Darknet Diaries - 151: Chris Rock
Episode Date: November 5, 2024Chris Rock is known for being a security researcher. But he’s also a black hat incident responder. He tells us about a job he did in the middle east.https://x.com/chrisrockhackerSponsorsSup...port for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet.Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.Support for this show comes from Flare. Flare automates monitoring across the dark & clear web to detect high-risk exposure, before threat actors have a chance to leverage it. Their unified solution makes it easy to rapidly identify risks across thousands of sources, including developers leaking secrets on public GitHub Repositories, threat actors selling infected devices on dark web markets, and targeted attacks being planned on illicit Telegram Channels. Visit http://try.flare.io/darknet-diaries to learn more.
Transcript
Discussion (0)
Just a content warning from the top here.
There's quite a few swear words in this one.
I don't know, do these content warnings even help anyone?
Let me know if you like knowing if there's swear words coming up or not.
Someone who's been on my radar for the last decade is a guy named Chris Rock.
Not that Chris Rock, a different Chris Rock.
A white guy, an Australian.
And I know him as a security researcher.
But as soon as I got on the call with him,
I started learning that he's way more than just a researcher.
Yes, I'm a public guy for my research,
but not public for that side of the business.
So for me, it's just a gig.
And whether it's white or black, it makes no difference to me.
So I think that sort of...
Wait, so have you done black hat gigs before?
Oh, shit, yeah. I've been doing them since I was 11 years old. Wait, so have you done black hat gigs before? Oh, shit, yeah.
I've been doing them since I was 11 years old.
Like, this is the norm.
I know a lot of people, you know, on the white hat say,
oh, I used to be a black hat and now I'm not.
I mean, for me, it's like I don't give a shit whether it's white or black.
Are you a hacker? Yes.
Hold on a second.
But the black hat indicates that you're doing criminal activity.
So you don't give a shit if you're doing criminal activity.
No, not at all.
Not at all.
It's funny.
I meet with a lot of people who do the whole, you know,
hacking is not a crime and all that sort of stuff.
It's all full of shit.
That's the public persona to keep their job safe.
But at the end of the day, when you have a beer with them
and you talk shit, like, it's all bullshit.
So I'm essentially transparent about what I do.
So what Black Hat stuff have you done?
Not when you were 11.
I mean, I'm sure you stole your mom's credit card or something,
but that's small potatoes compared to when you're an adult, I suppose.
We've done everything.
We've done banks.
We've done government.
We've done telcos.
We've done big oil companies just out of exploratory processes.
Like, yeah, normal stuff.
I want to say normal stuff.
Normal for blackout paper.
No, I'm not tracking.
So you're telling me you robbed a bank and then just like took the money?
Yeah.
Chris, what are you doing?
I mean, for me, it's an exercise.
Like it's just, you know, can you do it? Yes, no, transfer.
And there's a lot of people around the world that will pay you to get into these banks and transfer money. Yes. You broke my brain here. Sorry, buddy. I don't even know where
to go. You've got multi-angles. And look, you may not be able to cover it all in this call.
It's just an exploratory call.
I think we're going to need like 10 calls.
I mean, the hard thing with you, Jack, is you've got a 30-something-year-old career
that you've got to stick into an hour walk.
It's not going to fit.
Okay, have you ever been arrested?
No.
How are you this good that you're able to rob banks
and not get arrested?
It's not that I'm that good.
It's just you have to be stupid to get caught.
You know what I mean?
The world's your oyster.
I mean, we get raised in this world.
I mean, I train forensics, anti-forensics.
I mean, it's just like the norm.
Like it's, I feel sorry for the people that do get caught
because, man, you shouldn't be hacking shit, you know,
when you've got five years, ten years experience.
Like once you've done it for 20 plus years, it's just easy.
These are true stories from the dark side of the internet.
I'm Jack Recider.
This is Dark by Delete Me.
I know a bit too much about how scam callers work.
They'll use anything they can find about you online to try to get at your money.
And our personal information is all over the place online.
Phone numbers, addresses, family members, where you work, what kind of car you drive.
It's endless.
And it's not a fair fight.
But I realize I don't need to be fighting this alone anymore.
Now I use the help of Delete.me.
Delete.me is a subscription service that finds and removes personal information from hundreds of data brokers' websites.
And continuously works to keep it off.
Data brokers hate them.
Because Delete.me makes sure your personal profile is no longer theirs to sell. I tried it and they immediately got busy scouring
the internet for my name and gave me reports on what they found. And then they got busy deleting
things. It was great to have someone on my team when it comes to my privacy. Take control of your
data and keep your private life private by signing up for Delete.me. Now at a special discount for
Darknet Diaries listeners. Today, get 20% off your Delete.me plan when you go to join deleteme.com Bye. at checkout. That's joindeleteme.com slash darknetdiaries. Use code darknet.
Support for this show comes from Black Hills Information Security. This is a company that
does penetration testing, incident response, and active monitoring to help keep businesses secure.
I know a few people who work over there and I can vouch they do very good work.
If you want to improve the security of your organization, give them a call. I'm sure they can help. But the founder of the company, John Strand, is a teacher and he's made it a mission to make
Black Hills Information Security world-class in security training. You can learn things like
penetration testing, securing the cloud, breaching the cloud, digital forensics, and so much more.
But get this, the whole thing is pay what you can. Black Hills believes that great intro security
classes do not need to be expensive, and they are trying to break down barriers to get more people
into the security field. And if you decide to pay over $195, you get six months access to the
MetaCTF Cyber Range, which is great for practicing your skills and showing them off to potential
employers. Head on over to
BlackHillsInfosec.com
to learn more about what services they
offer and find links to their webcasts to
get some world-class training.
That's BlackHillsInfosec.com
BlackHillsInfosec.com
BlackHillsInfosec.com
Alright, so who are you and what do you do? BlackHillsInfosec.com.
All right, so who are you and what do you do?
So my name is Chris Rock.
I'm 50, 51 now.
So my career started when my parents bought me my first computer,
which then it wasn't a computer, but it was the Atari 2600.
And from there it went to Commodore 64 and Amiga and then IBM and Clone.
So I was born at the right time for computers, loved hacking.
I'm on, you know, I consider myself on the spectrum,
like I prefer the company of computers than people.
So for me, you know, spending 16, 20 hours a day in front of a computer is natural and I've done it since I was, you know,
10 or 11 years old. So you spend that much time in front of the computer is natural and I've done it since I was, you know, 10 or 11 years old.
So you spend that much time in front of something,
you become good at it.
So I've spent my whole, you know, the last 40 years on a keyboard.
Then I went to university at 18.
Didn't like uni.
It was coding.
I hate coding.
So I dropped out of uni.
Uni wasn't really for me.
