This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made.SponsorsSupport for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools.Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries.Sourceshttps://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-banhttps://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/https://archive.ph/Si79V#selection-66795.5-66795.6https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html
Was this after you went to prison? What was after when I went to prison? You had a million dollars in crypto? No, that was before. Well, I want to get into all that. Yeah, it's honestly a lot. Okay, well, this is good. I'm glad that your story is strange. Well, it's made for a movie.
It is very long and strange. And honestly, for me, I lived it and told it so many times that it's so normalized.
Yeah.
That I'm just like, yeah, I did this and that. And I went to federal prison for five years. They're like, holy shit. And I'm like, yeah, I know. It's crazy, right? Okay. Well, then I'm excited. There's a lot to cover. Yeah, I'm excited to do it. Do you want to start all the way? You didn't give me any kind of reference for how you wanted to go about this.
So I just want to get a verbal confirmation for... I don't know, legal reasons or whatever. It's okay to record this call to use on the podcast Darknet Diaries. Is that okay with you?
Yeah, of course.
These are true stories from the dark side of the internet. I'm Jack Recider. This is Darknet Diaries. This episode is brought to you by SpyCloud. For some people, ignorance is bliss. But for you, as a security practitioner, that's not the case.
I went to spycloud.com to check into my darknet exposure, and I won't tell you what it is, but spoiler alert, I found some things that are pretty eye-opening.
From breach exposures to info stealing malware infections, knowing what criminals know about you and your business is the first step to setting things right. Resetting stolen passwords and addressing the enterprise access points that have been stolen by malware helps you protect your business from ransomware, account takeovers, and online fraud.
With SpyCloud, you have a trusted partner to fight the good fight with. Their automated solutions, which is built on over 350 billion recaptured assets from the criminal underground, ensure you're not in the dark when it comes to your company's exposure to cybercrime. To get your full Darknet exposure report, visit spycloud.com slash darknetdiaries. That's spycloud.com slash darknetdiaries.
This episode is sponsored by Delete Me. In episode 133, I spoke to Connor Tumbleson about some people from who knows where who were stealing his identity. Luckily, they weren't out to destroy his reputation or extort him, but think of the damage that could be done. We all have data out there, which data brokers use to make profit.
Anyone on the web can buy your private details to do anything they want. This can lead to identity theft, phishing attempts, harassment, and unwanted spam calls. But there's a solution called Delete Me. I tried it and they immediately got busy scouring the internet for my name and gave me reports on what they found. And they got busy deleting these things.
It was great to have someone on my team when it comes to privacy. Take control of your data and keep your private life private by signing up for Delete Me. Now at a special discount for my listeners, you can get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code DD20 at checkout.
The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code DD20 at checkout. That's joindeleteme.com slash darknetdiaries code DD20. Explicit content warning. This episode has some language in it that might not be suitable for all audiences. Okay. Hi. Welcome to the show. I want you to meet a fellow named just, well, let's just call him Default.
As a teenager, I was in Newport News, Virginia with my dad. He worked for the government, so...
So as a teenager, what was your relationship with the government? Were you politically active? Was your dad politically active?
No, not whatsoever. I didn't pay attention to that kind of stuff when I was younger. I was just a nerd, you know, liked to play video games, was very active in sports. Very active in sports, actually. I used to play like four soccer teams year round and was big into like competitive video games, like Halo, Call of Duty, even Super Smash Bros.
Eventually, if you're into gaming, you stumble down the rabbit hole of finding hacks to increase your experience in the game, whether it's modding or JTAGing or whatever it may be.
So as a teen, he was playing RuneScape. And one day he got in an argument with someone in the game who threatened to hack him. And suddenly, his computer went to a blue screen. And when it booed up after that, that's what got him interested in hacking.
Since as far back as I can remember, I've always had a very inquisitive mindset. Like, extremely. I always questioned everything. And not just questioned everything. Like, I wanted to know how things work. I'm like... Why does this happen? How does this happen?
This led him to understand that you can get computers to do things that you shouldn't be allowed to do. He got curious and wanted to learn more about how they work. Then one day his mom grounded him. Banned from the internet for a week. Well, curious little default, tried to crack his neighbor's Wi-Fi and sure enough was able to do it. And he got back online.
That was like It opened my eyes to the possibilities that I'm not even aware of. I'm like, I want to know more about this. My mom just took away my internet. I just downloaded this program, hacked my neighbor's Wi-Fi, and I'm back online within like 10 minutes. And to me, that was so powerful. I took the power back from my parents or whatever. And so I started delving deep into this stuff.
An AltaVista search about hacking might have led you to a message board. And the message board would have introduced you to hacker tools. And those tools might be made by a certain group of people. And those groups would be present on IRC, a chat room. Getting in the chat room might not be so easy, though. It might be invite-only.
So you got to message the channel operators to ask permission to join. But they'll deny you because they don't know you. But you notice the person who denied you to get in is also in another chat room. So you join that one to see what's going on there. And you eventually find your way into some hacker chat rooms. Now, the year was 2008.
And being on IRC and in hacker chat rooms in 2008 was a very, very special time and place to be. Those who were there will never forget those years. In fact, the whole world will never forget what happened then. This was the heyday of Anonymous. And Default found his way right into the heart of it.
Even when I look back now at quote-unquote Anonymous, I still cringe, but I still feel like it was necessary. It was like a necessary stepping stone in the hacking collective, conclave, whatever, to get to where we're at today. It was necessary. It was people congregating for similar belief systems and standing up for something. It had its place in time.
The anonymous chat room was a hot mess. The biggest disaster of a chat room you've ever seen. Whatever you can imagine is the most awful picture ever. Double that. And then spam it to the chat room. That's what was going on there. Gore, brutality, pornography, vile and disgusting imagery.
It was kind of a hazing experience that you had to get through in order to find your way deeper into anonymous. Sometimes new people would be asked to eat a stick of butter or a tube of toothpaste on camera to prove yourself. Because here's the thing. Cops, feds, journalists, security researchers, and normies would show up in these chat rooms.
And if they pop in to see what's going on, and it's just full of gory imagery, a lot of them can't handle it. They might vomit even and then just nope, right out of there. Spamming the most graphic and awful pictures was like a firewall of some kind.
But if you could tolerate it, building calluses on your eyes and start talking with people through the noise, you might be welcomed deeper into the pockets of anonymous.
It was a double-edged sword. Yeah, we're all anonymous. But so are the, you know, the feds that are infiltrating it that you don't know about. So that's why all of the really elite programmers and hackers spawned off into their own little small groups where they can vet the members and make sure that they're not feds.
