How can we protect ourselves against criminals who have been social engineering their entire lives? As we kick off season three, we’ll talk to Brett Johnson, a former fraudster that built up the first organized cybersecurity community, who now shares his strategies on how to help protect the average person from financial crime.
The United States Secret Service called Brett Johnson "The Original Internet Godfather" for his role in refining modern financial cybercrime. Brett was convicted of 39 felonies, placed on the US Most Wanted List, escaped from prison and built the first organized cybercrime community, Shadowcrew. Shadowcrew was a precursor to today's darknet and darknet markets, and laid the foundation for the way modern cybercrime channels operate today.
Today, Brett is considered one of the leading authorities on cybercrime, identity theft, and cybersecurity on the planet. He works hard to protect businesses and consumers from the type of person he used to be.
Hear the rest of Brett's and Nicole's conversation by visiting actimize.nice.com/podcast
Want to learn more about The Original Internet Godfather? Visit his website.
How can we protect ourselves against criminals who have been social engineering their entire lives? As we kick off season three, we’ll talk to Brett Johnson, a former fraudster that built up the first organized cybersecurity community, who now shares his strategies on how to help protect the average person from financial crime.
The United States Secret Service called Brett Johnson "The Original Internet Godfather" for his role in refining modern financial cybercrime. Brett was convicted of 39 felonies, placed on the US Most Wanted List, escaped from prison and built the first organized cybercrime community, Shadowcrew. Shadowcrew was a precursor to today's darknet and darknet markets, and laid the foundation for the way modern cybercrime channels operate today.
Today, Brett is considered one of the leading authorities on cybercrime, identity theft, and cybersecurity on the planet. He works hard to protect businesses and consumers from the type of person he used to be.
Hear the rest of Brett's and Nicole's conversation by visiting actimize.nice.com/podcast
Want to learn more about The Original Internet Godfather? Visit his website.
Welcome to Let's talk fin crime, the show where we explore the human side of financial crime. We cover not only the big industry trends, but how you can truly protect yourself and your assets. Hey, everyone, I'm Nicole Luber. I'm one of the hosts for season three, I work at nice act demise on the fraud team. I'm based out of New York, I work with all of our customers and prospects talking about fraud and financial crime on a day to day basis. And for season three, we're going to do something a little bit different. Over the next six episodes, you'll hear from a few voices from around nice atomize as we have conversations with some of the most interesting people in the financial world. So you'll hear from me and some of my other colleagues across this season. And to kick off season three, I have the pleasure of talking to Brett Johnson, Brett has a quite an interesting backstory. He's a former US Most Wanted cyber criminal, and was even once described by the US Secret Service as the original internet godfather for his role in refining modern financial crime. He's now come over to the good side and works to share his knowledge of cybercrime identity theft and cybersecurity. Brett, thanks for joining us. Maybe you can introduce yourself a little bit more before we get into you know, some of the your backstory and you know what we're going to talk about today. Sure, Nikola, first of all, thank you for having me on. I truly do appreciate it and introduce myself. I mean, you said it. United States Secret Service called me the original internet godfather. Yeah, yeah. I mean, how do you get a title like that? Well, I'll tell you how you get that title 39 felonies, a place on the United States most wanted list. I escaped from prison. And I built and ran the first organized cybercrime community, it was called shadow crew. It was a precursor to today's dark net and darknet markets laid the foundation for the way modern financial cybercrime channels still operate today. Now, needless to say, I went to prison, there's no doubt about that. That usually, you know, usually that's where the story ends. You know, the guy goes prison. That's it, you're done. I was very fortunate through my sister through my wife, Michelle. And then finally, with the help of the FBI, I was given the opportunity to turn my life around, I took it. And today, today I lead a blessed life that I probably don't deserve. But I want to tell you what, I'm damn grateful to have it. Great. Thanks, Brett. And he talked a little bit about that history. And he talks about it coming to, you know, coming to an end, can you dive a little bit more into how the fraud and the cybercrime eventually came to an end for you? Sure, you want me to start at the beginning? Or you want me to start at the end? It's all way out there? Um, yeah, let's start at the end a bit. Um, you know, what motivated you to kind of move over, you know, to the good side, and, you know, mentioned a couple of people in your life, but you know, how were you able to kind of make that transition. You know, what happens is, is when you go to prison, when you're released, you go to prison with a certain set of tools, you know, whether you're a drug dealer or a financial cybercrime guy or a bank robber, or whatever, you have a set of tools with which you enter prison with. All right, and what they don't tell you is is that you leave prison with the exact same tool set, which you came in with. That's that's the truth of the matter. So with me, and I did escape from prison. I don't really think of it as escape. I think of it as the institution can no longer benefit me. So I decided to release myself on my own