So then I went into the sector.
So it was IT slash, really IT 80%, then security 20%. But I went into the banking sector. So I
spent the next 10 years in banks, in Australian banks, which you could probably tell from my
accent. 10 years in banks. And then someone said to me, what do you want to do now? And I said,
you know what, I want to do some pen testing. And then I set my own pen testing company. So I did pen testing for another 10 years
after that around the world. And then one of my customers
from pen testing wanted a SIEM solution. I said, look, I can
help you out. I can stitch some open source products together like Elastic and stuff like that.
And I did that and they really loved it. And then they said, why don't you give it to
the rest of the world so they can have a look at it,
which was essentially the platform that I'm running now, Seamonster version one.
So we rolled that out.
It got a lot of traction.
And essentially, that's my full-time gig.
I am the CISO of Seamonster, S-I-E-M-O-N-S-T-E-R.
What a Seam does is it collects all the security logs of an organization and alerts when there's a security incident. And Chris made his own called Seam Monster,
which came about because he was breaking into companies
and saying things like,
oh, if you had logging turned on, you could have saw me.
And those companies were like,
well, set up logging so we can see you.
So he's got quite a bit of experience
in both the offensive and defensive side of cybersecurity.
So while I was talking to Chris,
he started telling me about a job
that he had in the Middle East.
And I'm not even sure what kind of job this was it's not exactly a penetration test and it's not exactly an incident response uh research and engagement so it's probably a
better word for it so when i was doing pen testing people would say chris you seem like a guy that
would do outside activities and then i would get approached for these outside activities and then you know around the world to you know hack into this person hacking this
company and you know get these secrets and that sort of stuff so essentially both paths are working
so through word of mouth there's someone in the middle east who needs a hacker's help and heard
that chris is the guy to call for these sort of things. So he calls him up and says, can we meet?
Usually they do it in person.
So in this case, I flew to a neutral area.
So I flew to Istanbul, Turkey, and then met over dinner
to talk about the exercise that he proposed.
That's quite a, I mean, already I'm intrigued, right?
Because it's like, hey, we have this job.
If you want more details, meet me in Turkey.
Yeah, and I say it off the cuff because that's natural for me.
And I know a lot of pen testers don't see that side of the world.
They see it in a forensics report or incident response.
But once you live it and you go through it,
it's a very interesting world.
Like it's, you know, Jack, you know, I'll use you as an example.
You know, you get paid every week slash fortnight slash whatever and you get your paycheck, tax comes out and stuff like that.
But when you're on that other side, you know,
it doesn't work like that, obviously.
You know, there's no tax but you've got to get your money
and things are expensive, burner phones, you know, burner laptops,
crypto, peer-to-peer money and getting your money and things are expensive, burner phones, burner laptops, crypto, P2P money,
and getting your money washed, all that sort of stuff.
Different world.
It's a great learning curve, but a lot of us don't get to experience that sort of stuff.
Well, yeah.
What is this engagement?
Tell me more about how this was pitched to you and what's the job and stuff.
Yeah.
So I met this guy. Walden's calling Mike.
I met Mike and Mike worked for a company
and they were rich Middle Easterners who,
essentially he was one of five brothers
and each of the brothers was worth about a billion dollars.
But he was only worth $200 million,
so he was like the poor loser of the family.
So I know that sounds really weird,
but he had to take bigger risks to compete with his brothers
to get to that billionaire status,
and that's why he would engage hackers
to assist him with his business activities.
So in this case, it was put forward to me
that one of his subsidiaries,
he thought that they were stealing money
and then moving that money to another company,
another offshore company,
and also the IP from that company.
So he asked whether I'd be interested
in finding out whether it was true
and then to recover as much money as possible.
We're dealing with a few mega-rich billionaires
from the Middle East here.
But the one brother isn't quite a billionaire yet,
and he's keen on hiring a hacker's help
to investigate where some of this money went.
In this exercise, it was a cash deal.
I was offered gold in a briefcase,
which is pretty fucking useless, getting gold overseas.
But you get offered different types of currencies.
Gold in a briefcase is what they offered you?
I know.
When I heard that story, first of all, I thought it was just a shit story.
But no, they had cash ready to go for the exercise.
But if they said I prefer gold, I could get gold.
So being not a native from that part of the world,
it was pretty useless for me.
Okay.
So did you meet with this multimillionaire directly in Turkey?
No.
You always go through an agent.
So I don't want to sound rude, but when you're dealing with Middle Easterns, you don't actually deal with the Middle Eastern guys.
You deal with – I'll say you deal with a white guy because they don't want to have any direct link to the foreigner. So I met with an agent of the rich guy
and he was from South Africa
and him and I discussed what was required, the targets.
Chris, this is not a normal incident response
or engagement or exercise or whatever it is you called it.
When I hear that they wanted this extra layer
between the client and you, it makes me think that
they want plausible deniability. So if you get caught, they can be like, we don't have any
Aussies on our payroll. I'm not sure who you have, but that's not our problem. And they'll
just leave you in the dust. Do you see it that it that way too? So the answer is yes. You are spot on.
It was essentially one level removed.
And the reason I hesitated with my language before
about talking about white guy,
we refer to them as skirt wearers.
So, you know, like the Middle Eastern
with their long garb that they wear.
So it was your skirt wearer will not meet a Western guy.
So there's always a Western guy dealing with a Western guy.
That's the language that we would use
for these sort of assignments.
So since this client has heard that Chris has done some mercenary type work before,
they wanted him to come investigate this theft,
see if he can help them build a case against the guy who took it.
Spot on.
And there's parts of the world that essentially are the Wild West.
So Middle East, for example, they do not give two shits about the law or that sort of stuff.
So if you need to hack into a bank to get their money returned, they'll do it.
If you need to hack into a company to do it, it's normal.
And when you're dealing with government-sponsored stuff, it's normal activity for them.
So don't put your American brain on it.
Think of it as like the Wild West.
Now, typically with a penetration test, you are given a scope, you know, like you can
hack into this stuff, but don't hack into that stuff. But he wasn't given a scope. He was told
by any means necessary, conduct your investigation. And on a typical incident response, you'd be given
some internal network access or at least access to some logs or documents to comb through to figure
out what happened. But here's the problem.
All this company knew was that they gave this money to an investment firm and they didn't get what they expected. So they wanted Chris to pretty much do the incident response by getting into that
investment firm and combing through their logs and documents to try to find proof that they did
misappropriate this money or steal money or steal intellectual property. So really, all they gave Chris was this suspected company's name and the people who worked there.
They were like, here's our suspects.
We don't have any other details.
No, we got a list of names.