Like, oh, well, go hack this website and basically commit a crime to prove to me that you're not a fed. Whereas Anonymous is just like, you don't know who's in here.
This made the edges of anonymous even more fuzzy. New groups were forming out of it, and they had their own ideas and agendas. And they'd look back at the anonymous chat rooms and think, those cats are cringe. We don't want to be affiliated with that stupid stuff. We're our own group. And IRC hacking groups would come out of anonymous. Some were loosely affiliated.
Some were even anti-anonymous themselves. There was infighting too, doxing people from other anonymous groups and other hacking groups. It was a real mess. Some other groups that were springing up in that time coming out of Anonymous were like LulzSec, Team Poison, UGG Nazi, HTTP. And some people in these groups were getting arrested and then working with the feds to catch other hackers.
Things weren't safe. You always had to be looking over your shoulders in these chat rooms. You just didn't know who to trust in there.
It became very obvious, like, we need to move more underground and meet people. be a lot more selective with the individuals that we're interacting with on a daily basis. I moved on to basically doing stuff myself and becoming associates with other hacking groups. I started learning from Team Poison, MLT, I actually knew Trick, too. I don't know if you're aware of who Trick was.
Yeah, in fact, I do know who Trick was very well. I did a whole episode about him called Team Poison. That's episode 109. But the scene was so hard to navigate to know who to trust. It almost became a thing that if you were hacking into stuff, breaking laws, then you were trusted. You must not be a fed if you're able to break the law. Everyone else keeps them at arm's length.
Now the thing is, at this little time and place in the world, hacks were happening everywhere you looked. Some from anonymous, some from anonymous adjacent, some from crews that were anti-anonymous. But what was their motivation? Some were politically motivated. Some wanted to get revenge. Some wanted to amplify a cause or an idea.
And if you deface a big website and write with big letters on the front page something about your cause, it brings more awareness to it. Default was hacking into stuff too. But what was his motivation?
So I didn't really develop any kind of like altruistic ideology for a little while. It was more just all curiosity based and learning. I was obsessed with learning more and more as much as I could because I thought it was so intriguing. You know, if I could shell this website and then if I can root it and then if I can like get access to all the other subdomains.
It was really just a bunch of challenges. So I always was just pushing myself to learn new things.
Okay, I see. He's interested in learning, and his crime is curiosity. It reminds me of that scene from the movie Hackers, which came out in 1995. Listen. This is our world now.
The world of the electron and the switch, the beauty of the bond. We exist without nationality, skin color, or religious bias. You wage wars, murder, cheat, lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. I am a hacker and this is my manifesto. Huh? Right? Manifesto?
You may stop me, but you can't stop us all. Now, even though that's a scene from the 90s movie Hackers, that manifesto was actually written in 1986, a full 20 years before Anonymous would start making a name for itself. Yet it feels like that's absolutely something Anonymous would say.
So I joined into a group called Anon Ghost, which there were some really competent people in there. But as time progressed, their leaders started becoming radicalized members supporting ISIS. So I had to diverge away from them. And then I joined a group called Anon Sec, which people, I hated the name and wanted to change it because...
it got associated with anonymous so much and i had like a disdain for anonymous at that time like heavily because that's not where the most technologically advanced hackers were at like none of them are in anonymous and that really bothered me that some of our hacks got attributed to anonymous um i eventually ended up like taking over the group um
But I think that's where I started to get more politically motivated and we did a whole bunch of different operations. I think one of our first one was
Operation Detroit, where they were having, you know, it's like really similar to the Flint, Michigan issue with the water, but it had more to do with the corruption in the government there and the fact that they have a really messed up system for how their water is distributed.
Okay, so this was a big deal. Default and the crew he was in wanted to take out Detroit's water payment system. Someone in the channel suggested they hit the site with Loic, the low orbit ion cannon. And this is a basic tool, you just point and shoot it, but it floods the target IP with loads of traffic, overwhelming it, so it can't handle legitimate customers.
Sometimes it'll even drop dead from the flood of connections. But then someone else is like, nah, screw Loic. That's lame. And it isn't safe. Let's use Tor's hammer. And so someone started passing Tor's hammer around the chat. And this also floods the target with a whole bunch of traffic. But it uses Tor to route all the traffic through it, hiding where the attack is coming from.
So the members all fired this up and together launched an attack on Detroit's water payment system. And immediately it went offline. No one could pay their water bill.
So that was our first segue into politically motivated stuff because it pissed me off. And it was like, we can actually do something about this. It's like, okay, well now nobody's going to pay you. So you're not getting any payments. So what are you going to do now? And honestly, we kept that part of their web server down for I think two months. So I'm not really sure...
the equivalent of financial laws that they had for that. But it was significant enough for them to make announcements and changes and launch investigations into who was doing this. And actually, one of the members of our group got arrested for this.
There's something empowering about pulling off something like this. You feel like the world bends to you and your whims. There's a shift in control, and that control can become intoxicating.
It was just kind of like us sitting around in our IRC chat rooms and being like, well, what pisses you off? Or what do you hate? And I remember somebody being like, I can't stand pedophiles. I think they're like the scum of the earth. And I was like, yeah, I think everyone could agree with that. I think everyone can get on board with this.
Hmm. Pedophiles have been sort of hated universally within anonymous. In these chat rooms where anything was allowed and free speech rules, pedophilia was not allowed, which I've always been fascinated by that. That's the common denominator that everyone agreed on. It didn't matter what group you were in or political affiliation or cause that was important to you. Pedophilia was wrong to everyone.
Which you might think, yeah, duh, of course that's wrong. Draw that line. But why there? Why not ban pictures of murdered people? Or pictures of people having sex with animals? Or pictures of torture? All that was approved. Hell, there was a video of two girls eating poo, which was a real big hit in these channels.
Like nothing you could possibly present to this crowd shocked them or made them care. Except pedophilia. That was going too far. So imagine, if you will, being a teenager, having these hacking skills, looking around for something to use it on, and seeing that everyone hated pedophiles. All the hackers on all the channels, the cops even, the normies.
There was even a TV show called Catch a Predator where they'd set up sting operations for pedophiles. It felt like if this is who you wanted to try to hack into or mess with, the universe was on your side. It felt like what you were doing was right in every way. It was helping the world, and nobody would say you're wrong. Yet at the same time, hacking feels so counterculture and rebellious.
This is a powerful cocktail to be mixing up as a teenager.
You can go onto the forums where they don't, like, post, and they just, it's all text. And... You know, you find out where they're messaging people, whether it's on like, I don't know, like AOL or whatever it may be. And then you get their handles and then you go, you know, create, you know, all accounts and then interact with them. Kind of like set them up, basically.
