes taught by the Canadian military.
Darknet Diaries
149: Mini-Stories: Vol 3
From there, he joined the military and taught other kids how to fly gliders. But his other passion was computers, and the military was offering to pay his training to learn more about computers.
Darknet Diaries
149: Mini-Stories: Vol 3
So he spent four years in the military and then went to work for IBM.
Darknet Diaries
149: Mini-Stories: Vol 3
Hold on. It's not just like going over to France. Afghanistan, there was an active war zone, wasn't it?
Darknet Diaries
149: Mini-Stories: Vol 3
But the most brazen scam that Victor Lustig did was when he went to Paris. The Eiffel Tower was built for the 1887 World's Fair, and some thought it was going to be a temporary structure, and by 1925, it was needing repairs. Victor leaned into this and called five scrap metal companies to come meet him
Darknet Diaries
149: Mini-Stories: Vol 3
So even though he was military trained, he was in the war zone as a private contractor, and his job was to go to forward operating bases, or FOBs, to work on the network there.
Darknet Diaries
149: Mini-Stories: Vol 3
These fobs were often on the front line of the war zone in Afghanistan. It's dusty, war-torn, and weathered. Computers don't like these kind of environments because they're delicate and fragile, not rugged and battle-ready. So he was constantly being sent to troubleshoot computers and networking equipment that was breaking in war zones.
Darknet Diaries
149: Mini-Stories: Vol 3
They set up this comm shack inside a 40-foot-long cargo sea container. And he'd go base to base, setting up or fixing the networks inside there. And there was never a dull moment.
Darknet Diaries
149: Mini-Stories: Vol 3
He says the equipment in this area would only last six months because it would get full of dust and just not last very long because of the harsh desert environment. And one day, he got word that one of the comm shacks got rocketed at another base.
Darknet Diaries
149: Mini-Stories: Vol 3
His orders are to travel there and get it back online. Traveling to these fobs takes days or weeks to get to them.
Darknet Diaries
149: Mini-Stories: Vol 3
at a fancy hotel in Paris, and he said he was a deputy director with the French government and even had fancy stationery to prove it. And he told them that the maintenance of the Eiffel Tower was becoming too high and they were looking for a company to dismantle it and purchase the scrap metal. But he also said this deal needed to be hidden from the public to avoid controversy.
Darknet Diaries
149: Mini-Stories: Vol 3
I also, I don't know why, but I'm picturing of you like climbing up a tower, adjusting, you know, getting a spanner on a satellite dish, adjusting it and getting like shot at from up there and being like, hey, it's coming from that hill. Give me cover.
Darknet Diaries
138: The Mimics of Punjab
Okay, so I've got a good story for you today. But when I was researching this episode, I came across something that wasn't exactly hacker related, but it captured my curiosity for like a good 30 minutes. And maybe you'll find this interesting too. So apparently people in India like flying kites.
Darknet Diaries
138: The Mimics of Punjab
Thank you. Bye. Goodbye. Tarun's cousin was convinced he spoke to Tarun on the phone and wanted to help him. So he sent $700. But ouch, this was a scam. He was out all that money. And almost immediately after sending the money, the scammer called back. asking for another $1,200.
Darknet Diaries
138: The Mimics of Punjab
Tarun's cousin said, okay, and started trying to get more money to send, but then started having second thoughts and decided to call Tarun's sister and just told his sister, hey, can you check on Tarun to make sure everything is okay?
Darknet Diaries
138: The Mimics of Punjab
This is the real Tarun, the guy that the scammer was impersonating.
Darknet Diaries
138: The Mimics of Punjab
But the kite fighters don't want their own kite crashing to the ground. They want to win this battle. So what kite fighters do is they coat their strings with something sharp to turn it into a skyward saw. Some use wax, but I think a lot of people are buying strings that are coated in little pieces of glass, making it sharp and scratchy.
Darknet Diaries
138: The Mimics of Punjab
Tarun was confused. The whole story? What's the whole story? Something very strange was going on here and even his sister won't tell him what's going on. But okay, Tarun ends the call with his sister.
Darknet Diaries
138: The Mimics of Punjab
Hmm, wow, what even is the morally right thing to do here? On one hand, his cousin is the one who made the mistake, and Tarun did nothing wrong. But on the other hand, Tarun's cousin came to his rescue. even though he didn't actually need help and sent money to a scammer and not him. But to just call someone out of the blue like that, and they immediately send you $1,700?
Darknet Diaries
138: The Mimics of Punjab
That's a great cousin to have. I think Tarun did a stand-up move by sending his cousin the money he lost. And how this scam works seems kind of familiar to me, actually. I've always been warning people about scammers targeting elderly people to try to tell them their grandchild or something is in trouble. and needs help to get out of a mess.
Darknet Diaries
138: The Mimics of Punjab
Because some elderly people think that family is above everything and they'll just immediately try to help their family without thinking about it or validating it. So like if a scammer knows someone is traveling abroad, they could call back home to the grandparent and say, your son has been arrested here and needs money to bail them out of jail.
Darknet Diaries
138: The Mimics of Punjab
And the grandparent might just pay right away because it's very difficult to, like, work through time zones and phones and stuff. And so the grandparent doesn't want to drop the call since it may be really hard to get that person back who's in another country. Calling long distance and getting a person who can speak their language is sometimes pretty tricky.
Darknet Diaries
138: The Mimics of Punjab
The other thing I'm starting to see arise in is AI scammers. This is where they get like some clips of audio from the person that they're trying to imitate. And then they get AI to clone that voice so that AI can just talk like that person for them. And then this is when they call the victim and their voice sounds just like their real cousin or brother or whatever.
Darknet Diaries
138: The Mimics of Punjab
Tarun and his family did not know that these kind of scams were going around, and they paid a price for it. But once it happened, they started seeing how other families are getting hit with these kind of scams too, and noticing post after post on social media.
Darknet Diaries
138: The Mimics of Punjab
Now, what was surprising to me when I first heard about Tarun's story is that I think everyone's heard about these Indian scammers trying to call you and act like they're Microsoft tech support so you can send them some money or something. But I've not heard of Indian scammers scamming other people from India. But apparently there's a reason for this.
Darknet Diaries
138: The Mimics of Punjab
And it's also really tricky when scammers say, oh, don't tell mom or dad. You know how they are. They'll have a heart attack, which is such a powerful line, especially if the target's dad did have a heart attack, you know? It's a great reason not to tell them. But these scammers are even more tricky than that.
Darknet Diaries
138: The Mimics of Punjab
So if you can get your string to touch theirs, and then just at the right time, give it a quick tug, it'll scrape your string across theirs, and it may cut their kite string, sending their kite to float off freely and eventually crash to the ground, but like a block away, leaving yours in the air as the victor of the battle. It's wild.
Darknet Diaries
138: The Mimics of Punjab
And here's another red flag. When a scammer tries to isolate you and get you to not tell anyone else, that should be like a warning sign. Like, wait a minute, why is this a secret? I think I do need to bring this up with someone else in my family. But it's crazy that just a little bit of small talk is how you can get your target to do this.
Darknet Diaries
138: The Mimics of Punjab
I'm still not convinced that these scammers are from India, scamming other people from India. Stay with us, because when we come back from the break, we learn where they're really from. This episode is sponsored by Arctic Wolf. Arctic Wolf, an industry leader in managed security operations, surveyed a thousand security and IT professionals across the globe to better understand them.
Darknet Diaries
138: The Mimics of Punjab
What are their top priorities, current challenges and future concerns? This survey revealed some startling findings, and you can discover them all in the State of Cybersecurity 2024 Trends Report. Learn why the number of insider threats spikes severely, what lessons can be learned from the year over year change, and how many organizations disclose a breach.
Darknet Diaries
138: The Mimics of Punjab
and what cyber attacks struck 70% of organizations. Download the State of Cybersecurity 2024 Trends Report today at arcticwolf.com forward slash darknet. That's arcticwolf.com forward slash darknet. Okay, so these scammers speak fluent Punjabi, right? And that's a language spoken in the Punjab region. But that region is very interesting.
Darknet Diaries
138: The Mimics of Punjab
Yeah, Punjab is actually a really big area in South Asia and is shared between Pakistan and India. The two countries have a longstanding feud for loads of reasons, and a similar feud is seen between the Punjabis in India and Pakistan. So even though they share the same language and live right next door to each other, they do not always get along.
Darknet Diaries
138: The Mimics of Punjab
And this may be a reason why people in this area are being targeted. It could be part of the continued feud between Pakistan and India. Tarun actually saw a video of someone who recorded one of these scam calls.
Darknet Diaries
138: The Mimics of Punjab
The language difference between Punjabi spoken in Pakistan and India is close enough that it can trick a lot of people.
Darknet Diaries
138: The Mimics of Punjab
As Tarun researched this scam more, he saw some other methods scammers were trying to do. Another one he saw was where the scammer says this.
Darknet Diaries
138: The Mimics of Punjab
You can watch these videos where you see somebody taking out like one kite after another on rooftops. And I can't tell if the other flyers like this or hate this. Because if you had like a nine-year-old trying out a kite and their string gets slashed by some teenager looking for some sky fight, that kid's going to be crying. But anyway, that's kite fighting.
Darknet Diaries
138: The Mimics of Punjab
Now, of course, the scammer does not actually send this money to the victim. What they do instead is they get a different scammer to call up the victim and pose as the bank or Western Union and say something like, hello, this is the bank. We're calling to let you know that there's been a large deposit in your name.
Darknet Diaries
138: The Mimics of Punjab
Someone has just put $9,000 into your account, and it's ready for you to pick up at any time. But then before that person can leave the house and go get the money, they get another call from the same scammer once again.
Darknet Diaries
138: The Mimics of Punjab
But when I think of flying kites, I think about doing it in a park or at some beach, someplace wide open, right? Yeah, well, that's not how kite flying happens in India. They like to fly kites on their rooftops in populated parts of the city, like on the tops of low-rise apartments. And you'll sometimes even see them hanging over their balcony or flying the kite right out the window.
Darknet Diaries
138: The Mimics of Punjab
Oh man, those jerks. These scammers are sneaky. But again, this scam requires a bit of research by the scammers to be so successful. You gotta know someone's details to convince them who you're impersonating. And it sounds like Tarun's cousin was tricked into thinking the scammer was Tarun by giving him details that only Tarun would know. And I wonder, how did they get that info?
Darknet Diaries
138: The Mimics of Punjab
Did they find Tarun on Facebook or something and that's why they decided to target him?
Darknet Diaries
138: The Mimics of Punjab
Well, if the scammers are not grabbing people's details from social media, what other methods are there to get info on someone? Tarun kept watching videos about these scammers on Facebook and noticed something in one video. In one scam call, the victim was like, no, no, no, I'm no sucker. I'm not getting scammed by you.
Darknet Diaries
138: The Mimics of Punjab
Or locally in India, it's known as manja. And you can buy like sharpened manja strings in stores and online. But hold on, this gets even crazier. So you have these razor sharp kite strings flying around in the air, right? All from rooftops and residential areas. But these are in some busy areas with lots of street traffic. So like motorcycles and cars are whizzing by down on the streets below.
Darknet Diaries
138: The Mimics of Punjab
Why would somebody give that up? Oh, because they want 25% of it. Man, that's messed up to say, oh, yeah, you can scam my cousin.
Darknet Diaries
138: The Mimics of Punjab
Dang, think through your family relatives for a moment. You think there's anyone in your family or friends that would give your details to a scammer in hopes to make a few hundred dollars from it? I mean, your family wouldn't be scamming you directly. They'd only be giving information about you, like what city you're in or what children you have, what jobs you have.
Darknet Diaries
138: The Mimics of Punjab
Just enough information to impersonate you on a basic level. And of course, phone numbers. I know there are people in my family that may do it. One of my cousins is currently homeless. And last we spoke, we got into a fight. Who knows what that kid's out there doing for cash right now? I don't know.
Darknet Diaries
138: The Mimics of Punjab
I just think that this is wild, that scammers are getting caught in the act, but then offering to pay you for information on any targets that you can give them, offering 25% of the cut even. And you know, now that I think of it, that's probably a scam too. If you give them information, you are probably never going to see your cut of the money.
Darknet Diaries
138: The Mimics of Punjab
So people in Punjab who are scammed for more than $10,000 can submit an FIR. And that's the first incident report, which is the first thing you should do to register an issue with the police in India. But then a lot of times, nothing happens of it. I guess this is why it's rising in popularity, because it's so easy to get away with.
Darknet Diaries
138: The Mimics of Punjab
I don't even understand the border situation enough down there to know what region has jurisdiction over each other, or if anything can be done about this. I mean, suppose they do track this to be someone from Pakistan. Can the Indian police arrest someone in Pakistan? Would the Pakistani police do something with that information? I have no idea.
Darknet Diaries
138: The Mimics of Punjab
But I still think if you're a victim of a scam and lose money, it's a good step to issue a police report if you can. There have been some cases where scammers were caught, and you may be the person with the information that can help catch them. I don't know the stats. I imagine it's a slim chance that your report will do anything, but I still think having that hope can sometimes keep you going.
Darknet Diaries
138: The Mimics of Punjab
Once Tarun got privy that this kind of scam is going out there in the wild, he became a target of this scam himself.
Darknet Diaries
138: The Mimics of Punjab
So what happens sometimes is when these losing kites crash into the ground... Sometimes they get tangled in weird ways on its descent. Like the string may get snagged up on some tree branch or a sign or something, but then the kite floats to the other side of the road and gets tangled on that side, essentially making a little tightrope that goes across the street.
Darknet Diaries
138: The Mimics of Punjab
I think this is a brilliant way to combat this kind of scam, to do a verification check of some kind. You could ask them to confirm something that only they knew. Like, you could trick them and say something like, oh, do you remember that one summer we went to the lake together? That was fun, wasn't it? And when they say, yeah, yeah, I do. But you never went to the lake with that person.
Darknet Diaries
138: The Mimics of Punjab
Now you know they're lying. I know as my dad, we have some code words that if one of us is in trouble, we have to say the code word to prove it's you. And I've told him if he ever gets kidnapped and someone calls me to pay the ransom, my immediate reaction is to not believe them unless I hear the code word. So you got to tell your kidnappers the code word if you want me to send you money.
Darknet Diaries
138: The Mimics of Punjab
Otherwise, I'm just hanging up the phone. And he's cool with that. But stories like this really do bring my focus back to looking after our digital privacy online. And someone who knows a lot about digital privacy is Naomi.
Darknet Diaries
138: The Mimics of Punjab
In this story, the scammer seems to know quite a lot of information about the victim that they're targeting, right? They know this person's kids' names, where they live, what cousins they have they know from abroad, and this sort of thing. Do you have any idea where a scammer might be getting this kind of information from?
Darknet Diaries
138: The Mimics of Punjab
I don't think it's always your fault. Do you ever think about that of just like, we're living in this world where stuff just gets leaked and it's not your fault?
Darknet Diaries
138: The Mimics of Punjab
And when someone drives by, the car can get snagged on it and pull the string in weird ways. Well, the real problem comes with motorcycles and bicycles. There have been a lot of incidents where the string gets caught around the neck of a motorcyclist and cuts their throat. Bad scratches, gashes, and cuts. But some have even died from getting their neck slit by a glass-covered string.
Darknet Diaries
138: The Mimics of Punjab
Wait, banks? Hold on a second. This banks thing is frustrating to me. I think like banks are a private sanctuary and they should not be doing this. What do you know about this?
Darknet Diaries
138: The Mimics of Punjab
I just recently learned about this third-party doctrine, and it's really frustrating me. Yeah, as Naomi says, the U.S. has a legal principle that says if you voluntarily give your data to another company, you no longer have the reasonable expectation of privacy. What? Excuse me? This essentially means that every email I've ever written is no longer private?
Darknet Diaries
138: The Mimics of Punjab
Every private message I've ever sent is not actually private? My phone's GPS location isn't private? This is awful. But not only that, the U.S. government made all kinds of laws which require you to give up certain information to do things like open bank accounts. So yeah, all your banking information is no longer considered private due to this third-party doctrine.
Darknet Diaries
138: The Mimics of Punjab
And guess what the downstream consequences of this is? Criminals, scammers, stalkers, thieves, and people who want to target you can now easily get data on you. The more we become a digital society, the more important it is to protect our digital privacy. Yet the laws seem to be going in the opposite direction. And it makes me furious. Have you ever heard this term? Oh, nobody would target me.
Darknet Diaries
138: The Mimics of Punjab
Yeah, people have died from this kite fighting stuff. So what motorcyclists do in the areas where it's popular is to install a small bar on the front of the motorcycle to catch any of those strings. It kind of looks like a little antenna on the front of the motorcycle, and it's there just to catch any kite fighter strings from killing the rider.
Darknet Diaries
138: The Mimics of Punjab
Susan B. Anthony changed the world. She grew up in a time when women did not have the right to vote. It was illegal, even. And she said, screw that, and went down and voted anyway. And she was arrested for voting. She was thrown in jail. And she went to court. And she was found guilty. But she refused to pay her fine.
Darknet Diaries
138: The Mimics of Punjab
She had to break the law to go against the government in order to make change happen. And now she's highly celebrated, even to the point that her face is on the corner. I think about her sometimes and I wonder, what should I be doing that's wrong but right? And what I keep thinking about is our digital privacy. The government is stripping away our privacy from us.
Darknet Diaries
138: The Mimics of Punjab
Corporations are being so grabby of our personal data in a predatory way. And they do it so much that it just seems normal at this point. But they are wrong. So what's the right thing to do? I imagine a world where our privacy actually matters, and it's not some meaningless double talk.
Darknet Diaries
138: The Mimics of Punjab
Companies who actually take your privacy seriously are companies that either don't want your data at all, or encrypt it in such a way that they can't even see it, even if they wanted.
Darknet Diaries
138: The Mimics of Punjab
This way, no amount of data breaches or subpoenas can expose you, and you don't have to worry about these companies looking at your stuff, sharing your stuff, or selling your stuff, because it's all garbled, and only you can ungarble it.
Darknet Diaries
138: The Mimics of Punjab
isn't that the normal you'd rather see in the world companies like google apple and facebook all say that they take your privacy seriously but then they proceed to collect every data point about you that they can your location your contacts your address your phone number your work history your sexual orientation the car you drive political affiliations financial data all communications with your friends and family
Darknet Diaries
138: The Mimics of Punjab
And then they analyze this and study you. And then they store it all in a database so they can keep building a profile on you. All this data is a huge liability for them and for you. And they absolutely 100% positively don't need any of it to do what they do. I've had enough of this and switched from an Android phone to a privacy phone.
Darknet Diaries
138: The Mimics of Punjab
It's always interesting to me to see the downwind consequences of something that we didn't immediately think would be a problem. These are true stories from the dark side of the internet. I'm Jack Recider. This is Darknet Diaries. This episode is brought to you by SpyCloud. For some people, ignorance is bliss. But for you, as a security practitioner, that's not the case.
Darknet Diaries
138: The Mimics of Punjab
I exclusively use end-to-end encryption for all my text messaging where nobody can see the chats but me and the person I'm sending it to. And I moved my email to one that encrypts my emails on their server so they can't even read them. I stopped using search engines that try to learn everything about me and I've switched to ones that collect zero data on their users.
Darknet Diaries
138: The Mimics of Punjab
I've stopped using browsers that send my web history somewhere. I always use a VPN and I'm so mad at banks for giving my financial data away that I'm ready to just start using cryptocurrency everywhere I can or go back to using cash. I'm exercising my rights and I'm being a self-advocate of my digital privacy. And I want you to be a self-advocate too.
Darknet Diaries
138: The Mimics of Punjab
Major tech companies aren't going to give you privacy. The government isn't going to give you privacy, but you can take it. I need you to take it. Take your digital privacy seriously because you know it's the right thing to do. A huge thank you to Tarun for coming on the show and sharing this story with us.
Darknet Diaries
138: The Mimics of Punjab
I particularly love this story because it gave me a glimpse into a pocket of the world that I had little knowledge of, and I feel smarter from having met him. Oh, and thank you to Naomi Brockwell for coming on and telling us about digital privacy. She always gets me so revved up about it. She's got an awesome YouTube channel called NBTV Media, which can really level up your digital privacy.
Darknet Diaries
138: The Mimics of Punjab
And there's a book I also recommend for protecting your online privacy, which is called Extreme Privacy, What It Takes to Disappear. I'll have links to all this in the show notes. This show is made by me, the Bloodhound Knight, Jack Lee Sider.
Darknet Diaries
138: The Mimics of Punjab
I went to spycloud.com to check into my darknet exposure, and I won't tell you what it is, but spoiler alert, I found some things that are pretty eye-opening. From breach exposures to info stealing malware infections, knowing what criminals know about you and your business is the first step to setting things right.
Darknet Diaries
138: The Mimics of Punjab
Resetting stolen passwords and addressing the enterprise access points that have been stolen by malware helps you protect your business from ransomware, account takeovers, and online fraud. With SpyCloud, you have a trusted partner to fight the good fight with.
Darknet Diaries
138: The Mimics of Punjab
Their automated solutions, which is built on over 350 billion recaptured assets from the criminal underground, ensure you're not in the dark when it comes to your company's exposure to cybercrime. To get your full Darknet exposure report, visit spycloud.com slash darknetdiaries. That's spycloud.com slash darknetdiaries. This episode is sponsored by Delete Me.
Darknet Diaries
138: The Mimics of Punjab
I never even knew you could fly a kite out a window three stories up, but yeah, they're doing it. And I saw videos of this on YouTube. And so on nice breezy days in India, you may look up and see some people on the rooftops flying kites right in the middle of a busy city. Anyway, kites alone aren't that exciting to me, but here's the part that surprised me.
Darknet Diaries
138: The Mimics of Punjab
In episode 133, I spoke to Connor Tumbleson about some people from who knows where who were stealing his identity. Luckily, they weren't out to destroy his reputation or extort him, but think of the damage that could be done. We all have data out there, which data brokers use to make profit. Anyone on the web can buy your private details to do anything they want.
Darknet Diaries
138: The Mimics of Punjab
This can lead to identity theft, phishing attempts, harassment, and unwanted spam calls. But there's a solution called Delete Me. I tried it and they immediately got busy scouring the internet for my name and gave me reports on what they found. And they got busy deleting these things. It was great to have someone on my team when it comes to privacy.
Darknet Diaries
138: The Mimics of Punjab
Take control of your data and keep your private life private by signing up for Delete Me. Now at a special discount for my listeners, you can get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code DD20 at checkout. The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code DD20 at checkout.
Darknet Diaries
138: The Mimics of Punjab
That's joindeleteme.com slash darknetdiaries code DD20. All right, I got an interesting story for you today. And let's just jump right into it. Here, listen to this phone call. Okay, this phone call is in the Punjabi language. It's from India. But I really want you to hear this. So, one second.
Darknet Diaries
138: The Mimics of Punjab
Okay, there. I've translated the audio and had it re-recorded in English. Now, take a listen. Hello?
Darknet Diaries
138: The Mimics of Punjab
Apparently, there are kite fighters among these people. And this gets wild. They take kite flying to a whole new level, if you ask me. So the idea here is to knock someone else's kite out of the sky with your kite. So, like, if you're on the rooftop and you see a kite flying a couple rooftops over from you, the mission is to knock theirs down.
Darknet Diaries
138: The Mimics of Punjab
And so the first thing you have to do is to get your kite near theirs, or at least near their string. And that takes a bit of skill to get your kite close to the person's kite who's like three rooftops away from you. And I don't even understand how they do this. Like, how do you send your kite over to someone else's where you can't even move off your balcony?
Darknet Diaries
138: The Mimics of Punjab
I find this call interesting. The victim recognized that this was an attempted scam right away and recorded the whole phone conversation. And it's very good for him to notice it that soon and hit record for the whole call. But would you have noticed this was a scam so early on if your cousin called you out of the blue and was in trouble? Would you have been tempted to send him $2,000 to free him?
Darknet Diaries
138: The Mimics of Punjab
Apparently, this kind of scam is becoming more popular in Punjab, which is an area in India and Pakistan. And what you're hearing behind me here is a clip from a YouTuber called Suk Viral, highlighting how people are getting hit with this scam. The idea here is simple. The scammer will pose as someone you know and ask you for money. It's not always the same scenario, though.
Darknet Diaries
138: The Mimics of Punjab
I thought the wind decided where your kite went, but apparently they're able to let out the string more or weight the kite down or something to get it to go where they want. Now, I've flown a kite too close to someone else's kite before. And what happened to me is that the kites got tangled up and both of our kites crashed to the ground.
Darknet Diaries
133: I'm the Real Connor
I remember this one time I really botched a job interview. I was young, in my early 20s, and I applied to do surveillance at a casino. You know, the eye in the sky, watch 20 monitor screens at once and try to find someone cheating or stealing things in the casino, and then call the security guards on them. Well, I got an interview with the head of casino security and things were going well.
Darknet Diaries
133: I'm the Real Connor
And with that, he stood up and said, thanks for coming in, but we're looking for someone else. Good luck. And he reached out to shake my hand. I quickly realized my mistake. Taking the family side was the wrong answer. It's the definition of corruption. Even if he wanted me to always protect the family, this was just too soon of a test to ask me something like that.
Darknet Diaries
133: I'm the Real Connor
Man, I can't even imagine being in this scenario. Listening in on an interview with someone else pretending to be you? Trying to get this job? What? All the time fake Connor is speaking, the real Connor is muted, listening. How does he respond to all this? How would you respond to this situation?
Darknet Diaries
133: I'm the Real Connor
If I were him, I'd be freaking out, wondering if I'm being pranked and wanting to know who this guy is that's pretending to be me. And who put him up to this?
Darknet Diaries
133: I'm the Real Connor
So this P&D person set up this interview and asked Andrew to join it and pretend to be Conor. Andrew said no for ethical reasons, but then someone else pretending to be Connor did join the call. Who was that person?
