Darknet Diaries - 139: D3f4ult
Episode Date: November 7, 2023This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made.SponsorsSupp...ort for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools.Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries.Sourceshttps://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-banhttps://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/https://archive.ph/Si79V#selection-66795.5-66795.6https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html
Transcript
Discussion (0)
Was this after you went to prison?
What was after when I went to prison?
You had a million dollars in crypto?
No, that was before.
I want to get into all that.
Yeah.
It's honestly a lot.
Okay, well, this is good.
I'm glad that your story is strange.
Well, it's made for a movie.
It's very long and strange.
And honestly, for me, I lived it and told it so many times that it's so normalized
yeah that i'm just like yeah i did this and that and i yeah i went to federal prison for five years
they're like holy shit and i'm like yeah i know it's crazy right okay it's um well then i'm
excited there's a lot to cover yeah i'm excited to do it. Do you want to start all the way?
You didn't give me any kind of reference for how you wanted to go about this.
So I just want to get a verbal confirmation for, I don't know, legal reasons or whatever.
It's okay to record this call to use on the podcast Darknet Diaries.
Is that okay with you?
Yeah, of course.
These are true stories from the dark side of the internet.
I'm Jack Recider.
This is Dark by Delete Me.
I know a bit too much about how scam callers work. They'll use anything they can find about you online to try to get at your money.
And our personal information is all over the place online.
Phone numbers, addresses, family members, where you work, what kind of car you drive.
It's endless.
And it's not a fair fight.
But I realize I don't need to be fighting this alone anymore.
Now I use the help of Delete.me.
Delete.me is a subscription service that finds and removes personal information from hundreds of data brokers websites and continuously works to keep it off data brokers
hate them because delete me make sure your personal profile is no longer theirs to sell
i tried it and they immediately got busy scouring the internet for my name and gave me reports on
what they found and then they got busy deleting things it was great to have someone on my team
when it comes to my privacy.
Take control of your data and keep your private life private by signing up for Delete Me.
Now at a special discount for Darknet Diaries listeners. Today, get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code darknet at
checkout. The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code darknet at checkout.
That's joindeleteme.com slash darknetdiaries and use code darknet.
Support for this show comes from Black Hills Information Security.
This is a company that does penetration testing,
incident response, and active monitoring to help keep businesses secure. I know a few people who work over there, and I can vouch they do very good work. If you want to improve the security
of your organization, give them a call. I'm sure they can help. But the founder of the company,
John Strand, is a teacher, and he's made it a mission to make Black Hills Information Security
world-class in security training. You can learn things like penetration testing, securing the cloud,
breaching the cloud, digital forensics, and so much more. But get this, the whole thing is pay
what you can. Black Hills believes that great intro security classes do not need to be expensive,
and they are trying to break down barriers to get more people into the security field. And if you decide to pay over $195, you get six months access to the MetaCTF Cyber Range,
which is great for practicing your skills and showing them off to potential employers.
Head on over to BlackHillsInfosec.com to learn more about what services they offer
and find links to their webcasts to get some world-class training.
That's BlackHillsInfosec.com.
BlackHillsInfosec.com.
Explicit content warning.
This episode has some language in it that might not be suitable for all audiences.
Okay. Hi. Welcome to the show. I want you to meet a fellow named just, well,
let's just call him Default. As a teenager, I was in Newport News, Virginia with my dad.
He worked for the government. So as a teenager, what was your relationship with the government?
Were you politically active?
Was your dad politically active?
No, not whatsoever.
I didn't pay attention to that kind of stuff when I was younger.
I was just a nerd, you know, liked to play video games,
was very active in sports, very active in sports, actually. I used to play like four soccer teams year-round
and was big into
like competitive video games like you know halo call of duty even like super smash bros
eventually if you're into gaming you stumble down the rabbit hole of like finding hacks to to increase your experience in the game,
whether it's modding or JTAGing or whatever it may be.
So as a teen, he was playing RuneScape,
and one day he got in an argument with someone in the game
who threatened to hack him.
And suddenly, his computer went to a blue screen.
And when it booed up after that,
that's what got him interested in hacking.
Since as far back as I can remember,
I've always had a very inquisitive mindset, like extremely.
I always questioned everything.
And not just questioned everything,
like I wanted to know how things work.
I'm like, why does this happen?
How does this happen?
This led him to understand that you can get computers to do things that you shouldn't be allowed to do.
And he got curious and wanted to learn more about how they work.
Then one day his mom grounded him.
Banned from the internet for a week.
Well, curious little default, tried to crack his neighbor's Wi-Fi.
And sure enough, was able to do it.
And he got back online.
That was like, it opened my eyes to the possibilities that I'm not even aware of.
I'm like, I want to know more about this.
My mom just took away my internet.
I just downloaded this program, hacked my neighbor's Wi-Fi, and I'm back online
within like 10 minutes. And to me, that was like so powerful. Like I took the power back from my
parents or whatever. And so I started delving deep into this stuff. An AltaVista search about hacking might have led you to a message board. And the
message board would have introduced you to hacker tools. And those tools might be made by a certain
group of people. And those groups would be present on IRC, a chat room. Getting in the chat room might not be so easy, though.
It might be invite-only.
So you've got to message the channel operators to ask permission to join.
But they'll deny you because they don't know you.
But you notice the person who denied you to get in is also in another chat room.
So you join that one to see what's
going on there. And you eventually find your way into some hacker chat rooms.
Now, the year was 2008. And being on IRC and in hacker chat rooms in 2008 was a very, very special time and place to be.
Those who were there will never forget those years.
In fact, the whole world will never forget what happened then.
This was the heyday of Anonymous.
And Default found his way right into the heart of it.
Like, even when I look back now at, you know, quote-unquote Anonymous,
I still cringe, but I still feel like it was necessary.
It was like a necessary stepping stone in the hacking collective, conclave, whatever,
to get to where we're at today.
It was necessary.
It was people congregating for similar belief systems
and standing up for something.
It had its place in time.
The anonymous chatroom was a hot mess.
The biggest disaster of a chatroom you've ever seen.
Whatever you can imagine is the most awful picture ever.
Double that.
And then spam it to the chatroom.
That's what was going on there.
Gore, brutality, pornography, vile and disgusting imagery.
It was kind of a hazing experience that you had to get through
in order to find your way deeper into anonymous.
Sometimes new people would be asked to eat a stick of butter or a tube of toothpaste on camera to prove yourself.
Because here's the thing.
Cops, feds, journalists, security researchers, and normies would show up in these chat rooms.
And if they pop in to see what's going on, and it's just full of gory imagery, a lot of them can't handle it. They might vomit even, and then just nope, right out of there.
Spamming the most graphic and awful pictures was like a firewall of some kind. But if you could
tolerate it, building calluses on your eyes, and start talking with people through the noise,
you might be welcomed
deeper into the pockets of anonymous. It was a double-edged sword. Yeah, we're all anonymous,
but so are the, you know, the feds that are infiltrating it that you don't know about.