And then you send them a file like, hey, oh, yeah, I'm. I would love to hang out, yada, yada, yada. They're all excited. And then you're like, here's a picture of me or here's a video of me. And you put some malware in it. And, you know, it could be very simplistic. I just need a port. I just need a back connection into this guy's computer.
And then just download everything that he has and get all of his location data and pretty much dox the guy. And then just send it to his local authorities. And we would check up on these people and a lot of them would get arrested. And it felt good, you know, like you making a change in the world, making the world a better place.
Like, you know, people preying on children is just like, it's one of the worst things that somebody could ever do.
Getting pedophiles arrested meant getting respect among the hacker groups, which meant getting more members. Things were progressing for them, and their hacks got bigger.
This is one of the ones that I think I'm the most proud of, I could say, was Operation Denmark. So bestiality was not banned in Denmark, okay? That's generally banned everywhere. So...
i guess a lot of sickos were taking advantage of this lack of you know laws against bestiality there there was literally dens and like private places you can go and people's like animals were going missing and they were ending up in these like they called them dog brothels so sick it's so crazy and
I had a dog, so that really pissed me off just thinking about the fact that like, what if, you know, being trying to be objective and be like, well, what if someone took my dog and that happened to my dog? I would freak out. So we I think we took down the official Denmark government website and then we actually defaced it. and said, did you know that your government allows bestiality?
And there's bestiality dens where people can go and pay money to do these things to animals. And most of them are like people's pets. And a lot of people weren't even aware of, like the average person was not aware of that because they're just going about their lives. So everyone freaked out and it was like all over the news.
Jeez, mate, you got me fact-checking the weirdest stuff in this episode. Okay, so he's right. In 2014, it was legal in Denmark to have sex with animals, and there was some weird-ass animal sex tourism going on over there. Because like a year earlier, Sweden and Germany banned sex with animals. So it was like a weird moment where some places it was illegal and some it wasn't.
And yeah, shortly after this hack, Denmark changed the law. They made sex with animals illegal. And I can't tell if this hack had anything to do with the laws changing, but the timing is very coincidental. Now, stuff like this, hacking into places, making the news and getting people arrested and stuff, it's like a drug.
Yeah, the sleep schedule didn't exist. And it is, I would be lying if I didn't say it was exhilarating and like gave you a sense of power. And, you know, you start to crave that rush of serotonin. It's just like, you know, you get so worked up and you're like, this is... So awesome. This feels great.
You know, not only are we doing something good, but it's exciting and I want to do it again and again. And sometimes like it's like you're almost like you're chasing a high and that can like lead you off the trail.
Let's take a quick ad break, but stay with us because when we come back, we're going off the trail. This episode is sponsored by Arctic Wolf. Arctic Wolf, an industry leader in managed security operations, surveyed a thousand security and IT professionals across the globe to better understand them. What are their top priorities, current challenges and future concerns?
This survey revealed some startling findings, and you can discover them all in the State of Cybersecurity 2024 Trends Report. Learn why the number of insider threats spikes severely, what lessons can be learned from the year over year change, and how many organizations disclose a breach. and what cyber attacks struck 70% of organizations.
Download the State of Cybersecurity 2024 Trends Report today at arcticwolf.com forward slash darknet. That's arcticwolf.com forward slash darknet. Okay, so Default was on a path. He didn't know where the path was taking him, but he already made his way through Anonymous and into different hacker groups. AnonSec was the group where this first exciting stuff was happening.
He kind of took over that group. But do you realize there's a whole infrastructure to these hacker groups? There's data stores to keep records of the stuff you collected or the passwords you've cracked. There's a tool shop to quickly grab hacking tools and how to use them. But to build on that infrastructure, they decided they needed to build a botnet.
A botnet is just having control of a bunch of computers. You typically try to infect a huge swath of IPs and hope that a bunch of computers get infected and become under your control. But the reason why they wanted a botnet was to route their attacks through it.
Instead of malicious traffic or connections coming from the non-sec members themselves, they set up this botnet to pipe their traffic through someone else's computer to get to their targets. But when you infect a bunch of computers with a botnet, start to get curious. what are these computers that are in our control now?
So all these different devices that are part of the botnet, you know, just like going through and like seeing where they're at or, you know, what they have access to. And some of the stuff that randomly would just get popped would be like an Apple TV, an Iranian WiMAX base station for like cell phones.
One of these servers belonged to the Windsor University. This is a medical school.
And, you know, you just pull it up and I start looking and I'm like, oh, this is some kind of institution, university. So pull up the URL, check the domains, go to the homepage and... you know, can easily access the admin panel. And once I log in, just pull up the finances of all the people and all the debt they have.
I saw a screenshot of this. He was in the admin panel of the university. And there, in front of him, was a list of all the students who owed money to the school. And it all added up to $9 million. And he started to think... Could I? Should I mess with this?
These people might, you know, really enjoy having their slate wiped clean, as it were. If you look, some of them owe a substantial amount of money, you know, like $70,000. I think some people owed like upwards of like over $100,000. It's a lot of money, you know what I'm saying? It's like perpetual debt that sometimes it just lasts for decades.
There were 391 students listed here. He scrolled to the bottom of the page. And there was a button. Delete all? Why was there a delete all button? I have no idea. But there it was.
So, um, just deleted everything. I went into the PHP shell and just sent everything to DevNull and just shredded it. So whatever I sent there is just not coming back.
Wow, crazy. How do you feel after that?
You feel good. Whenever you can make a positive impact in people's lives and the power of doing that remotely from your house is just like... It's like almost intangible, like the amount of power you can exert over the internet. It's something that your average person just will never understand.
Default kept going further down this path, getting into place after place. And the places he was hidden were starting to really add up.
I mean, literally anything from banks. Like I said, Apple TVs. We landed inside the Netherlands defense gateway. Like, what? Y'all have the default SSH password set? Like, you just haven't done anything with... Okay, cool. Cool. more schools, school of computer and intelligent systems, host providers. That was really cool. It was honestly like a gold mine.
because we could literally just like keep spinning up virtual private servers whenever we need. It's like free web hosting, free storage space. Stumbled across a weird NSA Skynet program on a serious adventure server by like also like was co-hosted with the US Air Force. Super weird stuff. We're sitting on an admin login panel for Coinbase, which had access to hot wallets. Very scary stuff.
Thankfully, we didn't do anything with that. The Twitter and Facebook zero days, it was both just like a four digit pin reset.
Now, each of these have their own story and I've listened to him tell me some of these himself and they're insane. And I'm sorry I can't include them all here. But I do want to stop at the Facebook login exploit he had.