Darknet Diaries
133: I'm the Real Connor
Stay with us. There's more after the break. This episode is sponsored by Arctic Wolf. Arctic Wolf, an industry leader in managed security operations, surveyed a thousand security and IT professionals across the globe to better understand them. What are their top priorities, current challenges, and future concerns?
Darknet Diaries
133: I'm the Real Connor
I wasn't part of the family yet. Siding with him. was taking sides against the casino itself. And if he was actually corrupt, he wouldn't show his cards like that so early in the first interview with someone. So I reversed my position. I shouted, no, no, no, I would definitely turn you in. The casino is who I work for, not you.
Darknet Diaries
133: I'm the Real Connor
This survey revealed some startling findings, and you can discover them all in the State of Cybersecurity 2024 Trends Report. Learn why the number of insider threats spikes severely, what lessons can be learned from the year-over-year change, and how many organizations disclose a breach. and what cyber attacks struck 70% of organizations.
Darknet Diaries
133: I'm the Real Connor
Download the State of Cybersecurity 2024 Trends Report today at arcticwolf.com forward slash darknet. That's arcticwolf.com forward slash darknet. Okay, so let's recap. Someone made an Upwork profile using Connor's resume and information, and they were using that fake profile to apply for real jobs, then getting someone else to act like Connor for the job.
Darknet Diaries
133: I'm the Real Connor
Then that person would sit in an interview and pretend to be Connor. Yeah, so Upwork is a place that freelancers can go to look for jobs. Anything from design to IT or legal professionals, freelancers will make an account saying what skills they have and that they're available to work on these projects.
Darknet Diaries
133: I'm the Real Connor
And either someone messages the freelancer about a job or a job gets posted on Upwork and freelancers can apply for it. Someone made an Upwork account using Connor's details, some real, some fake, and applied for jobs saying, look how great my profile is. I want to come work for you.
Darknet Diaries
133: I'm the Real Connor
And as Connor looked through the information Andrew sent over, he realized that some of the people communicating to Andrew also seem to be impersonators. Like Maris, for instance, was a real person with a nice GitHub and stuff, but it was probably not the real Maris who was messaging Andrew.
Darknet Diaries
133: I'm the Real Connor
He smiled and shook his head and walked me to the door and said, better luck next time, kid.
Darknet Diaries
133: I'm the Real Connor
A lot of these trails seem to come back to the person in the Slack chat app calling themselves PND. PND is who told Andrew to impersonate Connor for the job. And he's also telling everybody what to do in this chat room. PND might also be Maris. I don't know. But it seems that PND has a website called PND Design, which offers coding and web design services.
Darknet Diaries
133: I'm the Real Connor
It was just, it was strange. Giving a fake phone number. I love it. It reminds me of this scene from the classic movie, The Blues Brothers.
Darknet Diaries
133: I'm the Real Connor
These are true stories from the dark side of the internet. I'm Jack Recider. This is Darknet Diaries. This episode is brought to you by SpyCloud. For some people, ignorance is bliss.
Darknet Diaries
133: I'm the Real Connor
A good criminal will always throw people off with what looks like real information but is actually something bogus.
Darknet Diaries
133: I'm the Real Connor
That's hilarious. A web design company boasting about how they can create great looking websites, but they didn't even create their own website. The footer says it was made by someone else. Connor wasn't sure what was happening, but thought that maybe companies were hiring an individual to build their sites who then would turn the project over to P&D Design to do the actual work.
Darknet Diaries
133: I'm the Real Connor
But he doesn't know. It was just so frustrating to have all these puzzle pieces and have no idea what the finished picture looks like. But Connor does the only thing he can, but just start emailing companies who P&D claimed to have worked with.
Darknet Diaries
133: I'm the Real Connor
Things are just so weird at this point. Was the P&D person in the Slack channel actually affiliated with P&D Design, or were they just impersonating that company too? So many layers of fakeness going on here and impersonations that it's just really hard to know what's real and who to trust here.
Darknet Diaries
133: I'm the Real Connor
Connor has tried to reach out to so many people involved, but then realized, hey, wait, why not reach out to Connor? Not the real Connor, but the fake Connor, the one who was impersonating him. So he writes to it. Why are you impersonating me?
Darknet Diaries
133: I'm the Real Connor
The full response he got back from the fake Connor was, sorry, but you have a great GitHub and you look cute. Of course, Connor's first reaction is anger. But perhaps there's a bit of information in there that's helpful.
Darknet Diaries
133: I'm the Real Connor
So Connor starts learning all kinds of new things about this mystery from the help of people on the internet. It turns out there's a story that Brian Krebs wrote a while ago, which talks about faked LinkedIn profiles.
Darknet Diaries
133: I'm the Real Connor
But for you, as a security practitioner, that's not the case. I went to spycloud.com to check into my darknet exposure, and I won't tell you what it is, but spoiler alert, I found some things that are pretty eye-opening. From breach exposures to info stealing malware infections, knowing what criminals know about you and your business is the first step to setting things right.
Darknet Diaries
133: I'm the Real Connor
So this article is interesting. LinkedIn is where people go to look for jobs and network and do hiring. But there's a huge amount of fake profiles being created every day. These profiles are real tricky, though, because they're like half AI generated and half real. And they take some real information from certain LinkedIn accounts, but then change a few things on it.
Darknet Diaries
133: I'm the Real Connor
And these fake accounts start creating connections and joining groups. And then the fake accounts start applying for jobs. Real jobs. And it's a real pain in the neck for LinkedIn to try to figure out who's real and who's fake on here.
Darknet Diaries
133: I'm the Real Connor
And the comments on this article are just filled with people saying how they've had a bunch of fake people apply for jobs at where they work, and recruiters have to do this extra step at verifying people's actual identity. Which makes me think, how exactly can someone actually get a job using someone else's name?
Darknet Diaries
133: I'm the Real Connor
In the US, you have to fill out tax documents and stuff that if you work there, you can't forge this stuff. Where are the paychecks going to be sent to?
Darknet Diaries
133: I'm the Real Connor
There was a time where I was trying to find someone on one of these freelance websites to make a video game for me. And they claimed to be American with great coding skills. But then when I asked for a phone call, the story quickly changed to be a person from India. And it was also not a single person, but a whole team of people ready to work on my project.
Darknet Diaries
133: I'm the Real Connor
Resetting stolen passwords and addressing the enterprise access points that have been stolen by malware helps you protect your business from ransomware, account takeovers, and online fraud. With SpyCloud, you have a trusted partner to fight the good fight with.
Darknet Diaries
133: I'm the Real Connor
So what Connor said may be what's going on here. Get Andrew to be the token American English speaker. and then they can advertise themselves as American-based to ask for a higher rate.
Darknet Diaries
133: I'm the Real Connor
Okay, but back to the email the fake Connor sent the real Connor. It said, you have a great GitHub and you look cute. Okay, let's put aside that look cute part. The great GitHub is the curious point for me. Like I said, Connor has contributed code 51,000 times to GitHub in the last 12 years. That, I think, is what is great about it. That alone.
Darknet Diaries
133: I'm the Real Connor
What I mean is you can't go back in time on GitHub and post code. That is, you can't create an account that looks like the person has been there for 12 years and has all this coding experience unless you're spending 12 years posting code on GitHub.
Darknet Diaries
133: I'm the Real Connor
So the fact that Connor has been posting code there for 12 years does, in fact, make him look like a well-established veteran coder who knows his stuff. And that goes a long way with job recruiters.
Darknet Diaries
133: I'm the Real Connor
Yes, I think so too. That's something you can't fake easily. A longstanding reputation of pushing code to GitHub is attractive to employers. So that is exactly why I think Connor got his identity stolen. Someone, I don't know, PND, Maris, saw Connor's GitHub and liked it. And that's why they took his identity. After Connor posted this blog post, he gave a talk at a conference in Tampa.
Darknet Diaries
133: I'm the Real Connor
Their automated solutions, which is built on over 350 billion recaptured assets from the criminal underground, ensure you're not in the dark when it comes to your company's exposure to cybercrime. To get your full Darknet exposure report, visit spycloud.com slash darknetdiaries.
Darknet Diaries
133: I'm the Real Connor
And someone who read his blog post came up to him after the talk and told him another crazy story. He said,
Darknet Diaries
133: I'm the Real Connor
I stumbled upon this same stuff, too. I recently found a subreddit called r slash overemployed. And it's all about people who are gaming the whole work from home thing, having two full time jobs at the same time. That is, they go to work from nine to five, but are working at two different places at the same time.
Darknet Diaries
133: I'm the Real Connor
And neither company knows they're actually spending half the time at some other company. And yeah, there's articles on this r slash overemployed subreddit that tell you things like how to look productive when you're not at your keyboard and stuff. like having mouse jigglers move your mouse around for you, or how to automate some of the tasks to look productive.
Darknet Diaries
133: I'm the Real Connor
They also have listings of which companies are over-employed friendly. One of the top posts there is someone saying they now work five jobs, bringing in a total of $1.2 million a year, and here's how I did it, ask me anything. And while that's crazy, this gives me all kinds of business ideas.
Darknet Diaries
133: I'm the Real Connor
Like, let's say I get a job working remotely somewhere, but then outsource my job to someone else who wants to do it for half the pay. And yeah, if I could do that, then why not get another job and outsource that to someone else? And so now I've got all these jobs that I'm doing work for, but I'm actually not doing the work for them. Someone else is doing it for me.
Darknet Diaries
133: I'm the Real Connor
I mean, that is clearly unethical, but I guarantee with the wave of working from home jobs out there, That is happening. Oh, and let's not forget what happened to John Woo. I talked with him on Episode 119, and he thinks that someone from North Korea tried applying for a job where he works, who could have very well been trying to get a job there just to steal the cryptocurrency from their company.
Darknet Diaries
133: I'm the Real Connor
So did you ever get to like speak with PND or Maris or whoever and say, dude, what is going on here?
Darknet Diaries
133: I'm the Real Connor
That's spycloud.com slash darknetdiaries. This episode is sponsored by Delete Me. In episode 133, I spoke to Connor Tumbleson about some people from who knows where who were stealing his identity.
Darknet Diaries
133: I'm the Real Connor
What a weird time it's becoming, isn't it? I mean, this is just the modern world that we're in now, where working from home is more popular than ever, and it seems to be ushering a whole new set of scams. Or are they even scams? I guess if you're misrepresenting yourself, then it is a scam.
Darknet Diaries
133: I'm the Real Connor
Even if you're not trying to trick someone to give you money for nothing, just lying to score a contract seems scammy to me. I think if you're hiring today, you should be very cautious of the people who are applying for your position because they might not be real.
Darknet Diaries
133: I'm the Real Connor
And if they are claiming to be someone, maybe double check with the person that they're claiming to be by reaching out to them separately. Just be safe out there as our world keeps evolving and becomes more tricky to navigate. A big thank you to the real Conor Tumbleson for coming on the show and telling us this crazy story. You can see what he's blogging about over at conortumbleson.com.
Darknet Diaries
133: I'm the Real Connor
We hit it off and he liked my resume. But then he asked me one last question. If you saw me stealing in the casino, would you turn me in? Now, I was dumbfounded by this question. What is this, some kind of ethics test? I mean, he's the head of security. If I saw him stealing, who would I even report it to? I was baffled on how to answer this. But I wanted this job bad.
Darknet Diaries
133: I'm the Real Connor
And don't forget, on the website, darknetdiaries.com, is a link to all the articles mentioned in these episodes, as well as full transcripts of every episode. This show is made by me, the cyber samurai, Jack Recider. This episode was written and produced and edited by the cheerful Tristan Ledger. Sound design was done by Garrett Tiedemann. Mixing by Proximity Sound.
Darknet Diaries
133: I'm the Real Connor
And our theme music is by the mysterious Brickmaster Cylinder. I was once asked in an interview if I'm any good at Microsoft Office. And I told them, I excel at it. And the interviewer asked me, was that an Office pun? And I said, word. This is Darknet Diaries.
Darknet Diaries
133: I'm the Real Connor
Luckily, they weren't out to destroy his reputation or extort him, but think of the damage that could be done. We all have data out there, which data brokers use to make profit. Anyone on the web can buy your private details to do anything they want. This can lead to identity theft, phishing attempts, harassment, and unwanted spam calls. But there's a solution called Delete Me.
Darknet Diaries
133: I'm the Real Connor
I tried it and they immediately got busy scouring the internet for my name and gave me reports on what they found. And they got busy deleting these things. It was great to have someone on my team when it comes to privacy. Take control of your data and keep your private life private by signing up for Delete Me.
Darknet Diaries
133: I'm the Real Connor
Now at a special discount for my listeners, you can get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code DD20 at checkout. The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code DD20 at checkout. That's joindeleteme.com slash darknetdiaries code DD20.
Darknet Diaries
133: I'm the Real Connor
The main thing to know about Connor is he spent years in the tech industry. He's a great programmer, which has led him to become a director of engineering. And he's content in his current role. He's definitely not job-seeking. However, his resume is pretty nice, and he's got a whole list of skills under his belt, and he has a great GitHub.
Darknet Diaries
133: I'm the Real Connor
GitHub is a place where people go to share programming code they made, and Connor has wrote a lot of code. So Connor has published a lot of this code to GitHub for other people to see. If you go there, you can see what code he's been writing since 2011. In fact, he's posted new code 51,000 times over the last 12 years. And what's interesting about GitHub is
Darknet Diaries
133: I'm the Real Connor
is you can go back through those years and see every line of code that he shared and what date he shared it. Okay, September 14th, 2022, you get an email.
Darknet Diaries
133: I'm the Real Connor
It does have a spammy taste to it, doesn't it? I think I've probably gotten spam like this before. You know, click here to see if my identity is stolen.
Darknet Diaries
133: I'm the Real Connor
The e-mail was from a guy named Andrew. Andrew is also a programmer, but he's just starting out in college and has only posted a little bit to GitHub, Andrew said someone found him and messaged him on GitHub and offered him a job. But when Andrew asked more questions about the job, he was told he had to act like Connor to get the job.
Darknet Diaries
133: I'm the Real Connor
Okay, wow. They took Connor's real resume, but changed just a few things, like the email address, physical address, and a few other accomplishments. But all this sounds really spooky. I mean, to get an email from someone explaining all this?
Darknet Diaries
133: I'm the Real Connor
So I did a whole bunch of mental gymnastics to try to read his face and see what answer he wanted. I mean, the first thing that popped into my mind was that quote from the Godfather. Here, listen. You're my older brother, and I love you. But don't ever take sides with anyone against the family again. Don't take sides against the family? Who do you think started the whole casino business?
Darknet Diaries
133: I'm the Real Connor
The person sending the email could be trying to help, or they could be trying to scam Connor into paying them to scrub this information off of some website or something? What was the real intention of this Andrew guy who emailed him?
Darknet Diaries
133: I'm the Real Connor
It seems like this guy Andrew is responding to questions Connor has, but is equally as confused as Connor is about this. I mean, imagine someone messages you on GitHub, offers you some paid work, and when you say, yeah, that sounds great, then they ask you to pretend to be someone else?
Darknet Diaries
133: I'm the Real Connor
So Andrew was sending more information over to Connor, screenshots of Slack chat that he had with this Maris person.
Darknet Diaries
133: I'm the Real Connor
Oh, right. This is an online video interview, and it's all set up where the company is expecting Connor to join and be interviewed. And it was in a few hours. This just gets wilder and wilder. Connor starts wondering if he should join the interview.
Darknet Diaries
133: I'm the Real Connor
And just to see what's going on, at the least he can inform this other company that they shouldn't hire him because he's not actually applying for the job. And that's going to be awkward to explain to them for sure. All the while, Connor is trying to figure out why they took his resume to copy. What was it about Connor that made his resume special?
Darknet Diaries
133: I'm the Real Connor
It was mobsters. So what did this head of security cherish more? Family or the law? It's an impossible thing to answer. I felt as if I was on the poker table, going head to head with him, trying to read what cards he was holding. And my job was what was on the line. Well, I blurted out, Of course I wouldn't turn you in. You're my boss.
Darknet Diaries
133: I'm the Real Connor
Hmm, I wonder how big of a decision this was for Andrew. A college kid looking for work, finding a job that pays, but having to turn it down because it violates his ethics? I bet there are quite a lot of college kids that would be up for it, you know?
Darknet Diaries
133: I'm the Real Connor
And I wonder if this is a tactic, that this Marist person or P&D person targets college kids because they need the experience and work and are more willing to take non-ethical jobs? I don't know. Anyway, for Connor to get an email like this, it absolutely derailed his ability to concentrate on anything at work that day. I mean, he had to go to an interview that he did not set up.
Darknet Diaries
133: I'm the Real Connor
And how do you even prepare for something like that? Actually, it doesn't matter, since there just wasn't much time to prepare for it anyway.
Darknet Diaries
133: I'm the Real Connor
Andrew sent Connor all the information to join the interview.
Darknet Diaries
147: Tornado
All right, lights red, we're recording. Hey, Tortoni, you're looking great today. Still writing, I see. See, here in my studio, which is just my closet, I have a picture on the wall made by Edward Manet. And it's a picture of a fine-looking gentleman sitting at a table writing something down. I call him Tortoni, but that's not his name.
Darknet Diaries
147: Tornado
Now, because the in-game currency was the Ethereum cryptocurrency, this allowed for a whole in-game marketplace. You could buy or sell things to other players with cryptocurrency, just like directly on the blockchain. Ethereum wasn't just for cryptocurrency, but there were items on it now. Axies, for instance.
Darknet Diaries
147: Tornado
And you could buy one from another person directly if you wanted, without having to go through any game to do it. How do people make money? Do you understand the complexities of this? Because if you're battling someone and you win the battle, do you take money from the other person?
Darknet Diaries
147: Tornado
Now you might be thinking, hold on, wait a minute. This is an awful idea to bridge real money into a video game. Well, you're not the only one to think that. The video game marketplace, Steam, has outright banned all crypto-based games from there. At first glance, you might be thinking, oh, that's because they don't want people spending real money on games like that.
Darknet Diaries
147: Tornado
It can ruin the in-game economy, and it leads to speculative behavior. And also, isn't it stupid to just buy video game assets like gold and weapons? But none of those are the reasons why Steam banned crypto-based games. A very popular game on Steam is CSGO, or I guess it's now called Counter Strike 2.
Darknet Diaries
147: Tornado
Within Steam itself, there's a whole marketplace where you can buy and sell in-game Counter Strike items from other players for real money. It's like a giant marketplace on Steam. Thousands of purchases happen every day. Yeah, you can show up, type your credit card details in, and start buying items in the game from other players with real money.
Darknet Diaries
147: Tornado
This is Darknet Diaries. This episode is sponsored by Mint Mobile. With big wireless providers, what you see is what you get. Somewhere between the store and your first month's bill, the price you thought you were paying magically skyrockets. With Mint Mobile, you'll never have to worry about gotchas ever again. When Mint Mobile says $15 a month when you purchase a three-month plan, they mean it.
Darknet Diaries
147: Tornado
Steam has built this whole system, so clearly they are perfectly fine with people using real money to buy in-game items, or be speculative in the game, or mess up the game economy. However, when you sell an item, you don't get the money from the sale. They give you Steam credits, which can be used to buy other games on Steam,
Darknet Diaries
147: Tornado
But players were like, wait a minute, if I'm selling this to someone who's buying it with their credit card, why can't I get the money they paid for it? It seems like, yeah, we really don't want to give you money. Game credits are much better for us. So players were like, well, you know what? Nobody can stop us from just trading among ourselves. So player to player sales started happening.
Darknet Diaries
147: Tornado
But how do you send money digitally? You can't just give someone your credit card. It doesn't work that way. So players started trading using cryptocurrency. But this became unsafe. People were sending their money and not getting anything in the trade. So websites started popping up saying, hey, we'll broker the deal for you.
Darknet Diaries
147: Tornado
And they started acting like the middleman and trades for Counter-Strike. And that went on for a while. And Steam was like, all right, here, we'll make an API for the marketplace.
Darknet Diaries
147: Tornado
and this allowed secondary marketplaces to let players buy and sell in-game items with real money and not only that a lot of markets allowed you to buy and sell items with cryptocurrency so while steam has banned crypto-based games you can actually use crypto to buy things in counter-strike 2 or sell things and get crypto from it And this is all totally allowed by Steam.
Darknet Diaries
147: Tornado
Steam could put an end to all this right now if they wanted. They could make it so players just can't trade with each other anymore. But they won't because they make far too much money from this whole system. So why does Steam actually ban crypto-based games? I think it's because the regulatory landscape is unclear.
Darknet Diaries
147: Tornado
When you start accepting cryptocurrency, suddenly you get into these regulations that are very difficult to figure out. And don't tell me that Steam bans crypto-based games because it keeps out the trashy, scammy type stuff. Well, have you seen the game Banana? As I'm saying this, it is the second most popular game on Steam, and it's possibly the world's dumbest game.
Darknet Diaries
147: Tornado
You just click a banana, and after a while, you might get a banana for doing it, which can be sold on the marketplace. And it's making the creator a ton of money since people are buying bananas with real money for no reason. The banana does nothing in the game. This is 10 times dumber than any NFT game I've ever seen. And it's not even an NFT game.
Darknet Diaries
147: Tornado
The fact that Steam allows this is kind of breaking my brain, honestly. I bet there are a million teenagers today who are very fluent at understanding the market intricacies of V-Bucks or Robux, the virtual currencies for their favorite games. And the thing about Steam credits or V-Bucks or Robux is you can only buy it. You can never sell it.
Darknet Diaries
147: Tornado
It's against the terms of service to trade that for real money. And that kind of frustrates me. It's kind of like... When you go to an arcade and they make you buy tokens to play the video games there. Video games can operate just fine on quarters. There's no need to invent a whole new currency just to play them. And the currency can only be bought, never sold.
Darknet Diaries
147: Tornado
And it stinks when I come home from an arcade and there are a few extra tokens in my pocket. These things are worthless except for one place in the entire world. So Axie Infinity was built directly on the Ethereum cryptocurrency, utilizing smart contracts. but they soon hit a problem. When you play video games, you want it to be fast.
Darknet Diaries
147: Tornado
Ethereum transactions were slow, sometimes taking a few minutes to complete, and the fees on Ethereum were high, like often costing $30 in fees just to buy an Axie from another player. So to fix that, Sky Mavis, the creators of Axie Infinity, created a side chain of Ethereum called the Ronin network.
Darknet Diaries
147: Tornado
This side chain was very compatible with Ethereum, so players could move their money in and out between the Ronin network and the Ethereum network easily. And that mechanism of moving money between the two, they named that the Ronin bridge. The Ronin network was much faster and had very low fees, like less than a cent, making it much more ideal for a video game to be played on this blockchain.
Darknet Diaries
147: Tornado
But for this Ronin network to operate, there needed to be nodes and validators. Sky Mavis didn't want to be the only one controlling those nodes and validators, because if they were, they could theoretically control the whole network. I guess if you have a majority control of the validators, you could manipulate the system if you wanted.
Darknet Diaries
147: Tornado
The idea of a decentralized network is that nobody should ever have a majority of the validators so that it can't be manipulated. So they made sure to have people outside their control also running nodes and validators.
Darknet Diaries
147: Tornado
So there's this very valuable company with millions and maybe billions of dollars worth of cryptocurrency assets running through it, swapping around, moving fast, moving a lot. This will attract somebody who wants to steal that money.
Darknet Diaries
147: Tornado
A lot of scammers and thieves flocked to this game, trying to steal things from other players. Some players' crypto wallets were loaded with tens of thousands of dollars of Axie Infinity assets, and scammers were trying hard to steal stuff from players' wallets.
Darknet Diaries
147: Tornado
One common tactic is to get an Axie Infinity player to connect their crypto wallet to the scammer's website, maybe by saying something like, oh, we're giving away a free rare Axie. With some cleverly crafted message, they can trick a person into giving them access into their wallet. which then the thief can drain everything from it.
Darknet Diaries
147: Tornado
All plans come with high-speed data, unlimited talk and text, and you can use your own phone with any Mint Mobile plan and bring your phone number along with your existing contacts. To get this new customer offer with your new three-month premium wireless plan for just $15 a month, go to mintmobile.com.com. That's mintmobile.com slash darknet.
Darknet Diaries
147: Tornado
Hundreds, if not thousands, of Axie Infinity players were victim to this type of attack. And I should say that even though attacks on players and cryptocurrency-based games is very common, it's not unique to only crypto-based games.
Darknet Diaries
147: Tornado
I remember when I was playing World of Warcraft a long time ago, someone somehow got into my account and transferred all the gold and removable items from my character into whatever account they had. I got digitally robbed in World of Warcraft.
Darknet Diaries
147: Tornado
And if you hang out in the Counter-Strike forums or Roblox forums or Fortnite forums, you see people begging for help every day, saying their account got hacked or their stuff got stolen. There's a lot of money in stealing video game assets. It's crazy.
Darknet Diaries
147: Tornado
So we don't know how they made contact. My first thought was Discord. A ton of scammers are on Discord trying desperately to hack into people's accounts. But in this case, I'm willing to bet the initial contact was made on LinkedIn. It's kind of easy to find developers for Axie Infinity on there to begin with. Then it's only a few clicks away before you can message one of them.
Darknet Diaries
147: Tornado
And it sounds like they messaged a developer offering them a job. So if that's the case, it's not so hard to create a fake persona on LinkedIn to look like you work for some prestigious company.
Darknet Diaries
147: Tornado
Cut your wireless bill to $15 a month at mintmobile.com slash darknet. $45 upfront payment required, equivalent to $15 a month. New customers on first three-month plan only. Speed slower above 40 gigabytes on unlimited plan. Additional taxes, fees, and restrictions apply. See Mint Mobile for details. Support for this episode comes from Delete Me. It feels like a war out there.