So that's why all of the really elite programmers and hackers like spawned off into their own little small groups where they can like
vet the members and make sure that they're not, you know, like feds like, oh, well, go hack this
website and like basically commit a crime to prove to me that you're not a fed. Whereas anonymous is
just like, you don't know who's in here. This made the edges of anonymous even more fuzzy.
New groups were forming out of it,
and they had their own ideas and agendas.
And they'd look back at the anonymous chat rooms
and think, those cats are cringe.
We don't want to be affiliated with that stupid stuff.
Where our own group and IRC hacking groups
would come out of anonymous,
some were loosely affiliated.
Some were even anti-anonymous themselves.
There was infighting too,
doxing people from other anonymous groups
and other hacking groups.
It was a real mess.
Some other groups that were springing up in that time
coming out of anonymous were like LulzSec,
Team Poison, UGNANCI, HTTP.
And some people in these groups were getting arrested
and then working with the feds to catch other hackers.
Things weren't safe.
You always had to be looking over your shoulders in these chat rooms.
You just didn't know who to trust in there.
It became very obvious, like, we need to move more underground
and be a lot more selective with the individuals
that we're interacting with on a daily basis.
So I moved on to basically doing stuff myself and kind of becoming associates with other hacking groups.
Started learning from Team Poison, like MLT.
I actually knew Trick too.
I don't know if you're aware of who Trick was.
Yeah, in fact, I do know who Trick was very well.
I did a whole episode about him called Team Poison.
That's episode 109.
But the scene was so hard to navigate to know who to trust.
It almost became a thing that if you were hacking into stuff, breaking laws,
then you were trusted.
You must not be a fed if you're able to break the law.
Everyone else keeps them at arm's length.
Now the thing is, at this little time and place in the world,
hacks were happening everywhere you looked.
Some from anonymous, some from anonymous adjacent,
some from crews that were anti-anonymous.
But what was their motivation?
Some were politically motivated.
Some wanted to get revenge.
Some wanted to amplify a
cause or an idea. And if you deface a big website and write with big letters on the front page
something about your cause, it brings more awareness to it. Default was hacking into stuff
too. But what was his motivation? So I didn't really develop any kind of like altruistic
ideology for a little while. It was more just all
curiosity-based and
learning. I was obsessed with learning
more and more as much as I could
because I thought
it was so intriguing.
If I could shell this website
and then if I can root it and then if I can
get access to
all the other subdomains.
It was really just a bunch of challenges.
So I always was just pushing myself to learn new things.
Okay, I see.
He's interested in learning, and his crime is curiosity.
It reminds me of that scene from the movie Hackers,
which came out in 1995.
Listen.
This is our world now. The world of the electron and the
switch. The beauty of the bond. We exist without nationality, skin color, or religious bias. You
wage wars, murder, cheat, lie to us and try to make us believe it's for our own good,
yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. I am a hacker and
this is my manifesto. Huh? Right? Manifesto? You may stop me, but you can't stop us all.
Now, even though that's a scene from the 90s movie Hackers, that manifesto was actually written
in 1986, a full 20 years before Anonymous
would start making a name for itself.
Yet it feels like that's absolutely something
Anonymous would say.
So I joined into a group called Anon Ghost,
which there were some really competent people in there,
but as time progressed,
their leaders started becoming radicalized members supporting ISIS. So I had to
diverge away from them. And then I joined a group called Anonsec, which people, I hated the name
and wanted to change it because it got associated with An so much and i had like a disdain
for anonymous at that time like heavily because that's not where the most technologically
advanced hackers were at like none of them are in anonymous and that really bothered me that
some of our hacks got attributed to anonymous.
I eventually ended up taking over the group.
But that's I think that's where I started to get more politically motivated.
And we did a whole bunch of different operations. I think one of our first one was Operation Detroit, where they were having, you know, it's like really similar to the Flint, Michigan issue with the water.
But it had more to do with the corruption in the government there and the fact that they have a really messed up system for how their water is distributed.
OK, so this was a big deal.
Default and the crew he was in wanted to take out Detroit's water payment system.
Someone in the channel suggested
they hit the site with LOIC,
the low-orbit ion cannon.
And this is a basic tool.
You just point and shoot it.
But it floods the target IP with loads of traffic,
overwhelming it,
so it can't handle legitimate customers.
Sometimes it'll even drop dead from the flood of connections.
But then someone else is like, nah, screw Loic, that's lame, and it isn't safe.
Let's use Tor's hammer.
And so someone started passing Tor's hammer around the chat.
And this also floods the target with a whole bunch of traffic.
But it uses Tor to route all the traffic through it, hiding where the attack is coming from. So the members all fired this up and together launched an attack on Detroit's water
payment system. And immediately it went offline. No one could pay their water bill.
So that was like our first segue into like politically motivated stuff because it pissed me off.
And it was like,
we can actually do something about this.
It's like, okay, well, now nobody's going to pay you.
So you're not getting any payments.
So what are you going to do now?
And honestly, we kept that part of their web server down
for like, I think, two months. So I'm not really sure
the equivalent of financial laws that they had for that, but it was significant enough for them to
make announcements and changes and launch investigations into who was doing this.
And actually, one of the members of our group got arrested for this.
There's something empowering
about pulling off something like this.
You feel like the world bends to you and your whims.
There's a shift in control.
And that control can become intoxicating. it was just kind of like us sitting
around in our irc chat rooms and being like well what pisses you off or what do you hate and
remember somebody being like i can't stand pedophiles i think they're like the scum of
the earth and i was like yeah i think, I think everyone could agree with that.
I think everyone can get on board with this.
Pedophiles have been sort of hated universally within Anonymous.
In these chat rooms where anything was allowed and free speech rules, pedophilia was not allowed.
Which I've always been fascinated by that.
That's the common denominator that everyone
agreed on. It didn't matter what group you were in or political affiliation or cause that was
important to you. Pedophilia was wrong to everyone, which you might think, yeah, duh, of course that's
wrong. Draw that line. But why there? Why not ban pictures of murdered people or pictures of people having sex with animals
or pictures of torture?
All that was approved.
Hell, there was a video of two girls eating poo,
which was a real big hit in these channels.
Like nothing you could possibly present to this crowd
shocked them or made them care,
except pedophilia.
That was going too far.
So imagine, if you will, being a teenager,
having these hacking skills,
looking around for something to use it on,
and seeing that everyone hated pedophiles.
All the hackers on all the channels,
the cops even, the normies.
There was even a TV show called Catch a Predator
where they'd set up sting operations for pedophiles.
It felt like if this is who you wanted
to try to hack into or mess with,
the universe was on your side.
It felt like what you were doing was right in every way.
It was helping the world, and nobody would say you're wrong.
Yet at the same time, hacking feels so counterculture and rebellious.
This is a powerful cocktail to be mixing up as a teenager.
You can go onto the forums where they don't post and it's all text.