I became kind of obsessed with like having the tightest object that I could have because I didn't ever want to get caught, obviously. And that kind of led to my arrogance also of being able to Literally, I got to the point where I thought I'd never be caught no matter what I did. And that just opened the door for doing anything hacking-wise.
I didn't care if it was Facebook or Twitter, which we had a zero day on and could access anyone's account.
What they did was get a Facebook username and then try to log in as them, but then say, oh, I forgot my password. And at the time, Facebook would then send you a four-digit code to your email that you had to type into the site to prove it was really you. Because after all, if you had control of the email that was registered to this user, it must really be you, right?
Well, it was a four-digit code, which means there's about 10,000 possibilities of what it could be. And these guys learned that they could just keep submitting codes to Facebook over and over and over, cycling through all the possible four-digit codes until they found the one that worked.
And they could do this pretty quickly, too, and just reset anyone's password that way and then log into Facebook as them.
I mean, we got into big accounts. Like, I got into Seth Rogen's account. Got his cell phone number and called him just to tell him that I love his movies. And he was like, who is this? And I was like, I'm just a big fan. You're hilarious. He was like, click. Completely deactivated his cell phone like 10 minutes later. Cardi B before she really blew up. Chief Keef, which...
He was honestly really cool about it because we gave him the account back. We gave all these people the accounts back. We had no malicious intent. It was just fun. It was a challenge.
So while all this started out as fun and a challenge, over time it morphed. I mean, how can one feel this kind of power and then watch the news and see everything wrong in the world and decide not to use this power to make change? I mean, it really is like a superpower to just topple over a computer or get inside a system that isn't yours. With great power comes great responsibility, right?
I think it was the Snowden release that just like kind of like set me off where he was talking about the prison program and how literally it's not a conspiracy that people have been like saying the government is spying on everyone. They're like, oh, you're it's like, nope, actually, if you could see here through these
very classified documents that they are literally rag netting every single packet in the United States. And they've co-opted all of these companies through the PRISM program. And all of your data is ours. And we're building a giant storage facility to keep all this forever. So if you ever become a potential threat to us, we'll know everything about you.
So it really just set us off and kind of just gave us this mentality like, okay, so basically you're hacking all of us. So we're going to start targeting y'all and start showing that we can do to y'all what y'all are doing to us also. And that nobody's immutable. And we drove that point home very hard.
like literally sat around and came up with lists of high-level individuals in the intelligence community and then just started targeting them one by one.
What? What the hell? They made a list of people to hack into that were high-profile members of the intelligence community? This just went up to 11. I... Okay, at this point... I mean, I'm fascinated by this because I'm always surprised how high-profile people in government pretty much dox themselves, right?
They give their real name and talk on TV, and they have a phone number to their office, email address, physical address. All this stuff is public information. We know who their boss is. Chances are there's a Wikipedia article on them listing all this, or there might even be a whole biography written about them.
And yeah, I always wondered, doesn't that make them extremely vulnerable targets for attacks? Oh, I am so glued to the story right now.
Okay.
Let's back up a second. At this point, Default has left AnonSec, which didn't affiliate itself with Anonymous at all. In fact, they were anti-Anonymous, but Anonymous seemed to get credit for everything they did since it was called AnonSec. He was sick of that and left. But he knew people in this little pocket of the internet. And a group that he thought was doing some cool shit was CWA.
And this stood for Crackas with Attitude. And the head of CWA was a guy named Cracka.
Started talking to him and we just like were on the same page about being really pissed off about the government and also a lot of the things going on in like the Middle East. Just a lot of injustice in the world. Just kind of... Kind of just like pissed off, you know. I wanted to like direct that somewhere for like a greater good as it were.
So he starts hanging out with these folks from CWA and joins in on their hacktivism.
And that ended up being exposing the lack of security within our own government. We are very vulnerable and the people running the show are not practicing proper operational security whatsoever either. So we're going to show the world this and it was actually really easy. Like it was not super advanced.
Most of it was just social engineering and then taking that initial social engineering information we gathered and pivoting. and leveraging that information.
Who was one of the first ones you targeted?
It was James Clapper. Yeah, James Clapper was numero uno. And he's the director of national intelligence.
What the hell? This would be a strong no for me. I would be out. You can't attack the head of U.S.
's intelligence agency like this and expect everything to be okay. I mean, I don't care how good your OPSEC is. Hide behind five VPNs. Use your neighbor's Wi-Fi. Use Tor. Move to an underground bunker. It doesn't matter. If you make it personal, they'll make it personal. They will find you. But at the same time, defaults with seeing stupid stuff on the news. Listen, this is James Clapper.
What we do not do is spy unlawfully on Americans or, for that matter, spy indiscriminately on the citizens of any country. We only spy for valid foreign intelligence purposes as authorized by law with multiple layers of oversight to ensure we don't abuse our authorities.
The Snowden leaks. clearly proved otherwise. The NSA was grabbing metadata off of millions of Americans' phone calls. This is spying on regular, good-standing Americans. And to hear James Clapper say otherwise meant that some were accusing him of criminal perjury, lying under oath, This enraged default and cracker. Our leaders were caught in a lie. What more can we find on them?
But Krakow was the one who acted on this. I believe he acted alone, actually. Krakow got into the online account for James Clapper's internet and phone service. Somehow, from there, he was able to get Clapper's wife's social security number and posted that publicly. Then he routed all the calls coming into James' phone to a free Palestine hotline. Krakow posted proof of all this to Twitter.
I gave him a head nod. Like, dude, that was a sick hack. Like... like, respect, like, started talking to him. I was like, that was awesome. You really exposed this guy.
James Clapper was actually not the first person from the intelligence community that CWA hacked into. Their first was Homeland Security Secretary Jay Johnson. Krakow got into his Comcast account somehow. And Default was seeing all this and chatting more with Krakow.
So we just started to, like, actually sit down and think of different people that... We should hack.
Together, they teamed up. And, well, you know what? I'll just let Lester Holt from CBS News take it from here.
Good evening. Did a high school student really manage to hack his way into the personal email of one of this country's top spy bosses? Federal agents are urgently trying to answer that question tonight after what appeared to be private and possibly sensitive information was posted online.
Given the high profile of the target of the attack and the relatively low-tech method used, it's both a disturbing and cautionary tale that NBC's Pete Williams picks up from here.
The apparent victim isn't just any American or government official. It's John Brennan, the CIA director since 2013 and a longtime key player in the U.S. intelligence community. A man who says he's an American high school student claims he hacked his way into Brennan's personal AOL email account by fooling Verizon and AOL into revealing enough information to reset the account password.