Darknet Diaries
147: Tornado
Yeah, I mean, if you get malware onto a developer's computer and then take control of their computer, then you can assume the role of that developer in that company. You have their access keys, their logins, their privileged access to the network.
Darknet Diaries
147: Tornado
But they were looking for a central wallet like cold storage or something where SkyMavis stores all the keys and has access to millions of dollars in crypto. But they couldn't find that. So the second thing was, with all this money flowing through the system, was there a way to grab it somehow?
Darknet Diaries
147: Tornado
Wow, I think the level of knowledge needed to pull this off is quite remarkable. This is not so simple as opening up a wallet and transferring the funds out. To take over five of the nine nodes of this side chain and to know how to operate them in a way that will allow them to steal money takes a specific skill set. Whoever did this must have had to prepare quite a bit for an attack like this.
Darknet Diaries
147: Tornado
It kind of reminds me of that one time my friend went and bought an antique for, I don't know, $1,000 or something. And on his way home, he stopped for lunch somewhere and his car got broken into and the thieves stole the loose change in his cup holder. They looked at that old antique and didn't think it was worth anything and left it.
Darknet Diaries
147: Tornado
Whoever was targeting Axie Infinity knew exactly where to look to extract the most amount of value they could from the system. They knew exactly where the value was. And I don't think many of us would know how to work these controlling nodes, even if we could take them over.
Darknet Diaries
147: Tornado
Companies all over trying to scrape and store all kinds of personal data about me. My phone number, address, family members, where I work, sexual orientation, club affiliations, income level, what kind of car I drive. It's just endless. And every now and then I Google myself and just get freaked out about the amount of data there is about me out there. This is why I use delete me.
Darknet Diaries
147: Tornado
But when they took over these nodes, they got immediately to work, setting up an attack which would allow them to transfer as much out of the Ronin network as they could and as fast as they could, directly into the Ethereum wallets that were ready and waiting. They set up everything and using their control of the bridge, deployed a command to transfer the money.
Darknet Diaries
147: Tornado
Is there a single cyber heist that is more than $650 million? I can't think of one.
Darknet Diaries
147: Tornado
Some of my listeners might be shaking their heads right now and think, no, Jack, none of this cryptocurrency is real money. This is not the biggest heist of all time. And in fact, a lot of articles which list the biggest heists of all time don't include any cryptocurrency heists. But the thing is, these thieves immediately started exchanging it for traditional money.
Darknet Diaries
147: Tornado
So to me, if you can swap it quickly and easily for any currency you want, then yeah, to me, it's real money.
Darknet Diaries
147: Tornado
Maybe I should have mentioned this earlier, but the reason I'm talking with Jeff about all this is because he just published a book called Rinsed, which is all about money laundering in the modern world. And I just finished reading it, and it sent me down a wild, twisted tunnel into the world of money laundering.
Darknet Diaries
147: Tornado
Now, what we're talking about in this episode is a single chapter of the book, though. The biggest heist of all time, Axie Infinity, is interesting by itself. But the thieves are now faced with a staggeringly huge challenge. How do you cash out $625 million in stolen cryptocurrency?
Darknet Diaries
147: Tornado
If you sent it all to an exchange, they might not be able to swap that much, or they might freeze your account, and you could lose it all. So while they immediately started sending some of it to an exchange, that was only a small amount, and they needed a big plan for the bulk of it. We're going to take a quick break here, but stay with us, because after the break, someone's going to prison.
Darknet Diaries
147: Tornado
I registered there and told them what to look for about me. They were able to discover what sites have data on me and took steps to get that information removed for me. That's my favorite part. It's like getting help in this war. Their scouts know exactly where to look and they'll tell me what they found about me.
Darknet Diaries
147: Tornado
Support for this show comes from Black Hills Information Security. This is a company that does penetration testing, incident response, and active monitoring to help keep businesses secure. I know a few people who work over there and I can vouch they do very good work. If you want to improve the security of your organization, give them a call. I'm sure they can help.
Darknet Diaries
147: Tornado
But the founder of the company, John Strand, is a teacher, and he's made it a mission to make Black Hills Information Security world-class in security training. You can learn things like penetration testing, securing the cloud, breaching the cloud, digital forensics, and so much more. But get this, the whole thing is pay what you can.
Darknet Diaries
147: Tornado
Black Hills believes that great intro security classes do not need to be expensive, and they are trying to break down barriers to get more people into the security field. And if you decide to pay over $195, you get six months access to the MetaCTF Cyber Range, which is great for practicing your skills and showing them off to potential employers.
Darknet Diaries
147: Tornado
Head on over to BlackHillsInfosec.com to learn more about what services they offer and find links to their webcasts to get some world-class training. That's BlackHillsInfosec.com. BlackHillsInfosec.com. The news broke pretty fast. Axie Infinity's Ronin Bridge hacked! $625 million stolen! Lots of people lost a lot of money, including Sky Mavis itself.
Darknet Diaries
147: Tornado
North Korea. So North Korea's military has something called the Reconnaissance General Bureau. In it are believed to be where thousands of hackers are trained and tasked with completing military objectives. This isn't the first time they've been accused of stealing millions of dollars in crypto. And it's estimated that they've stolen over a billion dollars in cryptocurrency now.
Darknet Diaries
147: Tornado
And if they can't remove it themselves, they'll give me recommendations on how to get it removed or mitigate it. Take control of your data and keep your private life private by signing up for Delete Me. Now at a special discount for Darknet Diaries listeners. Today, get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code DD20 at checkout.
Darknet Diaries
147: Tornado
I can't think of another country where their government is hacking for financial gain like this.
Darknet Diaries
147: Tornado
Hmm. But now that I said that out loud, that I don't know of another country that hacks for financial gain, I'm reminded of an episode I did with a CIA agent. It was episode 116 called Mad Dog. In it, a CIA agent told me he tricked a diplomat from another country to give him information on an upcoming trade deal between the U.S. and that country.
Darknet Diaries
147: Tornado
He saw what their bottom line was, the lowest amount that they would accept in the trade deal. And he gave this information to the U.S., who in turn used that information to save the U.S. billions of dollars in the trade deal. Is this hacking for financial gain? Social engineering for profit, maybe?
Darknet Diaries
147: Tornado
I guess economic security falls under national security, and countries will go to great lengths to keep their economic security going well.
Darknet Diaries
147: Tornado
Well, hang on a second now. So they have 170,000 Ethereum tokens. They need to turn that into dollars so that they can buy whatever. Why don't they just set up an exchange in North Korea that they can just send it to and be like, all right, done.
Darknet Diaries
147: Tornado
The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code DD20 at checkout. That's joindeleteme.com slash darknetdiaries, code DD20. Digital assets are fascinating to me. I'm no economist, but they behave in ways that don't make sense to me. Like, let's take audiobooks, for example.
Darknet Diaries
147: Tornado
Okay, so North Korea has $625 million in stolen cryptocurrency, specifically Ethereum and USDC. We should say there's allegations North Korea denies these allegations of being involved in these hacks. Okay, so it's supposedly North Korea. A lot of evidence points to them, but we don't know for certain. I think it was.
Darknet Diaries
147: Tornado
Now, the way these cryptocurrencies work is there's no way to recover that money. This is real ownership. As I was saying earlier, there's no central bank that can reverse the transfer or pull the money back out. The money is North Korea's, and there's nothing anyone can do about that ever. Except, North Korea is under strict sanctions, which means it's forbidden to do business with them.
Darknet Diaries
147: Tornado
On top of that, it's stolen money, and those wallets were flagged. So exchanges won't simply let them exchange it into cash. What they need is a chop shop. The only reason why I know about chop shops is because of playing Grand Theft Auto.
Darknet Diaries
147: Tornado
And when I was playing the game and I stole a car and the police were chasing after me, I could take that car into a chop shop and they'd scratch off the VIN, paint the car a different color and give it a new license plate. Then, when I got back on the road, I could drive right past the police without them knowing it's the same stolen car since it looks entirely different.
Darknet Diaries
147: Tornado
But with cryptocurrency, you can't hide very well by just transferring the money into a fresh wallet. There's a big, glaring transfer displayed publicly for anyone to see. Moving it into a new wallet doesn't do anything to hide your tracks. They somehow needed to clean this money so it can't be linked back to the money stolen from Axie Infinity.
Darknet Diaries
147: Tornado
tornado cash i've used tornado cash before let me tell you why okay so i was going for a coffee a while back in my town and i noticed they accepted ethereum cryptocurrency and i was like hot diggity people have been donating ethereum to my podcast i'm gonna use it to buy some coffee So I started to get it going, but I thought, wait a minute, hold on, no way, this is a bad idea.
Darknet Diaries
147: Tornado
This picture has captured my imagination and curiosity for countless hours. I stare into it, and I just fall into an abyss. But the thing about this picture is that it's not the content or even who made it. It's that this picture was stolen from the Isabella Stewart Gardner Museum back in 1990, and it's never been recovered. And I don't have the original. I just have a print of it.
Darknet Diaries
147: Tornado
My donation wallet is public, so anyone can see where I spend my money. And if they see I spent it on coffee in my town, that might expose where I live. I go to extreme lengths to keep my private life and public life separate. So I need a way to move this money into a personal wallet so I can spend it without people able to see where I'm spending it. So what are my options?
Darknet Diaries
147: Tornado
I could send it to an exchange and then send it to a fresh wallet. But to use an exchange, I have to give them my personal details like my driver's license and stuff, which seems a bit much just to buy a cup of coffee. Isn't there a simpler system, one that's more privacy focused? Yeah, Tornado Cash. Tornado Cash is great. You send your money to it.
Darknet Diaries
147: Tornado
It gets thrown in a pool with a bunch of other people's money, and you get sort of a claim ticket. And at any moment, you can use your claim ticket to get your money back out into a fresh wallet. Essentially, this allows you to transfer your money into a new wallet, but it removes the tracks of where it came from. What's great about it is that it's all automatic.
Darknet Diaries
147: Tornado
I was telling you about smart contracts before, where you can add code to the Ethereum blockchain. Money is programmable now. So I can see the Tornado Cash code, verify it looks okay, and then get my wallet to interact with it directly, giving it my money and getting that claim ticket back.
Darknet Diaries
147: Tornado
And the way Tornado Cash worked is that they purposely built it so the creators themselves never took control of your money. The only person who would ever have control of your money is you. The smart contract is programmed to handle the money, but the creators built it so that they can't even control the smart contract anymore.
Darknet Diaries
147: Tornado
They literally coded all zeros in for who can control it, which means nobody can.
Darknet Diaries
147: Tornado
It takes a lot of work to make the first one, but then infinite copies can be made at zero cost after that. So I don't know. What happens when supply goes to infinity, right? It seems like price would go down to nothing. But it's not the case. Audiobooks are still $10, $20 each, despite there being an infinite amount of them, which costs nothing to make more of. That's kind of wild.
Darknet Diaries
147: Tornado
Okay, so you might be thinking, hold on, this is just a Bitcoin tumbler, a mixer for money laundering. And there have been lots of them in the past. And weren't they all illegal anyway? Yeah, that's the thing. This one was different, very different. The ones in the past were typically custodial mixers.
Darknet Diaries
147: Tornado
meaning someone is actually in possession of your money if someone put a gun to their head they could hand over all your money these kind of mixers are illegal because the person holding the money should know whose money they're holding like if i give you something illegal to hold you could be in just as much trouble for holding it as me
Darknet Diaries
147: Tornado
And yeah, a bunch of people were running these mixers and were caught by the police and arrested for running unlicensed money transmitters. And the police were able to shut down those services. The difference here is very important. A custodial mixer is where you give your money to some person to hold for when you want it back.
Darknet Diaries
147: Tornado
While a non-custodial mixer, the money is held on the blockchain, not in anyone's possession. Kind of like if you just stashed your money in a locker somewhere, and then you gave the key to someone else and they got it out. The place that owned those lockers had no idea what you put in there, so they can't be held liable for whatever was in there. Kind of like a dead drop.
Darknet Diaries
147: Tornado
Now, I imagine the makers of Tornado Cash saw that custodial mixers had been shut down and arrested in the past. And they probably knew full well that a service like this might be abused by people. So Tornado Cash developers were like, we have to be absolutely certain that we're never in possession of anyone's money ever. We can never have custody since those kind of mixers are illegal.
Darknet Diaries
147: Tornado
So it's only with the invention of smart contracts that they were able to make a service like this. that they could be completely hands-off, a service that nobody was operating or running. It was headless. And the developers could never touch anyone's money, even if they wanted. It was coded that way. In no way, shape, or form are they ever in possession of anyone's money.
Darknet Diaries
147: Tornado
And they went to great lengths to prove that. Not only that, they wanted this thing to be extremely resilient and impossible to be taken down, as they felt that privacy tools like this were very important to people. Also, a lot of these mixers in the past were tailored for criminals. So Alphabay, for example, was a darknet marketplace where people could buy and sell illegal items.
Darknet Diaries
147: Tornado
Well, the site had its own crypto mixer specifically designed to help you hide your illegal purchases. And in the world of cybercrime, intention matters. If you are building something specifically for criminals to conduct crimes with, that's racketeering, and you could get RICO charges against you. But the developers of Tornado Cash held on strong that this was a privacy tool.
Darknet Diaries
147: Tornado
That was their point. And to make that clear, they didn't hide in the shadows of the dark net. They were open about their service and made it easily accessible. I mean, they even had a Twitter account and a normal website, which all clearly said, this is a way to have private transactions on Ethereum.
Darknet Diaries
147: Tornado
So as you can see, as a person who values my own privacy, I found this tool to be helpful and important. Decentralization is very fascinating to me too. My website, darknightdiaries.com, is hosted on a single server somewhere. But Tornado Cash was kept up by hundreds of thousands of people running Ethereum validators. And there's something amazing and beautiful about that.
Darknet Diaries
147: Tornado
We can put something on the blockchain and you know it'll permanently be there as long as Ethereum exists.
Darknet Diaries
147: Tornado
And you'd think that piracy would have destroyed the market for digital assets, too. With unlimited supply, demand should have gone way down. But no. The demand for digital goods is at an all-time high. Top-tier musicians are making more money now than they ever did before.
Darknet Diaries
147: Tornado
Well, clearly, I wasn't the only one to use Tornado Cash. The people who stole the $600 million from Axie Infinity also noticed Tornado Cash and sent hundreds of millions of dollars to it.
Darknet Diaries
147: Tornado
Sanctions? What? The privacy tool I use got sanctioned? Hold on, hold on. This does not feel right. Okay, I need some names. Who created Tornado Cash?
Darknet Diaries
147: Tornado
Oh, it was a DAO. Of course. DAOs are fascinating. What I'm saying is an acronym, D-A-O, DAO, and it stands for Decentralized Autonomous Organization. And this is a perfect example of one. The internet has changed everything about our lives. You know that already. Every day I get online and I chat with loads of people from all around the world and I visit websites from other countries.
Darknet Diaries
147: Tornado
And that's because we all have mobile devices glued to our hands 24-7, and we're continually thirsty for more digital content to consume. It almost seems like our whole lives are digital now. Movies, shows, memes, music, books, even the people we are closest to, we have a digital relationship with them. But I'm always wondering, of all the digital stuff in our lives,
Darknet Diaries
147: Tornado
And it never feels like I'm traveling far away to another country to interact with them. It's just right here on the screen in my bedroom, just milliseconds away. The internet has connected us in a way where national borders just don't seem to exist anymore. So if you were to start an online business,
Darknet Diaries
147: Tornado
that exists only online, and there's like no physical product or reason to have a home base, and maybe you start it with two other people, like one person is from Europe, another is from Asia, and the third is from the US. What country do you establish your business in? Forget it. Why not just make it an online company, not part of any nation at all? Is that possible?
Darknet Diaries
147: Tornado
I mean, traditionally, you needed to make a company like an LLC or something in order to get a business bank account to do business with the world. But since this service is all cryptocurrency-based, you don't need a bank. And autonomous means the company can continue to operate without anyone controlling it. Tornado Cash was one of these DAOs. It was decentralized and autonomous.
Darknet Diaries
147: Tornado
It existed only online and was capable of operating all by itself. This is another new thing in the world that didn't exist 10 years ago. These DAOs exist online only. It's a business that isn't seated in any specific country. Why should it be? If people are getting paid from a DAO, then those people can just report their income on their taxes and say they're contractors for that organization.
Darknet Diaries
147: Tornado
So the U.S. federal authorities were mad that hundreds of millions of dollars were stolen and then sent through Tornado Cash. They wanted to seize the funds and shut down the service. But like I said, Tornado Cash was built in a way that it was impossible to turn off, and they never had control of the funds ever. So the only tool the U.S. authorities had to try to stop it was to sanction it.
Darknet Diaries
147: Tornado
which I don't even think you can sanction an app, a piece of code. I mean, it's still there on GitHub for anyone to see right now. So if it's illegal, why is it on GitHub? And code is just words and symbols. So in essence here, they've sanctioned a bunch of words that in a certain combination has meaning. So can you even sanction a page with words on it?
Darknet Diaries
147: Tornado
Isn't there like a free speech violation in here somewhere? But not only did they sanction the code, they decided to arrest the people who started it. But what was their intention for starting Tornado Cash? Because as I said earlier, in the world of cybercrime, intention matters. It really does.
Darknet Diaries
147: Tornado
Mmm, the police are saying intention doesn't matter here. The act of creating open source code and putting it on the blockchain to help make your financial transactions private was illegal because someone misused their tool. And I want to point out here that the U.S. government isn't clear on whether cryptocurrency is even money or not.
Darknet Diaries
147: Tornado
Is any of it really ours to own? Okay, so I think anything that's saved on your computer and you can use it offline, I'll say that's yours and you own that. Photos that are saved on your phone, that's yours. Music saved in MP3 form, that's yours too. You own that. But the line is often blurry between what's on our devices versus what's on the internet.
Darknet Diaries
147: Tornado
The Commodity Futures Trading Commission, the CFTC, classifies it as a commodity. The SEC classifies it as a security. The IRS classifies it as property. And FinCEN, the Financial Crimes Enforcement Network, classifies it as money, which is what requires people to follow the anti-money laundering laws. The government has made all this so confusing. I hate being in this position.
Darknet Diaries
147: Tornado
I don't want to take the side of criminals who stole this money. But because I want to live in a world where financial privacy exists... I feel like sanctioning privacy tools hurts me. Yes, but the cost of that.
Darknet Diaries
147: Tornado
Because the money-transmitting rules they were supposed to follow was KYC, which stands for Know Your Customer. For them to operate this legally, they would have had to ask everyone who uses the service for their real name, identity, upload your driver's license, tell them your address. And when you do all that, now it's not so private anymore.
Darknet Diaries
147: Tornado
Well, now creators have to maintain a database and a whole backend full of people's personal information. I don't want my personal information in a database somewhere just so I can privately buy a cup of coffee. The best privacy tools are the ones who know nothing about who I am. When the financial system becomes a surveillance system, we start having big problems. Look at China, for example.
Darknet Diaries
147: Tornado
They have this social credit system where if you do things the government doesn't like, they can restrict what you buy. They can also see everything you buy and make judgments about your character based on it, restricting other areas of your life or even targeting you as a problem citizen. A government that is watching your every purchase is not encouraging of a free society.
Darknet Diaries
147: Tornado
I mean, let's look at some legitimate use cases for why you'd want to use Tornado Cash to hide your transactions. You heard me say that I like to have this buffer between my public life and my private life. The internet is a big, old, dangerous place. And if you don't believe me, listen to the previous 146 episodes of this podcast.
Darknet Diaries
147: Tornado
It's important that we secure our stuff and take our privacy seriously. Also, imagine going to buy something from someone, and as soon as you give them the money, they can look to see how much money is in your bank account and all your previous purchases. This is how Ethereum works by default, so we need a way to shield our purchases from the rest of our transaction history.
Darknet Diaries
147: Tornado
You heard how Vitalik, the creator of Ethereum, wanted to donate to Ukraine but wanted to do so privately without anyone knowing. There's another reason. He's a public figure. He wants to keep his political activities to himself.
Darknet Diaries
147: Tornado
There are nonprofits that I know of who go to great lengths to keep their donors private because donors don't want the public to know what causes they're giving towards and don't want any extra solicitation from people asking them for more money. But I keep thinking about stories of people living in oppressive regimes, China, Russia, Iran.
Darknet Diaries
147: Tornado
If you live there and speak up against the government, you could easily go to jail. And these governments want strict control over their citizens, so monitoring financial transactions is crucial to keeping a strong grip on them. So dissenters and activists in these countries absolutely need a way to send and receive money in a private way.
Darknet Diaries
147: Tornado
To support their cause and educate people in the atrocities of their own government. Their life depends on private financial transactions. Churches and charities don't care if you deliver them a big bag of cash as an anonymous donor. And that's none of anyone's business if I want to donate anonymously. I want the same thing for digital transactions.
Darknet Diaries
147: Tornado
I think taking down privacy tools like Tornado Cash hurts regular people.
Darknet Diaries
147: Tornado
Like if you have an Android phone, it tries to get you to back up your photos to Google Drive. And it's not always clear if your photo is on your phone or on Google's servers. If it's just on Google's servers, then you don't really own it, do you? Since they have complete and full control of your photos. What about audiobooks? Let's look at those for a minute.
Darknet Diaries
147: Tornado
I want to just take a step back here and note that this story wasn't possible like 10 years ago. This is such a novel new world we're in. Money used to only be physical, but with credit cards, it's turned virtual. And with everything being online today, we need digital money. Money used to be controlled by governments, but now with cryptocurrency, it's controlled by the people.
Darknet Diaries
147: Tornado
And it's like we're in the middle of a major revolution here. Money is power, and the governments are losing their power as cryptocurrency becomes more widespread, so of course they'd want to put up a fight against it. And now with smart contracts and DAOs, businesses can be fully autonomous and always online?
Darknet Diaries
147: Tornado
How crazy is that, that a company can exist and make money and act as an online service and it doesn't need to be maintained or controlled by anyone? This is an entirely new kind of problem for the U.S. government to deal with, and they don't really have a good way to combat against it other than sanctioning the code. If you aren't familiar with how sanctions work, it means the U.S.
Darknet Diaries
147: Tornado
Department of the Treasury's Office of Foreign Assets Control, which is OFAC, has declared that you are forbidden to interact with Tornado Cash. If you do, you might get arrested. But it also means your money may become frozen if you send it to an exchange. I mean, typically, when I buy things or go online, I don't ever think about whether or not I'm violating sanctions.
Darknet Diaries
147: Tornado
Like, for instance, if North Korea is sanctioned, I don't expect North Korean-made goods to be in my supermarket where I could buy them and break sanction codes or something. I assume the shop owner knows not to buy sanctioned items to try to sell them to me. So it's completely off my radar. But here's a situation which I think is the first time ever that an online application is sanctioned
Darknet Diaries
147: Tornado
This is unprecedented. And so now, I don't know how to navigate this world. Am I supposed to check the sanctions list every time I go online, visit a website, buy something, use an online service? This breaks my brain.
Darknet Diaries
147: Tornado
Most audiobooks I listen to, I can actually borrow from the library. And there are apps which let you check them out, and you can listen to it for a few weeks and then return it digitally. It's great. But often my library doesn't have the book I want, so I've got to buy it. And when I buy an audiobook, the biggest marketplace for that is Audible. So I look there.
Darknet Diaries
147: Tornado
So North Korea sent about $450 million worth of crypto to Tornado Cash to try to mix it.
Darknet Diaries
147: Tornado
And what drives me crazy about buying books from Audible is... Well, I don't own that book. Like, at all. If I owned it, I should be able to save it locally, give it to a friend, donate it to my library, or resell it to someone else like a used audiobook. But all that is impossible to do through Audible.
Darknet Diaries
147: Tornado
I guess a chop shop wouldn't even work here because it's more like you stole a giant bus and no matter what color you change it, you're going to look like a giant bus coming out the other side.
Darknet Diaries
147: Tornado
So the guys who started Tornado Cash, two have been arrested, and in May of this year, the first verdict came in. Alexey Pertsev was tried in the Netherlands, and the judge found him guilty and sentenced him to five years and four months in prison. The cops took his Porsche and 1.9 million euros in cryptocurrency.
Darknet Diaries
147: Tornado
The press statement from the Netherlands government says, quote, tornado cash is not a legitimate tool that has unintentionally been abused by criminals, end quote. Not a legitimate tool. In fact, the judge said specifically he could not find any legitimate use for this tool, as if privacy itself is a crime.
Darknet Diaries
147: Tornado
Yeah, we've gone all over the road here, haven't we? How are you going to edit this one down? I do not envy you that task. Another way to look at this is that the feds are saying that the developers of the tool are responsible for how users use it. And that's a bit crazy, if you ask me. It's like saying a lighter company is responsible anytime someone uses their lighter to commit arson.
Darknet Diaries
147: Tornado
And of course, Audible could cancel your account at any time, and you would lose all of the books that you bought. So to me, the audiobooks that you buy on Audible are not really yours. You don't own them at all. So let's look at some other digital assets. How about my online accounts, like Twitter or email accounts or online gaming accounts? Do I own my Twitter username? No.
Darknet Diaries
147: Tornado
Or a drone maker is responsible anytime someone uses their drone illegally, like spying on people, flying in the wrong airspace, or dropping a bomb on someone. Or it's like saying a VPN provider gets arrested, shut down, sanctioned because some of their users went online and did something illegal. Or my goodness, is an encrypted messaging app responsible for people doing criminal activities on it?
Darknet Diaries
147: Tornado
I mean, we know criminals use iPhones. Apple knows criminals use their phones. In all these cases, the tech itself is neutral and it's up to the user to use it responsibly. Governments have never faced anything like this before and they simply have no precedent to act on here and in my opinion are just drawing really fuzzy lines arbitrarily.
Darknet Diaries
147: Tornado
They can't even come to a consensus on whether cryptocurrency is money or not.