And you find out where they're messaging people,
whether it's on AOL or whatever it may
be. And then you get their handles and then you go, you know, create, you know, all accounts and
then interact with them, kind of like set them up basically. And then you send them a file like,
hey, oh yeah, I'm, I would love to hang out yada yada yada i get
they're all excited and then like here's a picture of me or here's a video of me and you
put some malware in it and you know it could be very simplistic just i just need a port i just
need a back connection into this guy's computer and then just download
everything that he has and get all of his location data and pretty much docks the guy
and then just send it to his local authorities and we would check up on these people and a lot
of them would get arrested um and it felt good, you know, like you making a change in the world, making the world a better place.
Like, you know, people preying on children.
It's just like, it's one of the worst things that somebody could ever do.
Getting pedophiles arrested meant getting respect among the hacker groups, which meant getting more members.
Things were progressing for them, and their hacks got bigger.
This is one of the ones that I think I'm the most proud of, I could say, was Operation Denmark.
So bestiality was not banned in Denmark.
Okay, that's generally banned everywhere so i guess a lot of sickos were taking advantage of
this lack of you know laws against bestiality there there was literally dens and like private
places you can go and people's like animals were going missing and they were ending up in these like they called them dog brothels so sick it's so crazy
and i had a dog so that really pissed me off just thinking about the fact that like
what if you know being a trying to be objective and be like what if someone took my dog and that happened to my dog I would freak out so we I think we took down the
official Denmark government website and then we actually defaced it you know and
said did you know that your government allows bestiality and there's bestiality dens where people can go and pay money to do these
things to animals and most of them are like people's pets and a lot of people weren't even
aware of like the average person was not aware of that because they're just going about their lives
so i it everyone freaked out and it was like all over the news.
Jeez, mate, you got me fact checking the weirdest stuff in this episode.
Okay, so he's right. In 2014, it was legal in Denmark to have sex with animals. And there
was some weird ass animal sex tourism going on over there.
Because like a year earlier,
Sweden and Germany banned sex with animals.
So it was like a weird moment where some places it was illegal
and some it wasn't.
And yeah, shortly after this hack,
Denmark changed the law.
They made sex with animals illegal.
And I can't tell if this hack
had anything to do with the laws changing,
but the timing is very coincidental.
Now, stuff like this, hacking into places, making the news,
and getting people arrested and stuff, it's like a drug.
Yeah, the sleep schedule didn't exist.
And I would be lying if I didn't say it was exhilarating
and gave you a sense of power. didn't exist and it is I would be lying if I didn't say it was exhilarating and
like gave you a sense of power and you know you start to crave that that rush
of serotonin is just like you know you get so worked up and you you you're like
this is so awesome this feels great know, not only are we doing something good,
but it's exciting.
And I want to do it again and again.
And sometimes, like,
it's almost like you're chasing a high.
And that can, like, lead you off the trail.
Let's take a quick ad break,
but stay with us because when we come back, we're going off the trail. Let's take a quick ad break, but stay with us because when we come back, we're going off
the trail. This episode is sponsored by NetSuite. What does the future hold for business? You don't
know? Me neither. But what I do know is that you don't have to be months ahead of your competitors
to be more successful. Just a few days or even a few hours can work wonders.
So until someone brings you a crystal ball, NetSuite can give you an advantage.
More than 38,000 businesses have future-proofed their business with NetSuite by Oracle.
It's a cloud ERP service and one that I'd be using if I needed the help.
NetSuite brings accounting, financial management, inventory, and HR into one fluid platform. When you're closing the books in days, not weeks, you're spending less time
looking backwards and more time on what's next. Whether your company is earning millions or even
hundreds of millions, NetSuite helps you respond to immediate challenges and seize your biggest
opportunities. And make use of real-time insights and forecasting, allowing you the opportunity to
look into the future with actionable data. Speaking of opportunity, download the CFO's guide to AI and machine
learning at netsuite.com slash darknet. The guide is free to you at netsuite.com slash darknet,
netsuite.com slash darknet.
Okay, so default was on a path.
He didn't know where the path was taking him,
but he already made his way through Anonymous
and into different hacker groups.
Anonsec was the group where this first exciting stuff was happening.
He kind of took over that group.
But do you realize there's a whole infrastructure to these hacker groups?
There's like data stores to keep records of like the stuff you collected
or the passwords you've cracked.
And there's a tool shop to quickly grab hacking tools and how to use them.
But to build on that infrastructure, they decided they needed to build a botnet.
A botnet is just having control of a bunch of computers.
You typically try to infect a huge swath of IPs and hope that a bunch of computers get infected and become under your
control. But the reason why they wanted a botnet was to route their attacks through it. Instead of
malicious traffic or connections coming from the non-sec members themselves, they set up this botnet
to pipe their traffic through someone else's computer to get to their targets. But when you infect a bunch of computers with a botnet,
you start to get curious.
What are these computers that are in our control now?
So all these different devices that are part of the botnet,
you know, just like going through and like seeing where they're at
or, you know, what they have access to.
And some of the stuff that randomly would just get popped would be like an apple tv um an iranian ymax base station for like
cell phones one of these servers belong to the windsor university this is a medical school
and you know you just pull it up and i start looking and i'm like oh This is a medical school. And, you know,
just pull it up and I start looking
and I'm like, oh, this is some kind of
institution, university.
So, pull up
the URL, check the domains,
go to the homepage
and
you know, can easily
access the admin panel.
And once I log in, just pull up the finances of all the people and all the debt they have.
I saw a screenshot of this.
He was in the admin panel of the university.
And there, in front of him, was a list of all the students who owed money to the school.
And it all added up to $9 million.
And he started to think,
could I, should I mess with this?
These people might, you know,
really enjoy having their slate wiped clean, as it were.
If you look, some of them owe a substantial amount of money,
you know, like $70,000. I think some people owed like upwards of like over $100,000. It's a lot of money,
you know what I'm saying? It's like perpetual debt that sometimes it just lasts for decades.
There were 391 students listed here. He scrolled to the bottom of the page. And there was a button.
Delete all?
Why was there a delete all button?
I have no idea.
But there it was.
So, um,
just deleted everything.
I went into the PHP
shell and just like sent everything to
DevNull and just like shredded it.
So whatever I sent there is just not coming back.
Wow, crazy.
How do you feel after that?
You feel good, you know.
Whenever you can make a positive impact in people's lives
and the power of doing that remotely from your house
is just like, it's almost intangible.
The amount of power you can exert over the internet,
it's something that your average person
just will never understand.
Default kept going further down this path,
getting into place after place.
And the places he was hidden were starting to really add up.
I mean, literally anything from banks.
Like I said, Apple TVs.
We landed inside the Netherlands defense gateway.
Like, what?
Y'all have the default SSH password set?
Like, you just haven't done anything with it?
Okay, cool.
More schools, School of Computer and Intelligent Systems,
host providers.
That was really cool.
It was honestly like a goldmine
because we could literally just keep spinning up
virtual private servers whenever we need.
It's like free web hosting, free storage space.
Stumbled across a weird NSA Skynet program
on a Cirrus Aventure server
that also was co-hosted with the US
Air Force. Super weird
stuff. We're sitting
on an admin login panel
for Coinbase, which had access to
hot wallets. Very scary
stuff. Thankfully
we didn't do anything with that.