So those eight names and what information they knew about them, whether it be phone
numbers, personal email addresses, working address the name of the company nothing else it was completely then you know earn your fucking money and and get in so
by any means necessarily so the names you were given are the employees that work there uh some
in the company and some outside of the company because the the theory was the money was going
into this company and then going out to another company, another investment firm that was essentially going to steal the IP from the subsidiary and then launch another iteration
of that with the IP and the funds that was coming from the original investment company.
And so what are your first steps?
What do you get going?
What do you do?
Yeah.
So the first step, so we had a number of targets.
It wasn't a single target.
We had essentially eight targets on our list.
So essentially, we essentially map out the person you know the internet dumb research on who this
person is how they how they live their lives you know linkedin you know social media all that sort
of stuff getting that sort of information obviously phone numbers email addresses physical addresses
and stuff like that and then plan an attack okay who are we going to go after first are we going
to go after the prime target first?
I'll use the guy, Bob, you know, Bob and Alice.
It's an easy one to use.
So in this case, the prime target was Bob,
but we had all these other targets like Alice and Jane and all that sort of stuff.
And maybe we don't go after Bob first.
Maybe we map out these other people first.
So when we do an exercise like this,
and we're talking big money,
when we do exercises like this,
we don't just send like a blind email and then just like, oh, they're on to us or we got in successfully.
So we'll essentially own their whole world.
So we talk about level one, level two, level three.
So level one is their inner circle.
In this case, Bob's wife, Bob's kids, all that sort of stuff.
Then you have a layer two, things like accountants, lawyers, gyms, all that sort of stuff.
That's level two
and then you have the three like the the affiliates on the outside so we might target in this case we
would target level three level two first and when i say target as in own emails so you can actually
if we send an email to bob he would reply to it and wouldn't think it's dodgy if that makes sense
not from you know dodgy idiot at g.com. It's actually a real person.
So we would target level three, level two.
And then once we're comfortable with all those assets,
now I know that sounds like very exhaustive,
but when you're doing these sort of gigs,
those level two, level three come in handy down the track.
Whoa, this guy's serious.
I've told you many times,
don't open attachments on emails or click on links from texts from people you just don't know.
But what Chris is doing is he's targeting people this guy Bob did know,
getting into their emails and their network first,
so that when it's time to target Bob, he'll be sent an email from someone he does know,
and perhaps even a document that he's been expecting.
Like, for instance, if you get an email from your doctor with the lab results included,
that would likely be an attachment that you would think is safe to open.
This is the kind of stuff that Chris was trying to do to avoid any suspicion
that Bob is being hacked into or spied on.
This, to me, has a level of sophistication that I'm impressed by.
Yeah, so what made you interested in Bob as opposed to the other seven?
Bob was the boss.
He's the CEO.
So essentially, he's target number one on our list.
Like, you know, if you've got like a deck of,
American deck of cards, he's like the ace of hearts,
if that makes sense.
Okay.
So you were going to start with him.
And if you need more information, you go down the line with the others.
Actually, no, we didn't reverse order.
Remember I talked about, we do like a level three first,
level two, level one.
So we essentially start bottom up because we want to have,
you don't want to send like a blind email.
You need to understand, you need to read the emails
and get the personality of Bob before you approach Bob.
So you need to know, you know, Bob's dealing with Jane.
What's the normal language flow between Bob and Jane?
So you compromise Jane, you get the, you know,
the from emails from Bob so he can see the language and what time of day emails get sent,
that sort of stuff.
So we do not do the first target until last, if that makes sense.
So as Chris gets to know more about Bob,
he starts hacking into everyone around Bob,
their emails, their computers, their phones, their locations.
This allows him to see who's in Bob's orbit
and how does communication look between them.
And at the time, Chris had some really nice vulnerabilities
in Adobe PDF Reader and would send emails to someone
and getting them to open the PDF,
and that would allow him to install a remote access Trojan
and get access to their computer.
Yes, so in that case, the Adobe was enough to get
probably four or five of the
eight people uh and also the subsidiary so a lot of the fintest who listen to this will know that
you know once you've got remote shell of this pretty much came over that at that stage things
like key loggers and stuff like that but the more complex thing is that we did is um we didn't have
access to the investment firm that bob was moving assets to or IP to.
So it was time for plan B.
Plan A was to hack into the laptops of the employees of that company.
But even though he could get the Trojan installed,
he just couldn't get a connection into their machine
when they were in the office.
So we wouldn't get the shell returned to us.
So it was either some sort of egress backfiltering
that we couldn't get an open shell.
So we would have PDFs being clicked on,
but we couldn't get a remote session from the target.
Walk me through what's supposed to happen here.
Is it Metasploit that you've used?
So yes and no.
In this case, we would use Metasploit as a pen tester,
but we would do our own custom PDFs that we would run against AV.
So we would upload it against, you know,
virus title to make sure nothing picked it up.
And so we would send the PDF off.
But when it was double clicked,
it would then remote connect back to us on a port,
443 or whatever that we thought would get back
through an egress port back to us
that would then essentially have a listener like Metasploit.
But we would have our own listeners listening in this case.
He wanted to get into the company's network.
He was hoping there he'd find some file servers or something
which could offer him more evidence of what got taken.
And this company was a small investment company
and didn't have a dedicated office,
but instead was working out of a co-working type space,
kind of like WeWork.
But to break into an office in another country,
you really need to come prepared.
You need all the plans, plan A, plan B, plan C, and escape routes too.
This isn't a mock exercise.
This is playing for keeps and potentially very dangerous.
The first plan never works.
Like it's just one of those things in life and it very dangerous. The first plan never works. Like, it's just one of those things in life,
and it never works.
So, and if it does, it's like, man,
you know, that was the one-in chance.
So, you're right.
Multi-gear, it's one of those things
you have to plan for the worst.
The goal was to get access to this company's network.
But where's that company's network?
And how do you get into it without being caught?
This is where the more you know about that company,
the better.
He discovered this company had a Wi-Fi network set up in the building.
And what's more is the Wi-Fi they were running was using WEP encryption.
This was years ago when WEP wasn't so uncommon.
Today we use WPA, which is much more secure, but WEP had some vulnerabilities.
If you could get a radio near the WEP Wi-Fi router,
you could intercept enough beacons and packets to get on their Wi-Fi network.
So that was the goal.
Get in the building, get within range of their Wi-Fi router,
and plant a device to listen to and capture the WEP packets.
We actually had to do custom-built stuff.
So, you know, I got an Italian motherboard motherboard that was the tiniest motherboard at the time
and then built up my own Linux stack with Wi-Fi hacking
and things like PuTTY and reverse shell tools like Plink and stuff like that
that we would use that we would plant close to the VC firm.
So he loads up his kit full of cool gadgets and flies over to that country.
You got any sort of way you dress up
when you go out to these things?