Darknet Diaries
147: Tornado
Okay. I don't buy that argument. Why? Because all this happened and they didn't catch the real criminals here. In fact, I think even if they implemented KYC, North Korea would just have used like some fake ID and it wouldn't have helped catch them or slow them down at all. North Koreans are still on the loose with their fresh and clean $400 million. And they're the real criminals here.
Darknet Diaries
147: Tornado
Go after them. It's crazy that this story starts with someone stealing hundreds of millions of dollars and the people who end up in prison are the privacy advocates. And as I'm researching all this, I had to refresh exactly what does money laundering mean?
Darknet Diaries
147: Tornado
The act of money laundering is to hide the cash you have that was involved in some illegal activity, stolen money or drug money or something like that. Me trying to hide my transactions isn't a crime. It's only a crime if I'm trying to hide criminal activity.
Darknet Diaries
147: Tornado
And by the way, Tornado Cash, despite being sanctioned, is still up and running because that's how it was designed, fully autonomous and decentralized. In fact, there's YouTube videos out there that explain how to still use Tornado Cash despite it being sanctioned, basically showing you how to get around sanctions. I mean, videos like that surely should be illegal, right?
Darknet Diaries
147: Tornado
And it just makes me wonder if these sanctions have any teeth at all. If you ever hear of anyone who gets arrested for violating the tornado cash sanction, please tell me. I would love to know. Because what's the point of all this if the government isn't going to enforce the sanction at all? Because it almost feels like the government is powerless here.
Darknet Diaries
147: Tornado
It has no ability to stop or control cryptocurrency or from people using apps like this. This is what permissionless money is like. And I don't see any evidence that the government is even trying to enforce sanctions. The sanctioned code is still there on GitHub. YouTube happily hosts videos on how to avoid sanctions and still use tornado cash. What is happening here?
Darknet Diaries
147: Tornado
Just a month ago, the SEC approved the Ethereum ETF. This means you can buy this stock on the regular stock exchange and they'll buy ETH for you. It's a way to invest in Ethereum without actually holding Ethereum. So there's this wallet out there which holds all the ETH from this ETF. Well, guess what?
Darknet Diaries
147: Tornado
As soon as the internet figured out which wallet is holding the money for the ETF, someone sent a whole ETH token worth over $3,000 through Tornado Cash and then to the ETF wallet, which in my opinion means the wallet is now violating sanctions and can no longer buy or sell on an exchange. They did it to protest these sanctions, to show that there's absolutely no way to enforce this.
Darknet Diaries
147: Tornado
No, I don't think so. Twitter does. And they graciously let me use it. And at any moment, they could terminate it or rip it out of my hands. I don't have any actual ownership of it. I mean, just look at what happened when Twitter changed their name to X. There was a user on Twitter who had the username X, and Twitter just ripped it right out of their hands.
Darknet Diaries
147: Tornado
And I guess this means Tornado Cash won. There's no way to stop it or to stop people from using it. And so today, there's still millions of dollars flowing through Tornado Cash.
Darknet Diaries
147: Tornado
It is a very murky world. Because let's say, hey, I'm selling something online and someone's like, I'll buy it. And they send me the cryptocurrency that's been mixed through Tornado Cash. Am I supposed to say, oh, wait a minute, before you send me the money, let me analyze your wallet to make sure it doesn't have any sanctioned crypto in it? This is bonkers.
Darknet Diaries
147: Tornado
This is like running the serial number on every dollar bill you ever get to see if it's ever been used by someone who's been sanctioned in the past. That would be a nightmare to have to do. Yet that's what I feel like we have to do from now on. Yeah, so suddenly I'm wondering why the U.S. is even involved, right? So it's
Darknet Diaries
147: Tornado
Axie Infinity is based in Philippines, so I could see the Philippine police being upset. Vietnam. Oh, Vietnam. Okay, so I could see the Vietnamese being like, all right, we've got to sanction this because we don't have any other way, right? And then you've got the creators of Tornado Cash. They're not U.S.-based, are they?
Darknet Diaries
147: Tornado
Right. I don't know if there's the word trad cry, but traditional crime is based with people in countries, and those countries can deal with that or whatever. And here we have a new kind of crime, which is there is no boundary. There is no country. There is no head of some company. There is no person controlling the code. I don't even know if it is a crime. We haven't even established that.
Darknet Diaries
147: Tornado
And there was nothing that user could do to keep it. Because Twitter owns everyone's account. Yet, it's interesting because even though you can't own a Twitter account, they are still valuable. And people are buying and selling Twitter accounts all the time. Let's look at video games now. There are digital assets in video games, right?
Darknet Diaries
147: Tornado
There's laws that are established to avoid money laundering that may have been... What's going on? It's another person in another country that did it, right?
Darknet Diaries
147: Tornado
It makes perfect sense. And you know, as I was researching this episode, I saw more stories like this. Another privacy service just like this called Samurai Wallet was also shut down by the U.S. federal authorities and the people who started it were arrested.
Darknet Diaries
147: Tornado
This was a coin join on the Bitcoin network, which isn't the same as the smart contract system, but it is autonomous system and it's non-custodial. And it was also open source. And here you have people who have contributed to an open source project who are getting arrested because the feds are accusing them of running an illegal money transmitting service.
Darknet Diaries
147: Tornado
And as my eyes become tuned into this, I'm seeing more and more stories like this. The Phoenix Wallet decided to remove themselves from the App Store, not saying a reason why. Ibex Pay is shutting themselves down, not saying why either. MetaMask received an enforcement action letter from the SEC, and they're countersuing the SEC over that. Something big is going on here.
Darknet Diaries
147: Tornado
Privacy advocates have fought the government in the past before and won. The story of Phil Zimmerman comes to mind. Phil created a fantastic encryption program called PGP, which allowed you to send an email to someone encrypted, so only you and the receiver could see what was in it. Yeah, well, the U.S. government hated this kind of encryption that gave us privacy. Encryption?
Darknet Diaries
147: Tornado
That's only for the military. How dare civilians try to use it? So they classified PGP as ammunition, and they called it a regulated arm, as if it was a weapon, which allowed them to say, look, Phil, unless you get an arms export control license, you can't go distributing encryption code online. Because, you know, what happens if criminals use it? They could hide their communications.
Darknet Diaries
147: Tornado
Nobody wants that, right? The FBI began investigating Phil. Well, the privacy community was outraged that the government was restricting us from encrypting our own messages. And they started being vocal about how important privacy was. Someone suggested to Phil that he should publish the PGP code in a book. And Phil's like, what? Why? It's a program. It's code. Just download it online.
Darknet Diaries
147: Tornado
Jeez, if I were to put it in a book, it would take 800 pages to print it. But the thing was, books weren't considered regulated munition. Books were protected under free speech law. So if he were to publish the source code in a book, that would give him protections that what he's written is just words and not in fact a regulated arm. So he published it in a book and it was 800 pages of code.
Darknet Diaries
147: Tornado
Like, imagine you're playing an online game, and when you level up your character, you get all kinds of armor and weapons and gold. That character is yours, right? Well, I don't think so. I mean, the game can ban you at any moment, and then what? Or what about those in-game items like gold and weapons? It feels like that stuff is yours, but it's not really.
Darknet Diaries
147: Tornado
Well, enough people voiced their support for encryption and privacy that the government finally gave in and let Phil off the hook and even took encryption off the regulated arms list. It was a big victory for our privacy. And thank goodness, because encryption is inherent in everything we do online now.
Darknet Diaries
147: Tornado
Even what you're hearing right now, this podcast was delivered to you encrypted so that anyone who intercepted the packets along the way wouldn't know what you're listening to. It would have been illegal for me to use encryption on this podcast in the 90s without an export license. I did a whole episode on this, actually. That's episode 12, called Crypto Wars.
Darknet Diaries
147: Tornado
What Phil showed us is that code can be printed in a book, and if it's printable like that, it's protected under free speech. And so once again, it's unprecedented that the government would put a sanction on code, which has always been free speech. Until now. Until now.
Darknet Diaries
147: Tornado
No, the crypto space is so complex that if I sent it to your wallet and you sent it to my mom's wallet and she sent it to my wallet and then I sent it to the exchange, is the exchange going to know that still came from Tornado Cash?
Darknet Diaries
147: Tornado
Okay. Transfer it to Polygon and then back to ETH and now you've got a new wallet and it's, I don't know if that's traceable. There's just a lot of ways to get around that even still.
Darknet Diaries
147: Tornado
Yes, the book. Jeff has released a book called Rinsed, which goes into the modern ways criminals are laundering money. It's full of things that make you think about the new future that we're facing. I deviated quite a bit from it here, but what Jeff told us today was a single chapter from the book. So you can imagine how much more you learn from getting this book and diving in.
Darknet Diaries
147: Tornado
So go read Rinsed today and let me know what you think of it. And I'll leave you with this very important warning from the FBI, which was issued April 25th, 2024. This is PSA I-042524. The FBI warns Americans to avoid cryptocurrency money transmitting services that do not collect your name, ID, address, and other personal information.
Darknet Diaries
147: Tornado
To me, this is akin to the FBI advising against driving on roads without license plate readers or walking on sidewalks without facial recognition cameras. It's like being told not to wear sunglasses on a sunny day or to avoid using curtains in your house. By cautioning us against privacy tools, they aren't just infringing on our rights.
Darknet Diaries
147: Tornado
You can't save it offline or take it with you to another game. And it's strange because even though you don't own that stuff in the game, those items still can have real-world value. I know I've bought an in-game weapon before for $100. And it's ridiculous because I bought something I don't actually own. All right, what about my website, darknetdiaries.com? Do I have ownership of that?
Darknet Diaries
147: Tornado
They're asking us to live in a glass house, exposed and vulnerable. This isn't just a warning. It's a push towards a future where privacy is a relic of the past. Is that the world we want to live in? A big thank you goes to Jeff White for sharing this story with us. You can find a link to his book, Rinsed, in the show notes. Go check it out.
Darknet Diaries
147: Tornado
This episode was created by me, the firewall fidgeter, Jack Recider. Our editor is the router rigger, Tristan Ledger. Mixing done by Proximity Sound. Intro music by the mysterious Breakmaster Cylinder. I was moving my stuff the other day, and I had to carry my computer down some stairs, but I dropped it. And it tumbled down the stairs, smashing itself to bits all the way down.
Darknet Diaries
147: Tornado
At the bottom of the stairs was just a big mess of broken parts. The only thing that was salvageable was a stick of RAM. So at least I have the memory of it. This is Darknet Diaries.
Darknet Diaries
147: Tornado
But the thieves didn't just steal this picture. They took a bunch of others too. And this was the biggest single heist of all time. They estimated that the art that was stolen is worth $500 million. And it still remains unsolved. I'm looking at this picture on my wall right now. There's a $10 million reward for it. Yet mine, I just got from my printer for like five cents.
Darknet Diaries
147: Tornado
Well, at first glance, sure. I purchased the domain and I can do whatever I want on it. I'm the admin. I can say what I want and nobody can stop me. But no, first of all, I didn't purchase the domain. I'm renting it. All domains have to be renewed like yearly or every few years. Registrars control the domains and you pay them to get it.
Darknet Diaries
147: Tornado
But then you have to keep paying them to maintain control of it. Seems like I don't own it if I have to pay someone over and over to keep it mine. On top of that, governments can go to domain registrars and take over a domain that's being used for illegal purposes.
Darknet Diaries
147: Tornado
So yeah, I'd say I don't actually own my domain if someone else can rip it out of my hands like that, or if it'll expire after a while. But domains on the dark web are different. I'm talking about on Tor, the dark net. See, on the dark web, domains look awful. They're like a long string of random letters and numbers. You'd never be able to memorize it. And then it ends in .onion.
Darknet Diaries
147: Tornado
So how do you get a domain on the dark web? Is there a central body like ICANN where you go to register domains with? No, no, not at all. You create the domain yourself. Yeah, that's right. You generate a private public key pair and that public key is your domain name. So with this system, the person who has the private key controls that domain.
Darknet Diaries
147: Tornado
Now, to me, this is true digital ownership, and I love that. Unless someone comes and steals my key from me, nobody can ever take my .onion domain from me. It's never going to expire, and it can't be seized by the feds. This is why a lot of people are drawn to the dark web, to have something on the internet that's truly yours, and nobody can ever take it away from you.
Darknet Diaries
147: Tornado
Another thing that I think gives you true digital ownership is cryptocurrency. Not all money is like that. Your bank can refuse your service if they want. They can cancel your credit card and kick you out of the bank and freeze your money. I know PayPal has frozen my account before, trapping my money in there.
Darknet Diaries
147: Tornado
But because cryptocurrency is built on decentralized blockchains, there's no one managing it to kick anyone out or freeze an account or take over an account. Everyone and anyone is welcome.
Darknet Diaries
147: Tornado
at all times forever and the best part is you truly own your crypto wallet because to get a cryptocurrency wallet you just make it yourself by generating a random private key and then using that to derive a public key when you do this only you are the only person who's ever seen that private key and whoever has that private key controls that public address or wallet
Darknet Diaries
147: Tornado
There's no admin that can revoke your key or move your money without your permission. Your key is your key forever and ever. The blockchain is a fascinating invention, and whether you love or hate cryptocurrency, the technology behind it is very interesting. Take the Ethereum blockchain, for example.
Darknet Diaries
147: Tornado
It popularized something called smart contracts, which allows people to add code into the blockchain, which means you can program money and even create apps integrated directly into cryptocurrencies. This is wild, and it's opening up a whole new future that we never imagined.
Darknet Diaries
147: Tornado
For instance, people are making entire video games with these smart contracts where the whole game lives on the blockchain, which means the in-game currency is actually real cryptocurrency. Not only that, but the apps you make on the blockchain are truly yours, where nobody can ever seize it from you or stop you from making it. It's time we step foot into this big, new, wild digital world.
Darknet Diaries
147: Tornado
I think the game Axie Infinity represents a fundamental shift in video game development. I spoke to Jeff White about this game.
Darknet Diaries
147: Tornado
It's always been weird to me how art has just so much value. I just don't see how this picture, which is not that much bigger than a regular sheet of paper, is worth more than a mansion. But that's no longer the biggest heist ever. Because in 2022, a digital heist happened, which set a new record high. These are true stories from the dark side of the internet. I'm Jack Recider.
Darknet Diaries
147: Tornado
Okay, so I need a team of three of them. How do I get one of them? What's the process?
Darknet Diaries
147: Tornado
I see. And I like the ownership aspect of this. You really do digitally own one of these Axies since it's all on the blockchain. There's no way for anyone to take your Axies away from you if you own them, unless they steal your private key. To me, this is interesting because look at the software world right now. You can't buy Microsoft Word or Adobe Photoshop.
Darknet Diaries
147: Tornado
You have to pay a monthly fee in order to use it. You don't own a lot of the software or games today if you have to have an internet connection for it to work. And as the meme goes, if purchasing isn't ownership, then piracy isn't theft.
Darknet Diaries
141: The Pig Butcher
A few years back, a listener wrote to me to tell me about a problem they're facing. Okay, check this out. They went to buy a house, right? And when you go to buy a house, there's like a little dance that everyone does. Like, do you give them the money first? Or do they give you the deed first and the keys? Or do you do like a quick swap at the same time?
Darknet Diaries
141: The Pig Butcher
$90,000, that's a lot of money to lose. Is that kind of the upper limit of where you're seeing people losing stuff or are people losing more?
Darknet Diaries
141: The Pig Butcher
I've heard of people losing their life savings, but for some reason, this feels worse than that. I guess it's one thing to lose all your stuff when you're young, but it's different when you've worked your entire life to save up for retirement and then lose all of that. Your retirement's now gone, poof. You were financially stable and now super in debt and your whole future is screwed.
Darknet Diaries
141: The Pig Butcher
What a nightmare, though, to send a huge check somewhere only for it to go to the wrong place and then someone else runs off with the money. Ah!
Darknet Diaries
141: The Pig Butcher
What? People are actually killing themselves over pig butchering scams? This is nuts.
Darknet Diaries
141: The Pig Butcher
So... In these first few stories we've heard, it keeps getting back to romance, right? Do you see like kind of a pattern of who the victims typically are? Are they usually people who are looking for love or what are some other, you know, like if we're going to watch our own back, like we got to know when we're in a vulnerable state and what makes a person more vulnerable to this sort of stuff.
Darknet Diaries
141: The Pig Butcher
These are true stories from the dark side of the Internet. I'm Jack Recider. This is Darknet Diaries.
Darknet Diaries
141: The Pig Butcher
Yeah, so what are some of the skill sets that these scammers or thieves have? Because it sounds like they understand psychology a bit, so that would put them in social engineering skills, right? Tricking people, posing as someone on a dating app, whatever. But also being able to set up these websites and understanding crypto and putting malware on systems or whatever the case is.
Darknet Diaries
141: The Pig Butcher
The thing that strikes me... you know, I think it should strike us all with like a bit of fear is that this isn't, you know, you see the cybersecurity news every day. It's, you know, ransomware hit by this company and, you know, this other company got hacked and all that. This is us getting hacked. This is you and me. This is each one of our neighbors.
Darknet Diaries
141: The Pig Butcher
This is individuals of the world, the citizens of the United States or wherever they are. And that is just such a close-to-home thing. It's not far away in some other company that I don't have to deal with. It's me and my personal assets are being attacked. And that, I don't know.
Darknet Diaries
141: The Pig Butcher
Like when you realize that the threat actor is right here in my bedroom on my computer, it gives us a different sense of safety.
Darknet Diaries
141: The Pig Butcher
This episode is brought to you by SpyCloud. For some people, ignorance is bliss. But for you, as a security practitioner, that's not the case. I went to spycloud.com to check into my darknet exposure, and I won't tell you what it is, but spoiler alert, I found some things that are pretty eye-opening.
Darknet Diaries
141: The Pig Butcher
With these victims you've talked to, like, you know, the $90,000 one, the $1.7 million one, are they actually, like, how far along in the... how close are they to these people? Right? Are they having video calls with them? Are they having phone calls? Are they texting?
Darknet Diaries
141: The Pig Butcher
And the scammers do all kinds of weird things, like they'll send photos of two different outfits and ask, which outfit should I wear today? And then when the victim picks one, it gives them just that little bit more of information to know about them. Like, do you like formal clothes more than casual clothes? Let's send them more photos of that. Keep them on the hook.
Darknet Diaries
141: The Pig Butcher
And just think about how much you share about yourself on a personal level when you have a new love interest. A scammer could easily write all that down and figure out your vulnerabilities and play on that if they're really good. But I still think one way to sniff out these scammers is just to pick up the phone and call them.
Darknet Diaries
141: The Pig Butcher
I'm betting that a lot of these scammers are just guys posing as women, you know? So how do they sound on the phone? Even if they grab someone else to just pose as them and get on the phone, that person isn't going to know your whole chat history and won't be able to carry on a conversation in any way that makes sense. Or even more, let's do a video call and see what you really look like.
Darknet Diaries
141: The Pig Butcher
From breach exposures to info stealing malware infections, knowing what criminals know about you and your business is the first step to setting things right. Resetting stolen passwords and addressing the enterprise access points that have been stolen by malware helps you protect your business from ransomware, account takeovers, and online fraud.
Darknet Diaries
141: The Pig Butcher
And so just keep that in your head, that it's probably a red flag. If your love interest refuses to answer the call or get on video chat with you.
Darknet Diaries
141: The Pig Butcher
Yeah, dang, I didn't even think of that. So I've done video interviews with people a lot, you know, but I use a Snapchat filter on my video to obscure my face. In real time, on a live video call, my face gets distorted. And yeah, you could absolutely just use a filter to change your face to be a pretty lady, even though you're just some dude who doesn't even speak English.
Darknet Diaries
141: The Pig Butcher
We're going to take a quick ad break here, but stay with us because when we come back, we're going to talk about Black Axe. And you're not going to want to miss this. This episode is sponsored by Arctic Wolf. Arctic Wolf, an industry leader in managed security operations, surveyed a thousand security and IT professionals across the globe to better understand them.
Darknet Diaries
141: The Pig Butcher
What are their top priorities, current challenges and future concerns? This survey revealed some startling findings, and you can discover them all in the State of Cybersecurity 2024 Trends Report. Learn why the number of insider threats spikes severely, what lessons can be learned from the year over year change, and how many organizations disclose a breach.
Darknet Diaries
141: The Pig Butcher
and what cyber attacks struck 70% of organizations. Download the State of Cybersecurity 2024 Trends Report today at arcticwolf.com forward slash darknet. That's arcticwolf.com forward slash darknet. Okay, so I'm looking you up online. You're known as that BEC guy. What's BEC?
Darknet Diaries
141: The Pig Butcher
BEC, we break down the term business email compromise, right? So the compromise part makes me think somebody has taken over my Office 365 email server and is in my emails. They've compromised my emails. But that's not what you say is BEC.
Darknet Diaries
141: The Pig Butcher
With SpyCloud, you have a trusted partner to fight the good fight with. Their automated solutions, which is built on over 350 billion recaptured assets from the criminal underground, ensure you're not in the dark when it comes to your company's exposure to cybercrime. To get your full Darknet exposure report, visit spycloud.com slash darknetdiaries.
Darknet Diaries
141: The Pig Butcher
When you tell me that story, I just think that's a phishing. I don't call phishing BEC. I just call it phishing.
Darknet Diaries
141: The Pig Butcher
Is BEC always money-related or is it sometimes, no, we're just going to phish them so that we can get our malware on to steal their intellectual property?
Darknet Diaries
141: The Pig Butcher
So if we're going to classify something, because let's say we get phished, somebody sends us a phish, we click the link, we installed malware, you'd say, oh yeah, that wasn't BEC. But if it was, okay, we got phished, it would send money to this, and I sent the money, you'd say, oh yeah, that was BEC. Yep. Okay. So if you're going to classify as BEC, it's likely going to be financial related.
Darknet Diaries
141: The Pig Butcher
So now this pivots the whole thing in my head, right? Instead of you and me being targeted, now they're like, well, why target somebody who has thousands of dollars when we can target a business who has hundreds of millions of dollars?
Darknet Diaries
141: The Pig Butcher
By the way, 419 scams are those Nigerian print scams. You know the ones where they send you an email saying, if you pay us some money, we'll release the inheritance that we owe you. And the reason why it's called 419 scams is because specifically in Nigerian law, Section 419 makes it illegal to do this. We've all laughed at these scams in the past, but they're getting more sophisticated now.
Darknet Diaries
141: The Pig Butcher
I mean, that's amazing. But what I am surprised of is just like hearing the evolution of it. It sounds like they've really honed their skills over time.
Darknet Diaries
141: The Pig Butcher
What if it's a phony check or the deed is made up? This is where escrow comes in. Both the seller and buyer hand their things to a third party, someone that both sides trust and waits for everything to clear. If the check clears and the deed is valid, then escrow says, okay, the deal is done and gives the money to the seller and the keys to the buyer.
Darknet Diaries
141: The Pig Butcher
Wow, so this is the number one crime? I guess I'm just so surprised that it's those awful Nigerian scammers who are doing this. And when I say awful, I mean the least sophisticated phishing emails I've ever seen. You know the ones. Sir, you had a long lost relative who was the prince of Nigeria and he has recently died and left a large inheritance for you.
Darknet Diaries
141: The Pig Butcher
Just send us $500 so we can process this and we'll get the money over to you. Like who in the right mind thinks their long-lost relative is the Prince of Nigeria and you never knew it? It's just the absolute dumbest attempt at a phishing scam that everyone laughs at. And it's those guys who are number one? This is the biggest criminal financial loss for companies today?
Darknet Diaries
141: The Pig Butcher
Now, getting a business to pay a fake invoice can take a lot of prep. You gotta figure out who this company normally pays large bills to, and then try to pose as them. And one way to pose as them is to register a domain that's one letter off from the real one. So at first glance, it looks like it's from that person you normally do business with, but it's not.
Darknet Diaries
141: The Pig Butcher
This episode is sponsored by Delete Me. In episode 133, I spoke to Connor Tumbleson about some people from who knows where who were stealing his identity. Luckily, they weren't out to destroy his reputation or extort him, but think of the damage that could be done. We all have data out there, which data brokers use to make profit.
Darknet Diaries
141: The Pig Butcher
Or sometimes you can pose as like the CTO sending a bill to the CEO of the same company. But still, to know who the CTO and CEO are, you got to know who the people are that work at this company and what their emails look like and what their invoices look like so that it can be as close to the original as possible for this to work. And that takes a lot of work.
Darknet Diaries
141: The Pig Butcher
Oh, and it's not always bill paying. Sometimes they try to scam these companies to send them gift cards. The scammers will pose as like some manager in the company and they'll ask someone higher up, hey, the company did such a great year. I'd like to give my employees gift cards as rewards. And the person's like, ah, it's a great idea.
Darknet Diaries
141: The Pig Butcher
Then the scammer's like, okay, well, since everyone's remote, could you just purchase the gift cards and then send me a photo of the back of the cards and I'll just pass those gift cards out to the employees. And that's how these companies end up sending gift cards to Nigerian scammers. It's crazy.
Darknet Diaries
141: The Pig Butcher
Now, email providers or system admins need to work to protect users from all this. You can't just present every email that comes into the user. That used to be the case in the old days when we didn't filter any emails at all. But think about this. Suppose you do get an email, but it's one letter off.
Darknet Diaries
141: The Pig Butcher
They switch the lowercase L for the capital I, and it looks the exact same to the human eye to make you think this email is from someone you normally get email from, but that one letter off means it's not. So if a human can't detect it, we better have machines that are detecting it.
Darknet Diaries
141: The Pig Butcher
And there's a thing called the Levenstein distance, which is an algorithm that will compare two words to tell you how different they are. And I sure hope that email providers today are using this to first develop a baseline of who you're normally getting email from and then look for emails coming in with a very similar domain.
Darknet Diaries
141: The Pig Butcher
If the Levenstein distance is very low, meaning it's only one letter off from someone you normally see email from, then that should be flagged, maybe rejected or quarantined and let the user know.