The Twitter and Facebook
zero days, it was both just like
a four-digit pin reset.
Now, each of these have their own story,
and I've listened to him tell me some of these himself,
and they're insane.
And I'm sorry I can't include them all here.
But I do want to stop at the Facebook login exploit he had.
I became kind of obsessed with having
the tightest object that I could have
because I didn't ever want to get caught, obviously.
And that kind of led to my arrogance also of being able to...
Literally, I got to the point where I thought I'd never be caught
no matter what I did.
And that just opened the door
for doing anything hacking-wise.
I didn't care if it was Facebook or Twitter,
which we had a zero day on,
and could access anyone's account.
What they did was get a Facebook username
and then try to log in as them,
but then say, oh, I forgot my password.
And at the time, Facebook would then send you a four-digit code to your email that you had to type into the site to prove it was really you.
Because after all, if you had control of the email that was registered to this user, it must really be you, right?
Well, it was a four-digit code, which means there's about 10,000 possibilities of what it could be.
And these guys learned that they could just keep
submitting codes to Facebook over and
over and over, cycling through all the
possible four-digit codes until they
found the one that worked. And they could
do this pretty quickly, too, and
just reset anyone's password
that way, and then log into Facebook
as them. I mean, we got
into big accounts. I got into Seth Rogen's
account, got his
cell phone number and
called him just to tell him that
I love his movies.
And he was like,
who is this? And I was like,
I'm just a big fan. You're hilarious.
He was like, click.
Completely deactivated
his cell phone like 10 minutes later.
Cardi B before she like really blew up.
Chief Keef, which he was like honestly really cool about because we gave him the account back.
Like we gave all these people the accounts back.
Like we had no malicious intent.
It was just fun.
It was like a challenge. So while all this started out as fun and a challenge,
over time it morphed. I mean, how can one feel this kind of power and then watch the news and
see everything wrong in the world and decide not to use this power to make change?
I mean, it really is like a superpower to just topple over a computer or get inside a system that isn't yours.
With great power comes great responsibility, right?
I think it was the Snowden release that just kind of set me off.
Where he was talking about the prison program
and how literally it's not a conspiracy
that people have been saying the government is spying on everyone.
They're like, oh, you're conspiring?
It's like, nope, actually, you could see here
through these very classified documents
that they are literally ragnetting every single packet in the United States.
And they've co-opted all of these companies through the PRISM program.
And all of your data is ours.
And we're building a giant storage facility to keep all this forever.
So if you ever become a potential threat to us, we'll know everything about you.
So it really just set us off and kind of just gave us this mentality like okay so
basically you're hacking all of us so we're going to start targeting y'all and start showing that
we can do to y'all we all are doing to us also and that nobody's immutable and we drove that point home very hard like literally sat around and came up with lists
of high level individuals in the intelligence community and then just started targeting them
one by one what what the hell they made a list of people to hack into that were high-profile members of the intelligence community?
This just went up to 11.
I, okay, at this point, I mean, I'm fascinated by this because I'm always surprised how high-profile people in government pretty much dox themselves, right?
They give their real name and talk on TV, and they have a phone number to their office, email address, physical address. All this stuff is public information. We know who their
boss is. Chances are there's a Wikipedia article on them listing all this, or there might even be
a whole biography written about them. And yeah, I always wondered, doesn't that make them extremely
vulnerable targets for attacks? Ah, I am so glued to the story right now.
Okay, let's back up a second.
At this point, Default has left AnonSec,
which didn't affiliate itself with Anonymous at all.
In fact, they were anti-Anonymous.
But Anonymous seemed to get credit for everything they did
since it was called AnonSec.
So he was sick of that and left.
But he knew people in this little pocket of the internet.
And a group that he thought was doing some cool shit was CWA.
And this stood for Crackers with Attitude.
And the head of CWA was a guy named Cracker.
Started talking to him and we just like,
we're on the same page about being really pissed off about the government and also a lot of the things going on in like the Middle East.
Just a lot of injustice in the world.
Just kind of, kind of just like pissed off, you know.
I wanted to like direct that somewhere for like greater good, as it were.
So he starts hanging out with these folks from CWA and joins in on their hacktivism.
And that ended up exposing the lack of security
within our own government.
We are very vulnerable
and the people running the show
are not practicing proper operational security
whatsoever either.
So we're going to show the world this
and it was actually really easy.
Like it was not super advanced.
Most of it was just social engineering.
And then taking that initial social engineering information we gathered and pivoting and leveraging that information.
Who was one of the first ones you targeted?
It was James Clapper.
Yeah, James Clapper was numero uno.
And he's the director of national intelligence.
What the hell?
This would be a strong no for me.
I would be out.
You can't attack the head of U.S.'s intelligence agency like this
and expect everything to be okay.
I mean, I don't care how good your OPSEC is.
Hide behind five VPNs.
Use your neighbor's Wi-Fi.
Use Tor.
Move to an underground
bunker. It doesn't matter. If you make it personal, they'll make it personal. They will find you.
But at the same time, defaults with seeing stupid stuff on the news. Listen, this is James Clapper.
What we do not do is spy unlawfully on Americans, or for that matter, spy indiscriminately on the citizens of any country.
We only spy for valid foreign intelligence purposes as authorized by law
with multiple layers of oversight to ensure we don't abuse our authorities.
The Snowden leaks clearly proved otherwise.
The NSA was grabbing metadata
off of millions of Americans' phone calls.
This is spying on regular, good-standing Americans.
And to hear James Clapper say otherwise
meant that some were accusing him of criminal perjury,
lying under oath.
This enraged default and Krakow, our leaders were caught in a lie. What more can we find on them? But Krakow was the one who acted on this. I believe
he acted alone, actually. Krakow got into the online account for James Clapper's internet and phone service.
Somehow from there, he was able to get Clapper's wife's social security number and posted that publicly.
Then he routed all the calls coming into James' phone to a free Palestine hotline.
Krakka posted proof of all this to Twitter.
I gave him a head nod.
Like, dude, that was a sick hack.
Like, respect. Like, started talking to him. Like, dude, that was a sick hack. Like,
respect. Like, started
talking to him. I was like, that was awesome.
You really exposed this guy. James Clapper
was actually not the first person from the
intelligence community that CWA
hacked into. Their first was
Homeland Security Secretary Jay Johnson.
Krakow got into his
Comcast account somehow,
and Default was seeing all this and chatting more with Cracker.
So we just started to actually sit down and think of different people that we should hack.
Together, they teamed up.
And you know what? I'll just let Lester Holt from CBS News take it from here.
Good evening. Did a high school student really manage to hack his way into the personal email
of one of this country's top spy bosses? Federal agents are urgently trying to answer that question
tonight after what appeared to be private and possibly sensitive information was posted online.
Given the high profile of the target of the attack and the relatively low-tech method used,
it's both a disturbing and cautionary tale that NBC's Pete Williams picks up from here.
The apparent victim isn't just any American or government official.
It's John Brennan, the CIA director since 2013 and a longtime key player in the U.S. intelligence community.