Hello guys, this Twitter account is going now, the apparent hacker says, posting what appears to be an actual spreadsheet of names and emails of current and former intelligence officials. The hacker blanked out their social security numbers. The hacker also says he got into the Comcast billing account of the Homeland Security Secretary, Jay Johnson.
This was the personal email account of Brennan, not his government account, and it appears no classified information was compromised.
Okay, so tell me how you got into John Brennan's account.
John Brennan's account, if I remember correctly... Okay, you know what?
I'll help you out. I mean, the year was 2015. Who remembers little details like this from eight years ago? My research shows that they first found John Brennan's mobile phone number. And they did a mobile number lookup and discovered he was a Verizon user. So time to put on the ruse.
They were going to call up Verizon, pose as a technician on site trying to help out a customer, John Brennan, but for some reason were having trouble. So they called Verizon asking for help on his account. Verizon is like, what's your employee code? They made one up and it worked. The support technician at Verizon asked, well, why can't you just get into the account yourself?
And they said, the tools are down and we need to get this going quick because the customer is waiting. So the support technician was like, okay, sure, I'll help. What do you need to know?
And this is how they got John Brennan's Verizon account number, his four-digit PIN, a backup mobile number to his account, the email associated to his account, which was an AOL email, and the last four digits of his bank card. Now that they had this extra information on him, How can they leverage that to take this a step further?
Well, they know his AOL email address, which when you log into AOL, the username is the email. So they had John Brennan's email username, but not the password. Hmm. Well, time to call AOL. So they called AOL, this time acting like John Brennan. Hi, I've been locked out of my email account. Can you help me get back in? Sure, Mr. Brennan, but I'll need to verify it's you. Okay.
Can you tell me the last four digits of your credit card number? Why, yes. Yes, I can. Because they had this information from the data they got from Verizon. Clever, clever. And so when they gave this information to AOL, this let them reset his password and get into John Brennan's AOL email. On October 12, 2015, they gained access to the inbox of the director of the CIA.
They started looking through his emails, reading one after another, looking at attachments sent. One attachment had a list of U.S. intelligence officials, which included their social security numbers. Why in the world was John Brennan using his AOL account to send emails that included social security numbers of U.S. intelligence officials? This is such bad OPSEC. Why, director of the CIA? Why?
You know better. I think it just goes to show that no matter how much you know about privacy and security, we're still human and screw up this whole security thing.
This AOL email account had not only stuff about the war in Iraq and Afghanistan. I have no idea why he also had his SF-86 form in there.
Ooh, this is no good. The SF-86 form is the form that you fill out to apply for secret clearance, which means it has your entire background listed clearly in the form. Social security number, email address, telephone number, place of birth, aliases, passports use, prior addresses, names of your neighbors, what school you went to, your military history, past employers. It's everything on a person.
And now default and cracker had it all.
So you call Teresa password and it does not matter if you sound like a 14-year-old girl on the phone. You got the CI director's social, like you have to be him. I mean, I don't really have a choice but to reset the password for you. It was over.
Unreal. And Krakka's just posting this stuff straight up to Twitter as Krakka. And it wasn't just these two guys in CWA. There were some other members there for the ride, but Default was suspicious about one of the members in CWA.
He had somehow eluded Capture when he was involved with other groups that mysteriously went down after he had joined them. Also, there's a lot of psychological flags, like red flags, just like trying really hard to befriend us. You know, it was kind of like weird, kind of obvious. And then when I actually publicly called him out, he became a completely different person.
And that was just another confirmation. It is hard to understand, you know, fully my train of thought of thinking that we would get away with this, but after some time we knew that we weren't going to get away with it. So we just like mashed the gas and we're like, you know, let's hit as many as we can before it's over. And it did like really, they had to issue a memo because
They were probably terrified because it was vast. It was like upwards of like 10 or 11 people, all within like CIA, FBI, White House, DOJ, Department of Homeland Security, Quantico, and then defense contractors. So that was, it was pervasive and terrifying. far-reaching to all arms and subcontractors of the intelligence community. They were like, what is going on?
Yeah, we're actually calling some of these people too, by the way. I actually called John Brennan on his cell phone.
What did you say to him?
I told him he was a piece of shit. And he asked how much money I wanted. I said, I don't want any money. I want you all to stop being so corrupt and committing crimes while prosecuting people for the same stuff y'all are doing. So hypocritical. Basically, y'all are awful people. Really. You're not doing any net positive things for the world. You're just not. And He was audibly shaken up.
I could hear it in his voice.
Well, I mean, just a random phone call is not going to be that big of a deal. But did you say, I've also got access... It was his personal cell phone number.
We read his social security number to him. You know, if you get a random phone call on your private cell phone number that nobody except for a select few people is supposed to know about, and some random kid reading you your social security number, I would imagine it's a pretty jarring experience.
They were so relentless that people started going into hiding.
At the time, the threat level was literally unknown. He was very stressed out. It's like the extra security they had to hire to relocate the CIA director and then the deputy director of the FBI to a secure location because they didn't know at the time what the threat level was. They had no idea who we are, what we were, what we were affiliated with, what our purpose was.
We were some kids, literally, and just pissed off at the government. But they didn't know.
At some point, they got into Amy Hess's account. She was the FBI Executive Assistant Director for Science and Technology.
Like, once you log into the portal, you can see the connected TVs. And honestly, it's like... I think it's hilarious because I think it reminded me of something out of a movie like Hackers.
So we played that movie. I think what they did here is they called up Comcast pretending to be her and get her password reset. And yeah, it worked. And once they got in her Comcast portal, they were able to control her TV at home. And they just started playing the movie Hackers on it. This is a problem with connected and smart devices. You're not the only one who can control them.
Amy claimed she suffered from psychological damage from this. And once they got into someone's account and messed around there, they just went down the list to the next person.
Jenny Psaki, the White House spokesperson, literally just, I took that upon myself because she was calling Edward Snowden a traitor, and that triggered me so hard. I was like, I have to hack this lady. Like... I know that maybe these aren't her words and she might just be reading off of a sheet that they want her to say, but I couldn't stand to hear that kind of stuff.
These guys were just ripping through all these high-level people's accounts. It was insane, the people that they were able to breach. But at some point, the two started talking and realized, wait a minute, we have all this information on U.S. intelligence members. What databases do they have access to?
And this turned their attention to LEAP, which stands for... The Law Enforcement Enterprise Portal, it had the information on all FBI agents in the United States, like personal information.
So somewhere in all this, they hacked into Mark Giuliano's accounts. He was the deputy director of the FBI. And using his information, they were able to leverage that to get into Leap, which I think is really taking this to another level, to basically pose as the deputy director of the FBI to access a database that only officials should have access to. I don't know.