Darknet Diaries
141: The Pig Butcher
Anyone on the web can buy your private details to do anything they want. This can lead to identity theft, phishing attempts, harassment, and unwanted spam calls. But there's a solution called Delete Me. I tried it and they immediately got busy scouring the internet for my name and gave me reports on what they found. And they got busy deleting these things.
Darknet Diaries
141: The Pig Butcher
You know, now that I think about it, I'm disappointed that there's not better information on these emails I get. Sure, I have a spam folder and stuff gets thrown in there, but I'd love to see reasons for why my email provider put it in spam. To me, spam is ads I don't want. So why not have a second folder of threats?
Darknet Diaries
141: The Pig Butcher
You know, spam and threats are two different things in my mind that they all seem to end up in the same bucket in my email. I would love, love, love to get threat intelligence on my inbox where I could see a little dashboard that says, we've blocked 20 phishing emails for you this month.
Darknet Diaries
141: The Pig Butcher
In there, we had five BEC attempts, two pig butchering emails, and 13 emails containing malware from a threat actor known for targeting journalists. At a bare minimum, just show me a big bright red banner on the email that says, look out, this email comes from a domain that was registered two days ago. That would be really cool.
Darknet Diaries
141: The Pig Butcher
I mean, they might be already filtering it out and putting it in spam, but stuff that gets through, you know, I'm like, hey, that is a good tip.
Darknet Diaries
141: The Pig Butcher
Okay, are we really going here? I mean, when someone tells me they're using voodoo and black magic to become a better scammer, I'm, like, skeptical and just want to move on past that. I don't even want to pick that up. But for some reason, I'm feeling compelled to look this one up. So first of all, I watched an hour-long BBC documentary on who Black Axe is. And it's absolutely bonkers.
Darknet Diaries
141: The Pig Butcher
It was great to have someone on my team when it comes to privacy. Take control of your data and keep your private life private by signing up for Delete Me. Now at a special discount for my listeners, you can get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code DD20 at checkout.
Darknet Diaries
141: The Pig Butcher
I mean, just listen to the first 40 seconds of their documentary.
Darknet Diaries
141: The Pig Butcher
This documentary explains that Black Axe is a cult full of gang violence.
Darknet Diaries
141: The Pig Butcher
And these guys are really dangerous. They go around murdering people all the time. Sometimes shooting up buildings or causing massacres, which I guess in the U.S. is called mass shootings. The Black X has killed thousands of people.
Darknet Diaries
141: The Pig Butcher
This has been going on for 40 years? What? That's interesting because they initially started as a neo-black movement to fight oppression. But it's very different now. And it's unclear to me what their motives are now. Something, something, freedom. Something, something, defend. But even though Wikipedia thinks NBM and Black Acts are the same, the people within NBM don't agree.
Darknet Diaries
141: The Pig Butcher
Okay, so you've got this extremely violent street gang, a cult, Black Axe slash NBM, but they seem to also be involved with internet scams. Here's Vice explaining what they found.
Darknet Diaries
141: The Pig Butcher
The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code DD20 at checkout. That's joindeleteme.com slash darknetdiaries code DD20. I was clicking around the other day and came across this story on Good Morning America.
Darknet Diaries
141: The Pig Butcher
Holy moly. Yep. Yep. I also watched a few videos about Yahoo Boys. I guess they get their name because they started out using Yahoo Messenger to conduct their scams over. And they interviewed some of the Yahoo Boys who then explained how they do it. And they were open about what they were doing. They're like, yeah, we scam people. We'll steal lots of money from them.
Darknet Diaries
141: The Pig Butcher
In fact, they even posted a video of one of their victims on the verge of suicide. Here, listen.
Darknet Diaries
141: The Pig Butcher
So even though they're ruining people's lives and know that some of these victims that they have are committing suicide and they say they're all addicted to drugs, they deny their involvement with human bloodshed.
Darknet Diaries
141: The Pig Butcher
It wasn't exactly clear from these interviews I watched, but it did seem like they were killing cows or other animals to try to level up their scamming, which I have to admit, at first I'm just like shocked that anyone would think that they'd become a better scammer because of an animal sacrifice.
Darknet Diaries
141: The Pig Butcher
But the thing is, the culture of Nigeria is rich with a lot of this voodoo and hexing and charms and stuff. In fact, when the BBC reporter went to investigate the Black Axe cult, he found a vigilante group who was trying to stop the Black Axe. And they gave him a charm to protect him during his investigation.
Darknet Diaries
141: The Pig Butcher
Can it be changed in any way? So I can see why somebody would want to do weird stuff to try to improve their luck. And if you really, really, really want to improve your luck, then maybe you've got to do something a little insane. And I can see how bloodshed can get mixed up in all this. It's very awful and strange, though. How the hell did we get from romance scams to this?
Darknet Diaries
141: The Pig Butcher
Man, the places we go on this show. Now I can see why you're so fascinated by all this. These stories are crazy.
Darknet Diaries
141: The Pig Butcher
Tell us about that one story you heard about going on in South Africa.
Darknet Diaries
141: The Pig Butcher
Man, Ronnie, I don't even know what to ask you at this point. Like, you've just got me going down jack rabbit holes or something.
Darknet Diaries
141: The Pig Butcher
How in the world does some guy on a dating app scam someone for $450,000? Bah!
Darknet Diaries
141: The Pig Butcher
Okay, so while looking up these Nigerian scammers, I saw something about this group called Scattered Canary. Can you tell us about this group?
Darknet Diaries
141: The Pig Butcher
I'll submit unemployment on behalf of some American and then I'll tell them to send the money here to me in Nigeria. But it probably is money milled through and then to Nigeria. But that's where the hundred million hundred billion. That's what I'm. Yeah.
Darknet Diaries
141: The Pig Butcher
I mean, I've got to try to understand these numbers more, okay? So I'm just walking through it in my mind. So $100 billion is coming from the U.S. Treasury? Mm-hmm. Yep. That's a lot of money that's just like the U.S.
Darknet Diaries
141: The Pig Butcher
But still, I can't fathom this amount of money coming in. Like the entire GDP of Nigeria is $500 billion. You're telling me that this one group has stolen almost the equivalent to the whole country's GDP from the U.S. government, almost doubling Nigeria's GDP?
Darknet Diaries
141: The Pig Butcher
The U.S. government spent $5 trillion to try to help Americans get through the pandemic. but it sounds like they didn't do a very good job at protecting that money from fraudsters. I mean, this Rolling Stone article I'm reading right now says it's more like $1 trillion was stolen from the U.S. Treasury. My goodness. I guess it really is the number one crime. And that's such a waste of money.
Darknet Diaries
141: The Pig Butcher
Dang. Things we do for love, huh? Or maybe it was for money. Or maybe it was for the love of money. I don't even know.
Darknet Diaries
141: The Pig Butcher
What an awful problem. How can a trillion dollars be stolen from the U.S. Treasury and it be an acceptable amount of loss? And to me, it must be acceptable since this got rolled out in phases. I think $2 trillion was the first to be approved. And of course, scammers immediately started grabbing that cash.
Darknet Diaries
141: The Pig Butcher
And when that wasn't enough, they rolled out even more trillions of dollars without putting changes in place to stop this from happening. You'd think someone would have said, listen, that last round, a lot of money got stolen. Is this really an acceptable amount of loss? But no, nobody listened. And the money just kept getting handed and handed right to the scammers. What an embarrassment.
Darknet Diaries
141: The Pig Butcher
I'm tempted to get to the bottom of this and figure out who bungled this money. Who was in charge of handing out $5 trillion and was like, oh, we don't need guardrails. I don't think anyone's going to steal from us. Who denied the budget for a security audit or team? Who ignored the person saying, hold on, if we start handing money out this way, we're going to get a lot stolen.
Darknet Diaries
141: The Pig Butcher
Who out there thinks it's totally fine that we lost a trillion dollars? I want my voice to be clear. As an American, this is unacceptable to me. I'm very disappointed that the U.S. government handed this much money to the same Nigerian scammers who tried to convince us all that our long-lost relative was the Prince of Nigeria.
Darknet Diaries
141: The Pig Butcher
I would be understanding if the government fell victim to some sophisticated cyber attack like a ruthless, unstoppable bull. But you got taken by the least sophisticated scammers on the planet. You need to do better. When you're handing out this much money as fast as you can, you've got to look at who you're handing it to. At the very least, give it to an American.
Darknet Diaries
141: The Pig Butcher
What is this, your first day on the internet? Listen to Secret Service agent Roy Dotson here. He's the lead investigator of this case. Fast money equals fast crime. I mean, at this point of this interview, I'm just kind of feeling defeated.
Darknet Diaries
141: The Pig Butcher
A big thank you to Ronnie Takazowski for sharing his stories with us. He works for a place called Intelligence for Good, and he's the chief fraud fighter there. If you run into any of the problems that you heard today, you might want to check out Intelligence for Good because they might be able to help you.
Darknet Diaries
141: The Pig Butcher
This episode was created by me, the master of disaster, Jack Recyder, assembled by the juicy smoocher, Tristan Ledger, mixing done by Proximity Sound, and our theme music is by the mysterious Breakmaster Cylinder. You might be wondering what my political association is. I'm Alt-Tab. This is Darknet Diaries.
Darknet Diaries
141: The Pig Butcher
So I heard this term pig butchering, and I'm not connecting the dots here. Nowhere in this romance or crypto or gold, you know, sending money to people, is there a pig involved? Where is this term pig butchering coming into?
Darknet Diaries
141: The Pig Butcher
So this guy, a listener of mine, says he bought a house and during this process, he gave $250,000 to the escrow company. But then someone scammed the escrow company. They posed as the seller and said, hey, could you just deposit the money into our bank account directly? And escrow's like, oh yeah, of course, no problem. We do this all the time. Here you go.
Darknet Diaries
141: The Pig Butcher
Okay, so for some reason, Ronnie is attracted to this type of scam or fraud or whatever you want to call it, and zooms in to whenever he sees these stories come up. And one day, he heard about a colleague who got pig butchered and wanted to help him out.
Darknet Diaries
141: The Pig Butcher
It's a tough time for anyone. You can sink into deep levels of depression. Your defenses are weak and your vulnerabilities are exposed.
Darknet Diaries
141: The Pig Butcher
Okay, I don't see any red flags yet. And he didn't either. At this point, they were just chatting through text, like a lot. She seemed to be into everything he was interested in, and he was liking that. He was coming out of his breakup, and she seemed to be caring and helpful. Yeah, okay, so she's into crypto investments. That's fine. She could be into that. But he was curious.
Darknet Diaries
141: The Pig Butcher
Was it really working for her? He had some crypto somewhere. I was like, tell me more about what you're invested in. So she tells him, man, there's this hot investment. It's making mad bank. And he's like, yeah, okay, well, what is it? Show me. So she keeps talking it up. I'm basically just living off the profit from this thing. It's nuts.
Darknet Diaries
141: The Pig Butcher
And he's like, you got to show me what you're talking about. So she's like, okay, so you know how your savings account makes interest, right? This is like that, but it just pays much more. You put your money in and then daily it makes interest and you could just take that interest out if you want or leave it in and it adds up and you make even more.
Darknet Diaries
141: The Pig Butcher
So he's like, well, how much interest are you earning? And she's like, 20%. If you have $1,000 invested, it'll earn you $200 in interest a day. And at any time, you could just take your $1,000 out if you want. And he's like, man, that does sound too good to pass up. So she gives him the links to read up on.
Darknet Diaries
141: The Pig Butcher
This scheme was very, very clever. I mean, this guy was a cybersecurity professional. He knew about the dangers of cryptocurrency and was suspicious about all this. but this had a mix of legitimate information with just a small dash of fraud. See, the way they had this set up was they made it look like it was using a legitimate exchange, in this case, crypto.com.
Darknet Diaries
141: The Pig Butcher
And they deposited the $250,000 into the scammer's account instead of the actual seller. But here's the crazy part. Because the seller never got the money, escrow wouldn't give the keys to the buyer. They were being jerks about it. They were trying to say, oh, sorry, we lost the money. No house for you. The deal has been canceled. And the buyer's like, whoa, no, no, no. That's what escrow is for.
Darknet Diaries
141: The Pig Butcher
I looked at some of these screenshots myself. It's hard to tell what's going on, but one thing is clear. They social engineered him and tricked him into sending his crypto to the scammer's wallet. They just disguised the wallets to look trustworthy. Basically, he would buy cryptocurrencies on Crypto.com with real money and then send those crypto coins to this investment project.
Darknet Diaries
141: The Pig Butcher
Investment in quotes there. really, it was a scam. And it looked really good. It didn't look like a scam at all. You could see your balance. You could see your earnings. You could interact with it. You could pull your money out at any moment. So he decided to give it a try. He put some money in, sent the crypto.
Darknet Diaries
141: The Pig Butcher
And when he saw it was generating interest, he tested it by taking some out and was like, wow, this is actually working because it looked like it was. But This is where the pig butchering scam comes in.
Darknet Diaries
141: The Pig Butcher
The scammers wanted him to take the bait, start with putting in a little, see that it's working, and then hopefully put in some more and more and more and hope that he dumps a ton of money into this. And when they think he's put in enough, they'll take the money and run. So as he starts watching the money grow on this site, the scammers start ramping up the pressure.
Darknet Diaries
141: The Pig Butcher
They tell him if he invests a little bit more within this time frame, he'll get locked in for bonus interest. basically presenting him with more exciting opportunities that were time-sensitive.
Darknet Diaries
141: The Pig Butcher
Taking loans out? Now I see why someone can end up losing a ton of money in this scam. But not only that, these scammers were really tricky. They would sometimes tell him, look, we locked your account because there's not enough funds to cover withdrawals. Please deposit another $40,000 in the next 96 hours to unlock your account. And he's like, well, wait a minute. What if I don't deposit that?
Darknet Diaries
141: The Pig Butcher
Then you risk losing your money. So he's like, oh no, I don't want that. And so he goes scrambling, looking for even more money to put into this. So this guy eventually goes all in and then some, putting all his savings in and taking a loan out to add more. Because to him, this was a way to get out of debt, a past financial freedom.
Darknet Diaries
141: The Pig Butcher
Oh, how cruel. And yeah, this $90,000 was a nice fat pig. And the scammers were like, okay, that's ripe. Let's take it. And they did. They took his money, leaving him high and dry. Ouch. He saw his money disappear and he knew he was screwed. But he sat and thought about it for a bit. Is there a way to get any of this money back from the scammers?
Darknet Diaries
141: The Pig Butcher
He scammed them back. Hilarious. Man, that reminds me of this story I have. Okay, so this one time I was in Vegas, right? I was actually going there for a DEF CON. And when I went, I brought a burner phone with me, right? It's just a phone that I paid with cash. You got a prepaid plan, all that stuff. It was a new phone number. And when I got to Vegas, I was getting text messages from a scammer.
Darknet Diaries
141: The Pig Butcher
I sniffed it out right away. They were trying to play on my empathy, saying things like, we can't afford money to buy food for our kids and medicine and clothes and something. And they specifically asked for $749 to get themselves sorted. And I'd be an absolute angel if I could help. And I was like, hmm. I replied, look, I'd love to help, but I'm currently stranded.
Darknet Diaries
141: The Pig Butcher
My boyfriend and I got in a fight and he dumped me off in the middle of nowhere. And I don't know anyone here who can help me. I don't have any money to get home. I am screwed. I was trying to use the scammer's tactics on themselves, trying to be someone in distress, just like they were saying. It did not work. They kept asking me for money. And I was like, okay, listen, I'm happy to help you.
Darknet Diaries
141: The Pig Butcher
You're our trusted third party. We trusted you to do this deal. You screwed up and that's not our problem. That's yours. But escrow's like, hmm, I never got an update on what happened here and if this got resolved. I think the buyer took escrow to court to try to get their money back.
Darknet Diaries
141: The Pig Butcher
I have money to help you. But my boyfriend took my purse and all I have is my phone and there's strangers all around me. So unless you can help me get home, like, I don't know, send me $200. Then once I get home, then I can help you. It didn't work. They stopped texting after that and just left me alone. So when you run into someone who's been a victim of this, how do you help them?
Darknet Diaries
144: Rachel
When I was in college, a scammer called me up. He's like, look, I'm not selling you anything or even telling you what to do. I just have information about a stock and I wanted to share it with someone. And you were just like the lucky guy I found in the phone book. Listen, stock Z is going to go up next week. That's all. I'll call you back next week to prove it.
Darknet Diaries
144: Rachel
Okay, so this company is a bank, and she's told that she can target customer support to see if she can access a customer's bank account. And she's given the options to use a phone call, email, or chat to get through.
Darknet Diaries
144: Rachel
He said, listen, the next one is the craziest one I've ever seen. There's this company whose stock price is going to explode. But the best part is they're in the initial investor round. So you can get in on the ground floor if you want. How much do you want to invest? Ten grand? You've slept on three of these. You're not going to want to miss another, right?
Darknet Diaries
144: Rachel
Spoofing phone numbers. How is this still possible? You can download an app from the mobile app store, and within a few taps, you can change what phone number you're calling from to have any phone number you choose. So you can make it look like where you're calling from is not actually where you're calling from. Now, when I was young, I used to do this with emails.
Darknet Diaries
144: Rachel
I would love to send emails to my friends pretending to be from the FBI or the President of the United States. And I'd be like, Bill, you're in serious trouble.
Darknet Diaries
144: Rachel
But then the email protocol got updated. They implemented SPF records somewhere around 2006, and this ensures that the place you sent the emails from is where the emails are supposed to come from. This effectively put an end to email spoofing.
Darknet Diaries
144: Rachel
Of course, not all companies configure their SPF records properly, and you can still spoof it, but at least the option is there if you want to block someone from spoofing your email. But for phones, which have been around a lot longer than email, it's an unpatched vulnerability in my opinion. You can still spoof phone numbers.
Darknet Diaries
144: Rachel
Now, since phone companies refuse to fix this, their solution was to help pass a law making it illegal to spoof phone numbers. So for now, it just seems like telephone companies are just relying on the police to help keep people from doing this. But to me, this is an awful way to secure things. Telephone companies can fix this if they want.
Darknet Diaries
144: Rachel
But while I see this as a vulnerability, telephone companies have historically said, wait, why are you using telephone numbers as identifiers? They were never meant to be identifiers. And they put the blame on us for doing that because for a long time, our phones didn't have screens. So we never knew who was calling until you picked up the phone and said hello.
Darknet Diaries
144: Rachel
But then telephone companies gave us caller ID where our phones would show who's calling. And so I do blame telephone companies for making us think it is an identifier since they were charging extra for that feature back in the 90s. And mobile phones today all come with this feature. So I say, phone companies, turn caller ID off if you don't want us to use it as an identifier.
Darknet Diaries
144: Rachel
Otherwise, patch it so phone numbers can't be spoofed anymore. So anyway, Rachel was trying to get into a customer's account. Let's call the customer Kelly. And she figured out what phone number Kelly had. And Rachel spoofs her number to look like she's calling from Kelly's phone.
Darknet Diaries
144: Rachel
But this fascinated me. Who was this guy that was always getting the stocks right? What was his algorithm? So I looked into it. I met with a stockbroker and I asked him, how is this possible? And he's like, oh, that guy was a scammer. And I'm like, duh, I know. But how did he get the stocks right every time? And this guy broke it down for me.
Darknet Diaries
144: Rachel
This is great because I need a fake driver's license. So I can't wait to hear how you got a fake driver's license.
Darknet Diaries
144: Rachel
So you didn't need a real driver's license, social security card. You just needed a JPEG, right? Correct. And that's the trick there. Photoshop was your friend.
Darknet Diaries
144: Rachel
It's truly astonishing, the sheer force of the human voice, its ability to persuade, to move, to manipulate, all through a simple phone call. It also reminds me of how vulnerable customer support is to this kind of exploitation. When you're met with a soft voice telling you a sad story, but wrapped in kindness, it tugs at your heartstrings.
Darknet Diaries
144: Rachel
He said, okay, that guy called up a whole bunch of people on week one, told half of them the stock was going to go up, told the other half the stock was going to go down. Then he called back the people who he was right with. And he told half of them about another stock that would go up. And the other half, he would say that stock's going to go down.
Darknet Diaries
144: Rachel
You find yourself eager to assist, especially if you just got off the phone with a real prick who was yelling at you about overcharging him 10 cents. Contrast that with a kind voice that's truly asking for help. And it really makes it hard to say no.
Darknet Diaries
144: Rachel
It's time for a sponsor break, but stay with us because Rachel has a few more stories that she's going to share with us. Support for this show comes from Black Hills Information Security. This is a company that does penetration testing, incident response, and active monitoring to help keep businesses secure. I know a few people who work over there, and I can vouch they do very good work.
Darknet Diaries
144: Rachel
If you want to improve the security of your organization, give them a call. I'm sure they can help. But the founder of the company, John Strand, is a teacher, and he's made it a mission to make Black Hills Information Security world-class in security training. You can learn things like penetration testing, securing the cloud, breaching the cloud, digital forensics, and so much more.
Darknet Diaries
144: Rachel
But get this, the whole thing is pay what you can. Black Hills believes that great intro security classes do not need to be expensive, and they are trying to break down barriers to get more people into the security field. And if you decide to pay over $195, you get six months access to the MetaCTF Cyber Range, which is great for practicing your skills and showing them off to potential employers.
Darknet Diaries
144: Rachel
Head on over to blackhillsinfosec.com to learn more about what services they offer and find links to their webcasts to get some world-class training. That's BlackHillsInfosec.com. BlackHillsInfosec.com. On another engagement, Rachel was hired by a company to help them sort out an issue that they kept encountering.
Darknet Diaries
144: Rachel
And then he did it a third time, calling back the people he was right two times with, telling half of them that the stock is going to go up and the other half saying it's going to go down. So by the time he did that three times, he had this small pool of people who he was right with every time. But really, he was just playing a math game with his victims.
Darknet Diaries
144: Rachel
It was a large technology company who would sometimes buy or acquire smaller companies. Now, when you're buying another company, you typically want to keep it quiet until the official announcement. It could affect share price or cause panic in the company if things aren't communicated properly.
Darknet Diaries
144: Rachel
But for some reason, when this technology company would do any merger or acquisition, it would get scooped by some news agencies. The announcement would show up on news sites way before the company was ready to tell the world. So this company was like, Rachel, maybe you can help us figure out how this news keeps slipping out ahead of schedule.
Darknet Diaries
144: Rachel
When you hear this, what's your mind first go into? Like, you've got an insider threat somewhere. You've got a breach, an active breach.
Darknet Diaries
144: Rachel
All right. So if you're going to pose as either one of these people, it sounds like you're going to need a LinkedIn account or at least some online presence. You can't just show up as a nobody, right? Or I mean, at least it helps establish your background and your pretext.
Darknet Diaries
144: Rachel
I was like, all right, that was a strange call. Whatever. And yeah, he calls me back in a week. And sure enough, the stock he told me about went way up. He was spot on. He was all excited about how much money he made. But I told him he just got lucky and he should cash out and take a trip somewhere. He's like, no, no, no, it's not luck. There's an algorithm that can accurately predict this.
Darknet Diaries
144: Rachel
Interesting. Rachel tried to be another journalist that actually exists, maybe by doing something like using a similar email address or social media accounts. But the question is, how do you know who to ask in a company to get information about upcoming mergers and acquisitions? These are typically closely guarded secrets, right? But there is a website that's extremely helpful to social engineers.
Darknet Diaries
144: Rachel
And I think this is such a long but brilliant scam. Seemingly, this guy was golden, perfect, getting it right every time. But what I didn't know is that he was getting his predictions wrong all over town. And I was just one of the unlucky few that saw him get it right every time.
Darknet Diaries
144: Rachel
There's a website that lists pretty much every company and most of the employees that work there. And it tells you their job title, role, what duties they have, and full name. The website is LinkedIn.com. And personally, I feel like LinkedIn is a security risk to most companies on there.
Darknet Diaries
144: Rachel
It makes it really easy for someone like Rachel to go down the list of people who work at a company and pinpoint the exact person to target. Once you have their name, it's probably easy to get their email address. It's usually first.lastname at companyname.com. I mean, not only is there a list of people who work at most companies on LinkedIn, but they like to list their skills too.
Darknet Diaries
144: Rachel
And if someone says they've worked for a company for 10 years as a database admin, and specifically they say they're excellent at Microsoft SQL Server, Now you can guess with high confidence this company runs Microsoft SQL Server internally, and this person probably has the admin password for it. And we all know how susceptible people are to phishing emails.
Darknet Diaries
144: Rachel
I mean, my opinion is if you list and stuff like that, you're just putting like a big old beacon over your head saying, hey, I'm the person you're going to want to hack if you want to get in the database of this company. Come at me. Essentially, the private information that should just be kept inside the company is posted publicly for anyone to see on LinkedIn.
Darknet Diaries
144: Rachel
And I mean, here's a story where the company is wondering, hey, how come the public knows about one of our internal memos? I say start by auditing what your employees are posting to LinkedIn. If the company is totally cool with all this internal stuff getting posted publicly, then maybe that's perpetuating a culture change. That's okay to blab about exciting news to whoever asks.
Darknet Diaries
144: Rachel
I had someone message me on LinkedIn the other day asking me, hey, how can I get my data taken off the internet?
Darknet Diaries
144: Rachel
And you posted all this to LinkedIn and you're wondering how come the internet knows all this stuff about you? Because the thing is, a lot of what data brokers know about us is from the stuff we post publicly. Data brokers are scouring our social media profiles, our blog posts, and any mentions of us on the internet. And then data brokers store all that information about you that you posted.
Darknet Diaries
144: Rachel
I say we should take our own privacy seriously because the more we don't care about our privacy, the more companies won't care about your privacy.