A man who says he's an American high school student
claims he hacked his way into Brennan's personal AOL email account
by fooling Verizon and AOL into revealing enough information to reset the account password.
Hello, guys, this Twitter account is going now, the apparent hacker says,
posting what appears to be an actual spreadsheet of names and emails
of current and former intelligence officials.
The hacker blanked out their social security numbers.
The hacker also says he got into the Comcast billing account of the Homeland Security Secretary, Jay Johnson.
This was the personal email account of Brennan, not his government account,
and it appears no classified information was compromised.
Okay, so tell me how you got into John Brennan's account.
John Brennan's account, if I remember correctly...
Okay, you know what? I'll help you out.
I mean, the year was 2015.
Who remembers little details like this from eight years ago?
My research shows that they first found John Brennan's mobile phone number.
And they did a mobile number lookup and discovered he was
a Verizon user. So time to put on the ruse. They were going to call up Verizon, pose as a technician
on site trying to help out a customer, John Brennan, but for some reason were having trouble.
So they called Verizon asking for help on his account. Verizon is like, what's your employee code?
They made one up, and it worked.
The support technician at Verizon asked,
well, why can't you just get into the account yourself?
And they said, the tools are down,
and we need to get this going quick because the customer's waiting.
So the support technician was like, okay, sure, I'll help.
What do you need to know?
And this is how they got John Brennan's Verizon account number, his four-digit PIN, a backup mobile number to his account, the a step further? Well, they know his AOL email
address, which when you log into AOL, the username is the email. So they had John Brennan's email
username, but not the password. Well, time to call AOL. So they called AOL, this time acting
like John Brennan.
Hi, I've been locked out of my email account.
Can you help me get back in?
Sure, Mr. Brennan, but I'll need to verify it's you.
Okay.
Can you tell me the last four digits of your credit card number?
Why, yes.
Yes, I can.
Because they had this information from the data they got from Verizon.
Clever, clever.
And so when they gave this information to AOL,
this let them reset his password and get into John Brennan's AOL email.
On October 12th, 2015,
they gained access to the inbox of the director of the CIA.
Whoa.
They started looking through his emails,
reading one after another,
looking at attachments sent.
One attachment had a list of U.S. intelligence officials
which included their social security numbers.
Why in the world was John Brennan using his AOL account
to send emails that included social security numbers of U.S. intelligence officials?
This is such bad OPSEC.
Why, director of the CIA?
Why?
You know better.
I think it just goes to show that no matter how much you know about privacy and security, we're still human and screw up this whole security thing.
This AOL email account had not only stuff about the war in Iraq and Afghanistan,
I have no idea why he also had his SF-86 form in there.
Ooh, this is no good. The SF-86 form is the form that you fill out to
apply for secret clearance, which means it has your entire background listed clearly in the form.
Social security number, email address, telephone number, place of birth, aliases, passports used,
prior addresses, names of your neighbors, what school you went to, place of birth, aliases, passports used, prior addresses, names of your neighbors,
what school you went to, your military history, past employers. It's everything on a person.
And now default and cracker had it all. So you call to reset password and it does not matter
if you sound like a 14-year-old girl on the phone. You got the CI director's social,
like, you have to be him.
I mean, I don't really have a choice but to reset the password for you.
It was over.
Unreal.
And Krakka's just posting this stuff
straight up to Twitter as Krakka.
And it wasn't just these two guys and CWA.
There were some other members there for the ride,
but Default was suspicious
about one of the members in CWA. There were some other members there for the ride, but Default was suspicious about one of
the members in CWA. He had somehow eluded capture when he was involved with other groups that
mysteriously went down after he had joined them. Also, there's a lot of psychological flags, like
red flags, just like trying really hard to befriend us.
You know, it was kind of like weird, kind of obvious.
And then when I actually like publicly called him out,
he became a completely different person.
And that was just another confirmation.
It is hard to understand, you know, fully my train of thought of thinking that we would get away with this. But after some time, we knew that we weren't going to get away with it.
So we just like mashed the gas.
And we're like, you know, let's hit as many as we can before it's over.
And it did, like, really, they had to issue a memo
because they were probably terrified because it was vast.
It was, like, upwards of, like, 10 or 11 people,
all within, like, CIA, FBI, White House, DOJ, Department of Homeland Security,
Quantico, and then defense contractors. So that was, it was pervasive and, you know, far-reaching
to like all arms and subcontractors of the intelligence community to like they were like what is going on
yeah we're actually like calling some of these people too by the way we actually i actually
called i called john brennan on his cell phone like what'd you say to him i told him he was a
piece of shit wow and he asked how much money i wanted i said i don't want any money
i want you all to stop being so corrupt and committing crimes whilst prosecuting people
for the same stuff y'all are doing like so hypocritical like basically like y'all are
awful people like really like you're not doing any net positive things for the world.
You're just not.
And he was like audibly like shaken up.
I could hear it in his voice.
Well, I mean, just a random phone call is not going to be that big of a deal.
But did you say I've also got access?
It was his personal cell phone number. We read his social security number to him.
You know, if you get a random phone call on your private cell phone number that nobody except for
a select few people is supposed to know about, and some random kid reading you your social
security number, I would imagine it's a pretty jarring
experience. They were so relentless that people started going into hiding. At the time, the threat
level was literally unknown. He was very stressed out. It's like the extra security they had to hire
to relocate the CIA director and then the deputy director of the FBI to a secure location because they didn't know
at the time what the threat level was. They had no idea who we are, what we were,
what we were affiliated with, what our purpose was. We were some kids, literally,
and just pissed off at the government, but they didn't know.
At some point, they got into Amy Hess's account. She was the FBI executive assistant director
for science and Technology.
Like once you log into the portal,
you can see the connected TVs.
And honestly, it's like,
I think it's hilarious
because I think it reminded me
of like something out of a movie,
like Hackers.
So we played that movie.
I think what they did here
is they called up Comcast
pretending to be her and get her password reset.
And yeah, it worked.
And once they got in her Comcast portal,
they were able to control her TV at home.
And they just started playing the movie Hackers on it.
This is a problem with connected and smart devices.
You're not the only one who can control them.
Amy claimed she suffered from psychological damage from this.
And once they got into someone's account
and messed around there,
they just went down the list to the next person.
Jenny Psaki, the White House spokesperson,
I literally just, I took that upon myself
because she was calling Edward Snowden a traitor.
And that triggered me so hard.
I was like, I have to hack this lady.
Like, I know that maybe these aren't her words and she might just be reading off of like a sheet that, you know, they want her to say.
But like, I couldn't stand to hear that kind of stuff.
So these guys were just ripping through
all these high-level people's accounts.
It was insane, the people that they were able to breach.
But at some point, the two started talking and realized,
wait a minute, we have all this information
on U.S. intelligence members.
What databases do they
have access to? And this turned their attention to LEAP, which stands for...
The Law Enforcement Enterprise Portal, it had the information on all FBI agents in the United States,
like personal information.
So somewhere in all this, they hacked into Mark Giuliano's accounts. He was the deputy director of the FBI. And using his information, they were able to leverage that to get into Leap, which I don't know. This just seems crazy to me that this can even happen.
