Darknet Diaries - 62: Cam
Episode Date: March 31, 2020Cam’s story is both a cautionary tale and inspirational at the same time. He’s been both an attacker and defender. And not the legal kind of attacker. He has caused half a million dollars... in damages with his attacks. Attacks that arose from a feeling of seeing injustices in the world. Listen to his story.SponsorsThis episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2020 to get a $20 credit on your next project.Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up.Sources BBC: The teenage hackers who’ve been given a second chance https://www.bbc.com/news/av/technology-40655656/uk-s-first-boot-camp-hopes-to-reform-teenage-hackers https://www.ncsc.gov.uk/ https://www.csa.limited/ https://www.tripwire.com/state-of-security/latest-security-news/teenager-who-ddosed-governments-seaworld-receives-no-jail-time/ https://www.ncsc.gov.uk/section/education-skills/11-19-year-olds
Transcript
Discussion (0)
You ever see something on TV or in the news and it just really gets under your skin?
Like something that really upsets you and you can't just sit there and do nothing about it
now that you know that it's going on.
So you get up to do something.
But what do you do?
You could make a call to complain to someone.
You could write a letter to complain or even go there in person to complain.
And maybe a lot of other people are mad too.
So there might be a protest outside and everyone's shouting. This is a story about a guy who got
really worked up over something he read about and decided to take matters into his own hands.
These are true stories from the dark side of the internet.
I'm Jack Recider.
This is Dark by Delete Me.
I know a bit too much about how scam callers work. They'll use anything they can find about you online to try to get at your money.
And our personal information is all over the place online.
Phone numbers, addresses, family members, where you work, what kind of car you drive, it's endless.
And it's not a fair fight.
But I realized I don't need to be fighting this alone anymore.
Now I use the help of Delete.me.
Delete.me is a subscription service
that finds and removes personal information
from hundreds of data brokers' websites
and continuously works to keep it off.
Data brokers hate them because Delete.me
makes sure your personal profile is no longer theirs to sell.
I tried it and they immediately got busy scouring the internet for my name and gave me reports on what they found.
And then they got busy deleting things.
It was great to have someone on my team when it comes to my privacy.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for Darknet Diaries listeners. Today, get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code darknet
at checkout. The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries and
enter code darknet at checkout. That's joindeleteme., Darknet Diaries, and use code Darknet.
Support for this show comes from Black Hills Information Security.
This is a company that does penetration testing, incident response, and active monitoring to help keep businesses secure.
I know a few people who work over there, and I can vouch they do very good work.
If you want to improve the security of your organization, give them a call.
I'm sure they can help.
But the founder of the company, John Strand, is a teacher.
And he's made it a mission to make Black Hills Information Security world-class in security training.
You can learn things like penetration testing, securing the cloud, breaching the cloud, digital forensics, and so much more.
But get this, the whole thing is pay what you can.
Black Hills believes that great intro security classes do not need to be expensive,
and they are trying to break down barriers to get more people into the security field.
And if you decide to pay over $195, you get six months access to the MetaCTF Cyber Range,
which is great for practicing your skills and showing them off to potential employers. Head on over to BlackHillsInfosec.com to learn more about what services they offer and
find links to their webcasts to get some world-class training. That's BlackHillsInfosec.com.
BlackHillsInfosec.com.
The story is about a young man named Cameron, or Cam for short.
My name is Cam and I live in Gloucester in the United Kingdom.
But Cam grew up in the picturesque area of Cornwall in England.
It's in the bottom left corner of England, sort of like the toe of the country.
I'm sure you've seen pictures of Cornwall.
It's a quiet area, lots of farms all about. There's some beautiful cliffs there and fishing boats that come in and out of the port. It's an extraordinarily beautiful part of England.
Oh, and I just learned there's a massive GCHQ satellite dish installation in Cornwall.
It's there to collect signals intelligence and to do mass eavesdropping it's called gchq viewed if you
want to look it up but that's totally unrelated to the story now when cam was 14 he got a ps3 a
playstation and he loved playing video games on it things like modern warfare call of duty or cod
for short and lots of other online first person shooters and i ended up to the point where i was
like trying to be competitive and obviously when you're 14 you're usually not as good as all the adults that play.
And I'd get frustrated with being beaten, so I'd try and find cheats and then glitches, and try to get better.
And then I'd see people cheating and glitching against me, and then I'd be frustrated with that, so then I'd take it to the next level again and try and compete with them. He made a few people upset as he played Modern Warfare,
either from winning or talking trash or using cheats.
And some people got mad at him for this and said,
hey, stop, or I'll knock you offline.
And Cam's like, yeah, whatever, and just kept playing.
But lo and behold, he did get kicked off the game.
But not only that, the internet was down for his whole house.
Huh.
14-year-old Cam was intrigued by this.
I was kind of, like, perplexed as to how someone had booted me offline
or disconnected me from the internet, like, from their side.
When you've already been downloading cheats to play your favorite game,
it's not far of a stretch to take it to the next
level and learn how to boot someone
right off the internet entirely.
And Cam had researched
some options and was ready for revenge.
I learned to the point where I'd try and
get them back, so it started with like
you know, like Loic. Ah
yes, good old Loic. Loic
stands for Low Orbit Ion
Cannon.
It's an application you put on your computer,
and it has the capability to send millions of packets to whatever IP address you want to send it to,
which can flood that user's internet connection so bad
that they can't get to anything online.
Kind of like causing a massive traffic jam right in someone's driveway
so they can't, like, pull out or go anywhere.
This is called a denial-of attack or DOS. Because you're jamming up someone's internet so
bad they don't get service. Cam loaded up Loic and was ready to fire at an IP to knock it offline.
But there's one big problem. How do you find the IP of a certain player in the game?
This is quite a challenge, because without the IP, Loic just won't do anything.
The game itself does not show you the IP address of your opponents, specifically for this reason,
to keep them safe from DOS attacks and from people wanting to know more about you.
So Cam devised a plan.
His plan was to send his victim a link to a website that he had control over.
So from there, he could then capture his victim's IP address,
which he could then put into Loic, and fire away.
But still, how do you get your in-game opponent to click your link? I think it was basically like a bit.ly link.
Then you send it a caption like, I caught you doing this or whatever,
or something to make them click on the link.
Ah, pretty clever.
By telling his opponent that he caught him doing something
and to click this link to see what it was,
that was enough to get them to click it.
And once they did, they'd see their IP address,
visited his website, and he'd copy and paste that IP into Loic,
and boom. You put IP into Loic, and boom.