Darknet Diaries
144: Rachel
Anyway, as you can imagine, Rachel had this target company and was able to quickly guess at who might know about upcoming mergers and acquisitions and started hyper-targeting them, doing full background searches on them, gathering up their details, and just started reaching out, acting like a journalist, emailing them, wanting to see if she can easily get this information from people.
Darknet Diaries
144: Rachel
These are true stories from the dark side of the internet. I'm Jack Recider. This is Darknet Diaries.
Darknet Diaries
144: Rachel
But it didn't work. No matter who she reached out to or how convincing her backstory was, people weren't freely giving her information about upcoming mergers and acquisitions. This method wasn't working.
Darknet Diaries
144: Rachel
Attack via the hiring process? What an interesting sentence to say. I don't think that idea crosses many people's minds, that people applying for jobs might have malicious intent. I've heard of the evil maid attack, but what's this called? The phantom applicant attack? There's a lot of information that you can get just from reading a job posting.
Darknet Diaries
144: Rachel
Like when a company lists the job duties, it might tip their hand into what endeavors the company is going to do next or expose what technology they have in the company. And these things can be used against the company in social engineering attacks. I think if you read enough job listings, you could probably develop a map of the data center.
Darknet Diaries
144: Rachel
Hacking into the company through the employment process is actually a decent attack vector. I don't think many companies would expect you to come in through that door. Anyway, what Rachel was going to do was pose as a job candidate and try to get an interview. And in the interview, she was going to see if she could get some insider information about upcoming mergers and acquisitions.
Darknet Diaries
144: Rachel
Support for this episode comes from Delete Me. Feels like a war out there. Companies all over trying to scrape and store all kinds of personal data about me. My phone number, address, family members, where I work, sexual orientation, club affiliations, income level, what kind of car I drive. It's just endless.
Darknet Diaries
144: Rachel
And every now and then I Google myself and just get freaked out about the amount of data there is about me out there. This is why I use delete me. I registered there and told them what to look for about me. They were able to discover what sites have data on me and took steps to get that information removed for me. That's my favorite part. It's like getting help in this war.
Darknet Diaries
144: Rachel
So she meets with the security team and explains to them how she found out about all this upcoming mergers and acquisitions. And together they had a chat about whether this was just an obscure edge case or a bigger problem.
Darknet Diaries
144: Rachel
Yeah. And then you probably had recordings to show concrete proof of, when you say this, I'm hearing this.
Darknet Diaries
144: Rachel
Their scouts know exactly where to look and they'll tell me what they found about me. And if they can't remove it themselves, they'll give me recommendations on how to get it removed or mitigate it. Take control of your data and keep your private life private by signing up for Delete Me. Now at a special discount for Darknet Diaries listeners.
Darknet Diaries
144: Rachel
So, you know, you came on my radar because you sometimes just create these crazy viral instances online where I've seen you hack a... Who's Donnie from?
Darknet Diaries
144: Rachel
From CNN. So I've seen you hacked a CNN correspondent. I've seen you hack voting machines before. I've seen you do all kinds of crazy things that suddenly you've got like a million views on this thing. And I'm just like, well, there she is again. Rachel's out there doing things. But one thing was interesting was when you went on 60 Minutes.
Darknet Diaries
144: Rachel
So the mission was to use AI to somehow trick and scam the host of 60 Minutes while on the show. But the problem is the host needs to consent to being targeted, which if she knows she's going to be scammed while on her show, it'll really put her guard up, right? So this was going to be tricky. How do you trick someone who's asking you to trick them?
Darknet Diaries
144: Rachel
Today, get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code DD20 at checkout. The only way to get 20% off is to go to Join delete me.com slash dark net diaries and enter code DD 20 at checkout. That's join delete me.com slash dark net diaries code DD 20. This episode is sponsored by Mint Mobile.
Darknet Diaries
144: Rachel
Because the host of 60 Minutes has been on TV for years, Rachel realized there is a lot of audio of Sharon talking. And this might be useful. Maybe she can somehow use Sharon's voice to do something.
Darknet Diaries
144: Rachel
So they've got the cameras on you. They've got you in the studio. They've got Sharon there.
Darknet Diaries
144: Rachel
With big wireless providers, what you see is what you get. Somewhere between the store and your first month's bill, the price you thought you were paying magically skyrockets. With Mint Mobile, you'll never have to worry about gotchas ever again. When Mint Mobile says $15 a month when you purchase a three-month plan, they mean it.
Darknet Diaries
144: Rachel
All plans come with high-speed data, unlimited talk and text, and you can use your own phone with any Mint Mobile plan and bring your phone number along with your existing contacts. To get this new customer offer with your new three-month premium wireless plan for just $15 a month, go to mintmobile.com.com. That's mintmobile.com slash darknet.
Darknet Diaries
144: Rachel
And yeah, she did the interview and explained what just happened, how she tricked Elizabeth into giving Sharon's passport number. But after listening to this story... I got really curious about this voice cloning tool and wanted to try it myself. So to clone someone's voice, you give it a bunch of audio of them talking, and using some advanced AI, it will get to know that voice.
Darknet Diaries
144: Rachel
And whatever you type, it'll say it in their voice. I spent a few hours playing around in this tool, and I cloned my voice. I think it's really interesting. Okay, I want to show you. I'm going to play two clips for you. I want you to listen and try to figure out which one is AI-generated. Ready? Here's clip one. Hey, this is Jack Recider.
Darknet Diaries
144: Rachel
This morning I had a peanut butter and chocolate smoothie for breakfast. Okay, here's clip two. Hey, this is Jack Recider. This morning I had a peanut butter and chocolate smoothie for breakfast. Okay, punch in your votes. Ready for me to tell you? Both clips were AI-generated. In fact, what you're hearing right now is AI-generated too. I switched to having AI talk for me a few minutes back.
Darknet Diaries
144: Rachel
I just type whatever I want, and it'll narrate it for me. It's really wild. It even adds in breaths like this. Listen. And sometimes it'll even add plosives, like how the P sounds in nope. It's crazy how good this sounds. Huh. Okay, okay. I'll switch back to my normal voice now. There is... I'm using my real voice now, okay? The future is going to be weird, isn't it?
Darknet Diaries
144: Rachel
Okay, so I just saw this article the other day on CNN's website. And it said there was this guy working for a company in Hong Kong who controlled the finances for that company. And he got invited to a video call with the CEO and a few other colleagues that he recognized. And he saw them on the screen. He heard their voices. And he was positive it was the CEO and his colleagues.
Darknet Diaries
144: Rachel
And they were telling him there's this new deal that just finished up. And they wanted him to send $25 million to another company. So he did. But the problem was the video and the voices were all AI clones. Scammers tricked him into thinking he was on a video call with the CEO. And our future is almost surely not going to be what we think it's going to be.
Darknet Diaries
144: Rachel
I have a feeling we're going to have a hard time knowing what's reality and what's fiction.
Darknet Diaries
144: Rachel
Cut your wireless bill to $15 a month at mintmobile.com slash darknet. $45 upfront payment required, equivalent to $15 a month. New customers on first three-month plan only. Speed slower above 40 gigabytes on unlimited plan. Additional taxes, fees, and restrictions apply. See Mint Mobile for details. Gather around. In this episode, we're going to hear stories from Rachel Toback.
Darknet Diaries
144: Rachel
Hmm, I think this is a good idea. If you can cryptographically sign something, then that'll prove the message or video came from you. So I imagine this could cut down on people falling for fakes. If it's not actually signed by the person who sent it, don't trust it. Initially getting your key would be interesting though. You still have to prove who you are at the beginning, right?
Darknet Diaries
144: Rachel
And one way to do that is to verify who you are in the meat space, the real world. When you're face-to-face and in person, it's still a valid verification technique. that you are you. But with everyone having their own cryptographic keys to prove someone is real, the threat then moves to securing the key.
Darknet Diaries
144: Rachel
If someone else grabbed a key, they could make it look like you sent something when really you didn't. They just signed it using your key.
Darknet Diaries
144: Rachel
I just imagine like making a whole CAPTCHA network for everyone I know, right? So my dad calls me on the phone and it says, before you can connect to this party, please solve this CAPTCHA.
Darknet Diaries
144: Rachel
I personally am excited about our future. We are smarter than ever and more advanced than ever. And it feels like the human race is going through a Cambrian explosion of sorts with all new technologies and advancements popping off almost daily. We're living in the exponential era. Time will move faster from here on out, and we get to witness it. We have tickets to watch the birth of Human 2.0.
Darknet Diaries
144: Rachel
How special is that? Whatever comes next will surely be exciting. A big thank you to Rachel Toback for coming on the show and sharing these stories with us. She wrote a free ebook on social engineering, and you can find a link to it in the show notes. Besides doing social engineering for companies, she also does security awareness training.
Darknet Diaries
144: Rachel
And in fact, she started a whole video production company where she creates fun and entertaining training videos. You can learn more about what she's doing by visiting socialproofsecurity.com. Also, thanks to Dan Meisler for giving us some insights into AI. This episode was created by me, the backseat rider, Jack Recider. Our editor is the gourmet sorbet, Tristan Ledger.
Darknet Diaries
144: Rachel
Mixing done by Proximity Sound, and our intro music is by the mysterious Brickmaster Cylinder. How does a computer get drunk? It takes screenshots. This is Darknet Diaries.
Darknet Diaries
144: Rachel
And she's one of the best social engineers I've ever met. Let's start with your origin story. As a kid, how did you get interested in this type of work?
Darknet Diaries
144: Rachel
And he said he knew which stock was going to go up next. I was like, all right, so which one's going to go up next? And he tells me and says to keep an eye on it. And he's going to call me back next week to prove he was right. So, yeah, another week goes by and the same guy calls me back and he's like, boom, you see what I mean? And he was all excited again.
Darknet Diaries
144: Rachel
Did you get into computers when you were older or still in middle school, I suppose?
Darknet Diaries
144: Rachel
Okay, so DEF CON is the annual hacker conference in Las Vegas. It's wild there. You'll see people walking around with antennas sticking out of their backpacks, talks about how to bypass just about anything on a computer, and tons of villages that focus on specific areas of hacking. The Social Engineering Village is one of the more popular ones.
Darknet Diaries
144: Rachel
And when Rachel's husband went into this village and saw what they were doing, he immediately called her up to tell her what he was seeing.
Darknet Diaries
144: Rachel
And I was like, I don't see what you mean, but let me check the price. And I checked the price and again, he was right. And I was like, dang, good job. But I think you got lucky again. He said, no, he's been doing this for a solid year now and he's been right every time.
Darknet Diaries
144: Rachel
What she's watching was the social engineering contest. There's 14 contestants and they're given the task to basically get enough information to hack into a company all through phone calls. So you have to prepare and figure out who would be an easy target to get information from and what's their phone number.
Darknet Diaries
144: Rachel
And you better have backup numbers in case the person you call doesn't answer or hangs up on you. Once you do get someone on the phone, you get points for every bit of security data you can get off them. So if you can get them to tell you what operating system they use, you get a point or a flag.
Darknet Diaries
144: Rachel
And maybe from there, you try to figure out what browser they use, information about their security guards, what janitor service they use. You can't just ask these questions directly. It raises suspicion. So you've got to provide a pretext or pretend to be someone else.
Darknet Diaries
144: Rachel
Maybe someone who works in another department or someone brand new to the company who doesn't know anything but urgently needs to get a report done today. It's tricky. It's intense. It's high stakes because if you get caught on the phone, you're burned, and now you don't get any points. And the best part is the audience gets to watch all this live.
Darknet Diaries
144: Rachel
So she immediately is like, OK, how do I compete in this? And yeah, it's a whole process. You need to submit an application, create a video of yourself and stand out from the crowd because only 14 are chosen to compete out of hundreds of people who try out for it.
Darknet Diaries
144: Rachel
Now, they actually give you the target company that you have to attack ahead of time. So you can do your research on it, a lot of research if you want, because you want to find as much information as you can about this company, like going through Google searches or just looking at public places.
Darknet Diaries
144: Rachel
Maybe you get a list of people and phone numbers to call so that when it's your turn to call, you know exactly who to call and what questions to ask. In fact, it becomes quite a lot of work to prepare for that moment for when you're going to call someone. You could spend a solid month learning everything you can about your target company so you can shine when you're in the booth.
Darknet Diaries
144: Rachel
It was a major consulting firm is really all I can say. Now, these companies don't know they're about to get hacked. It's really extraordinary to watch. It's basically a live hack with an unsuspecting target. So she gathers as much intel as she can and heads to DEF CON to compete. I get in that glass booth. Now, all eyes and ears are on her.
Darknet Diaries
144: Rachel
And he tells me more about this algorithm and how he's analyzing different indicators and watching the stock market extremely close and just has everything dialed in. And he tells me about another stock that he says is surely going to go up. And I'm like, okay, call me back in a week. Let's see if you're right.
Darknet Diaries
144: Rachel
Not only does she have to trick one person on the phone to give her the information they shouldn't be giving her, but she needs to do it in front of an audience. But she's done improv before and was absolutely ready for this.
Darknet Diaries
144: Rachel
Dang, second place. Of course, now she's hooked. That was fun as hell. The nerves, the adrenaline, hacking, and social engineering, all of this she was just craving more of. So she applies to compete again the next year.
Darknet Diaries
144: Rachel
Competing three years in a row in the social engineering contest and getting second place all three years, that's what started her career in social engineering.
Darknet Diaries
144: Rachel
The crazy thing is that I've heard this story over and over. Someone who has no interest in hacking goes to DEF CON, sees the social engineering stuff going on there, immediately wants to compete, does pretty good in the competition, and then decides to do that for a living and start their own company. It's mind-boggling how many lives have changed from people attending DEF CON.
Darknet Diaries
144: Rachel
And sure enough, after a week, I checked and he was right again, three accurate stock price predictions in a row. And he called me back and he's like, dude. And I'm like, dude. And he's like, you see that? I said, I saw that. How are you doing this? And he's like, I cracked the code. But then, like the snake he was, he tried to strike at me.
Darknet Diaries
144: Rachel
Okay, so she started a company called Social Proof Security, which is basically social engineering for hire. And companies were starting to hire her to see if they were vulnerable to social engineering attacks and what they can do to stop them. And of course, I'm fascinated by these social engineering stories. How do you hack into a company with just your voice or your charm?
Darknet Diaries
150: mobman 2
I remember the first time I posted something online. It was a video game guide in the 90s. And there's an internet adage that I think is true. It goes like this. The best way to get the right answer on the internet is not to ask a question, but to post the wrong answer. I posted a guide on how to beat a video game, and it immediately got downvoted, mocked, ridiculed, and I was told to get good.
Darknet Diaries
150: mobman 2
I use Shopify to make my t-shirt shop. That's shop.darknetdiaries.com. And I love Shopify because of how easy it makes getting my business online. And once it's there, Shopify has tools built in to help me create, execute, and analyze my online marketing campaigns. Upgrade your business and get the same checkout I use with Shopify.
Darknet Diaries
150: mobman 2
Sign up for your $1 per month trial period at Shopify.com slash Darknet. Go to Shopify.com slash Darknet to upgrade your selling today. Shopify.com slash Darknet. Okay, time to call Greg, a.k.a. Mob Man. Hey, you there?
Darknet Diaries
150: mobman 2
The story of Sub-7 has been researched more thoroughly since you have appeared on my podcast. And it just wasn't adding up for some people. And I was put in contact with the original author of Sub-7. A Romanian fella named Mobban.
Darknet Diaries
150: mobman 2
So, I mean, clearly, at this point, I'm believing that he's the one who created it, right? And so now I'm wondering, well, hold on. You're the one who said you created Sub-7. What's going on here?
Darknet Diaries
150: mobman 2
So are we talking about the same sub-seven, though? Because this conflicting story is just not going to work for me. I've got to have a source of truth here.
Darknet Diaries
150: mobman 2
Yeah, that's hard-coded into the source code. And you're saying you do? I do. Okay.
Darknet Diaries
150: mobman 2
This is crazy. I need some answers, though. I went back to the other mob man. I was like, hey, can we do a call with both of you? And he's like, yeah, let's do it. So we did the call. And I'll just play for you the conversation, mostly unedited. Hello.
Darknet Diaries
150: mobman 2
So I hit record already because this is such an epic call. I've never had two people of the same name on my podcast at the same time.
Darknet Diaries
150: mobman 2
Honestly, as I was chatting with both of you, I was getting confused on who's who.
Darknet Diaries
150: mobman 2
Let's get into it. What are we here for? We are here to discover... It's not so much the name, right? People reuse names. There's a lot of Jacks in the world. I'm not worried about my name being reused or probably my band has been reused before. But the question at hand here is... the creation of sub-7 is being claimed by both of you.
Darknet Diaries
150: mobman 2
Ransomware, supply chain attacks, and zero-day exploits can strike without warning, leaving your business's sensitive data and digital assets vulnerable. But imagine a world where your cybersecurity strategy could prevent these threats. That's the power of ThreatLocker, Zero Trust Endpoint Protection Platform. Robust cybersecurity is a non-negotiable to safeguard organizations from cyberattacks.
Darknet Diaries
150: mobman 2
And the tricky part here is neither of you really want to claim it because it's like, hey, man, that's kind of a sensitive subject. I don't really want to put my face in front of that thing because it has been used for purposes that maybe you don't want to claim or whatever. And so it is a tricky subject to try to navigate. But here is the situation where I'm trying to explain what this tool is and
Darknet Diaries
150: mobman 2
Not some great guy from Florida, really. Why was there only one programmer of this app?
Darknet Diaries
150: mobman 2
Why is that? Today you have GitHub, and it wasn't the same back in the 90s. But with GitHub, people can contribute and help out. You didn't want other people to help out. You didn't want to share the source code. Why was that? It's because it was a mess.
Darknet Diaries
150: mobman 2
ThreatLocker implements a proactive, deny-by-default approach to cybersecurity, blocking every action, process, and user unless specifically authorized by your team. This least-privileged strategy mitigates the exploitation of trusted applications and ensures 24-7, 365 protection of your organization.
Darknet Diaries
150: mobman 2
The core of ThreatLocker is its Protect suite, including application, allow listing, ring fencing, and network control. Additional tools like the ThreatLocker detect EDR, storage control, elevation control, and configuration manager enhance your cybersecurity posture and streamline internal IT and security operations.
Darknet Diaries
150: mobman 2
To learn more about how ThreatLocker can help mitigate unknown threats in your digital environment and align your organization with respect and compliance frameworks, visit ThreatLocker.com. That's ThreatLocker. Locker.com. This episode is sponsored by Exonius. Complexity is inevitable in IT and security, and it's increasing. Exonius is here to help you control it.
Darknet Diaries
150: mobman 2
We got the euro to get back to you. We don't want to be spending our time programming here. Exactly. Happy to share this program. Actual proof of something. So, Greg, what is your proof that you're the creator of Sub7?
Darknet Diaries
150: mobman 2
So Greg, you were telling me that you have control of the domain, Sub7Crew.
Darknet Diaries
150: mobman 2
So where did Gmail come out in, like 2004? Something like that. So Sub7 in the 90s would not have... Gmail didn't exist. No, no. So we're talking about later versions at some point.
Darknet Diaries
150: mobman 2
You know you want to. Come on. Well, like I said at the beginning, it's tricky because who wants to say that they're the creator of this?
Darknet Diaries
150: mobman 2
As a system of record for all digital infrastructure, the Exonius platform correlates asset data from existing tools to provide an always up-to-date inventory, uncover security gaps, and automate response actions. Go to exonius.com slash darknet to learn more and get a demo that's spelled A-X-O-N-I-U-S. Exonius.com slash darknet. Over the years, one episode I've published has haunted me.
Darknet Diaries
150: mobman 2
Greg, listen. He's saying you can continue using MobMan. You can have multiple people saying the same name.
Darknet Diaries
150: mobman 2
Other Call of Duty users can use it too. That's not a copyrighted name. But he's asking you to stop claiming that you're the creator of Sub7. Exactly.
Darknet Diaries
150: mobman 2
Well, I mean, personally, I don't like you telling me that you did something that you didn't do. That looks bad for me and my show and my credibility. Exactly.
Darknet Diaries
150: mobman 2
It's a long-running con, man. And the reason why I believed it is because of that damn Rolling Stone article saying that you were...
Darknet Diaries
150: mobman 2
Rolling Stone must have fact-checked it, so I think this must be legit.
Darknet Diaries
150: mobman 2
Okay, but I want to hear how you got the Rolling Stone article. You were about to say something about how all that started.
Darknet Diaries
150: mobman 2
At first, I thought they were joking, like I've beaten this game a hundred times with this strategy. What are you talking about? Get good. But then after some pushback, they started cluing me in, telling me exactly where my advice was wrong and giving me tips on how to properly do those parts of the game. I was blown away. What I thought was impossible to do in the game, people were actually doing.
Darknet Diaries
150: mobman 2
Okay. Our conversation began getting circular, and we started talking over each other at that point, and so I ended the call. But I think we got a half-assed confession out of Greg, didn't we? He said he'd stop saying he's the author of Sub 7 and we'll let it go. It was hard to hear that, but he did say that. So I think that's the best I'm going to get from him, and I'll have to take that.
Darknet Diaries
150: mobman 2
Oh, and I looked up Greg's birthday on his arrest record, and it shows October 27th, not October 15th, like he said a moment ago. But honestly, I'm not too upset about this. In fact, I knew this would happen eventually. I grew up in the same culture as these guys, right? On IRC, downloading viruses, pranking people with tools.
Darknet Diaries
150: mobman 2
I remember once I was in a computer class and the teacher had his computer connected to a projector, which was projecting on the front of the class. And I sent a network message to his machine, which made a pop-up show for the whole class. It was epic for a teenager. And one thing I know about this culture is just how much hackers like to mess with the press.
Darknet Diaries
150: mobman 2
Cult of the Dead Cow in particular learned that the press will publish just about anything that a hacker says. If you're in a hacker group and you say, oh, we hacked NASA, the press will just take your word for it and publish it. And so they started creating all these wild claims to see how far the news would just spread just to mess with everyone.
Darknet Diaries
150: mobman 2
And later on, 4chan picked up on this too, trying to get fake news to spread also. So this culture is just big on simply messing with the media. And it's partly just to show how crappy the media is for getting it wrong and how gullible people are. I mean, look at the whole birds aren't real movement, right? I'm sure you've heard someone say that. Birds aren't real.
Darknet Diaries
150: mobman 2
That whole thing was just created to prove how conspiracy theories and misinformation is so easily spread. So I know the people I talk to, hackers, are known for giving misinformation, which means I have to be allergic to conspiracy theories in order to navigate this effectively and to bring you the most factual podcast I can.
Darknet Diaries
150: mobman 2
He built a program that would allow him to take control of another computer.
Darknet Diaries
150: mobman 2
Like, I'm more impressed than I'm mad at this point. Greg messaged me after that call and wanted another call with me. He wanted to apologize to me if he caused any problems. And I started to record the call.
Darknet Diaries
150: mobman 2
Not my mom. Fake mom name. A big thanks to Ill Will, the real mom man, and Greg for being good sports and taking us on this wild adventure. This episode was created by me, Mr. Packet Loss, Jack Recyder. Our editor is the infinite loop lover, Tristan Ledger. Mixing done by Proximity Sound and our intro music is by the mysterious Brickmaster Cylinder. Why do server rooms often have raised floors?
Darknet Diaries
150: mobman 2
so that technicians can get under the server rack and get to the root of the problem. This is Darknet Diaries.
Darknet Diaries
150: mobman 2
This is an episode where I interviewed a guy named Greg, who went by the name Mobman, who claimed to have made the Sub-7 malware back in the 90s. The episode haunts me because I have received numerous comments that listeners don't believe he's the guy who created Sub 7.
Darknet Diaries
150: mobman 2
For instance, there's a Reddit post where someone said, I just started listening to Mob Man this afternoon and couldn't finish it. I just don't believe this guy made Sub 7 or could have created a rat at all. It's not just his attitude or personality. It just seems as if he only has a cursory knowledge of any of the technology used.
Darknet Diaries
150: mobman 2
Multiple times throughout the interview, something he said just didn't quite make sense or didn't match up with what I remember from that time period. Then some other commenter said, I had the same impression too. And someone else said, he's fakey wakey. And then someone else said, I remember the creator was Romanian and that guy is not Romanian.
Darknet Diaries
150: mobman 2
I fact-check my guests as best I can, but I do most of the research and writing for this show, and I can only check so much. Before publishing that episode, I spoke to some people who knew Greg personally from Tampa, where he's from, and they told me he's legit. On top of that, he was featured in a Rolling Stone magazine article saying he's the one who created Sub-7.
Darknet Diaries
150: mobman 2
I figure Rolling Stone would do some fact-checking themselves, right? And also, Greg offered to show me the source code for Sub7, and he demonstrated how he has control over the Sub7 domain name. So I just show this to people who didn't buy the story. But as I listened to people and read more theories about this, it started to make me think maybe they're right.
Darknet Diaries
150: mobman 2
Maybe I interviewed the wrong person. See, I interviewed a guy named Greg who goes by Mobman, and on every version of Sub7, it was created by someone calling themselves Mobman. So I was starting to think, wait, if Greg didn't make Sub 7, then are there two mob men out there? If so, where's the second one? Somewhere around 2004, the Sub-7 creator, Mob Man, disappeared.
Darknet Diaries
150: mobman 2
And Greg just so happened to get arrested the same time too. And so he says that's why he disappeared. So did two Mob Men disappear at the same time? If there are two, then Greg is the only one who came back as Mob Man. The other Mob Man is still out there somewhere.
Darknet Diaries
150: mobman 2
Well, a guy named Ill Will took it upon himself to find the real mob man, and he spent years hunting through the internet looking for him, and eventually found a clue which led him to a potential email address used by the real mob man. He emailed him, and sure enough, he said, yeah, I'm the one who created Sub 7. You found me. And I got connected with this mob man to hear the story. Hello, hello.