Because why is this Leap database
even accessible from the internet at all?
Yeah, and I think because they have agents all over,
they could have taken security measures,
but I think it would have been too much trouble for them.
I'm like, y'all just like really don't care.
That sentiment right there is what I think fueled default to go further.
This idea that the U.S. government thinks that there's some elite hacking force
able to break into anything and steal anything,
yet has a database of FBI agents'
personal details on a public website, which is vulnerable to a teenage social engineer
to be able to get into it? They wanted to put their thumb right in the eye of the government
and make it hurt. How can we trust you with our private data if you can't even protect your
federal agents' data? Why is the Department of Defense hacking into things instead of defending their own network? On top of that, why is the world even like this at all?
Why is security so bad everywhere that the intelligence community can't even secure their
own stuff? So Default and Cracker got into the Leap database and downloaded all the information
they could on as many FBI agents as they could. Okay. But what are you going to do with this?
You know, hit up WikiLeaks.
And it was Julian at the time running the account.
And he's very interested in it, obviously, as he always is.
And it happened very fast.
You know, he was handed it over, and he published it all,
including his SF-86 form and the documents about the war in Iraq and Afghanistan,
along with the leaked data.
It's still on the WikiLeaks website, if I'm not mistaken.
The CIA director's personal emails posted by WikiLeaks
after cyber criminals said
they'd broken into his AOL account. I don't think WikiLeaks posted any of the stuff from the Leap
database, but they sure did post John Brennan's information. They got into other databases too.
Jabs, the joint agency booking system, everyone that's put into that from county, state,
and federal level in the prison system.
Yeah, okay. So any person who's put in prison is in this system. And they found access to this
very useful. They were doing things like looking up other hackers that were caught and keeping an
eye on them, like trying to figure out, did they become informants? But also they were suspicious
of some of the other people in CWA, and there might be an informant within them.
So access to this system was kind of like a way to run a criminal report
on anyone you wanted very quickly.
So they were just downloading stuff from these databases and looking through it,
and that's when they found in these databases,
there was a bunch of information about the Miami-Dade Police Department.
Let's talk about Miami Police. Yeah, that was another one, the Miami-Dade Police Department. Let's talk about Miami Police.
Yeah, that was another one. The Miami-Dade Police, at the time, I really didn't care.
I just like, that was towards the end of the run. It was just like, all bets are off.
You know, it had gone all the way down the rabbit hole. I just become very disillusioned with
people's complacency
and their lack of care for what was going on.
So it's like, we're going to bring attention to this
with chaos and mayhem.
So what happened to the police department?
Now we got your motive.
What did you do?
Oh, well, we dropped their docs, pretty much.
This time it wasn't WikiLeaks, though.
I'm looking at a tweet here, which has a link to Pastebin.
And in there is a list of 80 Miami police officers.
Their name, title, phone number, and email address.
Like, me and Crack are talking and we're like both like physically like shaking
because it's like
terror and excitement
at the same time.
You're like,
I'm accessing a top secret database.
Holy shit.
I'm going to get caught.
But this is exhilarating.
I don't really like,
like, what do I do?
It's like, okay,
we're going to drop this database. Okay, what else are we going to do? It's like, okay, we're going to drop this database.
Okay, what else are we going to do?
It's like, I'm about to get the fuck off this thing.
At the time, Cracker was just a teenage high schooler,
but Default was in his 20s.
Yeah, I think I was like 23.
And what was home life like?
It was terrible, really toxic.
You know, I live with my dad.
Living there was really bad, which I think kind of like fueled some of this.
Just like no oversight, no real father figure to like tell me what to do and what not to do.
It was just like, bets are off.
I'll do whatever I want.
Really, it became like my whole life.
Hacking really did.
It was like, go to work, come home, hack.
Go to work, come home, hack.
It was just all it was.
It got to the point where I estranged myself from all my friends.
And they didn't know why.
Because I never told them.
And you can't.
That's just part of it.
It's this very lonely existence.
Especially if you're committing all these crimes
at that time I had a significant
amount of money in Bitcoin and I really
just that you know that was actually
a key factor in like all of this
like money was no longer an issue
so now what
you know like 22 years old
and you have several million dollars
yeah let's talk about that then so how'd you
get those several million dollars in crypto. Yeah, let's talk about that then. So how'd you get those several million?
Literally, mining and buying since 2011.
I was so early to getting ASICs.
I was like, oh my God.
And these things were like 30 to 40 times more powerful
than the average graphics processing unit at mining Bitcoin.
So yeah, started mining a lot of Bitcoin.
So John Holdren, I have written down here
that someone tried to swat him.
Yeah, not me.
I have no idea.
Honestly, I don't even remember him getting swatted.
So the idea was posing as him to call the police from his phone
and then getting saying there's a violent incident here and then them come into his house
dude that pissed me off so much that that even got attributed like somewhat to me because
technically a conspiracy is if i know about someone committing a crime and don't instantly go tell on them, I'm complicit.
So it's like, because I was in the chat room with one of the people
while they did this, now I'm a party to the crime.
I'm like, what the fuck?
I don't even want to be a part of the swatting.
I hate that shit.
People have died from that.
There was some sort of current.
There was an undercurrent of people online at the time
that you were mixed up in
that was also very involved in this sort of thing.
Talking about Anonymous, for example.
Anonymous was always calling out injustices of the world
and threatening this and that
because people were just being evil.
And it felt like being part of that was the winning side.
You're doing what's morally right.
And I don't know if that exists today.
I think today we've kind of lost that pulse.
The empathy is at an all-time low.
Just caring for your fellow man and the bigger picture.
But people have just become very complacent
and would rather just be content with the way things are.
And that's a dangerous road to go down
because while that's going on, I can assure you that the NSA and the Five Eyes and all these other people that are colluding together are not being complacent.
They're actually getting more aggressive with the spying and the hacking. And I think it was like Rule 41 passed,
where it's like, they can just literally hack people now.
They don't need to go physically kicking your door.
No, they can just hack you.
And I'm pretty sure that's how I got caught,
is that the NSA got involved,
and I know I got hacked two days before I got raided.
Well, let's talk about that.
So how do you think the...
How did they catch you?
It's threefold.
There's three things that contributed to it.
Because the official shit that they say is so fucking hilarious
because I never used my home IP address.
I had a giant Wi-Fi satellite dish that could reach up to a mile away.
Okay.
So I was usually using the Dairy Queen that was like a half a mile away,
had free Wi-Fi.
So their bullshit answer of, oh, well, we pulled Twitter logs and he had his IP in it.
Like, no, I didn't.
I've never fucking used my home IP address on that Twitter account
like that's why I bought this
so I would never do that I was
so overkill on my obsec
it was a process
like literally my hard
drives for my desktops had to
completely de-encrypt
which took like 30 to 40 minutes
and
then I don't have like internal Wi-Fi cards
in my laptops or anything.
Like I have to like connect it to stuff.
So it's not like automatically connecting
anything around me.
Super paranoid, dude.
Like, I mean, you kind of have to be.