This just seems crazy to me that this can even happen. Because why is this Leap database even accessible from the internet at all?
Yeah, and I think because they have agents all over. They could have taken security measures, but I think it would have been too much trouble for them. I'm like, y'all just really don't care. Yeah.
Mm-hmm. That sentiment right there is what I think fueled Default to go further. This idea that the U.S. government thinks that there's some elite hacking force able to break into anything and steal anything, yet has a database of FBI agents' personal details on a public website, which is vulnerable to a teenage social engineer to be able to get into it.
They wanted to put their thumb right in the eye of the government and make it hurt. How can we trust you with our private data if you can't even protect your federal agent's data? Why is the Department of Defense hacking into things instead of defending their own network? On top of that, why is the world even like this at all?
Why is security so bad everywhere that the intelligence community can't even secure their own stuff? So Default and Cracker got into the Leap database and downloaded all the information they could on as many FBI agents as they could. Okay. But what are you going to do with this?
You know, hit up WikiLeaks. And it was Julian at the time running the account. And he's very interested in it, obviously, as he always is. And it happened very fast. He was handed it over, and he published it all, including his SF-86 form and the documents about the war in Iraq and Afghanistan, along with the leaked data. It's still on the WikiLeaks website, if I'm not mistaken.
The CIA director's personal emails posted by WikiLeaks after cyber criminals said they'd broken into his AOL account.
I don't think WikiLeaks posted any of the stuff from the Leap database, but they sure did post John Brennan's information. They got into other databases too.
Jabs, the joint agency booking system, everyone that's put into that from county, state, and federal level in the prison system.
Yeah, okay, so any person who's put in prison is in this system. And they found access to this very useful. They were doing things like looking up other hackers that were caught and keeping an eye on them, like trying to figure out, did they become informants? But also they were suspicious of some of the other people in CWA, and there might be an informant within them.
So access to this system was kind of like a way to run a criminal report. on anyone you wanted very quickly. So they were just downloading stuff from these databases and looking through it. And that's when they found in these databases, there was a bunch of information about the Miami-Dade Police Department. Let's talk about Miami Police.
Yeah, that was another one. The Miami-Dade Police, at the time, I really didn't care. I just like, that was towards the end of the run. It was just like, all bets are off. You know, it had gone all the way down the rabbit hole. I had just become very disillusioned with people's complacency and their lack of care for what was going on.
So it's like, we're going to bring attention to this with chaos and mayhem.
So what happened to the police department? Now we got your motive. What did you do? Oh, well, we...
dropped their docs, pretty much. This time it wasn't WikiLeaks, though. I'm looking at a tweet here, which has a link to Pastebin, and in there is a list of 80 Miami police officers. Their name, title, phone number, and email address.
Like, me and Crack are talking, and we're, like, both, like, physically, like, shaking, because it's, like, terror and excitement at the same time. You're like, I'm accessing a top-secret database, holy shit. I'm going to get caught, but this is exhilarating. I don't really like, like, what do I do? It's like, okay, we're going to drop this database. Okay, what else are we going to do?
It's like, I'm about to get the fuck off this thing.
At the time, Krakow was just a teenage high schooler, but Default was in his 20s.
Yeah, I think I was like 23. And what was home life like? It was terrible, really toxic. You know, I live with my dad. Living there was really bad, which I think kind of like fueled some of this. Just like no oversight, no real father figure to like tell me what to do and what not to do. So it's just like bets are off. I'll do whatever I want. Really, it became like my whole life.
Hacking really did. It was like, go to work, come home, hack. Go to work, come home, hack. It was just all it was. It got to the point where I estranged myself from all my friends. And they didn't know why. Because I never told them. And, you know, you can't. That's just part of it. It's this very lonely existence. You know, especially if you're like committing all these crimes.
At that time, I had a significant amount of money in Bitcoin. And I really just thought, you know, that was actually a key factor in like all of this. Like money was no longer an issue. So now what? You're like 22 years old and you have several million dollars in crypto.
Yeah, let's talk about that then. So how'd you get those several million?
Literally, mining and buying since 2011. I was so early to getting ASICs. I was like, oh my God. And these things were like 30 to 40 times more powerful than the average graphics processing unit at mining Bitcoin. So yeah, started mining a lot of Bitcoin.
So John Holdren, I have written down here that someone tried to swat him.
Yeah, not me. Honestly, I don't even remember him getting swatted.
So the idea was posing as him to call the police from his phone.
Oh, the police shit.
And then saying there's a violent incident here and then them coming to his house.
Dude, that pissed me off so much that that even got... Contributed somewhat to me because technically, a conspiracy is if I know about someone committing a crime and don't instantly go tell on them, I'm complicit. So it's like, because I was in the chat room with one of the people while they did this, now I'm a party to the crime. I'm like, what the fuck?
I don't even want to be a part of the swatting. I hate that shit. People have died from that.
There was some sort of current.
There was an undercurrent of people online at the time that you were mixed up in that was also very involved in this sort of thing. Talking about Anonymous, for example. Anonymous was always calling out injustices of the world and threatening this and that because people were just being evil. And it felt like being part of that was the winning side.
You're doing what's morally right.
And I don't know if that exists today.
I think today we've kind of lost that pulse.
The empathy is at an all-time low. Just like caring for your fellow man and the bigger picture. But people have just become very complacent and would rather just like,
be content with the way things are and that's a dangerous road to go down because while that's going on i can assure you that the nsa and you know the five eyes and all these other people that are colluding together are not being complacent they're actually you know getting more aggressive with the spine and the hacking
And, uh, I think it was like rule 41 pass where it's like, they can just like literally hack people now. Like they don't need to go physically kicking your door. Like, no, they can just hack you. And I'm pretty sure that's how I got caught is that the NSA got involved and I know I got hacked two days before I got raided.
Well, let's talk about that. So how do you think the, uh, How did they catch you?