Darknet Diaries
150: mobman 2
Yeah, why not? Now, you have the tag here, Mob Man, here in our call. I do. Is that your nickname? Yes. When did you start using that?
Darknet Diaries
150: mobman 2
Now, dear listener, this experience shaped me for who I am today. If you post something genuinely helpful online and people mock you, that could be the end of you ever posting anything online again. It's enough to ruin your self-confidence and hate everyone online. But I had the opposite reaction. I loved this game and played it thousands of times.
Darknet Diaries
150: mobman 2
It's a trip, you know, to get here because for the last six years, I've known Mob Man to be a different guy. I'm aware. And now I feel like I've met a new Mob Man. So let's go back to the 90s. What was your early experience with just cybersecurity?
Darknet Diaries
150: mobman 2
That was it. That's how everything started. And so, the story goes, Sub-7 was born.
Darknet Diaries
150: mobman 2
If you created this as like a coding challenge, did you ever feel bad when people used it for malicious purposes?
Darknet Diaries
150: mobman 2
Hmm. The thing is, as this tool began getting popular, it started to be used more and more in criminal activity, using it to take over someone's computer. You can see exactly what they're doing on it. Or you could steal their files or session cookies or wipe their computer and delete everything.
Darknet Diaries
150: mobman 2
The problem is, creators of malware have sometimes been arrested just for creating it, not even doing anything bad with it. Because those creators were knowingly creating tools or weapons for criminals to do crimes with. Sub-7's official reason for existence was to prank people. It was for jokes and stuff.
Darknet Diaries
150: mobman 2
They were giving me tips and strategies on how to be way better than my best strategy that I had. And I genuinely wanted to be way better. Not only that, I got to make friends with other people who were really passionate about this game. It was an amazing experience. Fast forward to today. We're 150 episodes into this podcast. That's 134 hours of me yapping.
Darknet Diaries
150: mobman 2
But as it started being used for more malicious reasons, that's when Mob Man decided to leave the scene and basically not look back. He went on to programming and leaving the name Mob Man in the past too.
Darknet Diaries
150: mobman 2
So let's set the record straight. This is the real mob man, the actual creator of Sub 7. But even though this real mob man heard my interview with another mob man, he still didn't want to contact me to fix it.
Darknet Diaries
150: mobman 2
Yeah, I mean, it makes sense what you were saying a minute ago, which was like, I was young when I did that. I'm done with that. I don't want to be part of that. I don't want to revisit that. I can see there's a lot of reasons. What I was worried was like, oh, yeah, some people did some awful things with that, and the FBI is looking for me. I think...
Darknet Diaries
150: mobman 2
Yeah. And did you get any heat from law enforcement? No. No, I didn't. Because you had your email there and I could see somebody being like, all right, we got to put an end to this guy.
Darknet Diaries
150: mobman 2
I've got a lot of feedback over the years. Most of it is positive. But today, today I've got to correct something I got wrong. Really wrong. These are true stories from the dark side of the Internet. I'm Jack Recider. This is Darknet Diaries. This episode is sponsored by ThreatLocker.
Darknet Diaries
150: mobman 2
Okay, this makes sense. This is a tool that while, yeah, has started a lot of cybersecurity careers, has also caused a lot of damage. And with people like Marcus Hutchins being arrested like three years after creating some malware, it makes sense for the real mob man to let someone else take credit since it'll allow him to stay hidden in real life.
Darknet Diaries
150: mobman 2
He has a bunch of family and stuff and just wants it all behind him. But after looking through Illwill's research and speaking with this mob man for an hour, I'm convinced this is him. Six years after posting the episode, we finally discover the truth. And now we can lay it all to rest. But there's still something that's bugging me. Why would Greg pose as mob man all these years?
Darknet Diaries
150: mobman 2
We're going to take a quick break, but stay with us because when we come back, I'm calling Greg. This episode is sponsored by Shopify. I'm not even sure how I'd know how to run an online shop without Shopify. Dealing with billing, shipping, making an appealing website, different currencies, and there are like a hundred other things that come with running an online shop.
Darknet Diaries
150: mobman 2
All alone, sounds like an absolute nightmare. With Shopify, you can have a great idea and quickly get it out to people without needing to know how to code or design. And if your shop takes off, Shopify will grow with you. And then there's the not-so-secret ShopPay that boosts conversions up to 50%, meaning way fewer carts going abandoned and way more sales going...
Darknet Diaries
136: Team Xecuter
Okay, so I read about this story about a video game that I thought was interesting. So it starts out on Steam. Steam is a video game marketplace, right? And you can download Steam, and through there you can buy video games to play and stuff. It's a nice system. I like Steam because it provides a sort of standardized way to get games.
Darknet Diaries
136: Team Xecuter
Okay, so yeah, people in the gaming scene were taking these systems apart and trying to modify it. Making the game systems do new things that they didn't originally do. And the game makers hated this. They wanted desperately to keep their systems from being tampered with and started making games that wouldn't work if you did tamper with it.
Darknet Diaries
136: Team Xecuter
As I'm learning about all this, I'm getting super fascinated with the history of video game systems. So before the PS1 was the Nintendo, and there was some drama going around over there that's worth highlighting. There was a UK game developer in the 90s called Codemasters, and they started making games for the Commodore 64, which is just an early computer.
Darknet Diaries
136: Team Xecuter
And you didn't need to ask Commodore for permission to make a video game for their system. In fact, Commodore made it super easy for you to program on it. It came with a compiler that was easy to access. So Codemasters made games for it. Then when Nintendo came out with the NES, Codemasters wanted to make games for this too. But there was a big problem with this plan.
Darknet Diaries
136: Team Xecuter
Nintendo only wanted approved games to be played on their gaming console. So they were strict on what game studios got a license to make games for Nintendo. And they didn't share any information publicly like... how to develop for it or anything unless you had a license.
Darknet Diaries
136: Team Xecuter
What's more is NES had a little lockout chip that would check if the game you inserted was licensed, and if it wasn't, it wouldn't let you play it. Well, Codemasters thought this is an interesting challenge and poked and prodded at the NES until they figured out how to get an unlicensed game to load on the NES, bypassing the lockout chip. And with this, they were able to create and sell NES games.
Darknet Diaries
136: Team Xecuter
Nintendo was not happy about this. An unlicensed game for sale on our system? How dare you? But Codemasters took it a step further. Since they had this working knowledge of how the NES loaded games and stuff, they developed something called a Game Genie. This was a clever little device and it modified the game in real time to let you cheat.
Darknet Diaries
136: Team Xecuter
If you wanted extra lives or jump extra high or just go right to the final boss, Game Genie could do that for you. It essentially gave you superpowers in the game that you were playing. Now, these were all one or two player games back then. There was no online play. So cheating in a one player game isn't really ruining the game for anyone else. Codemasters didn't call this a cheat device, though.
Darknet Diaries
136: Team Xecuter
They called it a video game enhancer. And they developed this in the UK and licensed it in the US to a company called Galoob, which was a major toy maker back then. And they started selling them in like regular toy stores. I mean, you could buy a Game Genie in like Kmart or Toys R Us. I remember my neighbor had one and I think his mom bought it from Sears.
Darknet Diaries
136: Team Xecuter
The game was available on Steam for anyone to download. Watch Paint Dry bypassed all the checks to get onto Steam. It was there for like a whole day before they noticed it and took it down. Steam has fixed this problem, so you can't bypass it anymore. But it's an interesting exercise, isn't it?
Darknet Diaries
136: Team Xecuter
But little did I know when I was playing on my neighbor's Game Genie, Nintendo was taking Galoob to court over this little device, saying it was a copyright violation. Nintendo was saying the Game Genie was a derivative work and therefore subject to copyright infringement.
Darknet Diaries
136: Team Xecuter
This means Nintendo is saying that the game genie made minor modifications to the game to make it something new, but not making it unique enough to be something original and was profiting from the original creators. Kind of like if I put googly eyes on the Mona Lisa and try to sell it as my own original work. Well, it went to court and judge ruled in favor of Galoob and the Game Genie.
Darknet Diaries
136: Team Xecuter
The judge said, look, the definition of a derivative work means you have to have a separate copy of that original work. Game Genie does not create a separate copy, but instead adds to the original copy because you still need the original copy to use it. So clearly it's not taking away from the sales of the game.
Darknet Diaries
136: Team Xecuter
The judge also went on to say that consumers have the right to fair use and can modify games however they please for personal use. This was a huge win for game modders. Now they had a court case to prove that they had the right to modify their systems and games for personal use.
Darknet Diaries
136: Team Xecuter
Now, if we look across the aisle at the PC world, the software makers there had no problem with you making personal backups of the software you bought. The thing is, floppy disks and CDs were notorious for going bad and getting ruined. So it was practiced by everyone.
Darknet Diaries
136: Team Xecuter
Even my grandma knew that as soon as you buy a new game for your PC, the first thing you do always is make a copy of it as a backup. And everyone was cool with this. PC makers didn't care. Game makers didn't care. They were fine with it because it was protected under the Copyright Act. Section 117 says, if you buy software, you have the legal right to make a personal copy of that software.
Darknet Diaries
136: Team Xecuter
In fact, it's even essential if you want to do proper archiving of your digital files. And so with early computer games and software, there was no anti-copying methods in place to detect or stop copied games from being played on the computer. And that brings us to the Dreamcast. In 1999, Sega launched the game console called the Dreamcast, and this was a really cool little system.
Darknet Diaries
136: Team Xecuter
And one thing about these console makers is the console itself is a loss leader. That is, Sega was pricing the Dreamcast at below the cost it took to make the system, but that was okay because they'd know they'd make the money back on the games they sold. So Sega was very aggressive at making sure that you could only play the games that were approved for the Dreamcast.
Darknet Diaries
136: Team Xecuter
and not any copied versions or anything. In my opinion, this may go against Section 117 of the Copyright Act, where you're allowed to make copies of the games you have for archival reasons. The Dreamcast used something called GD-ROMs, which basically means a gigabyte CD. And most people don't have a drive on their computer that could read these kind of disks.
Darknet Diaries
136: Team Xecuter
To try to trick a video game marketplace to list your game as been reviewed and approved, which makes the users trust that this game is okay. There's a lot of trickery that goes on in the world of video games.
Darknet Diaries
136: Team Xecuter
But even if you did get those drives and tried to make a copy of it, there were two problems with it. One is it was protected and you couldn't copy it. And two, the Dreamcast had a system in place that even if you did copy the disc, it wouldn't let you play the copy. It only let you play originals. Sega did not care if this violated your right to make backups of the game you own.
Darknet Diaries
136: Team Xecuter
In fact, if you put it in your computer and tried to play it, all you'd hear is this message.
Darknet Diaries
136: Team Xecuter
Anyway, long story short, this was a challenge for some to figure out a way around this whole system, and someone did figure it out. They found a way to bypass the anti-copy protections on the Dreamcast.
Darknet Diaries
136: Team Xecuter
And essentially what happened is that you could go online to a pirate website, download any games you wanted, burn it to a regular CD, and put it in the Dreamcast without having to modify the Dreamcast at all. This was really remarkable because there was no hardware modifications needed.
Darknet Diaries
136: Team Xecuter
The way the CDs were written is that they would trick the Dreamcast that it was a playable disc by a clever use of reversing the randomization method on the Dreamcast. And this opened the door up to pirating Dreamcast games I remember when this happened too.
Darknet Diaries
136: Team Xecuter
My friend told me, dude, you can download any pirated games you want for the Dreamcast now and just write them to a regular CD and they'll play. I was like, no way, man. Those games are like on GD-ROMs. They're not CDs. This will never work. But he demonstrated it to me and I was blown away. Well, this didn't last long.
Darknet Diaries
136: Team Xecuter
Soon after the pirating community announced that you could pirate games on the Dreamcast, Sega announced that they were discontinuing the Dreamcast and were leaving the video game console business altogether. And this was only a few months after launching it. So yeah, some say piracy wrecked the Dreamcast. But did it really? Two months after the Dreamcast was released, the PlayStation 2 came out.
Darknet Diaries
136: Team Xecuter
which blew away the Dreamcast in every way performance-wise. And the killer feature on the PS2 is that it would play DVDs, which at the time was fairly rare for people to have in their home. So why buy a DVD player when you could just buy a PS2 which has a DVD player built into it? People were buying it for that feature alone. So in my opinion, the thing that killed the Dreamcast wasn't piracy,
Darknet Diaries
136: Team Xecuter
But the fact that two months after its release, the PlayStation 2 destroyed them in sales. So that brings us to the PlayStation 2 world. Remember the Messiah chip back then?
Darknet Diaries
136: Team Xecuter
So the Messiah was a mod chip that you could solder onto a PlayStation 2, and it was created by Paul Owen. I believe it bypassed the anti-copy protections and that you play copied games. And then when the Xbox came out, Paul also made a mod chip for it called Enigma.
Darknet Diaries
136: Team Xecuter
These are true stories from the dark side of the internet. I'm Jack Recider. This is Darknet Diaries.
Darknet Diaries
136: Team Xecuter
Did anybody ever get mad at you for that? Video game makers or anything? Like, hey, cease and desist that you're modding our stuff. We don't want you to.
Darknet Diaries
136: Team Xecuter
Yeah, the game makers were absolutely watching the video game modding forums, and they wanted to know what cheats and mods were out there for their systems and games. And when Paul Owen made these two chips, that's when Sony came in and threatened him with legal action.
Darknet Diaries
136: Team Xecuter
This forced Paul to stop importing Messiah chips for the PS2, but it didn't stop people from buying them directly from Taiwan, and it didn't stop Paul Owen from making more chips for the Xbox.
Darknet Diaries
136: Team Xecuter
And in my opinion, it's really cool that someone is able to make a microchip to enhance the gaming system, because I hate it when these things are just so proprietary and secret and locked down that you can't even repair the game system if it breaks. In fact, I don't even want to call these things modchips. They're just accessories for your gaming system.
Darknet Diaries
136: Team Xecuter
Like the other day, I wanted to put an M2 hard drive in my computer, but my motherboard didn't have a slot for it. So I had to go buy a PCIe card that enabled me to use the M2 drives. This is not against any rules. This is a perfectly fine accessory to buy for your computer. The Xbox is a little computer and it didn't let you add a hard drive.
Darknet Diaries
136: Team Xecuter
And so it was Paul Owen's release of the Enigma chip that allowed you to add an extra hard drive. Can you imagine if your PC was so locked down that you could not add a second hard drive if you wanted? Not even an external USB one? Paul made another mod for the Xbox, this time calling it the Executor.
Darknet Diaries
136: Team Xecuter
And he liked that name so much that he started calling his little group Team Executor, which is an important part of the story. I mean, it's the title of the episode, right? So even though he was threatened with legal action to stop producing the PS2 mod chips, it didn't stop him from making new Xbox mod chips and publishing them under the name Team Executor.
Darknet Diaries
136: Team Xecuter
Now, the courts didn't think all this modding was cool like I do. In 1998, the Digital Millennium Copyright Act, DMCA, was established, creating a whole new set of rules for copyright infringement in the digital age. And specifically, there were clauses that talked about circumvention. The DMCA criminalized the act of circumventing access controls.
Darknet Diaries
136: Team Xecuter
which is what video game makers were pointing at when trying to take down these mod chip makers. They were saying, look, you're going through great lengths to circumvent our anti-piracy controls. That's a DMCA violation. And video game makers were taking their cases to court and winning them.
Darknet Diaries
136: Team Xecuter
This episode is brought to you by SpyCloud. For some people, ignorance is bliss. But for you, as a security practitioner, that's not the case. I went to spycloud.com to check into my darknet exposure, and I won't tell you what it is, but spoiler alert, I found some things that are pretty eye-opening.
Darknet Diaries
136: Team Xecuter
I don't buy that because I'm a PC gamer myself, and there's pretty much an infinite amount of games out there for me to play. And yeah, while I've bought some duds, I never get mad at Microsoft for making a PC with bad games. I don't even blame Amazon when I buy something from there and it breaks right away. I just learned that I've got to do my research more before buying stuff.
Darknet Diaries
136: Team Xecuter
Hasn't anyone in the video game industry heard of the term caveat emptor or buyer beware? The buyer knows they're taking a risk when buying something. It's okay. Did you do much piracy at the time? Were you downloading wares? I mean, what was your experience with wares in the 90s?
Darknet Diaries
136: Team Xecuter
By the 2000s, with the DMCA starting to show itself more and more in courts, PC game makers started adding their own anti-copy protections. This attempted to make it impossible for users to make copies of the software they bought. And I remember when this started happening at the time. The sentiment was, we no longer own these games. We're just renting them.
Darknet Diaries
136: Team Xecuter
See, before this, games for the PC were just all over the internets. There was no central place to go other than your local GameStop. And you had no idea if the game you found on the internet was legit or not. It could have malware in it, or maybe it wasn't a complete game, or some weird knockoff pirated version.
Darknet Diaries
136: Team Xecuter
Because it's only a matter of time before this disc stops working or it locks you out somehow. And you just have to buy a new one. And I get it. There is money lost due to piracy, sure. But I think all these anti-copying measures hurt the regular consumer and stifles technological growth. What do you mean I can't add anything to my computer that I bought and own? It's mine.
Darknet Diaries
136: Team Xecuter
I should be able to modify it any way I like. But the truth is the major driver for most of these mods was to enable piracy, to let you download games off the internet for free and play them on your console. And video game makers thought this was drastically hurting their revenue, and that's why they went to war in this way. I just wonder if there were better ways to deal with it.
Darknet Diaries
136: Team Xecuter
I mean, listen to this talk by Tony Chen, the head of security for Xbox.
Darknet Diaries
136: Team Xecuter
From breach exposures to info stealing malware infections, knowing what criminals know about you and your business is the first step to setting things right. Resetting stolen passwords and addressing the enterprise access points that have been stolen by malware helps you protect your business from ransomware, account takeovers, and online fraud.
Darknet Diaries
136: Team Xecuter
Do you hear it the way I hear it? Video game system owners are the bad guys? It just sounds weird to me. Like that's just being too aggressive towards your customers. I understand what your reasoning is here because they're going to pirate everything. But is there any research on if you don't do anything to stop the pirates, what percent of people will pirate?
Darknet Diaries
136: Team Xecuter
I bet the vast majority of people who can afford it will buy it. I bet you'll see breakout hits due to piracy. I bet you'll see people pirate stuff and then buy the full version later because they like the game so much and want to support the game makers. And I bet you'll see a much bigger impact with your game worldwide if it's available for anyone to play on any budget.
Darknet Diaries
136: Team Xecuter
Look at the Humble Bundle, for instance. This is a website that sells video games, and the whole idea here is that you can pay whatever you want for the games. They put together like a bundle of 10 video games, and then you pick the price of what you want to pay for the bundle. I love this model because if you're poor, you can get great games for like pennies.
Darknet Diaries
136: Team Xecuter
And on top of that, they're giving a percentage of the revenue to charity. It's a great way to meet your players where they are and be cool with whatever they can afford. Or here's another thing. I have a merch shop, right, where you can buy shirts and stuff on my online store.
Darknet Diaries
136: Team Xecuter
Yeah, well, with that comes a certain amount of scammers, people who buy my stuff and then try to get a refund on it, but then send back the wrong shirt or nothing at all. And it sucks, right? Like, it sounds like my shoppers are not to be trusted and they're crooks and they're scammers. Yeah, well, no. I absolutely do not think my customers are crooks and scammers.
Darknet Diaries
136: Team Xecuter
I think my customers are fantastic and should be respected. And even though there are some bad apples involved, I go out of my way to treat everyone with respect. I'll work to make you 100% satisfied with your order, even if you're a scammer. I don't care. If something isn't right, I'll send you a new item or give you a refund.
Darknet Diaries
136: Team Xecuter
And that's because I personally am more loyal to companies that treat me with respect. And I don't like going into shops that treat me like some crook or some scammer when I'm not. I remember I visited Austria once in Europe. And someone there told me that when you get on the train in Austria, they never check your ticket.
Darknet Diaries
136: Team Xecuter
And it's because Austrians get personally offended if you question whether they paid for their ticket or not. Ticket, please. How dare you think I don't have a ticket? What do you think, I'm some kind of thief and snuck on this train? What's the reason of this line of questioning? So they just stopped asking people for proof that they paid their way. And you know what?
Darknet Diaries
136: Team Xecuter
I took the train there and nobody asked for my ticket. There wasn't even a turnstile. And it was such a culture shock to me. But I actually loved that level of trust and respect that the trains gave their passengers. The good people are going to pay their way and the majority of people are good.
Darknet Diaries
136: Team Xecuter
With SpyCloud, you have a trusted partner to fight the good fight with. Their automated solutions, which is built on over 350 billion recaptured assets from the criminal underground, ensure you're not in the dark when it comes to your company's exposure to cybercrime. To get your full Darknet exposure report, visit spycloud.com slash darknetdiaries. That's spycloud.com slash darknetdiaries.
Darknet Diaries
136: Team Xecuter
Yeah, sure, some will sneak on the train, but we're not going to inconvenience all those good people just so we can find the few bad ones. We'd rather have happy, good customers than making a little extra money by enforcing a pay-to-ride policy. And would it even generate more money to check everyone's tickets?
Darknet Diaries
136: Team Xecuter
I mean, now you have to have a ticket taker on every train all day and night and pay their salary. My point is, if you distrust your loyal customers, it'll create a bad relationship between you and them. Anyway, back on track. I feel like this episode is getting me all worked up. It's causing me to go all over the place. I'm sorry if I'm ranting too much.
Darknet Diaries
136: Team Xecuter
Okay, so our players in this story so far are Paul Owen, the guy who made Team Executor and was selling mod chips. And there's Gary Bowser, who's very front and center of this whole mod chip scene. In fact, he's so present on the forums that he's starting to make a name for himself on there.
Darknet Diaries
136: Team Xecuter
Gary Bowser was so active on these forums that he started getting approached by people to actually be paid to be a forum admin. The first place that offered him a job, he didn't like that one. But then a guy with the screen name Maximilian approached him and offered him a paying job to be a forum admin. How did you meet Maximilian?
Darknet Diaries
136: Team Xecuter
The site was maxconsole.com, and Maximilian had just purchased it from another person. It was a fairly popular forum at the time, talking about how to hack video game consoles, where to buy mod chips, and just news about the modding and video game world. But it didn't trade any piracy or have links to any pirated games. Now, Maximilian is a main character of this story.
Darknet Diaries
136: Team Xecuter
So let's back up and learn more about him. He's from France. In the 1990s, Maximilian was in the W.E.A.R.S. scene, which is piracy. A W.E.A.R.S. group is one that rips games off the disc, cracks it free from any anti-piracy methods that were on it, and makes it available for anyone to download and play for free. Maximilian led the W.E.A.R.S.
Darknet Diaries
136: Team Xecuter
group Paradox in the 90s, and if you played the pirated game Spyro back then, chances are it was Maximilian's group that supplied it to you. In 1994, Maximilian had an innie in the telephone company. An innie is someone who works inside the company who would be part of the scam. This innie was sending him thousands of free calling cards. This episode is sponsored by Arctic Wolf.
Darknet Diaries
136: Team Xecuter
Arctic Wolf, an industry leader in managed security operations, surveyed 1,000 security and IT professionals across the globe to better understand them. What are their top priorities, current challenges, and future concerns? This survey revealed some startling findings, and you can discover them all in the State of Cybersecurity 2024 Trends Report.
Darknet Diaries
136: Team Xecuter
Learn why the number of insider threats spikes severely, what lessons can be learned from the year-over-year change, and how many organizations disclose a breach. And what cyber attack struck 70% of organizations? Download the State of Cybersecurity 2024 Trends Report today at arcticwolf.com forward slash darknet. That's arcticwolf.com forward slash darknet.
Darknet Diaries
136: Team Xecuter
And I don't know how, but Maximilian took these stolen calling cards and racked up a $22 million phone bill with them. Maximilian was arrested for this and he pled guilty and was sentenced to almost six years in jail. He was sent to prison in Virginia. And I think this is a good time for an ad break while we wait for him to get out of prison.
Darknet Diaries
136: Team Xecuter
This episode is sponsored by Delete Me. In episode 133, I spoke to Connor Tumbleson about some people from who knows where who were stealing his identity. Luckily, they weren't out to destroy his reputation or extort him, but think of the damage that could be done. We all have data out there, which data brokers use to make profit.
Darknet Diaries
136: Team Xecuter
But stay with us because that's just Maximilian's origin story. What he does next is even more crazy. So Maximilian served six years in prison for stealing calling cards. But when he got out of prison, it seemed like he went back to the pirate scene. He bought the website Divinio. Do you remember a site called Divinio at the time?
Darknet Diaries
136: Team Xecuter
So what Maximilian saw was that Team Executor had been making and selling these mod chips by the tens of thousands. And there was a whole system in place. The chips were created in Asia somewhere and then shipped in bulk to the US and then sold through the Divinio site.
Darknet Diaries
136: Team Xecuter
Max thought this looked like a good business and got in touch with Paul Owen, the owner of Team Executor, and Max offered to buy Team Executor from Paul. The Team Executor branding, the website, the supply chain, everything was sold to Maximilian. Now that he had his little mod chip business, Maximilian needed a solid way of getting the word out on his new products.
Darknet Diaries
136: Team Xecuter
So that's when he decided to buy maxconsole.com, a popular modding forum. His idea was that he could use this place to just basically have unlimited marketing for all the things that Team Executor was releasing. and he just needed someone to help run the site, and that's when he asked Gary.
Darknet Diaries
136: Team Xecuter
Well, Nintendo was all over these forums, and seeing when new mod chips were announced, didn't like this one bit. And they started doing their own research. They found that Divinio had been getting their chips from Hong Kong. So Nintendo went to Hong Kong and opened up a court case against Divinio, claiming it's an infringement on their intellectual property.