recognizance. And of course, that got me even more time I was sad at the thought I'll never catch me three weeks later, they've caught me and they've given me more time. But the thing is, is what got me turned around, like I said, 39 felonies was what I pled guilty to if I'd ever taken it to trial. I don't know 70 100 felonies, something like that. But I pled guilty to 39. What got me turned around is the reason I mentioned the escape. I was married for nine years. And during that nine year span, I lied to my wife every single day, every day, took her three years to figure out I was a criminal. The next six years were me telling her Oh, I've stopped No, I will stop. I mean, I'm going to stop. You like spending the money, don't you? Until she figures out. Well, hell he's not about to stop. So she leaves me but what happens is on my escape, Denise hadn't talked to me for a year. On my escape. I'm called shortly after the escape. My dad comes to visit I'm in a county jail in Lexington, Kentucky. My dad comes to visit again 10 minute visitation. He's like son, Can I do anything for you? I'm like yeah, dad. You can tell my sister I said I love her. Dad gets on the phone calls to nice tells her Denise is in Hickory, North Carolina. She gets in the car and drive Seven hours pregnant. That comes to your dumb ass brother for 10 minutes to tell me she loves me. And after that, they moved me out and I don't get to see her again for I think five and a half years at that point. That's the first tournament that took me. It took me two years behind the fence for me to really accept responsibility I had. I've been the guy that had always said, Well, I did it for my family. I did it for my sister from a wife from a stripper girlfriend took me two to about two, two and a half years for me to realize No, no, you You broke the law. You victimized all those people because you chose to grant. And so I got out in 2011. no taste to breaking the law whatsoever. could not find the job. So I was on three years probation couldn't touch the computer. I kind of realized why. But couldn't touch one I had a job offers from Deloitte from no before from a couple of payment processing companies. couldn't take them got where I was applying for fast food jobs. No, that's a computer. Okay, what about a waiters position? No as a computer and credit card, idiot. So I couldn't get a job I was. I was borrowing money from my dad and my sister had a roommate that took care of half the rent with me. I was on food stamps so I could eat. And they tell you when you leave prison, I call everybody and they tell you hey, once you get out there, you get yourself a job and find something you care about. You won't recidivate Well, what happens is you can't get a job. So what I cared about I had a cat and had enough money to feed the cat didn't have enough money to buy toilet paper. So what's the Dollar General bulk gas and food on way out they had a kiosk or toilet paper on it as first crime I committed right there. And what happened was is about that same time, Michelle, my wife now she she rounds me up. I was I had a friend post some stuff on one of the dating sites. So she responds to and we start to see each other and date I ended up moving in with her. About two months after that finally got a job. The only job I could get was manual labor, pushing the lawn more 10 hours a day. $400 a week, five days a week. And I was busting my ass. I mean, I was I hit him so hard. I'd come home in the evening, lay down, pass out, wake up the next morning, take a shower, hit it again. But But I was happy doing it I was I was actually doing something you know. And what happens is is it gets cold. We were in North Florida got cold grass doesn't grow when it gets cold. That reason I break law it's it's always been. It's always been not. I've not been able to to help you be healthy in a relationship. It's always been loved by buying some sort of expensive crap or just going overboard in the relationship. So the job ended Michelle's on when we're constantly going well, Hell, I got to do something got to do something. So I figured well, I can bring food in the house. So get on the dark web. I stolen credit card and store it or start ordering food, get caught go back to prison for 10 months at my sentencing on that. Yes, this is not my first go around. At my sentencing on that. Michelle was their probation officer prosecutor US Marshals and the judge. Michelle stands up, she's telling the judge how I'm a better father to her kids and their actual father, his probation officer and the prosecutor stands up. And they're like, well, we think he's a good guy. We think it's a one time thing. The judge gives me 10 months. And that's when I found out that that's what I found out the show didn't need me for what I can give her. She just needed me for me and I had had that with my sister. But I've never had that in a romantic relationship. So I do one time, do my 10 months get out and we get married shortly after I get out. I'm off probation. So I can touch a computer still can't find a job. And when I say I can't find a job. I mean, I can't find a job. They tell you that. If nothing else, you can sell cars. No, not if you're the guy who steals all this money, you cannot sell cars. So couldn't get a job. And I know to this day, even today, I know what it takes for me to go back and commit crime. And I knew that I'd go so far at that point. I go right back to him. So I looked at Michelle and I was like, let me see what I can do. So I've signed on to LinkedIn reached out to a guy named Keith malarkey, this FBI super cop out of the Pittsburgh Office. He retired about a year and a half ago, and I sent him a message I was like, Hey, man, I think you did a great job with all these investigations. You were outstanding, no hard feelings. By the way, I'd like to be legal. And the guy who responded within two hours took me under his wing and the references