Just look, black
or blue suit
with a white shirt and tie.
Even if it's 50 degree heat like in QA,
that's what you wear. That's not what a black
hat hacker looks like.
I know, I know.
He's exactly right.
So, yeah, hoodie, all that sort of stuff,
that doesn't command respect over there.
But suit guy over there, in their eyes, respect.
He goes to the office building and starts planning out how to get in.
That's the easy part.
A white guy in a suit with a laptop,
with someone holding lots of books,
someone will open the door for them.
It's one of those pen testing stories that you've probably heard a million of.
But that works in the US or even in Australia.
But if you're a white guy walking into a place with a bunch of people
that don't look the same, now you're out of place.
Your thinking's right. Let me show you,
Middle Eastern companies like a Western are in there because these people have been trained
outside of the Middle East. We trust them. They've been to Cambridge and MIT, all this stuff. So,
it comes with an inherent trust. You're right, Jack. Your thinking is, oh, the white guy sticks
out of place. But no, over there, a white guy, you do what they say.
Because if you've done any work in the Middle East,
they employ, you know, the best German engineers
and the best, you know, English, you know, financiers and stuff like that.
It's not unusual for a white guy to come in
and pretty much run the show, if that makes sense.
So he's let in the building, no problem.
And it's a co-working space,
which means there's a lot of small businesses working out of this building.
And he can use that to his advantage
because everyone is used to seeing strangers roaming around.
Getting access to the building was really easy
because it was, like you said, it was a co-working space.
And then finding out that they were on a floor
that had one of those communal kitchens,
like for us, it was like easy as.
I didn't have to get past, you know,
a receptionist or someone, what are you doing here?
It was essentially, you know essentially a guy making a coffee,
pulling the microwave forward, sticking something behind it, and then boom,
we had a device planted in to get this last VC firm.
You said we a few times. Who else is on your team?
Yeah. We're not talking about owning level three, level two, level one targets. I mean,
there might be 20 targets behind the scenes. So we're talking about Bob's doctor, Bob's lawyer,
Bob's accountant, Bob's gym.
In extreme cases, things like Bob's bank.
You can't do that all by yourself.
I mean, that would be a year-long exercise and it's not worth the effort.
So I always work in a team to do these activities just to make that load easy, if that makes sense.
Okay.
So it was fairly uneventful getting in, but he managed to slip in, go into their kitchen, go behind their microwave, plug in this little computer with an antenna, and then slip out of the building.
Now him or his team can access this little device remotely because it has its own cell connection so that he can just access it from anywhere in the world.
Their first goal is to get on the Wi-Fi network.
To do that, they're going to have to crack the web protocol.
They log into that
little device and fire up a tool called AircrackNG. What this does is it intercepts as many Wi-Fi
packets as it can. If you think about it, Wi-Fi is wireless, so the packets are just flying through
the air all over the place. It's pretty easy to tune your antenna to just see them and grab them.
Today's modern WPA protocols make it so even though you can grab the packets out of the air,
you can't see what's in them.
But with web encryption, there are vulnerabilities in which you could grab enough packets
to be able to decipher it and get into the Wi-Fi yourself, which is what they did.
After running AircrackNG long enough, they got their little device on the office Wi-Fi,
which now they have a little machine on the inside, giving them an inside look into their
network. A network scan shows them a few devices that are there. And then they look at what ports
are open on those systems. And then they can guess what devices those might be. They find a file
server, which employees were using to store documents and such. And remember, this is an
investment firm. So they're managing a lot of money and have to maintain relationships with people
and know which businesses they are invested in.
So all this must be documented somewhere.
And this file server was exactly where it all was.
That's correct.
And then we had access to file servers and stuff like that
and email servers, and that's how we got into that company
that we couldn't get in through the whole remote PDF stuff.
At this point, Chris has a huge amount of visibility into this investment firm
and the suspects who might be stealing this money and intellectual property.
He's got a ridiculous amount of listeners in place, full access to the network.
Like he can look at all the files on their file servers and email servers,
full access to some of the suspects' computers,
through remote access trojans that were put on there.
He's able to see every email in and out.
And he also has key loggers on their computers
so he can see what their usernames and passwords were.
But he also has access to emails and computers
with people around the suspects,
family members, friends, doctors.
He's also looking to see what kind of bank accounts
these people have, just in case he needs to get in there
and take a look to see where money's going.
So with all this access, he starts finding stuff that the client might be interested in. On file service, you'd start
seeing folders, like a folder. And then we're talking about in the investment firm, you would
see like, you know, bobs, and then you would see things like IP and stuff like that, which we would
then run past our client saying, is this the sort of stuff that you're worried about leaking into
somebody else's hands? And then we would send that to our handler who'd say, yes, no, yes,
keep targeting that sort of stuff.
So you start building a picture.
And, I mean, this exercise went for a long time.
I don't want to exaggerate, but I think this one went
for nine-plus months on this exercise.
It was just a continual stream.
So over that time, you're reading every email back and forth.
And so you would get all that sort of information and learning how they speak and how they think and proper language.
So you start piecing the puzzles together on what this guy is actually doing.
And because I'll say this, we don't give a shit what he's doing.
It's essentially, here's what he's doing, client.
Is this what you want?
Is this what you suspected? There's no emotion. We don't give a fuck. It's essentially, here's what he's doing, client, is this what you want? Is this what you
suspected? There's no emotion, like we didn't give a fuck, it's just a job. And then we would
give that, say yes, no, how do you want us to proceed? And then go from there.
The client kept telling him he's on the right track, keep finding more details and send them
over. And like he said, he maintained his access for quite a while as he gathered all this info.
But he doesn't want his presence to be detected. so he has to be very careful not to be seen. So essentially what we would do with a
blackout exercise, we might compromise, say, eight targets around the world, and the last hop would
be from the home country. So, for example, we might compromise a hotel in Pakistan and an Airbnb in
India and then another country.
Now, these countries don't participate.
They don't do forensics with each other.
Like, they're essentially at war with each other.
So you would hop your traffic across seas,
and then the last hop would be, in this case, it was a Q8.
So essentially the last hop before the target would be a Q80 IP,
and we actually owned the telco at that stage in Q8.
So it was essentially,
it didn't really matter. It just looked like an AT&T.
What?
My gosh, just to log into their Gmail, you're like, wait, we can't do it from Australia.
Let's get over there and log in from there. I'll tell you what, I got a plan. First,
we're going to hack into an Airbnb in Pakistan.
Then we're going to hop over from there to hack into a telecom provider in that country.
And then from the telecom provider, that's when we're going, that sounds so crazy.
Yeah, and so, Greg, when people talk about a little black book, we would essentially have a network of these compromised targets.
Not the telcos, let's leave the telco.