You put it in Loic, and then if you hit their IP address,
you just put it in and just hit Loic.
And then you type in port 53.
Obviously, if you hit DNS, that's probably the best way to go about it.
You can knock them offline or do it less so you can make them lag.
With these online shooter games when two
opponents see each other it's kind of like a game of who can draw their weapon fastest and have
better aim and since cam could slow down the opponent's internet connection they might not
see cam for just a half a second after cam saw them which is called lagging in an online game
and this would be enough just for cam to outdraw them and kill them.
Well, yeah, because it makes them stand still on my screen.
They disconnect from the server, the video game server.
And then I could kill them.
They think they're shooting me.
And then they come back and they're not lagging anymore and they're dead.
He says that a few times he would talk trash in the game,
people would message him, he'd keep talking trash,
and then they'd take it to a one-versus-one match,
and that's when he'd hit them with the cannon
and make them lag or disconnect,
which might not sound like a big deal, but let me tell you,
if you're in the middle of a heated argument
with some 14-year-old kid online,
and you decide to battle him one-on-one
just to show him how bad he is,
and you lag exactly five seconds into the game starting,
only to come back and see that you're dead on the screen,
it would make you furious.
You'd say, go again, and the game would start again,
and just at the worst possible time,
you would lag again and die,
and you'd say, go again, and again, you would lag again and die. And you'd say, go again.
And again, you would lag and die and just get increasingly upset.
And to the point you might just punch your own keyboard and scream.
And all that would just be really funny to Cam.
I mean, overall, on the video game side of things, you've not beaten them.
Because that's kind of like you admitting that they're better than you.
But on the grand scale of everything that went on, you've kind of trumped them.
That's kind of where I got the satisfaction from.
So it's like, you may be better than me at the video game,
but I've just completely trumped you, so therefore I win, sort of thing.
This was cool, but it still required people to click that link to get their IP,
and not everyone would click it.
So he thought up ways to improve this.
He figured out when players compete against each other on some PS3 games,
they directly connected to each other's PS3s
and didn't go through some central server or something.
And this is known as peer-to-peer connections.
Yeah, a lot of them were like P2P on PS3,
and like the fact like the old generation
consoles. So, knowing this, he
realized that all his opponent's IP addresses
were actually routing through the network
in his house, which meant if
he could look at what IPs were
connecting to his PS3, he might
be able to figure out whose IP was
whose. So he unplugs his
PS3, plugs it into a computer
to be in line of the PS3, which could
then sniff all the traffic that was going through it, and then he'd watch all the IP addresses
connecting to his PS3 in the game. And in these games he would play, some people would be able
to do voice chat and talk with each other. So he would do clever things like mute everyone,
except the one person he wanted to know their IP.
If you mute everyone else but one person, there's a significantly more amount of traffic coming from one person
than your targeted IP address because of their mic's on.
Clever kid, huh?
Because with this, he could start matching in-game names to the IP addresses
since that person talking simply had more traffic coming over it than any other IPs.
And then you could just pick them up right that way. Do the same thing with Loic.
Now when you're a 14 year old kid doing this kind of stuff, your friends think it's funny.
And when you're just learning from things like YouTube tutorials and stuff,
there's not always a warning telling you not to do it. It just seems normal.
But it was just totally okay to be doing everything I was doing. There was no doubt in my mind that it was illegal or anything like that this time.
Well, have we gotten into anything illegal yet?
Well, beating people offline is illegal.
Okay.
How so?
Well, because you're disconnecting them.
If you're DOSing them, DOS is illegal under the misused computer zone.
Cam spent a lot of time playing PlayStation.
And there was this one kid, though.
He was a few years older than Cam.
They actually went to the same school in Cornwall.
And for some reason, he didn't like Cam.
He would give Cam a lot of
trouble in the game. Getting angry with Cam about being jealous that a mutual friend was playing
with Cam, but not him. Cam didn't like this attitude he was getting from this kid.
So I beat him offline. His mum called my friend's mum, who then called my mum. And that's when I
realised, oh god, this is is more serious than I realised.
I kind of just thought it was a bit pathetic.
I mean, I didn't realise it was serious.
I didn't think of anything other than the kid
not being able to play Xbox for three minutes or whatever.
But obviously there's wider factors considered,
like they're paying for that and all that sort of thing.
So I had a whole speech from my mom about why i shouldn't do it but my mom my mother didn't really
understand it so she kind of just said like don't do it um whatever it is you're doing sort of thing
because my mom doesn't really deal with computers or anything similar okay so so did you take
warning here or did you keep doing it?
Yeah, no, I didn't take warning from it.
Just because my mom was kind of like,
she kind of took it as though I was just beating him on the video game.
So Cam kept at it, refining his methods and strategies
to boot people offline in a more effective way.
But think about where someone like him might hang out online at this point. at it, refining his methods and strategies to boot people offline in a more effective way.
But think about where someone like him might hang out online at this point. Hacker forums,
chat rooms, gaming forums, or other places that might talk about hacking. I mean, the kid is inquisitive and he wants to know more about how all this stuff works. He's thirsty to learn more
and he starts meeting other hackers online and make some friends with them. And in one of these
chat rooms, a hacker friend gave Cam a stressor.
I was given like a free stressor by someone I knew that did part of the Operation Phone Kill.
They gave it to me and they were just like, yeah, like have fun with it.
Because I basically said that I could never afford it.
Okay, so what's a stressor?
Up until this point, Cam has been doing all these DOS attacks using Loic, right?
Well, like he was saying, this is illegal.
So not everyone wants to run a denial of service attack from their own house.
And yeah, sure, he could run it through a VPN or something.
But hey, Cam doesn't want to bog down his own network, right?
I mean, if he were to attack some other people, he might lag himself, which is not what he wants to do. So sending a huge amount of packets to someone else online just to make
them lag isn't exactly the best idea. So this is where a stressor solves that problem. A stressor
is simply DDoS as a service. So someone sets up a botnet or a bunch of servers capable of sending
gigs and gigs of data to an IP address.
It generates even more traffic than the low orbit ion cannon that Cam was using. And you pay someone
to use this service. You just go there, put in an IP address, hit go, and whoever's IP that belongs
to is now facing tons and tons of incoming traffic, which will probably knock them offline.
People call these things stressors to try to
market it as some stress testing tool to test if your site can handle a denial of service attack.