advice does that to this day. And that's the turnaround today. Like I said, I lead a blessed life. I truly do. I mean, the FBI was the first group that really gave me that incentive to that credibility. I guess you could say that that you can do this Brett type mentality. From there. It's ahead of the identity theft Council. He gives me a chance CNP group Beyond as a keynote speaker, Microsoft hires me as a consultant. And it just goes from there. Today I speak across the planet, have a couple of podcasts working on a couple books, couple TV shows as well. Like I said, I lead a blessed life, I'm not sure I really deserve it. But I try hard every single day, to protect people in businesses from the type of person that I used to be. Yeah, thanks for sharing that. With us, Brett. And you touch on a couple of things that I actually think will lead us back to kind of that beginning of the story you mentioned, you know, what really motivated you in the beginning to, you know, get into this, you know, crime. So maybe you can talk about, you know, what you've now realized was that motivation, how you first you know, got started, and I think people will be interested to understand, you know, kind of how you originally got caught? Sure. So, excuse me, it's important to realize that for online crime, especially financial, there's only three motivations, status, cash ideology, that's it. That's it, it's its status, you know, you're in a group of some of these cyber criminals, and some of these groups are a million members large. So can you do something that no one else can do? Can you deploy ransomware? Can you build ransomware? Can you launch a DDoS? attack? Can you take stolen credit card details and defraud apple or Amazon when no one else on the planet can do that? If you can, then you gain the respect of every single person within your group. So status matters, that type of ego challenge matters. ideology, someone have a different belief system that you have you pissed someone off, but most of the time now, audiology is coming up pretty quick. I think these days that people realize that, that audiology is the most important, but it's still cash is king. You know, me it was cash. It was cash. Everyone that I knew was cash. I mean, I, I say it's what I could do with cash except that show love by love, but it was cash. That was the motivator. So if you look at my history, I began my life of crime at 10 years old 10. So I'm from Eastern Kentucky, Eastern Kentucky is one of these areas like the panhandle of Florida, parts of Louisiana that, you know, if you may, if you don't have a job, and there's a lot of people who don't have jobs, you may be involved in some sort of scam, hustle, fraud, whatever you want to call it. My mom, my mom, that entire side of my mom's family. We're fraudsters. Now my mom is she did and she didn't know any boundaries. This is a woman who at one point, she stills a 108,000 pound Caterpillar de nine bulldozer transit down the street. at another point, she takes a slip and fall in a convenience store tries to sue the owner. We had a neighbor she acted as a pimp for that's my mom. My dad was not that way. My dad was he was a captain in the army. He was a helicopter pilot. He was a good man his problem. And it was a problem. My dad's problem was he loved my mom so much. That if she had an idea for something, he would cosign it. If she wanted to abuse someone, him, me, the kids, my sister, whoever, he would let it go on. And she was abusive. I mean, she could be physical. Absolutely. She could be physical but our heart in our heart was in the emotional, the mental, verbal, the negligence, everything else. She used to bring men I talked about this all the time, she used to bring men home in front of my dad. My dad would sit there and cry. Do it, and she'd do it anyway. Finally, she leaves him of course, she leaves. She leaves him was and it's I'm 10 my sister Denise is nine. We moved from Panama City back to hazard Kentucky. And she kept up those party in ways sometimes she'd take me and my sister with her she'd leave us in the car. Sometimes we'd wait in the living room. Most of the time we stayed at the house and she'd be gone for days at a time. And like I said, I'm the guy who I get the worst parts from from my mom and my dad that from my dad, I get that fear of being abandoned. From my mom, I get the criminal mindset that I've Yeah. So I'm the guy you know, mom's gone. I post up at the window some you know, look outside see if he's coming home worrying all the time. As she goes she Okay. Is she okay? Sometimes to walk out on the streets if she's driving down the road. Denise though Denise is like that. nine years old Denise is just an angry, angry child. So this one time mom had been gone for a few days. We didn't have any food in the house. Denise walks in she's got a pack of pork chops in her hand. And I mean, you know what time that is? She ain't got no money. She's got a pack of pork chops. I'm like, where'd you get that? And she's like, I stole it. And I'm like, show me how you did. So she takes me over she shows me how she stuffs food down her pants. So we start stealing food and we get to the point where we want a sandwich. Well, you can't stuff a loaf of bread down your pants but there's a Kmart across the way. So we go into Kmart and I shoplift a hoodie so we can put a loaf of bread down On the sleeve and then as in you know as K Mart's got other things you know they got books games during music. So we start stealing and all that mom comes home sees the new Intellivision because it's back then that's that's his atari and and television days. Mom comes home sees the new and television there sees all the stolen stuff the refrigerator school. Where'd this come from? I stand up, try to lie about how we found it. Now you didn't find that. Denise stands up. We stole it. My mom looks at my sister. Show me how you did that. And she she joins us as as I