We would have a network of a path we could use
when we want to do a hack job.
We're not doing it from the local McDonald's
or from your home, for example.
So we would have this rotating list of our own proxies,
not Tor or anything like that.
We do our own targeted proxies that do the hops that we want.
Like we definitely want to do India, Pakistan, Sri Lanka, Bangladesh,
because, like I said, they hate each other.
So there's no, oh, can you give us your diss for this activity?
Like, it's not going to happen.
So we would use the wars of the world to benefit us.
So that would be our black book of targets.
So we always have, and when we're not working,
we would essentially find these targets for our next assignment.
So you always have that little black book of, like he's talked about before, tools. We would have compromised
targets around the world that we were going to bounce off. The telco was just having to be
something that I love working, I love hacking telcos. So it was one of those things that
was going to come in handy. Gosh, so to carry out a task like this,
he has to spend quite a bit of time and resources finding vulnerable systems around the world so he can hack into them only to use that system to jump over to another computer
in the world. This way, it's impossible for anyone to track his route back to where he came from.
But also, think about the fact that he has that little computer behind the microwave in the office
that he's targeting. It's on the same Wi-Fi as the people in that office. So he could use that
computer to log into things like Gmail, which would appear to be the same Wi-Fi as the people in that office. So he could use that computer to log into things like Gmail,
which would appear to be the same IP those people are typically logging in from,
making Gmail think this is normal activity and not alert the user.
After a while, Chris had collected and delivered enough evidence
that the client called the police.
Yeah, so the evidence was essentially what they suspected,
that both money that had been sent to the company to, you know,
build the company was being moved to both personal accounts
and to the outside investment firm,
as well as IP that was created in the business.
The subsidiary was being moved to another investment firm
as essentially our collateral, our moat, for example.
This is the data.
And how did you find that?
What was that smoking gun that you found?
That was freaking everywhere.
That was everywhere.
These guys were operating like, again, the Wild West are operating their emails, both
email, both company emails, file servers, everything.
It was just that evidence was everywhere.
And it just took a while to put it all together and connect the dots.
Yeah, and remember, that was not our job.
Our job was to present what we found and then they were to go,
is this your – because we don't care.
Like I said before, I don't want to sound non-echelon,
but is this your shit?
Yes, no.
Do you want us to find more shit?
No, we have all the shit we need.
Go do your job.
I mean, that's how we operate because, again, it's not personal.
We don't care what the information is. Is this
the right shit or are we on the wrong track? We just need to know.
Now,
the payment for
this, was it sufficient?
Because I can imagine them saying, here's a briefcase
of money. And then you're like, well, dude,
we've been working on this for three months.
If you want us to keep on, we need another
briefcase.
Yeah, we don't. How we operate is we will have an initial fee,
a finalization fee, and then we will have what we call an ongoing fee.
So the jobs like this we'd like to have over within a month,
so initial fee, completion fee.
But if you want us to continue to monitor these eight people
and this outside company, you're going to have to have like a monthly charge,
almost like a subscription model, where they would pay to just find
out what's going on in these people's lives.
So you don't want them to think they're idiots.
So you'll put a quote in front of them and they'll say,
we agree to that quote.
You better stand by that quote.
You know what I mean?
Like if you want referral jobs going forward, like if you said half a mil
or a mil or two mil, whatever you quote, that you stick to that. You know what I mean? Like if you want referral jobs going forward, like if you said half a mil or a mil or two mil,
whatever you quote, that you stick to that.
You don't say we need more.
Like you make it crystal clear because this is, again,
this is repeat business that you want.
Yeah, I'm just starting to put the picture together of like how much you charge
versus how much they're losing.
It's worth more to them to pay a million or two million to
you. And if they're going to recover, how much money do you think was being stolen here?
In this case, I know exactly how much money was being stolen. I think it was 2.5 US or 2.75 US,
a million dollars in this case. But you got to think when you're in business, Jack, I know you're
in business, but when you're working with a customer,
their initial first year spend might be, let's say it's half a million dollars
for the initial spend.
Once they see how useful you are and then you do repeat business,
it's like it's an investment firm.
They're always investing shit.
So they're always going to use your services down the track.
So you might do, it's a bit like a drug dealer.
You might give them a taster for half a million and the next job's going to be worth two. Like, you know what I mean? Like you
just, they know your work, they know your style, and then you know you're going to get repeat
business with higher stakes. I mean, he's dealing with wealthy people here, billionaires, oil money.
Yeah, if he can prove that he's the go-to person to these folks, yeah, these could be long-term
customers of his. And in this case,
they were very happy with him. They got enough evidence to take action on this thief.
They then got lawyers involved from their side. They had to be really careful about what they
presented to the lawyers, but it was, we believe X, Y, Z, and then get the police to arrest the
ringleader, Bob, at that moment.
So that was essentially their goal, to get him in jail.
Because they took it personally.
Like I said to you, you've got to treat them with respect.
And if you disrespect them, then they get really emotive.
And for them, jail was the worst case of action for them.
Okay.
Story's over, right? You found the thief.
They put him in jail.
Yeah, so Jack,
the story's not over there.
This is where it gets exciting.
Stay with us.
We're going to take an ad break,
but it's going to get exciting
after that.
This episode is sponsored
by NetSuite.
What does the future hold for business?
You don't know?
Me neither.
But what I do know is that you don't have to be months ahead of your competitors to be more successful.
Just a few days or even a few hours can work wonders.
So until someone brings you a crystal ball, NetSuite can give you an advantage.
More than 38,000 businesses have future-proofed their business with NetSuite by
Oracle. It's a cloud ERP service, and one that I'd be using if I needed the help. NetSuite brings
accounting, financial management, inventory, and HR into one fluid platform. When you're closing
the books in days, not weeks, you're spending less time looking backwards and more time on what's
next. Whether your company is earning millions or even hundreds of millions, NetSuite helps you
respond to immediate challenges and seize your biggest opportunities.
And make use of real-time insights and forecasting, allowing you the opportunity to look into the future with actionable data.
Speaking of opportunity, download the CFO's Guide to AI and Machine Learning at netsuite.com.
The guide is free to you at netsuite.com slash darknet, netsuite.com slash darknet.
There was enough evidence to prove that this guy Bob stole the money and the intellectual property,
but they told Chris they were worried about the money.
The customer worried that Bob was going to use that money as a defense. He was going to, you know, get on all his bloody Shapiro
lawyers to fight his case
and use the funds that he'd stolen
to fund that exercise.
So they asked Chris, get us back that
stolen money. Do your job as a hacker
by any means necessary and return the money
to us. Which, in my opinion,
is crazy because
why not just have the police return the money?