Darknet Diaries
136: Team Xecuter
The Hong Kong Supreme Court ruled in favor of Nintendo, which immediately froze all of Divinio's operations in Hong Kong. And the ruling demanded that Max pay Nintendo 44 million euros in damage. 44 million euros, that's a huge fine. But I believe Maximilian just found a different country to get his chips from and kept on doing business without paying any of the fines put on him.
Darknet Diaries
136: Team Xecuter
Anyone on the web can buy your private details to do anything they want. This can lead to identity theft, phishing attempts, harassment, and unwanted spam calls. But there's a solution called Delete Me. I tried it and they immediately got busy scouring the internet for my name and gave me reports on what they found. And they got busy deleting these things.
Darknet Diaries
136: Team Xecuter
So Nintendo went to his home country, France, to take legal action on him there. They took him to court, and they told the courts, look, we already found this guy guilty in Hong Kong. He's supposed to be paying us 44 million euros in damages. He hasn't paid a cent of it yet, and he keeps violating our intellectual property. Can you please do something?
Darknet Diaries
136: Team Xecuter
But the French courts ruled in favor of Maximilian. Max's defense was that Nintendo was locking out developers from being able to develop on the system, and his mod chip allowed anyone to develop on it and play homebrew games on it. And the courts liked that. They said, yeah, Nintendo, what's up with you putting all these locks on your game system so people can't build on it? Seems rude.
Darknet Diaries
136: Team Xecuter
Leave Max alone. So Nintendo took a bad blow there. I think they tried to appeal that case, but I couldn't find any articles that followed up with it.
Darknet Diaries
136: Team Xecuter
Yeah, so Sony came out with this little PlayStation mini. It had no option to put any game in it of any kind. It had no game disc reader or cartridge reader, and it wasn't online so you could download anything more. It only came with these 20 games that were built into it, and that was it. You can never play anything more, which is kind of weird, isn't it?
Darknet Diaries
136: Team Xecuter
If you release a mini version of your system that clearly can play PS1 games, why restrict it to just those 20 games? So, of course, the gaming community was like, we need to figure out a way to get this thing to play any PS1 game we want.
Darknet Diaries
136: Team Xecuter
Okay, I had to look this up and research it deeper because this is going to become important later. The mini PlayStation used the PCSX emulator, which, yes, is open source, and it's also under the new public license, the GPL. Now, even though the PCSX emulator is free and open source, Sony took it and put it on the PS1 mini and charged for it. But the GPL clearly states, that's okay.
Darknet Diaries
136: Team Xecuter
It was great to have someone on my team when it comes to privacy. Take control of your data and keep your private life private by signing up for Delete Me. Now at a special discount for my listeners, you can get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code DD20 at checkout.
Darknet Diaries
136: Team Xecuter
You can put this software on some commercial product and charge for it. And there's a few things that are interesting about that. The spirit of free and open source software that's licensed under the GPL is that you shouldn't charge for this. It's free. It's developed by a community of volunteers. And here Sony is lifting it off GitHub and slapping it on their little console.
Darknet Diaries
136: Team Xecuter
But there is nothing wrong with that according to the letter of the license. It just contradicts the spirit of the GPL license. And it's so strange to me that a video game console maker such as Sony would use an open source emulator on their latest console.
Darknet Diaries
136: Team Xecuter
Well, the modding community did manage to get into this little PS1 mini, and they loaded up their own emulator on it, which unlocked the system to be able to play any and all PS1 games on it, not just the 20 that came with it. Now, when Maximilian saw how the community was able to bypass this whole thing, he started manufacturing a little USB drive that you could plug into the PlayStation.
Darknet Diaries
136: Team Xecuter
It would bypass the protections on it and allow you to play any pirated games you had. In fact, it came with 100 games on it. This was called the True Blue Mini. And for Nintendo, there was one called the Classic 2 Magic. Both of these products were by Team Executor, but they were selling it under a different brand at the time.
Darknet Diaries
136: Team Xecuter
So how much did the Classic 2 Magic and the True Blue Mini cost people?
Darknet Diaries
136: Team Xecuter
So who was making this stuff? Was it Maximilian? Do you think he had the ability to design circuit boards and come up with these hacks, I suppose?
Darknet Diaries
136: Team Xecuter
Did you have any input into how they were made or helped to create any of those devices? No.
Darknet Diaries
136: Team Xecuter
The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code DD20 at checkout. That's joindeleteme.com slash darknetdiaries code DD20. I'm really excited about this episode because I think this is one of the most requested episodes I've been asked to make.
Darknet Diaries
136: Team Xecuter
Did he collaborate with you on just like what new product can we come out with? Because you have a very good understanding of the whole modding scene, what's coming out, what can work, what can't work. And then you're seeing like, well, there's this new exploit that just hit. Max, you might want to make a mod for this. This, I think, would take off. Just a little suggestion like that to Max. Yeah.
Darknet Diaries
136: Team Xecuter
And it says it has 15,000 games on it. This is an illegal product being sold right there on Amazon. And it just makes me think because video game system makers are actively taking websites to court who sell mod chips. And this Amazon listing has 1,500 games bundled into the mod chip, which means you can buy pirated games on Amazon. Now, of course, Amazon themselves isn't selling it.
Darknet Diaries
136: Team Xecuter
Someone listed it there on the Amazon Marketplace. But still, they're facilitating the sale of it, fostering the whole deal, bringing this mod chip and pirated games to the masses. Why isn't Sony suing Amazon over this or trying to take down their website? Because in 2005, Sony did get mad at Maximilian for selling these same mods for the PlayStation, and they took him to court.
Darknet Diaries
136: Team Xecuter
And Sony won that case, which resulted in Max having to pay $5 million in damages. And that's, what, the fourth time he's been to court now? And he now owes over $50 million in fines to these game system makers at this point. The guy seemed to be unfazed by any of this, though. He had a rebellious mindset.
Darknet Diaries
136: Team Xecuter
While he felt like an enemy to the game makers, he felt like a hero to the players of the world. And yeah, a lot of people did really like the stuff he was releasing. He claims that he just wanted to unlock the game system's potential and give users more access and to be able to do more things.
Darknet Diaries
136: Team Xecuter
My personal opinion about him, though, is that he's just a businessman and he's business-minded and he just is looking for unique ways to make some extra money. He understands this whole development cycle and manufacturing process, marketing and supply chain very well, and he's using it all to his advantage. In 2017, Nintendo released the Switch.
Darknet Diaries
136: Team Xecuter
Of course, the modder community immediately began breaking it open and trying to find a way to mod it. And someone discovered that you could glitch it by taking the right Joy-Con off and bridging the two points with a paperclip. And from here, you could then get it to boot into recovery mode and have access to diagnostic tools.
Darknet Diaries
136: Team Xecuter
The modder community took that and figured out how to get the Switch to boot to their own operating system, which basically made it so that you could play any pirated game on the Switch. When Maximilian saw what the modder community had done, he jumped on it.
Darknet Diaries
136: Team Xecuter
His developer got to work building two physical devices, one that would slide into the Joy-Con port and trigger the glitch, while the other would go into the USB drive to have the system boot into a custom firmware. And Team Executor called this add-on the SX Pro. The idea is that it enabled you to copy games that you already had or play any pirated games that you had.
Darknet Diaries
136: Team Xecuter
The design was clean and super simple. People who had no experience modding systems could easily get this working and were giving it great reviews. So they had this thing all developed and manufactured, and then they wanted to announce it on the forum that Gary was the mod for. And this is where Gary was obligated to promote this device, since that was the deal that he made with Maximilian.
Darknet Diaries
136: Team Xecuter
But even though a lot of you have sent me article after article about this story, the problem is the main guy in this story, Gary Bowser, has been unreachable. Until now.
Darknet Diaries
136: Team Xecuter
Now, when you're a mod maker, you've got some potential things that can go wrong with your whole business. See, sometimes Team Executor would sell their products for, let's say, $30, but then see the exact same product being sold directly out of Asia for $2. It was pirate versus pirate.
Darknet Diaries
136: Team Xecuter
Because the factory that was making the chips for Team Executor would just sometimes make some extra and sell them directly to the consumer. Totally undercutting Team Executor. So Max didn't want that happening with SX Pro. So he decided he was going to add his own software into the thing. So instead of loading the switch's native operating system, the SX Pro would load up SX OS.
Darknet Diaries
136: Team Xecuter
which was basically just an open source emulator. But Max took it a step further. He didn't want someone pirating SXOS. So he decided that he was going to require everyone to have a license key before using the SXOS. So you had to pay like $25 just for the license to use this mod. And this angered quite a few people. First of all, paying a license for pirated software? That's unusual.
Darknet Diaries
136: Team Xecuter
The whole method to do this hack was posted right there on the forums. You could just use a paperclip and a USB cable and your phone and get the switch to boot into the same emulator. You didn't need the SX Pro at all. But the idea of it, though, was that it makes this whole process of hacking your switch easier. You just had to pay for this easier method.
Darknet Diaries
136: Team Xecuter
But it still bothered people that they were charging for pirated software. I mean, the whole point of piracy is to go around having to pay for stuff, you know? On top of that, some users were getting mad that the emulator in this thing was just a free and open source emulator. A lot of people were upset because you're taking a free and open source software and charging for it?
Darknet Diaries
136: Team Xecuter
This is ironic because this is the same thing PlayStation did with their PS1 Mini, remember? The emulator that was on the SXOS was called Atmosphere, which was licensed under the GPL, the same as what Sony did. And people were mad at them for charging for this.
Darknet Diaries
136: Team Xecuter
You're good. I'm recording when you are, Jack, anytime. Great. Thank you. Hi, Gary. Hello, Jack. Good to hear from you. What is it like being on the outside?
Darknet Diaries
136: Team Xecuter
But yeah, Red Hat is a version of Linux. And yeah, they took the free and open source Linux software and suddenly started charging for it. And there's been quite a lot of controversy over that. Like, why are you taking other people's code and charging for it? You didn't write that. But Red Hat's like, look, it's free to use by anyone and it's licensed under the GPL. So it's cool.
Darknet Diaries
136: Team Xecuter
And again, I think this argument is going back and forth between the letter of the license versus the spirit of the license. The other thing that people were getting mad about is that some users were reporting that their switch would become broken after using the SX Pro. And yeah, they were.
Darknet Diaries
136: Team Xecuter
Because what Max did here is that he didn't want someone else trying to understand or steal the software on the SX Pro. So if you were detected trying to crack into it or poke or prod at it, it would send a signal to completely break your switch. And I think that's going too far.
Darknet Diaries
136: Team Xecuter
Like, sure, this never happens as a normal user of the SX Pro, but if you poke and peek into it too much, it bricks your system. Yeah, setting your pirated software to destroy your Switch is just not cool to me at all. But despite all these complaints, the SX Pro did very well. A lot were being sold, and the reviews were almost always positive.
Darknet Diaries
136: Team Xecuter
And as its popularity grew, SX Pro was making someone else really mad, Nintendo. They were like, wait, what? You're charging for a device that lets people play pirated games? You're making money from our hard work? We've got to stop this. So first they patched it. All Switches made after 2019 were no longer vulnerable to this attack.
Darknet Diaries
136: Team Xecuter
And then they started trying to find and stop this whole team executor operation.
Darknet Diaries
136: Team Xecuter
Steam saw this problem too, and this is why they made the marketplace, and they developed a three-step process that all games must go through before they can be sold on Steam. First is that you have to submit your Steam page, then you have to submit your game for review, and then if those things are approved by Steam, you have the option to publish your game on their platform.
Darknet Diaries
136: Team Xecuter
So, at any point, do you feel like you were a member of Team Executor?
Darknet Diaries
136: Team Xecuter
I don't know if I would feel like I'm a member of this at any point, you know? Just being a member, you'd be a member of maxconsole.com and feeling like you work for them, but not so much a member of Team Executor.
Darknet Diaries
136: Team Xecuter
To do all this. And you have all three. You have the know-how of modding chips. You have the opportunity of doing it because you're doing it. And you have the motive because you like doing it. So you seem to be the perfect person to create this, to improve upon it, to come up with ideas, all these things. You'd be such a great value asset to the team.
Darknet Diaries
136: Team Xecuter
Did you have a moral line or even a rule set on Mac's console where it's like, listen, we don't distribute pirate software here or anything like that?
Darknet Diaries
136: Team Xecuter
No pirated games on these forums were allowed. And I'm trying to think. So Team Executor wasn't actually selling anything on the site. They just linked to places like Divinio where you could buy it from. But still, the Team Executor stuff mostly enabled your device to be able to play pirated games and didn't actually have pirated games on them except for one device.
Darknet Diaries
136: Team Xecuter
I guess I should talk about where the characters of this story are at this point. So Gary moved from his hometown in Ontario, Canada to the Dominican Republic while he was doing all this. And the ad revenue that he was making from maxconsole.com was enough to support his lifestyle down there. He was making about $40,000 a year. And this was his main job and source of revenue for about nine years.
Darknet Diaries
136: Team Xecuter
Maximilian was living in France. Any idea how much Max was making off of these products that he was selling?
Darknet Diaries
136: Team Xecuter
Then 2020 came along. The pandemic happened and Gary was in the Dominican Republic.
Darknet Diaries
136: Team Xecuter
So Gary is in his 50s now. But to properly tell this story, we need to go back in time to the 80s. At this point, Windows wasn't even a thing yet. Apple was just tinkering around in their garage. So who was the big player in the personal computing scene? Texas Instruments. They built this little machine that you could play a few games on and type on and do some basic tasks.
Darknet Diaries
136: Team Xecuter
They take him to jail. He stays there for five weeks. They take him to another jail. He stays there for three weeks. He finally sees the judge and they ask him, hey, are you guilty or not, Gary? And he's like, these charges are crazy. I'm not guilty. Now, at this point, the prosecutors have to gather more evidence on him.
Darknet Diaries
136: Team Xecuter
Gary's name on Mac's console forum was simply Gary OPA, and that name was easily linked to his company that sold Texas Instrument parts in 1984, so it was very easy to figure out who Gary was. He made no attempt at hiding what his real name was. So when Nintendo wanted to come after Team Executor for the SX Pro stuff, they came right after Gary. But he wasn't the only one caught up in this.
Darknet Diaries
136: Team Xecuter
Let me read the title to you of the FBI press release. Two members of notorious video game piracy group Team Executor are in custody. The other that was arrested was Maximilian. He was arrested while on vacation in Tanzania, but he somehow convinced the police there that his arrest was illegal. And guess what? The Tanzanian police agreed and they let him go.
Darknet Diaries
136: Team Xecuter
Quickly, he called a friend who had a plane in South Africa, and they flew the plane to him, and he hopped on it and flew back to France. And while on the plane, he posted a picture on Instagram saying that he's flying alone on a 10-person private jet. But when you have to go, you have to go. Apparently, he's untouchable in France by U.S. authorities.
Darknet Diaries
136: Team Xecuter
The FBI cannot seem to get him arrested or extradited there. But they were able to freeze some of his bank accounts and cryptocurrency accounts that were within the FBI's reach. And there was a third person listed on this indictment too, a Chinese guy named Chen. My guess is that he was overseeing the production of the chips in China. But since he's in China, he's unreachable by the FBI.
Darknet Diaries
136: Team Xecuter
So he was never detained or arrested. Six months go by for Gary sitting in a prison in Seattle. And then come April...
Darknet Diaries
136: Team Xecuter
Nintendo was trying to sue Gary for intellectual property infringement and wanted him to pay them $10 million in damages.
Darknet Diaries
136: Team Xecuter
Did you try to fight that and say, actually, I think that's disproportional of what I was actually involved with?
Darknet Diaries
136: Team Xecuter
So Gary owes Nintendo $10 million. He's in his 50s now. And his only job he's ever had for the last 12 years is gone. So it's just impossible to pay this back. He'd have to make over $500,000 a year for the rest of his life to pay this off.
Darknet Diaries
136: Team Xecuter
And they said, no, we don't want anything to do with it. That's really crazy.
Darknet Diaries
136: Team Xecuter
And on top of the 40 months, the judge also demanded that he pay $4.5 million in restitution, which adding it all up, he's got to pay $14.5 million and spend three years in prison for what he did. And I don't like that the judge said out loud that he wanted to make an example of Gary. Does that kind of thing really work?
Darknet Diaries
136: Team Xecuter
To pick one guy you caught and give him a brutal punishment just because you can't catch the other people that were doing it? I don't know. Based on what I'm hearing here, $10 million is already too much of a punishment for what he did. And now a judge is saying, no, no, no, no, that's not enough. You need to pay an extra $4.5 million more and go to prison for three years on top of that.
Darknet Diaries
136: Team Xecuter
Is this sentence fair or is it cruel? And if the judge is saying things like, let's make an example of this guy and gives him more punishment than he deserves, then isn't that the definition of unusual punishment? Now, Gary is not a US citizen. He's a Canadian. So theoretically, if he's not living in the US, he doesn't have to make payments towards his federal crime.
Darknet Diaries
136: Team Xecuter
But Nintendo does not want him to slip out of paying them. So they put into the civil case that one, his wages will be garnished. That is anywhere from 10 to 30% of every paycheck he earns goes automatically to Nintendo. And two, that this is enforceable by law in any country that Nintendo has an office in. which they do have an office in Canada.
Darknet Diaries
136: Team Xecuter
And three, he cannot declare bankruptcy to have his civil fine removed from his debt. And while Gary was in prison, he already started making payments towards all this.
Darknet Diaries
136: Team Xecuter
He got out early, in March 2023. But since he wasn't a U.S. citizen, he was detained immediately by ICE and spent two months in an ICE facility before being flown to Toronto. And while that's where he lived for a long time, he didn't have a place to go. But lucky for him, he was able to find a friend who could put him up on his couch until he can get back on his feet.
Darknet Diaries
136: Team Xecuter
And Gary has some health problems now, so it's physically hard for him to get on his feet, actually. And while in prison, he got interested about being a freight broker and is hoping that he can get trained up on that and get a job in that. He hopes to someday also return to the Dominican Republic too. And he's just trying to rebuild his life from scratch.
Darknet Diaries
136: Team Xecuter
He's really, really, really just starting at nothing, slowly trying to make little progress every day towards having a stable life again. For Maximilian, he's still out there in the wind, but not particularly on the run.
Darknet Diaries
136: Team Xecuter
Gary would program software using the basic programming language, assembly, and Texas Instruments' own proprietary language called GPL. He'd make little programs on it to make the computer do more stuff. But then on top of that, he was also creating replacement parts for this computer. Because if something were to go bad, Texas Instruments wasn't making replacement parts.
Darknet Diaries
136: Team Xecuter
He's living very comfortably in France, and he posts pictures to Instagram all the time where he's going on trips to the beach and different French landmarks, and these photos appear like he's living a luxurious life. But he does seem to be confined to only stay in France. He knows that the FBI is looking for him, and he's just waiting for things to cool down. I have a theory about him, though.
Darknet Diaries
136: Team Xecuter
It's just a wild idea, but during his heyday, when he was making the most amount of money through Team Executor, is when Bitcoin rose the highest. And he did have some cryptocurrency accounts. In fact, in one article I read, his crypto assets were frozen, but it wasn't clear exactly which wallet or what accounts
Darknet Diaries
136: Team Xecuter
My theory and opinion is that he probably had some extra cryptocurrency stored somewhere that didn't get frozen, and it rose mightily during this time, and he just cashed out at the right time, which is giving him a nice, comfortable life. But that's just my theory. He might have other business ventures that he's working on too. But for now, he's just trying to lay low until the heat is off him.
Darknet Diaries
136: Team Xecuter
And who knows what his next idea is after this. I doubt he'll be so brazen though, because if he has to go to prison again, it's going to be very different than when he had to go to prison in the 90s when he was younger. I'll keep my eye out for him and see where he ends up in a few years. And how is Nintendo doing on this fine summer's day, you may ask? Okay, well, I was curious too.
Darknet Diaries
136: Team Xecuter
And since they're a publicly trading company, they share their profits openly for anyone to see. Their profits for the last year was $3 billion. $3 billion just in profit. Nintendo seems to be doing fantastic, but they continue to wage war against their own players all the time.
Darknet Diaries
136: Team Xecuter
In the last few years, Nintendo has been trying to put a stop to people playing in Super Smash Brothers Melee tournaments. First of all, this is a game that's 20 years old if it was for the GameCube, but people are still really into it. But Nintendo doesn't like that players are staging tournaments to play Super Smash Bros.
Darknet Diaries
136: Team Xecuter
Melee and have sent cease and desist letters and even threatened more legal action unless tournaments get canceled. They think that what they're doing is protecting their brand. But it's one of those situations that's like cut off your nose to spite your face sort of thing. The more they fight with their own players, the worse their brand gets.
Darknet Diaries
136: Team Xecuter
One of my favorite childhood memories ever was getting a Nintendo for my birthday and opening it up and playing it with my friends during my whole birthday party. Decades later, I still remember which friends were there at that party, what games we played, who was good at it. Pick any other birthday I had as a kid and I can't tell you a thing about it, where it was or who was there.
Darknet Diaries
136: Team Xecuter
But this one, I remember because Nintendo brought so much joy to me as a child that day. But now that I'm older, I can see now that Nintendo has a lot of growing to do still. A big thank you to Gary Bowser for coming on the show and sharing this story with us. Gary has set up a GoFundMe to help him get back on his feet. You can find a link to that and so much more in the show notes.
Darknet Diaries
136: Team Xecuter
And Gary loved this little machine and he knew how. So he would just get the parts and solder them together and make new parts like graphic processors and other hardware.
Darknet Diaries
136: Team Xecuter
If you like this episode, I have two more suggestions you really should listen to. Episode 92 is called The Pirate Bay, and it's one of the most popular episodes on this show. And it may just make you think differently about piracy. And episode 45 is called Xbox Underground, another very popular one. And it's about video game hacking.
Darknet Diaries
136: Team Xecuter
But the story that is around it is so crazy that you just won't believe it's true. So go check those episodes out if you haven't already. This show is made by me, the swanky tank, Jack Recider. Editing helped this episode by the fashionable assassin, Tristan Ledger. Proximity Sound recorded this interview with Gary and did the mixing for this episode.
Darknet Diaries
136: Team Xecuter
Our theme music is by the mysterious Breakmaster Cylinder. I played Minecraft for the first time the other day. Want to know what I think about it? It's a blockbuster. And it's groundbreaking. This is Darknet Diaries.
Darknet Diaries
136: Team Xecuter
Yeah, well, someone looked at this and they were like, hmm, I wonder if I can get my game onto Steam without having to go through any of that process. So they made the most boring game you can think of called Watch Paint Dry. And yes, in fact, if you downloaded and installed this game, all you do is sit there and watch paint dry. Surely a game this stupid would be rejected by Steam.
Darknet Diaries
136: Team Xecuter
He was manufacturing computer parts. And I find that fairly impressive. I mean, he was certainly ahead of his time to be a startup computer part maker in the 1980s, right?
Darknet Diaries
136: Team Xecuter
This is an interesting note that I want you to keep in your head. Gary was making programs for this computer and then working on ways to even improve the whole system, like making it work even better than intended and have more features and abilities. He was altering the computer so much that he asked Texas Instruments for permission to do this just to play it safe.
Darknet Diaries
136: Team Xecuter
And they were done with that system and didn't really care. In fact, they did a whole tax write-off to dissolve that whole arm of the company that was working on this. So they didn't mind him cracking it open and modifying it to his heart's content. They were fine if he even made money on his mods or software. And I think that's the way things should be. It's how we progress with technology.
Darknet Diaries
136: Team Xecuter
It's to improve upon someone else's code and someone else's hardware. And the improved versions take us to new places, and it becomes a new standard for how things work. So to me, this sounds great, that he was modifying this little computer to do bigger and better things with it.
Darknet Diaries
136: Team Xecuter
Fixing broken video game systems. This seems like an easy pivot for him. After all, a gaming system is simply a computer. It has a graphics processor, microchips, logic boards. Same as a computer, but there was a big difference.
Darknet Diaries
136: Team Xecuter
Well, this game developer started going through the steps on how to get a game into Steam. They first created a developer's account and was going through the process. But during those steps on Steam's website, there were some questions, and one of them was a drop-down menu that asked, what stage your game is in?
Darknet Diaries
136: Team Xecuter
I mean, is it really Gary who's going to the dark side to try to code these things or modify them? Or is it Nintendo going to the dark side by locking out developers and purposely making it hard for them to modify it in any way? Nintendo did not want people tinkering with their system. Adding things to it or writing any custom software for their system was just a big no-no for them.
Darknet Diaries
136: Team Xecuter
And I want to remind you that the NES system was just a little computer. It had a bootstrap, BIOS, firmware that all needs to load before it can execute a game. I mean, just look at the first version of the NES. It was called Famicom, which is short for Family Computer. It's clearly a computer. Now, when something failed on the Nintendo NES, it was very tricky to fix it.
Darknet Diaries
136: Team Xecuter
You might find someone who knows a few basic things that they can try, like maybe taking a part out of another NES and putting it in yours. But Nintendo wasn't helpful at showing you how these things were architected to allow you to fix it or buy replacement parts. So by hiding all this info made it extra hard for people to just fix their own systems.
Darknet Diaries
136: Team Xecuter
And it also made it really tricky to modify them, to improve upon them, to upgrade them. They also used weird custom hardware that was just crazy hard to find those parts. It's like these game system makers were anti-innovation. They did not want people to customize or add on anything special to their systems. Just play the games that we approve the way we want you to, and that's it.
Darknet Diaries
136: Team Xecuter
Don't try any funny business with your own computer. Was there... Was there pushback from the video game makers of like, hey, what are you doing getting inside our consoles? What's going on here?
Darknet Diaries
136: Team Xecuter
Well, this person decided to try submitting some answers that weren't in the dropdown options, which returned some weird results. And using that information, they were able to send data to Steam saying, the game is currently published. They basically skipped the first two steps where Steam had to review it and just trick the website into thinking it was published. And sure enough, that worked.