But really, these things are just weapons and they're used to attack victims. So this guy lets
Cam use his stressor for free. He basically started sharing stuff on Twitter. And as I
mentioned, he was involved in Operation Fun Kill, which is part of like
Anonymous Operation. And it has to do with SeaWorld and like these zoos.
Greetings citizens of the world. We are Anonymous.
Greedy corporations are destroying nature and the corruption of government to allow it.
99% of this is happening for one reason only. Money.
There is no excuse for animal abuse, and now the animals will fight back.
This power will stand for animal rights, and as long these rights are disrespected, we will be here, ripping through your servers, hacking, leaking, deleting and defacing as we go, spreading our message without mercy or restraint. We are anonymous. We are Legion. We do not forgive. We do not forget.
Abusers, expect us.
And it was just like the whales being slaughtered in the ocean
and the whales dying at SeaWorld and the blood in the water.
And I remember this, this is honestly the truth.
I remember I felt so sick.
I just felt that's awful.
But it wasn't an immediate thought, yeah, I've got to do this then.
But it's more of like, I wonder what I can do.
Try to sign petitions because
another thing I got from my mum is kind of like
an animal rights sort of
thing and they're not able to
defend themselves. So it was
quite a big impact on me and then
he says you can join in
by DDoSing them
offline using the tracer.
DDoSing SeaWorld in California?
Yeah, SeaWorld just sends me this entire attack list
that they're all going for.
And it's just like, yeah, just see what you can do.
Just start pressing buttons.
Now keep in mind, this was happening in 2014,
and this was just after the documentary Blackfish came out.
This was a film which exposed the cruel practices that SeaWorld and other wild animal parks were doing.
I've been expecting somebody to be killed by a tilikum.
We weren't told much about it, other than it was trainer error.
It didn't just happen. It's not a singular event. You have to go back to understand this.
It had a huge impact on many people.
As it turns out, it also affected Cam.
And so here he was, upset that this was going on.
And in his hands was essentially a cannon,
which he could use to attack SeaWorld or other places conducting this bad behavior.
We stored these whales in what we call a module,
which was 20 feet across and 30 feet deep, and the lights were all turned out.
Probably led to what I think is a psychosis.
All whales in captivity are all psychologically traumatized.
It's not just telecom.
It all built up for him.
He decided to take action and start pushing buttons.
He would access the stressor, put in an IP of one of the animal parks,
and start hitting it hard with a denial-of-service attack.
He was knocking websites offline with a few simple clicks of a button,
which had a real-life impact on these parks.
But once I started getting good at it, yeah, it was definitely like, I was getting egged
on by them too. It was like the one man, he lost tank and all that, like sort of nicknames.
So they just sent me what they wanted to hit offline. I'd do it. And it would be offline.
So it's because I had one stressor.
And then I'd like barter with someone.
And then eventually coerce them to give me their stressor as well.
So I'd eventually just go around from one stressor to the next stressor.
And then because I have this power of two stressors,
get the third stressor and then just move forward like that
until I had like 10 accounts on different stressors.
Keep in mind, these stressors cost like a monthly fee or something to use them.
Cam didn't have the money.
He's 14 years old.
And that's why he traded with these people to get access to more of them for free.
So he would be able to keep the heat up by hammering on these places that were mistreating their animals.
And this would result in websites going down.
Oh, it's definitely great.
It's great.
It's like, you feel like the omnipotent god or something.
It's like, yeah, I've done that.
That's the result of my actions.
And after he would knock a target offline,
he'd watch to see what they'd do after.
They didn't directly do anything
such as change their ways
or try to improve their animals' health or anything
to try and get people to stop it.
It was more like a...
Yeah, we'll get Akamai CDN involved
and that'll stop this and stuff like that. Akamai CDN is a that will stop this and stuff like that.
Akamai CDN is a company that is a content distribution network.
By signing up for a CDN, it makes your website significantly more resilient and it's kind of shielded and has bigger bandwidth.
So it's harder to take down.
But this didn't slow down Cam.
With 10 stressors at his ready, he could still make a pretty significant impact on some of these sites.
And again, what he was really upset with were how these places were mistreating their animals.
He didn't believe animals should be mistreated this way. And this was the main reason he was
doing all this hacking. Yeah. So yeah, but like I say, it started out being like that and it still,
it still was towards the end, but it was also like a good thing for me because like I say,
like it gives you like a buzz and you end up being egged on and then you get like support and you gain a following
and i gained a following of about 27 000 on twitter i believe um on my twitter accounts and then
do your your own twitter account got 27 000000 followers? Yeah, they got 27,000 followers when I was 14.
And how did you get so many followers there?
Like I say, it was just these vegan, vegetarian communities
and also anonymous people who followed me and supported what I was doing.
So you were publicly saying on your Twitter account,
like, look, I'm taking down this website
and then you were tweeting a lot about it.
Is that what was going on?
Yeah, that was my main weakness.
I was just straight up on my Twitter page
just saying I was doing it.
And I'd post all that hashtag tango down stuff.
Were you nervous when you were hitting the attack key?
No, I wasn't.
No, I was never nervous about it at all.
Was there a hesitation at all
no not even once okay now you've taken it down and you're on twitter is there any sort of
hesitation or nervousness about publicly tweeting it nope not at all it was so what was this i mean
it was like a sense of pride then or something? Yeah, it was definitely more a pride thing.
Especially with SeaWorld and the other targets I was talking about.
It was definitely more of a pride thing.
It was a nervous thing.
Yeah, I mean, I'm trying to balance this with the real world again, right?
So after doing, I don't know if this is a night of like attacks or something
now you have to go back to school at 14 what is class like for a person who's like 37 000
followers on twitter hacking sea world at night and then in the morning going to maths class
um yeah that was actually quite funny to be fair so i remember sitting in like classes and we'd be
like this is how bad it got i'll be sat in class i'm with my friends i'd be like teacher would say
all right we're using this site today as a quiz website for example they'd be like yeah everyone
go to this website we'll do a quiz i'll sit back my friends and then i'll be like guys watch this
and i'd like go on my phone and then i I'd remote into my server, and then I'd launch an attack
against this website for no reason at all. So then I'd
go down, the teacher would stand there all awkwardly and be like,
oh, this website's gone down, so we can't do that today.
And I'd immediately stop it, and then it would come back up, and then
yeah, it'd be quite funny in that sense oh man yeah i see yeah this can't have a good ending
um so let's back up a second you said the word activist did you feel like an activist when you
were doing things for animal for the animal rights yeah definitely yeah because i've never seen like the photos like honestly um i shouldn't have seen the photos i saw on what they were doing
at 14 it was it was gruesome um honestly that was that was what it was and it's even at that time
it still was but like i say about being a power hungry there was still mostly attacks i was doing
was based on activism and trying to do everything I could to help,
to be honest.