say that as a friendly euphemism. But the truth is she ran us as a little shoplifters. We were distractions. She calls her mother. And its grandmother mom, me and my sister taking these road trips to shoplift, they I'd go to the bookstore and steal books. They'd go to JC Penney's and steal clothes and jewelry. That's where my life of crime began. And I'm not saying you know, some people may think, well, he's blaming that on his on his raising No, no, my sister had the exact same upbringing that I had. Other than that one shoplifting experience, she never breaks the law. Again, she goes off to be a great parent, a teacher, just a great citizen. To me, I'm the guy kept on going. And then the reason I say this is it's important to realize that that that bridge between physical crime and online crime as I kept going, I got more involved in the types of scams and hustles that my mom and dad entire side of the family was doing. So I grew up knowing how to do document fraud, charity, fraud, insurance fraud, how to traffic drugs, how to do breaking and entering and how to fake a stolen car, fake an accident, arson, all these other things. I knew how to do that. So I branch off on my own 1994 branch off on my own, I fake a car accident, to get the money to get married, moved from hazard Kentucky to Lexington, Kentucky, to go to UK. And that's where everything starts to branch off into cybercrime at that point. So yeah, I mean, it was, you know, a lot of people try to separate online crime from quote, unquote, real world crime, and you can't really separate that. One of the interesting things that I've noticed over over the last few years because I do a lot of introspection these days, is most skilled, most of these experts cybercriminals that are out there. They're also very good social engineers. They became social engineers, as a child, out of necessity, I did that. But somewhere along the way, once you reach adulthood, some of your some somewhere along the way, you make the choice to use those tools that you've developed for survival in order to victimize people. That's exactly what I did as well. And that's one of the interesting things that you see about cybercrime is that most criminals, most online criminals are not, they're not computer geniuses, they're not hackers. I don't even use the word hacker. But they're very good social engineers. You know, 98 99% are just very good social engineers, they know how to use the technology and psychology to manipulate you into giving up information access and data, cash those four things. Yep. And thanks for sharing that with us. You know, obviously very interesting, you know, backgrounds and story and you know, we're we're happy that you're on this side of it and sharing some of that knowledge with us. I'm so that's a great place to actually take a short break. We'll be right back. Are you part of a financial institution interested in sophisticated AI powerful analytics and intelligent data, catch up with nice atomize engage live on demand to hear from industry experts and exciting keynotes as we work together to fight financial crime? Visit nice ACTA mize.com slash engaged to watch for free. Okay, we're back with Brett Johnson, former US Most Wanted cybercriminal term good guy. So you touched on a couple of you know, different to the financial crime and you know, the concept of online crime and you know, how you moved into that, you know, wanting to talk a little bit around, you know, from, you know, your average citizen today, you know, what, you know, what scams and crimes Could they be targeted with? And, you know, what are some things that kind of an average person who isn't aware of financial crime, you know, what can they do to, you know, protect themselves and their, their loved ones from some of these scams? Sure. So, what scams are you probably being targeted with well, out of the gate identity theft, what you have to realize is that all forms of financial cybercrime have some element of identity theft, you have to I mean, if it's a credit card, you know, what can happen is is credit card fraud, credit card fraud is very big right now. So you're buying someone's stolen credit card information. So I go on the dark web or I can go on telegram, and I can buy your credit card details for roughly$10. So for $10, I get the card number, the expiration three digit security code, victim's name, address, maybe email address and phone number as well. All right, that's $10. Now, depending on the ban of the card, and for those who may not know the bins, the first six digits of the card, the bank identification number tells you the type of card and the bank that issues in Alright, so one of the bigger bands is 4147303 is what it is. It's a chase signature. It's been one of the major bands for criminals to use over the past. Hell, it's 21 over the past eight or nine years. I mean, it's criminals love that, Ben. All right now i can and the reason I love it is comes with a high balance, you know more wealthy people get the card, it's a rewards card, people travel on the card, everything else went out of the area orders not really questioned a high charge once the cards received not really question as well. It's one of those cards that criminals really like, alright. Now here's the thing, though, even though that card may be issued with$15,000 available balance on it, if I just spend $10 for the card, and try to order, you know, go to Apple or Amazon or Microsoft Store or something like that and try to order$8,000 with a product, it's not going to happen. Why? Because you've not taken over the account of the car to maximize the potential of the card, you need to take over the entire account to do that, especially the United States. To do that you need a force if you LLC the complete identity profile of the victim. And this is where this identity theft gets into this into play. All right. So everything in United States is based on kba