They didn't want to wait because you're thinking American system, not Middle Eastern system. They didn't want to fuck
around with that sort of stuff. They didn't want to go through. We want the money. You know, we
want this. We want, you know, and then put a brief together, stuff like that. They don't roll that
way. So his objective was clear. Get into this guy's bank account while he's in jail and move
the money out. This job has essentially turned into a bank heist at this point. And it seems to me that Chris doesn't have any moral concerns about robbing a bank.
No, no, no. And Jack, I've listened to a lot of your sessions and that comes up quite a lot. I
don't have that boundary. Does that make sense? So for me...
Okay, so this doesn't make sense just economically, right? So if somebody pays you $50,000 to go get a million dollars out of a bank account,
why don't you just go get the million dollars and be like, you know what?
Forget you.
I'm just going to go steal my own money.
And that's actually happened on jobs before where you take your share as well.
But so in our case, remember, we were returning the funds.
We didn't return the funds and a little bit extra.
Yes, we could have taken money from somebody else's account,
but that raises flags in case.
So we were essentially returning the money that was stolen.
So there's no actual victim.
Does that make sense?
The money was returned to the rightful person.
Yeah, it does make sense.
Okay.
And remember,
we're after repeat work and word of mouth,
which is how you work over there.
It's like building a business.
Okay.
So, you accept
this job to get the money
back. Now, how'd you
do it? How'd you get the money back?
We compromised the bank which was
pretty easy so we essentially used the same sort of techniques of you know pdfs inside
going to the core banking system finding out you know the internal where their um internet banking
like web servers were replacing the front page to actually log all the usernames and passwords
and two factors and then we would have a log file of all the username, passwords and two factor.
So what he just said was that he found a bank employee, sent them a phishing email,
got them to open a PDF, which planted a Trojan on their computer. And then he was able to get
into their computer. And from there, he hopped into the server of the bank's network. And from
that, he was able to find the front end web server for the online banking. and he configured the online banking site so that anyone who logged in, their username and
password would be stored in a log file so that he could see it. But on top of that, he was also
logging two-factor authentication codes that people were entering. This is incredible. Well, he's only
trying to get access to a single user account. He's basically accessed all the bank users who
logged in during that window while he was watching. I just can't believe this guy. I suppose the question is, why are you surprised,
Jack? You talk to people for years and you know the pen tests that are out there that people can
talk about. It's fucking normal. You do know, but you would not believe how shit banks are
locally and internationally.
Like the shit security that they have out there that it's just, you know,
if there was more bad people in the world, there'd be more banks getting done.
Well, I guess maybe that's why I'm surprised is because the hackers of the world
is the immune system for all these banks, right?
And so, well, you got a shit security bank.
Okay, well, there's a million hackers out there that are going to fix that for you real quick.
Yeah, exactly right. And the thing is, Jack, you there's a million hackers out there that are going to fix that for you real quick. Yeah, exactly right.
And the thing is, Jack, you might have a million hackers.
800,000 of those are just
new to the industry, the
zero to five. And if you then look
at the bell curve of people who
go into banks, there's
I'll just say 1,000 for argument's sake,
but it's a smaller number
that you need to protect against.
But, Jack, I've seen some banks that when I've gone in
and I've gone into AD and have a look at, you know, Joe Smith
and it has the description of where they work
and what they put in the description was the user's password.
So, you know, password 1 or password 2,000 in clear text
in the descriptive field of the LDAP field
because when someone rang up and said,
oh, I forgot my password, they would just read out the description field from the LDAP.
And I couldn't fucking believe it.
So they would have everyone's password on the list
and just read off it and anyone knows anything about LDAP,
you can just query that.
But that's the shit that we see as a pen tester and as a black hat.
Well, we've done banks, Jack,
where we've seen other hackers in the bank itself.
Like it's just
fucking hackers
right beside us.
Wait,
then you're like,
hey,
I recognize you.
I've seen you at DevCon.
Exactly right.
And the beauty
of stuff like that
is you work
around each other.
No one wants
to lose access.
This is like
that Beastie Boys
video,
Paul Revere,
you know,
that song
where they're just
hanging out at the bar
and then suddenly
the one guy's like, I'm going to rob this place.
You want you in?
Yeah, I'm in.
Let's do it.
Exactly.
And you don't know why they're there.
You don't know if it's government, you know, if it's other hackers or whatever it is.
You just work around each other.
The beauty is if you do find tools that they're using, you take a copy of those tools because
we can then use those tools to plant on another target's site so they get the blame for it, not us. So, you know, you look at the
techniques that they're using, whether, you know, today we use APT groups, stuff like signatures,
you'll create those signatures and you'll plant them somewhere else. So, you might, you know,
compromise a target, you know, format the disk. Before you format the disk, throw the tools on,
format it, and then all of a sudden, you know,
some Deloitte guy runs
in case and goes, oh, I can see
the deleted toolkit must be this group.
And then they get the blame for it.
Oh my gosh, did you hear that?
If Chris really wants to hide his tracks, he'll
plant evidence on servers, which makes it
look like some nation state hackers
were there, which throws off investigators
who are on his trail.
And he only knows what tools that some of these other hackers use
because in the past,
he's spotted them on the same servers
that he's hacked into and watch what they've done.
Okay, so you got to the web page,
you were able to see this target,
Bob's username, password,
two-factor authentication code.
And were you able to log in and transfer his money out with this?
No, because when you did a transfer,
it then asks for your two-factor authentication code again.
Now, the problem we had is fucking Bob's in jail at this stage,
so he doesn't have access to his texts.
Oh, right. How's he going to do online banking from jail?
They managed to get his username and password
and were able to log into his account before he went to jail.
But there's this problem with the 2FA code now.
So when you go to wire the money out,
it asks you for another two-factor authentication.
Correct. This bank did, yes.
And you didn't have a way to get that second one.
No, because we had the session live,
so we kept that session live so it
wouldn't log us out when we got access before
we went to jail. But when it then asked
for another transfer, it did like, oh, you need another
code to do that transfer. So we couldn't move that
money out.
You're insane. Okay.
So plan A failed.
How do you do it?
Yeah, so plan A failed,
and I don't want to sound like a glass is half full,
but it was enough to prove that the money was all, not the whole money,
but a good proportion of the money was still there.
Bob obviously had some expenses.
So at this stage, remember, we'd already compromised the bank itself.
So it was just essentially going in as essentially as a teller.
When you're a bank teller, you're God.
You can do whatever the fuck you want.
And if a bank teller doesn't have the rights,
you can be treasurer.
You already own the bank,
you can move up horizontally, vertically
to get the guy's access to move the money.
Huh, interesting.
If he can pose as a bank teller,
get the access they have,
they have the power to conduct any transfer they want.
And keep in mind,
Chris spent 10 years working in the banking sector,
so he knows exactly how banks operate.