It's threefold. There's three things that contributed to it. Because the official shit that they say is so fucking hilarious because I never used my home IP address. I had a giant Wi-Fi satellite dish that could reach up to a mile away. So I was usually using the Dairy Queen that was like a half a mile away. It had free Wi-Fi. So their bullshit answer of,
Oh, well, we pulled Twitter logs and he had his IP in it. No, I didn't. I've never fucking used my home IP address on that Twitter account. That's why I bought this. So I would never do that. I was so overkill on my obsec. It was a process. Literally, my hard drives for my desktops had to completely de-encrypt, which took like 30 to 40 minutes. And then I don't have...
internal Wi-Fi cards in my laptops or anything. I have to connect it to stuff so it's not automatically connecting anything around me. Super paranoid, dude. I mean, you kind of have to be. And then after that, I'm connecting through Tor nodes in my botnet. I think it was threefold. One, I know was a contributing factor. 100% because he told me.
one of my friends who i thought was my friend and this is crazy over a female of course what had happened was i ended up hooking up with a girl and i had asked him prior to this i was like do you mind it's like you dated her a while ago whatever do you mind if i like hook up with her talk to her whatever he said no i was like okay well i asked you so like
Speak now, forever hold your peace, bro, because I'm going to do it. Literally, he got mad at me. And I was like, why didn't you be a man and tell me? You still had feelings for her. I would have respected that. And he's like, I don't know. So that kind of started it all. I didn't know he had ill intentions toward me. And So whatever, we move past that.
And then like the CWA thing happens and we're drunk one night and we're on like Xbox Live or whatever. And like, I slip up for the first time ever being fucking arrogant and cocky. It comes on the news, CI director hack, blah, blah, blah, all this stuff. And I'm like, yeah, that was us, blah, blah. I was like drunk talking and just totally like, Gave myself away.
But I mean, I didn't think he would take me serious, I guess. Like, I don't know. I was drunk. But he did. And he actually reported me to the FBI. And then he told me that he reported me to the FBI. And I'm not going to name drop him, but he knows who he is. And that's some real scumbag stuff to do. Like, over that, like... I just could never imagine.
I would never do something like that to another person. I guess just, I don't know. So that's one prong. That's definitely maybe got them to look into me because of anonymous tip. The other one is the person in our group that I know was a snitch, but on what information was he able to collect about me? I don't know.
He was always posting weird links in our chat, you know, you know, like a URL shortener. So like, Could have done some sketchy stuff with that. I really didn't ever click on those. And the other one was... Julian saying that the NSA got involved and me knowing that I got hacked.
Yeah, so when they gave John Brennan's SF-86 form to Julian Assange at WikiLeaks, this really angered the Department of Defense. And Julian somehow got word that the NSA was aiding in the investigation. So Julian told Default to be careful. Then one day, Default's computer started acting up. Something wasn't right. It was crashing and glitchy.
And he looked at the network traffic and saw some connections to Langley, Virginia, where the CIA is based out of.
I knew I was hacked. My computer was acting crazy. It was having weird connections. Shut it off. I was like, fuck. And so I shut it off for a while. And a couple of days go by. One day. And on the second day, I turn it back on. After I get home from school and like... Start decrypting it. Takes like 30, 40 minutes. Okay.
But I noticed when I got home, there was a black van or a suburban sitting across the street. And I didn't think anything of it. And also, now that I remember, very, very, very sketchy people had moved in across the street. This little house. And they just sat on the front porch smoking cigarettes, looking at my house nonstop. So...
like literally minutes after my desktop decrypted and came online they came in like what are the chances of that like literally waited and waited usually they bum rush you like right when you get home or you're in the house or you're like somewhere they can confine you in a space and what it is probably is they waited for that to come on and ping whatever remote controller they had whatever server it was connecting back to
to verify that my desktop was unencrypted.
What happened? Did they knock on the door? Tell me about that incident. No, dude. They definitely don't knock on the door.
Okay, what'd they do? They definitely don't knock on the door, bro. They kicked that shit in. They hit it in with a fucking ram. And all I heard was FBI search warrant. At your dad's house, right? Yeah. And I just like... Before I could, all I had to do was pull the plug and they had submachine guns pointed at my face and I like blacked out.
He had his computer set up in such a way that if he disconnected the power to it, it would re-encrypt his hard drive. He just needed to grab the cord and pull it. But when you're sitting there at your computer with assault rifles pointed at you, don't think you're going to reach for that power cord. So at gunpoint, he had no choice but to let them seize the computer.
They had it all. And I knew I was fucked. I was like, there's so much data on there, they're going to have a field day. They don't even know what they have yet. But I know. So I pretty much knew it was over at that point.
They pulled you out of that room and someone else went in there to start taking your computer. I mean, they can't unplug it and take it. They know they've got to collect it.
No, they immediately hooked up something to flash copy my hard drive. Yeah. And Secret Service was there as well because I think someone hacked Donald Trump's website or some shit. We had no idea about it. They were like, they assume you're lying about everything. They're like, come on, you know about that. I'm like, I honestly literally have no idea what you're talking about.
Why would I hack Donald Trump's website? I don't give a shit about Donald Trump's website, bro. But I guess Secret Service has got to get involved. So I'm sitting across from BJ Kang and some very stereotypical, tall, muscular Secret Service agent like boating down on me, like asking me if I'm part of HTP and like, where's Nakash? And I'm like, dude, like, I don't know what you think this is.
Like, it's not going to go down like this. And I think they were like doing a coordinated attack where they were like raiding us all at the same time because they didn't want anyone to be able to notify each other. It's true.
Around the same time, Krakow was also raided by the police, but it turned out he was living in the UK and he was a high schooler. So they took default straight to jail. Police just weren't sure how dangerous he was and they didn't want to take chances.
I think due to the nature of this, they likely did time it so that when his computer was online, that's when they would raid him and capture as much evidence as they could. How they knew his computer was online is a mystery to me still. Were they looking through the window? Did they hack into his computer and wait for it to signal out or something? His theory is that they did hack him.
His computer was now in the hands of federal authorities, completely unlocked and decrypted. And, well, the stuff they found on there was clearly enough to convict him of many crimes.
Screenshots that you had taken, Bandicam videos.
Oh, God, that was the dumbest thing I ever did.
But how did they get the videos if you never posted them?
Because, like, literally, like I said, like, I... basically did all the heavy lifting for them because like i'm obsessive compulsive with like archiving data stuff that probably shouldn't be archived like oh i think it'll be cool to record me doing this crime and i'll look back on it later um and it'll be safe because it'll be on my encrypted hard drive well
What if your hard drive is not encrypted? And then now they have literal irrefutable proof that you recorded yourself committing a crime that they would have no idea you had anything to do with.
There was one device in particular that he watched them take, and he knew what was on it, something that was very important to him, so important that I just imagine, as he watches them walk off with it, that his world just goes quiet and almost becomes slow motion. But he couldn't say anything and just watched them take it, because this was a secret.
One of the things they took from me was one of my external hard drives, which I wanted back very, very much so. What it was is my Bitcoin wallet. I had a lot of Bitcoin on there, man, like almost a thousand Bitcoin.
They had all the evidence they needed to convict him. He knew it. There was no way to get out of this. So he pleaded guilty. And the judge sentenced him to five years in prison.
Was prison rock bottom for you?