knowledge based authentication, that's security questions that are asked, When you open an account when you change details on account anything else, what populates that tends to be Experian, Equifax, that type of thing, or some sort of sort of crawler that's scraping things off of Google and whatnot, the Oh, Cynthia, Open Open Source Intelligence. Alright, it's very easy to get that you can make it on your own or you can buy it. And the reason I say this, now, I'll cut that short because I guess we may get into how to build a fools here in a little bit. But the reason I say this is that a lot of people out there tend to think that there's something that they can do to make sure that their information is not compromised. That ship has already sailed. Last year alone, we had 2953 breaches of those 2953 breaches just reported breaches, we had 56 point I'm sorry, 57 point 6 billion with a B, billion records compromised just last year. All right, everyone's information is available. Period, everyone's information is available today, I can go to the dark web, or I can go It doesn't have to be the dark web, I can go to the surface web, I can put in www dot Robo check.cm, then I can buy your social security number for $6. For $6, I get your social, I get your date of birth, all right. Everyone's information is available doesn't matter how rich, how poor, how educated out and educated, how unimportant how important you are, your information is available, we have to accept that. We have to because once you accept that, then you can ask the question, well, since my information is me, if a criminal gets it and use it, what can I do to make sure that he can't really do anything with that information. And fortunately, there are things you can do. September 18 2018, credit freezes became free, free. So that's the first thing you freeze the credit of every single person in the house, including children, because children are the number one victims of identity theft, for one and for 25% will be a victim of ID theft. That's synthetic fraud, tax fraud, medical fraud. So you freeze the credit of every single person in the house, you have to realize that a credit freeze only stops new account fraud. That's great for kids. For adults, we got all those bank accounts and credit cards and everything else those existing accounts. Credit freeze doesn't stop fraud on that. So you have to monitor those accounts, place alerts on those accounts as well. If the accounts like a Discover card or something like that, discover cards got a $0 alerts, he places$0 alert there that way. If a criminal buys your information on the dark web or telegram or some channel like that, he pings the card just to see if it's alive. You get an SMS a text message saying hey, someone's trying to use your card, then you can then do something about it. So that's that's the first two big ones. Freeze credit monitor place alerts, credential stuffing. That's the huge one right there because 80% 80% of every single person on the planet uses the same password and login across multiple websites, everyone at 80% how I do it, I use a password manager and I still do. Everybody does that. The problem with that is this whole idea of phishing, so so I can send out a phishing email that looks like it comes from one of these huge banks. your level of awareness, because it's dealing with your money, your level of awareness may be high enough that you're like, Oh, that's obviously a phishing email. I'm not about to fall for that. But what if I send out a phishing email that looks like it comes from one of your streaming services? Is your level of awareness going to be as high? No, it's not. But if you're using the same credentials, login and password, if you're using those same credentials, it's an automated program, Little Billy in his mom's basement, that christless sandwich matrix background flowing in the back, he goes to sleep, he's inputting your credentials in the program, while he's asleep, is trying to log into 1000s upon 1000s of different websites, he wakes up the next morning, he's got your bank account, he's got your streaming service, he's got your credit reports, tax records, everything else. So because of that, what I say is, is right now the answer is a password manager don't care which one you use, I truly don't. But use a password manager, those three things, freeze credit and monitor accounts, place alerts, Password Manager, make sure that you as an individual are not the lowest hanging fruit on the tree. It's a good neighbor policy, I want to be a good neighbor, I'm gonna send these groups my other neighbor down the street. That's what that is. And unfortunately, it's true. You know, you're trying not to be the lowest hanging fruit, because if your motive if a criminal is motivated by cash, he's not going to take the time, or the effort it takes to get someone that's better protected than someone who's not. Yeah, that's, that's very helpful. And I think a reminder to all of us, especially on the passwords, I think some of that rings true to me as well. I know we all do it. And so you, you know, you talk about that, you know, the amount of data that has been stolen and compromised. I mean, it's staggering when you you know, talk about billions of records. You mentioned, a couple of ways of criminals, you know, access it, one of which is a dark web. Can you speak a little bit more around, you know, the term dark web is brought up a lot, but I don't know, if everyone sort of really understands, you know, what's on there who's on there who accesses it he know how that works at a high level? Sure. So realize that the dark would have did not always exist. When I started by life of cybercrime. The dark web wasn't there, we use the surface web. So if even for those who may not know, and there's not, there's these nice graphics of icebergs out there, which I hate, you know, you could use even make that into a drinking game. Anytime