Well, step one, comb through the directory of employees.
Find which ones are the tellers.
Then find which ones have remote access to the bank,
where they can do like work from home stuff,
maybe like phone support or something.
Then grab their username and hash and crack the hash.
And now you can log in as that teller and move money around,
which is exactly what he did.
As a teller, he transferred Bob's money out into another account.
So remember we talked about 2.75 and I was fumbling over the 2.75 and 2.5?
Essentially, we recovered the 2.5, but the original was 2.75.
$2.5 million were taken from that guy's account
while he was in jail.
Crazy.
This is a black hat bank robbery type stuff.
Now I'm starting to put it all together
on what he means when he says he doesn't care
if he does illegal black hat type hacking.
He's like a mercenary hacker for hire, you know?
And maybe that makes him gray hat,
where yes, it's illegal,
but he's helping someone fight a bad guy?
But what I don't get is why the bank didn't raise alarm bells from all this.
Like if $2.5 million got transferred out of the bank in a very suspicious manner, you'd think they'd launch a full-on investigation.
Like bring in the teller who did this transfer and ask them a bunch of questions and look through the security logs for any unusual activity, and if they notice all the usernames and passwords are being stored in the logs,
then that's a data breach that should be disclosed to their customers
and maybe impact their share price or something.
Yeah, so you raise good points.
In my world, there's people to make transfers disappear.
So in my world, I've got bank accounts that I can use
that can be scrubbed on the other end in the SWIFT network to say that that didn't exist
and then it goes through a laundry process where that money's cleaned
over a nine-month period so that money gets returned.
So the answer to your question is in Bob's case, no one gave a shit.
Bob had money in his account and money was returned.
So there is no victim.
Does that make sense?
Like Bob stole the money, money got returned.
There's no one who injured the bank.
Where's my money?
Since nobody complained the money was stolen, then maybe nobody ever investigated this.
Which means they don't have to hide the money trail either.
Like he was preparing to wire the money to a bank where he can launder it and have it come out clean.
But since this money rightfully belonged to the client, they didn't think he needed to go through
all the hassle of cleaning the money.
No, in this case, we didn't need to.
It was just transferred back to the investment firm.
So it was just like from Bob to investment firm
has been returned, has been misallocated,
misappropriated and has been returned.
How wild.
Somehow this all slipped past the bank.
I mean, perhaps later they saw this,
but never came public about it or reversed
the transfer. And maybe it was because Bob was in jail and never complained about it. Or maybe
they wanted to avoid embarrassment of being hacked. Or maybe it was because they saw where
the money went and it was to a very influential person who they didn't want to disturb or ask
questions about. Or maybe they did ask that person questions and that person simply said, yeah,
the money was stolen by Bob, who's now in jail jail and here's the police report. Thank you so much for reversing the charge.
This whole thing's just got my brain up in knots.
This method here,
we could have created a fake teller
and then just done a copy user
and then replace
and then just done the transfer that way.
But we knew we didn't have to.
The fact that the customer
just wanted their money returned
to their bank account,
not a washing station like a laundromat,
then it was just, it gives a shit.
We don't have to delete the user,
we don't have to delete the transaction.
I guess what I'm wondering also is like,
if this is going back to the appropriate person,
then why can't, I mean, the person,
your client is a very influential person in the region.
Why can't they just go to the bank and be like,
listen, I found the guy who stole this money.
We need to reverse the charge.
Just do this.
This is a legitimate reverse.
That's a great question.
All I can tell you is what we were told.
We were told they feared that that money was going to be used,
if the money was there, which it was,
the money was going to be used in a court process,
like it was going to be a string out
two to three year court trial,
and they were going to use those funds.
So the time that they got that money back,
they wouldn't have, you know,
the bank said, you know, you need a court order.
Can you prove it? Blah, blah.
They were worried about that.
Now, whether they could have just,
you know, overridden that, I don't know.
But in their head, that's what they were worried about.
So keep in mind who we're dealing with here.
This guy we're calling Bob has the guts to steal money from an investment firm
owned by a super rich guy.
Even though Bob got caught, he's still pretty smart.
So he's probably got a plan for when all this goes wrong.
So it's important for Chris to keep eyes on him as he goes to jail
so he watches who Bob is messaging and what's he up to.
Look, he's a kind of guy that I actually have respect for this guy
because he's pretty cunning.
And because I've been reading his emails,
I knew him so well inside and out.
You know what it's like when you're reading,
or maybe you know Jack,
but when you read someone's emails,
you have a relationship with them where they don't know it,
but you actually know them inside and out.
So Bob's quite crafty, but Bob used the I am ill card
and he worked with his doctor to get a bail hearing
that he could get out on bail while this case was going forward.
So he was essentially in jail for a week
and then the doctors wrote, you know, my client is sick note,
which we could verify because we talked about level two and level three.
We had access to his doctor.
So we got to see what was going on,
that he used his doctor to get out of jail after two weeks in jail.
What happened is we were reading some of the emails
when he was in jail, obviously, and then outside of jail,
and his language changed. He almost like he was putting it on you know like when you're an actor you act and
when you're not actor you look like an idiot and bob was essentially looked like he was acting in
his emails and i said to the customer uh this is not normal emails that he's sending out this
like he was going on fishing trips he was planning a fishing trip and you know they kind of never
been fishing you know it was these all these sort of And, you know, the cunt had never been fishing.
You know what I mean?
It was all these sort of, I'm going to be here at this time.
And it was too much information that the thing, I think, you know, he's on.
He knows that you're, we're reading his emails and he's putting it on.
And I said, look, this guy's a flight risk.
And they essentially went, no, no, no, he's fine.
We've got his passport and blah, blah, blah.
So because Chris had such a deep level of visibility into Bob,
he watched him closely to see where he was going.
Bob didn't actually go fishing.
He was smuggled across the border in a bloody burqa.
And we tracked his headers of his IP saying,
look, the guy's not even in the fucking country anymore.
You guys think he's there.
He's not.
He's in Amman.
So, you know, all this shit talk about, we've got your passport. He's not even in the fucking country anymore. You guys think he's there. He's not. He's in Amman. So, you know, all this shit talk about we've got your passport,
he's not going anywhere, and he actually escaped the system
on a second passport.
Because this was in real time over maybe a 12-hour period,
I'll say 24-hour period, essentially the guy was moving fast,
you know, car, he was in a car.
We later found out that he was in a boot and then he went
into the backseat with a burr car and then he hopped a border and then he had another passport
and then he used that. But because we had the IP headers, we could see where he actually was.
Like he was, I'm not saying he's stupid because a lot of people don't, in that world, don't
understand IP headers. You were in his phone? No, he was sending emails out from his device.
Okay.
I will make that clear.