And obviously a 14-year-old going to California
to stand there and protest on my sign,
nobody's going to listen to me
standing there shouting about
how bad they're treating animals.
So I guess they'd listen to me more
if I was doing something to affect them.
Kim kept getting new IPs as targets to attack with his stressors,
and he kept taking down sites.
He flat out attacked anything he could in the Japanese town of Taiji,
where an annual dolphin hunt takes place.
And he hit Iraq's Ministry of Foreign Affairs
and the Department of Agriculture in Thailand,
China's security ministry, and a few zoos.
But SeaWorld is where he spent a lot of time trying to cause as much damage as he could.
He continued to DDoS SeaWorld over and over. incident responders to deal with this. The website will back up so you can book your staff and all this.
And, right, so I saw
them post and say,
yeah, you can't book your staff
and we're really sorry.
And even at that time, I had no
idea it was illegal. Even when
I saw them apologizing to customers
about not being able to book their visits to
SeaWorld and such.
Well, that had to SeaWorld and such.
Well, that had to have a feeling of like you were winning
as an activist, hacker, a hacktivist.
Yeah, it was
an overpowering
feeling of winning rather than any...
That's what overpowered
the feeling of nervousness.
Now, typically,
when he would take down a website, he would only
take it down for like
a half an hour or a couple hours.
Um, it was like SeaWorld and then it became like, I remember it distinctly like a Dutch
zoo.
And I did like SeaWorld.
And then I fell asleep.
Um, and that was that and it was never heard of again.
And then I was like, Jesus, like SeaWorld what I would have missed if it had been done for a very long time.
Yeah, he accidentally forgot to turn the attack off.
He fell asleep and left it running all night.
This was a mistake.
He didn't mean for it to run that long.
This must have caused a big panic at SeaWorld and the Dutch Zoo to have their sight down for so long.
And the stressors kept running for weeks
until Cam finally noticed and turned it off.
But this wouldn't be the last mistake that Cam made.
After the break, we'll hear what happened
with the Cornwall Police.
This episode is sponsored by SpyCloud.
With major breaches and cyber attacks making the news daily,
taking action on your company's exposure is more important than ever.
I recently visited SpyCloud.com to check my darknet exposure
and was surprised by just how much stolen identity data criminals have at their disposal.
From credentials to cookies to PII.
Knowing what's putting you and your organization at risk and what to remediate Thank you. leader in identity threat protection, you're never in the dark about your company's exposure from third-party breaches, successful phishes, or infostealer infections. Get your free Darknet
exposure report at spycloud.com slash darknetdiaries. The website is spycloud.com slash darknetdiaries.
Now, Cam lived in the area of Cornwall in England at the time, which is quite a big county.
But it shares a police department with Devon, the neighboring county.
It's one police department, but looks after multiple areas.
And 14-year-old Cam was not happy with the police in Cornwall.
We'd hang around in like a park.
And they'd be like, well, you're too old to hang around in the park because you're 14.
You need to go somewhere else so we'd go somewhere
else oh you can't stand outside
this shop because people want
to walk in the shop okay we'll go to the field
then you can't stand in this field because
there's houses nearby so they're basically like
moving us I felt like
I felt like at the time they were just moving
us on from everywhere
it was definitely for good reason looking like it
but at the time I just felt like slightly oppressed and moving us on from everywhere. It was definitely for good reason looking like it.
But at the time, I just felt slightly oppressed,
and then I protested against it.
Cam felt like he was being oppressed by the police.
The police chased him out of the children's park or the parking lot for just being too noisy, and he felt frustrated by this.
Combine this with his godlike powers that he felt like he had online i mean there's
27 000 people on twitter cheering him on for some of the attacks he's doing this has got to fuel a
kid to go bigger so he decided to take down the devon and cornwall police department's website
i pinged it right grabbed their ip um lost it i do lost it sorry with like a site. At this point, he's been doing Denalo service attacks for seven or eight months. He's
learned a lot and he's graduated to more advanced techniques. For this one, he had his own dedicated
server doing an NTP amplification attack. NTP is a network time protocol. It's how computers can check the time.
And there are thousands of computers in the world who act like public time keepers. You can ask any
of them, hey, what time is it? And they'll tell you. But it can also be used as a weapon. Suppose
instead of asking what time it is, you ask for the time in every time zone in the world. You send one small request and you get back a huge chunk of data.
Now take that concept, but spoof your IP.
So with that, you can ask the NTP server,
hey, what time is it for every time zone in the world?
And by the way, when you respond, please tell this IP over here instead of me.
And now the NTP server is sending a ton of traffic to your target victim.
If you do this over and over again against thousands of NTP servers around the world,
your victim gets overwhelmed with all these NTP servers telling them what time it is.
Cam had built this system up himself so he could conduct these types of attacks.
And he launched it against the police department in his own town.
But he was hesitant on this and only hit it for a little bit.
No, no, I stopped it for like, I did it for like five minutes
and then it like just stayed down for like 35 minutes.
Even though he stopped his attack, the website stayed down.
It wasn't coming back up.
Something weird was going on.
And then there was like a bit of hesitation.
I was like, oh, damn.
What likely happened was that somebody within the IT team at the police station
just null-routed this incoming traffic,
essentially taking down their own website temporarily,
just so that the rest of it just didn't come back.
So then I thought, oh, my God, if they catch me,
I'm going to have to pay to fix the hardware.
But whatever.
Cam had to go to school or go on to do other things,
so he just left this alone.
He tried to stay low for a little bit.
A few days go by, all seems OK.
And then one day, he's walking to school in the morning,
and a few people start following him on the way to school.
So they're walking behind me in suits,
and they just go, like, Cameron.
And I'm like, turn around, and I'm like, what does he want?
I was just going, yeah.
Cam turns back around, keeps walking towards school,
and away from these guys.
So he said my name again, and I'm like, oh, God.
Like, who's this guy?
And he's like, you're under arrest.
And I was like, wait, what?
And I was like, what?
And there's two more men in suits behind him.
And I'm thinking this is the phone FBI.
I have no idea who they are, because they're not police.
They're not in police uniform.
And then they're like, yeah, don't try and run.