you attend a presentation on the dark web and show you an iceberg. You just take a swig and you're drunk for long is that. So looking at the Internet, the stuff that Google can find is, we'll call that the surface web, that's three to 4%. Alright, three to 4%. The other 96% will call the deep web. That's the stuff that Google can't find. That's things that are behind a paywall. That's your emails that your bank statements, that's all these things, anything that doesn't have a web address, that's the deep web. Now the United States Navy, back in the day, back in the 90s. They created this thing called the Tor Browser, the onion router, alright, they created it, so that operatives could communicate with each other without being identified. Alright, they if they had an operative in a foreign country, they needed to communicate with some other operative in that country, they could use the Tor Browser. What it does is it wraps your IP and multiple layers of anonymity, encrypted everything else, and it comes out and it takes a lot of work a lot of computer power to figure out who the hill is really using that system. All right. The Navy decides to make an open source. Now someone forgot that the first adopters if you're dealing with something that allows you to remain anonymous, or you're dealing with something that will enable you to launder money. The first adopters are criminals. So the Tor Browser goes open source and I remember I was working with a secret service and I was an informant for them for a while. I was working with Secret Service. And we got these memos about Tor warning about it. So of course we travel over to Tor and we're we're using it and everything else. And back then it was really unusable. No one had built any websites on it or anything else like that. It was just to surf. Surf anonymously. Alright. So it was unusable. It was so slow because there weren't many people on there. See, the more people who use Tor, the faster it gets. Okay, back then very few people were using it. So you, you put in a URL, and it would take three, four minutes for it to pull up the page. Now it's not like that now it's much faster. And now you can build websites that hide by Behind tours anonymity and everything else. So the first adopters are criminals. Now, what's interesting is is that Tor gets it's called the dark web because of criminal activity, not everything on the dark web is criminal activity. You have research papers on there, you have research sites on there, The New York Times as a page on there. Basically, it's used and what open source with the idea that people in foreign countries, they could get past their country's firewall by using Tor. Or you could have whistleblowers they could get could report things without being identified. You know, it was released with a good intention. But the road to hell is paved with good intentions. So criminals are the first adoptees to this, then they figure out well, hell, we can build websites and hide the server box while hiding the server box matters. It matters a lot, because if you can't get that box, you don't know Who the hell's using it. And the thing is, is as long as you're using Tor properly, and that's a huge caveat, because a lot of people don't understand how to do it. But if you're as long as you use it properly, you're pretty anonymous. Okay, so what happens is is gos open source criminals adopted the first real site to really take advantage of it is ran by a guy named Ross Ulbricht he opens up a site called the Silk Road. Now there were some criminal activities certainly going on before that. But Silk Road is the first time we see a dark web marketplace that really is successful. Its other claim to fame for Silk Road is the only payment instrument that Silk Road allowed was a Bitcoin and remember I told you, it's if you're looking at laundering money, if you're looking to stain anonymous, the first adopters are criminals. So of course, everyone that's committing crime starts to buy bitcoin and that's one of the reasons I like blockchain, I think blockchains outstanding technology. It'd be great if we can ever figure out what to do with it other than laundering money. But, you know, it's it starts with criminals. Now, now bitcoins at $50,000 it broke$50,000 today, for the second time since Maya did that. But I mean, this is this idea of the power of crime. All right, so silkroad Rasul brick is arrested, he's arrested the Public Library in San Francisco, they confiscate 24, back then it was $24 million worth of Bitcoin. Today, it'd be several 100 million in Bitcoin, probably over a billion at this point. But that's his whole idea. So that's what the dark web is. And the size of the dark web, no one knows. No one knows. Because you can't index it. A lot of the sites are up for a while, and they closed down for a while. So it's very fluid as well. estimates range from Well, it could be 4% of the internet or it could be 10%. Again, no one knows but it's it's it's a very you can find anything there. You can you can find anything. I'm the idiot that at one point said you know, you hear all these news stories back then you four or five years ago, you'd hear news stories about well there Hitman on Hitman on the dark web, and I was like, oh, there's no Hitman on the dark web at some idiot saying that, until someone was charged with being a hitman on the dark web. So you can find anything there are there are these there have been accounts, the charges rather of these red rooms where they torture children, they there's drug trafficking, there's financial cybercrime, there's, there's really anything that you want. But there's also legal things that go on. Now, that being said, I'm not quite sure. If you're not engaged in some sort of legal activity, I'm not quite sure why you'd be over there. Unless you're investigating it, you know, doing research on it and things like that. But that's the dark web. I don't know what