And then after that,
I'm connecting through Tor nodes in my botnet.
I think it was threefold. that, I'm connecting through Tor nodes in my botnet. I think it was
threefold. One, I know was a contributing factor, 100% because he told me. One of my friends,
who I thought was my friend, and this is crazy, over a female, of course, what had happened was I ended up hooking up with a girl and I had asked him prior to this I was like do
you mind it's like you dated her a while ago whatever do you mind if I like hook up with her
talk to her whatever he said no I was like okay well I asked you so like you know speak now forever
hold your peace bro because I'm I'm going to do it.
Literally, he got mad at me.
And I was like, why didn't you be a man and tell me?
You still had feelings for her.
I would have respected that.
And he's like, I don't know.
So that kind of started it all.
I didn't know he had ill intentions toward me.
And so whatever, we moved past that and then like the cwa thing happens and we're drunk one night and we're on like xbox live or whatever
and like i slip up for the first time ever being fucking arrogant and cocky. It comes on the news,
CIA director hacked,
blah, blah, blah, all this stuff.
And I'm like, yeah, that was us.
Blah, blah.
I was like drunk talking
and just totally like gave myself away.
But I mean, I didn't think he would take me serious,
I guess.
Like, I don't know.
I was drunk, but he did.
And he actually reported me to the FBI
and then he told
me that he reported me to the FBI
and I'm not
going to name drop him but he knows who he is
and
that's some real scumbag stuff to do
like over
that
I just could never
imagine I would never do something like that to Like, I just could never imagine,
I would never do something like that
to another person,
I guess.
Just,
I don't know.
So that's one prong
that's definitely
maybe got them to look into me
because of an anonymous tip.
The other one is the person in our group
that I know is a snitch,
but
on what information was he able to collect about me?
I don't know.
He was always posting weird links in our chat, you know, like a URL shortener. So like, could have done some
sketchy stuff with that. I really did never click on those. And the other one was Julian saying that
the NSA got involved and me knowing that I got hacked. Yeah, so when they gave John Brennan's SF-86 form
to Julian Assange at WikiLeaks,
this really angered the Department of Defense.
And Julian somehow got word
that the NSA was aiding in the investigation.
So Julian told Default to be careful.
Then one day, Default's computer started acting up.
Something wasn't right.
It was crashing and glitchy. And he looked at the
network traffic and saw some connections to Langley, Virginia, where the CIA is based out of.
I knew I was hacked. My computer's acting crazy. It was having weird connections. Shut it off.
I was like, fuck. And so I shut it off for a while,
and a couple of days go by,
one day, and on the second day,
I turn it back on.
After I get home from school and start decrypting it,
it takes like 30, 40 minutes, okay?
But I noticed when I got home,
there was a black van,
or a Subur suburban sitting across the street
and I didn't think anything of it
and also
now that I remember
very very very sketchy people
had moved in across the street
this little house
and they just sat on the front porch
smoking cigarettes
looking at my house
non-stop
so
like literally
minutes after my desktop decrypted and came online
they came in like what are the chances of that like literally waited and waited usually they
bum rush you like right when you get home or you're in the house or you're like somewhere
they can confine you in a space and what it is probably is they waited for that to come on
and ping whatever remote controller they had,
whatever server it was connecting back to,
to verify that my desktop was unencrypted.
What happened?
Did they knock on the door?
Tell me about that incident.
No, dude.
They definitely don't knock on the door.
Okay, what did they do? They definitely don't knock on the door tell me about that incident of no dude they don't they definitely don't knock on the door okay what they do they definitely don't knock on the door bro they kick that shit in they hit it in with a fucking ram and all i heard was fbi search warrant and at your dad's house right
yeah and i just like before i could all I had to do was pull the plug.
And they had submachine guns pointed at my face and I like blacked out.
He had his computer set up in such a way that if he disconnected the power to it,
it would re-encrypt his hard drive.
He just needed to grab the cord and pull it.
But when you're sitting there at your computer with assault rifles pointed at you,
don't think you're going to reach for that power cord.
So at gunpoint, he had no choice but to let them seize the computer.
They had it all.
And I knew I was fucked.
I was like, there's so much data on there, they're going to have a field day.
They don't even know what they have yet.
But I know.
So I pretty much knew it was over at that point.
They pulled you out of that room
and someone else went in there to start taking your computer.
I mean, they can't unplug it and take it.
They know they've got to collect it.
No, they immediately hooked up something
to flash copy my hard drive.
Yeah.
And Secret Service was there as well
because I think someone hacked Donald Trump's website
or some shit.
We had no idea about it.
They were like,
they assume you're lying about everything.
They're like, come on, you know about that.
I honestly literally have no idea
what you're talking about. Why would they
hack Donald Trump's website?
I don't give a shit
about Donald Trump's website, bro.
But
I guess Secret Service has got to get involved.
So I'm sitting across from like BJ Kang
and like some very stereotypical,
tall, muscular Secret Service agent
like boating down on me,
like asking me if I'm part of HTTP
and like, where's NACASH?
And I'm like, dude, like, I don't know what you think this is.
Like, it's not going to go down like this.
And I think they were like doing a coordinated attack
where they were like raiding us all at the same time
because they didn't want anyone to be able to notify each other.
It's true.
Around the same time, Krakow was also raided by the police,
but it turned out he was living in the UK and he was a high schooler. notify each other. It's true. Around the same time, Krakow was also raided by the police,
but it turned out he was living in the UK and he was a high schooler.
So they took default straight to jail.
Police just weren't sure how dangerous he was
and they didn't want to take chances.
I think due to the nature of this,
they likely did time it
so that when his computer was online,
that's when they would raid him
and capture as much evidence as they could.
How they knew his computer was online is a mystery to me still. Were they looking through the window?
Did they hack into his computer and wait for it to signal out or something? His theory is that they
did hack him. His computer was now in the hands of federal authorities, completely unlocked and decrypted.
And, well, the stuff they found on there was clearly enough to convict him of many crimes.
Screenshots that you had taken,
Bandicam videos.
Oh, God, that was the dumbest thing I ever did.
But how did they get the videos
if you never posted them?
Because, like, literally, like I said,
I basically did all the
heavy lifting for them because like
I'm obsessive compulsive with like
archiving
data
stuff that probably shouldn't be archived
like oh
I think it'll be cool to record me
doing this crime and
I'll look back on it later
and it'll be safe because it'll be on my
encrypted hard drive. Well, what if your hard drive is not encrypted? And then now they have
literal, irrefutable proof that you recorded yourself committing a crime that they would
have no idea you had anything to do with. There was one device in particular that he
watched them take, and he knew what was on it.
Something that was very important to him. So important that I just imagine as he watches
them walk off with it, that his world just goes quiet and almost becomes slow motion.
But he couldn't say anything and just watch them take it. Because this was a secret.
One of the things they took from me was one of my external hard drives,
which I wanted back very, very much so.
What it was was my Bitcoin wallet.
I had a lot of Bitcoin on there, man, like almost a thousand Bitcoin.