And I turned around, and there's like a net of police officers across the grass um like a good 10 of them with like tasers like vests and one of
the police officers um was about seven and a half feet tall and i was like oh my god like i felt
like i was like so closed in it like it went from my high horse to being so small.
You know what I mean?
My whole feeling just rushed.
The police and men in suits surrounded him and arrested him.
So I got in the car, drove back to my house.
I remember this. is just like really like
imprinted in my mind i knocked on the gate my mom was like she like locked the gate because
the latch wouldn't stay on i've knocked on the gate um i was like who is it i'm like it's me
i've been arrested um just like oh shut up or something like that. And I'm like, no, no, I have actually been arrested.
And then she's like, like, and then she just opened the gate.
Um, and there's me with, like, like I say, with the Trojan horse of police officers around me.
And then the guy comes up to, like, opens this warrant in my mum's face.
He's like, you've got a warrant.
Um, and just walks in.
And then, yeah. The police searched his home, started seizing all his electronics
and asking him questions and filling out paperwork.
They took everything electrical in the house.
Honestly, they raided it.
They took, like, empty CD drives.
They took rewritable CDs, USB sticks, anything that had a USB connection.
They took everything out of my room
apart from the TV
and then they're like, is that a PSP?
And I was just literally like,
oh please don't.
There's nothing on here. And then the lady was like,
let me have a quick look now.
If I don't find anything, then you can keep it.
They let him keep his PlayStation
and while they were looking through his video games,
something strange happened.
And then it ended up being me playing COD
against the arresting detective.
You're playing what?
Call of Duty against the arresting detective.
How did that happen?
He asked me if I wanted to play COD.
What cop comes into your house,
says you have a warrant for your arrest
you're under arrest
you're coming with us
do you want to play video games with me?
like that doesn't happen
good cop bad cop does that
that's what Astrid does
and they were very good at it
and it kind of baffled me
so I was 14
I didn't understand
what this good cop bad cop routine was
but I kind of I sucked the whole thing up
and that was part of their routine, I'm pretty sure.
His mom was in shock from all of this.
His dog was freaking out.
More officers showed up and began doing forensics
on his computer and network,
plugging devices into his computer,
plugging ethernet cables into his router,
asking for his passwords to all his stuff.
And they took all his stuff
and they put him his stuff and they
put him in the police car and took him to the very station that he waged a denial of service attack on
they took most of his things gave him some crocs to wear instead of his shoes and held him at the
police station all day i was just in there all day i was in there from like 8 a.m to about 8 p.m
um like i got put in custody they gave me like a glass of water
but it was the smallest glass of water you've ever seen
it was like a shot glass
and it was like this styrofoam
for the next like 7 hours
that was like my whole drink for 7 hours
at this point he's starting to regret what he did
I regret it all
straight away
it was horrible because basically
my mum was in
absolute tears and I just felt
awful like that was like that's not the worst thing like she was just crying the whole day
I was like I'm so sorry mum and I kept saying I'm so sorry mum and like you just she didn't know
how to handle herself and I was like she was just totally like in shock um there's nothing I can do, obviously.
There's nothing she can do.
I think we both just felt completely powerless.
That was just the worst part of it all.
He got out on bail that night and went back home.
And a few months later, he had to go to court to see what his punishment was.
Yeah, I had a trial.
So I had a trial.
And it was honestly, I think it was genuinely to this day I think it was an unfair
trial. So I admitted
to the DDoS attacks.
The other thing I was accused of in the trial
was the
there were bomb threats made against
Delta Airlines,
American Airlines,
the White House and the FBI.
It was a
very, very complex court case.
They charged me for this right before I went to court.
He tells me he had nothing to do with these bomb threats.
So he had to plead not guilty to the case,
which made the case go on longer.
His lawyer didn't know that much about cybersecurity,
but was trying real hard to study up on it.
Because the more the lawyer could know about computers, the more he might be able to convince the judge that he didn't do the bomb threats.
Cam was pleading guilty to the denial of service attacks against the police station, but kept saying he didn't do the bomb threats.
The evidence they had on him?
Well, his Twitter account tweeted at Delta and American Airlines saying, there's a nice
tick-tock in one of those lovely
Boeing planes. Hurry, gentlemen.
The clock is ticking. High quality.
End quote.
Cam denied sending that tweet. He even denied
that it was his Twitter account.
He tried to explain to his lawyer the technical details
of how all this got erroneously
linked to him, but his lawyer
wasn't tech-savvy enough
to know how to disprove all this.
Well, they charged me as guilty for everything.
They charged me as guilty for literally everything that was...
They charged you guilty for the bomb threats, too?
Yeah, yeah, I got charged for the bomb threats as well.
But luckily, since the FBI classed it as not a risk
and more of, like, a hoax,
it was under, like, civil, like, disruptions rather than, rather than a terrorist thing.
I was so lucky in that department.
But it could have ended up a lot worse.
Now that he's been found guilty for sending in bomb threats to the White House,
U.S. authorities wanted to get involved.
Yeah, the Secret Service and the FBI.
I believe they put in two requests to get me extradited.
And then it was the
court said no.
Basically, don't be ridiculous, he's 40 years old.
And then it went to the
high court, and then the high court said no.
And then I believe in the UK,
the law is, like, you ask the high court
and they say no, that's final.
So then it just stopped there.
But it was, if I was older,
I would have been extradited, I'm sure of it.
And eventually, the UK judge
gave Cam his sentence.
They gave me 120 hours community service.
So I spent
about seven months every Saturday morning,
because I had school as well, so I couldn't ditch out of school.
But I'd spend every Saturday morning
for seven or eight months doing charity shop work,
like doing, like, assistant work
at a charity shop. But on a
brighter note, I did all that.
I got five years of
intensive surveillance
from the NCA.
Cam was not sentenced to any
jail time. His probation allowed
him to use computers, but
like he said, UK's National Crime
Agency would monitor his online behavior. I'm not exactly sure how they do it, but that was part of
his punishment. Now this whole incident scared Cam after that, and because the NCA was watching him,
he just decided to not use computers at all after that, except for school. He had a probation
officer who would check on him to make sure he wasn't getting in any more trouble. This probation officer saw that
Cam was doing well on probation and knew Cam was good at computers. So the probation officer
suggested that Cam go to this computer networking event in Bristol. The police told me to go to it
and I said in my school. So I was like, well, everyone's saying that I'm going to go to it.
But it wasn't just his local police telling him to go.
The NCA, which is UK's National Crime Agency,
actually phoned up Cam and invited him to the event,
which was about three hours away.