else to say about it. Other than that, no, that's, that's very helpful, I think, um, you know, kind of brings to light for our listeners, you know, what that really, you know, what some of these technologies that criminals use, I mean, touched. Yeah, let's say this as well. So and this is kind of important. Okay. So when you're dealing with the dark web, the dark web criminal activity, typically you've got a marketplace or you've got a forum. All right. So and that's what that's what shadow crew did, as far as its claim to fame. Shadow crew provided this trust mechanism for criminals to use. How do you How does one criminal trust another criminal when they don't know their name? have never met them don't know what they look like anything else like that? They only know screen name. The thing is, is that you have to you must work with other criminals to make cybercrime succeed. To do that, you have to trust them. And the way that shadow crews solve that is it gave a large communication channel that forum type structure it gave a vouching System Review systems. It gave escrow Systems everything else built for the sole purpose that criminals needed to establish trust among each other. Now the reason I say that is we've we've kind of underwent a change. Now as far as dark web activity that still exists exactly like that. But now you've got a new kid on the block called telegram. Well, still, criminals have to work with each other, and they have to trust each other. What's interesting, if you look at telegram is that the way the trust mechanism works differs. Trust is established much more rapidly on telegram. And it's not it's not as solid trust as what you'd have on the dark web on the dark web. Once you once you, once a vendor or criminal establishes trust within that environment. His name is made completely throughout. No one questions that on telegram It doesn't work like that trust is established on telegram through the rapport of the people that he's chatting with. That's that's typically the way that trust is established on telegram, which means that trust is not really as solid as it is on the dark web. But the amount of business that takes place on telegram and the the way, the fluid nature of it. And the rapid nature of it Is it far surpasses the dark web in many aspects. And I just wanted to point that out that that trust is important, not only with the good guys, but the bad guys. And it differs depending on where you're at and how you're engaging with criminals. Yeah, no, that's, you know, it's really interesting in it, it was make me making me think you talked about trusts. You talked about criminals, you know, working together, can you speak a little bit around? You know, why? You know, how criminals work together once they establish that trust? What types of, you know, do they share technology technique? See, now what what does that look like when it comes to collaborating between criminals and criminal organizations? So to understand that, you have to understand the three necessities of cybercrime for a cybercrime to be successful. Three things have to take place, you have to gather data, you have to commit a crime. And then finally, you have to cash it out. All three things have to work in conjunction, they have to work great if they don't, the crime fails, why even try the problem? And it is a problem. The problem is, is that one guy is not good at all three things he's good at one thing sometimes too, rarely three, like me, I'm good at committing crime and laundering money. Very good at it, gathering data. I mean, I can do it. But why would I? If some other guy's better at it than I am. And this is what you see all the time. Okay, so you have the marketplaces, the sellers, you have some guy that's very good about stealing data, maybe doing a man in the middle attack, something like that, or a major heart attack, getting all the credit card information, doesn't have a clue, not a clue on how to use it, how to how to really commit credit card fraud, but he can sell the hell out of those numbers. So he gathers the data, or you have some other guy, maybe he's in the Ukraine, maybe he's in Brazil, or someplace like that. And he knows how to commit credit card fraud. I mean, he's good at it. Alright, so he's buying his he's buying credit card data off one of the sellers. He's getting at wholesale prices, and he can commit credit card fraud all day long. But the problem is, is that he can't cash it out. He can order products, but he has to rely on money mules. He has to rely on resharper somebody to really put the product in his pocket. So what does he do? He has to rely on those people. When I was running shadow crew. We hooked up with Ukrainians now back then, and the Ukrainians are the people who are responsible for modern credit card fraud as we know it today, a guy named script, his real name Dimitri Golubev, he comes over to us and he's got a problem. His problem is, is that they've got all the credit card details on the planet. But there were there have been so much fraud in Ukraine in the eastern part of Europe, that every single card was closed down, even if you were the legitimate owner of the card, you couldn't use it over there. They had shut everything down. So Dimitri comes over, because he can gather data, he can certainly commit the crime. But guess what, he can't put cash in pocket? No way. So he has to rely on other people. So he reaches out to the Americans. I bring him in and we start making or stealing a lot of money. And that's exactly what you see. With unemployment fraud. That happens recently as well. So you've got a lot of Nigerians out there. You've got Eli Ukrainians on a South American or South American criminals as well. Can they get the prepaid cards? No, we can't. If you're using prepaid cards, now they can use chime, they can use or they can use one of these banks, or an online process or something like that, to have the funds