They had all the evidence they needed to convict
him. He knew it. There was no way to get out of this. So he pleaded guilty. And the judge sentenced
him to five years in prison. Was prison rock bottom for you? Oh yeah, for sure. I got in
trouble for exposing the prison that I was at and how they weren't adhering to any COVID policies.
And it's like open dorms.
So it's like if COVID gets in here from one of these guards,
everyone's going to get COVID.
People are going to die.
And y'all are still coming in our rooms and touching all of our shit
and flipping everything upside down.
So I recorded all this with a phone I had
and sent it to some reporters I knew.
And of course, someone told on me.
And the next day, SIS came and scooped me up
and took me to the SHU, which is solitary confinement.
And from there, they weren't letting me back on the compound.
And they weren't shipping people because it was lockdown, full lockdown because of COVID. So I spent a year back there, a year in solitary
confinement. It's the hardest thing I've ever done in my entire life. And there was a lot of
people back there that unfortunately killed themselves because it's extremely psychologically testing to be locked in
and this tiny little cell 24-7 you don't get out at all like even in the worst
prisons in America the penitentiaries you have to let them out at least one hour a day. It's called 23 and 1. We didn't
get that. It was 24-7 for 365.
He read a lot of books in prison, learned about the importance of morals from an Italian
gang, and picked up stock market trading skills from a stockbroker.
And when he got out, he was banned from the internet entirely.
It was part of his probation for a while.
Same with Krakow.
Krakow was banned from the internet for a while too.
And he ended up with a two-year prison sentence,
even though he was only 16.
But all that time has passed now,
and both of them are out and back online.
Default struggled to get back on his feet.
He couldn't find a job, especially being banned from the internet,
especially having a felony record.
So he eventually got into trading stocks and cryptocurrencies.
He's still doing this now,
and he feels like he's good enough to make a living from it.
Just sharing my story with people, I think, is, you know, not just because it's an interesting
story and people enjoy listening to it, but I think there's a lot of net positive results
and things that people can learn from this that maybe they're not in prison or they're
not going to prison or whatever, but they're at a low point in their life.
And it's like, look, dude, it's not the end of the world. Literally, you can bounce back from
anything. You can change your life. You decide who you want to be every single day. Just because
you made some mistakes doesn't mean that that determines who you are and what your character
is as a person. You know, something I keep thinking about while
listening to this story is digital privacy. And I'm not going to go on another rant like I did
in the last episode. But in this case, government officials were doxxed. These guys stole their
information. They used it against them and then published it to WikiLeaks. How does someone come
back from getting their private information published to WikiLeaks?
I mean, I'm looking at John Brennan's SF-86 form right now. It's still there on WikiLeaks,
and it's the very first hit on Google when you search for it. Everyone knows everything about
him. It seems like anyone should just be able to do a password reset on him, you know? I mean,
you could impersonate him over the phone because you have
all his information. You can essentially be him, the director of the CIA, because we all have all
his information. It's possible for someone to get a new social security number. It's not easy.
You really have to prove to the social security office that you're in danger. I bet government
officials at this level might be able to skate through that you're in danger. I bet government officials at this level
might be able to skate through that whole process easier.
And I think it's easy enough to get a new phone number
and email address.
It's not so easy to just up and move to a new house though,
but that's doable.
It's possible to change your name too,
but what's the point of that when you're a public figure?
And that doesn't fix any of the problems
of knowing all your previous addresses
and who your neighbors were, your past employers, your friends, date of birth, hometown, height,
eye color. See, I think with all the doxing going on in the world, I wish there was a simple way to
just burn your identity and start fresh. Hell, I'd even be interested in doing it yearly myself,
just to always keep distance from whoever might be trying to track me out there.
And everyone is trying to track us. I wish I knew what John Brennan did to recover from this.
I didn't reach out to him because I assume he wouldn't want to talk about it because it would
just be giving away more of his private information. But I feel like we need a better
system to help us, the regular people out there. When we get in this situation, private information is not
a thing of the past. We still need our privacy. But I think what might help is just better tools
to stay private in general. You want my address? Oh, sorry. I only give out my proxy address,
a postbox that receives mail for me, opens the letters, and then sends me pictures of those
letters. You want my phone number? Oh, sorry, I only give out burner phone numbers. You want my social security number? Um, no, I don't give that out to anyone.
Oh, what, it's for my security clearance? Sorry, that's not even a safe place to give it.
Didn't you hear about what happened to John Brennan? These pieces of information on us
are important that they remain out of the public view. Yet time and time again,
they get into the public view. And it's not just from doxing, data breaches, companies sharing your
data, or you just giving your information to the wrong people. I mean, for instance, I had to give
my social security number to buy Bitcoin. And now the CEO of that company that I gave my social to
is in prison. So who knows where my data went? So I think we're
way overdue for a better system to protect our most important data. I think we need to stop
giving it out to just anyone who asks for it. I mean, I was at the store buying bananas the other
day and they were asking for my phone number and my zip code and all this stuff. I think there needs
to be fewer situations where we need to provide it. I think we need to be less reliant on our
private information as a way to authenticate it's really us.. I think we need to be less reliant on our private information
as a way to authenticate it's really us.
And I think we need a way to recover from situations
where it's been completely exposed,
which I think with the Equifax breach,
most of us Americans have had our private data
completely exposed anyway.
I think this is a problem that needs to be solved.
And while I think some solutions are out there,
it's piecemeal and complicated. And I don't see anyone doing it holistically right now.
There's something that still rattles around in my head from this story.
That hard drive that the Feds took, it still has his Bitcoin wallet on it. The Feds never got
access to that Bitcoin. It's still sitting there untouched.
And they still have that hard drive and won't give it back.
And the reason they kept it is because it has evidence on it.
Data that he stole from various places.
He asked them, just take what you want off it and give me back the drive.
But they refused.
1,000 Bitcoin still sits on that hard drive.
1,000 Bitcoin today is worth $25 million.
Just imagine $25 million sitting in some storage locker
in a federal building,
and the feds have no idea it's there.
So it sits for years
and will probably one day be destroyed by some lowly computer
technician. A big thank you to Default for coming on the show and sharing this insane story with us.
Like this one, I was like, wait, what?
Like so many times, it's just unreal.
If you like this episode,
you should probably check out episode 109
called Team Poison.
It's another story that was sort of running alongside
this one in parallel
and sort of same time and place of the internet.
Okay, what housekeeping is there?
Oh yeah, a lot of you are telling me
you're finally caught up
and have listened to all the episodes.
If that's you, I want you to know there are 10 bonus episodes on Patreon.
You can support the show and hear more stuff if you want.
Go to patreon.com slash darknetdiaries.
My favorite online hangout these days is the Darknet Diaries Discord.
We have 17,000 members, but I can squeeze you in.
So come on, just go to discord.gg and come say hi.
This episode was created by me, the slow Loris Jack Reciter.
It was assembled by the corpulent porpoise, Tristan Ledger.
Mixing done by Proximity Sound.
And our theme music is by the mysterious Breakmaster Cylinder.
I tried teaching my mom how to build a PC.
But all we did was make my
motherboard. This is Dark Knight Diaries.