I can't remember how many companies,
probably about 30 companies there at this museum in Bristol.
They all came together and they were like,
yeah, yeah, we'll take you on, you do this and do that,
and like a career roadmap and all that sort of stuff. they were like, yeah, yeah, we'll take you on. You do this and do that. It's a career roadmap
and all that sort of stuff. We did a
Capture the Flag, but I had no idea
how to do Capture the Flag. Obviously, I was just a script kid.
The whole time I was a script kid.
Capture the Flag is a legal hacking
challenge. A digital flag is hidden in the
computer and companies want to see if you can find
where it is by hacking into that computer.
Because if you can do it, it
kind of proves to companies that you know your stuff.
But beyond that, what Cam saw there was that all these companies were looking to hire IT
people.
And not just that, some were looking to hire teenagers.
But not just that, some had made a deal with the NCA to have reformed hackers do an apprenticeship
with their company.
And Cam fit this.
Being 18 years old at the time and a reformed hacker,
he picked up some information for a company that he could do an apprenticeship with.
So he became interested in taking on this apprenticeship for this IT company.
So essentially they were working with the NCA in partnership
to launch this cyber skills
apprenticeship program.
And that's also in collaboration with something called Hack, which is like a program they
set up to bring young hackers towards security and do bug bounties and stuff like that.
It wasn't like a major bug bounty scheme, but it was like paying them a few hundred
pounds to find bug bounties.
And it was easier to score with bug bounties rather than bug crowds and stuff like that.
But I didn't go into the pentesters that day.
They gave me an apprenticeship in networking security and then monitoring on the sim.
Cam got this apprenticeship with this company and they wanted him to look after their sim.
A sim stands for security Information and Event Manager.
Basically, this company had a lot of logs and alerts coming into this application and it was Cam's job to watch it and tell someone if something serious showed up on the screen.
It's a great experience for someone just starting out in security since you get to see a lot of alerts and get familiar with each of them.
But I want to pause here and just kind of underline something.
I think it's incredible that the UK tried to reform a teenage hacker.
To my knowledge, this kind of stuff just doesn't happen in the US.
As a teenager, if you get arrested for hacking,
chances are you're not going to be able to use a computer again for years.
And it's almost like the system is trying to steer you away from using computers ever again.
But in the UK, it's like they recognize
that some of these teenage hackers have some real talent
and just need some guidance to use it for good.
Cam liked this job he was doing, and he was doing well there.
It was good.
I actually, so we did like citizen monitoring,
firewall management.
We did actually quite a lot lot and it was very broad.
But I actually ended up leaving the apprenticeship.
I left the apprenticeship about 10 months in, out of the one year.
And that was due to a job offer I got here in Gloucester,
which is a different city to where I was before.
So the next job he tried to get was for a company called CSA.
So my name's Sean Tickle.
I'm the SOC manager at CSA, which is Cybersecurity Associates.
We're based in the UK primarily.
We do a lot of managed services, a lot of red team, blue team type stuff, you know, protecting clients.
Sean is Cam's new boss.
I can give you, do you want me to give you
the breakdown of like how we kind of onboarding him in the first place because it all kind of
came up in his interview yeah um so basically like we were doing a recruitment drive for some
analysts and cam kind of just came through um one of our recruiters who we knew and like the first
thing that hits about him was his like his passion for the industry like everything he spoke about was just
with such passion about like the latest technologies the latest process some of the
stuff that like in the industry that we always face like you know user error like senior c-level
executives just not getting security like that sort of stuff the sort of stuff that's kind of
part and parcel of the industry so it's really cool to talk to him about that then we always ask this one question which is
is there anything that may stop you from possibly being eligible for security clearance
and obviously with cam's past he spoke about it we weren't aware of it at that time
but like we we went through it all and basically when he was around 14 years old he um was
responsible he was responsible for quite a few
things but it's primarily it was the sea world ddos the way he explains it it's actually quite
funny like the kids always get a laugh out of it in that he um he ran the command to ddos them he
did it from and this is kind of what got me with Cam, like he wasn't just some kind of
black hat looking to extort
them or looking to just wreck them
for no reason. Obviously it was kind of a
hacktivist thing for him
because he didn't believe in obviously
SeaWorld's practices and all that
kind of horrible stuff they were doing
around that time
and kind of still doing.
And he DDoSed them and he took their website offline
all the rest of it but what he forgot to do was he fell asleep and he woke up to a blank term and
all think that the attack had stopped and it hadn't um went on for about four weeks i believe
he said until he realized what was going on and it cost him about £1.5 million or £1.3 million or whatever.
Not just in lost fees, obviously you've got to call in specialists and in active response and instant response and stuff like that.
So they took the hit there.
But then he said that's when it started getting wrong from a power hungry point of view.
He had a minor disagreement with a police officer once because they were in a park so he decided to
DDoS their entire website and take it offline and and I think that's when he started realizing he
was going wrong and this is all the stuff that he said like he said like looking back at it now he
he started making those errors and he really shouldn't have because they they didn't do
anything to him and obviously it's the police like people do need to get in touch with them
and that sort of stuff so and then this is all this all came out in one interview so it's quite full on this is interesting
because you know i've been in a couple interviews and if you were to ask me like what's a mistake
you've made in the past or what's the what you know what's a problem that we should know about
and he starts telling you about how he's been arrested and he did this
attack and this cyber attack and all this stuff like what are you thinking when you're listening
to him say this like okay nope or like what what's no actually i mean maybe i'm i'm one of the i find
it really interesting because for a lad of 14 to be able to do this sort of stuff was like
insane you know and he and he said and and what
got me if he said to me like oh yeah i just did it for for a laugh or something like that i would
have been like okay well he's just he's obviously not passionate he's just doing it for you know
kudos or whatever but because he did it obviously from like a hacktivist point of view i actually
started getting interested in it and then it was kind of the genuine kind of i really shouldn't have done this but yeah but like initially for
probably about the first five minutes i was probably like oh my god who've we who've we
got in on this call because the recruiter didn't know anything about it anyway you know and he we
blitzed through the technique because i was we do like a pretty rugged like two round interview process the first round which he was in is like super technical on like a whole array of stuff
and he blitzed every single thing like he did amazing and we were like oh my god this this is
it like we definitely need to get this guy in especially because cameron's 19 you know for him
to go through all this over this period of time he'd have to have been pretty young to do it.
Obviously, he came out, he was like 14.