deposited. There's a lot of FinTech companies that were defrauded on unemployment fraud, but the thing is, is once they get that ATM card, where are they going to cash it out? If they're in the Ukraine, they cannot run the ATM, the card in the Ukraine because it will raise a flag if you've come if you've committed Unemployment fraud against California and you're cashing out in the Ukraine, you ain't going to get no money. So you got to rely on somebody stateside to do that money. So you're gonna, you're gonna get 40% you're gonna keep 60%. Alright, and that's again, these three necessities of cybercrime, gathering data committing crime cash now. So if you break it down gathering data that is stolen PII the bank accounts and logins, but it's also the tools. It's the VPN, it's the sock spy proxies, it's a spoofed phone numbers, it's the major card, it's the ransomware. It's whatever the tools are, that you need to commit the specific crime that you're going to commit, which is the second step. And then finally cashing out. And here's the thing, just because it's very easy. You look at a business email compromise, it's very easy to use a Unicode domain and trick some payroll department into sending $2 million to a bank account someplace. Does that mean that you've actually profited $2 million? No, no, you don't, you've not profited anything, until you get the cash out of the account. And that's a huge ass problem. Again, I'll reference the unemployment fraud. Nigerian still a billion dollars from the state of Washington, a billion dollars, they have a billion dollars wired and how did they actually profitability and Millie didn't, they profited about 300 million before the rest of it was recalled. So it's more than just having money deposited someplace, you have to be able to put cash in pocket. And again, that boils down to not everyone is good at that. So you have to rely on other people who know how to do it. In order to do that, you have to trust those people. So before shadow crew comes up, the only Avenue you had to engage in some sort of organized cybercrime was IRC, IRC internet Relay Chat, this rolling chat board, we had no idea who the hell you were talking to, if you could trust the person, if they had a product or item that for sale, they actually had it, or they were going to rip you off if it worked anything else. Shadow crew provided a trust mechanism, that large communication channel that forum type structure. Now someone with an in a different timezone could reference conversations days, weeks, months old. They knew by looking at someone's screen name, what the skill level of that person was, if you could network with that person, if you could trust that person. You knew you had vouching systems. So when you vouch for somebody, you actually assume complete responsibility for that person. If you say, hey, this guy's good. What that means is, if this guy rips you off, I've got you covered. I'm responsible for him 100%. So we had vouching systems in place. We had review systems in place. So someone buys a product or service, they would post a review. We had escrow systems. And I say if you're uncomfortable, we'll hold your money until you get your product and we'll release that and you see that in place today, Shadow crew provided that for criminals because you have to, for to be successful, you have to rely on other criminals, you have to and to write other criminals, you have to trust those criminals. And that's, that's the entire reason that you see, well, one of the reasons that you see cybercrime continue to explode and over the years, it's also become more refined. So cybercrime has its own platform now, cybercrime is a service so it becomes more refined, more efficient, and what you see time and time again, we know when we both shadow crew, is that everything needs to be open source, everyone shares and exchanges information freely. If you don't, you're not going to profit very well. But if you educate everyone within the environment, everyone profits more than a day and it's something good guys still have not done yeah, it's very interesting, you know, hearing a lot of the technology you know, involved and you know, the way it's you know, evolved over time you know, it's very similar to you know, what we see on the other side of things as well and kind of understanding the Social Business and Technology dynamics that exists between criminals are parallel to you know, what you see in business and people fighting the you know, the criminals and thanks for kind of giving us more insight into how all that works. Um, so thank you so much, Brett, for coming on, and sharing so much with us. If people want to get in touch with you or learn more about your work, how can they do that? Sure. So if you want to contact me directly for consulting for speaking for whatever you go to angler fish.com that's a n g l e r p is and Paul h II sh anglerfish.com. I've also opened up a brand new website cybercrime, 101 that's the number is one on one like the college course. cybercrime, 101 dot com, where you can get the latest cybercrime news, how tos everything else what I believe is, you know, learn what the criminals know. Get the tools you need to protect yourself or your business. Awesome. And then Thanks everyone again for listening please don't forget to subscribe. And also if you have an idea for a show, we'd love to hear from you. So drop us a line at podcast at nice atomize a CT. I am i z e Comm. And don't forget, we do have some bonus content for every episode available@atomise.nice.com slash podcast. And just again, I want to thank Brett, you know for being with us this was incredibly interesting. And I think you know really helped bring to light everything people see in the news here about financial crime and scams, but don't really understand how it works. And you know, we're looking forward to you know, seeing everyone on the next episode of Let's talk fin crime