Normally, we do get into phones, but this case wasn't a phone.
It was just email headers, not IP.
Don't get me wrong.
Not normally talk about this, but sometimes we'll send a ping packet.
So you get the odd SMS and, you know, Jack, you get an SMS
and you'll click on it, you know, your UPS mail is late.
You'll click on it and go, oh, it's just some fucking scam.
It's asking for my username and password.
But what it does is just tracks your location from your phone.
We used that a couple of times on this project,
but it wasn't a tool that was needed.
Does that make sense?
We had enough from the IP headers that we didn't need a GPS location.
Once Bob left the country,
there was nothing Chris's client could really do about it.
So they said, thanks for letting us know.
I guess that's it then.
Here's your final payment.
That's the end of the engagement.
Weird question.
Have you ever killed anybody?
Only virtually.
Yeah, virtually.
The answer is going to be no on this podcast, Jack.
Have I birthed anybody?
That's another story.
You have many kids.
I have many kids.
I have many kids.
See, the thing that put Chris Rock on my radar
is a talk he gave at DEF CON in 2015 titled, I Will Kill You.
And in this talk, he explains exactly how to use hacking to kill someone.
Part of my career as a pen tester, mercenary, scene founder, is research.
And one of my first DEF CON talks was I was watching the news in Australia
and one of the news report was a hospital accidentally sent
out 200 death notices instead of 200 discharge notices.
And I went, what the fuck?
How is that even possible?
And then that led me down the rabbit hole of researching
the death industry, the medical component
and the funeral director component on how the system has moved online and the flaws that involves where you could
actually physically create a real person, like a fake person, and how you could kill
them.
Okay.
So walk us through this step by step, how to kill someone.
Yeah.
So in America, actually, it's very similar around the world, but in the US, they used
to have a paper-based system where the funeral director would fill out half form
on how the person died or where the person died,
like where they're buried and all that sort of stuff,
next of kin, and the doctor would fill out the first part
of the form, which is the cause of death and, you know,
those sort of details, name of the victim
and then how they died.
That one piece of paper would go into essentially
the birth, death and marriage system and then
that person would be declared dead.
What's happened now is that's moved online.
So essentially, when somebody dies, the process is the doctor will log on to a US system called
EDRS, log on with their username and password, and actually put in what caused that person
to die, a pulmonary embolism or whatever, a heart failure, that sort of stuff.
And then that information would then pass to the funeral director.
A funeral director would complete their part, again,
username and password to log in, and that would form essentially
the death certificate in the EDRS system.
Now, the flaw in the system is both the medical
and the funeral director component is essentially if you want
to be registered to declare people dead, you
essentially put in your license number, your medical license number, and your office address.
Now, if anyone's looked up a doctor before to see if they're a real doctor, all this shit's online.
There's databases all around the world to say whether your doctor's a licensed practice,
their registration number, and their office number. So you could register yourself as a doctor,
and then you could then,
you could actually kill somebody off, the first part.
And again, with the funeral director component,
it's pretty much the same as a doctor where you can declare yourself
a funeral director and form the second part of that form
and to kill somebody off and get essentially a death certificate.
And why would you want to kill someone?
Well, there's multiple reasons why you want to kill someone.
First of all, you know, if you
want to kill your parents, for example, like
you're waiting for their will
but they're not giving you the money, you could actually kill them off.
You could kill
your boss, you know, your boss was being an
arsehole, you could kill him just to, you know, fuck
with them. Or if you're under investigation,
say, you know, you've got, you know,
prosecution and judge and all that
sort of stuff, you could actually kill them off to make their life more difficult.
Oh my gosh.
You're ridiculous.
And so you're saying this flaw in the death system can also be done in the birth system?
Yes.
So it's exactly the same.
Well, it's a different system, but exactly the same as ERS for death.
And you need two
parties. So you need the doctor or midwife, and you need the parents, the name of the
child, the weight of the child and stuff like that. So the two parts would then make the
birth certificate, very similar to the funeral director and the doctor making the death certificate.
And if you have a home birth, you may not even have a midwife. So it's something you actually done by the parents. And so once you have an online system, you have a birth
certificate, that person's then born. So in theory, you can create fake children. And then
when they hit a certain age, you could kill them off and get their life insurance and build up
their credit and all that sort of stuff. You double it to both of the things.
Well, I really like this idea of making a fake persona
to use as a second identity in case I've embezzled some money
from a Middle Eastern millionaire and I need to leave the country.
Exactly, Jack.
And you think, and why have one when you can have a hundred?
So you can have a hundred fake people that have different credit.
And so if you screw up your life and you go to jail
and you have to come out and you go get another job or whatever,
you have another clean identity, like another virtual ID.
And it's real.
Like it's not like someone entered it in the back end.
It's actually a registered person that you can have.
I suggest you keep yourself looking young because you might create
someone who's zero.
But there's little flaws in the system as well.
And I may have mentioned that they don't want people going through life
without being recorded.
So you have up to the age of five to get yourself registered.
So if you have – you can take five years off your virtual person
by registering them five years after they're born because they want
to capture people as they go into the school system
and they don't want to be prevented from going to school or getting driver's license or stuff
like that.
So you don't have to register a baby at zero.
You can register them at five as well.
You know, when I saw you do this talk at DEF CON, I was so surprised that the governments
haven't knocked on your door and said, hey, would you shut up about this?
You can't just go killing people and making babies that are not real. You're teaching people to do bad things.
Yeah, so the government haven't done shit even since my talk. Now, my talk was done nine years
ago, Jack, so those same flaws exist today. Nothing's changed. If you're intrigued to know
more about how to kill someone like a hacker, go to YouTube and type in Chris Rock DEF CON. He actually has given three talks at DEF CON and they're all phenomenal. In the second talk,
he explains how to overthrow a government. And I have a sneaking suspicion that he's actually done
it or was very much involved with overthrowing a government in the past. Let me know if you liked
him and you want me to have him back on and tell that story. And his other talk is about how to
bypass radio jammers in case someone is trying
to jam your cell phone, and he'll show you how to get through it anyway.
A big thanks to Chris Rock for coming on the show and giving us a good story.
Come join our Discord. You can talk to a lot of people who are fans of the show, but it's also my favorite place to hang out.
You can find us at discord.gg
slash darknetdiaries.
And on November 19th,
we're going to be doing a t-shirt giveaway
so you can win some cool Darknet Diaries swag.
So come on over to Discord.
This episode was created by me, the script
kiddie it, Jack Recider.
Our editor is the captain backspace, Tristan
Ledger. Mixing done by Proximity Sound.
And our intro music is by the mysterious Breakmaster Cylinder.
Hey Siri, why am I so bad at women?
My name is Alexa.
Damn it.
This is Darknet Diaries.