But yeah, like, after that, and I think talking to him and saying to him,
like, well, you know, why did you do it?
What did you think about it?
Like, do you regret it?
And all the rest of the stuff that he kind of goes through your head at that point.
He showed, like, genuine remorse for it,
and that he shouldn't have done it.
Like, he had kind of the right way of going about it in terms of what sea world were doing but he had very much the wrong
methods you know and and that's what hit us with that yeah so i mean it was this the first hacker
you've hired oh yeah yeah for me um but that's that mainly comes from the company i'm with now
because a couple of the
companies i was with before they had it they didn't have this mentality you know and i think
that goes for a lot of companies like people don't give these sorts of hackers another chance
like like cameron was very lucky just to get his apprenticeship and and to then continue into the
industry um but also i wouldn't say it was lucky you
know for him to come to us because i think we were lucky to get him really because of just the sheer
amount of passion he's gotten just the technical skill this guy's gonna he's gonna do well in the
industry like i already knew that but i i was quite concerned that i had to kind of, I had to, I had to put this guy forward to my directors,
you know,
and it was pretty cool.
Like at the end of the day,
I joined CSA because of all the stuff that they do around cybersecurity as
well.
Cause I got sick of,
of constantly being so guarded with other companies and communities and that
sort of stuff.
Like they,
the old companies I was with,
they really garnered that sort of don't tell anyone anything like always look at for yourself type thing and and jamie and dave
the directors of csa the opposite of that they want to be involved you know so but i was still
like okay well i'm actually going to try and hire an ex-hacker here i don't know how cool they're
going to be about this you know but i i went to them and i said like listen this guy's
legit like he knows his stuff listen to his story and all the rest of it and and i'm sure you'll
agree and they did they like we had a quick chat with them all and it kind of reiterated his story
to them and they were the first to jump on board with it they actively encouraged it because they
wanted to not not only from a like,
oh yeah, it'll help us because
of his technical expertise. They wanted to kind of
give him that second chance and really get him
in, you know. I'm just kind
of flabbergasted by this. I mean,
I once was in an interview and I asked
if they validated parking
and I kind of lost sleep over this, wondering
if they just thought I was some poor
soul or something.
And here's Cam, not only saying he knocked out SeaWorld, but caused a million dollars in damages.
And he did it because he was passionate about animal welfare. And he hacked the police and also went to jail for this.
Well, somehow, despite all of that, it went great.
Cam got the job at CSA.
And it might be because of how much CSA likes helping the community.
Like, for instance,
they created this entire cool cyber zone area,
like this entire office just for kids.
Well, not kids, you know, like for students.
And they did it all off their own dime.
Like they invested like 20 grand into this.
Wow, 20 grand just for the architecture of it,
let alone all the equipment and all the rest of it.
Who invested in this?
CSA did.
They did it for the NCSC.
The NCSC came to them and said, like, we'd really love you to do something like this.
OK, so the NCSC is the National Cyber Security Center, which is a UK government organization simply there to help educate people
on cybersecurity. Cyberattack is now a critical threat to our national security.
The government has responded to this threat by doubling investment in cybersecurity,
creating a world-class national cybersecurity center, leading the UK's defense against cyber
attack. Together, we will make the UK the safest place to live and work in cyberspace.
Jeez, that's an ambitious mission.
And I think it's incredible that the UK government is driving this.
But yeah, the NCSE partnered with CSA to help hold classes
and teach students and teenagers more about cybersecurity. So this
makes CSA a pretty progressive company. And once Cam got a job at CSA, he told them about another
hacker he knows. He accidentally did credit card fraud. Both Cam and this guy Jack worked together
in their last job, and they were both there as an apprenticeship set up by the ncaa and so jack
applied to work at csa2 yeah he he went down a very similar route they were both on the same
apprenticeship and this is how we found out about jack because we were still continuing our
recruitment drive um and and obviously cameron knew him by association and was we were like oh
yeah of course yeah like we've hired one hacker what's what's two you know uh basically he stole like 7 000 credit card details and and databases that
are like around the world and i've always spoken to him about it because i find it fascinating
because he is very blasé about the whole situation like he talks about it in like a very matter of
fact way and it's really strange to hear like all of that but like he he said like i just
i did it because i could and i did it because they had bad security and i tell them about the
security and that sort of stuff and then i'd just go out so it's very gray hat ish he never he was
very explicit like he never used the credit cards like he never touched him he never touched them. He never did anything with them. He just saw them as like this. He just took them, you know.
Obviously, he got caught as well.
He got caught by, like, they had all this data on him,
and they couldn't catch him.
And then it turned out he used his card to pay for some virtual private server somewhere,
and they just kind of backtraced it from that eventually.
Like, he did it once, and that's how they got him which was you know fair play to the ncaa and the regional cybercrime
unit for that i tried to get jack on the show but he was just a little too hard for me to wrangle in
he definitely is he's got he's got burner phones and alternate email addresses and like i'm i'm
his manager and even i struggle to get in touch with him sometimes.
But during the interview, Sean asked Jack the same question as Cam.
The question is, like, we always ask it at the end,
and it's, is there anything that would stop you
from possibly being eligible for security clearance?
And obviously he hit us with this knowledge of,
yeah, I stole 7,000 credit card details.
And, like, he wasn't officially charged, thank God, because it turns out like Cam was charged, obviously, and had about five years of hell.
But Jack luckily didn't get charged because he was saying that every single one of those charges carried two years in prison and there's no limit so at one
point the lawyer the the prosecutor said to him like you're facing 14 000 years in prison and he
just laughed at that point which is pretty pretty ballsy really in that situation um but yeah not
like again he was telling us that story and i was sat with the same guy who was in cam's interview and we were like oh my god like where are we finding these people but like he
you have to take a chance like don't get me wrong like if he came to me and he was like yeah i used
them to go on the dark web or i used them to finance something i'd be like no straight away
because obviously he's in it for criminal gain jack and cameron they weren't they did it because they could ultimately and
they were probably a little bit misguided you know and that's why i think the the kind of the
stuff we were doing with the students are so important because you would like another one
of those like one of the students luckily we unluckily sorry we didn't get to him in time
but he ended up ddos in his school and you know they went down the police route and
he was he was 13 years old and you just think like it's just it's just not worth it really
so this was a potential student that was going to come take classes for the ncsc at your place but
didn't come actually come to take your guidance no unfortunately unfortunately not because he
couldn't he couldn't obviously because it because it happened before he was coming in.
And they only take certain year groups.