Oh, yeah, for sure. I got in trouble for exposing...
uh the prison that I was at and how they weren't adhering to any COVID policies and it's like open dorms so it's like if COVID gets in here from one of these guards like everyone's gonna get COVID people are gonna die and y'all are still like coming in our rooms and like touching all of our shit and flipping everything upside down it's like so I recorded all this with like a phone I had and sent it to some reporters I knew
And of course, someone told on me. And the next day, SIS came and scooped me up and took me to the SHU, which is solitary confinement. And from there, they weren't letting me back on the compound. And they weren't shipping people because it was lockdown, full lockdown because of COVID. So I spent a year back there, a year in solitary confinement.
It's the hardest thing I've ever done in my entire life. And there was a lot of people back there that unfortunately killed themselves because it's extremely psychologically testing to be locked in this tiny little cell 24-7. You don't get out at all. Even in the worst prisons in America, the penitentiaries, you have to let them out at least one hour a day. It's called 23-in-1. We didn't get that.
It was 24-7. for 365.
He read a lot of books in prison, learned about the importance of morals from an Italian gang, and picked up stock market trading skills from a stockbroker. And when he got out, he was banned from the internet entirely. It was part of his probation for a while. Same with Cracker. Cracker was banned from the internet for a while too.
And he ended up with a two-year prison sentence, even though he was only 16. But all that time has passed now, and both of them are out and back online. Default struggled to get back on his feet. He couldn't find a job, especially being banned from the internet, especially having a felony record. So he eventually got into trading stocks and cryptocurrencies.
He's still doing this now, and he feels like he's good enough to make a living from it.
Just sharing my story with people, I think is, you know, not just because it's an interesting story and people enjoy listening to it, but I think there's a lot of net positive results and things that people can learn from this that maybe they're not in prison or they're not going to prison or whatever, but they're at a low point in their life. It's like, look, dude, it's not the end of the world.
Literally, you can bounce back from anything. You can change your life. You decide who you want to be every single day. Just because you made some mistakes doesn't mean that that determines who you are and what your character is as a person.
You know, something I keep thinking about while listening to this story is digital privacy. And I'm not going to go on another rant like I did in the last episode. But in this case, government officials were doxxed. These guys stole their information. They used it against them and then published it to WikiLeaks.
How does someone come back from getting their private information published to WikiLeaks? I mean, I'm looking at John Brennan's SF-86 form right now. It's still there on WikiLeaks, and it's the very first hit on Google when you search for it. Everyone knows everything about him. It seems like anyone should just be able to do a password reset on him, you know?
I mean, you could impersonate him over the phone because you have all his information. You can essentially be him, the director of the CIA, because we all have all his information. It's possible for someone to get a new social security number. It's not easy. You really have to prove to the social security office that you're in danger.
I bet government officials at this level might be able to skate through that whole process easier. And I think it's easy enough to get a new phone number and email address. It's not so easy to just up and move to a new house, though. But that's doable. It's possible to change your name, too, but what's the point of that when you're a public figure?
And that doesn't fix any of the problems of knowing all your previous addresses and who your neighbors were, your past employers, your friends, date of birth, hometown, height, eye color. See, I think with all the doxing going on in the world, I wish there was a simple way to just burn your identity and start fresh.
Hell, I'd even be interested in doing it yearly myself, just to always keep distance from whoever might be trying to track me out there. And everyone is trying to track us. I wish I knew what John Brennan did to recover from this. I didn't reach out to him because I assumed he wouldn't want to talk about it because it would just be giving away more of his private information.
but I feel like we need a better system to help us, the regular people out there. When we get in this situation, private information is not a thing of the past. We still need our privacy, but I think what might help is just better tools to stay private in general. You want my address?
Oh, sorry, I only give out my proxy address, a post box that receives mail for me, opens the letters, and then sends me pictures of those letters. You want my phone number? Oh, sorry, I only give out burner phone numbers. You want my social security number? Um, no. I don't give that out to anyone. Oh, what? It's for my security clearance? Sorry, that's not even a safe place to give it.
Didn't you hear about what happened to John Brennan? These pieces of information on us are important that they remain out of the public view. Yet time and time again, they get into the public view. And it's not just from doxing. Data breaches, companies sharing your data, or you just giving your information to the wrong people.
I mean, for instance, I had to give my social security number to buy Bitcoin. And now the CEO of that company that I gave my social to is in prison. So who knows where my data went? So I think we're way overdue for a better system to protect our most important data. I think we need to stop giving it out to just anyone who asks for it.
I mean, I was at the store buying bananas the other day and they were asking for my phone number and my zip code and all this stuff. I think there needs to be fewer situations where we need to provide it. I think we need to be less reliant on our private information as a way to authenticate it's really us. And I think we need a way to recover from situations where it's been completely exposed.
Which I think with the Equifax breach, most of us Americans have had our private data completely exposed anyway. I think this is a problem that needs to be solved. And while I think some solutions are out there, it's piecemeal and complicated. I don't see anyone doing it holistically right now.
Something that still rattles around in my head from this story, that hard drive that the Feds took, it still has his Bitcoin wallet on it. The Feds never got access to that Bitcoin. It's still sitting there untouched. And they still have that hard drive and won't give it back. And the reason they kept it is because it has evidence on it, data that he stole from various places.
He asked them, just take what you want off it and give me back the drive. But they refused. 1,000 Bitcoin still sits on that hard drive. 1,000 Bitcoin today is worth $25 million. Just imagine $25 million sitting in some storage locker in a federal building and the feds have no idea it's there. So it sits for years and will probably one day be destroyed by some lowly computer technician.
A big thank you to Default for coming on the show and sharing this insane story with us. Like this one, I was like, wait, what? Like so many times. It's just unreal. If you like this episode, you should probably check out episode 109 called Team Poison. It's another story that was sort of running alongside this one in parallel and sort of same time and place of the internet.
Okay, what housekeeping is... Oh yeah, a lot of you are telling me you're finally caught up and have listened to all the episodes. If that's you, I want you to know there are 10 bonus episodes on Patreon. You can support the show and hear more stuff if you want. Go to patreon.com slash darknetdiaries. My favorite online hangout these days is the Darknet Diaries Discord.
We have 17,000 members, but I can squeeze you in. So come on. Just go to discord.gg slash darknetdiaries and come say hi. This episode was created by me, the slow Loris Jack Reciter. It was assembled by the corpulent porpoise, Tristan Ledger. Mixing done by Proximity Sound. And our theme music is by the mysterious Breakmaster Cylinder.
I tried teaching my mom how to build a PC, but all we did was make my mother bored. This is Darknet Diaries.