Like, we take whatever year group they want to give us, but they can only take certain ones.
And they were telling us about it, and they just said it was really unfortunate,
because he had such a knowledge base and that sort of stuff.
He just didn't know what to do with it, and he was just online all the time.
And there's no ethics there, you know,
like, there's no someone to tell you it's right or wrong
when you're reading tutorials or that sort of thing.
And that's where it was so important for us.
And it was, you know, it was unlucky, really,
that he didn't get that chance to talk to us.
But, yeah, but that's literally, like,
you couldn't hit the nail on the head any harder.
That's the sort of stuff that we need to protect against in future generations.
We need to get them on our side before they turn to black hat, you know.
Wow.
The UK is just so forward thinking on this.
By being proactive and trying to get young teenagers some guidance before they do something wrong is just so much more effective.
And it doesn't just stop there.
In 2017, the NCAA launched a boot camp to reform teenage hackers.
So when a teenager gets in trouble for hacking in the UK, they might get to go to this boot camp,
which is not there to scare them straight and to never use a computer again,
but instead it teaches them that their passions and skills are really in
demand right now, and you can have just as much fun doing it, but getting paid for it and being
legal at the same time. Here's an interview I found of some of these black hat teenagers who
went through it. I've learned what I could do, what courses I could take, how I can proceed about
going around to cyber security, what professions. Now I know that it exists, it sounds like something that I'd really, really like to go into
because you get the same rush, you get the same excitement,
but you're doing it for fun still, but it's legal and you get paid.
I found out my true passion was actually stopping those attacks from happening.
That's how I now get my enjoyment.
I stop them before they even happen.
Incredible, right?
Once again, nothing like this is in the US.
Teenagers who get in trouble for hacking get kicked out of school,
banned from using computers,
and have an extraordinarily hard time finding a computer job later.
But the UK is trying something different here,
leaning into the problem,
understanding that these kids really do have a passion and a skill that's helpful. And it's just a matter of rehabilitating them to become
more productive with these skills instead of destructive, or counseling them to be inspired
and use these skills for good. But I should mention that some of these programs are still
experimental in England. I'm not sure if this boot camp was just a pilot program
and stopped, or if it's still going on. There's not a lot of information about it. These programs
keep changing to try to figure out what the best way is of tackling these problems. Oh, and I should
say that apprenticeship program that Cam got into, which got him his first job, it's not just for
teenage criminal hackers. It can be used by non-criminals who want to get started in InfoSec, too.
And at CSA, through their Cyber First program, where they teach students about the dangers of cybersecurity,
they now have Cam get up and tell his story in front of these young teens.
Is Cam a role model or a cautionary tale?
He's turning into one. He is.
It's that lovely mix of both, isn't it?
You know, like, we try and hit him with, like, he answers, like, five questions.
And it's always like, who am I?
Why did I do it?
What were the implications?
You know, what did I learn from it?
You know, and that's all the stuff.
And, like, it starts off, and you can see that the students, like, they know it's serious when he starts talking about all the stuff
he's done because that's what we hit him with hard first and then they talk about like the fbi coming
after him the secret service wanting to extradite him you know like all of this stuff all the all
of the all the money he costs people and it's not just like it's sorry it's not just companies it's
like people's livelihoods you know like if they lose that amount of money they
have to lay people off or people you know like it happens it seems like cam has learned his lesson
from all this and doesn't want to get in trouble again because if it's the second time a second
straight oh i'm gone that's it i'm never gonna get back into the industry um obviously now as
well i can see like the damage it causes. So SeaWorld, people have lost jobs.
It costed SeaWorld $1.5 million as a result of my attacks.
That would have cost people jobs.
That means that they couldn't have fed their families and such.
The butterfly effect goes on.
That's the other reason as well.
It's just what I didn't see.
So it seems like this system works, huh?
Spend a little time and money on some of these troubled teens and presto change-o.
They become not only a productive person, but also an inspirational role model.
I feel kind of bad because essentially so essentially I'm 19 now,
and I'm obviously a senior soccer analyst.
So I won't skip past uni because I'm being arrested.
So people that have gone to uni are kind of going to feel that I've cheated it
and I've gone up because of where I've come from,
which is technically not a good thing.
So it's kind of like waving to people that,
do you know what I mean? Because of the apprenticeship.
The apprenticeship's like giving people this amazing opportunity for free
when they've done something bad.
I've never seen anyone harbour any resentment
against it. The team
love the guys.
We all get on well anyway.
We all do it like the company we're
with encourages loads of social events that they pay for and that sort of stuff. So we all go on well anyway we all do it like the the company we're with encourages loads of social
events and like that they pay for and that sort of stuff so we all go go karting and go out for
you know a drink and all the rest of it and so the team's really molded together anyway and i've
never seen any resentment i think they they appreciate it more because jack and cameron
always give back to them they always try and impart their knowledge. They always show them like the bigger picture when it comes to alert investigations or how to do something or some
kind of technical aspect that they're not quite getting their head around. And I think that makes
them like really appreciate the fact that those guys are there in the first place.
Wow, that's one way to diversify a team, right? Security is a game of cat and mouse. You have to know what the enemy knows and think like them so you can be a step ahead of them.
And who better to turn to than someone who's actually done that stuff?
So yeah, I think this kind of team will work out in the long run.
And now that I think of it, I've seen many criminals in the U.S.
actually get hired by U.S. authorities to help track and catch criminals.
Like there's art
forgers and scammers and counterfeiters and yeah, hackers, who felt remorse for what they've done
and now work with the police to help catch criminals. I like it. In this tech-focused world,
I think it's important to embrace it and not ban it. It's important to spend time and money
educating teenagers on cybersecurity and especially focus on the teens who use it as a weapon. Those are some of the really clever kids
who have a real passion for technology and other things. They don't always aim to do bad. They just
got wrapped up in the frenzy of it all. And I'm sure all of us as teenagers have been in the
battlefield of good versus evil. And it's not easy to be a teen.
Everyone has two sides, good and evil, and it's how you treat that person will determine what you see.
A big thank you to our guests this episode, Cam and Sean, who both work at CSA.
This show is made by me, the Royal Key Presser, Jack Recider.
Production assistance by Jeanette Beebe.
Sound design was done by His Grace, Duke Andrew Merriweather.
Editing help this episode by Her Highness Damien.
And our theme music is by the Earl of Melody, Breakmaster Cylinder.
And even though the F3 key on my keyboard hasn't done a single thing for 20 years,
this is Darknet Diaries.